WordPress Planet

May 04, 2015

WPTavern: WordCamp Miami 2015 to Experiment with New Tracks, Tickets Selling Out Fast


WordCamp Miami, one of the largest and longest running WordPress events in the US, is gearing up to celebrate its 6th year on May 29-31. Last year the event brought together 770 attendees and tickets for 2015 are selling fast.

“We have sold over 600 tickets, and we see a sell-out on the horizon,” organizer David Bisset told the Tavern. “Our workshops are already almost sold out, and soon the weekend tickets will be as well.”

WordCamp Miami has adopted a strong educational focus for the event with an expanded array of workshops. On Friday, May 29, the organizers will host a BuddyCamp and a separate Front-End/Theme workshop. As last year’s kids workshop was a success, organizers are exploring the option of adding a more advanced kids workshop that gets into coding.

New “How To” Tracks and Mini-Workshops for Developers

Bisset and his team received feedback from last year’s event indicating that attendees are interested in having more advanced developer talks. This year organizers are replacing the user track on Saturday with experimental “How To” tracks.

“To my knowledge, this is the first time a WordCamp has tried something like this,” Bisset said. “This track will focus on getting things done – almost like a mini-workshop focused on one or two concepts with step by step instructions – steps you can go home that night and do hopefully on your own.” Attendees of these tracks will be able to print out “cheat sheets” of each session and bring them to the conference or refer to them when they get back home.

The organizers are hand-selecting the speakers and requesting that they format their slides to be a lasting resource for users. Speakers will also move to the Happiness Bar to answer any questions in a non-rushed environment after their sessions are finished.

For the first time, WordCamp Miami will add an additional developer track on Sunday, which will consist of mini-workshops. In this format, two speakers will be give presentations on a single subject (back-to-back), so attendees will get multiple perspectives on the same subject.

“For example, Andrea Rennick and Jesse Petersen will start off that Sunday with a ‘Genesis Framework’ mini-workshop,” Bisset said. “Andrea will introduce the basics and concepts while Jesse afterwards will dive into more advanced topics on Genesis. There are also mini-workshops on building WordPress plugins, the WP-API, and more.”

Organizers are also reaching out to other open source communities to help forge connections across different projects.

“For the first time, we have a Joomla developer coming to speak on Sunday and talk about Joomla, WordPress, and open source,” Bisset said. “We have been opening our doors to local Joomla and Drupal developers so we are excited about this presentation and hope it’s the start of something bigger for the future.”

WordCamp Miami is known for its excellent opportunities for networking and will maintain that aspect of the event in 2015.

“Besides knowledge, networking has always been a key reason why people (local or not from the area) attend WordCamps,” Bisset said. Organizers are tailoring the after-party to be more of a “networking party” where attendees can continue their conversations from the event. Networking parties will take place on Thursday evening, Saturday night, Sunday for social breakfast, and a brief ice cream social Sunday afternoon.

The new venue, Florida International University, is large enough to accommodate the 800+ attendees expected this year. All of the educational and networking opportunities during the 3.5 day event give attendees an incredible value for their tickets, especially for those who are traveling from a distance.

WordCamp Miami is an event that traditionally sells out every year and Bisset expects the same for 2015. The workshops will be limited to 100-150 people and tickets are going fast. Check out the event website for more details on the schedule and available tickets.

by Sarah Gooding at May 04, 2015 09:27 PM under wordcamp miami

Matt: Macbook & USB-C Review

macbookI’ll start by saying I’m writing this on a 12″ Macbook in space grey. The screen, weight, size, and weird keyboard have captured my heart and I’m enjoying using the machine. It has replaced a 15″ Retina Pro as my primary laptop for about 2 weeks now, with most of that being on the road.

For better and worse, it’s a lot like an iPad — the size and weight feel very natural in your life, and the screen is really gorgeous. It’s also not worth plugging anything into it besides its charging cable. It feels great to open and pick up right where you left off. The speed feels more than adequate for everything I’ve thrown at it so far, though I haven’t tried video editing or photo management outside of the new Apple Photos app. If there was a perfect iPad and keybard combo, it would feel and look like the new Retina Macbook.

The second thing I’ll say is I wouldn’t recommend this laptop for everybody yet. There are some trade-offs, for example I can get 5-6 hours from the battery but it’s a little shorter than I expected. It’s refreshing to have a computer that’s totally silent with no fan, and I’ve only had a heat warning once when it was sitting in hot direct sunlight for about 20 minutes. I moved into the shade because I was also wilting a bit from the direct LA sun.

The main reason I’m not sure if I’d recommend this Macbook right is hopefully ephemeral: USB-C. One of the very coolest things about the new Macbook is it charges (quickly) with a new standard called USB 3.1 with a Type-C connector, which is open for anyone to use, is reversible, and I think is going to be the future as I’ve written about on this blog before.


Today, however, USB-C is bleeding edge. I actually have one other device that uses it, Google’s new Chrome Pixel laptop, but when you search on Amazon for “USB-C” there are almost no results except sketchy or not-in-stock generic things, and Apple doesn’t have any USB-C stuff in stock, even in their stores. (Perhaps related to the general stock issues I ended up writing about last time I tried to pen this Macbook review.) I was able to get a cable that had male old USB and male USB-C on Amazon, that was pretty much it. The promise of USB-C is incredible: standard cables for charging everything super-quickly, a battery pack that could charge your phone or laptop, smaller power bricks, a next-gen Thunderbolt display with one cable for all data, display, and charging. You can see and imagine a really perfect ecosystem around USB-C, but it doesn’t exist today. Some cool stuff has been announced but isn’t coming until the summer, even thumb drives.

The problem in one sentence: it is impossible to buy a cable, from Apple or otherwise, that let’s you plug an iPhone 6+ into the Macbook. They’ve announced but not shipped (to me at least) an adapter for old USB stuff (Type-A), but the last thing I need in my life is another dongle.

I thought I would miss this but in practice it has been a surmountable problem. Instead of using my laptop as a battery, I’ve been using a battery to recharge miscellaneous electronics on-the-go, and everything else including transferring photos from phone to computer is now happening wirelessly.

apple-line-upI think the most perfect tech combo in the world right now might be a 5k iMac at home, an iPhone 6+ as your phone, and the Macbook as an on-the-go device. (The iPad isn’t in my must-have list anymore.) The strengths of each of these products complement each other, and as Apple gets better about the cloud with things like photos, tethering, keychain sync, and continuity it’s really becoming a pleasure to use these products together. I also have an Apple Watch in the mix, but still forming my thoughts on that one.

