Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security

Block Random String Comment Spam

Recently WordPress sites have been getting hammered with random-string comment spam. The attackers are clever, using random text strings for every vector except the payload, which usually is the URL used for the comment’s Name link. But for these weird comment spams, the apparent payload is the email address. It’s the only part of the comment that’s not made up of random gibberish. Continue reading »

Protect WordPress Media Files

[ Protect WordPress Media Files ]

This is an experimental technique that I am playing with. It’s the simplest possible way that I could think of to protect all files in the WordPress Media Library using only Apache/.htaccess. I’ve been testing the code on an image-heavy site and so far there are no issues. So I want to put the code out there for others to test and hopefully provide feedback if anything less than perfect. It’s a super simple method that prevents media files from […] Continue reading »

Video Course: WordPress on Shared Hosting

[ WordPress: Shared Hosting ]

After months of hard work, my latest LinkedIn/Lynda.com video course has launched! The course walks through the entire process of getting WordPress installed and running on shared hosting. If you’re new to WordPress or the Internet in general, and want to start your own WordPress-powered website, this course will help you do it as quickly and inexpensively as possible. Continue reading »

WordPress: Plugin Development

[ WordPress: Plugin Development ]

After months of hard work, I am excited to announce the launch of my new video course on developing WordPress plugins. It covers the entire process of building, securing, and optimizing your own plugins, including 50+ ready-to-go plugin demos and examples. The course is focused on developing plugins using the WP API and Standards. Covers basics and gets into advanced topics like HTTP API, REST API, and WP Cron. Truly packed with practical examples and techniques to help you create […] Continue reading »

WordPress .htaccess file

[ WordPress .htaccess file ]

The WordPress core uses .htaccess for two things: Permalinks and Multisite. This means that .htaccess is only required if you have enabled either of these features. Otherwise, .htaccess is entirely optional for default WordPress installations. Beyond the WP core, many plugins also use the .htaccess file for custom directives involving rewrites, redirects, custom headers, file compression, and much more. In many cases, such plugins add their .htaccess rules to your .htaccess file automatically, behind the scenes. Continue reading »

Build Your Own One-Click WordPress Content Importer

WordPress Media Settings

In this tutorial, I’m going to walk you through how you can add a new menu in WordPress Admin Area, where your users will be able to import any demo content — including widgets, their positions and navigation as well — by a single click. The code follows the best WordPress practices, uses WP Filesystem for file management, includes escaping and all text strings are prepared for translation. It also passes the WordPress theme check plugin! Continue reading »

Stop WordPress from modifying .htaccess

[ Perishable Press : Stop WordPress from modifying .htaccess ]

By default, depending on file permissions, WordPress automatically will modify the contents of your site’s .htaccess file. It does this on several occasions, adding and/or updating the rewrite rules required for WP’s permalink functionality. This post explains how this works, why it can be dangerous, and how to stop it from happening. Continue reading »

Lynda.com Course: Developing Secure WordPress Sites

[ WordPress: Developing Secure WordPress Sites ]

After months of preparation and production, my new video course on developing secure WordPress sites is now available at Lynda.com. This is my second video course on securing WordPress; the first one was originally launched in 2011 and remained in Lynda’s library for over five years. I received a lot of great feedback on the course, and so I jumped on the opportunity to do another one. If there is one thing that I enjoy doing, it’s helping people with […] Continue reading »

Stop User Enumeration in WordPress

[User Enumeration ]

This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an attacker can scan your site and obtain a list of login names in a matter of seconds. Continue reading »

WordPress Themes In Depth

Book Launch! My fourth book, WordPress Themes In Depth, focuses entirely on WordPress theme development. It goes in-depth on how to build, customize, and distribute your own WordPress themes. It’s 10+ years of experience with WordPress jam-packed into 450 pages of non-stop theme-building action. Continue reading »

CSS Dropdown Menu in WordPress

WordPress Admin Area - Appearance - Menus

In this tutorial I am going to show you how to build a pure CSS drop down menu in WordPress. I will walk you through the steps of creating a menu in WordPress, customizing it with CSS, and then printing the menu in your theme file. This tutorial requires that you have access to edit your WordPress theme files and also a basic understanding of HTML and CSS. I will walk through the process step-by-step so don’t worry if you […] Continue reading »

Update: Ajax Error Log for WordPress – v2.0

New version of Ajax-Powered Error Logs for WordPress now available for download. The functionality is the same, but the script is rewritten for better design, performance, and security. Continue reading »

Learn the Way of WordPress

[ The Tao of WordPress ]

It’s been quiet around here, but I have a good excuse. I spent the last six months writing, designing, and publishing my third book, The Tao of WordPress. This is an excellent book for beginners, students, designers, and basically anyone who wants to learn how to get the most from WordPress. The book “soft-launched” last week, and now I want to share the news with readers here at Perishable Press. Continue reading »

Set Up WordPress MultiSite on MAMP

MAMP + WordPress

In this tutorial, you’ll learn how to install and run WordPress MultiSite on a MAMP webserver. Running multiple sites from a single installation simplifies and streamlines administration, and serving it all from a locally installed version of MAMP gives you everything you need to develop your network of sites for the Web. Continue reading »

Run WordPress Locally with _AMP

[ _AMPs ]

To run WordPress on the Web, you need a domain name and web host. But you don’t need either of those things to run WordPress on your own computer. You need only to set up a local server environment that includes Apache, MySQL, and PHP. That may sound like a tall order, but thanks to packaged software bundles such as MAMP and WAMP, setting up a robust server environment on your computer is a relative breeze. Continue reading »

Ajax-Powered Error Logs for WordPress

[ WordPress ]

In my previous post, I share my technique for Ajax-Powered Error Logs. That tutorial shows you how to set up dynamic error monitoring on any typical website, but the script requires some tweaking to get it working with WordPress. In this quick post, I explain how to set up Ajax Error Logs specifically for WordPress sites. Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
The Tao of WordPress: Master the art of WordPress.
Thoughts
I disabled AI in Google search results. It was making me lazy.
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.