Save 10% on our Pro WordPress plugins with discount code: 10PERCENT
Web Dev + WordPress + Security
108 posts related to: Upload Large Files or Die Trying

Apache Redirect Range of IP Addresses (IPv4 and IPv6)

There are numerous ways to redirect requests using Apache’s mod_rewrite and mod_alias. This concise, friendly tutorial explains different ways to redirect a range of IP addresses, either IPv4 or IPv6. Continue reading »

Disable Apache mod_rewrite Rules in any Subdirectory

Let’s say you have some .htaccess rewrite rules in place using Apache’s mod_rewrite. By default if the rewrite rules are located in the root directory, they will be applied to every subdirectory, as expected. But what if you need to disable the rewrite rules so that they do not affect some specific sub-directory or sub-folder? This super quick tutorial shows the easiest way to do it. Continue reading »

4 Ways to Make a WordPress Site Private Access Only

LOTR: Doors of Durin

Have you ever wanted to make a WordPress site private? So that only specific users are allowed access? For example, for my found-images site eChunks.com, I decided to require user login in order to access any content. So now for that site, public access is not allowed, and any posts, images, and all other content is available only to logged-in users. This tutorial explains four ways to make a WordPress site private or members only, so that only authenticated/trusted users […] Continue reading »

Stop WordPress from Changing .htaccess

[ Prevent WordPress Automatic .htaccess Modifications ]

In a recent tutorial, I explain how to Stop WordPress from modifying .htaccess. That post explains several ways to prevent WordPress from making changes to .htaccess. This post explains an even better way that is safe, effective, non-invasive, re-usable, and super simple. I’ve been using it on my own sites now for a few years and it works flawlessly. Continue reading »

.htaccess Redirect Examples

Finally put together a giant list of .htaccess redirect examples. It’s meant as a quick copy-&-paste resource for those who may be looking for an assortment of redirect techniques. Here you will find redirects via mod_alias and mod_rewrite. Examples include redirecting to and from any directory, subdirectory, resource, URL, and much more. Most of these examples are taken from my previous article, Stupid htaccess Tricks; other examples are taken from previous .htaccess tutorials here at Perishable Press. Enjoy! :) Continue reading »

How to Modify HTTP Headers in the WordPress Admin Area

WordPress provides the wp_headers filter hook and send_headers action hook to add and modify HTTP requests. For front-end pages, these are ideal hooks that should be used whenever possible. Unfortunately however neither hook works on all pages in the WordPress Admin Area. After some experimentation, I found an easy solution to modify HTTP headers on any/all pages in the Admin Area. Continue reading »

WordPress Error Fix: “Call to undefined function get_header()”

[ Call to undefined function ]

I’m seeing a big increase in bot attacks targeting theme files directly. First they get the URL to your theme directory. There are numerous ways for a bot to get this information. For example most themes include assets like CSS and JavaScript files, and the link includes the full URL. So then once they have the theme URL, bad bots will make direct requests for well-known theme template files, like index.php and header.php. Requesting template files directly may reveal possible […] Continue reading »

Difference between mod_alias and mod_rewrite

Most of the redirect techniques provided in my stupid .htaccess tricks article all use Apache’s alias module, mod_alias. You can also use mod_rewrite to redirect URLs. The main difference is that, with mod_alias, the server is responding to the client request with a redirect, so the client immediately is sent to the new location. Conversely, with mod_rewrite, the server simply returns the new content, so the client is not actually redirected anywhere. This makes mod_rewrite more advantageous because it happens […] Continue reading »

X Theme Leftover Code Snippets

While working on the site’s 24th redesign, I ended up with about 10 code snippets that were awesome but ultimately not needed. So rather than just delete these tasty functions, I am posting them here for future reference. Who knows, during the next site update I may decide to implement or repurpose some of these techniques. And of course sharing is caring, so feel free to use any of these code snippets in your own projects. Check out the Table […] Continue reading »

404 Fix: Block Nuisance Requests for Non-Existent Files

[ Han Solo shutting up C-3PO in Empire Strikes Back ]

As I’ve written before, blocking nuisance requests can help save you money by cutting down on wasted server resources, memory, and so forth. It also saves you time, as your server access and error logs won’t be full of nuisance request spam. So you will have more resources and time for things that matter, like running your business, helping customers, improving code, etc. So to continue the proud tradition of blocking malicious traffic, this post builds upon previous blocking techniques […] Continue reading »

Examples of Nested Encoding

Typically malicious scans use some sort of encoding to obscure their payloads. For example, instead of injecting a literal script, the attacker will run it through a PHP encoding function such as base64_encode(), utf8_encode(), or urlencode(). So if and when you need to decode some discovered payload, you can use whichever decoding function will do the job. For example, base64_decode(), utf8_decode(), or urldecode(). Sounds straightforward, but let’s dig a little deeper.. Continue reading »

WordPress .htaccess file

[ WordPress .htaccess file ]

The WordPress core uses .htaccess for two things: Permalinks and Multisite. This means that .htaccess is only required if you have enabled either of these features. Otherwise, .htaccess is entirely optional for default WordPress installations. Beyond the WP core, many plugins also use the .htaccess file for custom directives involving rewrites, redirects, custom headers, file compression, and much more. In many cases, such plugins add their .htaccess rules to your .htaccess file automatically, behind the scenes. Continue reading »

Get Random with PHP

This tutorial explains numerous ways to get random items via PHP: numbers, strings, passwords, nonces, images, and more. I use these techniques in various projects, and want to round them all up in one place for easy reference. I’ll be updating this post with additional techniques as I get them. Continue reading »

.htaccess Cleanup

Once again I am cleaning up my sites’ .htaccess files. I do this from time to time to remove old redirects, refresh blacklists, and update security and SEO-related directives. It’s tedious work, but the performance and security benefits make it all worthwhile. This post shares some of the techniques that were added, removed, or replaced from .htaccess, and explains the reasoning behind each decision. I do this for the sake of reference, and hopefully it will give you some ideas […] Continue reading »

Stop WordPress from modifying .htaccess

[ Perishable Press : Stop WordPress from modifying .htaccess ]

By default, depending on file permissions, WordPress automatically will modify the contents of your site’s .htaccess file. It does this on several occasions, adding and/or updating the rewrite rules required for WP’s permalink functionality. This post explains how this works, why it can be dangerous, and how to stop it from happening. Continue reading »

Stop User Enumeration in WordPress

[User Enumeration ]

This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an attacker can scan your site and obtain a list of login names in a matter of seconds. Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
The Tao of WordPress: Master the art of WordPress.
Thoughts
Making great strides on my new book. Planned release in December :)
To organize my life, I keep it simple. online: plain text files, offline: sticky notes.
Official list of Googlebot IP addresses.
Lot of 1s in today’s date 20211111.
Working on a new book :)
I enjoy listening to original Star Trek and NG episodes while working online. After a while it feels like I’m working on the ship as part of the crew, going on adventures.
New version (2.6) of my shapeSpace starter theme now available! Always free & open source for everyone :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.