Save 10% on our Pro WordPress plugins with discount code: 10PERCENT
Web Dev + WordPress + Security

Fix Gutenberg Errors

I’ve been exploring WordPress new Gutenberg functionality, and unfortunately keep encountering various weird errors. So to keep things organized and hopefully help others on the same path, I’m going to update this post with any Gutenberg errors for which I am able to find a solution. This includes any PHP errors, warnings, notices, as well as any JavaScript and/or debug/console errors. Continue reading »

Delete Shared/Saved Gutenberg Blocks

Been playing with WordPress new Gutenberg functionality. While exploring the new features, I created some Shared blocks via the “Convert to Shared Block” button. After another hour of playing with the Gutenberg API, there were a number of “orphaned” Shared blocks (just due to swapping out code snippets while testing). After some searching, I found it is possible to delete Shared blocks programmatically with JavaScript, but could not find any specific documentation or examples. So, I came up with an […] Continue reading »

Banhammer WordPress Plugin

[ Banhammer - Protect your site from enemy hordes! ]

Banhammer makes monitoring traffic and banning visitors crazy easy and fun. Say your forum is being harassed by some dirtbag. Or your admin directory is crawling with bad bots. Or some script kiddie is trying to brute-force your login page. Don’t just sit there and watch it happen.. drop the Banhammer on those fools and block them forever. Continue reading »

New WordPress Security Plugin: Host Header Injection Fix

[ HHIF (Host Header Injection Fix) ]

Since version 2.3, WordPress has been vulnerable to a Host Header Injection attack in certain server environments. Over the years, there has been some discussion about fixing the vulnerability, but as of WP 4.9 (beta) nothing has been implemented. So to help those in the WP community who may be concerned (including myself), I developed a new security plugin that fixes the issue: Host Header Injection Fix (HHIF). Continue reading »

FAQs for User Submitted Posts

This post contains overflow FAQs for the free version of User Submitted Posts (hosted at WordPress.org). I am moving a bunch of the FAQs to this post in order to clean up the plugin’s ever-growing readme.txt file. For FAQs about the Pro version of USP, check out USP Pro – FAQs & Presales over at Plugin Planet. And so without further ado.. Continue reading »

Disable WordPress Responsive Images

[ Bruce Lee ]

WordPress responsive images are awesome. But some people want to use their own methods to implement. This post explains how to disable WordPress responsive image functionality so that you can use your own methods. It makes things easier when you don’t have to wrestle with what WordPress is doing. Continue reading »

Display bbPress Posts without a Plugin

[ Display bbPress Posts without a Plugin ]

I recently redesigned my .htaccess site, htaccessbook.com. Before the redesign, I was using bbPress for the forum functionality. It worked okay for a few years, but along the way there were all sorts of really nasty bugs and important things breaking. It seemed like, no matter what, each updated version of the bbPress plugin caused serious problems, like replies not working, permalinks changing, and all sorts of other issues. Eventually, I got tired of spending hours after each bbPress update […] Continue reading »

Examples of Nested Encoding

Typically malicious scans use some sort of encoding to obscure their payloads. For example, instead of injecting a literal script, the attacker will run it through a PHP encoding function such as base64_encode(), utf8_encode(), or urlencode(). So if and when you need to decode some discovered payload, you can use whichever decoding function will do the job. For example, base64_decode(), utf8_decode(), or urldecode(). Sounds straightforward, but let’s dig a little deeper.. Continue reading »

WordPress .htaccess file

[ WordPress .htaccess file ]

The WordPress core uses .htaccess for two things: Permalinks and Multisite. This means that .htaccess is only required if you have enabled either of these features. Otherwise, .htaccess is entirely optional for default WordPress installations. Beyond the WP core, many plugins also use the .htaccess file for custom directives involving rewrites, redirects, custom headers, file compression, and much more. In many cases, such plugins add their .htaccess rules to your .htaccess file automatically, behind the scenes. Continue reading »

.htaccess Cleanup

Once again I am cleaning up my sites’ .htaccess files. I do this from time to time to remove old redirects, refresh blacklists, and update security and SEO-related directives. It’s tedious work, but the performance and security benefits make it all worthwhile. This post shares some of the techniques that were added, removed, or replaced from .htaccess, and explains the reasoning behind each decision. I do this for the sake of reference, and hopefully it will give you some ideas […] Continue reading »

WordPress Plugin: Blackhole Pro

[ Blackhole Pro ]

Announcing the Pro version of my WordPress security plugin, Blackhole for Bad Bots. Like the free version, Blackhole Pro protects your site against bad bots, spammers, scrapers, scanners, and other automated threats. This increases site security and saves precious server resources for your legit visitors. It’s time to say “bye bye” to bad bots. Continue reading »

Build Your Own One-Click WordPress Content Importer

WordPress Media Settings

In this tutorial, I’m going to walk you through how you can add a new menu in WordPress Admin Area, where your users will be able to import any demo content — including widgets, their positions and navigation as well — by a single click. The code follows the best WordPress practices, uses WP Filesystem for file management, includes escaping and all text strings are prepared for translation. It also passes the WordPress theme check plugin! Continue reading »

WordPress Plugin: Prismatic

[ Prismatic ]

I’ve been using other plugins to display my code at Perishable Press, Plugin Planet, DigWP, and WP-Mix for years now. The other plugins have done the job, but there are things that I’ve always wanted to change. For example, syntax highlighting. I use syntax highlighting for code snippets at WP-Mix, but not on any of my other sites. So I wanted to combine clean, time-tested code escaping with stylish syntax highlighting. After sharing well over 1,000 code snippets online, I […] Continue reading »

Stop WordPress from modifying .htaccess

[ Perishable Press : Stop WordPress from modifying .htaccess ]

By default, depending on file permissions, WordPress automatically will modify the contents of your site’s .htaccess file. It does this on several occasions, adding and/or updating the rewrite rules required for WP’s permalink functionality. This post explains how this works, why it can be dangerous, and how to stop it from happening. Continue reading »

WordPress Plugin: Theme Switcha

[ Theme Switcha ]

Announcing my latest WordPress plugin, Theme Switcha! There are many theme-switch plugins but none of them provide the simplicity, performance, and reliability that I require for my own sites. So I wrote my own plugin using the WP API and kept the code as focused and solid as possible. Only essential theme-switching features have been added, along with a simple yet informative UI. Theme Switcha gives you a consistent, quality theme-switching experience that you can optionally share with your visitors. Continue reading »

Lynda.com Course: Developing Secure WordPress Sites

[ WordPress: Developing Secure WordPress Sites ]

After months of preparation and production, my new video course on developing secure WordPress sites is now available at Lynda.com. This is my second video course on securing WordPress; the first one was originally launched in 2011 and remained in Lynda’s library for over five years. I received a lot of great feedback on the course, and so I jumped on the opportunity to do another one. If there is one thing that I enjoy doing, it’s helping people with […] Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Build and sell awesome WordPress themes.
Thoughts
Working on a new book :)
LinkedIn decided to replace my highly rated video course on WP security. For a limited time the course is still available to *logged-in* users via direct URL.
I enjoy listening to original Star Trek and NG episodes while working online. After a while it feels like I’m working on the ship as part of the crew, going on adventures.
New version (2.6) of my shapeSpace starter theme now available! Always free & open source for everyone :)
Finished updating all of my books! As always, book owners can download the latest versions for FREE :)
W3C.org has a very thorough list of accessibility tools.
The more you wake up, the more you realize you are still asleep.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.