https://feeds.feedburner.com/perishablepress

Very excited to launch my latest WordPress plugin, REST Pro Tools. This is the premium/pro version of the free plugin hosted at WordPress.org, Disable WP REST API. The free version is very basic and does exactly what it says: disables the WP REST API, no options just activate and done. But some users wanted more features, like denying access to specific routes while allowing others. So I packed the pro version with all of the REST API tools most requested by users. Check out the comparison chart for a quick overview of the differences between free and pro versions of the plugin.

REST Pro Tools = Powerful tools for managing the WP REST API.

About REST Pro Tools

REST Pro Tools provides a wealth of tools for managing and testing the WordPress REST API. Features include one-click disabling of all routes, all user routes, and the entire REST API itself. REST Pro Tools gives you granular control over every route to enable or disable for each user role. Plus control over error messages, response codes, JSONP, REST headers and functions, and much more. You can also whitelist users and IP addresses, add custom fields, and check response headers for any URL.

Pro Features

Here is an overview of the many features provided by REST Pro Tools:

• Priority Tools – One-click disable REST API, whitelist, custom errors
• Manage Access – Granular control: disable REST API routes per user role
• REST Headers – Enable/disable REST API related headers and links
• Custom Fields – Add any post or user meta (custom fields) to REST API
• Extra Data – One-click add routes for taxonomy terms and more
• More Tools – Check REST API status and headers for any URL

For complete feature list, visit the Settings Documentation and/or check out the screenshots below.

Screenshots

Here are some screenshots showing off REST Pro Tools settings and options (click images for full-size view).

• REST Pro Tools – Priority Tools
• REST Pro Tools – Manage Access
• REST Pro Tools – Custom Fields

Check out more screenshots on the REST Pro Tools homepage :)

Learn more..

REST Pro Tools gives you a wealth of useful tools for managing the WP REST API. Check out more features and details:

• REST Pro Tools homepage
• Free vs. Pro comparison chart
• Launch Post at Perishable Press
• REST Pro Tools Docs and Tutorials
• REST Pro Tools – Plugin Settings
• REST Pro Tools readme.txt
• REST Pro Tools – FAQs

Get REST Pro Tools

Take full control of the WP REST API with a wealth of power tools and features. REST Pro Tools is lightweight, fast, and tightly integrated with WordPress APIs. Yearly and Lifetime licenses available. Unlimited licenses also available.

Learn more and get REST Pro Tools » Questions & Feedback

Questions and feedback about REST Pro Tools (or any of our plugins) always welcome via the contact form at Plugin Planet.

Simple Download Counter (SDC) version 2.3 features a very basic API that returns the number of times a specified file has been downloaded. For lack of a better name, I call it the “Micro API”. This tutorial explains how it works, and provides a real-world example showing how to use it.

• Simple Download Counter – Home Page
• Simple Download Counter @ WordPress.org

Note: This tutorial applies to Simple Download Counter version 2.3 or better. Contents

• Why?
• How it works
• Real-world example

Why?

I got an email from a user who asked for it. The person wanted to get file counts from simple URL requests.

I’m using your Simple Download Counter in WordPress and want to track how many downloads a file has received. I want to use it for an electronics project, where I want the download count to be displayed on an LED matrix driven by an Arduino. Is there a way to retrieve the download count for a specific file without having to access it via WordPress? Not a full API, that’ll be overkill, maybe just a URL I can ping and get a simple response with a number back?

So I thought why not add a simple “Micro API” that can do this..

How it works

First visit the plugin settings and enable the Micro API option. Please understand that enabling this option makes all of your download counts available to the public. No other data is sent via the Micro API, only a numeric value representing the number of times the specified file has been downloaded.

After enabling the Micro API option, you (or anyone) can get the download count for any file. To do so, make a request for a URL that looks like this:

https://example.com/?sdc-download-api=123

Replace example.com with your actual domain name, and replace 123 with the file ID for which you want to retrieve the download count. For example, if we want to know how many times the file with ID of 10 has been downloaded, we can enter the following URL in a browser, app, or script:

https://example.com/?sdc-download-api=10

This works for any file ID that is passed via sdc-download query-string parameter.

