Main Menu
Spring Sale! Save 30% on all books w/ code: PLANET24
Perishable Press
Web Dev + WordPress + Security
BBQ Pro: Block Bad Queries
BBQ Pro: The fastest firewall to protect your WordPress.
Popular Posts
+ More popular posts »
276 posts related to: Stop User Enumeration in WordPress
« Newer Posts 13456718 Previous Posts »

Stop WordPress from modifying .htaccess

[ Perishable Press : Stop WordPress from modifying .htaccess ]

By default, depending on file permissions, WordPress automatically will modify the contents of your site’s .htaccess file. It does this on several occasions, adding and/or updating the rewrite rules required for WP’s permalink functionality. This post explains how this works, why it can be dangerous, and how to stop it from happening. Continue reading »

Lynda.com Course: Developing Secure WordPress Sites

[ WordPress: Developing Secure WordPress Sites ]

After months of preparation and production, my new video course on developing secure WordPress sites is now available at Lynda.com. This is my second video course on securing WordPress; the first one was originally launched in 2011 and remained in Lynda’s library for over five years. I received a lot of great feedback on the course, and so I jumped on the opportunity to do another one. If there is one thing that I enjoy doing, it’s helping people with […] Continue reading »

Block nuisance requests for .well-known, apple-app, etc.

[ Block Nuisance Requests ]

Anyone who is paying attention to their server access and error logs has probably noticed that Google and other bots have been making endless requests for .well-known, apple-app-site-association, and various related files. This quick post explains how to save some server bandwidth and resources by blocking such repetitive requests, and also looks at a related problem with certain search engines <cough> not respecting a standard “410 Gone” server response. Continue reading »

They’re Scanning for Your Backup Files

[ Scanning for Backup Files ]

Just a reminder to keep your backup files offline. Do not store them in any publicly accessible space. It’s just not worth the risk man. And if you’re working online, you should know this already. If not, then continue reading to learn why it’s absolutely mission critical. Continue reading »

Brute-Force Login Drip Attack

[ Brute-Force Login Drip Attack ]

I’ve been noticing a new strategy for brute-force login attacks: the slow, incremental “drip” attack. Instead of slamming a login page with hundreds or thousands of brute-force login attempts all within a few minutes, some attackers have been taking a more low-key approach by slowing down the rate of login attempts in order to bypass security measures. The “drip” brute-force attack is extremely annoying, and possibly dangerous if any of your registered users are using weak login credentials. This article […] Continue reading »

Stop RSSing.com from Framing Your Content

[ RSSing.com Removal Request or Whatever ]

This quick post explains how to stop the notorious site scrapers, RSSing.com, from stealing your content. In fact, this technique can be used to stop virtually any site that uses HTML frames to scrape your pages. Once again, the solution is one line of .htaccess to the rescue. Continue reading »

Use Strong Usernames for Better Security

[ Two Passwords = Two Bad ]

Image courtesy of eChunks.com Here is a quick security tip for people using popular apps on the Web. That is, apps like WordPress that may be widely used and targeted by bad actors and/or automated scripts. It’s all about adding another layer of security by hardening admin-level usernames.. Every now and then, I get an email letting me know that someone has requested a password reset for one of my admin-level WordPress accounts. Usually, the email notifications are sent directly […] Continue reading »

How to Block Baidu Bot

[ Baidu Search Engine ]

A user of my 6G Firewall recently asked how to block the “baidu” bot from accessing their site. This post explains why Baidu is not blocked in 6G and provides a quick .htaccess technique to deny it (or anything claiming to be it) access to your site. Continue reading »

Block D-Bag Database Exploits

Some douchebag has been scanning my sites for a variety of potential database exploits. My sites are secure, so there is no real security threat, but the scans are extremely annoying and waste my server resources. Resources like bandwidth and memory that I would rather use for legitimate visitors. So after collecting some data and experimenting a bit, I wrote a simple .htaccess snippet to block a vast majority of these pathetic database-exploit scans. Continue reading »

6G Firewall

[ 6G Firewall ]

After three years of development, testing, and feedback, I’m pleased to announce the official launch version of the 6G Firewall (aka the 6G Blacklist). This version of the nG Firewall is greatly refined, heavily tested, and better than ever. Fine-tuned to minimize false positives, the 6G Firewall protects your site against a wide variety of malicious URI requests, bad bots, spam referrers, and other attacks. Blocking bad traffic improves site security, reduces server load, and conserves precious resources. The 6G […] Continue reading »

What to do when your site gets hacked

HSI: Hacked Site Investigation

Over the years, my sites have been hacked numerous times. Each hacking event was somewhat of a miserable experience at first, but ultimately educational and even enlightening. I’m not going to say that getting hacked was the best thing that ever happened to me, but it certainly wasn’t the end of the world. In this post, I want to share some important steps to take and things to keep in mind if and when you discover that your site has […] Continue reading »

s2member notes

I use s2member (free version) and s2member Pro on a few of my sites. Have been for several years now. Over the course of time, I have amassed a healthy collection of notes, code snippets and techniques for customizing default functionality, adding features, and so forth. Gonna post the collection online for the benefit of any others who may be seeking for similar modifications and/or related information. Continue reading »

Block revslider Scans

One of the most annoying, persistent scans I’ve seen in a long time are those hunting for the revslider vulnerability. In the five or so months since the exploit was discovered, many sites have been compromised. And based on what I’ve been seeing in my traffic logs, the risk is far from over. Apparently every 2-bit script kiddie and their pet hamster wants a piece of the “revslider action”. Continue reading »

BBQ Firewall – Customize Rules

BBQ Firewall

BBQ Firewall is a lightweight, super-fast plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong Apache/.htaccess firewall. Continue reading »

WordPress Themes In Depth

Book Launch! My fourth book, WordPress Themes In Depth, focuses entirely on WordPress theme development. It goes in-depth on how to build, customize, and distribute your own WordPress themes. It’s 10+ years of experience with WordPress jam-packed into 450 pages of non-stop theme-building action. Continue reading »

CSS Dropdown Menu in WordPress

WordPress Admin Area - Appearance - Menus

In this tutorial I am going to show you how to build a pure CSS drop down menu in WordPress. I will walk you through the steps of creating a menu in WordPress, customizing it with CSS, and then printing the menu in your theme file. This tutorial requires that you have access to edit your WordPress theme files and also a basic understanding of HTML and CSS. I will walk through the process step-by-step so don’t worry if you […] Continue reading »

« Newer Posts 13456718 Previous Posts »
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Wizard’s SQL for WordPress: Over 300+ recipes! Check the Demo »
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
+ More thoughts »
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.
Topics
Perishable Press Newsletter
Get news, updates, deals & tips via email.
Your email will remain private. Easy unsubscribe anytime.
Find me on the social medias
Around the site
WordPress help
Favorite projects
© 2004–2024 Perishable Press • Yes Theme by Monzilla Media • Built w/ shapeSpaceSitemapPolicyRSSJohn 3:16