tips
Tag Archive

Building the 3G Blacklist, Part 2: Improving Site Security by Preventing Malicious Query-String Exploits

In this continuing five-article series, I share insights and discoveries concerning website security and protecting against malicious attacks. In this second article, I present an incredibly powerful method for eliminating malicious query string exploits. Subsequent articles will focus on key blacklist strategies designed to protect your site transparently, effectively, and efficiently. At the conclusion of the series, the five articles will culminate in the release of the next generation 3G Blacklist. Improving Site Security by Preventing Malicious Query String Exploits A vast majority of website attacks involves appending malicious query strings onto legitimate, indexed URLs. Any webmaster serious about site […] Read more »

Building the 3G Blacklist, Part 1: Improving Site Security by Recognizing and Exploiting Server Attack Patterns

In this series of five articles, I share insights and discoveries concerning website security and protecting against malicious attacks. In this first article of the series, I examine the process of identifying attack trends and using them to immunize against future attacks. Subsequent articles will focus on key blacklist strategies designed to protect your site transparently, effectively, and efficiently. At the conclusion of the series, the five articles will culminate in the release of the next generation 3G Blacklist. Improving Site Security by Recognizing and Exploiting Server Attack Patterns Crackers, spammers, scrapers, and other attackers are getting smarter and more […] Read more »

Universal www-Canonicalization via htaccess

During my previous rendezvous involving comprehensive canonicalization for WordPress, I offer my personally customized technique for ensuring consistently precise and accurate URL delivery. That particular method targets WordPress exclusively (although the logic could be manipulated for general use), and requires a bit of editing to adapt the code to each particular configuration. In this follow-up tutorial, I present a basic www-canonicalization technique that accomplishes the following: requires or removes the www prefix for all URLs absolutely no editing when requiring the www prefix minimal amount of editing when removing the www prefix minimal amount of code used to execute either […] Read more »

Toggle Element Visibility via JavaScript

Recently, while restoring the popular Jupiter! WordPress theme, which several readers use to “skin” the Perishable Press website, I found myself searching for a simple, effective JavaScript technique for toggling element visibility. Specifically, I needed to accomplish the following design goals: Users should be able to toggle the visibility of any division containing post-meta information The post-meta information should remain visible by default and when JavaScript is unavailable The JavaScript should be as unobtrusive as possible, requiring minimal scripting in the markup Here are a couple of screenshots demonstrating this repetitious toggling functionality as employed in the Jupiter! theme (click […] Read more »

Obsessive CSS Code Formatting: Opening and Closing Brackets

Following my recent post on CSS code formatting, I was delightfully surprised to have received such insightful, enthusiastic feedback. Apparently, I am not the only person passionate about the subtle nuances involved with the formatting of CSS code. So, to continue the conversation, let’s explore several techniques for writing the opening and closing brackets of CSS declaration blocks. Read more »

The Pros and Cons of Blogging

Among my friends, family, coworkers, and other social acquaintances, there are not many “bloggers.” In fact, there aren’t any. Two or three of my old friends have websites that are updated once or twice per year, but none are actively blogging and sharing their ideas with the online community. Many of my “non-blogging” peeps simply don’t “get it.” To them, the whole idea of consistently updating a website with new material seems like a big waste of time. In fact, on several occasions, I have been confronted with some serious questions and criticisms about the whole “blogging thing.” In this […] Read more »

Drop-Dead Easy Random Images via PHP

Recently, while restoring my collection of Perishable Press themes, I needed a fast, effective way to randomize a series of images. After playing around with several likely candidates, I finally devised the following drop-dead easy technique: <img src=”http://domain.tld/path/random/image_<?php $random = rand(1,n); echo $random; ?/>.png” alt=”[ Random Image ]” height=”50″ width=”50″ /> This single line of code facilitates the random display of n number of images (image_1.png, image_2.png, image_3.png, etc.) located in the target directory (http://domain.tld/path/random/). For those of you that understand how this works, great! That’s pretty much the entire purpose of this article. However, for those that would appreciate […] Read more »

Pure CSS: Better Image Preloading without JavaScript

After reading my previous article on preloading images without JavaScript 1, Nanda pointed out that adding extra markup to preload images is not the best approach, especially where Web Standards are concerned. Mobile devices, for example, may experience problems when dealing with the following preloading technique: /* ADD THIS TO CSS */ div#preloaded-images { position: absolute; overflow: hidden; left: -9999px; top: -9999px; height: 1px; width: 1px; } <!– ADD THIS TO XHTML –> <div id=”preloaded-images”> <img src=”https://perishablepress.com/image-01.png” width=”1″ height=”1″ alt=”Image 01″ /> <img src=”https://perishablepress.com/image-02.png” width=”1″ height=”1″ alt=”Image 02″ /> <img src=”https://perishablepress.com/image-03.png” width=”1″ height=”1″ alt=”Image 03″ /> </div> Thus, as Nanda suggests, […] Read more »