That’s all there is to it. Next we’ll look at a real-world example of how to make use of the Micro API..

Real-world example

And by “real-world” I mean “working code” :)

Let’s say that we have a PHP script where we want to “ping” the SDC Micro API to get download counts for our files. There are numerous ways of doing this, perhaps the easiest is to just call file_get_contents(), for example:

$id = 123;

$url = 'https://example.com/?sdc-download-api='. $id;

$count = file_get_contents($url);

echo filter_var($count, FILTER_SANITIZE_NUMBER_INT);

That will output the download count for file with ID of 123. You can call any ID, or use a function such as get_posts() to get just about any set of file IDs or even all file IDs. For example, to get all download file IDs:

$ids = get_posts(array(
	'post_type'      => 'sdc_download', // get IDs only for Simple Download Counter
	'fields'         => 'ids',          // get only IDs and no other data
	'posts_per_page' => -1              // get *all* file IDs
));

That will give you an array of all file IDs. So you can loop through them and get their download counts remotely via URL and the Micro API. You can also tweak the get_posts() arguments with a wide variety of useful parameters.

Related: Custom Headers with Simple Download Counter

There are many ways to do this. I wanted the quickest and easiest. I run Yourls on several sites to create shortlinks for my books. Each instance of Yourls contains many URLs. I like to keep my books current. URLs tend to change and break over time. It is a chore to check 800+ links in each of my books, page after page. So I wanted a quick way to check for 404 and other broken links. In this post, I share the technique that works best for me; your mileage may vary.

Contents

• Overview
• Types of errors
• Specific example walkthrough
  • Step 1: Export the data
  • Step 2: Format the data
  • Step 3: Analyze the data

Overview

Here is a quick overview of what we’re doing here:

1. Export the URLs from your database. This can be easy or tricky depending on how things are set up and the app you’re using to interact with the database.
2. Create a PHP or other script to output the exported URLs in HTML format, as a plain list of hyperlinks, all on the same page.
3. Use a free browser extension to crawl each link and check for any errors.

That’s all there is to it. I am writing this down so I can easily reference it for future book updates. Hopefully it helps you too.

Types of errors

This technique catches most common errors, for example:

• 5xx errors (e.g., 503 Service Unavailable, 504 Gateway Timeout)
• 4xx errors (e.g., 404 Not Found, 403 Forbidden)
• 3xx redirects (e.g., 301 Permanent, 302 Temporary)
• 2xx issues (e.g., 205 Reset Content, 206 Partial Content)
• Empty response

Note: The errors that may be reported depend on which addon or extension or script you use to analyze the data. More about this in Step 3 below.

This technique does not catch the case where a link points to a page where the content itself has changed. For example, if you have a link that originally pointed to an article about SQL, but the article content has changed and now is about squirrels or something. Maybe you can tap AI for that sort of task?

Fortunately, in my experience, the content-completely-changing-but-at-the-same-URL case is rare. As most of the time when links change it means that the content went offline or was redirected. This technique catches both of these key scenarios.

Specific example walkthrough

To provide a real-world example, I’ll walk through the steps and code for doing this with the URLs in a Yourls database. There may already be an extension/addon or plugin/script that can do this, I didn’t check tbh. Without further ado..

Step 1: Export the data

First. I use the well-established, completely free and open-source phpMyAdmin to manage my MySQL databases. So that makes it easy to export all of the URLs as a PHP array, ready to go. For the URLs database, you can get all URLs with the following SQL query:

SELECT `url` FROM `yourls_url`;

That is, select all rows from the url column in the yourls_url table. Depending on how your database is setup, the names of columns and rows may vary; adjust the above query accordingly.

Shameless Plug: For 300+ super useful SQL queries for WordPress, check out my latest book, Wizard’s SQL Recipes for WordPress »

After running the query, scroll down to the bottom of the SQL results and click on the Export button, as shown here (click image to view full size):

Screenshot showing the Export button provided by phpMyAdmin

That will take you to the Export screen. There you can select any format, I prefer PHP so I chose PHP array, as shown here (click image to view full size):

Screenshot showing export options for phpMyAdmin

Then scroll down and click the Go button to download the generated PHP file.

