Abandoning the Gutenberg ship

Even though I really enjoy the new Gutenberg experience from a content creator’s point of view, I’ve come to the conclusion that it’s not the right editor for me. My dear Gutenberg, it’s not you, it’s me.

Continue reading

Validating HTTP requests using Apache’s THE_REQUEST variable

I’m currently experimenting with a few rule conditions to explicitly whitelist the resources I want clients to be able to retrieve on my server. The initial target for this exercise was my onion site which has an issue with misbehaving (poorly written) Tor bots, but I thought it would be fun to extend the experiment to paranoidpenguin.net.

Continue reading

How to configure WordPress as a Tor hidden service

I decided I wanted to host my WordPress installation as a hidden service on Tor instead of backporting all my existing content to Hugo. I previously ran Hugo on my onion site and even though I still want to make that move eventually, for now, I’m sticking with what I already know. Besides, putting arguably the worst content management system ever invented on the dark web seemed like a fun venture.

Continue reading

Every single WordPress tag is returning a 404 error

That tag “stuff” is not working on our corporate website, please fix asap the costumer complained. Sure, will do immediately I replied confidently, believing this to be a simple matter of purging some old cache or refreshing permalinks. Sadly that was not to be the case so I ended up having to get my hands dirty. To my absolute horror, the site was running one of those godawful themeforest themes.

Continue reading

The WordPress Attachment Page redirect loop

Looking through my server logs I noticed how Baidu’s web spider was causing an unexpected redirect loop while trying to index an image attachment page. Since I deliberately redirect all attachment page requests to the actual post owning the attachment, I decided to take a closer look. The following request triggered the loop:

GET /arch-pacstrap/ HTTP/1.1" 302 - "-"
GET /arch-pacstrap/ HTTP/1.1" 302 - "-"
GET /arch-pacstrap/ HTTP/1.1" 302 - "-"
GET /arch-pacstrap/ HTTP/1.1" 302 - "-"
…

Continue reading

WordPress errors on Apache 2.4.26 with PHP-FPM

I was recently surprised to discover that I could no longer manage my posts (invalid post type) or modify any of my installed plugins (sorry, you are not allowed to access this page). I’ve been exposed to these kind of problems before, both through database corruption and by my own hand so to speak. However, this time around everything checked out so I enabled debugging to track down the error.

Continue reading

How to keep duplicate WordPress content out of search engines

Last year I discovered that some of my content had been deleted from Google’s index. After confirming that Googlebot could still access the post in question and excluding every possibility of accidentally blocking Googlebot (robots.txt, firewall rules etc.), I opted to resubmit the post for indexing using Google search console.

Continue reading

I’m sick of WordPress so I wrote a new theme to make it worse

In an attempt to have a WordPress theme optimized for running on the Raspberry Pi 3, I went through the hurdles of writing my own theme. Among my goals was to create something entirely free of third party CSS and JavaScript frameworks. Actually, I wanted a theme free from JavaScript altogether and in my opinion there are already more than enough websites built on the Bootstrap framework (you’ll recognize them, they all look the same).

Continue reading

How to use Google Fonts locally with the Twenty Fifteen WordPress theme

So this website was pretty much free of trackers with one notable exception, the fonts provided by the Twenty Fifteen theme. By its use of the Google Fonts API, most visitors were still leaking data back to the great chocolate factory. However, as the fonts are open source we’re free to use them outside of Google’s realm.

Continue reading

The hacking of Linux Mint – And out came the wolves

By now most people have gotten up to speed with latest news regarding the attack against the Linux Mint infrastructure and the ripples it created within the Mint community. If not, here is yet another quick and superficial recap:

Continue reading