WordPress: Get path to uploads folders

Working with other people’s code can be quite frustrating at times, because coders, even the best, sometimes make unwarranted assumptions.

Among these assumptions are the locations of certain folders. Often people will hard-code a path wp-content. While this is a convention, this is not a universal. This value can be changed, and many do simply as a small added defense against bots.

Along these lines is also hard-coding a path to the uploads folder.

WordPress allows us to access the path programatically using wp_upload_dir() as such

$path = wp_upload_dir();
echo $path['url'];

Sometimes, though, one doesn’t necessarily want that extra line. I prefer to keep a minimum of code in my templates, when possible. Here’s my small little work-around. Just copy and paste the following code into you functions.php file, or where ever you please.

Call it as such get_uploads_dir('baseurl');

See in-line comments for a reminder of which path you would like it to return.

function get_uploads_dir( $arg ) {
	 * A small utility to make these paths available in a one-liner
	 * [path]   => /home/example.com/wordpress/wpcontent/uploads/2008/11
	 * [url]    => http://www.example.com/wordpress/wp-content/uploads/2008/11
	 * [subdir] => /2008/11
	 * [basedir]=> /home/example.com/wordpress/wp-content/uploads
	 * [baseurl]=> http://www.example.com/wordpress/wp-content/uploads
	 * [error]  =>
	 * */
	$image_path = wp_upload_dir();
	switch ( $arg ) {
		case 'path':
			$str = $image_path['path'];
		case 'url':
			$str = $image_path['url'];
		case 'subdir':
			$str = $image_path['subdir'];
		case 'basedir':
			$str = $image_path['basedir'];;
		case 'baseurl':
			$str = $image_path['baseurl'];
			$str = '';

	return $str;

For more details on wp_upload_dir();


Twitter Widget Pro does not update Tweets: one fix

Twitter Widget Pro Stopped updating Tweets
Twitter Widget Pro stopped working.
Twitter Widget Pro fails to update Tweets

Just a quickie for those who are stymied by the fact that the WordPress plugin Twitter Widget Pro seems to work, then stop, or to fail to work at all.

It’s not Twitter Widget Pro’s fault. There might be a conflict with other plugins, something in your theme, or in your .htaccess file.

I’ve just re-discovered the cause of my own issue.

It is a conflict with another plugin. Specifically Better WordPress Security, and even more specifically, one of the rules that are inserted into the .htaccess file when one chooses to add the anti-hacking rules (Ban tab ▶ User and Bot Blocklist ▶ Add Host and Agent Blocklist ▶ [ ] Check this box to enable HackRepair.com’s blacklist feature.).

My fix was to remove the added .htaccess rules. I haven’t taken the time to figure out exactly which one it is, however. That would be a long and tedious testing process.

May I recommend to the developer, should they read these comments to include the above fact in their FAQ? I bet it would save a lot of headaches both in terms of support and for the general users.

Good luck, fine people, I hope this helps.

Updated BlogCFC2WordPress to be compatible with WP 3.5

From the original BlogCFC2Wordpress utility:

This utility will migrate your data from a BlogCFC db into an existing WordPress 2.0 db. It has been tested on CFMX7 and BlueDragon 6.2 running on Windows against a MySQL 4 db and BlogCFC v. 3.8. The schema for v.5 of BlogCFC has some new fields added but it doesn’t look significantly different so it will probably work with minor modification. All the logic is contained in cfc’s and there is no funky sql syntax or stored procs so it should work with other databases.

This is an update to the above utility that will migrate your BlogCFC database to WordPress 3.5+

Download the WordPress 3.5 compatible version here.

Download the WordPress 2.0 compatible version here.

Thank you to Sean Tierney from Grid7.com for writing it, and of course to Ray Camden for BlogCFC and to the WordPress team.

SASS, Gumby, Modular-Scale and $golden

SASS, Gumby and Modular-Scale

The days of hand-coding CSS are over. We’re now in the era of pre-processors, basically, programming environments to make building today’s very complex CSS easier and simpler. Coders being what they are, immediately started creating frameworks. My criteria was that it needed to be semantically grid-based and responsive with the least amount of fuss possible.