Step 2: Format the data

After downloading the file, open it. Copy the variable name given for the array (in this example it is $taowp_url), and scroll down to the end of the file. There, add the following PHP code snippet (just after the array of URLs):

echo '<h1>Total: '. count($taowp_url) .'</h1>';
echo '<ol>';
foreach ($taowp_url as $url) {
	
	foreach ($url as $key => $value) {
		
		echo '<li><a href="'. $value .'">'. $value .'</a></li>';
		
	}
	
}
echo '</ol>';

Save changes and upload to your server. There you can access the file in your browser to run the script and view the output HTML hyperlinks. It will simply be a list of links, one for each URL in your database. Feel free to customize and embellish the above script to suit your needs.

Step 3: Analyze the data

The last step is to use a free broken link checker extension for your browser. I use Chrome mostly, so this Broken Link Checker works great.

Note: Near the beginning of this tutorial, I mentioned a list of errors that may be found using this technique. The errors listed are found using the above-mentioned Broken Link Checker for Chrome. Of course, because you will have all of your URLs in plain HTML format, you can use any broken link checker script or addon that you want. And so, the types of errors that are discovered will depend on which link checker you end up using.

After installing/activating the extension, simply click its icon/button to check all URLs on the page, automatically.

Done! 😎

Here is a simple blank (empty) .htaccess file, ready for download.

Download blank .htaccess fileVersion 1.0 ( 376 bytes ZIP )

👉 Read notes below.

Why?

Because .htaccess files by default are hidden on most systems. In some cases it is easier to simply download a blank copy instead of trying to create one manually.

As someone who works a lot with Apache/.htaccess, it’s nice to have a “go-to” place for downloading and sharing a blank/empty .htaccess file.

Notes

• The download is a tiny (376 bytes) ZIP file
• Unzip the download file to get a folder named /blank-htaccess-file/
• Inside of /blank-htaccess-file/ is a blank .htaccess file
• To view the file, your OS must be configured to display hidden files
• For more details, check out my post on how to create and use .htaccess files
• To learn how to use Apache/.htaccess to optimize and secure your site, check out my book .htaccess made easy and related free tutorials
• For tons of related tutorials and code snippets, check out the Apache and .htaccess archives here at Perishable Press
• If you have any questions or comments, feel free to share in the comments section below, or reach me anytime via my contact form

For years, I thought of Google as a trustworthy helper on the Web. Especially where it mattered most, removing pirated copies of my books from Google search results. After publishing a new book, I would monitor the search results and file a DMCA notice with Google whenever the inevitable pirated copies of my book were listed. Google always was very helpful in this regard, swiftly removing any pirated books asap. No hassle, no hoops, just immediate and direct relief from Google.

Welcome to 2026..

Recently, I asked Google to remove a pirated copy of my book from their search index. As usual, I filled out the obligatory DMCA report and sent it in, hopeful that it was just a matter of time before the copyright infringement was dealt with by the trustworthy and very capable Google search team.

Unfortunately, that is not what happened. Instead of simply de-indexing the search result, like they do for so many other items, Google refused to acknowledge that I was the author of the book. After receiving my DMCA complaint, they replied:

We are unsure whether you are authorized to submit a copyright removal request for the content in question. Only the copyright owner or their authorized representative can submit a copyright removal request. Please note that you could be liable for damages (including costs and attorneys’ fees) if you falsely claim that content is copyright infringing. […]

Okay, so ..not the response I was hoping for.. basically a complete denial of my identity and thinly veiled threat of legal action for having the audacity to report the pirated content in the first place. But no problem, maybe they have a new process for validating DMCA requests. So I replied back asap asking how to prove my identity:

Yes it is me, Jeff Starr. I am the author of the book in question. Please let me know if any further information is needed, thank you.

