When I spend time on something, like an interview, I like to know that it was actually published somewhere. Below is an interview that I completed for a web-hosting company that apparently now is missing in action. It covers how I got into web development, upcoming projects, web security, work flow, writing books, WordPress, and more.. Continue reading »
WordPress 5.7 features a new Robots API that provides filter-based control over the robots meta tag. So if your site is running WordPress 5.7 or better, you will notice a new <meta /> tag included in the <head></head> section of your web pages. By default, the meta tag added by WordPress has a value of max-image-preview:large, which is fine IF it is the only robots meta tag on the page. If your site already has its own meta robots tag, […] Continue reading »
I’ve been testing the beta for WordPress 5.7. So far no complaints but there is one weird thing it looks like they are adding, some weird 4-pixel width border that displays when you hover over any item(s) on the main WordPress menu. It’s even got a transition animation to make it feel extra wonky. Here is a screenshot for those who have not yet had the pleasure of experiencing the new stylez (look on the left-hand side of the menu, […] Continue reading »
Have you ever wanted to make a WordPress site private? So that only specific users are allowed access? For example, for my found-images site eChunks.com, I decided to require user login in order to access any content. So now for that site, public access is not allowed, and any posts, images, and all other content is available only to logged-in users. This tutorial explains four ways to make a WordPress site private or members only, so that only authenticated/trusted users […] Continue reading »
Launching a free plugin to disable the new Application Passwords feature introduced in WordPress version 5.6. The plugin is one line of code. Install and activate to completely disable all of the Application Passwords functionality. To re-enable all Application Passwords, simply deactivate/uninstall the plugin. Easy peasy. Continue reading »
BBQ Firewall is a lightweight, super-fast plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong Apache/.htaccess firewall. Continue reading »
WordPress 5.5 and beyond features built-in sitemaps that are enabled by default. For new users and sites this may be a good thing. Now users don’t have to bother with thinking about how to implement a sitemap. Like with Privacy control, WordPress just does it for you automagically. BUT for the millions of sites that already have a sitemap thanks to any of the excellent and free sitemap plugins — that’s like maybe 5–10 million websites — well congratulations you […] Continue reading »
Whenever you upload an image using the Media Library, WordPress automatically creates a set of alternate-size images. The number and size of these auto-generated images continues to grow each year, as WordPress tries to keep up with increasingly hi-resolution screen sizes. For many WordPress-powered websites, the extra media sizes enable WordPress to serve images responsively and that’s a good thing. But for some WordPress sites, all the extra images simply are not necessary. In some cases downright wasteful. And that’s […] Continue reading »
WordPress 5.5 brings some cool new features, including built-in support for lazy-loading images. So whether you want it or not, WordPress will add a new “loading” attribute to all of your images. That way supportive browsers will be able to load your images as the user scrolls the page, instead of trying to load everything at once. It’s a popular front-end technique that may help to boost performance a little bit. Like anything else, there are pros and cons to […] Continue reading »
I’ve written before about protecting against malicious POST requests using Apache/.htaccess. In this tutorial, we’ll look at how to modify GET and POST requests using PHP and some core WordPress functionality (with no .htaccess required). Normally you would want to manipulate URI requests at the server level, but that’s not always possible (like on shared hosting). So in those cases where you want to modify GET, POST, or other types of requests on a WordPress site, check out the following […] Continue reading »
As you may know, WordPress creates numerous copies of all images uploaded via the WP Media Library. These additional images are generated in various sizes, depending on your settings and other factors. This may be totally fine in general, but if you are working with lots of images on your site, the extra files can really eat up your disk space. This can be wasteful, specially if your site does not make use of all the extra images. So to […] Continue reading »
Want to keep comments open on a few old posts? This plugin is for you. It does one thing and does it well: it overrides the WordPress setting, “Automatically close comments on articles older than x days”. So you can leave comments open for any individual posts that may have passed the deadline. I actually wrote this plugin for use here at Perishable Press. Normally comments are closed after 90 days, but there are a few old posts for which […] Continue reading »
In a recent tutorial, I explain how to Stop WordPress from modifying .htaccess. That post explains several ways to prevent WordPress from making changes to .htaccess. This post explains an even better way that is safe, effective, non-invasive, re-usable, and super simple. I’ve been using it on my own sites now for a few years and it works flawlessly. Continue reading »
There are all sorts of plugins that you can use to monitor and protect the WordPress Login Page. That’s not what this post is about. This post is aimed at developers and DIY site admins, who like to keep a close eye on site activity. Talking hands-on with code. How familiar are you with the traffic hitting your WP Login Page? Do you know the difference between a brute-force attack and legitimate login requests? The WP Login Page (wp-login.php) is […] Continue reading »
Quick tutorial for my Dashboard Widgets Suite plugin. This post explains how to customize the DWS widget names on the Dashboard. Normally each DWS widget displays the widget name along with “Widgets Suite” and a little gear icon that links to the plugin settings. Several users have asked if there is a way to change the text, specifically how to remove the extra text and gear icon. So this article explains how to do it as of Dashboard Widgets Suite […] Continue reading »
WordPress provides the wp_headers filter hook and send_headers action hook to add and modify HTTP requests. For front-end pages, these are ideal hooks that should be used whenever possible. Unfortunately however neither hook works on all pages in the WordPress Admin Area. After some experimentation, I found an easy solution to modify HTTP headers on any/all pages in the Admin Area. Continue reading »