The thing I might be most excited about is when some of the new tech in the retina Macbook around the keyboard, screen, trackpad, and battery is applied to their “Pro” series, which will probably be a bit more in my wheelhouse.

by Matt at May 04, 2015 09:25 PM under Review

WPTavern: WordPress Theme Developer Handbook Updated with Comprehensive Guide to the Customizer API

photo credit: Artist's Room - (license)photo credit: Artist’s Room(license)

The Theme Review Team’s controversial decision to require the use of the Customizer API for building theme options unearthed a wave of criticism and concern about the capabilities of the customizer.

In response to more than 150 comments debating on the topic, Nick Halsey, who has worked extensively on the feature in WordPress core, stopped by to offer a few words in support of the Theme Review Team’s decision:

Many of the comments here are misinformed or unaware of both the full power of and the future importance of the Customizer. I’ve given an overview of my perspective on my blog, and while those views don’t directly represent the views of the WordPress project, I can say that most people working on the Customizer in core would agree with my points. Like it or not, the Customizer is here to stay, and ignoring that fact will eventually cause users to turn against you.

Halsey’s post calls for theme developers to re-examine their philosophies when it comes to building complex UI options and stop re-inventing the wheel. He believes the customizer has more creative potential than developers give it credit for.

Complaints about the amount of screen real estate available and the 300px default width show a lack of creativity and resistance for the sake of resistance to change. Start by removing all of the ads, external links, unnecessary branding, unnecessary options, and general clutter. Make your options self-explanatory – if you need a paragraph to describe what it does, it probably shouldn’t be a user-facing option. Do you still have so much UI that the experience is completely unusable? Try an outside-the-box solution, like utilizing the core media modal (header images and core media controls use it), a custom modal (theme details modal in core), or a slide-out panel (widgets in core and eventually menus in core as well).

Prior to the Theme Review Team’s decision, documentation on theme development with the Customizer API was sparse and claims about its wide range of capabilities were difficult to support.

Resistance from theme developers has WordPress.org contributors scrambling to produce better documentation for using the customizer in themes. Over the weekend, Halsey created a canonical developer tutorial on the Customizer API in the official theme developer handbook.


This official comprehensive guide includes the following sections and provides detailed examples for each:

Theme Review Team admin Justin Tadlock posted more details clarifying the new WordPress.org guideline and included a list of additional resources for learning more about the customizer.

Over the weekend, Samuel “Otto” Wood, who has written several customizer articles over the years, wrote a “What’s new with the Customizer” tutorial that explores some of its newer features in depth, including panels, active callbacks, and customizing the customizer.

With WordPress 4.3 blazing forward on customizer improvements, now is the time for theme developers to familiarize themselves with the available documentation and tutorials in order to be ready to take full advantage of WordPress’ core-supported method of providing live previews to users.

by Sarah Gooding at May 04, 2015 04:46 PM under customizer

May 03, 2015

Matt: James Whitcomb Riley Poem

Via Om, I wanted to share this poem Away by James Whitcomb Riley:

I cannot say, and I will not say
That he is dead. He is just away.
With a cheery smile, and a wave of the hand,
He has wandered into an unknown land
And left us dreaming how very fair
It needs must be, since he lingers there.
And you—oh you, who the wildest yearn
For an old-time step, and the glad return,
Think of him faring on, as dear
In the love of There as the love of Here.
Think of him still as the same. I say,
He is not dead—he is just away.

by Matt at May 03, 2015 04:34 PM under Asides

Donncha: Matt’s interview in the SBP


Nice to see an interview with Matt in the Sunday Business Post, but they got one thing wrong that Matt is not chilled out about!

Related Posts

by Donncha at May 03, 2015 11:48 AM under Sunday Business Post

May 02, 2015

Matt: RIP Dan, RIP Dave

We’ve lost two incredible souls this week: first Dan Fredinburg in Nepal and now Dave Goldberg has unexpectedly passed. I encourage you to Google articles about their lives, like this one about Dave Goldberg or this on Dan, because both were unique and incredible individuals. In an example of how software can have unintended effect on emotions, I just realized I had a pending friend request on Facebook from Dan, probably years old. :( Going through a lot of emotions, but a good reminder that life can be fleeting and to make time for friends and those who you love, something both of these men were great at. May they both rest in peace.

by Matt at May 02, 2015 07:46 PM under Asides

May 01, 2015

WPTavern: Belgrade’s First WordCamp Sells Out, Plans to Double Attendees Next Year

photo credit: WordCamp Belgradephoto credit: WordCamp Belgrade

Organizers of the very first WordCamp Belgrade are happy to report that the event was a smashing success. Serbia’s rapidly growing WordPress community started just two years ago with local meetups that became larger than some smaller WordCamps.

“Our road from the first meetup back in April 2013 to the first WordCamp was brilliant,” organizer Milan Ivanović said. “Every WPSerbia meetup had no less than 100 people attending, with at least three speakers each.” Serbia was ready to host its first WordCamp.

“We were completely sold out about 10 days before the actual event, and it was such a shame that we had to turn down around 50 people who were asking for extra tickets,” Ivanović said. “We were limited by the venue and we couldn’t take more than 180.”

Attendees represented 13 different countries with the highest numbers from Serbia (73%), Macedonia, Bosnia and Herzegovina, and Croatia. Those who came from other countries were treated to Serbia’s famous hospitality with tours and local cuisine.

“We dedicated some extra time for people who visited Belgrade for the first time to experience Belgrade and all of its beauties,” Ivanović said.

“That is why we organized an unofficial after-after party that included a stroll through Belgrade’s main pedestrian street Knez Mihailova, a visit to Belgrade Fortress Kalemegdan, and dinner with true Serbian food and music in the most famous boem street Skadarlija.”

photo credit: WordCamp Belgradephoto credit: WordCamp Belgrade

“The food was so good that I was afraid that this WordCamp wouldn’t be remembered by its talks and speakers but by the catering that all of us enjoyed,” he said.

WordCamp Belgrade 2015 in numbers:

  • 800+ bottles of refreshment served (on the first day)
  • 500+ coffees served (on the first day)
  • 345 Tweets with #wcbg
  • 250 Meals served
  • 180 Tickets sold
  • 61 Trello cards
  • 22 Sponsors
  • 16 Speaker Applications
  • 13 Talks / Workshops
  • 10 Speakers
  • 9 Volunteers
  • 8 Days after, all session videos published
  • 1 Awesome Mascot

Attendees received “Wapuujlo” magnets and stickers to commemorate the event.


Videos from the WordCamp are already available on WordPress Serbia’s YouTube account and will soon be uploaded to WordPress.tv as well.

“As soon as WordCamp Belgrade finished, the first thing I did was start plans for #wcbg2016,” Ivanović said.

wcbelgrade-organizers“The biggest outcome from this event was people asking how they can help organize the next WordCamp Belgrade, offering lots of different kinds of help – from finding new sponsors to offering their organization skills.”

