Stencyl – Speed Up/Down, Fast Forward/Slow Motion

Being able to speed up, or slow down a game is useful in many instances. Think about Turret Defence games where you can speed up the game for durations that would otherwise be either boring, or taxing, to the player. (E.g. not enough is happening, or too much is going on.) It can also be useful in other situations, and can also be useful for achieving certain effects.

It’s quite simple to adjust the speed of a game in Stencyl, though you’ll need to use the ‘code’ block. I’m going to start off with the example.

[swf src=”” width=640 height=480]

In the above example, press SPACE to cycle through the available speeds. In my example it goes from 2 to 20 (in increments of 2.) It’s important to note that 10 is the default and stands for 100fps. A lower amount will speed up the game, while a number higher than 10 will slow it down.

NOTE: You cannot have a speed value less than 1 as it will cause the game to freeze.

Onto the Code

The code for this is really simple. In the image above you’ll see a number variable that sets the value. (In this instance it’s 10, the default value.) Obviously you can change this value in-game as you need. The code is below:

Engine.STEP_SIZE =;

The ‘_Speed’ text in the ellipses is the internal name of the number attribute, so you’d change this to whatever the INTERNAL name of your attribute is. The internal name differs from the name that you gave it. It can be found by clicking the ‘attributes’ panel.

Stencyl – Limiting / Removing Decimal Places

When dealing with numerical values and returning scores, etc. you may notice that sometimes values are returned with extraneous decimal values, such as 456.000000000002. This is great for accuracy, but not so great when you want to return values to the player, such as scores, damage per second, and so on. Too many decimal places are generally unneeded, are annoying to the player, and will likely mess up your screen (i.e. stretching across the entire screen and even passing beyond.), Fortunately it’s easy to deal with.

Unwanted decimal places are easily dealt with, and you can also choose how many decimal places you wish to show.

The above code isn’t particularly complicated, though there’s a few things you need to know. First of all, ‘Your Value’ is the value you wish to display, yet limit the number of decimal places.

Secondly you’ll see the number 10 mentioned twice. This converts the number into the required number of decimal places. Think of each ‘0’ as a decimal place; so if our value is one, ’10’ will return 1.0, ‘100’ will return 1.00, as so on.

Stencyl – Creating a Dynamic Inventory

RPG’s, Point & Click games, and many, many, others use inventory systems. Such systems range from relatively basic ones, to fully fledged dynamic systems. While working on game that was non-linear, I needed a dynamic inventory system.

What is a dynamic inventory system?

In this instance I’m talking about an inventory that displays items in the order in which they were collected, and removes them as they’re used, bumping unused items down the list to fill vacant spaces. Some simpler inventory systems may just have specific slots for particular items, and may not rearrange items to fill unused spaces.

The Code

This code is an actor behaviour that’s attached to all items that the player can pick up. The first section checks if the item is on the ‘kill list’, this is important as when a player picks up an item, the item is then added to the kill list so that if the player visits the same scene again, the item isn’t respawned. (Technically it is respawned anyway, but if it’s on the kill list it is instantly killed so the player never notices.)


The code above is attached to the item which is picked up. The fist line isn’t part of the inventory system itself. It just displays a description when the player moves their mouse over the item.

I’ve limited by inventory system to 18 slots. This was done to keep things simple as my inventory icons are 32 pixels high, and the screen hight of my game is 576 pixels (576 / 32 = 18). The first ‘IF’ statement checks if inventory is full, i.e. is the inventory count 18? If the inventory is full, a message is displayed informing the player. In my example I have a list with several different messages that are picked at random to stop the message from getting stale for the player. However, chances are that in my game, the player will never actually fill the inventory completely.

In the ‘OTHERWISE IF’ statement, it checks if the inventory count is less than 18. First of all, the examine text attribute is cleared. If this wasn’t done, the text in the first piece of code would remain on screen until another event changed the attribute.

Next, we add the picked up item to a ‘kill list’ by generating a unique custom ID, as mentioned above for the first code snippet. This is important so that the same item cannot be picked up more than once.

