Categories
Link Dumps

Link Dump #13

FindThatMeme – A meme search engine that’s useful and entertaining in it’s own right.

Merry Sky – I’m a sucker for a good weather control panel and this one is good.

gail.com FAQ – Not gmail.com, gail.com

omg.lol – I’m not really sure what this is, but it looks like maybe a fun website builder and email thingy (???) with a cool URL.

Twitodon – Find your Tweeps on Mastodon. Simple as that.

Wobbly clock! – Oddly satisfying. I want this on my wall.

Car Sized – Compare the size of cars visually. Dear god they’re huge.

Categories
WordPress

Almost perfect htaccess file for WordPress

A million years ago I wrote an article titled “Almost perfect htaccess file for WordPress” which while far from an accurate statement proved to be very popular. Many years, tens of thousands of views, and $0 earned I decided to resurrect the old article and update it for 2022.

While my hosting platform of choice WP Engine is phasing out htaccess file support (because they run Nginx), much of the WordPress hosting world (running Apache) still relies on this configuration file.

Before we add things to .htaccess we need to know what *should be* there on a default WordPress website.

Thanks to a very helpful and concise WordPress htaccess support article, this answer was easy.

# BEGIN WordPress

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

What should you add to your WordPress htaccess file?

I can’t answer that, but I can give you some ideas.

  1. Disable directory browsing for improved security. This ability (to browse directories from the public web) should already by disabled by your web host.
Options All -Indexes

2. Redirects – While I personally like using a plugin like Redirection for redirects to allow monitoring of usage, you can also create 301 redirects manually with htaccess.

Redirect 301 /oldpagename http://yourdomain.com/newpagename

3. Force SSL – For users visiting your site to access via https.

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

4. Block an IP address – If you need to block an IP address for abuse or lulz use the following rule. I prefer to block individual users/IPs with something like Cloudflare, or even a WordPress security plugin like Defender.

Deny from 123.123.123.123

5. Enable GZIP compression to improve the loading speed of your website assets. This is another rule that I don’t bother with, and instead utilize Cloudflare’s compression feature.

# BEGIN GZIP COMPRESSION
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
# END GZIP COMPRESSION

6. Enable caching. Different from traditional WordPress page caching, asset caching instructs the user’s browser in how long to store each file (CSS/JS/JPG/GIF etc.)

## Enable Browser Caching ##
<IfModule mod_expires.c>
    FileETag MTime Size
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
    ExpiresActive On
    ExpiresByType text/html "access 500 seconds"
    ExpiresByType application/xhtml+xml "access 500 seconds"
    ExpiresByType text/css "access 1 month"
    ExpiresByType text/javascript "access 1 month"
    ExpiresByType text/x-javascript "access 1 month"
    ExpiresByType application/javascript "access 1 month"
    ExpiresByType application/x-javascript "access 1 month"
    ExpiresByType application/x-shockwave-flash "access 1 month"
    ExpiresByType application/pdf "access 1 month"
    ExpiresByType image/x-icon "access 1 year"
    ExpiresByType image/jpg "access 1 year"  
    ExpiresByType image/jpeg "access 1 year"
    ExpiresByType image/png "access 1 year"
    ExpiresByType image/gif "access 1 year"
    ExpiresDefault "access 1 month"
</IfModule>
## Enable Browser Caching ##

7. Increase the max upload size, memory limit and server timeouts. If your website host allows, you can increase the maximum size of uploads to the WordPress media library as well as the memory limit and timeout limits.

php_value upload_max_filesize 32M
php_value post_max_size 64M
php_value memory_limit 128M
php_value max_execution_time 300
php_value max_input_time 300

8. Protect wp-config.php A very important file, wp-config.php should and can be protected with this simple code.

# Protect the wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>

9. Disable access to XML-RPC for improved security. Unlesss you’re using an app or third party connection that requires this service, you should disable it:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Other WordPress htaccess options:

  • Password protect wp-admin
  • Stop Username Enumeration Attacks
  • Prevent Image Hotlinking
  • Force Files to Download
  • Protect Your Site Against Script Injections
  • Secure the wp-includes Directory

Categories
Link Dumps

Link Dump #12

Delete System32 – While only hearing of this meme recently, it’s exactly the dumbass trick I would have loved in my teens (aka everything on 4chan)

Related: What If You Delete the “Program Files” Folder in Windows?

LosslessCut – Trim a video or audio clip without having to re-encode/transcode.

Productivity Blocker – A Chrome extension that blocks all work related websites. I love it.

PaidLink – Create a paid link to your digital content. I haven’t used, but I love lightweight solutions.

Graphtreon – Ranking the top Patreon users. I don’t know who any of these people are.

Start a Fucking Blog – I did I did, jeez.

Categories
Link Dumps

Link Dump #11

So many links, so little Twitter to dump them on. Thankfully Elmo has no say in what garbage I publish here!

The Moon Is a Harsh Mistress – I haven’t read this yet, but I bookmarked it for a reason.

Which Face Is Real? – Powered by This Person Does Not Exist, this little app shows you how useless you are as a human.

Apple Rankings – For the apples you eat!

Know Your Amphetamines – Know the difference between your ADHD friends and your meth head friends!

The Map of the Universe – by Johns Hopkins University. Posters available!

*The featured image for this post was generated using keywords entered into Canva’s Text to Image app and well the last image (lower right) … isn’t terrible!

Categories
Link Dumps

Link Dump #10

NOTMYPLATE.com – This might be UK only, but you can opt out of license plate tracking.

Have I Been Squatted? – Enter your domain and to see if some asshat has registered a typosquatted domain. I learned a new word today!

See a Satellite Tonight – With the naked eye! I love the Google Street view integration. There’s a lot more to see up there than ever before!

Build an American Voter – Enter some details about an American, and this website will tell you how that person probably votes! Sad and scary.

Grabby Aliens – I don’t know. I saved this but don’t have the energy to absorb what they’re trying to say. We’re… too early?

SpaceHey – Surprisingly not about space but rather MySpace.

BetterExplained – Another website / approach promising a better way to learn math. Maybe?

Infinite Mac – Did you love Mac OS 9? Do you still? Not me. But if you do this might tickle your retro-fancy.