Protect your site with the fastest firewall plugin for WordPress: BBQ Pro »
Tag Archive

Permanently Redirect a Specific IP Request for a Single Page via htaccess

Not the most interesting title, but “oh well”.. Recently, a reader named Alison left a comment requesting help with a particular htaccess trick. She wanted to know how to permanently redirect (301) all requests for a specific page when requested from a specific IP address. In other words, when a visitor coming from 123.456.789 requests the page requested-page.html, the visitor will be redirected to just-for-you.html. All visitors not coming from that specific IP address are not redirected, and thus will see the originally requested page. Further, the redirect must apply only to requested-page.html, such that every visitor — including the […] Read more »

How to Block IP Addresses with PHP

Figuratively speaking, hunting down and killing spammers, scrapers, and other online scum remains one of our favorite pursuits. Once we have determined that a particular IP address is worthy of banishment, we generally invoke the magical powers of htaccess to lock the gates. When htaccess is not available, we may summon the versatile functionality of PHP to get the job done. This method is relatively straightforward. Simply edit, copy and paste the following code example into the top of any PHP for which you wish to block access: Read more »

Ultimate htaccess Blacklist

For those of us running Apache, htaccess rewrite rules provide an excellent way to block spammers, scrapers, and other scumbags easily and effectively. While there are many htaccess tricks involving blocking domains, preventing access, and redirecting traffic, Apache’s mod_rewrite module enables us to target bad agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any matches are immediately and quietly denied access. There are many ways to obtain an effective htaccess blacklist. There are several excellent forums around the web that provide a plethora of priceless htaccess advice. Highly suggested. Additionally, after copying and pasting your […] Read more »

Harvesting cPanel Raw Access Logs

Harvesting Raw Logs For those of us using cPanel as the control panel for our websites, a wealth of information is readily available via cPanel ‘Raw Access Logs’. These logs are perpetually updated with data involving user agents, IP addresses, HTTP activity, resource access, and a whole lot more. Here is a quick tutorial on accessing and interpreting your cPanel raw access logs. Part One: Grab ‘em To grab a copy of your raw access logs, log into cPanel and click on the "Raw Access Logs" icon. Within the Raw Access Log interface, scroll through the list of available log […] Read more »

Compressed JavaScript Compression

In this article, we extrapolate our favorite CSS-compression technique for JavaScript. Below, we outline the steps required to auto-compress your JavaScript documents via gzip and PHP. Two different compression methods are presented. The first method does not require htaccess, but rather involves the manual editing of JavaScript files. The second method employs htaccess to do all the work for you, thus requiring much less effort to implement. In either case, the result is the same: automatically compressed content delivered only to supportive browsers, resulting in reduced bandwidth, faster loading times, and smiling visitors :) Read more »

Fast, Effective PHP Compression

PHP compression is an excellent method of conserving bandwidth and reducing client download times. We have already discussed an excellent method for CSS compression, and in this article we share a super-easy technique for compressing all PHP content without editing a single file. Using two PHP files and two corresponding lines of .htaccess, it is possible to compress your PHP files via gzip-encoding. Browsers and other user-agents capable of interpreting gz-encoded data will employ the compressed content, while other user-agents will utilize the content uncompressed. Read more »

Invite Only: Visitor Exclusivity via the Opt-In Method

Web developers trying to control comment-spam, bandwidth-theft, and content-scraping must choose between two fundamentally different approaches: selectively deny target offenders (the "blacklist" method) or selectively allow desirable agents (the "opt-in", or "whitelist" method). Currently popular according to various online forums and discussion boards is the blacklist method. The blacklist method requires the webmaster to create and maintain a working list of undesirable agents, usually blocking their access via htaccess or php. The downside of "blacklisting" is that it requires considerable effort to stay current with the exponential number of ever-evolving threats, which require exceedingly long lists for an effective response. […] Read more »

