WordPress hardening in five layers, from .htaccess to mu-plugins
A default WordPress install is a target. Here's the five-layer hardening I apply, and which attack each layer is meant to shut…
Scaling WebSockets past one server: the fixes that actually held
A WebSocket app that held on one server starts misbehaving as soon as you add a second. Here are the sticky session,…
In-app review prompts: when and how to fire them
Plenty of apps misuse StoreKit's request review API. The moments that actually work, and the patterns to stay away from.
Chaos engineering for small teams: the stripped-down version
Netflix's chaos monkey is famous, but how does a 5-person team actually benefit from chaos engineering? The tiered approach I've landed on.
Remote-first teams: the async discipline that actually works
As a freelancer I've worked with a lot of remote teams. Some had async figured out, others wanted everything synchronous. Here's what…
JavaScript bundle splitting: when dynamic import actually pays off
Splitting the bundle is the universal advice, but it doesn't help in every situation. With real measurements, when it's actually worth it.
Multi-currency WooCommerce: skip the plugin, write the code
Instead of paying $70 for a plugin and inheriting messy behaviour, I wrote a tight implementation for the requirement. What I built…
Server-Sent Events vs WebSocket: when SSE is the smarter pick
WebSocket gets the hype but it's overkill for a lot of real-time scenarios. When SSE is the better fit, with examples from…
iOS Camera and Photos: the permission flow that ships
Asking for camera and photo permissions the wrong way gets your app rejected or chases users away. The flow that works, and…
Retry and idempotency for long-running jobs: the strategy that holds up
One email went out twice. One payment was charged twice. What happens when retry design skips idempotency, and how I fixed it.
CI/CD pipeline from 20 minutes to 4: the exact moves
I brought a team's build time down from 20 minutes to 4. Which optimisation bought which minutes, in detail.
Third-party script performance: what Tag Manager actually costs you
Google Tag Manager, ads pixels, chat widgets. All of them arrive with a "we're fast" pitch. The performance metrics tell a different…