Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security

8G Firewall Addon: Protect Against Rogue PHP File Attacks

Been getting hit with massive attacks on all sites. Very large VPN/proxy network. Relentless requests 24/7, thousands of requests every minute, just non-stop attacks. All URL requests targeting rogue PHP files. The attacks were weighing on precious server resources. Server held up fine but this nonsense needed to stop. So I wrote a tight little addon for my 8G Firewall. Blocks the entire attack with just a few clicks.. Continue reading »

Heavy Scans for Low-Hanging Fruit

I’ve been working on developing the 8G Firewall. Digging through log files and crunching the data, the big new trend I’m noticing is heavy scanning for easy targets, low hanging fruit. Bad actors are looking for any little hidden files stashed on your server. Mostly PHP files, also ZIP and RAR files, and other file formats commonly used for compressing and archiving content. Basically, anything that might contain useful information (like login credentials, database backups, email addresses, etc.). Also, 99% […] Continue reading »

BBQ Firewall – Count Blocked Requests

BBQ Firewall

BBQ Firewall is built to be powerful, lightweight, fast and flexible. It’s code base is kept super lean, leaving extra functionality out of core while supporting new features via simple addons. For example, this tutorial shows how to use an addon to display the total number of blocked HTTP requests on the plugin settings page. This can help you get a basic idea of the plugin’s effectiveness. Continue reading »

Enable Logging for nG Firewall

This tutorial is for users of my nG Firewall, version 8G or better. It explains how to enable logging for all blocked requests. This is useful for testing, debugging, and keeping an eye on things. Takes only a few minutes to set up, and of course it’s all open source and 100% free for everyone :) Continue reading »

8G Firewall

After more than a year of beta testing, 8G Firewall is ready for use on production sites. So you can benefit from the powerful protection provided by the latest evolution of the nG Firewall (aka nG Blacklist). The 8G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. 8G is a lightweight (only 17KB) strong firewall that provides site security and peace of mind. […] Continue reading »

About nG Firewall

The nG Firewall is a carefully crafted set of security rules for Apache and Nginx servers. nG may be applied via your site’s public root .htaccess file, or added via server configuration file. Once added, 8G provides powerful server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. It’s a lightweight yet super strong firewall that improves site security and peace of mind. Continue reading »

Block Random String Comment Spam

Recently WordPress sites have been getting hammered with random-string comment spam. The attackers are clever, using random text strings for every vector except the payload, which usually is the URL used for the comment’s Name link. But for these weird comment spams, the apparent payload is the email address. It’s the only part of the comment that’s not made up of random gibberish. Continue reading »

DIY Server Uptime Monitor

There are many free (and commercial) uptime monitoring services that will alert you if your server goes offline. These services are popular because it’s mission critical to know when your sites are down. The sooner you know about it, the sooner you can scramble to get everything back online. I’ve tried other scripts and services but nothing that met my specific needs: simple, secure, lightweight and blazing fast. So decided roll my own DIY server status monitor and share it […] Continue reading »

Redirect Stupid Bots to Existing Resources

In case you hadn’t noticed, I’m on another one of my posting sprees. Going through the past year’s worth of half-written drafts and collected code snippets, and sharing anything that might be useful or interesting. Here is a bit of .htaccess that brings together several redirection techniques into a singular plug-&-play code snippet. Continue reading »

Simple Request Router via PHP and Apache/.htaccess

I’ve written many articles about how to redirect requests. Even so, I still get questions about how to set up a simple HTTP request router. As in you want to redirect or route all requests to some file or location. This is useful for building CMSs and scripts that handle traffic. For example, WordPress uses a simple request router when permalinks are enabled. For this tutorial, we’ll set this up using Apache/.htaccess and PHP. Continue reading »

Why is there no 7G WordPress Plugin?

I have thought a lot about making an nG WordPress plugin. The problem is that writing to .htaccess via PHP/plugin is risky with lots of ways to fail and make users confused and angry. And nobody wants that, in fact just the opposite: my plugins strive to give users the most awesome experience possible. Continue reading »

Enabling ModSecurity (Updated)

For years, I’ve not used ModSecurity for any of my own sites. Way back when I first tried ModSecurity, there were just too many false positives, so I stayed away from it, opting instead to develop my own fast Apache/.htaccess firewall. But my web host now is telling me that ModSecurity is required on all of their managed VPS plans. Continue reading »

Protect WordPress Media Files

[ Protect WordPress Media Files ]

This is an experimental technique that I am playing with. It’s the simplest possible way that I could think of to protect all files in the WordPress Media Library using only Apache/.htaccess. I’ve been testing the code on an image-heavy site and so far there are no issues. So I want to put the code out there for others to test and hopefully provide feedback if anything less than perfect. It’s a super simple method that prevents media files from […] Continue reading »

Apache Redirect Range of IP Addresses (IPv4 and IPv6)

There are numerous ways to redirect requests using Apache’s mod_rewrite and mod_alias. This concise, friendly tutorial explains different ways to redirect a range of IP addresses, either IPv4 or IPv6. Continue reading »

Opt Out of Google FLOC for Site Visitors (One Line of Code)

Floc of Sheep

Google has another new thing they are doing, called FLOC (Federated Learning of Cohorts). It’s used to — surprise — track user activity across websites. Opting out ideally is handled by the user, who can customize their browser settings to disable FLOC while surfing around the Web. Beyond configuring your browser to opt-out of FLOC, you can disable it on any website with a single line of code. Continue reading »

Disable Apache mod_rewrite Rules in any Subdirectory

Let’s say you have some .htaccess rewrite rules in place using Apache’s mod_rewrite. By default if the rewrite rules are located in the root directory, they will be applied to every subdirectory, as expected. But what if you need to disable the rewrite rules so that they do not affect some specific sub-directory or sub-folder? This super quick tutorial shows the easiest way to do it. Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
BBQ Pro: The fastest firewall to protect your WordPress.
Thoughts
I disabled AI in Google search results. It was making me lazy.
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.