Ivanović and the organizing team plan to at least double the size of the event next year. They are aiming for 400 attendees and two tracks of speakers.

“If we manage to organize an event that size, I think that would be an awesome test and a great intro for application to organize WordCamp Europe 2017,” he said.

Check out more photos from the event on the WordCamp Belgrade website.

by Sarah Gooding at May 01, 2015 09:04 PM under wordcamp belgrade

Matt: More on GMOs

After writing two books on the science of climate change, I decided I could no longer continue taking a pro-science position on global warming and an anti-science position on G.M.O.s.

Mark Lynas writes How I Got Converted to G.M.O. Food, particularly how GMOs impact the places where crops are needed the most. If you’re looking for a catch-up check out this link collection on ma.tt last year.

by Matt at May 01, 2015 06:43 PM under Asides

WPTavern: WordPress.com Suspends Theme Submissions from New Sellers

In March 2014, WordPress.com opened its marketplace to new theme authors. Prior to that time, new sellers were added via invitation only. A year ago there were only 300 themes available to WordPress.com users, but after having the marketplace open to new authors that count is up to 345.

Recently the submission form disappeared from the site with a message that WordPress.com would be keeping it temporarily closed in order to add new features that make the process easier.


Array founder Mike McAlister recently published an article that detailed his experience selling on the WordPress.com marketplace. One of the main drawbacks was the lack of efficiency in handling the queue for new theme submissions.

The review process on WordPress.com is long. I’m not talking about weeks long, I’m talking about months long. Each Array theme review has taken at least a month, usually longer. Our latest theme for WP.com, Camera, took four months from the day I submitted it to the day it was released.

In addition to painfully long queues, theme authors have also been disappointed with WordPress.com’s recent lack of promotion for commercial themes. These factors contributed to McAlister’s decision to focus on promoting his products through more efficient distribution channels and return to Themeforest.

In April, WordPress.com theme author Sami Keijonen posted about his recent difficulties with the marketplace after noticing that WordPress.com removed the submission form for new authors. He summarized some of the sources of confusion for commercial theme authors:

  • WordPress.com basically stopped marketing commercial themes. (However, they do tweet about new themes.)
  • We have a private blog for themers but other than that, there isn’t any conversation between developers or WordPress.com staff. They did send a enquiry a while ago so that might help.
  • The review process takes months for commercial themes.
  • They seem to want really simple themes with simple design decisions. That’s fine by me but isn’t that kind of “forcing” the end user to like certain types of themes if they don’t have any options?
  • I would have wanted more accessibility-ready themes in WordPress.com like mine, but it seems that isn’t priority.

I contacted Automattic to find out why the submission form has been removed and when authors can expect for it to be re-opened. The company’s official statement indicates that opening up the marketplace was a temporary experiment and that there is no ETA for relaunching it.

It’s important to note that current WordPress.com sellers can submit new themes for possible launch. We’re not closed for new theme submission. We experimented with a public form for themes from new shops last year, and we had a ton of great submissions from theme shops around the world. We took it down last fall while we worked on getting ahead of all the new theme reviews that it created. We’ll put it up again but we don’t have an exact date in mind. We do still reach out to new shops with great themes. We’re always excited to find awesome theme shops.

The company’s statement regarding the change in marketing clarifies that it is looking for new strategies to promote commercial themes.

We may not do blog posts any more, but we haven’t stopped marketing premium themes. They’re featured prominently on wordpress.com/themes and as part of our Business Plan. Plus, we’re exploring more ways to put premium themes in front of users.

In the future, premium theme shops can expect better feedback around the themes they submit, quicker launches, and more communication in general from the WordPress.com Theme Team. We’re excited about what we can continue to do for the world of themes with our sellers’ help.

Automattic has no set time frame for launching these improvements, but it should be reassuring for commercial theme authors to know that the company is tackling the inefficiency that was bogging down the system. For the time being, new commercial theme authors looking to submit products to the marketplace are out of luck, but Automattic may decide to open it up again to continue the experiment in the future.

by Sarah Gooding at May 01, 2015 06:11 PM under wordpress.com

Akismet: April 2015 Stats Roundup

April turned out to be a slow month in Akismetland. The highest number of spam comments we saw come in this month on a given day was about 177 million. The total amount of spam we saw come through this month is 23% less than last month, and 33% less than April of last year.

Here’s a chart showing the number of spam and ham comments we saw come through each day this month:

graph of akismet spam and ham daily stats April 2015

This image, .Time Machine. by Sachin Sandhu, is licensed under CC BY 2.0

This image, .Time Machine. by Sachin Sandhu, is licensed under CC BY 2.0

The total number of spam comments this month is 4,167,247,500 – just over four billion, which is still a big number even though it’s a slow month 😀. To help visualize this number, let’s say it takes a second to count each spam message. In that case, it would take 132 years and two months to finish counting.

As for ham – we saw a total of 145,308,000 real messages come through. If we were counting each one of those, it would take only 4 and a half years to finish. As usual, there’s much more spam going around than real messages – only 3.4% of all messages sent this month were not spam.

We missed only about 1 in every 10,443 spams this month. If you are seeing spam in your comments, please mark it as spam – this will help Akismet learn from your input. Similarly, please mark any real comments that end up in the spam folder as ‘not spam’. If you’re seeing very many mislabelled comments, please contact us about it and we’ll be happy to help dig into the issue.

This post is part of a monthly series summarizing some stats and figures from the Akismet universe. Feel free to browse all of the posts in the series.

by Valerie at May 01, 2015 03:52 PM under General

Matt: Changing America’s Mind

Bloomberg has a cool look at societal changes, called This Is How Fast America Changes Its Mind.

by Matt at May 01, 2015 05:56 AM under Asides

WPTavern: How to Restore the Link Title Attribute Removed in WordPress 4.2

WordPress 4.2 is a week old and has been downloaded more than six million times. One of the first things I noticed after updating is the change to the Insert/edit link modal box. Instead of having to apply a title to the URL, the title is replaced with Link Text. The text that is highlighted before adding a link is automatically inserted into the Link Text box.

LinkmodalChangeWordPress 4.2 Add Link Modal on the Left WordPress 4.1 on the Right

While I found this behavior to be annoying at first, it has quickly become one of my favorite changes. Adding links is quicker and more efficient. Several other people however, don’t like the change. WordPress user Enticknap created a ticket on Trac reporting the issue as a bug when in fact, the change was deliberate.

Drew Jaynes, who led the WordPress 4.2 development cycle, explained why the change was made.

The ‘Title’ field was intentionally removed from the wpLink modal in #28206 largely because it was often confused with the actual link text itself.

