Latest TweetsWordPress and the Blank Target Vulnerability (aka rel noopener + noreferrer): perishablepress.com/wordpress-… #WordPress #security #html
Perishable Press

WordPress Plugins

Welcome to my growing collection of WordPress plugins. Most of these plugins are freely available at the WP Plugin Directory, and some are premium plugins available at Plugin Planet. My plugins strive for perfection, and feature excellent customer support. If you have any questions or feedback, reach me anytime via my contact form — I’m always glad to help.

USP: User Submitted Posts

WordPress Plugin: User Submitted Posts User Submitted Posts (USP) is a free WordPress plugin that enables your visitors to post content from the public side of your website. This is ideal for sharing sites, community sites, link sharing and such. The upload form uses clean markup and is easy to style, makes customizing easy via plugin settings page. Learn more about User Submitted Posts, check out the USP Demo, or download USP from the WP Plugin Directory:

USP Pro

WordPress Plugin: USP Pro USP Pro gives you fine-grained control to build the perfect forms for the front-end of your site. Easily create submission forms, registration forms, contact forms, forums, and everything in between. USP Pro provides robust features and advanced settings for user-submitted posts, user-registration, contact forms, forums, art-directed content, and much more.

BBQ: Block Bad Queries

WordPress Plugin: Block Bad Queries BBQ is a simple plugin that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution that works great for sites where .htaccess is not available. BBQ can be customized via whitelist & blacklist addons. Learn more about BBQ, or download from the WP Plugin Directory:

BBQ Pro

WordPress Plugin: BBQ Pro BBQ Pro helps keep your WordPress site safe and secure by blocking bad requests. This helps to conserve precious server resources like memory and bandwidth. BBQ Pro runs silently in the background, checking all incoming traffic and blocking any URI requests that contain nasty stuff like eval(, base64_, and other malicious nonsense. Pro version enables you to monitor results and customize the perfect WordPress firewall. Get BBQ Pro at Plugin Planet:

Banhammer

WordPress Plugin: Banhammer Pro Banhammer gives you full control over who and what may access your site. Visit the Armory to monitor traffic and review suspicious visitors. If you find some user or bot that is causing problems, you can ban them with a click. Or, if you just want to keep an eye on someone, you can flag them with a warning. Any banned users will be denied access to your site, until you restore access via the Tower. Learn more about the free version of Banhammer, or download from the WP Plugin Directory:

Banhammer Pro

WordPress Plugin: Banhammer Pro Banhammer Pro is a WordPress security plugin that enables you to monitor traffic and ban targets with a click. So you can protect against threats and increase site security. The Pro version gives you more banning power and awesome new features like whitelisting, bot detection, editable targets, and more. Even better, Banhammer Pro is lightweight, fast, and easy on resources. Learn more and get Banhammer Pro at Plugin Planet:

Contact Form X

WordPress Plugin: Contact Form X CFX: Contact form reinvented. Fast and friendly. Fresh and clean. Awesome for everyone :) Simply install, activate, and then display the Ajax-powered contact form anywhere, via widget, shortcode, or template tag. The perfect balance of functionality and features, Contact Form X gives you everything you want, nothing you don’t. Learn more about Contact Form X, or download from the WP Plugin Directory:

Disable WP REST API

WordPress Plugin: Disable WP REST API This plugin does one thing: disables the WP REST API for visitors who are not logged into WordPress. No configuration required. Super lightweight and fast: contains only 22 short lines of code (less than 2KB)! Learn more about Disable WP REST API, or download from the WP Plugin Directory:

WP Cron HTTP Auth

WordPress Plugin: WP Cron HTTP Auth This simple plugin enables WordPress Cron functionality on sites using HTTP Authorization. How to use: Visit the plugin settings, enter your HTTP Auth credentials, save changes, and done. Learn more about WP Cron HTTP Auth, or download from the WP Plugin Directory:

Enable Database Tools

WordPress Plugin: Enable Database Tools Enables you to optimize and repair InnoDB and MyISAM tables using WordPress built-in database tools. Literally could not be easier to optimize your WP database. Learn more about Enable Database Tools, or download from the WP Plugin Directory:

Disable Responsive Images

WordPress Plugin: Disable Responsive Images Completely disables WP responsive-image feature that was introduced in version 4.4. It is meant for people who know what they are doing and want to use their own responsive-image techniques. Learn more about Disable Responsive Images, or download from the WP Plugin Directory:

Disable Gutenberg

WordPress Plugin: Disable Gutenberg Heard of Gutenberg? Well this plugin completely disables the Gutenberg Editor, or disables for any post type or user role. So all users always will get the Classic Editor. Additional features include Disable Nag, and Hide Menu Item. Learn more about Disable Gutenberg, or download from the WP Plugin Directory:

Custom Fields for Gutenberg

WordPress Plugin: Gutenberg Custom Fields Restores the Custom Fields meta box on Gutenberg-related screens. Includes options to limit post types, exclude custom fields, exclude empty fields, exclude private/hidden fields, and more. Super useful if your site uses Custom Fields for any features or plugins. Easily add, edit, and delete custom fields attached to any post type. Learn more about Custom Fields for Gutenberg, or download from the WP Plugin Directory:

SES Pro

WordPress Plugin: SES Pro SES Pro enables you to manage your own email campaigns and newsletters with 100% shortcode-based, Ajax-powered signup forms. SES Pro is designed for smaller scale, DIY admins who want full control over email subscribers without relying on a 3rd-party service. Perfect for building your own lists of subscribers, create awesome emails with the visual editor, and send them for free. Features include SMTP support, HTML formatting, powerful subscriber management, and much more. Get SES Pro at Plugin Planet:

Prismatic

WordPress Plugin: Prismatic Prismatic is the only 3-in-1 syntax highlighter! Display beautiful code snippets with Prism.js, Highlight.js, or plain code escaping. Prismatic gives you granular control over syntax highlighting and escapes only the essentials to keep your site fast and code clean. Learn more about Prismatic or download from the WP Plugin Directory:

Blackhole for Bad Bots

WordPress Plugin: Blackhole for Bad Bots Add your own virtual Blackhole trap for bad bots. Blackhole for Bad Bots adds a hidden link to your pages. You then add a line to your robots.txt file that forbids bots from following the hidden link. Bots that ignore or disobey your robots rules will crawl the link and fall into the trap. Once trapped, bad bots are denied further access to your site. Learn more about Blackhole for Bad Bots or download from the WP Plugin Directory:

Blackhole Pro

WordPress Plugin: Blackhole Pro Blackhole Pro is the premium version of Blackhole for Bad Bots. Pro includes all features of the free version, plus advanced settings to control just about every aspect of the plugin. Pro features include custom warning & blocked messages, custom trigger link, custom email alerts, and a Geo/IP-powered Bot Log for viewing and managing bad bots. Get Blackhole Pro at Plugin Planet:

Dashboard Widgets Suite

WordPress Plugin: Dashboard Widgets Suite Dashboard Widgets Suite provides an entire set of awesome widgets that you can add to your WordPress Dashboard, including User Notes, Debug Log, System Info, Social Media, RSS Feed, and more. Each widget includes its own set of options for customizing display. Streamline your Admin Area by reducing the number of plugins required for widgets. Learn more about Dashboard Widgets Suite or download from the WP Plugin Directory:

Theme Switcha

WordPress Plugin: Theme Switcha Theme Switcha makes it easy to switch to an alternate theme for preview or development while visitors use the default theme. Only essential theme-switching features have been added, along with a simple yet informative UI. This gives you a consistent, quality theme-switching experience that you can optionally share with your visitors. Learn more about Theme Switcha or download from the WP Plugin Directory:

Simple Feed Stats

WordPress Plugin: Simple Feed Stats Simple Feed Stats (SFS) is a free alternative to Google’s Feedburner service. It tracks all of your WordPress feeds in all formats (RDF, RSS, Atom, et al), and displays complete feed statistics on the plugin settings page. Other features include multiple tracking methods, custom feed content, and several shortcodes to display your feed stats anywhere. Learn more about Simple Feed Stats, or download from the WP Plugin Directory:

Simple Custom Content

WordPress Plugin: Simple Custom Content Simple Custom Content (SCS) is a free WordPress plugin that makes it easy to add custom content to your posts and feeds. SCS gives you fine-grain control over content and excerpts in posts, pages, and feeds. Easy to customize everything via the plugin settings. Learn more about Simple Custom Content, or download from the WP Plugin Directory:

Simple Blog Stats

WordPress Plugin: Simple Blog Stats Simple Blog Stats provides a wealth of shortcodes and tags to display a variety of statistics about your site. SBS makes it easy to display your site’s statistics in posts, pages, and anywhere in your theme. Displays everything from total number of posts, comments, and categories to recent posts, comments, and much more. Learn more about Simple Blog Stats, or download from the WP Plugin Directory:

Simple Ajax Chat

WordPress Plugin: Show Support Ribbon Simple Ajax Chat displays a fully customizable Ajax-powered chat box anywhere on your site. SAC makes it easy for your visitors to chat with each other on your website. There already are a number of decent chat plugins, but I wanted one that is simple yet fully customizable with all the features AND outputs clean HTML markup for easy styling. Learn more about Simple Ajax Chat, or download from the WP Plugin Directory:

Show Support Ribbon

WordPress Plugin: Show Support Ribbon Show support for your favorite cause, event, charity, political event, or anything else that’s awesome. Show Support Ribbon includes four built-in ribbon styles and makes it easy to customize with your own CSS. Many features and simple to use! Learn more about Show Support Ribbon, or download from the WP Plugin Directory:

Head Meta Data

WordPress Plugin: Head Meta Data The Head Meta Data plugin is designed to complete a site’s head construct by including some of the more obscure meta tags, such as "author" and "copyright". This was one of the original plugins for customizing meta tags. Learn more about Head Meta Data, or download from the WP Plugin Directory:

GA Google Analytics

WordPress Plugin: Google Analytics Plugin There are a million GA plugins, but none that just work, plug-n-play, no-frills, and with clean code. So I wrote my own. The GA Google Analytics plugin adds the required GA tracking code to all of your pages, with options to disable in the Admin Area and/or for logged-in users. Supports Universal Analytics, Global Site Tag, Tracker Objects, IP Anonymization, Display Advertising, Force SSL, Google Optimize, et al. Learn more about GA Google Analytics, or download from the WP Plugin Directory:

HHIF: Host Header Injection Fix

WordPress Plugin: Host Header Injection Fix Since version 2.3, WordPress has been vulnerable to a Host Header Injection attack in certain server environments. Over the years, there has been some discussion about fixing the vulnerability, but as of WP 4.9 (beta) nothing has been implemented. So to help those in the WP community who may be concerned (including myself), I developed a new security plugin that fixes the issue: Host Header Injection Fix (HHIF). Learn more about HHIF, or download from the WP Plugin Directory:

Other Plugins

In addition to the plugins listed above, I develop a growing collection of extensions for my Pro plugins over at Plugin Planet. Check ’em out! :)

Jeff Starr
About the Author Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
Archives
[ Comments are closed for this post ]