I decided to try the Gumby framework out. It’s pretty complete and has tonnes of quick UI stuff for making life easier.  I suspect that the digital surgeons did what I would do: collect the best and coolest of all the toys available, and roll them into one framework. Unfortunately, for all the goodies there are a number of gotchas. Hopefully this will be useful to you.

Squashin’ the $golden bug

I had to work though a chain of errors to finally find

Syntax error: Undefined variable: $golden

Before you bash your brains out, as I did for quite some time, try this quick fix: If you’re using the Gumby SASS framework, it wants to give you modular-scale. Great idea. I love it. Find the file var/_settings.scss jump to line 49 or so (search for $golden) and replace it with the basic golden ratio: 1.6180339887

Thus, replace:
$ratio: $golden !default;
$ratio: 1.6180339887 !default;

Alternately, simply define
$golden: 1.618;
// (Not really necessary to have 10 place precision :))

I am not intimately familiar with the inner-workings of SASS, Compass, Gumby or Modular-Scale.

Is this the “correct” fix? I think so, but that’d be the qualifier: I think so. There’s a part of me that tells me that we’re dealing with the sequencing of includes, but despite my shuffling them around like a pea-in-a-cup, I found no love.

I welcome anyone’s feedback on the matter, especially any of the developers of the above-mentioned products.

WordPress Security: Preventing hackers and spammers: Better WP Security, Sucuri and CloudFlare

WordPress security: It’s time to start ramping it up again

My ISP provided me with the following link by ArsTechnica

Huge attack on WordPress sites could spawn never-before-seen super botnet

Ongoing attack from >90,000 computers is creating a strain on Web hosts, too.

WordPress security is a particularly big deal at this moment in time. It’s a huge platform and well recognized enough to be considered worth it’s own attacks by spammers and crackers.

While I don’t know these people, they’ve written an excellent primer on securing your WordPress setup.

How to ward off spammers and crackers?

I had already been using Better WP Security. It’s an excellent plug in, free and donationware. Over a period of about 90 days, it has reported the following to me:

Your database contains 9416 bad login entries.
Your database contains 1530 404 errors.

Interestingly enough, other than the occasional typo on my part, the 9416 bad logins used “admin”. Having not only changed the default user name, but squarely removed it (No user ID 1 in the database) and using strong passwords, I felt relatively secure, and Better WP Security gave me a baseline of this particular activity on my site. The 404’s in this case were pointing to non-existent files (duh!) such as FrontPage files, or various config paths.

Recent spammers are aggressive enough to be considered de facto crackers.

I followed up with this article by Sucuri.net:

Protecting Against WordPress Brute-Force Attacks

By the way sucuri.net offers a very use malware scanning service. Very handy if you use WordPress security techniques.


While I’m relatively confident of the security of my site, I’m not one for shunning potential positive layers of services..

Cloudflare stands as a CDN between you and the web. Sign up, and simply change your DNS name servers, and it does the job. The free version offers enough to make it worthwhile to give it a serious try. Cloudflare offers a free and feature-full group of services for the little guy, as well as an extended range of services (such as SSL support) for paid accounts.

Now, with a baseline provided by Better WP Security, we’ll see how CloudFlare fares over the next 90 days. I’ll keep you posted.


Too much chili or pepper? How to rescue your meal

Put too much chili, put too much pepper? How to rescue your meal!

The short answer: Anything with lactic acid or brown sugar. That means milk, cream, canned milk or cream, even ice-cream! Try coconut milk or coconut cream, that’ll give you a real Thai flavour. Brown sugar or molasses will also take the bite out of “hot spices”. I don’t think that soya “milk” (ugh! Vegetable juice pretending to be “milk”) will work. Lime or lemon juice should also do the trick. Ever notice how Thai food has coconut milk, lime and burning spices? There’s a reason for it.

I haven’t tried it, but there’s the very off-chance that honey might work, but try it very very carefully. Take a half-ladle out of your pot and try mixing it with your honey in a separate container first.