The next line adds the corresponding inventory icon to the inventory list. The text ‘Shovel 1 Icon’ is the actual name of the actor, not just a nickname. I’ve done this so that I can easily refer to it and create it later. This isn’t the only way of doing this, but I went for simplicity.

Once we’ve finished running the code we need to, we simply kill the picked up item so show that it’s been picked up and to prevent the player from collecting it again, before we finally trigger a scene behaviour that updates our inventory.


This code is attached to all scenes via a scene behaviour. The inventory list doesn’t just add new items to the list. It refreshes. It’s does this by destroying the current inventory icons and creating new ones based upon the updated list.

The next bit of code checks how many item are currently in the list so that number can be referred to. It then runs the ‘create’ once for each item in the list.

The ‘create’ code pulls the relevant item from the list, and actually uses this as the actor name. The Y value for each icon is based upon its location in the inventory list. This only works properly if each of your icons are the same height (in this instance it’s 32 pixels.)

In this example the icons are displayed vertically, starting at the top and working down. If you wanted to display the icons horizontally you’d put the ‘current loop count x 32’ code as the X value, where 32 is the width of your icons.

Adding rows or columns to an inventory?

In this example you’re limited to the number of icons you can display according to the number/size of your icons and the dimensions of your screen. If you wanted to display more by using columns or rows, things become more complicated. For instance, if I wanted to allow more than 18 items in the inventory using columns, I would need to calculate the X value when creating the icons. See below:


Again, you may still need to limit the number of items. In the above example 36 is the max, otherwise icons after entry 36 in the list would then all be created at the X value 36 (the last value that attribute ‘X Value’ is set to.

Using rows and columns in this manner will obviously encroach into your screen space. This may be a problem if your icons are large, or you’re using lots of them.

Stencyl – Custom Grain Effect

Stencyl has some powerful built-in filters called ‘Shaders’ that can be used to create pretty much any effect that you desire. The only downside to these shaders is that they’re limited to certain platforms so they don’t currently work on mobile or web. I was after a grain effect that could be used on web, so I needed a custom solution.


This awesome custom grain effect was created for me by the talented Liberado.

Adjustable Custom Grain Effect

This particular bit of code is very complicated and uses advanced features of Stencyl, such as the Image API. It also benefits from being extremely customisable. It can be used for any screen size or resolution, and the size of the grain, the opacity, and cycling speed can all be changed.

The Code


The code can be downloaded below as a working Stencyl project.


Stencyl – Turn an actor slowly towards another

Making one actor point towards, or face another is a relatively easy affair. However, simply pointing an actor towards another is rather limited, and may not be what you’re after.

Why would you like to change the speed of rotation?

Being able to change the rate of speed at which one actor turns to face another is useful for a number of situations. Imagine a tower defence game where turrets turn to face enemies, a tank turret slowly rotating independently of the tank’s body, or even using it to turn a plane.


Open demo in a new window (You may need to enable pop-ups in order to view the demo.)

Arrows to move, Z to fire.

The Code

Let’s have a look at the code that used to achieve the effect.
This code is attached to the enemy plane as used in the above demo. When created, the first line creates the player actor. In this instance the player actor is created at a random location on the screen.

Secondly, an actor attribute is created using the player actor. This is so we can refer to it later.

Finally there’s a custom event. This is not relevant to the enemy movement, but I will touch on it at the end.

The code in this image is more complex, and it uses the Easy Math Extension, though it’s possible to get this working without it, you would just need to write the code to calculate the angle between the two actors yourself.

‘dA’ is a number attribute that you’d need to create. The ‘value of EnemyTurn’ is a value that’s stored in a map, and dictates the speed at which the actor turns. I’ve used a map value here so that I can change the value in-game. If you don’t need the value to change, you can put a number value directly in here. 1 is a good value. The higher the value, the faster the turn.

The last line simply points the actor in the right direction, and sets the velocity at which it is to move. This would be zero if you wanted it to be stationary.

This third image isn’t part of the actual movement behaviour, but I have used the ‘dA’ value for another purpose. These blocks make the enemy plane fire towards the player. So that the shooting isn’t random, the code checks the value of ‘dA’ and if the value is between -2 and +2, then the enemy will shoot towards the player. When ‘dA’ is zero, the player is in the direct line of sight.

