Since version 2.3, WordPress has been vulnerable to a Host Header Injection attack in certain server environments. Over the years, there has been some discussion about fixing the vulnerability, but as of WP 4.9 (beta) nothing has been implemented. So to help those in the WP community who may be concerned (including myself), I developed a new security plugin that fixes the issue: Host Header Injection Fix (HHIF). Continue reading »
After months of hard work, I am excited to announce the launch of my new video course on developing WordPress plugins. It covers the entire process of building, securing, and optimizing your own plugins, including 50+ ready-to-go plugin demos and examples. The course is focused on developing plugins using the WP API and Standards. Covers basics and gets into advanced topics like HTTP API, REST API, and WP Cron. Truly packed with practical examples and techniques to help you create […] Continue reading »
This post contains overflow FAQs for the free version of User Submitted Posts (hosted at WordPress.org). I am moving a bunch of the FAQs to this post in order to clean up the plugin’s ever-growing readme.txt file. For FAQs about the Pro version of USP, check out USP Pro – FAQs & Presales over at Plugin Planet. Note that these FAQs are in no particular order. So without further ado.. Continue reading »
Welcome to the Quick Start Guide for the standalone PHP version of Blackhole for Bad Bots. This post basically is a condensed summary of the original Blackhole tutorial. So if you are new to the concept of blocking bad bots, check out the original tutorial. Otherwise, for those that are familiar, the following guide should simplify things and help you get started with Blackhole as quickly as possible. Continue reading »
As a professional web developer slash book author, I spend a LOT of time with email. Recently, I discovered that my email client does not provide some of the functionality that I require. So I set out on a mission to find something that works. Something better. Continue reading »
For some of my tutorials, I use the Atom Code Editor. It’s not as easy as Coda, but it does provide a LOT more flexibility in terms of configuration and customization. Over the last couple of years, I’ve collected a handful of useful tips and tricks for dialing in the perfect Atom environment. Well, perfect for my own needs — your mileage may vary. So without further ado, let’s jump into some sweet Atom tips. I update this post with […] Continue reading »
In general, redirecting URLs is a piece of cake with Apache’s .htaccess. The only trick is redirecting based on the URL’s query-string value. Doing so requires slightly different directives that many people are not aware of, so it’s common to see a questions like, “why isn’t my redirect working for query strings?” This quick tutorial aims to clear up any confusion and explains how to redirect any URL based on its query string. Continue reading »
When every byte counts, you can use the HTML <base /> tag to specify a default href and target attribute for all relative URLs on the page. Like a virtual shortcut. For smaller sites with a flat directory structure, this isn’t going to help much; but for sites with deeply nested directories, the <base /> tag can potentially shave a lot of extra weight from your web pages, and also help keep URLs cleaner and shorter. So if you’re micro-optimizing […] Continue reading »
Want to redirect a URL from one location to another? This simple guide shows you how to do it with Apache/.htaccess, PHP, JavaScript, HTML, and more. Each redirect technique is briefly explained and includes ready-to-go, copy-&-paste examples. Just grab the code you need and use it in good health. May the redirects be with you! Continue reading »
This tutorial explains how to detect and block security threats via .htaccess, and then pass that information to a PHP script for further processing. This is a powerful technique that combines the power of Apache with the flexibility of PHP. Enabling you to do things like log all unwanted traffic, send email reports for blocked requests, create a UI to display logged data, and just about anything else you can imagine. It’s an excellent way to keep a close eye […] Continue reading »
Email is sort of like the “glue” that holds the Internet together. But it’s the worst possible glue ever. It’s underlying technology is convoluted, complicated, insecure, tedious, sloppy, and archaic. In a nutshell: email sucks but it’s pretty much essential for working online. So what do you do if email is not working, like when you send an email but it never arrives? It can be very frustrating and difficult to figure out what went wrong. To help get you […] Continue reading »
Email support can be great or it can suck horribly. It’s a spectrum. For my own products and services, my average email response time is around 1 hour in general, and 5 minutes if I am online. Seriously, I am right there ready and glad to help anyone who needs it. Contrast that strategy to what seems to be the typical email support response time of an entire day or much longer. It’s just crazy to have to wait that […] Continue reading »
Taking a quick break to watch cyber attacks happening in real time. Continue reading »
WordPress responsive images are awesome. But some people want to use their own methods to implement. This post explains how to disable WordPress responsive image functionality so that you can use your own methods. It makes things easier when you don’t have to wrestle with what WordPress is doing. Continue reading »
I recently redesigned my .htaccess site, htaccessbook.com. Before the redesign, I was using bbPress for the forum functionality. It worked okay for a few years, but along the way there were all sorts of really nasty bugs and important things breaking. It seemed like, no matter what, each updated version of the bbPress plugin caused serious problems, like replies not working, permalinks changing, and all sorts of other issues. Eventually, I got tired of spending hours after each bbPress update […] Continue reading »
Redirecting stuff with .htaccess generally is pretty straightforward, but there can be a lot of confusion when it comes to targeting patterns that include numbers. I think this largely is due to the syntax used for matching numbers in regular expressions. It’s sort of unintuitive until you get the hang of it. So to help in that regard, this tutorial explains the basics of matching numbers with .htaccess, and then provides some useful examples that should get you there. Continue reading »