In recent years, we’ve begun to actively discourage the use of title attributes in links as they are largely useless outside of providing the “hover tooltip” many visual users enjoy, and more importantly, they don’t promote good accessibility.

If you’d like to continue using title attributes in links, you can add them manually using the Text mode in the editor.

Several people took part in the conversation, explaining why the Title box is an important part of their work flow. Andrew Nacin, who helped design the original Link dialog, said, “I wish this is how it worked from the start.” Nacin described the Title attribute as an edge case and that its bad for accessibility.

The discussion was heated at times, but the conclusion is that the Title attribute will not be added back to the dialog box. Instead, users are encouraged to use the Restore Link Title Field plugin developed by Samuel ‘Otto’ Wood and Sergey Biryukov.

Link Title Attribute RestoredLink Title Attribute Restored

With the plugin activated, the Insert/edit link dialog is restored to how it was in WordPress 4.1. According to the WordPress plugin directory, the plugin is activated on 100+ sites. I asked Wood if there are plans to add additional features.

“I don’t think adding new features is in the cards as there’s not much to add,” he said. “We might change it up as we fix some of the problems in core causing it to be difficult to do properly.”

WordPress is Continuously Evolving Software

I sympathize with those who are upset that the Link Title attribute was removed from WordPress 4.2. If a feature you depend on in WordPress is drastically changed or removed, the first instinct is to be upset. It forces you to change your workflow and the change is often unexpected.

I’ve traveled this path, but I’ve realized WordPress is continuously evolving software that tries to cater to the majority. Features removed from WordPress generally never go away as they’re replaced with plugins. A good example is when the ability to add borders and padding to images was removed in WordPress 3.9.

Advanced Image Editing StylesAdvanced Image Styles

This change lead to a lengthy discussion both on WordPress.org and WordPress.com support forums. Gregory Cornelius created the Advanced Image Styles plugin which re-adds the ability to adjust an image’s margins and borders as you could prior to WordPress 3.9. According to the plugin directory, it’s active on more than 20,000 sites.

I’m not saying you shouldn’t speak up when something you use in WordPress is removed. Rather, it’s a reminder that there is a way for everyone to get the features they want as WordPress core undergoes changes.

Note Before installing the plugin to restore the Link Title attribute, please read this post shared by Peter Wilson in the comments.

by Jeff Chandler at May 01, 2015 04:49 AM under wordpress 4.2

WPTavern: Toivo: A Bold Minimalist WordPress Theme for Blogs and Businesses


Toivo Lite is a new theme on WordPress.org that features a bold minimalist design that really shines on mobile. Sami Keijonen created the theme to be suitable for both business and blog sites.

Toivo is Finnish and it means “hope” in English. It’s one of a very small number of WordPress themes listed as accessibility-ready in the official directory. Toivo meets the necessary guidelines without compromising the overall design.


Toivo can be easily personalized via the customizer with the following built-in options:

  • Set header text color, background color, header image, and background image
  • Support for 3 navigation menus: primary, top, and social navigation
  • Select from 3 different layouts: 1 column, 2 Columns: Content / Sidebar, 2 Columns: Sidebar / Content
  • Edit the front page callout title, text, and URL

With Jetpack active, the theme has additional features for custom content support:

  • Upload a logo
  • Show your testimonials
  • Display portfolio items
  • Add infinite scroll to your blog

Toivo is Keijonen’s sixth theme accepted to WordPress.org. In the past he has often built on top of the Hybrid Core framework, but this theme uses only select parts, including the Hybrid Media Grabber (a script for grabbing media related to a post), a stripped down version of Schema.org markup support, and the Breadcrumb Trail.

“I can still use best parts of Hybrid Core and make decisions based on theme I’m building,” Keijonen said. “Toivo is slimmer with fewer translating strings, and has less code to handle.”

Keijonen said that branching out has helped him to understand every line of code and have more control over the theme.

“Don’t get me wrong, I have learned most of my WordPress theme knowledge from Justin Tadlock,” he said. “Theme Hybrid is still the only community I feel I belong. It is the place where you can learn, be yourself, ask help, have opinions, and get feedback. But in a way I have grown out of it; it’s like a moving-from-home experience.”

Toivo was rejected when submitted to WordPress.com, but Keijonen is known for his tenacity and continual experimentation with design and distribution approaches.

“I have plans to fork the theme, create church and charity themes out of it, and sell it on Themeforest if they allow it,” he said.

A year ago, Keijonen conducted an experiment wherein he made his commercial Mina Olen theme available for free on GitHub to see if it would affect its popularity and sales for support. The results were positive overall, and Keijonen now has more commercial products available on GitHub. To date, he has earned $5,304 from the WordPress.com version of Mina Olen and 2,142€ from sales of the self-hosted version.

Getting Toivo approved on WordPress.org was the next step in his theme development journey and Keijonen reports that the experience was “fast as a shark” this time. Toivo has been downloaded more than 1,100 times in less than a week. Check out the live demo to see the theme in action. You can download it for free from WordPress.org or get additional features and support with the commercial version.

by Sarah Gooding at May 01, 2015 03:31 AM under free wordpress themes

April 30, 2015

WPTavern: How Barış Ünver Lives and Works with Censorship in Turkey

Doc Pop of Torquemag.io has published a great article featuring WordPress developer, Barış Ünver. Ünver is 27 years old and a Tuts+ author living in Ankara, the capital of Turkey. In the article, Ünver describes what it’s like to live and work in Turkey. When asked whether WordPress being blocked in Turkey is a regular occurrence, he responded:

It’s not extremely common, but we experience downtime on large websites like Facebook, YouTube, and Twitter a couple times each year. WordPress.com is actually one of the first websites that was blocked back in 2007—you can read the story here.

There are other interesting tidbits within the article as well such as the number of people who know how to use VPN’s as if it’s common knowledge. Ünver also provides insight into the tools used to get around censorship. If the country you live in blocked access to WordPress.com or WordPress.org, what tools, services, and systems would you use to get around it?

by Jeff Chandler at April 30, 2015 07:07 PM under turkey

WPTavern: WPWeekly Episode 190 – Women in WordPress Roundtable

This week’s episode of WordPress Weekly features Rebbeca Gill, Jennifer Bourn, and Carrie Dils to casually discuss women in WordPress, women in tech, and a variety of other topics.

The guests share their personal experiences of being involved in the WordPress community. We discuss how important it is to act responsibly, especially during WordCamp after parties which are business related events. Near the end of the discussion, the guests share tips and advice on how women can get more involved and meet influential members of the WordPress community.