WordPress Brute Force Attack 2016

Date: Monday 28 March 2016
There’s currently a massive brute force attack taking place against WordPress websites. My site is currently being hit dozens of times a minute from IP addresses from all over the world – must be a bot-net.

Take precautions and lock-down your site from attempted logins until it’s over. Consider installing Wordfence, it has a very good free version.

How to speed up WordPress (and other websites)

21 ways to make your website faster

WordPress, like many other Content Management Systems (CMS) and websites, can suffer from being a little sluggish. There are a huge number of different things that affect the speed of your website. Some are easy to solve, while others can be more difficult or require additional expense. Ideally you want pages on your site to fully load within a couple of seconds. Why? Visitors are impatient and may leave your site if it’s too slow, and Search Engines (particularly Google) are increasingly using site speed as a ranking factor in search results.

Is my website slow? Test your website speed

First of all, you need to know what you’re up against, so you need to run a test on your website. Google has an excellent website speed testing tool that also provides information on how to fix issues. also has a useful website speed checker that actually provides more in-depth results that Google’s website checker.

Once you’ve got your website speed it’s time to look at things in a little more depth.

Why is my website slow?

Quite simply the faster your website responds, the better. Using your site is faster for your visitors, meaning that can do what they’re there to do quicker, and therefore less likely to get frustrated and leave your site before they’ve done what they came to do.

There’s lots of reasons why a website could be slow, and the reasons are true across the board of websites and CMS, not just WordPress.

How to speed up your website?

Check your hosting provider

This is really the first thing you need to consider. The specification of the servers that your hosting provider uses will dictate a lot regarding the performance of your website. The cheapest hosting will typically share a server amongst lots of other websites, degrading the performance as a number of websites are trying to be served simultaneously.

Most small sites are fine on shared servers, but if it is causing you problems, shop around for a better service.

Keep everything up-to-date

Updates to your CMS, themes and plugins aren’t just improvements to security and functionality. Updates also often provide a faster and more streamlined version.

Choose a good theme

‘Good’ in this instance doesn’t mean something that looks nice, it means something that’s well-coded and fast. Bloated or poorly coded themes can really slow things down. The standard themes offered by WordPress are safe, though may not be as good-looking as you’d like.

Delete unused items

I, like many people, are guilty of keeping additional themes and plugins installed, even though I’m not using them. Clearing the clutter frees up space and reduces stress on your server. This also applies to your database, so keep it clean, and delete things such as post revisions you no longer need.

Identify demanding plugins

For WordPress you can use the P3 Profiler Plugin to identify which plugins are slowing down your site. If some are having a particularly detrimental impact, consider finding a better coded alternative, or doing without it.

Use code, rather than plugins

Plugins are great, extremely useful, and provide excellent functionality, though sometimes we can be a little lazy and use plugins where maybe they’re not strictly required. If you can code something yourself instead of using a bloated plugin, then do so.

Install Gzip

Gzip compresses all of your website files and sends them to the visitors browser where they are they uncompressed and displayed. There’s no real reason not to use Gzip. You can check whether Gzip is installed on your server here. If not, you can use a plugin to install it.

Use a CDN (Content Delivery Network)

In the most simple of terms, a CDN takes your static websites files (such as images and Javascript files) and enables visitors to your site to download them quicker by using faster servers and using servers which are closer to your visitor. The Jetpack plugin for WordPress includes a CDN. Some CDN’s are paid services.

Compress your images

Images are usually amongst the largest files which you have on your website. Photographs in particular can often be very large. Images can easily be several megabytes in size, especially as newer mobile phones and cameras take much larger photos than they did just a few years ago. You can either compress the images before you upload them, or use a plugin. ShortPixel is pretty good, though there are monthly usage caps unless you pay.

Disable Hotlinking

Hotlinking is also sometimes referred to as leeching. It’s where other websites link to your content directly in order to display or make available on another website. There are legitimate uses for this, but it can cause problems, especially if your website become very popular, and many sites are hotlinking your content. This is because other people’s websites are sending requests to your server which can degrade performance.