Let me know if this works for you.

What is real Steampunk?

So, you think you’re Steapunk, huh? I’m here to tell you that unless you’ve watched “BBC Why the Industrial Revolution Happened Here” you don’t know it. Painted gears and a pair of goggles? Not yet, brother/sister/ Steam Punk is more than just a look, it’s a look based on the science fiction as would be perceived in the day. Just as we take electricity and micro-computers for granted–because we know them, real Steampunk is actually based on the limitations of the knowledge of the day. Not only did they not drink Tang or eat Kraft Dinner Macaroni and Cheese, but they could not conceive of it yet. Steam Punk is science fiction limited by the imagination of the Victorian/Edwardian time.

Steampunk? No!

Steampunk: is this a computer? align=

To successfully do Steam Punk, you have to mentally travel back in time and absorb what the times were like, and using that as a frame of reference, let your imagination go wild. Electricity–what is this mysterious force that makes things happen? 2000 Leagues Under The Sea–wooooooww. The Victorians spoke of electricity the way that today’s New Ager’s use the word “Quantum”. Zero understanding but it sounds way-cool. But a few understood it.

A steampunk machine? Yes!!!!

This is a a proper steampunk machine using today’s tech.

The abuse of the Gears symbol, Brass and Dark Wood. No. Just stop it. A gear sticker on your so-called gun does not make it Steampunk. Nor does the brass. You gun needs a plausible excuse to work. See Van Helsing: A gas powered cross-bow as a “machine gun”. THAT works. Your curtain-rod-on-wood with no plausible gun doesn’t. That you put welder’s googles on a top hat doesn’t make your look steampunk unless you’re posing as Aristocracy that welds. How likely is that? Not very. Possible, but find a visual explanation of how it can be. What makes Steampunk cool is not so much the fashion, as the imagination that the fashion points to.

Steampunk: science-fiction before we could imagine what we take for granted today.

I lost my post on a forum! How to recover a lost post

Can I recover a just lost post when using FireFox? Yes you can, but it’s a Hail Mary pass.

Have you ever written a long post on a web-forum, and as you submitted it the site reminded you that you’ve forgotten to add a subject, and when hitting the browser’s back button your post was gone?

I hate it when that happens.

Here is a long-shot that will probably be of use mainly to web-developers. I use a FireFox Add-on called Tamper Data

As I hit the page-forward button, FireFox asked me if I wanted to resend the data. Yay! That means it’s in the RAM-cache. Turned on Tamper Data, hit page forward and there was my post content!

All I had to do was to copy the contents to a text editor, clear it up again, and voila! I had saved my post.

Note: this will only work if you have had Tamper Data already installed. If you have to quit FireFox to install it, the post will be cleared from the RAM when you quit.

Sometimes a Hail-Mary pass works :)

Patricia Piccinini: The Long Awaited (2008)

Patricia Piccinini: A hyper-realistic artist that more than skillfully blurs the lines between reality and fantasy. One can almost envision the world that we might live in if her vision were true.

Patricia Piccinini: The Long Awaited (2008)

The Long Awaited, 2008

Empathy is at the heart of my practice. I don’t think that you really can – or indeed should – try to understand the ethics of something without emotions. It can easily be argued that such a focus on empathy might distract from a true rational understanding of the issues, but in fact that is exactly what I am aiming to do. Emotions are messy and they do get in the way of rational discourse – as they should. The empathetic nature of my work deliberately complicates the ideas. It is one thing to argue for/against cloning when it is just an intellectual issue. However, things change if you have a mother or son who might need it. I like to think that my work understands that the point at which ‘good’ becomes ‘bad’ does not stand still, which is why it is so difficult to find. Ethics are not set like morals, they have to be constantly negotiated. Bioethics are especially flexible, which makes them especially difficult. However, sometimes our feelings find a way through these difficulties, and we are able to create connections and bonds that defy the expectations of others.

Her website can be found at http://www.patriciapiccinini.net

Life is short. Get things done.