Stories Discussed:

WordPress 4.2 “Powell” is Now Available for Download
WordPress 4.2.1 Released to Patch Comment Exploit Vulnerability
ManageWP Launches WordPress Events Hub

WPWeekly Meta:

Next Episode: Wednesday, May 6th 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #190:

by Jeff Chandler at April 30, 2015 06:41 PM under wordcamps

WPTavern: WordPress 4.3 to Focus on Mobile Experience, Admin UI, Better Passwords, and Customizer Improvements


WordPress 4.3 development kicked off this week with release lead Konstantin Obenland at the helm. The main focus of this release will be to improve the experience of using WordPress on touch and small-screen devices. Contributors will also be renewing efforts to improve the Admin UI and the Network Admin UI, particularly as it relates to the experience on narrow screens and responsive list tables.

Customizer Design and Architectural Improvements

The customizer will also be getting some attention. Weston Ruter published a summary of the three areas he proposes tackling:

  • Customizer Partial Refresh: This feature plugin aims to refresh parts of a Customizer preview instead of reloading the entire page when a setting changed without transport=postMessage.
  • Customizer Transactions: This proposal is dependent on the Partial Refresh and involves re-architecting the customizer to make way for the possibility of feature plugins like scheduled settings, setting revisions, and drafted/pending settings.
  • Customizer Concurrency/Locking: This proposal would add concurrency/locking support to prevent multiple users from overwriting each other’s changes while working in the customizer.

Nick Halsey also has a few ideas he is proposing for iterating on customizer development that was completed in 4.2.

“I would like to aim for adding theme install in 4.3, which would require a shiny install process, and shiny updates could work into that well too,” he said. Halsey is aiming to have a functional and tested proposal ready before the scheduled time to decide on which features to merge in to 4.3.

He’s also hoping to renew work on Customizer UI design changes, which would separate navigation from the options UI by removing accordion behavior for a better experience. It will be interesting to see how these changes, if selected to merge into 4.3, affect theme developer’s adoption of the customizer.

Better Passwords Coming to WordPress 4.3

Mark Jaquith will be spearheading an effort to improve password creation in WordPress 4.3 and discussion will take place in the #core-passwords channel on Slack. The first leg of his proposal would make “user chooses own password” non-default so that a user can choose his own password or opt to allow WordPress to generate one.

Jaquith is also proposing that the password strength meter, added in WordPress 3.7, offer feedback on why a user’s selected password might be measured as weak.

“Simple feedback like ‘too short — add more characters!’, ‘Try adding some numbers and symbols!’,” he suggested. “Not only that, we could actually make the addition for them, show them their password attempt with some additions that would make it better.”

Also, Jaquith proposes adding an option to make the password entry visible, eliminating the need for entering it twice. The fourth and final leg of his password improvement proposal is a major and long-overdue step toward improving the security of WordPress.

“Let’s not send passwords via e-mail anymore; it’s insecure,” he said “We’re not getting around ‘full access to e-mail means you can reset,’ but we can stop passwords from sitting around in e-mail accounts forever.”

Contributors are aiming to release WordPress 4.3 on Tuesday, August 18th. Follow the project schedule for approximate dates for feature merge, betas, and release candidate(s).

by Sarah Gooding at April 30, 2015 05:19 PM under wordpress 4.3

Matt: Brunello Cucinelli, King of Cashmere

I want to take a step backward. Who remembers the last email they sent yesterday? No one. Or the last text message. Emperor Hadrian used to say, The daily business, the daily life, the daily chores, kills the human being. I’m not interested in daily chores. We have now swapped information for knowledge, which is not the same thing. I do not want to know. I’m not online. I don’t even have a computer.

Om has an incredible interview with Brunello Cucinelli on Pi.co, which I’d recommend for everyone but especially people interested in design or entrepreneurship.

by Matt at April 30, 2015 06:55 AM under Asides

April 29, 2015

WPTavern: Data Shows 24% of Themes Hosted on WordPress.org Support the Customizer

Aaron Jorbin, who contributes to WordPress core on a regular basis, has published a script called WordPress Theme Directory Slurper. The PHP based script downloads and updates a copy of the latest stable version of every theme in the WordPress.org theme directory. Devin Price put the script to good use and has published a series of data points related to the theme directory.

It took Price 112 minutes to run the script and download nearly 4GB of theme code. In his report, Price answers the following questions:

  • How many themes are based on Underscores?
  • How many themes are on WordPress.org?
  • How many themes have lite in their name?
  • How many themes use the latest WordPress functions?
  • How many themes add an options page?
  • How many themes use a bundled options framework?
  • How many themes use TGM Activation?

How Many Themes Support the Customizer?

Last week, we reported on a significant change to the WordPress theme directory guidelines. Beginning on April 22nd, themes submitted to the WordPress.org theme directory will have to use the customizer to build theme options. Themes already hosted in the directory have six months to comply before the Theme Review Team will enforce the new requirement.

By searching the directory for themes that use $wp_customize->add_control, Price was able to determine that 761 themes or 23.8% currently support the customizer. The low number coincides with Justin Tadlock’s assessment that adoption has been slow, especially when you consider that it was added three years ago to WordPress 3.4.

One thing to keep in mind is that after the six month cutoff date, themes not using the customizer will still be able to be downloaded from and hosted on the directory. However, the theme code can not be updated unless it follows the new guidelines.

It will be interesting to see what the data looks like three months from now as it would indicate how many and how fast, themes are adopting the customizer. Price is taking requests for what data you’d like to see, but if you want to do the research yourself, Jorbin’s Theme Directory Slurper is available for free on GitHub.

by Jeff Chandler at April 29, 2015 11:16 PM under WordPress Theme Directory

WPTavern: Postmatic Launches 100% Email-Based Commenting for WordPress


Postmatic publicly launched its email-based commenting service today and is now officially out of beta. The free plugin aims to increase comment engagement by allowing readers to subscribe to new posts/comments via email and leave comments by simply hitting reply.

Postmatic also launched a commercial service alongside version 1.0. For $9/month customers can add additional features, including guaranteed mail delivery for thousands of subscribers, fully responsive HTML email for posts and comments, support for oEmbed and shortcodes, and the ability to moderate comments from your inbox.

The Challenges of Sending Bulk Email

Since Postmatic is critically dependent on email delivery, founder Jason Lemieux and his team didn’t want to hassle with attempting to send it themselves.

“Sending bulk email is really difficult to do correctly so we’ve partnered with folks that have already solved it,” he said. “All posts, comments, and otherwise are sent through a combination of both Mailgun (by Rackspace) and Mandrill (by Mailchimp).

“This takes all of the uncertainty out of the equation and makes sending WordPress content to lists of tens of thousands of subscribers as easy as pie. Users don’t need to sign up for accounts with these services, change their dns or anything – we handle it all for them.”

