Welcome to the new design! Please report any bugs or issues, thanks :)
Web Dev + WordPress + Security

7G Out of Beta

The 7G Firewall was released about a year ago as beta, and has had time now to mature/develop into a stable release. So this is just a heads up that 7G is now officially out of beta and ready for use in live/production environments. Continue reading »

7G Addon: Stop Aggressive Scanning for Uploads-Related Targets

Around the end of December 2019 and then now well into January of 2020, I’m seeing a massive spike in aggressive malicious scanning for uploads-related targets. In particular, there are massive numbers of requests for URL targets involving uploadify, plupload, and similar. Typical scans hitting upwards of 30K–50K requests per attack. Just relentless exploit scanning on steroids. Continue reading »

WordPress Plugin: Override Comment Options

[ Override Comment Options ]

Want to keep comments open on a few old posts? This plugin is for you. It does one thing and does it well: it overrides the WordPress setting, “Automatically close comments on articles older than x days”. So you can leave comments open for any individual posts that may have passed the deadline. I actually wrote this plugin for use here at Perishable Press. Normally comments are closed after 90 days, but there are a few old posts for which […] Continue reading »

Custom Widget Names with Dashboard Widgets Suite

[ Dashboard Widgets Suite - Default Widget Names ]

Quick tutorial for my Dashboard Widgets Suite plugin. This post explains how to customize the DWS widget names on the Dashboard. Normally each DWS widget displays the widget name along with “Widgets Suite” and a little gear icon that links to the plugin settings. Several users have asked if there is a way to change the text, specifically how to remove the extra text and gear icon. So this article explains how to do it as of Dashboard Widgets Suite […] Continue reading »

How to Block IPs with 6G Firewall

This quick post is aimed at users of the 6G Firewall. The latest 6G update removes the IP-address blocking section to improve firewall compatibility and implementation. So now with the IP section removed, you may be asking “how to block an IP address with 6G?” Well good news, this tutorial explains how to do it. Continue reading »

ALL Security is Security Thru Obscurity

[ Stormtroopers Keeping Things Secure. ]

ob·scure /əbˈskyo͝or/ adjective 1. not discovered or known about; uncertain. In the purely literal sense, the concept of obscurity applies to every transaction on the Web. The HTTP request knows not, nor could possibly know, the actual response it will receive from the server. There is only expected response. Online nothing is certain until it is. Continue reading »

7G Firewall : Log Blocked Requests

[ 7G Firewall (Beta) ]

This tutorial explains how to log requests that are blocked by the 7G Firewall. This is useful for testing, debugging, and just keeping an eye on things. Learn how to log requests from Apache mod_rewrite and download my custom 7G logging script. It’s a complete example that shows how to log rewrite requests via PHP. All open source and free :) Continue reading »

7G Firewall

[ 7G Firewall (Beta) ]

The 7G Firewall is here! 7G is now out of beta and ready for production sites. So you can benefit from the powerful protection of the latest nG Firewall (aka nG Blacklist). The 7G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. Continue reading »

Ultimate Comment Blacklist for WordPress: How to Stop Spam Without Plugins

[ WordPress Ultimate Comment Blacklist ]

How do YOU stop comment spam? If you’re like a lot of WordPress users, you just grab another plugin or two and call it good. I mean after all, plugins like Akismet work great at stopping spam. The only downside is that, well, you’re relying on another plugin. And that’s fine for folks who just wanna “get ’er done”, although each active plugin requires additional maintenance and server resources. Continue reading »

Automatic IP Blacklist

[ Automatic IP Blacklist ]

Recently a reader going by the name of Rock Star sent me a cool little PHP script that automatically updates your site’s .htaccess with a current list of bad IP addresses. This is useful because it gives you better “real time” protection against attacks and malicious requests. This tutorial shares the code and explains how to implement in two easy steps. Continue reading »

Enable PHP fsockopen with CSF

[ Mr. PHP fsockopen CSF ]

Recently started some sites with Liquid Web hosting, everything going extremely well all around. There was one hiccup (at least for me) where PHP’s fsockopen was not working. At the time, I was trying to figure out why the Whois Lookup feature used by Blackhole Bad Bots was not working. Initial investigation revealed that fsockopen() external HTTP requests were getting blocked somewhere. Everything else worked, including making the requests via cURL. Continue reading »

Activate WordPress Plugins via the Database

Recently a reader named Chris asked, “how can we turn ON a plugin from the database?” He mentioned reading my previous article, Quickly Disable or Enable All WordPress Plugins via the Database, but for circumstantial slash technical reasons needed to do the opposite and enable a plugin directly via the WordPress database. I thought it was an interesting question that might actually be useful to discuss here at Perishable Press. Continue reading »

404 Fix: Block Nuisance Requests for Non-Existent Files

[ Han Solo shutting up C-3PO in Empire Strikes Back ]

As I’ve written before, blocking nuisance requests can help save you money by cutting down on wasted server resources, memory, and so forth. It also saves you time, as your server access and error logs won’t be full of nuisance request spam. So you will have more resources and time for things that matter, like running your business, helping customers, improving code, etc. So to continue the proud tradition of blocking malicious traffic, this post builds upon previous blocking techniques […] Continue reading »

Blocking the “ReallyLongRequest” Bandit

[ Sneaky Bandit ]

While browsing server logs, I kept seeing these super long request URIs that begin with “YesThisIsAReallyLongRequest…” and then the request string just keeps going for like 1 kilobyte worth of characters. Not just a few times, but many. In other words, somebody is going around and repeatedly hitting servers with gigantic-size requests. Probably to test server response using other people’s servers. Ummm, yeah kinda malicious. So I did some research and then blocked the “ReallyLongRequest” Bandit. Continue reading »

WP Cron HTTP Auth

[ WP Cron HTTP Auth ]

Welcome to the official homepage for my free WordPress plugin, WP Cron HTTP Auth. This page explains what the plugin does, how it works, and where to download and get support. The plugin actually is very simple, however, so there is not a lot to explain. If you are looking for plugin documentation, visit WP Cron HTTP Auth at WordPress.org. There you will find installation steps, support forum, translation tools, and more. Continue reading »

WordPress Plugin: Disable WP REST API

[ Disable WP REST API ]

Welcome to the official homepage for my free WordPress plugin, Disable WP REST API. This page explains what the plugin does, how it works, how to test the plugin, and why anyone would anyone on earth want to disable the REST API, for crying out loud, all explained on this page. If that sounds like you, you’re in the right place. If you are looking for plugin documentation, visit Disable WP REST API at WordPress.org. There you will find installation […] Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
.htaccess made easy: Improve site performance and security.
Thoughts
Playing the long game.
They have weaponized the idiots.
Good software never steals focus from the user. Even during startup.
After 10 years running my own business, I still manage schedules and tasks using old school post-it notes, sometimes simple sometimes very elaborate.
You know those sites, where you're trying to just grab a quick bit of information but the page is shifting all over the place as it loads up 3 million advertisements.
Selling two of my top WordPress domains, wp-zen.com & zen-wp.com $300 for both. Aged 9 years. Drop a line if interested.
Never force your users to type out a password (or any long string of characters) by blocking the paste function. Typing long strings leads to MORE errors than simple copy/paste.