I didn’t expect that email to do much, other than prompt Google to explain how to prove my identity, so that they would take action and stop promoting the pirated copy of my book in their search results. After a couple more days of waiting, The Google Team replied back:

It is unclear to us how you came to own the copyright for the content in question, because you do not appear to be the creator of the content. […] please explain further the basis for your claim of copyright ownership.

Without acknowledging my previous reply regarding identity, now they are questioning my copyright ownership. Without explaining how to prove copyright ownership, they simply throw another hurdle at me, asking me to “explain further the basis for your claim of copyright ownership”. At this point, I am stressed, exhausted, and feeling very frustrated. Where was the friendly Google from days past?

Holding out hope..

Okay I thought, gotta really step this up and prove to The Google Team that I am who I claim, and that I am in fact the author of the book and thus own the copyright. But I wasn’t sure how to do this, because again they did not explain “how” to do so. Did they want a scan of my driver’s license? Blood sample? DNA test results? I mean, why the mystery? If some sort of identity or proof is required for Google to take action, shouldn’t it have been required on the DMCA form?

Feeling frustrated and stressed about the apparent run-around and lack of concern, I replied back with plenty of evidence and clues that yes, I am Jeff Starr, and yes, the book belongs to me, and thus I own the copyright. Message truncated for clarity.

My name is Jeff Starr. I am the author of the book […]. As explained in the filed report, Google is promoting copyright infringement of my book in its search results.

How can I prove my identity? Please explain what I need to do in order to get help with this copyright infringement. Surely there must be some protocol for proving identity/ownership, please let me know what that is, what are your requirements for taking action against someone who is violating my copyright?

If it helps, here are my book-related websites, which are all owned and authored by me, Jeff Starr: [..List of like five websites, including the site for the pirated book..]

You can verify that these sites are owned by me, simply check my account via Google Search Console, where I have verified that I am the owner for each of the above sites. My Search Console is associated with this same email account from which I am replying to your email. […]

I am a well-known author and web developer in the WordPress community. You can find me on social media, I have a list of my social-media channels pinned on my X account (first displayed post): https://x.com/perishable

The reported copyright infringement is costing me money and time. I am very frustrated and stressed because of Google’s apparent lack of concern. Please help, let me know what you need from me in order to remove the stolen book from your search results.

At this point, I was feeling ignored and betrayed by Google, who for many years proved a trusted ally. Apparently something has changed, as the friendly corporate giant who once helped small publishers and content creators now refused to even acknowledge their existence. As if, surely you could not be who you claim, an author and small book publisher looking for our help. After all, We are Google — a massive organization that uses your content to fill our search results and pay our salaries.

Heartbroken..

Even after spending much time and heartache trying to get Google’s help, I held out hope. Hope that Google was still the benevolent helper that I once knew, years ago.

Finally after two more days of nervous anticipation, Google finally replied to my lengthy probably desperate sounding email that was full of personal details and proofs of my identity and copyright ownership. A small surge of adrenaline as I clicked to hear back from The Google Team (emphasis mine):

Hello,

Thanks for reaching out to us.

At this time, Google has decided not to take action on the following URLs: […]

We encourage you to resolve any disputes directly with the owner of the website in question. Visit https://support.google.com/websearch/answer/9109 to learn how to contact a site’s webmaster and request a change. If you pursue legal action against this site that results in the removal of the material, our search results will display this change after we next crawl the site.

If the webmaster makes these changes and you need us to refresh outdated content, please submit your request using our Refresh Outdated Content Tool.

Regards,

The Google Team

And there it was. A simple DMCA request trying to remove copyright infringement from search results completely and utterly shrugged off by Google.

Immediately my heart sank. And I knew that something had changed at Google’s core. The friendly corporate giant no longer would even deign to consider cries for help from the little guy. The little guy being me, the little guy with a broken heart.

For those who know, YOURLS makes it super easy to host your own URL shortening service. I use Yourls on several sites and it works great at generating shortlinks for otherwise long and tedious URLs. So they’re easier to share, remember, social media, etc. Yourls is developed by a well-respected developer and is 100% FREE and open source for everyone. It’s a truly great app and highly recommended.

