DEV Community: Christian Ahrweiler

Convert Images to HEIC on Mac

Christian Ahrweiler — Sun, 07 Jun 2026 16:22:16 +0000

HEIC is Apple's modern image format.

It is widely used by iPhone, iPad and macOS because it can store high-quality images with smaller file sizes than traditional JPEG. For Apple users, HEIC feels natural: Photos, Preview, Finder and iCloud all understand it well.

But there is one common problem:

Many images do not start as HEIC.

You may have PNGs, JPGs, screenshots, website images or exported graphics — and want to save them as HEIC for smaller storage, better Apple compatibility, or a cleaner photo workflow.

That is where 2HEIC makes sense.

Drag images into the app and get converted HEIC files right next to the originals.

No complex editor.
No command-line tools.
No confusing export workflow.

Just a simple Mac app for converting images to HEIC.

HEIC is already at home on Mac. 2HEIC makes it easy to create.

AVIF Is Ready for the Web — But Mac Apps Are Still Rare

Christian Ahrweiler — Sun, 07 Jun 2026 15:56:04 +0000

AVIF is one of the most efficient image formats available today.

It can create much smaller image files than JPEG, often with better visual quality. That makes AVIF a great choice for modern websites, blogs, app landing pages and product images.

Browser support is no longer the problem. Safari, Chrome, Firefox and Edge all support AVIF today.

The gap is on the Mac.

While AVIF is ready for the web, simple Mac tools are still rare. Many image apps focus on editing, not fast conversion. Others require command-line tools or complicated export settings.

2AVIF keeps it simple.

Drag in your images. 2AVIF creates optimized AVIF files right next to the originals.

No terminal. No complex workflow. No oversized image editor.

Just a focused Mac app for creating AVIF files quickly.

AVIF is ready. 2AVIF makes it easy to use on Mac.

2AVIF on the Mac App Store

Use Your NAS Remotely from Your Mac

Christian Ahrweiler — Sun, 07 Jun 2026 12:12:53 +0000

A NAS works great at home.

On the local network, your Mac can usually connect with SMB. Open Finder, connect to the server, and your NAS appears like a normal file share.

That part is easy.

The harder question is: how do you access the same NAS remotely from your Mac?

Most NAS devices are built for storage, not for a perfect Mac remote-drive experience. Some vendors offer their own apps, some rely on browser access, some expect VPN, WebDAV, SFTP, DDNS, router settings, or port forwarding.

For normal users, that quickly becomes too technical.

SMB is fine at home.
Remote access needs a safer and cleaner workflow.

That is where myCloudDrive fits in.

myCloudDrive lets you connect your Mac to remote storage, NAS systems, and private file servers in a simple way — without depending on a vendor-specific NAS app.

Your NAS stays at home.
Your files stay under your control.
Your Mac gets a cleaner way to access them remotely.

No big cloud platform.
No complicated dashboard.
No server-admin feeling.

Just your remote storage, accessible from your Mac.

Your NAS should feel like your drive — even when you are not at home.

One Logo, Every Platform: How to Ship App Icons in One Go

Christian Ahrweiler — Sat, 06 Jun 2026 11:20:39 +0000

Designing an app icon often starts with one simple file: a logo on a 1024×1024 canvas.

The trouble starts after that.

A real app does not need just one icon. It needs a complete set for iPhone, iPad, macOS, Android, and the web. Each platform expects different sizes, different filenames, and in some cases different rules.

The most common example is transparency.

macOS icons can use transparent backgrounds. That is why cut-out artwork, shadows, and floating shapes often look great on desktop.

iOS is different. The App Store icon must be a full square image without transparent pixels. You should not pre-round the corners either. The system does that later.

So a designer usually ends up with separate exports: one opaque set for iOS and other platforms, and another transparent set for macOS.

That works, but it is not a clean workflow.

One Logo, Every Platform
One go instead of separate sets

This is where 2ico by beaver tools makes the process easier.

