Category Archives: WordPress

Ramblings about WordPress, ideas, hacks, and other stuff that makes this blog tick.

Securing The Snowman

I finally added an SSL certificate to ye olde Snowman so that (a) Google does a better job of indexing it (b) it’s less susceptible to various forms of attack (c) I enter at least the last decade of good internet hygiene. It seems, however, that the whole https chain on my hosting provider is a bit wonky and I keep dropping connections, so if you’re one of the five regular readers, stay tuned.

Feeding Facebook

For a long time I used the “RSS Graffiti” app on Facebook to take the RSS feed from this WordPress site and publish it as a set of stories on my Facebook page. I’ve found that Facebook is a primary driver of eyeballs to the site; aside from the random Google query (like “best hockey books” or “electric sheep shirt”) that deposits readers deep within the Snowman’s innards, I rely on click-through from Facebook and Twitter. RSS Graffiti fell into that “too hard to maintain” gutter of applications that needed regular development work but didn’t have a revenue stream to support the coders.

I’ve been lazy and have been tweeting and explicitly posting items when I update the site. Until last week, when I dusted off my Zapier account and connected the WP RSS2 feed directly to Facebook. Zapier is an industrial grade workflow (or “business process automation”, if you’re an enterprise nerd, and your definition of “business” includes just about anything you can do with a net-based content tool) system. With my free account, I can create five workflows that run 100 times a month, every fifteen minutes — perfect for small-scale audience generation.

A Decade of WordPress

WordPress celebrated its tenth birthday last week, neatly marked by Matt Mullenweg’s warm and wise words.

Ten years is an insanely long time in internet years. It’s web services to cloud, or client-server to web services with Java, XML, and the dot com boom as points on the line. WordPress got me back into development, empowered me to read the code again, and stimulated the kind of “how does that work” thinking that I’d previously reserved for device drivers. The WordPress core is a subtle mix of urban planning, grand challenge questions and a community bound by the most nuclear of strong forces – empowerment.

WordPress has let me: Compliment a childhood hero and reach his niece with my words. Get a compliment from one of my favorite authors, just before his passing. Express joy in loss. Express love through loss, and joy in the community. Prove that on the Internet, nobody knows you’re not a moustache.

Why? One of the themes that Brad, David and I constantly floated during the writing of Professional WordPress was that WordPress isn’t just about blogging; it’s about content management. But even that slight abstraction undershoots the import of the WordPress community, from themes to plugins to core developers. It’s not about walking the
Gutenberg press down the consumerization path of the cell phone camera, ubiquitous yet passive. WordPress creates activity; it makes us think about what and how and where to share our words. It is the new power of the press, a formal closure of the set of Gutenberg, Berners-Lee and Steve Deering, combined with the power of an open source community of developers and an equally larger community of designers. It makes me want to write more, and to tinker, and to investigate.

The first-ever digital birthday I observed was that of Sun Microsystems, and Sun’s tag line for its birthday cake applies even more aptly to WordPress at double digits: Not bad for a ten year old.

“Professional WordPress: Design and Development” 2nd edition


My five-year love affair with WordPress hits another milestone on January 9, 2013 when the 2nd edition of the book I co-authored with Brad Williams and David Damstra is released into the wild. You can pre-order it from Amazon now and you’ll have it the day it’s released. Not as exciting as getting “The Deathly Hallows” at midnight, but if you want to front-run a New Year’s resolution click and pay now. You’ll expand your knowledge of PHP, CSS, WordPress themes, WordPress plugins, or how to represent multi-valued tree oriented relationships in MySQL, and look like a genius by the time your friends, family and co-workers have already forgotten what they said in late December.

And my usual offer stands: if you buy it, and I run into you (at Starbucks, a conference, work, airport, casino or Phish concert) I’ll sign your book. If you doubt our paths will intersect, send me an ex libris sticker, a 2×4″ mailing label or a sheet of acid-free writing paper and I’ll sign that (with personalization), send it back to you, and you can make your own signed edition. Yes, I end up losing a dime per autographed copy by spending 55 cents on a stamp and envelope, but (honestly) it’s about expanding our readership.

Another “Like” For The WordPress Community

Part of this blog’s recovery has been switching to the Hybrid theme, with which I’ve experimented a little before. It’s neat, simple, supports a wide variety of child themes, and there’s a very busy support forum. I’m both amazed and thankful that theme author Justin Tadlock personally answers many of the questions, not with “read the code, n00b” but with specific, detailed answers on anything from CSS to menu construction. Oh yeah, the theme is free. Free as in beer as well as free as in liberty and free as in free-spirited creativity. Joining the support forum costs you a nominal fee (something measured in Starbucks coffees, not steak dinners).

A radio friend once told me that the best DJ sounds like he’s sitting in your car, talking to just you. Tim O’Reilly told me (25 years ago) that the best technical authors write as if they were teaching you to play a game, sitting next to you. Those styles are conveyed, with <emph>.

