Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security
Category: Security
170 posts

Examples of Email Phishing in 2024

I enjoy sharing the pathetic phishing emails that make it past my spam filters. After watching various waves of phishing campaigns come and go over the past 20 years, I have come to accept that it’s just a part of life on the Web. Phishing scams have been happening since the dawn of the Internet, with no signs of stopping anytime soon. About the best you can do is practice safe email handling practices and never open any links or […] Continue reading »

3 Ways to Disable WordPress XML-RPC for Better Security

I’ve written before about how to protect WordPress XML-RPC and why it’s important. In this quick post, I explain three easy ways to to disable WordPress XML-RPC to help improve the security of your WordPress-powered site. Continue reading »

8G Firewall Addon: Protect Against Rogue PHP File Attacks

Been getting hit with massive attacks on all sites. Very large VPN/proxy network. Relentless requests 24/7, thousands of requests every minute, just non-stop attacks. All URL requests targeting rogue PHP files. The attacks were weighing on precious server resources. Server held up fine but this nonsense needed to stop. So I wrote a tight little addon for my 8G Firewall. Blocks the entire attack with just a few clicks.. Continue reading »

Get Yourself Some Backup Internet Service Providers

As a full-time web developer and typical human being, I rely on the Internet for a great many things. So when the Internet is not available, my work (and play) comes to a grinding halt. Fortunately my primary ISP is pretty solid, but it still goes down every once in a while. So to maintain my workflow (and general sanity), having a backup Internet service provider is absolutely essential. Here’s one way to do it.. Continue reading »

Heavy Scans for Low-Hanging Fruit

I’ve been working on developing the 8G Firewall. Digging through log files and crunching the data, the big new trend I’m noticing is heavy scanning for easy targets, low hanging fruit. Bad actors are looking for any little hidden files stashed on your server. Mostly PHP files, also ZIP and RAR files, and other file formats commonly used for compressing and archiving content. Basically, anything that might contain useful information (like login credentials, database backups, email addresses, etc.). Also, 99% […] Continue reading »

BBQ Firewall – Count Blocked Requests

BBQ Firewall is built to be powerful, lightweight, fast and flexible. It’s code base is kept super lean, leaving extra functionality out of core while supporting new features via simple addons. For example, this tutorial shows how to use an addon to display the total number of blocked HTTP requests on the plugin settings page. This can help you get a basic idea of the plugin’s effectiveness. Continue reading »

Enable Logging for nG Firewall

This tutorial is for users of my nG Firewall, version 8G or better. It explains how to enable logging for all blocked requests. This is useful for testing, debugging, and keeping an eye on things. Takes only a few minutes to set up, and of course it’s all open source and 100% free for everyone :) Continue reading »

8G Firewall

After more than a year of beta testing, 8G Firewall is ready for use on production sites. So you can benefit from the powerful protection provided by the latest evolution of the nG Firewall (aka nG Blacklist). The 8G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. 8G is a lightweight (only 17KB) strong firewall that provides site security and peace of mind. […] Continue reading »

About nG Firewall

The nG Firewall is a carefully crafted set of security rules for Apache and Nginx servers. nG may be applied via your site’s public root .htaccess file, or added via server configuration file. Once added, 8G provides powerful server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. It’s a lightweight yet super strong firewall that improves site security and peace of mind. Continue reading »

Block Random String Comment Spam

Recently WordPress sites have been getting hammered with random-string comment spam. The attackers are clever, using random text strings for every vector except the payload, which usually is the URL used for the comment’s Name link. But for these weird comment spams, the apparent payload is the email address. It’s the only part of the comment that’s not made up of random gibberish. Continue reading »

Self-Hosted, Domain-Based Email Addresses FTW

I use domain-based emails for 99% of my email activity. The other 1% is comprised of assorted 3rd-party email services and temporary slash disposable addresses (like for testing purposes and one-off sign-ups, etc.). I can tell you whole-heartedly based on 20+ years working online that self-hosted email is THE WAY to go. Continue reading »

DIY Server Uptime Monitor

There are many free (and commercial) uptime monitoring services that will alert you if your server goes offline. These services are popular because it’s mission critical to know when your sites are down. The sooner you know about it, the sooner you can scramble to get everything back online. I’ve tried other scripts and services but nothing that met my specific needs: simple, secure, lightweight and blazing fast. So decided roll my own DIY server status monitor and share it […] Continue reading »

Redirect Stupid Bots to Existing Resources

In case you hadn’t noticed, I’m on another one of my posting sprees. Going through the past year’s worth of half-written drafts and collected code snippets, and sharing anything that might be useful or interesting. Here is a bit of .htaccess that brings together several redirection techniques into a singular plug-&-play code snippet. Continue reading »

Deleting Unused Online Accounts

Like many of you, I have been working online for years now, more than most. Over the course of the past 20 years, I have created accounts at hundreds and hundreds of websites. That includes all the work-related stuff, like web development, plus LOTS of social media sites, online services for everything from email to security monitoring. Not to mention all of the accounts created for mundane things like banking, utilities, Internet and phone service, and so forth. Continue reading »

Target User Agents and Reduce Spam via robots.txt

Your website’s robots.txt file probably contains some rules that tell compliant search engines and other bots which pages they can visit, and which are not allowed, etc. In most of the robots.txt files that I’ve looked at, all of the Allow and Disallow rules are applied to all user agents. This is done with the wildcard operator, which is written as an asterisk *, like this: User-agent: * This site’s robots.txt file provides a typical example. All of the allow/disallow […] Continue reading »

New WordPress Plugin: Simple Login Notification

New WordPress plugin! Simple Login Notification does one thing and does it well: sends an email alert whenever an admin-level user logs in to your site. I use this plugin on all of my sites to keep an eye on any unauthorized activity. Not that I’m expecting any, but if it does happen I definitely want to know about it. The plugin size is only 4 KB (zipped) with virtually zero impact on performance or anything else. Win win win, […] Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
.htaccess made easy: Improve site performance and security.
Thoughts
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
Crazy that we’re almost halfway thru 2024.