Lemieux reports that Postmatic had 1,200 sites in its beta program, ~500 of which they considered highly active. The individual installations were the easy part of the beta. Supporting the subscribers, which are more numerous, was the greatest challenge the team encountered.

direct-reply“During beta we delivered posts and comments to roughly 46,000 unique subscribers and processed nearly 15,000 incoming comments,” he said. “These numbers are pretty small so we’ve built a system that scales and are ready to open the doors to everyone.”

Notifications sent from Postmatic are two-way transactions designed to invite further discussion in comments, so the team has to be able to adequately support the myriad of email clients that people are using.

“Email is complicated and as old as it is, it still seems like the wild west in a lot of ways,” Lemieux said. “We have to make sure that the post being delivered to an old-timer using Pine on his home-built Linux box communicates ideas just as well as the same post when seen in Gmail or on an Apple watch. Then we have to accept comment replies from all of these sources as well, which it turns out you can do. With a watch. Leave a comment. Go figure.”

The Future of Postmatic

Postmatic is a micro-startup that is mostly self-funded. Approximately 10 months before starting, the team knew that they wanted to be ready to quit their jobs when the time came.

“We were fortunate to be able to squirrel away much of the funding we needed while also building it in tandem with our usual client work,” Lemieux said. “When we entered beta last fall and saw the reaction people were having to commenting by email we chose to stop taking on new client work, bring in a small amount of private funding, and go at it full time.”

Postmatic’s tiny four-person team is what made this possible. Two members are full-time and the other two are currently part-time.

As part of their quest to seamlessly join email and commenting, the team deemed it important to launch with importers for Jetpack, Mailpoet, and Mailchimp. This makes the transition easier for site administrators who are already hooked into more traditional comment subscription services. Postmatic also has a few more high priority items on the roadmap.

“The first is to support sites with high publishing frequency by enabling digests,” Lemieux said. “We have some fantastic ideas about how to do this in the new world of email commenting that will be of huge benefit to publishers and readers both.

“As we move into the world of professional publishing we’ll also need a diversity of templates. Rolling in a template library or template builder is the plan there. Both of those things are next on our list.”

The team behind Postmatic is investing heavily in 100% email commenting because they believe that innovation in WordPress comments is long overdue.

“Every comment system needs email to some degree,” Lemieux said. “Livefyre, Disqus, Jetpack – all send an email notification (if subscribed) that a new comment has been posted. But you still have to jump over to a blog to reply and post a comment. It’s not always possible to do so, nor is it easy on mobile – which has become so important.

“Postmatic takes that out of the equation – notification leads to reply, leads to blog comment, in one seamless action. Why wouldn’t you want email commenting to work like that?”

Email commenting and post notifications are available in the free plugin, but these features are just the beginning of how Postmatic is aiming to revolutionize WordPress commenting.

“The debate about the usefulness of comments in WordPress rages on while email marketing and automation has become a very hot area,” Lemieux said. “But really the WordPress comments system is an email automation platform just waiting to happen.”

If you’re curious about what it’s like to participate in comments without ever leaving your inbox, Postmatic has a live demo available where you can try it out.

by Sarah Gooding at April 29, 2015 04:33 PM under postmatic

WPTavern: WP REST API Version 2.0 Beta 1 Released


Contributors on the WP REST API project have released version 2.0 beta 1, named after Simpsons character Ralph Wiggum. This release is not backwards compatible with version 1, but project lead Ryan McCue assured developers that it is a direct continuation and that the fundamentals of the API haven’t changed.

Documentation for version 2 is now in progress, starting with basic schema docs, and the site has a section that outlines the changes in 2.0 Beta 1 internals and externals. It also includes an example for migrating endpoints from version 1 code to version 2.

Compatibility with future beta releases is not guaranteed and this release comes with a note of caution for testers:

While we believe the API is now stable enough for public testing, we may continue to break the API in the future as we improve it further. Only use the API in development, and do not use version 2 in production environments.

Version 2.0 beta 1 had 23 contributors and many generous companies donated employee time to the project. This is a major milestone for the WP REST API on its journey to being proposed for inclusion in WordPress core. Check out the project’s core merge plan to follow the progress and view steps as they are completed.

by Sarah Gooding at April 29, 2015 05:42 AM under wp rest api

WPTavern: WordPress Plugins Created by JP Bot May Not be Maintained After June 2015

In late 2014, we went behind the scenes with Anas Sulaiman who goes by the WordPress.org username of JP Bot. Sulaiman is responsible for creating six WordPress plugins that are alternatives to popular Jetpack modules. We received a tip from a reader that the plugins will soon be retired. When browsing to any of the six plugins on WordPress.org, the following message is displayed:

Retiring on June 2015. JP plugins will not be maintained after the end of June 2015. Thanks for everyone who used these plugins. Special thanks for those who gave good ratings.

I asked Sulaiman why he’s retiring his plugins at the end of June. “As I said in the interview in 2014, I make sure my projects stay alive when I can no longer work on them. Now, I can hardly find the time to keep JP plugins up to date; hence, I posted that notice in the hope that someone from the community would step up and take the wheel,” he responded.

jp-bot-pluginsSulaiman confirmed that someone has taken over his plugins but has not worked on them for over a month. He remains hopeful that the person is still motivated. “Anyways, if no one would seriously pick up JP plugins, I’m considering updating them every six months, or perhaps quarterly or so. After all, there are 4000+ users who are counting on them,” he said.

I suggested that he add the adopt-me tag to his plugins to increase the chances an interested party will take them over. If you use any of the plugins developed by JP Bot, I highly encourage you to keep tabs on what happens after June 2015 as you might need to find an alternative.

by Jeff Chandler at April 29, 2015 03:31 AM under Plugins

April 28, 2015

WPTavern: ManageWP Launches WordPress Events Hub

There are a variety of WordPress events that take place around the world where users learn WordPress in person. Some are WordCamps, meetups, and others are WordPress specific but don’t use the WordCamp branding. Until now, there has not been an easy way to see all WordPress events on one page. ManageWP.org has launched a WordPress Events Hub which displays WordCamps, meetups, and non-WordCamps on the same page using a map overlay.

Events Across the USEvents Across the US

Vladimir Prelovac, Founder and CEO of ManageWP.com, explains why he created the site:

I was travelling the US last year and wanted to see what WordPress events I could attend along the route and there was no elegant solution to this problem. WordCamp Central lists only WordCamps without a map showing their location. There are also numerous meetups as well as non-WordCamp conferences like LoopConf, CaboPress, ThemeConf that are not listed anywhere. So I decided to build it.

Only registered users to ManageWP.org are able to create new events. On the event creation screen, there are fields to add an event’s address, name, type, date, URL, Twitter account, and Twitter hashtag. You can also add speakers as well. I found creating a WordPress meetup a little confusing since I had to set a start and end date.

