Over the past couple days I’ve been doing a little housekeeping around this site and, along the way, I’ve learned a few things.

Ghost Spam

First, I was looking at my analytics and noticed that I was getting these odd spikes in traffic from the United Kindgom. Here’s what I was seeing:

  1. The U.K. is my second biggest source of traffic after the U.S. and let’s face it – I’m mostly just talking to myself here, so there’s no reason why I’d be of any real interest across the pond.
  2. Traffic from the U.K. was coming in very regular intervals. For example, on Aug 29th, 50% of the U.K. traffic came at 4:00pm  and the other 50% came exactly 2 hours later at 6:00pm.
  3. Every visit was a “New User” and the Average Session Duration was 00.00.00.
  4. All of the traffic was going to /, which of course doesn’t exist.

Naturally, my first thought was: “Oh Crap! I’ve been hacked!”

After a few minutes of frantically searching my server for anything suspicious, I found nothing and was reasonably sure I was okay.

My next step was to Google it and I immediately found multiple references to Ghost or Referral Spam. Now, I’ve heard of this before, of course, but I had never seen it so clearly in the data.

I’m not really worried about this. I mean, nothing is going viral here and this spam never actually hits my site. The data are all fake and exist only in Google Analytics. If you’re interested learning more, I recommend starting with the Definitive Guide to Removing All Google Analytics Spam.


Yes. That’s right. Take a look at the address bar. This site is now using SSL and it was insanely easy to setup and it didn’t cost me a dime.

My colleague, Sam Hermes, inspired me this week when he told me about how he used CloudFlare to secure his site, so I just had to give it a try that night. Here’s what I did to set this up:

  1. I signed up for a FREE CloudFlare account.
  2. Transferred my DNS registration over to CloudFlare.
  3. Selected the Flexible SSL option.
  4. Setup a CloudFlare Page Rule to redirect all HTTP traffic to HTTPS.

I also adjusted my WordPress settings (though I don’t know that it was necessary) by adding the following to my wp-config.php file and setting the the WordPress and Site addresses to

define('FORCE_SSL_ADMIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

And that was pretty much it.

If you’re wanting to do the same, check out these helpful instructions.

Syntax Highlighting For Code Examples

Again, thanks to Sam, and as you just saw, I updated my theme slightly by adding syntax highlighting to my code examples.

My implementation isn’t as elegant as the one Sam describes in his blog post, but it works!