Stop WordPress from modifying .htaccess

By default, depending on file permissions, WordPress automatically will modify the contents of your site’s .htaccess file. It does this on several occasions, adding and/or updating the rewrite rules required for WP’s permalink functionality. This post explains how this works, why it can be dangerous, and how to stop it from happening. [...] Read more:

https://perishablepress.com/stop-wordpress-htaccess/

WordPress Plugin: Theme Switcha

Announcing my latest WordPress plugin, Theme Switcha! There are many theme-switch plugins but none of them provide the simplicity, performance, and reliability that I require for my own sites. So I wrote my own plugin using the WP API and kept the code as focused and solid as possible. Only essential theme-switching features have been added, along with a simple yet informative UI. Theme Switcha gives you a consistent, quality theme-switching experience that you can optionally share with your visitors. [...] Read more:

https://perishablepress.com/theme-switcha/

Lynda.com Course: Developing Secure WordPress Sites

After months of preparation and production, my new video course on developing secure WordPress sites is now available at Lynda.com. This is my second video course on securing WordPress; the first one was originally launched in 2011 and remained in Lynda’s library for over five years. I received a lot of great feedback on the course, and so I jumped on the opportunity to do another one. If there is one thing that I enjoy doing, it’s helping people with WordPress and security. [...] Read more:

https://perishablepress.com/developing-secure-wordpress-si…/

Block nuisance requests for .well-known, apple-app, etc.

Anyone who is paying attention to their server access and error logs has probably noticed that Google and other bots have been making endless requests for .well-known, apple-app-site-association, and various related files. This quick post explains how to save some server bandwidth and resources by blocking such repetitive requests, and also looks at a related problem with certain search engines <cough> not respecting a standard “410 Gone” server response. [...] Read more:

https://perishablepress.com/block-requests-well-known-appl…/

My Collection of Facebook Pages

Finally got around to setting up and pimping out official Facebook pages for my main websites. It took awhile to get them all fleshed out with posts, graphics, infos, and so forth. And then took awhile longer to wait until there were enough likes to get those oh-so-special vanity URLs. You know you gotta have those things. And now at this point, they’re all pretty much ready for their close-ups.. and so without further ado, here is my growing collection of Facebook pages for my various projects. [...] Read more:

https://perishablepress.com/my-facebook-pages/

Humans.txt Template

Years ago, I thought the whole humans.txt thing was just silly, and even explained how to block humans.txt requests. But the concept actually has grown on me to the point where I now include a customized humans.txt file for most of my projects. It just seems like some useful information to make available for those who are looking for it. You know, all about the site, author, team, and such. And I have seen plenty of requests for the humans file in my log files, so it’s definitely worth the effort and something worth providing, especially now that more people […] Read more:

https://perishablepress.com/humans-txt-template/

Some Q & A

Gonna start posting or deleting all of my old drafts just to clean things up back here in the Admin Area. For example, here is a post that I wanted to flesh out with specific examples and all sorts of references, but it’s just been sitting and waiting for too long, so now I’m just gonna post it as-is. Enjoy or not, here it is.. [...] Read more:

https://perishablepress.com/some-q-and-a/

Stop User Enumeration in WordPress

This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for ?author=1 through some number, say, ?author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an attacker can scan your site and obtain a list of login names in a matter of seconds. [...] Read more:

https://perishablepress.com/stop-user-enumeration-wordpress/

New Plugin: Blackhole for Bad Bots

Image Courtesy NASA/JPL-Caltech. Finally translated my Blackhole Spider Trap into a FREE WordPress plugin. It’s fun, fast, flexible, and works silently behind the scenes to protect your WordPress-powered site from malicious bots. Here are some of the features: Easy to set up Squeaky clean code Built with the WordPress API Easy to reset the list of bad bots Easy to delete any bot from the list Works silently behind the scenes to protect your site Optionally receive an email alert with WHOIS lookup for blocked bots All major search engine bots are whitelisted so they will never get blocked Customize [...] Read more at Perishable Press:

https://perishablepress.com/new-plugin-blackhole-bad-bots/

WordPress Plugin: Dashboard Widgets Suite

1 Plugin. 9 Widgets. Awesome Dashboard. Over the years, I’ve assembled a collection of Dashboard widgets that I use frequently on various sites. I find the WordPress Dashboard to be a convenient location for posting notes, viewing debug and error logs, and displaying social media icons, RSS feeds, and other useful information. I find these widgets essential, but I was spending way too much time installing and managing them on all of my sites. To help streamline workflow and boost productivity, I decided to bundle together my favorite Dashboard widgets into a single, easy-to-manage plugin. So today I’m pleased to [...] Read more at Perishable Press:

https://perishablepress.com/dashboard-widgets-suite/

WordPress Performance Issue Revisited

Following up on my recent performance report with essentially some conclusive results. Turns out that the reported issue is related more directly to the version of PHP than to the version of WordPress. So in other words, WordPress runs a bit faster on newer versions of PHP. As explained previously, after I upgraded my sites to WordPress 4.4, Googlebot reported slightly longer load times for my pages. The slower loading average was seen across numerous sites, and it looked like the WordPress 4.4 update was to blame. Read more at Perishable Press:

https://perishablepress.com/wordpress-performance-issue-re…/

They’re Scanning for Your Backup Files

Just a reminder to keep your backup files offline. Do not store them in any publicly accessible space. It’s just not worth the risk man. And if you’re working online, you should know this already. If not, then continue reading to learn why it’s absolutely mission critical. Read more at Perishable Press:

https://perishablepress.com/scanning-for-backup-files/

Brute-Force Login Drip Attack

I’ve been noticing a new strategy for brute-force login attacks: the slow, incremental “drip” attack. Instead of slamming a login page with hundreds or thousands of brute-force login attempts all within a few minutes, some attackers have been taking a more low-key approach by slowing down the rate of login attempts in order to bypass security measures. The “drip” brute-force attack is extremely annoying, and possibly dangerous if any of your registered users are using weak login credentials. Read more at Perishable Press:

https://perishablepress.com/brute-force-login-drip-attack/

Stop RSSing.com from Framing Your Content

This quick post explains how to stop the notorious site scrapers, RSSing.com, from stealing your content. In fact, this technique can be used to stop virtually any site that uses HTML frames to scrape your pages. Once again, the solution is one line of .htaccess to the rescue. Read more at Perishable Press:

https://perishablepress.com/stop-rssing-com/

Use Strong Usernames for Better Security

Image courtesy of eChunks.com Here is a quick security tip for people using popular apps on the Web. That is, apps like WordPress that may be widely used and targeted by bad actors and/or automated scripts. It’s all about adding another layer of security by hardening admin-level usernames. Read more at Perishable Press:

https://perishablepress.com/strong-usernames-better-securi…/