Malicious Users in Analog web stats

Blocking aggressive Chinese crawlers/scrapers/bots

Over the last few days I’ve had a massive increase in traffic from Chinese data centres & ISPs. The traffic has been relentless & the CPU usage on my server kept spiking enough to cause a fault in my cPanel hosting. I’m on a great hosting package with UKHOST4U and the server is fast & stable, but it is shared with a few other websites. This means that I couldn’t just blanket ban Chinese IP ranges. Even though we don’t sell our products in China, it seemed like a very heavy-handed approach, and to block via .htaccess with the entire range of Chinese IP addresses was causing a 2-3 second delay in page parsing (pages normally load in around 600ms). Read More....

Cory Doctrow Webstock 15

Cory Doctrow sets out the future of the internet & ‘smart’ devices – recommended watch from Webstock 15

I’ve been a huge fan of Cory Doctrow for a while now. With regular appearences on 2600’s Off The Hook radio show, not to mention his work for the EFF, he is well known in internet circles.

This video is over an hour long, but goes a long way to explain the direction in which our technology (and the companies who run them) are going. If we leave it to the quasi-monopoly companies we have already, we are in for a rough ride. Recommended for any internet user, especially those with a penchant for smart home devices (he outlines some good real world hacks, including hacking a pacemaker). A great advocation for ignoring all of the apps & walled gardens & returning to the open internet. Read More....

Fix Blank Cloudflare Settings in Wordpress

WordPress Cloudflare 3.0.3 plugin blank settings page – fixed

I’ve been having a nightmare trying to get the Cloudflare plugin for wordpress to play nicely. After installing it I found that I had a blank settings page when I tried to enter my API details. I tried setting Cloudflare into development mode & also pausing Cloudflare but still the settings page wouldn’t load.

I started searching online for a solution and there seemed to be solutions for loads of older versions, but nothing about the current 3.0.3 plugin. After successfully getting the plugin to run on various other copies of wordpress on the same server I started to look at the config of the problematic blog. The only thing that differs on this site, compared to my others, is the level of security I have set. I quickly discovered that the All In One security plugin (also known as WP security) was stopping the Cloudflare settings page from loading. Simply disabling the WP All In One Security plugin allowed me to load the cloudflare wordpress plugin and get around the blank grey settings screen.

I can now configure wordpress without any issues to use Cloudflare. Once I set all of the API settings in the cloudflare plugin I reactivated the WP All In One security plugin and had it reinsert all of my .htaccess rules. surprisingly, the Cloudlfare plugin now plays nicely with the WP All In One Security plugin and I can get on with my day.

If you are having issues with a blank settings page using the cloudflare plugin with wordpress, have a look at your security plugins & disable one at a time until you are able to enter your API credentials. Then re-enable and hopefully you can carry on with your blogging.

Hope this works for you. Please do let me know if it does.

2016 Macbook Pro

Apple just released new MacBook Pro’s – So I went a bought a 2012 model.

On October 27th Apple held one of their new product unveiling conferences & I was instantly disappointed. I was sat in a coffee shop in central Manchester watching the stream & almost shouting at Apple in public. Apple hardware has been iOS focused for a long while now & any real innovation in the computing hardware side of things has been seriously lacking. I bought a 24″ top of the line iMac back in 2009 & I’ve used it daily ever since. The new hardware just doesn’t warrant the outlay & the performance gains are negligible in my opinion for the price.

To me, however, this has always been a selling point for Apple. The fact that you invest heavily in their hardware, but expect it to last as long as you want it to without ever breaking down has always appealed to me. My 2009 iMac has a 2.93Ghz dual core processor & 8GB of ram. I also opted for an uprated Nvidia GT120 in this iMac and for the most part I’ve never needed any more power. It’s still on the original hard drive & using SMART shows me that the HDD in the iMac has been in use for 32314 hours. That’s 1347 days of  actual use. I’m just now considering upgrading to an SSD & intend to remove the superdrive & have two hard drives in the iMac.

My wife has a 2011 Macbook pro & again with uprated ram to 8GB and an SSD, it just doesn’t warrant the upgrade. That laptop has also required component changing, such as a faulty keyboard after a water spillage & that can be achieved with cheap parts off the internet and a basic precision screwdriver kit. Repairability is super important to me, and the later Macbook pros & those with Retina displays lack the ability to repair & upgrade which put’s me off. I don’t want my ram soldered in at time of purchase. I don’t want pci-e SSD storage over standard & much cheaper SSD hard drives. I don’t want my batteries glued in place, requiring apple servicing and disposal of big parts of the laptop just to change the battery cells. If something breaks, I want to repair it. I don’t want to pay a fortune for apple techs to repair it with proprietary tools & methods. I certainly don’t want a disposable laptop & a huge price tag. If that is the price to get the laptops so impossibly slim, I’m sorry, I’m not interested.