You can disable hotlinking by editing your .htaccess file on your server. Just add the code below. If you’re not comfortable with doing this, speak to your hosting provider.

disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

Host video externally

This is actually just like hotlinking (mentioned above.) It’s a good idea to upload videos to another website that specifically hosts videos, such as YouTube or Vimeo. The reasoning being that their servers are going to be much more powerful than yours, and capable of streaming high definition video seamlessly, whereas your server would probably result in buffering and choppy playback.

Use browser caching

Browser caching is only really of use to return visitors and those who are browsing multiple pages of your website. The browser cache stores static files on the users computer so that they can be accessed again quickly rather than having to be downloaded from your computer each time. You can specify what files are stored and for how long by either editing the .htaccess file, or using a plugin. Example code is below, but once again, contact your hosting provider if you’re unsure.

# associate .js with “text/javascript” type (if not present in mime.conf)
AddType text/javascript .js

# configure mod_expires
# URL:

ExpiresActive On
ExpiresDefault “access plus 1 seconds”
ExpiresByType image/x-icon “access plus 2692000 seconds”
ExpiresByType image/jpeg “access plus 2692000 seconds”
ExpiresByType image/png “access plus 2692000 seconds”
ExpiresByType image/gif “access plus 2692000 seconds”
ExpiresByType application/x-shockwave-flash “access plus 2692000 seconds”
ExpiresByType text/css “access plus 2692000 seconds”
ExpiresByType text/javascript “access plus 2692000 seconds”
ExpiresByType application/x-javascript “access plus 2692000 seconds”
ExpiresByType text/html “access plus 600 seconds”
ExpiresByType application/xhtml+xml “access plus 600 seconds”

# configure mod_headers
# URL:

Header set Cache-Control “max-age=2692000, public”

Header set Cache-Control “max-age=600, private, must-revalidate”

Header unset ETag
Header unset Last-Modified

Minify CSS & JavaScript

As you begin to install themes, plugins and addons to your site, the number of individual CSS and JavaScript will increase, thereby increasing the amount of data which is transferred, and increasing the number of requests that are sent to your server.

Files should be optimised either manually or automatically to reduce the file size and consolidate them where possible.

There are plugins available, such as Better WordPress Minify, that automatically minify and consolidate your CCS and JavaScript files for you. Personally though, I’ve had little success in using plugins to minify files, as the process has frequently broken plugins. This is just my experience however, you may have better luck.

Use CSS instead of images

It wasn’t that long ago where achieving rather simple effects, such as drop-shadows or using uncommon fonts meant that you had to use images. Now however, with the advent of HTML5 and CSS3, these things, amongst many others, can now be achieve with just simple bits of code.

Replace PHP with HTML where possible

This might be difficult to achieve, and possibly beyond the skill set of some people who manage website content. PHP takes longer to render because instructions have to be sent to the server, processed, and then sent back to the browser. HTML however, is static.

Remove unnecessary widgets

In particular I’m referring to sharing widgets that allow people to share content on your site on social media channels. These can cause considerable slowdown, so it’s worth only keeping them on relevant pages. Also consider using the simplest version of the widgets you can.

Specify image dimensions

As a webpage loads it has to calculate the size of the elements in order to figure out where the content should be placed. If you specify the sizes of the elements for the browser, it means that it doesn’t need to spend time calculating it itself.

Enable ‘Keep Alive’

‘Keep Alive’ is an instruction that’s sent between the visitors computer and your server. The instruction grants permission to download files from your server without having to ask each time. This saves bandwidth and time.

This can be done by inserting a simple bit of code into your .htaccess file.

Header set Connection keep-alive

Use CSS sprites

A CSS sprite is a single large image that contains all the graphic elements you need for your site in one file. Having a single file means it will download quicker than lots of smaller ones. You need to be careful that your sprite isn’t too large as some web browsers may not be able to display them.

Limit the amount of content on a page

As your website grows you need to be mindful of the impact this may have on your website. Some pages, particularly those which list blog entries and news articles can become excessively long, taking a very long time to load, and in some extreme cases crashing web browsers. Keep the number of displayed posts manageable.

Turn off Trackbacks and Pingbacks

WordPress in its default state will attempt to notify your website each time someone mentions it or their site. Turning this feature off doesn’t break the links, it just stops the notifications and therefore the additional work that your server would have to do.


