This blog now runs on PHP 7!

Hi all,

I’m proud to announce to all the after several tinkering, this blog now runs on PHP 7 ! PHP 7 is the latest iteration of the popular general-purpose scripting language that is suited to web development.

PHP7 is touted to perform up to TWO TIMES faster than PHP5.

Here are the performance benchmark run by Kinsta has shown that PHP7 has significantly improved performance when compared to PHP 5.6.


  • WordPress 4.3.1 HHVM RepoAuthoritative benchmark result: 375.48 trans/sec
  • WordPress 4.3.1 HHVM benchmark result: 357.69 trans/sec
  • WordPress 4.3.1 PHP 7.0 benchmark result: 306.24 trans/sec
  • WordPress 4.3.1 PHP 5.6.16 benchmark result: 106.45 trans/sec

* Retrieved from Kinsta: The Definitive PHP 7.0 & HHVM Benchmark

Next I’ll update you with the guide on howto run and execute PHP7 and PHP5 side-by-side to cater for multiple websites.

Stay tuned, and expect more posts and updates from this venerable blog anyday now :p

How to remove WordPress version number from header, css files and feeds

Here’s how to remove WordPress version number from HTML header and feeds.

Include this at the end of your themes ‘function.php’ files, which you can edit in “Appearance->Editor” section in WordPress Admin.

function my_remove_version_info() {
     return '';
}
add_filter('the_generator', 'my_remove_version_info');

You can also remove WordPress version number from the included css and javascript. To do that, include this snippet at the end of your themes ‘function.php’ files

function remove_cssjs_ver( $src ) {
    if( strpos( $src, '?ver=' ) )
        $src = remove_query_arg( 'ver', $src );
    return $src;
}
add_filter( 'style_loader_src', 'remove_cssjs_ver', 10, 2 );
add_filter( 'script_loader_src', 'remove_cssjs_ver', 10, 2 );

This might improve security a little bit, and with additional hardening measures, make it harder for people to guess your WordPress version. Additionally, this may also helps in optimizing WordPress web delivery when using Pagespeed extension.

Source: http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/

Stop Comment spams with IP Blacklist Cloud

Comment spams is the bane of any website operator that rely on real human interaction. Stopping comment spams by hand is a tedious process especially when comment spam attacks are sophisticated and are launched from Botnet. There are several techniques that can be employed to fight comment spams including behavioral analysis and also IP analysis.

In maintaining WordPress and Joomla sites, I myself has analyzed several web logfiles and Cloudflare logs to learn that most comment spam originated from certain ip blocks and countries. Therefore, I decided to completely deny access from those affected ip block through firewall (which keep the comment spam low and saves web server resources!)

ipblc_server

However, recently I found a new service IP Blacklist Cloud which list the top most blacklisted ip address through collaborative effort. Normally I find blacklisting by ip address is tedious and probably harmful to legitimate visitors, however after conforming the ip addresses that I found inside my spam logs, I decided the list is legitimate and decided to firewall-block some of the worst offenders in the list.

IP Blacklist Cloud free WordPress plugins, which I personally does not use due to my policy of keeping my installation lean with minimal (to no plugins!), however I see that there’s no harm giving a shot!

Upgrading to WordPress 3.2.1 and Disabling Bad Behavior

I’ve upgraded to WordPress 3.2.1 the latest bugfix to WordPress 3.2.x line which seems to improve the perfomance of the admin panel noticeably, probably due to the updated database scheme.

I’ve also decided to disable Bad Behavior plugin in my site, which was supposed to block most spammers, but since the rate of spams that I’ve received has been dropping for months and it did block some of the web surfers who surfed from large organizations (probably through proxies). So, dropping it entirely won’t hurt.

Hopefully this will make my posts more accessible to others, easily.

Add Google +1 button to website and WordPress blog

The introduction of Google+, the social networking site by Google means that the +1 button has gained prominence on the internet. Google has provided an easy way to include the +1 button to your website (or article) on Google Webmasters website

Google +1

+1

Additionally, you could also include +1 button on WordPress with these plugins:

Have fun!

Using Apache mod_security and .htaccess to block comment spam on the web

Comment spam is the most annoying thing to web operators. Besides eating up bandwidth, comment spam can pollute web discussions area and which gives bad impression to visitors.

Apache HTTPD mod_security module can be configured to reduce web spam by filtering common keyword, content and referrer used by spam bots around the internet.

Here’s an example of .htaccess file to block common comment spam :

<IfModule mod_security.c>
SecFilterEngine On
SecFilterScanPOST On
SecFilterDefaultAction "deny,nolog,auditlog,status:503"
SecFilterSelective POST_PAYLOAD "(mortgage|viagra|poker|traffic|discount|medical|casino|lyrics|loan)"

</IfModule>

Please ensure that your Apache installation has mod_security module enabled. The method is suitable to be used on websites that receive a lot of user comments like forums, blogs (including WordPress and Drupal) and photo gallery.

Note: This is not a full-proof solution as it depends on the use of keywords.

Does Twitter kills my blog?

This is probably the first thing that I thought of when I first started of this blog two five years ago… that is the probability that I might find other hobby or work that much more appealing than paying attention to this blog.

The first culprit would be twitter, because ever since I started to hook up with it, I’ve beginning to post updates less frequently than I usually do, until it reaches a point that I stopped posting updates altogether, even though there are loads event that are worthy for me to blog with.

Maybe I’ve lost my passion of updating blogs with my daily hacking activities, or may I simply haven’t got the hang around of updating my blog while juggling with my new work, updating tweets and working on my research projects. Whatever the reason is, it is my intention to keep my post coming out fresh despite having to adjust to my new environment, and for that to happen I need to discipline myself to post regular updates on my blog.

Twitter is nice to use, as it requires less effort to post updates about my activities and make it easy for me to keep updated with my friends, but it greatest advantage seems to have taken a toll on my blog and I’ve nothing to blame but myself :p