Fixing the YD-Recent-Images widget

I’ve been using the handy YD-Recent-Images plugin for awhile now, to generate the /photos page here on my site. It provides a widget that displays the latest n images uploaded in posts here - and provides a nice photostream view for my photoblogging here as well 1. The plugin hasn’t been updated for… 7 years!… but it works. I’ve been expecting it to start misbehaving over time, though. The /photos page here on my site....

August 4, 2018 · 2 min

Introducing Hypercardinator

For some reason, I felt like turning my blog into something reminiscent of Hypercard. Maybe it's nostalgia? Maybe it's a throwback to an era from before the web? Maybe it's an ironic attempt to de-emphasize design over content? Maybe all of those. Anyway. I found this great Chicago-inspired webfont, released under a Creative Commons license by Giles Booth. At first, I just used a local stylesheet to force it to be used on any site, but then I realized I wanted it running on my blog full-time....

April 8, 2018 · 2 min

where the wild (spammy) things are

Wordfence automatically blocks IP addresses that repeatedly attempt to brute-force logins on UCalgaryBlogs. After a few attempts, they aren't able to try again for a few minutes (in case it's a legitimate person trying to log in, it doesn't banish them entirely right away). If they knock it off, the ban gets lifted. If they keep hammering, the ban gets escalated, eventually putting them in a permanent penalty box (identified by their IP address - not perfect, but it's all we have)....

August 23, 2016 · 1 min

Updating my WordPress plugins

I've cobbled a few WordPress plugins together, primarily to do stuff on UCalgaryBlogs by exposing built-in WordPress functionality through shortcodes so that people don't have to manually edit themes. And then I basically ignored the plugins for a few years, because they don't actually do anything, so there's not much to update or fix. But it looks bad if a plugin hasn't been tested with recent versions of WordPress, so I just did some testing of them all....

March 31, 2016 · 1 min

blocking distributed botnet attacks against WordPress (multisite)

I checked the Activity Monitor page1 for UCalgaryBlogs this morning, and noticed that there had been several thousand attempts by people (or “people”) to login using the usernames “admin” (the default WordPress admin account, which isn’t what’s used on UCalgaryBlogs) and “siteadmin” (which is the username for our server - scripts must have sniffed it from blog posts on the main site…) Curious. I’d installed the fantastic Limit Login Attempts plugin to prevent people from brute-forcing logins, but that plugin only kicks in if the same IP address hits the login form repeatedly....

October 16, 2013 · 2 min

Custom Press This - Pixel Envy

Nick Heer (another Calgarian WordPress user!) posted a modified WordPress press-this.php file to enable Markdown syntax: Custom "Press This" — Pixel Envy. custom press-this.php file has been updated to work with WordPress 3.4. It really just modifies the core WordPress wp-admin/press-this.php file to use Markdown syntax, rather than raw HTML. Not elegant, and will need to be updated if that file changes in future versions of WordPress. But it works, and that's all that counts....

July 17, 2012 · 1 min

Self-hosting video with WordPress and Hippie Hosting Co-op

I've been messing around with hosting my own videos, but that's one area where the third party services have the functionality nailed. They magically transcode video file formats. They create thumbnails. They provided embeds to make it easy to use the video. But, Jim posted about how he's having to take on some copyfighting, because YouTube is bending over for some pretty outrageous false copyright claims. The only way to prevent a third party from misusing your content is to not use a third party....

June 24, 2012 · 2 min

on a blog as a deadman's switch

I've been thinking about what would happen to my online stuff, when I eventually kick off (hopefully not for several decades, but still...). This whole Reclaim stuff would mean that my online artifacts would disappear rather abruptly. That's partially mitigated through things like the newly-minted Hippie Hosting Co-op, but what happens to my various account info? How would I hand that off, and send a message after, well, you know......

February 28, 2012 · 2 min

protecting wp-login.php

I noticed a rather severe spike in CPU usage on my Mediatemple server, and dug in to see what was causing it. For an hour, someone was hammering the login form for my blog, accounting for 98% of all CPU usage for my account during the "attack". That's not OK (I have lots of CPU/bandwidth left, but it's silly to leave a login form exposed to some kind of sustained script-kiddie "...

November 15, 2011 · 2 min

Tips for using Wordpress as a website manager

I'm working on a project that involves building a website to organize and present a bunch of content. We could do it in raw HTML, but it makes more sense to use a content management system. We could do it in Drupal, but my ability to make Drupal look good is somewhat lacking. So, I'm using a site on UCalgaryBlogs to take advantage of Wordpress' content management features. Here's the basic how-to:...

October 28, 2010 · 2 min