There’s a lot to can do to speed up a lagging website. Try some of the suggestions here, starting with the easiest to achieve, and soon you should notice am improvement.

Why Would Hackers Attack my Website?

Wordfence Blocked IPs

“Why would hackers attack my website?” is the question I asked myself when I saw a huge spike in malicious activity. My site is relatively small, and although I’d like to say I get hundreds of page views a day, I (at the time of writing) don’t. Much of the attacks are clearly automated, but occasionally there’s an attempt to breach my site that appears to be a manual attack. So what’s going on?

Why do hackers try to hack websites?

Although there are occasionally news headlines of a major website hack, such as the Talk Talk hack where customer data was stolen, there’s actually a number of reasons why hackers hack websites, and the reasons shed light on why even small sites can be targeted.

1. Just because they can

A number of hackers will simply try to hone their skills by attempting to access websites. These people probably aren’t after information, just bragging rights. They’ll probably deface your website, but these breaches could be costly to you as may lose website data and have to recreate part or all of your site.

2. To steal data and information

I’ll refer to the Talk Talk hack once more. The hackers took a wealth of customer data, and although they may or may not have used this information themselves, what they did do was make the information available for sale. Scammers then bought this data and used it scam people. Some Talk Talk customers reported receiving calls from people purporting to be from Talk Talk, who then tried to get those people to disclose credit card details.

3. Hosting objectionable or illegal content

Rather than paying for a hosting service which may leave the hacker easily traceable, they may want to use your site to host the content instead. That way they can’t be traced.

4. Search Engine Optimisation

Having other sites with links pointing back to your site is good for SEO, so hackers may attempt to inject links in order to fool search engines. Links often lead to sites that offer counterfeit goods, or illegal services. They could also point to malicious websites that download viruses onto the visitors computer.

5. Malware

Maybe instead of trying to get visitors to visit a malicious websites, hackers could insert malware into your site so that your site infects visitors’ computers. Needless to say, your website will soon be flagged up as malicious, doing your reputation harm.

6. Sending Spam

Servers which send out lots of spam are usually soon blacklisted, so in order to keep sending out spam, hackers can compromise your site and then use your server to email out their crap. This will get your site IP blacklisted, and if you use shared hosting, lots of other sites can be affected, meaning the site owners and your hosting provider will suffer.

7. Creating a botnet

If hackers gain access to your site, it can be used as part of a greater botnet that can then be used to carry out malicious actions against other sites, such as a distributed denial-of-service (DDoS) attack. Botnets make malicious activity harder to stop, and harder to trace.

8. Renting out our server

Rather than using your compromised site to carry out malicious activities, hackers may rent out your server to people who do want to use it for sending out spam etc.

Why do hackers target WordPress?

The short answer is because WordPress is very popular. It’s easy for hackers to create a bot which can then be used to target a large number of sites. Other content management systems (CMS) are also targeted, so it’s not just WordPress.

How do I protect my website?

It’s important to take steps to protect your website and server. Here are some important pointers.

Use strong passwords

Even now, many people fall victim to brute force attacks (where hackers will simply keep guessing passwords) because they use weak passwords, such as ‘123456’ or even ‘password’. Ideally passwords should be longer than 10 characters, user upper and lowercase letters, include numbers, and also special characters like exclamation marks. Some experts argue that passwords based on phrases or made up of multiple words, for example ‘railroad consolidation network’, are more secure than random strings of characters, as well as being easier for you to remember.

Keep your CMS, themes and plugins up-to-date

It’s not just aesthetic and functional changes applied during updates, security holes are also patched up, that’s why it’s important to keep everything up-to-date so that hackers can’t exploit them.

It’s equally important to keep unused item up-to-date, or better yet, remove them completely if you’re not using them. They can still prove to be a weakness if they’re installed.

Avoid default usernames

Hackers will try to exploit default information where possible, so if your username is ‘admin’ you’re leaving yourself wide open. Custom usernames can still be found by those who really want to, but simply changing the default username will stop some bot attacks.

Rename or move your login page

Some CMS (e.g Prestashop) demand that you create a unique URL for your login page, with WordPress, you’ll have to use a plugin. As with usernames, this isn’t the one thing that will protect your site, but it just makes things a little more difficult for hackers.