So after being totally disappointed at the new Macbook’s, with their relatively non pro specs & removal of keys I use daily, I decided to save my money and buy one of the last true Macbook pros. I managed to source a mint condition, used, Macbook pro in 2012 specification for £550, a bargain when you think the new ones are starting at £1449 with a similar spec. This machine doesn’t have hard-wired ram. It has a SATA port so I can put in my own SSD, and the battery can be changed. Along with the Macbook, I have a Crucial 525GB SSD on the way & 16GB of brand new Crucial ram. Combined, that will be a pretty beast spec for Photoshop & web development work. And all for £720. A bargain for sure.

2012 Macbook Pro + Crucial 525GB SSD and 16GB Ram
2012 Macbook Pro + Crucial 525GB SSD and 16GB Ram

I’ll do a post when the machine is all ready to go & I’ll also post some benchmarks. Until Apple stops creating disposable appliances & starts making real computers again, I think most of their engineer customers & professional/hobbyist computer users will steer clear. Plenty of people I know wanted faster GPU’s, faster processors & oodles of RAM. Instead we got thinner, lighter & mediocre power wise. They should lose the Pro moniker on these laptops. They are really just casual consumer grade laptops at an astonishing price. Since Brexit became a thing in the UK, the spiralling pound has driven up the cost of tech & apple have added 20% to their hardware, making mediocre hardware even more expensive. I personally don’t think this will fly with consumers & they will be forced to change tack at some point.

I know a lot of people are switching to PC based machines. For a comparable price you can get a hell of a lot more hardware spec wise. For me, the iMac has always been a solid & dependable daily workhorse & my new Macbook Pro will allow me to break free of the desktop and work on the go. I do hope that Apple will change their minds & start catering to the Pro market, but in the meantime I’m sure most of us will just stick with what we have. Hardware & processors aren’t developing at the rate they once did, so it is much more feasible to stick with hardware for many years. I for one can attest to that, having used my iMac for 7 years solid.

What are your thoughts on the new Macbook Pro’s? Especially the model with the touch bar?

Let's Encrypt free TLS/SSL for HTTPS

Using Let’s Encrypt to enable HTTPS for your website

For a long time I’ve been meaning to sort out SSL certificates for my domains & secure traffic to them. Last year HTTPS became a google ranking factor & since then site wide HTTPS adoption has been on the increase. The problem with HTTPS is that up until recently it required buying an SSL certificate from a vendor & installing it on your hosting.

SSL certificates are not cheap & need renewing on a regular basis. It isn’t just a one-off cost. Furthermore, if you have multiple websites hosted on shared hosting, you need to sort out & purchase a separate certificate for each domain, or buy a wildcard certificate to cover your domains. Not cool.

Enter Let’s Encrypt (visit website). Let’s Encrypt is an SSL certificate signing authority who offer HTTPS (TLS, SSL) certificates free of charge. The certificates last for 90 days but can be renewed indefinitely without any extra charges.

Let’s Encrypt is a Linux Foundation project supported by a lot of big tech vendors including Google & Mozilla, not to mention the fact that is in endorsed by the EFF.

If you have your own server, installation is quite straightforward. You can use the EFF’s Certbot page to find instructions for your web server software & OS with a step by step guide for installing Let’s Encrypt.

If, like me, you have a lot of sites on shared hosting, things are a little more complicated. Luckily however, in August cPanel released a Let’s Encrypt plugin. The plugin has been in beta for a while but went live last month & the plugin automatically requests certificates for each domain hosted in cPanel & sets up the keys and certificates for you. It couldn’t be simpler. Whats more the cPanel Plugin will also run a cron job to check & renew the certificates, so it is a perfect turn-key solution for enabling full SSL (TLS) for your domains.

As soon as the plugin became available, I asked my hosting company to install the plugin. Within minutes I had SSL setup on all of my domains.

Once setup, the only task was to set my websites to use SSL over HTTPS be default. I set the domains to HTTPS in wordpress settings, and added rules in my .htaccess files to redirect all non HTTPS traffic to HTTPS. Ensure you set your redirects as 301 redirects to pass on any link juice from old links to your websites.