Event Creation ScreenEvent Creation Screen

I think the event type should be the second field underneath the event’s name. I’d also like to see a set of fields or options added that are specific to the type of event being held. For example, if it’s a meetup, there’s no reason to have an end date. Instead, the end date should be replaced with an option to set a time.

There should also be a way to configure repeating events, similar to how Meetup.com does it. This way, I don’t have to remember to edit the event’s details every month. Events are not moderated, allowing submissions to appear immediately on the map.

As the number of WordPress events across the world increases, it’s nice to have a resource that unites them on one map. In future iterations, it would be cool if users could create an itinerary. The itinerary would be saved to the user’s account and would be sharable through a URL. This way, users could get together and plan a road trip together.

Prelovac is keeping a close eye on the comments of this post, so after you check out the events hub, please leave your feedback in the comments.

by Jeff Chandler at April 28, 2015 07:33 PM under wordcamps

WPTavern: Redux and Kirki Frameworks Join Forces to Provide Better Support for the WordPress Customizer


In light of the WordPress Theme Review team’s recent decision to enforce the use of the native customizer for themes in the official directory, the folks behind the Redux and Kirki frameworks are joining forces to better support developers for the new requirement.

Redux, which is built on the WordPress Settings API, is one of the most widely used options frameworks for themes and plugins, with WordPress.org reporting 90,000+ active installs. It supports a multitude of field types, custom error handling, and custom field and validation types, but is not currently compatible with the Customizer API.

That’s where Kirki is stepping in to offer a framework for advanced controls using the customizer. Kirki, created by Aristeides Stathopoulos, makes it easy to style the customizer to be a more natural extension of your theme and add panels and sections with more than 20 different field types.

Both open source frameworks and their developers will be working together to offer “the most powerful WordPress frameworks under one roof.” They are currently working on making the data output the same as well as creating a converter API for Redux developers. The eventual goal is that Redux will cover both custom settings panels as well as the customizer, while Kirki will be focused purely on the customizer.

Redux lead developer Dovy Paukstys was one of the most vocal opponents of the decision to make the customizer a requirement for WordPress.org theme options. His position is that it limits developers and cannot provide a complete replacement for the Settings API.

“The announcement of April 22, 2015 regarding the requirements for WP.org theme submission bothered me,” Paukstys said. “I had a decision to make; work to make Redux work fully in the customizer, or reduce our community.

“I then remembered the Kirki project and decided to ping Ari. We discussed the possibility of bringing Kirki into the Redux organization and progressing from there.” Kirki is joining Redux as part of the team, but it will be maintained as a separate framework.

“Kirki will always be light, with a smaller footprint,” Paukstys said. “There are no plans to turn Kirki into the Swiss army knife that Redux is. However, Kirki will be modified slightly.”

The Redux and Kirki teams plan to share concepts and development time in order to ensure that they can mirror the data output between the two frameworks.

“I am also in the process of creating the Kirki API, which will allow Redux devs to take their current config and use it with Kirki, rather than Redux,” Paukstys said. This will enable developers who have built themes using Redux to easily port their theme options over to Kirki for compatibility with the customizer.

Eventually, Redux will support both custom options panels using the Settings API and the customizer. In the meantime, Paukstys took the initiative to partner with Kirki to make sure Redux users won’t be hung out to dry with the new WordPress.org requirements.

“Kirki is a great solution for Customizer only themes,” Paukstys said. “There’s room enough on our team for both frameworks. Both serve a unique audience.”

As the WordPress Theme Review team seems firmly set on upholding its controversial decision regarding the customizer, Redux and other frameworks have no other choice but to fall in line.

“This community is too divided,” Paukstys said. “We prefer working together, rather than working apart. We believe greater things will come in the future moving forward together, as a team.”

by Sarah Gooding at April 28, 2015 05:51 PM under redux framework

Matt: Who is Steve Jobs?

I checked out the new book Becoming Steve Jobs by Brent Schlender and Rick Tetzeli because there had been some interesting excerpts published to the web, and apparently those closest to Steve didn’t like the Walter Isaacson book, with Jony Ive saying “My regard [for Isaacson’s book] couldn’t be any lower.”

Along with about a million other people I bought and read the authorized biography, and didn’t think it portrayed Jobs in a way that made me think any less of him, but there must have been some things in there that someone who knew him closely felt were so off that as a group they decided to coordinate and speak with a new author to set the record straight, as Eddy Cue said of the new Becoming book, “Well done and first to get it right.” I will never know who Steve Jobs really was, but it is interesting to triangulate and learn from different takes, especially Isaacson’s biography that Jobs himself endorsed but might not have read and this new one promoted by his closest friends, colleagues, and family.

As an independent third party who doesn’t know any of the characters involved personally, I must say that I felt like I got a much worse impression of Steve Jobs from Becoming than from the authorized biography. It was great to hear the direct voices and anecdotes of so many people close to him that haven’t spoken much publicly like his wife Laurene — he was a very private man and his friends respect that. But the parts where Schlender/Tetzeli try to balance things out by acknowledging some of the rougher parts of Steve’s public life, especially the recent ones around options backdating, anti-poaching agreements, book pricing, (all overblown in my opinion) or even when trying to show his negotiating acumen with suppliers, Disney, or music labels, they make Jobs look like an insensitive jerk, which seems to be the opposite of what everyone involved was intending.

The direct quotes in the book could not be kinder, and it’s clear from both books that Jobs was incredibly warm, caring, and thoughtful to those closest to him, but Becoming tries so hard to emphasize that it makes the contrast of some of his public and private actions seem especially callous. The personal anecdotes from the author are the best part: one of the most interesting parts of the book is actually when Jobs calls Schlender to invite him for a walk, as one of the people he reached out to and wanted to speak to before he passed, and Schlender — not knowing the context — actually chastises him for cutting off his journalistic access and other trivia, and then blows off the meeting, to his lifelong regret.

It’s tragic, and it’s very human, and that’s what makes for great stories. No one suggests that Steve Jobs was a saint, nor did he need to be. His legacy is already well-protected both in the incredible results while he was alive, and even more so in what the team he built has accomplished since his passing, both periods which actually amaze and inspire me. Becoming Steve Jobs tries harder and accomplishes less to honor the man. It is worth reading if, like me, you gobble up every book around the technology leaders of the past 40 years and want a different take on a familiar tune, but if you were only to read one book about Jobs, and get the most positive impression of the man and his genius, I’d recommend Isaacson’s Steve Jobs.

by Matt at April 28, 2015 04:44 PM under Review

April 27, 2015

WPTavern: Poll: How Often Do You Read a WordPress Plugin’s Changelog Before Updating?