Me and Bobby Tables

Exploits of a Mom - xkcd

xkcd #317


Brad Williams and I have shared a few Bobby Tables jokes while working on the manuscript  for Professional WordPress.  SQL injection attacks are nasty, somewhat common, and often require a complete rebuilding of your site to purge and move on.

If you’re wondering why the snowman looks a little bare, without pictures, sidebars, or other color commentary, it’s because yours truly was hit by a SQL injection attack sometime on Tuesday night. In this case, it was a thorough attack on every page, post and media library entry in the WordPress MySQL tables, a little bit of SQL that appended a piece of Javascript redirecting the browser to a site that I supposed tries to install malware, collect personal information and otherwise make reader’s lives less secure. I discovered this by accident while noticing that my browser was attempting to access a link that I never put into any posts; within an hour I had edited the index.html for my site, ensuring that all traffic would see an apology and not an attack vector.

Without laying public blame, I’m not sure if it came in through a backdoor in my service provider, or via the front door of my WordPress installation, and my (former) server provider refuses to share logs or other information that might exonerate my own site administration. This is the last straw with said provider; last summer it was performance issues (that were also blamed on me, not their shuffling of MySQL instances) and their continued promotion of add-on services. If I thought their basic services were well-run, I wouldn’t be so annoyed.

Upon discovery, I did what any reasonably panicked person would do: dumped the WordPress content in an extended XML file, wrote some scripts to edit out all of the bad stuff (and remove Google AdWords short codes that were in about 250 entries, since I no longer use AdWords on the site), set up a new hosting account with a new provider (BlueHost, at Brad’s suggestion), and re-loaded all 650+ pages and posts. The longest time pole in the tent was getting the DNS entries updated (since I did two updates, one when I took down the site and one when I moved it to a new provide, and had to wait for the first one to propagate).

There’s still a lot to do — I need to hand-edit the photos (since I didn’t download them first); sidebars, theme work, Google Analytics, and other decoration. At the same time, this forces me to work on a few things that I’ve had in notes but not in action plans – theme updates, cleaning up sidebars, adding in appropriate SEO hooks, and most of all, a conviction to stay up to date with WordPress updates.

Like Frosty, I’m back, need to put that magic hat back on my head, and ready to play again.

WordCamp NYC Skyline

WordCampNYC – Oct 16-17

I’m speaking, and Erik and I are sponsors through Amphibimen Comics (another proud WordPress powered site). The deal this year was you got to pick a building, and were charged a dollar a foot for the building’s height. No more gold, silver, bronze, platinum, diamond, ruby, yttrium, molybdenum, or manganese level sponsorships here.

Our choice is seen at the very far right of the badge; it’s the long, low building that looks like it could host a lot of nerds. All of which is true. We are proud to be the 69th Regiment Armory sponsor, represented in all 130 feet of height (and the maximum width of any sponsor, which seemed fitting). What’s the connection? The Armory is where the MoCCA Festival happens in April 2011, where and when Amphibimen Comics will launch a plethora of (ok, like eight) products. And it’s a cool building, with regiment history going back to the Civil War.

See fellow WordPress fans on Sunday in NYC.

Speaking at WordCamp NYC Next Weekend

Coming up next weekend: Version 3 of “Parsing Strange,” my WordCamp talk about the mechanisms WordPress uses to turn a URL into SQL and therefore a collection of posts to display. I’m confirmed as one of the speakers at WordCamp NYC 2010, and I have the added pleasure of being a small-scale sponsor of the event through Amphibimen Comics. The NYC WordCamp is my favorite (sorry, home cooking here) because it was the first one I attended, and it got me much more deeply entrenched in all things WordPress related.

In terms of value, it is the flat-out best technical training, idea sharing and networking event you can attend. Anywhere, any time. $30 for the whole weekend, or something like $2.50 an hour. You will pay more to park, and have much less fun.

Due to scheduling conflicts, I’m speaking on Sunday afternoon, in a 30-minute slot between noon and 5pm. I’ll be delivering my “lightning round” preview in radio-single edit form, via video, on Saturday so you can get a better sense of the topic, if you’re a newbie. Better yet, just buy a ticket, come to Baruch College, and enjoy the company and brainpower of several hundred like-minded peers.

Speaking at WordCamp Philadelphia


I’ll be continuing my WordCamp speaking tour at WordCamp Philadelphia on October 30th. I’m giving the latest version of Parsing Strange, my WP internals talk that dissects URL parsing, SQL generation and user-serviceable parts you might run into. With custom page types and custom taxonomies gaining interest and traction in the WordPress community, this talk is a good backgrounder to the mechanics of joining tables representing social (or other) graphs, and selecting relevant content that you want to be displayed as a result.

Professional WordPress co-author Brad Williams is organizing, and the speaker slate covers an incredible range of topics. It’s the best $20 you can spend — you’ll be getting a high-speed, in-depth technical potpourri for about $3 an hour, or less than you’d spend drinking Starbucks that whole time. Just remember that it’s in Philadelphia, so while there are no bad questions, there are answers that involve having a D-cell thrown at your head.