Save 25% on Wizard’s SQL for WP w/ code: WIZARDSQL
Web Dev + WordPress + Security
117 posts related to: Protect WordPress Media Files

Block Random String Comment Spam

Recently WordPress sites have been getting hammered with random-string comment spam. The attackers are clever, using random text strings for every vector except the payload, which usually is the URL used for the comment’s Name link. But for these weird comment spams, the apparent payload is the email address. It’s the only part of the comment that’s not made up of random gibberish. Continue reading »

DIY Server Uptime Monitor

There are many free (and commercial) uptime monitoring services that will alert you if your server goes offline. These services are popular because it’s mission critical to know when your sites are down. The sooner you know about it, the sooner you can scramble to get everything back online. I’ve tried other scripts and services but nothing that met my specific needs: simple, secure, lightweight and blazing fast. So decided roll my own DIY server status monitor and share it […] Continue reading »

Redirect Stupid Bots to Existing Resources

In case you hadn’t noticed, I’m on another one of my posting sprees. Going through the past year’s worth of half-written drafts and collected code snippets, and sharing anything that might be useful or interesting. Here is a bit of .htaccess that brings together several redirection techniques into a singular plug-&-play code snippet. Continue reading »

Simple Request Router via PHP and Apache/.htaccess

I’ve written many articles about how to redirect requests. Even so, I still get questions about how to set up a simple HTTP request router. As in you want to redirect or route all requests to some file or location. This is useful for building CMSs and scripts that handle traffic. For example, WordPress uses a simple request router when permalinks are enabled. For this tutorial, we’ll set this up using Apache/.htaccess and PHP. Continue reading »

New WordPress Plugin: Simple Download Counter

Simple Download Counter is a free WordPress plugin that does exactly what it says: counts the number of times your files are downloaded. SDC is designed for maximum ease of use. The goal is a clean, lightweight “set it and forget it” solution for keeping track of downloads. Simply add your files via the plugin settings and display download links via shortcodes. Simple Download Counter does the rest. Continue reading »

Enabling ModSecurity (Updated)

For years, I’ve not used ModSecurity for any of my own sites. Way back when I first tried ModSecurity, there were just too many false positives, so I stayed away from it, opting instead to develop my own fast Apache/.htaccess firewall. But my web host now is telling me that ModSecurity is required on all of their managed VPS plans. Continue reading »

Apache Redirect Range of IP Addresses (IPv4 and IPv6)

There are numerous ways to redirect requests using Apache’s mod_rewrite and mod_alias. This concise, friendly tutorial explains different ways to redirect a range of IP addresses, either IPv4 or IPv6. Continue reading »

Opt Out of Google FLOC for Site Visitors (One Line of Code)

Floc of Sheep

Google has another new thing they are doing, called FLOC (Federated Learning of Cohorts). It’s used to — surprise — track user activity across websites. Opting out ideally is handled by the user, who can customize their browser settings to disable FLOC while surfing around the Web. Beyond configuring your browser to opt-out of FLOC, you can disable it on any website with a single line of code. Continue reading »

Disable Apache mod_rewrite Rules in any Subdirectory

Let’s say you have some .htaccess rewrite rules in place using Apache’s mod_rewrite. By default if the rewrite rules are located in the root directory, they will be applied to every subdirectory, as expected. But what if you need to disable the rewrite rules so that they do not affect some specific sub-directory or sub-folder? This super quick tutorial shows the easiest way to do it. Continue reading »

7G Firewall for Nginx

7G Nginx

After several months of development, the official Nginx version of the 7G Firewall is out of beta and ready for public use. If you are not familiar with 7G Firewall, check out the documentation for the Apache/.htaccess version. The Nginx version of the 7G Firewall works the exact same way, so I won’t bother repeating everything here. The only difference is the implementation, how to set it up on an Nginx server, which is explained in this post. Continue reading »

7G Firewall: September 2020 Update

2020 September Sky

Pleased to announce that the 7G Firewall is updated to version 1.3 (September 3rd, 2020). Now available for download, 100% free and open-source as always. Continue reading »

Remove __MACOSX and .DS_Store from ZIP Files on Mac

[ The Cleaner ]

Zipping files on Apple/Mac is a chore because of all the hidden files and folders added by macOS. Like .DS_Store and __MACOSX are two of the most common files and folders that are added to zip files when compressed on macOS. The folder named __MACOSX especially is problematic because it contains duplicates of every file in the zip archive. So for example, if you use Finder to compress 20 files, the resulting zip file will contain the original 20 files, […] Continue reading »

7G Out of Beta

The 7G Firewall was released about a year ago as beta, and has had time now to mature/develop into a stable release. So this is just a heads up that 7G is now officially out of beta and ready for use in live/production environments. Continue reading »

7G Addon: Stop Aggressive Scanning for Uploads-Related Targets

Around the end of December 2019 and then now well into January of 2020, I’m seeing a massive spike in aggressive malicious scanning for uploads-related targets. In particular, there are massive numbers of requests for URL targets involving uploadify, plupload, and similar. Typical scans hitting upwards of 30K–50K requests per attack. Just relentless exploit scanning on steroids. Continue reading »

Stop WordPress from Changing .htaccess

[ Prevent WordPress Automatic .htaccess Modifications ]

In a recent tutorial, I explain how to Stop WordPress from modifying .htaccess. That post explains several ways to prevent WordPress from making changes to .htaccess. This post explains an even better way that is safe, effective, non-invasive, re-usable, and super simple. I’ve been using it on my own sites now for a few years and it works flawlessly. Continue reading »

Remove or Hide File Extension with .htaccess

A common question I get is how to change or hide file extensions using .htaccess. Apparently search engines prefer “pretty” permalink URL structures over query-strings and file extensions. This is one reason why WordPress provides an SEO-friendly permalink option for URLs; because it is preferred over the default plain query-string based format. From the Permalinks settings screen in the WordPress Admin Area: Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Wizard’s SQL for WordPress: Over 300+ recipes! Check the Demo »
Thoughts
DIY: Monitor File Changes via Cron working perfectly for over a decade.
Mastodon social is a trip. Glad I found it.
As a strict rule, I never use cache plugins on any of my sites. They cause more problems than they solve, imho. Just not worth it.
Currently on a posting spree :)
6 must come before 7.
My top three favorite-to-write coding languages: CSS, PHP, JavaScript.
If you’re not 100% sure that you can trust something, you can’t.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.