![[User Enumeration ]](https://perishablepress.com/wp/wp-content/images/2016/user-enumeration.jpg)
This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an attacker can scan your site and obtain a list of login names in a matter of seconds. Continue reading »
![[ RSSing.com Removal Request or Whatever ]](https://perishablepress.com/wp/wp-content/images/2016/rssing-com.jpg)
This quick post explains how to stop the notorious site scrapers, RSSing.com, from stealing your content. In fact, this technique can be used to stop virtually any site that uses HTML frames to scrape your pages. Once again, the solution is one line of .htaccess to the rescue. Continue reading »
![[ Two Passwords = Two Bad ]](https://perishablepress.com/wp/wp-content/images/2016/he-man-two-bad.jpg "Two Bad")
Image courtesy of eChunks.com Here is a quick security tip for people using popular apps on the Web. That is, apps like WordPress that may be widely used and targeted by bad actors and/or automated scripts. It’s all about adding another layer of security by hardening admin-level usernames.. Every now and then, I get an email letting me know that someone has requested a password reset for one of my admin-level WordPress accounts. Usually, the email notifications are sent directly […] Continue reading »
Over the years, my sites have been hacked numerous times. Each hacking event was somewhat of a miserable experience at first, but ultimately educational and even enlightening. I’m not going to say that getting hacked was the best thing that ever happened to me, but it certainly wasn’t the end of the world. In this post, I want to share some important steps to take and things to keep in mind if and when you discover that your site has […] Continue reading »
![[ Protect yourself ]](https://perishablepress.com/wp/wp-content/images/2014/gas-mask-dog.jpg)
Whether you like it or not, there are scripts and bots out there hammering away at your sites with endless HTTP “POST” requests. POST requests are sort of the opposite of GET requests. Instead of getting some resource or file from the server, data is being posted or sent to it. To illustrate, normal surfing around the Web involves your browser making series of GET requests for all the resources required for each web page. HTML, JavaScript, CSS, images, et […] Continue reading »
![[ WP Plugin: Core Control ]](https://perishablepress.com/wp/wp-content/images/2014/core-control.gif)
Just a quick post with some tips for troubleshooting and testing HTTP requests. For example, if you have a plugin that sends requests behind the scenes via Ajax or cURL or whatever, it’s nice to have a way to view request details such as headers, the response, and everything in between. This article is aimed primarily at WordPress users, but contains more general tips and tricks as well. Continue reading »
![[ Screenshot: Unordered list wrapping against floated image ]](https://perishablepress.com/wp/wp-content/images/2013/css-list-float-01.jpg)
If you’re displaying floated images in your posts, you may notice that margins of lists and other block-level elements seem to “collapse”, as shown in this screenshot from the 2013 redesign: Continue reading »
![[ Screenshot: PHP Logo ]](https://perishablepress.com/wp/wp-content/images/2012/php-easter-eggs-02a.jpg)
A reader recently brought to my attention a reported vulnerability on servers running PHP. It’s been known about for eons, but it’s new to me and it involves easter eggs in PHP so I thought it would be fun to share a quick post about what it is and how to prevent leakage of sensitive information about your server. It only takes a moment to disable the easter-egg information, should you decide to do so. Continue reading »
![[ Screenshot: 3D Logo via CSS3 text-shadow ]](https://perishablepress.com/wp/wp-content/images/2012/3d-text-shadow-example.jpg)
Here’s a fun way to make text look 3D using CSS3. Using CSS whenever possible instead of images has several key advantages, including faster page-loads and better SEO I use the CSS text-shadow technique in a previous theme, and a few people had asked about it, so here it is: everything you need to create your own stunning 3D-text with CSS3.. Continue reading »
![[ PayPal Phishing Spam Email ]](https://perishablepress.com/wp/wp-content/images/2012/paypal-phishing-spam-03.gif "Hover over the link and check the URL in the status bar")
Just a heads up to anyone else getting the occasional PayPal phishing spam.. Usually it’s pretty easy to spot one of those crafty phishing emails, just hover over any links before clicking to view the real URL in the status bar. You know, the link says something like, “click here to restore your PayPal account,” but you know that’s garbage and could easily prove it by checking the actual link URL, which is usually something completely bonkers, like: Continue reading »
