Super pumped to finally launch Head Meta Pro! This is the premium/pro version of the free plugin hosted at WordPress.org, Head Meta Data. While the free version is great and serves many sites, there are more features that I wanted to add, like complete support for all the different page-views generated by WordPress. So with the free version, you can define one set of meta tags for the entire site. With the pro version, you can define unique sets of […] Continue reading »
More than you might think, AI (Artificial Intelligence) and ML (Machine Learning) bots are crawling your site and scraping your content. They are collecting and using your data to train software like ChatGPT, OpenAI, DeepSeek, and thousands of other AI creations. Whether you or anyone approves of all this is not my concern for this post. The focus of this post is aimed at website owners who want to stop AI bots from crawling their web pages, as much as […] Continue reading »
Good news! The 8G Firewall is updated to version 1.4. This latest update resolves numerous false positives and bugs that have been reported since version 1.3, when 8G was taken out of beta and officially launched last year. Continue reading »
I enjoy sharing the pathetic phishing emails that make it past my spam filters. After watching various waves of phishing campaigns come and go over the past 20 years, I have come to accept that it’s just a part of life on the Web. Phishing scams have been happening since the dawn of the Internet, with no signs of stopping anytime soon. About the best you can do is practice safe email handling practices and never open any links or […] Continue reading »
Quick tip for my free WordPress plugin, Simple Download Counter. SDC is optimized for successful downloads in most server environments, but there always is an exception to the rule. For example, on some servers, a download’s content-length header may be calculated incorrectly for GZIP and possibly other file formats. This tutorial explains how to define your own headers for downloads when using Simple Download Counter, so you can dial in perfect downloads for any server configuration. Continue reading »
Been getting hit with massive attacks on all sites. Very large VPN/proxy network. Relentless requests 24/7, thousands of requests every minute, just non-stop attacks. All URL requests targeting rogue PHP files. The attacks were weighing on precious server resources. Server held up fine but this nonsense needed to stop. So I wrote a tight little addon for my 8G Firewall. Blocks the entire attack with just a few clicks.. Continue reading »
I’ve been working on developing the 8G Firewall. Digging through log files and crunching the data, the big new trend I’m noticing is heavy scanning for easy targets, low hanging fruit. Bad actors are looking for any little hidden files stashed on your server. Mostly PHP files, also ZIP and RAR files, and other file formats commonly used for compressing and archiving content. Basically, anything that might contain useful information (like login credentials, database backups, email addresses, etc.). Also, 99% […] Continue reading »
BBQ Firewall is built to be powerful, lightweight, fast and flexible. It’s code base is kept super lean, leaving extra functionality out of core while supporting new features via simple addons. For example, this tutorial shows how to use an addon to display the total number of blocked HTTP requests on the plugin settings page. This can help you get a basic idea of the plugin’s effectiveness. Continue reading »
My free WordPress plugin, Disable WP REST API, disables the REST API for all users who are not logged in to WordPress. So if you’re using a plugin such as Contact Form 7 that requires the REST API, it’s not going to work if Disable WP REST API is active on site. But there is a way to make it work. This quick tutorial explains how to set it up in two steps. Continue reading »
This tutorial is for users of my nG Firewall, version 8G or better. It explains how to enable logging for all blocked requests. This is useful for testing, debugging, and keeping an eye on things. Takes only a few minutes to set up, and of course it’s all open source and 100% free for everyone :) Continue reading »
After more than a year of beta testing, 8G Firewall is ready for use on production sites. So you can benefit from the powerful protection provided by the latest evolution of the nG Firewall (aka nG Blacklist). The 8G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. 8G is a lightweight (only 17KB) strong firewall that provides site security and peace of mind. […] Continue reading »
The nG Firewall is a carefully crafted set of security rules for Apache and Nginx servers. nG may be applied via your site’s public root .htaccess file, or added via server configuration file. Once added, 8G provides powerful server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. It’s a lightweight yet super strong firewall that improves site security and peace of mind. Continue reading »
Recently WordPress sites have been getting hammered with random-string comment spam. The attackers are clever, using random text strings for every vector except the payload, which usually is the URL used for the comment’s Name link. But for these weird comment spams, the apparent payload is the email address. It’s the only part of the comment that’s not made up of random gibberish. Continue reading »
I use domain-based emails for 99% of my email activity. The other 1% is comprised of assorted 3rd-party email services and temporary slash disposable addresses (like for testing purposes and one-off sign-ups, etc.). I can tell you whole-heartedly based on 20+ years working online that self-hosted email is THE WAY to go. Continue reading »
There are many free (and commercial) uptime monitoring services that will alert you if your server goes offline. These services are popular because it’s mission critical to know when your sites are down. The sooner you know about it, the sooner you can scramble to get everything back online. I’ve tried other scripts and services but nothing that met my specific needs: simple, secure, lightweight and blazing fast. So decided roll my own DIY server status monitor and share it […] Continue reading »
Your website’s robots.txt file probably contains some rules that tell compliant search engines and other bots which pages they can visit, and which are not allowed, etc. In most of the robots.txt files that I’ve looked at, all of the Allow and Disallow rules are applied to all user agents. This is done with the wildcard operator, which is written as an asterisk *, like this: User-agent: * This site’s robots.txt file provides a typical example. All of the allow/disallow […] Continue reading »