How to Edit the Firefox Custom Dictionary

Oooops! Didn’t really mean to add that particular word to the Firefox custom dictionary. Better remove it now before it causes problems later on.. As one who takes full advantage of the custom dictionary in Firefox, I occasionally find myself adding nonexistent or misspelled words to the dictionary by accident. Not wanting to deal with a false negative down the road, I always take the time to stop what I’m doing, locate the custom dictionary, and remove the erroneous term. Finally getting sick of trying to remember the esoteric location in which Firefox stores the personal dictionary, I decided to […] Read more »

Obsessive CSS Code Formatting: Patterns and Trends

Call me strange, but I format each of my CSS rules according to the following pattern: div#example element { margin: 5px 15px 5px 0; border: 1px solid #444; line-height: 1.5em; text-align: center; background: #222; font-size: 10px; display: block; padding: 5px; color: #888; float: left; } div#another div.example element { border: 1px solid #444; margin: 7px 0 17px 0; letter-spacing: 1px; font-weight: bold; background: #222; font-size: 1.1em; cursor: pointer; display: block; padding: 3px; width: 308px; color: #888; clear: left; float: left; } div#another div.example element { text-indent: -9999px; overflow: hidden; position: fixed; display: block; z-index: 9999; padding: 0px; margin: 0px; bottom: […] Read more »

Custom HTTP Errors via htaccess

We all know how important it is to deliver sensible, helpful 404 error pages to our visitors. There are many ways of achieving this functionality, including the well-known htaccess trick used to locally redirect users to custom error pages: # htaccess custom error pages ErrorDocument 400 /errors/400.html ErrorDocument 401 /errors/401.html ErrorDocument 403 /errors/403.html ErrorDocument 404 /errors/404.html ErrorDocument 500 /errors/500.html ..and so on. These directives basically tell Apache to deliver the designated documents for their associated error types. Many webmasters and developers employ this trick to ensure that visitors receive customized error pages that are generally more user-friendly or design-specific than […] Read more »

WordPress Tip: Careful with that Autosave, Eugene

After upgrading WordPress from version 2.0.5 to 2.3.3, I did some experimenting with the “post autosave” feature. The autosave feature uses some crafty ajax to automagically save your post every 2 minutes (120 seconds by default). Below the post-editing field, you will notice a line of text that displays the time of the most recent autosave, similar to the following: Surely, this relatively new feature provides an added layer of protection against lost work, but all is not perfect (yet) in the world of automatically saved content. Several months ago, I lost several hours of work because the autosave feature […] Read more »

WordPress Tip: Remove Spam from the Comment Subscription Manager

After investigating some unusual 404 errors the other day, I found myself digging through the WordPress Admin trying to locate the “Subscribe to Comments” options panel. As it turns out, administrative options for the Subscribe to Comments plugin are split into two different areas. First, the S2C plugin provides configuration options under “Options > Subscribe to Comments”, which enables users to tweak everything from subscription messages to custom CSS styles. New to me was the other half of the S2C administration area: the Subscription Manager! Carefully hidden under “Manage > Subscriptions”, the Subscription Manager provides several useful ways to filter your email subscribers: Read more »

What is My WordPress Feed URL?

For future reference, this article covers each of the many ways to access your WordPress-generated feeds. Several different URL formats are available for the various types of WordPress feeds — posts, comments, and categories — for both permalink and default URL structures. For each example, replace “http://domain.tld/” with the URL of your blog. Note: even though your blog’s main feed is accessible through many different URLs, there are clear benefits to using a single, consistent feed URL throughout your site. Read more »

Unobtrusive JavaScript Dynamic Clock

In this tutorial, I present an easy way to add a little extra flair to your site by adding some dynamic clock functionality. Using unobtrusive JavaScript, a bit of (X)HTML markup, and a dash of PHP (optional), we will create a dynamic clock that degrades gracefully to a static date/time-stamp when JavaScript is unavailable. No need to get all verbose with this one, so let’s dive right in.. Read more »

WordPress Discussion Management: Enable or Disable Comments and Pingbacks via SQL

Continuing my quest to stop comment spam without using plugins, I have decided to disable comments on “old” posts. In my experience, over 90% of comment, trackback and pingback spam occurs on posts that have been online for over a month or so, just long enough to be indexed by the search engines and picked up by spammers. Especially for older posts that have managed to acquire a little page rank, the frequency of spam attempts is far greater than it is for fresher content. Throw dofollow comment status into the mix, and say “hello” to a hellish number of […] Read more »

Latest Tweets Coupon code to save 30% on my WP books & plugins: LETITSNOW wp-tao.com/store + plugin-planet.com/storetwitter.com/i/web/status/80410…