As the debate on whether or not WordPress.org hosted themes should have changelogs continues, one line of thought is that regular users don’t read them. As a long time user of WordPress, I always read a plugin’s changelog before updating.

A good changelog tells me what bugs have been fixed, new features that have been added, and security issues that have been addressed. It also gives me a timeline of changes I can refer to for troubleshooting. Let us know how often you read a WordPress plugin’s changelog before updating by participating in the following poll.

Note: There is a poll embedded within this post, please visit the site to participate in this post's poll.

by Jeff Chandler at April 27, 2015 08:16 PM under updates

WPTavern: WordPress 4.2.1 Released to Patch Comment Exploit Vulnerability

photo credit: Will Montague - ccphoto credit: Will Montaguecc

This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released 4.2.1 within hours of being notified.

WordPress’ official statement on the security issue:

The WordPress team was made aware of a XSS issue a few hours ago that we will release an update for shortly. It is a core issue, but the number of sites vulnerable is much smaller than you may think because the vast majority of WordPress-powered sites run Akismet, which blocks this attack. When the fix is tested and ready in the coming hours WordPress users will receive an auto-update and should be safe and protected even if they don’t use Akismet.

That auto-update is now being rolled out to sites where updates have not been disabled. If you are unsure of whether or not your site can perform automatic background updates, Gary Pendergast linked to the Background Update Tester plugin in the security release. This is a core-supported plugin that will check your site for background update compatibility and explain any issues.

Since Akismet is active on more than a million websites, the number of affected users that were not protected is much smaller than it might have been otherwise.

WordPress 4.2.1 is a critical security release for a widely publicized vulnerability that you do not want to ignore. Users are advised to update immediately. The background update may already have hit your site. If not, you can update manually by navigating to Dashboard → Updates.

by Sarah Gooding at April 27, 2015 07:46 PM under security

Matt: Cell Phones & Cancer

The ability of radiation to cause cancer is dependent on whether or not the radiation is able to alter chemical bonds. This occurs when electrons involved in bonding in a molecule absorb radiation with enough energy to allow them to escape – this is called ionization. The thing is, whether or not radiation is ionizing is based solely on its energy, not on its number, and as we saw above, its energy is determined entirely from its frequency.

Cool article on WordPress.com about Why Cell Phones Can’t Cause Cancer, But Bananas Can, which I read while eating (and finishing) a banana. It covers dielectric heating too.

by Matt at April 27, 2015 04:29 PM under Asides

WPTavern: Do WordPress.org Themes Need a Changelog?

photo credit: time - (license)photo credit: time(license)

Over the weekend, Theme Review Team member Jose Castaneda posted a proposal to add change logs to themes hosted on WordPress.org. The discussion has been on the table for years, but renewed interest in change logs is surfacing for the upcoming 4.3 and 4.4 release cycles.

Adding changelogs to themes requires action on two related tickets: a meta ticket to add support for change logs on WordPress.org and a core ticket to expose the changelog file to users in the WordPress admin.

Castaneda’s proposal requests that the team select a standard format for theme authors to follow in either the readme.txt file or a new changelog.txt file. From there the team would follow the core development release cycle to complete whatever steps necessary to get changelog support added to WordPress.org themes.

Theme Review Team members are divided on whether or not change logs are beneficial to users, as they already have the ability to detect changes using a .diff file when authors submit updates. Others find change logs to be a more readable addition.

“Personally, I find change logs to be incredibly helpful, even when using a .diff,” Theme Review Team admin Chip Bennett said. “The changelog is the human-readable summary of changes, that can really help grok the diff changes.”

Justin Tadlock isn’t convinced that WordPress users would benefit from themes including change logs:

Honestly, I don’t see change logs as all that important from a user standpoint. While I don’t have any official stats, I’d wager that the vast majority of users don’t read change logs and, of those who do happen upon one, don’t understand most of what’s actually in the file.

Change logs are, by and large, a developer tool. It’s a nice-to-have feature. I don’t care one way or another. I never read them. I doubt we’ll get great change logs from the majority of theme authors. We can’t even manage to get some semantic versioning down or basic inline PHP docs. We’ll probably see a lot of Git commit logs copied/pasted or my personal favorite, “Changed a bunch of stuff. Too busy building awesome s*** to care about tracking changes”.

Active discussion on the topic is taking place on the make.wordpress.org/themes blog. If the team concludes that change logs are beneficial, the main question to answer is whether or not they should simply take up residence in the readme.txt file, like plugins do, or have their own separate file.

Ultimately, the issue boils down to whether or not WordPress users read and appreciate changelogs, or if they are more beneficial for developers. As the Theme Review Team is primarily made up of developers, it would be valuable if average users who desire theme change logs could chime in on situations where the file might be helpful.

by Sarah Gooding at April 27, 2015 03:36 PM under changelog

WPTavern: Zero Day XSS Vulnerability in WordPress 4.2 Currently Being Patched

Klikki Oy is reporting a new comment XSS exploit vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an unauthenticated attacker to inject JavaScript into comments.

If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.

Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.

This particular vulnerability is similar to one reported by Cedric Van Bockhaven in 2014, which was patched in the most recent WordPress 4.1.2 security release. That particular vulnerability was related to four-byte characters being inserted into comments, causing premature truncation by MySQL.

In this instance, an attacker posts an excessively long comment in order to trigger the MySQL TEXT type size limit, which truncates the comment as it is inserted into the database.

The truncation results in malformed HTML generated on the page. The attacker can supply any attributes in the allowed HTML tags, in the same way as with the two recently published stored XSS vulnerabilities affecting the WordPress core.

In these two cases, the injected JavaScript apparently can’t be triggered in the administrative Dashboard so these exploits seem to require getting around comment moderation e.g. by posting one harmless comment first.

A patch from the WordPress security team should be forthcoming. At this time the team could not provide an ETA, but in the meantime there are a few things users can do to mitigate the risk.

“Your best option is to install Akismet (which has already been configured to block this attack), or disable comments,” core contributor Gary Pendergast said in response to inquiries on the WordPress #core Slack channel. “JavaScript is blocked by wp_kses(). Akismet blocks this specific attack, which gets around wp_kses()’s protection.”

WordPress users can also temporarily disable comments in the meantime until the patch has been issued by the WordPress security team.

by Sarah Gooding at April 27, 2015 12:10 PM under security

April 26, 2015

Matt: Entanglement

If you’re curious about quantum entanglement (and a type of synesthesia) at all, check out this week’s Invisibilia show on NPR called Entanglement.

by Matt at April 26, 2015 03:19 PM under Asides

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this send an email to Matt.

Official Blog

For official WP news, check out the WordPress Dev Blog.


Last updated:

May 05, 2015 09:00 AM
All times are UTC.