Drop your main icon into 2ico, and it creates the full icon package in one go: Apple AppIcon.appiconset, Android launcher icons, adaptive icons, favicons, touch icons, and manifest files.

Instead of resizing images by hand or editing Contents.json, you get a ready-to-use icon pack next to your source file.
The unique -alpha feature

The real advantage is the -alpha pairing.

Use your normal opaque icon as:

MyApp.png

And the transparent macOS version as:

MyApp-alpha.png

Drop both files into 2ico at the same time.

2ico automatically uses the opaque file for iOS, iPadOS, Android, and web. The -alpha file is used only for the macOS icon slots.

That means you can keep the correct platform behavior without building separate icon sets and merging them manually.
Bottom line

Cross-platform app icons should not require a pile of manual exports.

With 2ico, the normal case is simple: drop in one icon and get the full pack. And when macOS needs transparency while iOS needs opacity, the -alpha feature keeps everything in one go.

Stop Bad Bots Early - Before They Waste WordPress Resources

Christian Ahrweiler — Fri, 05 Jun 2026 20:11:50 +0000

Bot traffic is not only a security problem. It is also a performance problem.

Scanners, fake crawlers, login probes, curl requests, repeated URL hits, and strange path checks all consume resources. Even when they do not break anything, they still make the server react.
And with WordPress, unnecessary requests can quickly become expensive.

PHP may start. WordPress may load. Plugins and themes may initialize and the database may be touched.

That is why bot blocking only really helps performance when it happens early.

Stop bad bots earlyEarly Blocking Saves Resources

Early bot filtering checks unwanted traffic near the beginning of the request.

If the request looks automated, abusive, or useless, it can be slowed down or rejected before WordPress spends serious work on it.

Keep It Simple for Real Visitors

Good bot protection should stay out of the way.

Real visitors should not have to solve browser challenges just to read a page. Logged-in users should not be interrupted. Normal WordPress tasks such as AJAX, cron jobs, checkout pages, and caching should continue to work.

The best protection is quiet.

This is where atec Bot Shield by atec Plugins fits in.

It runs as a Must-Use plugin, so it can act before normal plugins and themes are loaded. It can slow down suspicious requests before blocking them, works without JavaScript, does not set its own cookies, and avoids database usage for the shield logic. With APCu, it can remember suspicious request patterns across requests and typically runs in under 0.5 ms per request.

Final Thought

Bad bots waste resources long before they become a serious attack.

Blocking them helps.
Blocking them early helps much more.

Stop bad bots before WordPress spends real work on them.

Yes, You Can Configure WordPress

Christian Ahrweiler — Fri, 05 Jun 2026 15:11:01 +0000

WordPress is powerful because it tries to support almost everything: blogs, comments, embeds, RSS feeds, REST APIs, visual editing, automatic updates, debug modes, admin tools, legacy browser support, and more.

That is great for flexibility.

But for many real websites, especially business pages, landing pages, WooCommerce sites, Brizy/Elementor sites, or simple company websites, not every WordPress feature is needed. Some features add small amounts of bloat. Others expose endpoints you may never use. Some simply clutter the admin area.

The good news: WordPress can be configured. And you do not always need to open your hosting dashboard or edit wp-config.php manually.
WordPress Comes With Features You May Not Need

A fresh WordPress installation is designed to be universal. That means it includes many things by default:

RSS feeds for blog readers.
Comment forms for posts.
Embeds for showing your content on other sites.
Emoji scripts for old browser support.
Global Gutenberg styles.
REST user endpoints.
XML-RPC for old remote publishing workflows.
Trackbacks and pingbacks from the early blogging era.

None of these are "bad". But if your website does not use them, disabling them can make the site cleaner, reduce unnecessary output, and close small doors you do not need open.

A modern company website without a blog probably does not need a Posts submenu. A site without comments does not need comment forms. A page-builder site may not need Gutenberg editor support everywhere. A security-focused site usually does not want XML-RPC exposed.

