Whether you like it or not, there are scripts and bots out there hammering away at your sites with endless HTTP “POST” requests. POST requests are sort of the opposite of GET requests. Instead of getting some resource or file from the server, data is being posted or sent to it. To illustrate, normal surfing around the Web involves your browser making series of GET requests for all the resources required for each web page. HTML, JavaScript, CSS, images, et […] Continue reading »
I woke up this morning to the sound of thousands of 404 requests hitting the server. It’s sad that there are kiddies out there who have nothing better to do than buy some pathetic $50 script and then sit there like an imbecile harassing people for hours on end. But alas, that is the world we live in — fortunately it’s less than trivial to block the entire scan with just a few lines of good old .htaccess. Continue reading »
After months of deleopment and a low-key “soft-launch”, I’m pleased to announce my first premium WordPress plugin, USP Pro, the supercharged version of my free WP plugin, User Submitted Posts. USP Pro enables you to create and customize infinitely many front-end forms and display them anywhere on your WordPress-powered site. Continue reading »
Just a quick post with some tips for troubleshooting and testing HTTP requests. For example, if you have a plugin that sends requests behind the scenes via Ajax or cURL or whatever, it’s nice to have a way to view request details such as headers, the response, and everything in between. This article is aimed primarily at WordPress users, but contains more general tips and tricks as well. Continue reading »
Over the past several months, I’ve assembled a “micro” blacklist to keep some recent threats at bay. Eventually, this will be integrated into the next nG Blacklist, but for now I just wanted to post and share with anyone else who is actively monitoring their server logs and aware of the recent spike in malicious activity. Continue reading »
shapeSpace is the starter WordPress theme that I use to build sites like Plugin-Planet.com and DigWP.com. I use it because it includes all of the most commonly used template tags and a minimal amount of clean markup. Additonally, shapeSpace includes a robust set of custom functions that make it easy to add and modify theme features and functionality. Continue reading »
As mentioned, I’ve been super busy updating stuff, and have new versions available for Digging Into WordPress, .htaccess made easy, and The Tao of WordPress. To celebrate the updates, I’m having a “Fall Sale” on all books, with combo deals available for bundled books. Continue reading »
It may not seem like it, but I’ve been super busy updating books, plugins, and websites with all sorts of new goodness. I just finished updating all of my free WordPress plugins that are hosted at the WordPress Plugin Directory. Here is a complete list: Continue reading »
In this tutorial I am going to show you how to build a jQuery accordion menu from scratch. Most of the time it is possible to create very functional website navigations with just CSS, but this time we are going to need a little jQuery magic to accomplish the accordion functionality. For this tutorial I am going to assume that you have some experience with HTML and CSS. I will go over all the code, but the main focus of […] Continue reading »
shapeSpace is the starter template that I use for creating my own WordPress themes and WordPress–powered sites. Over the years, the shapeSpace theme has evolved with WordPress, striking what I find to be a good balance between utility, flexibility, and performance. shapeSpace is basically a starter theme that combines a robust set of theme functions with a lightweight set of template files. It’s a “premium” starter template that’s clean, current, and 100% free and open source (via GPL License). Continue reading »
If you’re displaying floated images in your posts, you may notice that margins of lists and other block-level elements seem to “collapse”, as shown in this screenshot from the 2013 redesign: Continue reading »
I’m getting back into the swing of things around here, now stepping it up with a new design, new tools, and lots of updated (and new) content, demos, scripts, and more. Here is a quick rundown of the new design and updated projects.. Continue reading »
Another update! This time to the vanilla/PHP version of my Ajax Error Log. As with the new WordPress version, this update improves the script’s design, performance, and security. Continue reading »
New version of Ajax-Powered Error Logs for WordPress now available for download. The functionality is the same, but the script is rewritten for better design, performance, and security. Continue reading »
The 2013 User Agent Blacklist blocks hundreds of the worst bots while ensuring open-access for normal traffic, major search engines (Google, Bing, et al), good browsers (Chrome, Firefox, Opera, et al), and everyone else. Compared to blocking threats by IP, blocking by user-agent is more effective as a general security strategy. Although it’s trivial to spoof any user agent, many bad requests continue to report user-agent strings that are known to be associated with malicious activity. For example, the notorious […] Continue reading »
When time allows, I like to post my collections of the worst IP addresses for the current year. Certainly, there are pros and cons to using an IP blacklist. In general, IPs are easily spoofed, change frequently, and are therefore unreliable as a general security strategy. But as a short-term solution, IP blacklists serve as an excellent method for dealing with specific and/or ongoing threats and attacks. Continue reading »