Book Sale! Code WP2025 takes 20% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security
165 posts related to: Block Random String Comment Spam

Protect Against Malicious POST Requests

[ Protect yourself ]

Whether you like it or not, there are scripts and bots out there hammering away at your sites with endless HTTP “POST” requests. POST requests are sort of the opposite of GET requests. Instead of getting some resource or file from the server, data is being posted or sent to it. To illustrate, normal surfing around the Web involves your browser making series of GET requests for all the resources required for each web page. HTML, JavaScript, CSS, images, et […] Continue reading »

Protect Against Humans.txt Query-String Scans

I woke up this morning to the sound of thousands of 404 requests hitting the server. It’s sad that there are kiddies out there who have nothing better to do than buy some pathetic $50 script and then sit there like an imbecile harassing people for hours on end. But alas, that is the world we live in — fortunately it’s less than trivial to block the entire scan with just a few lines of good old .htaccess. Continue reading »

2014 Micro Blacklist

[ 2014 Micro Blacklist ]

Over the past several months, I’ve assembled a “micro” blacklist to keep some recent threats at bay. Eventually, this will be integrated into the next nG Blacklist, but for now I just wanted to post and share with anyone else who is actively monitoring their server logs and aware of the recent spike in malicious activity. Continue reading »

2013 User Agent Blacklist

[ 2013 User Agent Blacklist ]

The 2013 User Agent Blacklist blocks hundreds of the worst bots while ensuring open-access for normal traffic, major search engines (Google, Bing, et al), good browsers (Chrome, Firefox, Opera, et al), and everyone else. Compared to blocking threats by IP, blocking by user-agent is more effective as a general security strategy. Although it’s trivial to spoof any user agent, many bad requests continue to report user-agent strings that are known to be associated with malicious activity. For example, the notorious […] Continue reading »

2013 IP Blacklist

When time allows, I like to post my collections of the worst IP addresses for the current year. Certainly, there are pros and cons to using an IP blacklist. In general, IPs are easily spoofed, change frequently, and are therefore unreliable as a general security strategy. But as a short-term solution, IP blacklists serve as an excellent method for dealing with specific and/or ongoing threats and attacks. Continue reading »

Set Up WordPress MultiSite on MAMP

MAMP + WordPress

In this tutorial, you’ll learn how to install and run WordPress MultiSite on a MAMP webserver. Running multiple sites from a single installation simplifies and streamlines administration, and serving it all from a locally installed version of MAMP gives you everything you need to develop your network of sites for the Web. Continue reading »

Run WordPress Locally with _AMP

[ _AMPs ]

To run WordPress on the Web, you need a domain name and web host. But you don’t need either of those things to run WordPress on your own computer. You need only to set up a local server environment that includes Apache, MySQL, and PHP. That may sound like a tall order, but thanks to packaged software bundles such as MAMP and WAMP, setting up a robust server environment on your computer is a relative breeze. Continue reading »

WordPress Plugin: Simple Ajax Chat

[ Simple Ajax Chat ]

Simple Ajax Chat displays a fully customizable Ajax-powered chat box anywhere on your site. SAC makes it easy for your visitors to chat with each other on your website. There already are a number of decent chat plugins, but I wanted one that is simple yet fully customizable with all the features AND outputs clean HTML markup for easy styling. Continue reading »

Blacklist Candidate 2012-11-13: Evil Scanner Edition

[ Blacklist Candidate Props ]

It’s been awhile since I’ve posted one of my Blacklist Candidate series articles. It’s always fun for me to talk (or write) about security related issues, especially when a quick slab of .htaccess can be used to take care of business. And that’s exactly what we have in this edition of the series, where I’m pleased to bring you Blacklist Candidate Number 2012-11-13: the “evil” scanner. Instead of scanning your site, collecting data, and moving on, Mr. 2012-11-13 continues to […] Continue reading »

WordPress Plugin: Simple Blog Stats

[ Simple Blog Stats ]

Simple Blog Stats is a free WordPress plugin that provides a wealth of shortcodes and tags to display a variety of unique statistics about your site. Stats about your blog include total number of categories, comments, posts, users, tags, and more. SBS also displays recent comments and recent posts in posts, pages, and anywhere in your theme. Plus additional stats for Custom Post Types, word counts, and much more. Continue reading »

Protect Against Brute-force/Proxy Login Attacks

[ Solomon Grundy of the Legion of Doom ]

For the past week, I’ve been monitoring activity from a set of IP addresses involved with brute-force login attacks. Brute-force login attacks involve systematic guessing of passwords using various common usernames such as “admin” and “username”. So for example, an attack will target an array of sites, use “admin” as the username, and then make numerous attempts at “guessing” your password. And to obfuscate their malicious activity, the attack is executed from multiple IP addresses, either via proxy or possibly […] Continue reading »

6G Firewall Beta

[ 6G Blacklist (beta) ]

Since releasing the 5G Blacklist earlier this year, malicious server scans and bad requests have surged with more novel attacks than I’ve seen since first getting into this stuff six years ago. In other words, now is the time to beef up security and lock things down. If you’re into monitoring your server and knowing your traffic, you may be observing the same recent spike in malicious activity. In response to these attacks, I’ve been secretly working on the next […] Continue reading »

Blank Space / Whitespace Character for .htaccess

Working on the next version of the G-Series Blacklist, I needed a way to match a wide variety of UTF-8-encoded (hex) character strings. Those familiar with their site’s traffic will recognize this particular type of URI request string, which is typically associated with malicious server scanning, exploits, and other malicious behavior. As I explain in this post, pattern-matching and blocking the blank-space, or whitespace character in URL-requests is an effective way to improve the security of your website. Continue reading »

Case-Insensitive RedirectMatch

Cool trick that you may not have known about.. it’s possible to get case-insensitive matching with the powerful RedirectMatch directive. Normally, you would just write your redirect as something like this: Continue reading »

PayPal Phishing Spam

[ PayPal Phishing Spam Email ]

Just a heads up to anyone else getting the occasional PayPal phishing spam.. Usually it’s pretty easy to spot one of those crafty phishing emails, just hover over any links before clicking to view the real URL in the status bar. You know, the link says something like, “click here to restore your PayPal account,” but you know that’s garbage and could easily prove it by checking the actual link URL, which is usually something completely bonkers, like: Continue reading »

WordPress MultiSite Subdomains on MAMP

Developing WordPress sites on a local MAMP server provides flexibility, privacy, and security throughout the development process. Setting up a WordPress environment on MAMP is definitely worth the effort, especially if you’re building and testing multiple sites using WordPress’ built-in MultiSite functionality. The easiest and recommended way of setting up WordPress MultiSite is to use sub-directories. So when you create a new site named “business”, it will be located at http://localhost/business/. Here’s a mini-tutorial on how to use sub-domains for […] Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
BBQ Pro: The fastest firewall to protect your WordPress.
Thoughts
Finishing up the pro version of Head Meta Data plugin, launch planned this month.
Finally finished my ultimate block list to stop AI bots :) Blocks over 100 AI bots!
After 10 years working late at night, my schedule has changed. I am now a “morning person”, starting my day at 6am or earlier.
Nice update for Wutsearch search engine launchpad. Now with 19 engines including Luxxle AI-powered search.
New version of 8G Firewall (v1.4) now available for download :)
Wishing everyone a prosperous and bright New Year!
I disabled AI in Google search results. It was making me lazy.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.