Small changes, but together they make WordPress feel lighter and more controlled.

Memory Limit: One of the Most Important Settings

One setting many site owners overlook is the WordPress memory limit.

This controls how much memory WordPress is allowed to use for normal requests. There is also an admin memory limit, which is especially important for heavier backend tasks such as updates, image processing, imports, backups, WooCommerce actions, and plugin operations.

The problem: changing this often requires editing wp-config.php or using hosting tools. Many users do not want to touch server files. Some do not even have easy access.

That is why a simple configuration interface is useful. You can check the current PHP limit, WordPress limit, usage, and set a better value directly from the WordPress admin area.

For many sites, increasing the WordPress memory limit from a very low default to something like 128 MB or 256 MB can prevent annoying backend problems. It does not make a slow site magically fast, but it gives WordPress more room to work when needed.

Useful Things to Disable

Some options make sense for many websites:

Disable XML-RPC
XML-RPC is a legacy remote publishing API. Most modern sites do not need it anymore. If unused, disabling it reduces unnecessary exposure.

Disable trackbacks and pingbacks
These are old blog notification mechanisms. They are rarely useful today and often only create noise.

Disable comments
For websites without blog discussions, comments add admin clutter and public forms that do not serve a purpose.

Disable RSS feeds
If the site is not a blog or news site, RSS feeds may not be needed.

Disable embeds
Prevents your content from being embedded through WordPress' oEmbed mechanism.

Remove RSD link and clean up the WP head
WordPress adds several meta links and tags to the page header. Some are useful, some are legacy. Removing unused ones keeps output cleaner.

Disable emojis
WordPress adds emoji support scripts mainly for older browser compatibility. Most modern sites do not need this extra output.

Hide REST users for anonymous visitors
This helps reduce username enumeration through public REST API endpoints while keeping logged-in and nonce-based REST requests working.

Disable the plugin and theme editor
Editing plugin or theme files inside the WordPress dashboard is risky. On production sites, disabling this editor is usually a good idea.

Debug and Script Settings

Configuration is not only about removing bloat.
Sometimes you need debug settings too.

WP_DEBUG, WP_DEBUG_LOG, and WP_DEBUG_DISPLAY are important when developing or troubleshooting a website. But they should be handled carefully. Displaying errors publicly is usually not a good idea on production sites. Logging errors to a file is often safer.

SCRIPT_DEBUG is useful when you need WordPress to load development versions of core CSS and JavaScript files. Most normal sites should keep it disabled.

WP_ALLOW_REPAIR enables WordPress' built-in database repair script. It is helpful in special cases, but it should not be left enabled permanently.

WP_AUTO_UPDATE_CORE controls automatic WordPress core updates. Depending on the site, this may be welcome or something you prefer to manage manually.

Configure WordPress Without the Hosting Dashboard

The main idea is simple:

WordPress should not feel like a black box.
You should be able to see what is active, what is exposed, what can be disabled, and which important configuration values are currently set.

That is exactly where atec Config comes in.

atec Config by atec Plugins gives you a clean WordPress admin interface for common configuration tasks:

You can disable unnecessary WordPress features, reduce admin clutter, improve basic hardening, adjust memory settings, manage debug constants, and check what is currently enabled or exposed.

No digging through wp-config.php.
No hosting dashboard required.
No guessing which legacy feature is still active.

Just practical WordPress configuration, directly inside the dashboard.

Final Thought

WordPress is not bloated because it is bad. It is large because it tries to support many different use cases.

But your website does not need to support every possible use case.
A clean WordPress setup should only keep what the site actually needs. Disable the rest, increase important limits when required, and keep configuration visible.

Yes, you can configure WordPress.
And with atec Config, it becomes much easier.

How to Open a .zst File on Mac

Christian Ahrweiler — Thu, 04 Jun 2026 15:39:35 +0000

You downloaded a file ending in .zst or .tar.zst, double-clicked it on your Mac, and nothing useful happened.

