Main Menu
Spring Sale! Save 30% on all books w/ code: PLANET24
Perishable Press
Web Dev + WordPress + Security
GA Google Analytics Pro
GA Pro: Add Google Analytics to WordPress like a pro.
Popular Posts
+ More popular posts »
276 posts related to: Stop User Enumeration in WordPress
« Newer Posts 15678918 Previous Posts »

Tale of a Hacked Website

[ Prise de la Bastille, by Jean-Pierre-Louis-Laurent Houel (Detail) ]

I love a good story. Almost as much as I enjoy securing websites. Put them together and you’ve got suspense, intrigue, and plenty of encoded gibberish. But no happy ending this time, in this case the smartest decision was to “pull it” and rebuild. The site was just wasted — completely riddled with malicious code. Without current backup data, it would’ve been “game over” for the site, and possibly the business. Continue reading »

6G Firewall Beta

[ 6G Blacklist (beta) ]

Since releasing the 5G Blacklist earlier this year, malicious server scans and bad requests have surged with more novel attacks than I’ve seen since first getting into this stuff six years ago. In other words, now is the time to beef up security and lock things down. If you’re into monitoring your server and knowing your traffic, you may be observing the same recent spike in malicious activity. In response to these attacks, I’ve been secretly working on the next […] Continue reading »

Case-Insensitive RedirectMatch

Cool trick that you may not have known about.. it’s possible to get case-insensitive matching with the powerful RedirectMatch directive. Normally, you would just write your redirect as something like this: Continue reading »

WordPress Add-on for 5G Blacklist

Ill requests and malicious scans have been spiking recently, to the point where server performance was really taking a hit. One scan in particular hammered the server with thousands of bad requests in just a few minutes. There are people out there with strong scripts and small minds that are constantly scanning sites for vulnerabilities, and much of what I’ve seen is aimed primarily at WordPress. Continue reading »

Redirect WordPress Date Archives with .htaccess

Restructuring a WordPress website may involve removing the subdomain from URLs/permalinks. For example, I recently removed the original WP-install subdirectory from Perishable Press to simplify site structure and optimize WordPress permalinks. There are PHP scripts and WP plugins that might work for this, but in most cases .htaccess is optimal when changing URL structure and redirecting traffic. Here’s a quick example to help visualize the concept: Continue reading »

Category Functions for WordPress

[ Downtown Seattle WA 2012 ]

My previous theme sports the now-infamous colorized categories, which aim to help visitors navigate featured content. In addition to the colors, featured categories display contextually relevant navigation, popular posts, and related tags. It’s a great way to improve organization and get more of your content in front of the visitor. To make it happen, a variety of tasty WordPress code snippets are used, including versatile theme functions that enable getting the first category link, displaying sub-categories of the current category, […] Continue reading »

PayPal Phishing Spam

[ PayPal Phishing Spam Email ]

Just a heads up to anyone else getting the occasional PayPal phishing spam.. Usually it’s pretty easy to spot one of those crafty phishing emails, just hover over any links before clicking to view the real URL in the status bar. You know, the link says something like, “click here to restore your PayPal account,” but you know that’s garbage and could easily prove it by checking the actual link URL, which is usually something completely bonkers, like: Continue reading »

5G Blacklist 2012

[ 5G (2012) ]

The 5G Blacklist helps reduce the number of malicious URL requests that hit your website. It’s one of many ways to improve the security of your site and protect against evil exploits, bad requests, and other nefarious garbage. If you’re tired of all the slow, bloated security plugins and expensive 3rd-party services, the 5G Blacklist is a solid solution to help protect your Apache-powered site. Continue reading »

5G Blacklist for Microsoft IIS

[ 5G (MS IIS) ]

By design the 5G Blacklist works on Apache servers, but thanks to Scott Stawarz, here is a version for Microsoft IIS. Disclaimer: I do not use any Microsoft server stuff, so make sure to properly test everything before running this code on a live/production site. Also, if you scroll down to the end of this article, you will find some useful bonus snippets. Continue reading »

Roll Your Own “What’s My IP Address?” Page

[ Jeff Spicoli from Fast Times at Ridgemont High ]

My current ISP likes to keeps things spicy by changing my IP address every few months or so. There are a million ways to get this changing IP information, but as an obsessive web developer, I like to roll my own whenever possible. That means using my own resources instead of spending time and energy elsewhere. So the goal for this project is to create a web page that does one thing very well: display the visitor’s current IP information. […] Continue reading »

WordPress MultiSite Subdomains on MAMP

Developing WordPress sites on a local MAMP server provides flexibility, privacy, and security throughout the development process. Setting up a WordPress environment on MAMP is definitely worth the effort, especially if you’re building and testing multiple sites using WordPress’ built-in MultiSite functionality. The easiest and recommended way of setting up WordPress MultiSite is to use sub-directories. So when you create a new site named “business”, it will be located at http://localhost/business/. Here’s a mini-tutorial on how to use sub-domains for […] Continue reading »

Building the 5G Blacklist

[ Common Server Responses ]

Protecting your website is more important than ever. There are a million ways to do it, and this is one of them. In fact, it’s what I use to protect Perishable Press and other key sites. It’s called the 5G Blacklist, and it’s something I’ve been working on for a long time. The idea is simple enough: analyze bad requests and block them using a firewall/blacklist via .htaccess. Now in its 5th generation, the 5G Blacklist has evolved into a […] Continue reading »

Optimizing WordPress Permalinks with htaccess

[ Optimizing WordPress Permalinks with htaccess ]

Okay, so Summer’s over, kids are back in school, and I’m finding all sorts of free time to continue writing and posting. One of my Summer projects involved updating & optimizing one of my old project sites, DeadLetterArt.com. It was basically a huge clean-up session that included lots of content consolidation and permalink restructuring. So that’s the topic of this post, how to use htaccess to optimize WordPress permalinks. I’ll go through some htaccess techniques and explain how they can […] Continue reading »

Huge Collection of Code Snippets: HTAccess, PHP, WordPress, jQuery, HTML, CSS

[ WP Cron HTTP Auth ]

Please excuse this self-serving, miscellaneous post, but I’ve just got to purge all of these code snippets and scraps collected over the years. Whenever I update this site, I place any removed/unused code snippets into a giant note file for future reference, just in case. There’s all sorts of different types of code and snippets that just keep growing and growing and.. and finally it gets to a point where I just need to dump everything and start fresh. Welcome […] Continue reading »

Block Tough Proxies

If you want to block tough proxies like hidemyass.com, my previously posted .htaccess methods won’t work. Those methods will block quite a bit of proxy visits to your site, but won’t work on the stealthier proxies. Fortunately, we can use a bit of PHP to keep them out. Continue reading »

Ajax-Powered Error Logs for WordPress

[ WordPress ]

In my previous post, I share my technique for Ajax-Powered Error Logs. That tutorial shows you how to set up dynamic error monitoring on any typical website, but the script requires some tweaking to get it working with WordPress. In this quick post, I explain how to set up Ajax Error Logs specifically for WordPress sites. Continue reading »

« Newer Posts 15678918 Previous Posts »
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
+ More thoughts »
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.
Topics
Perishable Press Newsletter
Get news, updates, deals & tips via email.
Your email will remain private. Easy unsubscribe anytime.
Find me on the social medias
Around the site
WordPress help
Favorite projects
© 2004–2024 Perishable Press • Yes Theme by Monzilla Media • Built w/ shapeSpaceSitemapPolicyRSSJohn 3:16