Related: Learn how to check for 404 and other broken or redirected links in the Yourls database (or any database). Contents

• Protect Yourls Login on Apache > 2.4
• Protect Yourls Login on older versions of Apache
• Bonus: Combo Pack for all versions of Apache
• Allowing access to multiple IP addresses
• Learn more..

Protect Yourls Login on Apache > 2.4

I’ve used Yourls for many years and it just works (perfectly, I might add). The only headache I’ve encountered, which really isn’t a big deal if you’re using super strong passwords, is that attackers will target the Yourls login page all day long. As soon as teh kids find out about it, they will run endless brute-force and slow-drip password attacks non-stop 24-7 until the cows come home.

To be fair, login attacks are due to abusive behavior in general and have nothing to do with Yourls itself. For its part, Yourls is proven to be very secure and reliable. Lock ’em down

So to lock things down and block all the login/password attempts, here is a quick snippet of Apache/.htaccess that you can add directly to your Yourls /admin/ folder:

<Files index.php>
	<IfModule authz_core_module>
		Require ip 123.123.123.123
	</IfModule>
</Files>

By default, the Yourls /admin/ folder does not include an .htaccess file. So you will need to create/add one, here is a quick guide. After adding a blank/empty .htaccess file, add the above code snippet. Also make sure to edit the IP address to match your own. Save changes, upload, test well, and done.

Note: The previous code requires Apache v2.4 or better. For older versions of Apache, scroll down a bit further on this page.

This security technique is an example of why I heart Apache/.htaccess. It’s just so simple, easy, and very effective. After adding the above code, the endless login requests and password stabs are completely blocked, while Yourls continues to function flawlessly for all of your shortened URLs. But only you will have access to the login page, based on the provided IP address.

Protect Yourls Login on older versions of Apache

The previous code snippet requires Apache version 2.4 or better. For older versions of Apache, use this code instead:

<Files index.php>
	<IfModule !authz_core_module>
		Order Deny,Allow
		Deny from all
		Allow from 123.123.123.123
	</IfModule>
</Files>

Same steps as before, and again, remember to edit the IP address and test well before going live.

Bonus: Combo Pack for all versions of Apache

If you are not sure about which version of Apache you are running, and/or just want something that will work in any Apache environment, use this code snippet:

<Files index.php>
	<IfModule authz_core_module>
		Require ip 123.123.123.123
	</IfModule>
	<IfModule !authz_core_module>
		Order Deny,Allow
		Deny from all
		Allow from 123.123.123.123
	</IfModule>
</Files>

Same steps as before, and again, remember to edit the IP addresses (both instances) and test well before going live. Also, to learn more about this technique, check out my post, Access Control for Apache 2.4 (and 2.2).

Related Tip: How to shorten URLs with just Apache/.htaccess » Allowing access to multiple IP addresses

To allow access to the Yourls login page for multiple IP addresses, simply add as many Require directives as is required. So for example, if you want to allow access for three different IP addresses, do this for Apache 2.4 and better:

<Files index.php>
	<IfModule authz_core_module>
		Require ip 123.123.123.123
		Require ip 111.222.333.120
		Require ip 112.223.331.012
	</IfModule>
</Files>

As many as you want. And here is the code for older versions of Apache:

<Files index.php>
	<IfModule !authz_core_module>
		Order Deny,Allow
		Deny from all
		Allow from 123.123.123.123
		Allow from 111.222.333.120
		Allow from 112.223.331.012
	</IfModule>
</Files>

Bada bing, bada boom.

Learn more..

For more Apache/.htaccess and security techniques check out my other articles in these fine locations:

• Posts tagged with Apache
• Posts categorized as .htaccess
• Posts categorized as security
• Apache/.htaccess code snippets
• Check out my book, .htaccess made easy

One of my new year’s resolutions is to learn AI more deeply. Although I’ve kept up with how things are changing in the AI/LLM world, I actually use AI very rarely. It’s just not necessary for anything that I do. And before you say, “well then you must not do anything”, I should mention that my online books, scripts, and plugins enjoy well over one million active users. It’s a LOT of responsibility and work. And because I am a 100% solo entrepreneur, it’s just me doing everything, all of the planning, development, maintenance, marketing, writing, design, and everything else. I am an independent vertically aligned digital operation. And somehow I’ve managed to keep things going for 25+ years without relying on AI for ..literally anything.