That is normal.

macOS can open ZIP files directly, but Zstandard files are still not handled like normal Finder archives. So when you receive a .zst file from a server, backup system, Linux package, developer tool, or data export, you need another way to extract it.

How to Open a .zst File on MacWhat is a .zst file?

A .zst file is compressed with Zstandard, often shortened to Zstd or ZST.

A plain .zst file usually means one compressed file.

A .tar.zst file is different: files and folders were first packed into a .tar archive, then compressed with Zstandard. So .tar.zst is closer to a ZIP archive because it can contain multiple files and folders.

This format is common for server backups, Linux archives, database exports, project folders, logs, and developer downloads.

Why macOS does not open it directly

macOS includes Archive Utility for common archive formats, especially ZIP. But .zst files are not a normal built-in Finder workflow.

That creates an annoying situation: you have the file, but Finder does not extract it. Terminal can solve the problem, but most Mac users do not want to install command-line tools just to open an archive.

For example, with Terminal it may look like this:

zstd -d file.zst

or for .tar.zst:

tar --use-compress-program=unzstd -xf archive.tar.zst

That works, but it is not very Mac-like.

The easier way: unpackZST

unpackZST lets you open and extract .zst and .tar.zst files on macOS without Terminal commands.

Open the app, choose or drop your ZST file, select the destination, and extract it.

No command line. No package manager. No extra setup.

Just open the file and get the extracted result.

Why ZST files are becoming more common

Zstandard is popular because it is fast, efficient, and modern. It is used in developer tools, Linux systems, package managers, backups, logs, and large data workflows.

In other words, .zst files are no longer rare. They are becoming a normal part of modern technical workflows.

macOS just has not made opening them feel normal yet.

Conclusion

.zst and .tar.zst files are useful, but they are still inconvenient on Mac.

With unpackZST, you can extract them without Terminal commands and without extra setup.

Download unpackZST for macOS:
[App Store]

Faster WordPress With BunnyCDN - Without the Complexity

Christian Ahrweiler — Thu, 04 Jun 2026 10:34:41 +0000

A CDN is one of the simplest ways to improve the performance of a WordPress website. By serving images, JavaScript, CSS files, and other static assets from servers closer to your visitors, pages load faster and your web server has less work to do.

BunnyCDN has become a popular choice because it combines a global network with straightforward pricing and excellent performance. The challenge is not BunnyCDN itself, but the setup. Many integrations require multiple configuration steps, URL rewrites, pull zones, cache management, and ongoing maintenance.

BunnyCDN for WordPress IntegrationThe goal of atec-Bunny by atec Plugins is simple: make BunnyCDN easy.

After connecting your BunnyCDN zone, the plugin automatically serves static assets through BunnyCDN. Images, CSS files, JavaScript, and other media are delivered from the CDN without complicated configuration.

When content changes, cache management remains just as simple. A single click allows you to purge the BunnyCDN cache and immediately serve fresh content to visitors.

For WordPress site owners who want the benefits of a CDN without spending time on technical details, atec-Bunny provides a lightweight and straightforward solution.

Because faster websites should not require a complicated setup.

OPcache for WordPress: The PHP Cache Your Site Should Not Run Without

Christian Ahrweiler — Wed, 03 Jun 2026 08:45:48 +0000

When people talk about WordPress performance, they often think about page cache, image optimization, CDN, or object cache.

All of that matters. But one of the most important performance layers sits below WordPress itself: OPcache.

OPcache is a PHP engine cache. It stores already compiled PHP code in memory, so PHP does not have to read, parse, and compile the same files again on every request.

For WordPress, that is a big deal.

A normal WordPress page load touches many PHP files: WordPress core, plugins, themes, autoloaders, libraries, and configuration files. Without OPcache, PHP has to process this code again and again. With OPcache enabled, the compiled version can be reused directly from memory.

The result is less CPU work, faster response times, and better stability under load.

