Save 25% on Wizard’s SQL for WP w/ code: WIZARDSQL
Web Dev + WordPress + Security
77 posts related to: Enabling ModSecurity (Updated)

Protect WordPress Media Files

[ Protect WordPress Media Files ]

This is an experimental technique that I am playing with. It’s the simplest possible way that I could think of to protect all files in the WordPress Media Library using only Apache/.htaccess. I’ve been testing the code on an image-heavy site and so far there are no issues. So I want to put the code out there for others to test and hopefully provide feedback if anything less than perfect. It’s a super simple method that prevents media files from […] Continue reading »

Opt Out of Google FLOC for Site Visitors (One Line of Code)

Floc of Sheep

Google has another new thing they are doing, called FLOC (Federated Learning of Cohorts). It’s used to — surprise — track user activity across websites. Opting out ideally is handled by the user, who can customize their browser settings to disable FLOC while surfing around the Web. Beyond configuring your browser to opt-out of FLOC, you can disable it on any website with a single line of code. Continue reading »

7G Firewall for Nginx

7G Nginx

After several months of development, the official Nginx version of the 7G Firewall is out of beta and ready for public use. If you are not familiar with 7G Firewall, check out the documentation for the Apache/.htaccess version. The Nginx version of the 7G Firewall works the exact same way, so I won’t bother repeating everything here. The only difference is the implementation, how to set it up on an Nginx server, which is explained in this post. Continue reading »

7G Firewall: September 2020 Update

2020 September Sky

Pleased to announce that the 7G Firewall is updated to version 1.3 (September 3rd, 2020). Now available for download, 100% free and open-source as always. Continue reading »

7G Out of Beta

The 7G Firewall was released about a year ago as beta, and has had time now to mature/develop into a stable release. So this is just a heads up that 7G is now officially out of beta and ready for use in live/production environments. Continue reading »

7G Addon: Stop Aggressive Scanning for Uploads-Related Targets

Around the end of December 2019 and then now well into January of 2020, I’m seeing a massive spike in aggressive malicious scanning for uploads-related targets. In particular, there are massive numbers of requests for URL targets involving uploadify, plupload, and similar. Typical scans hitting upwards of 30K–50K requests per attack. Just relentless exploit scanning on steroids. Continue reading »

How to Modify GET and POST Requests with WordPress

[ POST Requests ]

I’ve written before about protecting against malicious POST requests using Apache/.htaccess. In this tutorial, we’ll look at how to modify GET and POST requests using PHP and some core WordPress functionality (with no .htaccess required). Normally you would want to manipulate URI requests at the server level, but that’s not always possible (like on shared hosting). So in those cases where you want to modify GET, POST, or other types of requests on a WordPress site, check out the following […] Continue reading »

How to Block IPs with 6G Firewall

This quick post is aimed at users of the 6G Firewall. The latest 6G update removes the IP-address blocking section to improve firewall compatibility and implementation. So now with the IP section removed, you may be asking “how to block an IP address with 6G?” Well good news, this tutorial explains how to do it. Continue reading »

Bluehost, Sitelock, SSL, and .htaccess

[ Box Hole ]

Apparently, Bluehost partnered with a company called SiteLock sometime last year. Supposedly Sitelock is a “website scanner that proactively checks for malicious threats and vulnerabilities”. I guess the service operates on Bluehost servers, and today they sent a scary email letting me know that “malware was detected” on my Bluehost site. Here’s the thing though. I host only one site at Bluehost, and it is a simple one-page site with only a few simple files. So I was surprised by […] Continue reading »

7G Firewall : Log Blocked Requests

[ 7G Firewall (Beta) ]

This tutorial explains how to log requests that are blocked by the 7G Firewall. This is useful for testing, debugging, and just keeping an eye on things. Learn how to log requests from Apache mod_rewrite and download my custom 7G logging script. It’s a complete example that shows how to log rewrite requests via PHP. All open source and free :) Continue reading »

7G Firewall

[ 7G Firewall (Beta) ]

The 7G Firewall is here! 7G is now out of beta and ready for production sites. So you can benefit from the powerful protection of the latest nG Firewall (aka nG Blacklist). The 7G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. Continue reading »

Automatic IP Blacklist

[ Automatic IP Blacklist ]

Recently a reader going by the name of Rock Star sent me a cool little PHP script that automatically updates your site’s .htaccess with a current list of bad IP addresses. This is useful because it gives you better “real time” protection against attacks and malicious requests. This tutorial shares the code and explains how to implement in two easy steps. Continue reading »

Enable PHP fsockopen with CSF

[ Mr. PHP fsockopen CSF ]

Recently started some sites with Liquid Web hosting, everything going extremely well all around. There was one hiccup (at least for me) where PHP’s fsockopen was not working. At the time, I was trying to figure out why the Whois Lookup feature used by Blackhole Bad Bots was not working. Initial investigation revealed that fsockopen() external HTTP requests were getting blocked somewhere. Everything else worked, including making the requests via cURL. Continue reading »

Blocking the “ReallyLongRequest” Bandit

[ Sneaky Bandit ]

While browsing server logs, I kept seeing these super long request URIs that begin with “YesThisIsAReallyLongRequest…” and then the request string just keeps going for like 1 kilobyte worth of characters. Not just a few times, but many. In other words, somebody is going around and repeatedly hitting servers with gigantic-size requests. Probably to test server response using other people’s servers. Ummm, yeah kinda malicious. So I did some research and then blocked the “ReallyLongRequest” Bandit. Continue reading »

Detect Attacks with PHP and .htaccess

This tutorial explains how to detect and block security threats via .htaccess, and then pass that information to a PHP script for further processing. This is a powerful technique that combines the power of Apache with the flexibility of PHP. Enabling you to do things like log all unwanted traffic, send email reports for blocked requests, create a UI to display logged data, and just about anything else you can imagine. It’s an excellent way to keep a close eye […] Continue reading »

Block Greasy Uploads Scanner

Whether you’re running WordPress or not, your site may be getting hit by endless scanning for your site’s uploaded files and similar nonexistent resources. Specifically, the “Greasy Uploads Scanner” endlessly scans sites for nonexistent resources in the /uploads/ directory, even if the directory itself doesn’t exist. Just mindless scanning for all sorts of weird files. It steals your server resources and threatens your site security. We hates them. And we wants to block them. Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Blackhole Pro: Trap bad bots in a virtual black hole.
Thoughts
The Legend of Zelda: Tears of the Kingdom coming May 12, 2023. Absolutely pumped.
Favorite thing for breakfast is a tall glass of cold water. Hits the spot every time.
Fall is my favorite season :)
Still a few days left before “Unlimited” pro licenses are no longer available.
Getting back into it after a nice mini vacation. Time to ramp up and get busy.
Enjoy my 7-year hand-curated collection of free online tools for web dev and design.
Weapons required to rule the world: the weather, common cold, plenty of idiots.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.