Stop brute force attacks

Some hosting providers already have systems in place to stop brute force attacks, but not all. When I was with my previous provider there was a brute force attack on their website and someone managed to access my email. The hackers sent a few spam emails before I caught on and changed my passwords. Fortunately no real damage was done. It’s an increase of brute force attacks on my website which prompted the writing on this article. Over the past few days I’ve had an increase of attempts to access my site made by people in Brazil, Russia, China, USA, Ukraine, Czech Republic and France. Some of these are obviously just bots, but some have been manual attacks.

I use Wordfence to protect my website, and recommend it to other WordPress users. The free version of the plugin is extremely good. It’s useful to stop all kinds of malicious activity.

Use verfication

Another useful way to stop against attacks is to use a system that stops automated submissions. Google’s Recaptcha is very good at this. Not only does it stop bots, it slows down manual hack attempts too.


It might surprise you that nearly everything on the internet is under attack pretty much all the time. (I’ve just checked the live traffic to my site this minute to see someone from Poland access my login page and attempt to gain access.)

Most attempts are just probing for weaknesses, or are pretty basic, but you should take website security very seriously. It’s better to protect against it rather than try and cleanup afterwards. Referrer Spam

If you run a website and regularly keep an eye on your analytic data, chances are you’ve come across the referrer URL Unfortunately this isn’t legitimate website traffic, but is referrer spam.

Anyone Received Semalt Referrer Spam?

Chances are that you’ve also had appear in your referrer stats at some point. is doing the same thing.

Referrer spam appears in your analytic data, posing as a legitimate referrer. Intrigued, you click the referrer to see who it is who’s sending you traffic. However, the referrer isn’t a real person, but is simply a bot posing as a person. They want to visit their site, that’s all.

Referrer Spam Is More Than Just A Minor Annoyance

Referrer spam can be seen as just a minor annoyance, but the problem is that it messes up your analytics data and skews your results. It really plays havoc with your bounce rate, and the most pervasive referrer spam can cause other problems. When Semalt started their spam campaign, people reported that their sites were being hit hundreds of times a day, and in some cases, dozens of times a minute.

This was causing performance issues on the websites they were spamming, causing response times to drop, or in extreme cases, causing the site to be unavailable for legitimate website visitors.

How To Block Referrer Spam?

If you’re receiving referrer spam to your website, it’s in your best interest to block it. Fortunately this isn’t too difficult and can be done a number of ways.

Editing your .htaccess file

This method is only recommended for more advanced users. The ‘.htaccess’ is a small file which sits on your webs server and can be used for a number of purposes which I won’t go into here. If you’re not an advanced user, speak to the company who hosts your site and they’ll be able to help you.

A WordPress plugin

If your website has been built using WordPress, there’s a number of plugins that will block the spam. Personally I recommend Wordfence.

It’s free to use and extremely useful. To block referrer spam just go to the ‘Advanced Blocking’ options. Goodbye referrer spam. Malware redirects to,a site which is highly suspicious; there’s no ‘about’ information or contact details. Just a single page site which asks you to add a piece of code to your website in order to add social media sharing buttons. This should really set alarm bells ringing.


If you were to add the code to your website, there’s no telling what you could be letting yourself in for. The code comes from an unknown server and can perform a number of malicious acts. It could easily compromise the safety of your site, of the safety of your visitors, with the possibility of your site becoming infected and then being blacklisted. is best avoided.

Shop Front Window (Empty) Templates (Vol.2) – Free Downloads

Here is a further selection of 3D rendered images of some empty shop fronts, with different window configurations, and doors. These have a more decorative brick work than the first volume. They’re particularly useful for creating window display mock-ups for clients. The download link can be found at the bottom of this page.

Shop-Front-Window-Empty-With-Door-1x1 SAMPLE

The windows are semi-transparent for added realism, and so that you can place images behind them. These are free to use as long as you don’t profit from them directly (e.g. sell them on etc.)

I hope that you find them useful. The download link is below.

[alert type=”info”]ZIP: Shop-Front-Window-Door-Template-2[/alert]