OPcache is a basic WordPress hosting requirement
OPcache does not replace a page cache. It also does not replace Redis, Memcached, APCu, or a CDN.

It works at a lower level.

Even when a page is not cached, WordPress still has to run PHP. OPcache makes that PHP execution more efficient. That is why OPcache should be considered a basic requirement for serious WordPress hosting.

If OPcache is disabled, WordPress is forced to do unnecessary work on every request.

The main OPcache settings

The most important setting is:

opcache.memory_consumption

This defines how much memory OPcache may use for cached PHP scripts. If the value is too small, OPcache fills up quickly and cannot keep all important files cached. Small WordPress sites may be fine with 128 MB, while larger plugin-heavy sites often benefit from 256 MB or more.

Another important setting is:

opcache.interned_strings_buffer

This stores repeated strings used by PHP, such as class names, function names, file paths, array keys, and configuration values. WordPress and plugins use many of these strings. Common values are 8 MB, 16 MB, or 32 MB.

The third key setting is:

opcache.max_accelerated_files

This controls how many PHP files OPcache can store. WordPress installations with many plugins can easily contain thousands of PHP files. If this limit is too low, not all files can be cached, even if memory is still available.

Typical values are 10,000 or higher. Larger sites may need 20,000 or more.

Enabled is not enough

A common mistake is to only check whether OPcache is enabled.
That is not enough.

OPcache can be active but still badly configured. It may have too little memory, too small a string buffer, or too low a file limit. In that case, WordPress runs, but OPcache cannot help as much as it should.

The important part is not only whether OPcache is enabled, but whether it has enough room to work properly. A useful check should show how much OPcache memory is available, how much is already used, how much free memory is left, how many PHP files are cached, and whether the configured file limit is large enough for the site. It should also reveal warning signs such as wasted memory or cache restarts, because those can indicate that OPcache is too small or not tuned well for the WordPress installation.

How to check OPcache in WordPress

Many hosting panels only show that OPcache is "available". That does not tell you whether it is configured well.

This is where atec Cache Info by atec Plugins helps.

atec Cache Info shows system-level cache status and statistics directly inside WordPress. It detects OPcache, PHP JIT, object cache type and health, APCu, Redis, Memcached, and SQLite cache support. It is read-only and does not modify your server configuration.

For OPcache, it helps you see the actual runtime situation instead of guessing. You can check whether OPcache is active, how it is configured, and whether the limits are suitable for your WordPress installation.

The bottom line

Good WordPress performance starts with the server foundation.
Before optimizing themes, removing plugins, or adding more frontend tricks, it makes sense to check whether PHP itself is running efficiently.

OPcache is one of the simplest and most effective performance features for WordPress. But it only helps fully when it is enabled, large enough, and correctly configured.

And if you want to check that directly inside WordPress, use atec Cache Info.

How to Check If Your VPN Is Actually Working

Christian Ahrweiler — Wed, 03 Jun 2026 08:01:18 +0000

Most people turn on a VPN and assume everything is fine. The VPN app says "connected", the icon looks active, and the tunnel appears to be running.

But that does not always mean your traffic is really leaving through the VPN.

The important question is not whether your VPN app thinks it is connected. The important question is what the internet actually sees.

A simple way to check this is to disconnect your VPN first and look at your public IP address. Then connect the VPN and check again. If the VPN is working correctly, your visible public IP should change. In many cases, the detected country or city changes too.

For example, if you are in Germany and connect to a VPN server in the Netherlands, websites should no longer see your normal German home connection. They should see the Dutch VPN exit IP instead.
That public exit IP is what matters.

Sometimes the VPN tunnel is technically active, but the result is still wrong. Your IPv4 address may stay the same, which means your traffic may not be routed through the VPN correctly. IPv6 can also leak if the VPN only handles IPv4 properly. In other cases, IPv4 and IPv6 may appear to come from different countries, which can be a sign that something is not cleanly routed.

Manual checking works, but it gets annoying quickly. You have to open a browser, search for an IP checker, compare IPv4, check IPv6, remember your normal home IP, and then decide whether the result is good or bad.