I added the following to my .htaccess for this site to redirect all

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^
RewriteRule ^(.*)$ https\:\/\/www\.johnlarge\.co\.uk\/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]

My HTTPS TLS Certificate details
My HTTPS TLS Certificate details

I noticed a few days of SERP drops, but they have now recovered and my rankings are in fact climbing across the board. I also find that a nice big padlock in the address bar is great for reassuring customers & conversions on my e-commerce sites are up. My payment pages have always been encrypted as a third-party payment processor manages payments, but by securing every page of my sites it would seem customers feel extra secure.

HTTPS is also important from a privacy point of view. HTTPS gives end to end encryption between your browser and the server, meaning third parties are unable to snoop on your traffic. What you read & the sites you visit are your business & you are entitled to browse the web in relative privacy. HTTPS goes a long way to protecting your privacy online and I think we will see mass adoption of services like Let’s Encrypt for that reason alone. You can read more about Encryption & privacy over on the EFF’s website.

I must say I’m very happy with Let’s Encrypt. The whole process was straightforward and I now have HTTPS encryption across all of my domains. Any SEO benefits are a real bonus & I’ll do a further write-up on that when I’ve had some time to review the results.

If you manage your own server, I’d recommend adding Let’s Encrypt. Gone are the days of paying to secure your websites. And if your hosting is cPanel based, drop your hosting company an email and ask them to install the Let’s Encrypt plugin. It really is worth it.

Problems posting comments on blogger from iOS iPad safari and chrome

My wife is just getting to grips with her new iPad mini. We bought the mini so she could carry it around in her handbag or backpack for blogging. She is a beauty blogger and is always replying to comments, blogging, tweeting and generally interacting with her peers.

After setting up the ipad mini with all her apps we hit a snag. As soon as she tried to leave a comment on blogger blogs she was unable to, due to some seriously bad CSS/JavaScript. A login box pops up on screen but the on load function is knackered. Poor show blogger.

The problem is that the box loads but iOS doesn’t recognise it as a text entry box so you can’t actually enter any credentials. I tried a few workarounds in both chrome and safari for iOS and the same problem kept occurring. No matter what we tried it was impossible to enter text into the box.

I then grabbed my own iPad and fired up opera. As a web developer I have as many browsers as possible installed on all devices in order to test my own code, something blogger seem to have failed miserably in doing. Sure enough opera rendered the login box correctly and allowed us to enters login credentials and leave a comment on blogger blogs.

This kind of workaround is good for those involved in the blogger community as it will allow you to leave comments on your favourite blogs via iOS.

I cannot believe blogger are still having these issues. The majority of traffic I get to my self hosted wordpress blog is mobile browser users so it would be foolish for me to alienate the majority of my readership.

It would be such a simple fix for them to implement, simply have the login box as static content below the comment box on mobile style sheets. Would take me 2 mins to implement and would make commenting accessible to millions of iOS users. I wonder if this affects android users also. Would love to hear.

So if you like to comment on blogger blogs head over to the App Store & download opera. It’s actually a good browser, an old favourite amongst my geeky friends.

Finally folks. If you are serious about blogging it may be time to go down the self hosted route. Your blog can never be deleted, you can have good backups and you never lose all your hard work. There is no service level agreement on these free things and it can be taken down at any time meaning you lose everything. Take back control.

Opera in the app store

See screenshots below for rendering issues.

20130126-083021 PM.jpgchrome – semi transparent login box with text box behind still the focus of text input.20130126-083014 PM.jpgsafari – same issue with a semi transparent half rendered login box and the comment box still the focus of text entry20130126-083006 PM.jpgOpera – fully formed solid login box.

Quick update on current Projects

Just a really quick post to let you know what I’m working on at the moment. Koolbadges is a full time development project. Now that we are so busy on the site I’m constantly tweaking the site, running queries, optimizing queries and tables and generally trying to make the site as fast as possible. With around 6000 unique visitors every day it really has become a full time occupation, however I have a few other projects int he pipeline.

iPrint Images is a Photography prints website selling photography prints online. It’s our next major project, and whilst the site is live & online, we are still developing the site and adding loads of Vicki’s prints to it. Nice to have something different to work on so excpect big changes in the coming months.

Finally my brother in law Gary & I are developing a DIY website, selling everything from rugs & tiles to Curtains and shutters. This is going to be a mammoth task, utilising Gary’s gift of the gab and my development skills. Also Gary is aiming to source all the suppliers so it’s going to be a busy few months.

Watch this space for updates…