Tech on Tim's log

How we accidentally poisoned our sister brand's ad campaigns with a rogue tracking tag

Thu, 11 Jun 2026 00:00:00 +0000

I was sitting with a lukewarm cup of coffee on a Tuesday morning, running what I figured would be a boring, 10-minute tag audit on our main e-commerce site. Then Google Tag Assistant flagged something that made no sense. Alongside our own Google Ads tag, a second tag with the ID AW-987654321 was firing on every single page view.

That second ID belonged to our sister brand. They are a smaller, lower-priority setup under our corporate umbrella, selling a very similar catalog of products. I hopped over to their domain, loaded their home page, and watched the exact reverse happen: our primary brand’s tag, AW-123456789, was firing over there. Visitors looking at our high-margin main line were being quietly tagged for our cheaper secondary line, and vice versa. I had that familiar cold-sweat moment where you assume your browser cache is lying to you; I cleared everything, opened 3 incognito windows, and watched the exact same thing happen.

When Plesk traffic doesn't match Analytics: finding a WordPress compromise

Mon, 08 Jun 2026 00:00:00 +0000

The number that started it
#

Plesk was showing 7294.2 MB/month of traffic for one of our internal WordPress sites — which would have made it one of the busiest domains on the server, except Google Analytics and Cloudflare both said the site was nearly dead. A handful of real visits, nothing more.

Your .gitignore won't save you from AI coding assistants

Sat, 30 May 2026 17:30:01 +0000

AI coding agents are runtimes with root-level terminal access. If you rely on file-level ignore lists to protect your secrets, you are one bad stack trace away from leaking live production credentials to third-party model providers.

Stop defaulting to the most powerful model for rule-based tasks

Wed, 20 May 2026 00:00:00 +0000

A high-capability model nearly shipped wrong information to real customers — not because it failed, but because it reasoned past a clear policy. The fix was a smaller, more predictable model. Here is what that taught me about model selection.

When you push an AI coding agent too hard, it starts optimizing for the wrong thing

Tue, 12 May 2026 00:00:00 +0000

Anthropic’s interpretability research on internal activation patterns helps explain a pattern most AI coding tool users have hit: the agent passes all the tests, but the code is quietly broken. Here’s what that means for how you run these sessions.

The AI apprenticeship model: building senior talent in the age of automation

Mon, 11 May 2026 00:00:00 +0000

AI isn’t eliminating junior engineering roles — it’s removing the accidental training system most companies relied on. Here’s the business model for rebuilding it deliberately, with measurable economics and a 90-day pilot structure.

The hidden friction of running a hybrid B2B trade portal

Wed, 22 Apr 2026 00:00:00 +0000

Decoupling our B2B customer portal from WordPress saved us from a massive database migration, but it introduced a complex web of logic drift and cache lag. Here is how we managed the coordination overhead.

WordPress staging that actually mirrors production: what it took to get there

Fri, 17 Apr 2026 00:00:00 +0000

Most WordPress staging setups test the wrong layer. This is what I learned building a production-fidelity workflow on a real Plesk server — including a Cloudflare incident that looked exactly like a WordPress problem until it didn’t.

Plugin drift comes from duplication, not carelessness — here's how we fixed it

Tue, 07 Apr 2026 00:00:00 +0000

Three sites, three slightly different copies of the same plugin, no clear canonical version. This is how we untangled it using Git subtree and wp-config.php constants — and what the process revealed about how plugin drift actually happens.

Building a one-way CMS sync workflow that doesn't bite you later

Sat, 04 Apr 2026 00:00:00 +0000

Most CMS staging failures are workflow failures, not technical ones. This covers the design decisions, the bash automation, and the wp_options audit that turned out to be the real work.

The SPA pendulum: why we stopped building everything as an application

Mon, 02 Feb 2026 00:00:00 +0000

For a decade, SPAs were the default answer regardless of the problem. Most teams paid for that overcorrection slowly. Here is how the trade-offs actually look, what the shift back to SSR is really about, and how to make the architecture call at the start of a project.

Why the AI playbook breaks when you scale past a few developers

Wed, 28 Jan 2026 08:30:05 +0000

What works for a solo developer or a team of 10 falls apart at enterprise scale. Here is how the bottleneck shifts from personal tooling to messy data pipelines and organizational coordination as you grow.

When bumping PHP memory isn't enough: tracing serialized cache bloat in a page builder

Wed, 14 Jan 2026 00:00:00 +0000

A WordPress 500 traced to PHP memory looked like a simple limit bump — until the real cause turned out to be a page builder serializing large CSS blobs into the object cache on every request.

That 4 MB `options:notoptions` key is why your WordPress site throws a 500 every ten days

Mon, 12 Jan 2026 00:00:00 +0000

An intermittent WordPress 500 that cleared on refresh turned out to be a single 4 MB Redis key growing without a TTL. Here is what the big-keys scan showed, why the mechanism is easy to miss, and the three config changes that stopped it.

The silent memory leak: debugging intermittent 500s in WordPress Redis caching

Mon, 12 Jan 2026 00:00:00 +0000

A WordPress site was throwing intermittent 500 errors every ten days. The cache flushed clean each time, which masked the real problem: a single Redis key growing to 4MB and occasionally tipping PHP memory over the edge.

WooCommerce slows down under concurrency, not under load

Thu, 04 Dec 2025 00:00:00 +0000

The WooCommerce performance failures that actually hurt at scale don’t show up in standard audits. They live in plugins doing unbounded per-request work that looks harmless at five requests per second and falls apart at twenty.

Debugging a persistent WordPress backdoor

Wed, 03 Dec 2025 00:00:00 +0000

A WordPress site was reinfecting itself after every cleanup. The culprit was a self-healing backdoor in mu-plugins that reconstructed itself from an encoded payload stored in the database. Here is how I found it, killed it, and what I missed the first time.

The mailflow rule I wrote quarantined a client's shipping invoice — here is what I missed

Fri, 03 Oct 2025 01:52:14 +0000

A mailflow rule meant to catch spoofed mail started blocking legitimate transactional email from a third-party shipping provider. The regex logic was sound in isolation. The infrastructure gap it exposed was not.

Dissecting a WordPress compromise: from obfuscated code to hardened infrastructure

Mon, 18 Aug 2025 00:00:00 +0000

A WordPress site on our infrastructure was compromised via an abandoned theme. This is a walkthrough of how I found the malicious code, what it was actually doing, and the harder question I still can’t fully answer: whether any real damage was done before we found it.