That is too much work for something that should be visible at a glance.

That is why I built isVPN for macOS.

isVPN is a lightweight menu bar app that answers one simple question: isVPN?

It does not manage your VPN, read VPN profiles, connect, disconnect, or talk to your VPN provider. Instead, it checks what the outside world sees: your public IP address, country, city, IPv4/IPv6 status, and whether your traffic likely exits through a VPN tunnel.

The shield color gives you the answer immediately. Orange means a direct connection was detected. Green means a VPN egress IP was detected. Red means the result is unclear, for example because of a possible leak, unchanged IP, missing baseline, geo error, or failed update. Gray simply means the app is loading.

The menu also shows the current IPv4 and IPv6 addresses, country, city, tunnel status, last update time, and a manual refresh option.
The useful difference is that isVPN does not ask your VPN app whether it is connected. It checks the public result.

If your VPN says "connected" but your public IP still matches your home connection, isVPN can warn you. If IPv6 still exposes your real network while IPv4 changed, it can warn you too.

isVPN is not a VPN replacement. It is a small independent indicator that helps you verify the result.

Because in the end, the real question is simple:
What does the internet see?

WordPress Performance Starts with Hosting

Christian Ahrweiler — Sun, 31 May 2026 14:18:59 +0000

When it comes to WordPress performance, hosting is the most important part of the setup.

WordPress Performance starts with HostingThemes, plugins, page builders and optimization tools all matter, but they come after the server itself. If the hosting environment is weak, WordPress has to work with limited resources from the beginning. A fast theme cannot fully compensate for slow PHP, low memory, an overloaded database or missing cache support.

Good WordPress hosting is not just about disk space or a nice marketing label. What really counts are the technical basics: CPU power, available memory, free disk space, PHP version, database version, memory limits and caching support.

These values decide how well WordPress can handle requests, load the admin area, process plugins, run WooCommerce, create backups, generate images and serve visitors. If one of these areas is too weak, the whole site can feel slower than it should.

The problem is that these details are not always easy to check. Some values are hidden in server configuration, some are part of PHP, some depend on WordPress constants, and some only matter when they are actually active inside WordPress.

The built-in WordPress Site Health screen is useful, but it does not give a clear hosting grade. It can show warnings and technical information, but it does not answer the simple question most users have:

Is my hosting good enough for WordPress?

That is exactly what atec Hosting Check is built for.

atec Hosting Check shows the important hosting values on one page, in plain English. It checks server resources, WordPress/PHP/database versions, OPcache, object cache, page cache and important WordPress settings. Each result shows the current value, the recommended target and a simple grade, with short recommendations where something needs attention. The plugin is read-only, needs no configuration and does not change server settings.

Instead of searching through different admin screens or trying to understand raw server values, you get a clear overview of what your WordPress hosting actually provides.

Before changing themes, disabling plugins or adding more optimization tools, check the foundation first.

Find it here:
https://atecplugins.com/

WordPress debug.log Has Two Problems

Christian Ahrweiler — Fri, 29 May 2026 15:35:21 +0000

But the default debug.log can create two very practical problems.

First: size.

When WP_DEBUG_LOG is enabled, WordPress can write notices, warnings, errors and deprecated messages into /wp-content/debug.log. On a noisy site, this file can grow fast. A few repeated notices can quickly become megabytes of log data.

Second: visibility.

The default filename is predictable. If the server is not configured carefully, /wp-content/debug.log may be reachable from the browser. That can expose internal paths, plugin names or technical details that should not be public.

atec Debug by atec Plugins fixes both issues in a smarter way.

Instead of using the predictable default file, it can move the log to an unguessable path like:

wp-content/atec-debug-{token}.log

The token is based on the site's AUTH_KEY, and existing debug.log setups can be migrated automatically.

It also helps keep the log readable by filtering PHP notices and deprecations while keeping warnings and errors visible.