icing

This was found in .htaccess file(presumably added by an earlier version of BPS)

RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]

This is offered on the custom code page on the right side.

RewriteCond %{HTTP_USER_AGENT} ^$ [OR]

What is the difference between the two? Which one should be used? Can you give me a link to a webpage that explains these things and I will read it myself.

Thanks

Leave it there?

I often witness brute force attacks from Russian Federation, Bulgaria and Ukraine. They are not even my target audience. One of the days last month, they went ballistic on my website. In 2hrs, more than 20,000 attempts were made to crack wp-login.php. They were unsuccessful that day. For that, all the credit goes to @aitpro and BulletProof Security. Since then, I have added further code to htaccess to strengthen the defence.

I have not yet blocked those countries using htaccess. Most of the IP addresses, I checked, that attacked my website are not in the list of IPs generated by incredibill.me by selecting these three countries. So, I doubt if that will really help.

Is this advisable?

@adityabajaj if you have any information on this regards. Please post. I am always open to learning new things and making improvements. If possible just copy-paste the relevant information.

I request moderator to let him post a link if he wishes to. After going through his link I will write a review here about it.

Thanks. So, from your reply, I can safely assume that Google crawler is using 1.1.

Another thing that struck me was that even if a legitimate crawler is using 1.0, it doesn’t need to request wp-login.php. It can just crawl the rest of the pages. Right?

If you have a site that legitimately needs to performance improvement between the two methods, then you’re big enough that you probably already have a paid developer on staff, who doesn’t need to be told how to enqueue stylesheets. Otherwise: you’re not going to notice the difference.

Why not have it the other way round? Have the most efficient method by default. And if somebody wants to use the “most easiest and user-friendly approach” of @import they can tell their paid developer to do it.

This resistance for better standards by a few people seems a way to distinguish themselves from the average user.

Hi Chris

Did you find out how to arrange multiple colophon widgets horizontally?

Thanks

Wanted to do this for mobile. This is what I did in style.css of childtheme. Will have to dig deeper for what you want to do. But this will give you an idea.

@media screen and (max-width: 650px) {
/* Move nav-bar to the top*/
.js .main-nav {
	position: absolute;
	top: 0;
	right: 0;
}

/* Move logo down by the height of nav-bar i.e.30px */
#logo {
	position: relative;
	top: 30px;
}

Thanks for that. Lets go and clear some space…
grabs broom

Before that, one question: Do you have a .htaccess file that doesn’t allow such uploads?

Create a child theme. Add this to stylesheet.css of the child theme.

.main_nav ul, .main_nav
{
	background: red;
}

something to do with this?
$simplecatch_sliders .= '<a href="' . get_permalink() . '" title="Permalink to '.the_title('','',false).'">';

If you want to make your site safer with .htaccess try Bulletproof Security. So far so good. Support is prompt and always helpful. They know their stuff well.

The plugin will take some time learning how to use, especially if you are new to htaccess or wordpress. But after some time you will like it.

Useful comment from MickeyRoush on the SmashingMag article.

Your “Kill PHP Execution” code has an error. You’re using “FilesMatch” then “Files” to close it. You need to change the “Files” to “FilesMatch” to close it.

For your “Kill PHP Execution” for the uploads directory it would be better to white-list instead of blacklist, since there are many extensions that could be executable.

Something like this (I originally tried to paste the code here, but it gets stripped for some reason):

https://pastebin.com/49MrrbTp

Please note that above works best for Apache 2.x and above. One, FilesMatch is much better utilized for PCRE. Two, that above prevents any double extensions as well, so no .php.jpg or anything that can be changed using Live HTTP Headers, etc.

So the rules says, only allow the follow case-insensitive single file extensions. jpeg, jpg, png, gif, pdf

“[^.]+” Means not a literal period one or more times.

“(?:[Jj][Pp][Ee]?[Gg]|[Pp][Nn][Gg]|[Gg][Ii][Ff]|[Pp][Dd][Ff]) or (?i:jpe?g|png|gif|pdf)” Means these case-insensitive file extensions.

You could create your own list depending on your needs.