Josiah Cole

Link Dump #15

FediAct – I have this plugin, but I’m not sure what it really does. It helps with Mastodon that’s all I know.

WTF DOES THIS COMPANY DO – Put in the URL for a confusing website, and this app will tell you what they really do. This did work for me, and then it didn’t – good luck!

Cheap Bots, Toot Sweet! – Make a Mastodon bot.

Give Me The VIN – While not a unique service (automated, online car selling), I like the simplicity of the URL and how it motivates the user with a simple instruction.

SteamDB – Game artwork for Steam, for gamers who like order.

Monocle – Open source AR eyewear. Rough but neat!

Tilt Five – AR tabletop gaming at home. Very cool, also very expensive.

Asteroid Launcher – Would a link dump be complete without a Neal.Fun link? Nope. Launch an Asteroid at your home town and read the gory play-by-play!

Return YouTube Dislike – I’m not a big YouTube user, but man people were butthurt when they took away the dislike button.

Bird.makeup – Follow Twitter accounts on Mastodon. I jumped on this when I found it, but alas it’s not working in my instance anymore. *sad face*

Link Dumps

Link Dump #14

Getting a little backed up on links, expect more of these for a while.

Pranx.com – Just Pranx, Bro! All the things 15 year old me would have adored and abused.

Wonders of Street View – Neal makes cool stuff. This is no exception and reminds me this.

Cities Near Me – A geolocation browser tool to find stuff near you, with an emphasis on… cities? I have no idea why I bookmarked this.

Lonely World .info – Unique tool for people feeling lonely, and those willing to help to connect.

gentle.earth – say something you’re too afraid to say out loud

That Sky Wish – Okay, these are getting weird. Your guess is a good as mine.

clickhere – Much like ShadyURL (which is down?), this makes suspicious shortened URLs and is equally HILARIOUS

verylegit.link – Run your own shady URL generator.

Play Counter-Strike 1.6 Online – So many memories. I tested this on my Chromebook with a trackpad lol.

WP Engine WPEngine

WP Engine Login

The WP Engine customer portal can be found here: https://my.wpengine.com

This URL will actually redirect you to another WP Engine login page here: https://identity.wpengine.com/

If you’re looking to instead log into your WordPress website hosted at WP Engine, you can use the Customer Portal to “seemlessly” login to WordPress with one-click, no seperate username and password required. More information on WP Engine Seamless Login.

Link Dumps

Link Dump #13

FindThatMeme – A meme search engine that’s useful and entertaining in it’s own right.

Merry Sky – I’m a sucker for a good weather control panel and this one is good.

gail.com FAQ – Not gmail.com, gail.com

omg.lol – I’m not really sure what this is, but it looks like maybe a fun website builder and email thingy (???) with a cool URL.

Twitodon – Find your Tweeps on Mastodon. Simple as that.

Wobbly clock! – Oddly satisfying. I want this on my wall.

Car Sized – Compare the size of cars visually. Dear god they’re huge.

WordPress

Almost perfect htaccess file for WordPress

Post author By Josiah Cole
Post date January 21, 2023
No Comments on Almost perfect htaccess file for WordPress

A million years ago I wrote an article titled “Almost perfect htaccess file for WordPress” which while far from an accurate statement proved to be very popular. Many years, tens of thousands of views, and $0 earned I decided to resurrect the old article and update it for 2022.

While my hosting platform of choice WP Engine is phasing out htaccess file support (because they run Nginx), much of the WordPress hosting world (running Apache) still relies on this configuration file.

Before we add things to .htaccess we need to know what *should be* there on a default WordPress website.

Thanks to a very helpful and concise WordPress htaccess support article, this answer was easy.

# BEGIN WordPress

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

What should you add to your WordPress htaccess file?

I can’t answer that, but I can give you some ideas.

Disable directory browsing for improved security. This ability (to browse directories from the public web) should already by disabled by your web host.

Options All -Indexes

2. Redirects – While I personally like using a plugin like Redirection for redirects to allow monitoring of usage, you can also create 301 redirects manually with htaccess.

Redirect 301 /oldpagename http://yourdomain.com/newpagename

3. Force SSL – For users visiting your site to access via https.

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

4. Block an IP address – If you need to block an IP address for abuse or lulz use the following rule. I prefer to block individual users/IPs with something like Cloudflare, or even a WordPress security plugin like Defender.

Deny from 123.123.123.123

5. Enable GZIP compression to improve the loading speed of your website assets. This is another rule that I don’t bother with, and instead utilize Cloudflare’s compression feature.

# BEGIN GZIP COMPRESSION
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
# END GZIP COMPRESSION

6. Enable caching. Different from traditional WordPress page caching, asset caching instructs the user’s browser in how long to store each file (CSS/JS/JPG/GIF etc.)

## Enable Browser Caching ##
<IfModule mod_expires.c>
    FileETag MTime Size
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
    ExpiresActive On
    ExpiresByType text/html "access 500 seconds"
    ExpiresByType application/xhtml+xml "access 500 seconds"
    ExpiresByType text/css "access 1 month"
    ExpiresByType text/javascript "access 1 month"
    ExpiresByType text/x-javascript "access 1 month"
    ExpiresByType application/javascript "access 1 month"
    ExpiresByType application/x-javascript "access 1 month"
    ExpiresByType application/x-shockwave-flash "access 1 month"
    ExpiresByType application/pdf "access 1 month"
    ExpiresByType image/x-icon "access 1 year"
    ExpiresByType image/jpg "access 1 year"  
    ExpiresByType image/jpeg "access 1 year"
    ExpiresByType image/png "access 1 year"
    ExpiresByType image/gif "access 1 year"
    ExpiresDefault "access 1 month"
</IfModule>
## Enable Browser Caching ##

7. Increase the max upload size, memory limit and server timeouts. If your website host allows, you can increase the maximum size of uploads to the WordPress media library as well as the memory limit and timeout limits.

php_value upload_max_filesize 32M
php_value post_max_size 64M
php_value memory_limit 128M
php_value max_execution_time 300
php_value max_input_time 300

8. Protect wp-config.php A very important file, wp-config.php should and can be protected with this simple code.

# Protect the wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>

9. Disable access to XML-RPC for improved security. Unlesss you’re using an app or third party connection that requires this service, you should disable it:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Other WordPress htaccess options:

Password protect wp-admin
Stop Username Enumeration Attacks
Prevent Image Hotlinking
Force Files to Download
Protect Your Site Against Script Injections
Secure the wp-includes Directory