Roll your own Apache Rewrite Log

Roll your own Apache Rewrite log! Rocking your own rewrite log is super-helpful for testing .htaccess rewrite rules, WordPress permalinks, etc. For more information, check the source. Rewrite log via http.conf Twist one up via the Apache configuration file by placing this code at the foot of your http.conf (remember to edit the path): # Roll your own Rewrite log # Log details via scale of 1 to 9 # 1 = few details, 5 = enough details, 9 = too much detail RewriteEngine On RewriteLog “/absolute/path/to/your/wwwroot/public_html/rewrite.log” RewriteLogLevel 5 via htaccess ..doesn’t work. Example Here is an example indicating the […] Read more »

Time Test

This post exists entirely for the sake of tweaking time functionality in Apache, PHP, SQL, and WordPress.. Immediate findings: Date/time limit into the past for WordPress: December 13, 1901 @ 15:45 WordPress will display December 13, 1901 @ 15:45 properly for all functions except wp_get_archives All dates prior to 12/13/1901 in MySQL will display as December 31, 1969 @ 19:00 in the WP Admin > Post Timestamp panel SQL timestamps of 0000-00-00 00:00:00 display as 0 via $wpdb->get_col(“SELECT DISTINCT YEAR SQL timestamps of 0000-00-00 00:00:00 display link as the current year when permalinks are enabled An SQL timestamp of 1000-00-00 […] Read more »

Block Spam by Denying Access to No-Referrer Requests

What we have here is an excellent method for preventing a great deal of blog spam. With a few strategic lines placed in your htaccess file, you can prevent spambots from dropping spam bombs by denying access to all requests that do not originate from your domain. How does it work? Well, when a legitimate user (i.e., not a robot, etc.) decides to leave a comment on your blog, they have (hopefully) read the article for which they wish to leave a comment, and have subsequently loaded your blog’s comment template (e.g., comments.php), which is most likely located within the […] Read more »

Stop Bitacle from Stealing Content

If you have yet to encounter the content-scraping site,, consider yourself lucky. The scum-sucking worm-holes at are well-known for literally (404 link removed 2013/03/28), blatantly, and piggishly stealing blog content and using it for financial gains through advertising. While I am not here to discuss the legal, philosophical, or technical ramifications of illegal bitacle behavior, I am here to provide a few critical tools that will help stop bitacle from stealing your content. The htaccess Finger Perhaps the most straightforward and effective method for keeping the bitacle thieves away from your site, adding the following htaccess rules to […] Read more »

Stupid htaccess Tricks Redux

One of our most popular posts, Stupid htaccess Tricks, has been completely rewritten and now includes almost twice as many stupid htaccess tricks. Plus, we have added a library of regex character definitions, more information for many of the directives, and several handy references. But wait, there’s more — we even threw in a “quick-jump” Table of Contents and a complete set of “up” [ ^ ] links for easy navigation. Utterly amazing! Read more »

Website Attack Recovery

Recently, every website on our primary server was simultaneously attacked. The offending party indiscriminately replaced the contents of every index file, regardless of its extension or location, with a few vulgar lines of code, which indicated intention, identity, and influence. Apparently, the attack occurred via Germany, through a server at the University of Hamburg. This relatively minor attack resulted in several hours of valuable online education. In this article, it is our intention to share experience with website attack recovery. This article is aimed at website developers, designers, and administrators. Read more »

The htaccess Rules for all WordPress Permalinks

Updated June 30th, 2016: All code current with WordPress 4+. The permalink rules in this article should work with all versions of WordPress. I recently performed a series of tests on a fresh installation of WordPress to determine the exact .htaccess rewrite rules that WordPress writes to its .htaccess file for various permalink configurations. In the WordPress General > Permalinks settings, WordPress lists six options for permalink structure: Read more »

Permalink Enlightenment

I recently enabled the permalinks feature for a fresh WordPress 2.0.2 upgrade. The process required several hours of research and approximately 90 minutes to fully implement. This brief article summarizes the process and applies to at least the following setup: WordPress 2.0.2 Apache Server with mod_rewrite enabled The ability to access/modify your .htaccess file(s) You have decided to use the /%year%/%monthnum%/%day%/%postname%/ permalink format (actually, any format will work; simply swap your preferred format for the one mentioned here) You may also be using any of the plugins listed in the dungeon (actually, most plugins are compatible — only a few […] Read more »

Latest Tweets Wrapped up my WordPress security course at Lynda 3 days early, spent the remainder of time chilling at the beach :)