Very skeptical going in..

Despite all of the HYPE over AI and how it’s so essential and life-changing, I use it very little. Sometimes for advanced search queries and some creative image generation, but that’s about it. Now though, I am looking ahead. I understand the potential and want to use AI more heavily. If it can boost my productivity and make life easier and better, then I’m all for it. I have my doubts, to be honest, especially when it comes to vibe coding, and anything directly code-related. But I hear some promising things from trusted folks in the industry, and so am diving into AI and LLM in 2026. I am going to learn as much as I can and share the results here at Perishable Press.

Muh goals..

My goals regarding AI in 2026 (and beyond) are as follows:

• Find out what is possible with AI
• Learn as much as possible about AI
• Make plans and integrate AI into my workflow
• Ultimately use AI to improve productivity
• And of course have fun and learn new things

Depending on how things go, which should begin to be apparent as the year unfolds, I will continue integrating AI into my process and evolving my online plans and workflow. Sort of like a trial run, to get a better sense of what might be possible, and then develop further ideas and plans for the future. If successful, then whoopee, I will be doing more presumably, hopefully, with less effort. Else if not successful and it turns out to suck, too much extra work, too much complexity, or just not my style or whatever, then whatever. Worst-case scenario is that I spend a bunch of time learning new things, which is beneficial in and of itself. Best-case scenario is that I level up my online game and boost my productivity and skills significantly.

At least, that’s the plan so far.. time will tell what actually happens lol.

For several years, Apple Mail would specify the wrong name for the “To” field when sending email messages. It was very frustrating and confusing for numerous reasons. Whatever I tried to resolve the issue, nothing seemed to work. So for years using Apple Mail, which for the most part works very well, I was stuck sending messages that specified incorrect names for the “To” field. Well praise the Lord, today I found a simple solution that finally resolves the issue.

tl;dr

Open the Contacts app and add or edit so the email recipient has the correct name.

Explanation

Here is what would happen. When composing a new message, I select the “To:” field and begin typing the address so auto-complete can bring up a list of available/known addresses. The list shows all of the email addresses that it knows about, along with their associated names. That is all fine and good. Most of the addresses in the list are associated with the correct name. BUT for some weird reason, some of my email addresses were associated with incorrect names.

For example, when choosing a “To” address from the list, I want to find this:

charlie@example.com (Charlie Brown)

..that would be the correct address and name to which I want to send the message. But instead of that, I would get the following:

charlie@example.com (Bugs Bunny)

..which is incorrect. Every time I would send an email to Charlie Brown, the wrong name would be associated with the “To” address. So the recipient would think I had made a mistake, or was incompetent, or some other problem or issue. And this bug would happen for numerous addresses, apparently completely randomly.

Like most people who work online, I send lots of email every day. So this weird glitch was confusing and frustrating for several years, but I just lived with it because I could not find a solution. Fortunately, today (Christmas day!) I found a fix that is so easy and simple that I kick myself for not figuring it out sooner.

Solution

To resolve the Apple Mail wrong name bug for any name and email address:

1. Open the Contacts app (macOS or iOS)
2. Add or edit the recipient so the name matches the email address
3. Save changes and done

I’ve done this for several recipients and tested on multiple devices. So far, it works perfectly. Let me know in the comments if you have any further/related information regarding this issue, thank you.

The only downside is that you need to edit or add the contact information for each name and address that is incorrect, which could be many. Before today, like for many years, I never even touched the Contacts app, never had any need for it. Probably explains why I didn’t think of using it to resolve this issue sooner.

In any case, now that I know it is directly involved in crafting accurate email messages, Contacts is my new favorite app /s. It just feels good to address people by their correct names lol.

Notes

If you have multiple recipients in your Contacts app, Apple Mail will use the first one as the Name/Address for the “To” field. So delete/edit accordingly.