WordPress.org

Ready to get started?Download WordPress

WordPress Planet

December 20, 2014

WPTavern: Nulis: A Free Minimalist WordPress Theme with a Unique Twist

Nulis is one of the most unique designs to land in the WordPress Themes Directory this year. At first glance, you might think the theme is rather plain. The screenshot on the theme’s description page doesn’t indicate anything interesting going on under the hood, but something about it intrigued me enough to put it up on a test site.

Nulis-screenshot

Nulis includes several options built into the native customizer for adding your own header image, background, a custom logo, the ability to change the header text color, and more. Once customized, the theme looks quite a bit less plain than its screenshot.

nullis-customized

The icon on the top right spins when clicked and fades in a search bar. The icon at the top left of the theme also spins and opens a hidden panel with your logo, bio, navigation menu, social links, and any custom widgets you wish to add. Everything included in the hidden panel can be added via the customizer.

nulis-hidden-panel

Nulis is the Javanese word for ‘writing,’ and the theme does an excellent job of highlighting your content, especially if you are fond of post formats. Each post format has its own unique styling to set it apart from the others. The one-column theme surrounds your content with ample white space and showcases large, full-width featured images. The theme is also responsive and looks fantastic on mobile devices.

nulis-responsive

Check out the live demo to see the theme in action, and make sure to try the interactive icons at the top while you’re there. It’s a fun addition for toggling the hidden panel and search box.

Nulis was created by web developer Denny Kuswantoro. It’s his first submission to the themes directory and his account will be one to watch in the future. You can download Nulis from WordPress.org or install it on your site via the admin themes browser.

by Sarah Gooding at December 20, 2014 12:27 AM under free wordpress themes

December 19, 2014

WPTavern: phpBB.com Compromised, Users Should Change Their Passwords

phpBB.com, which hosts the popular open source forum software phpBB, has been compromised. On Dec. 14th, members of the development team discovered several web servers that power the website were compromised and immediately suspended operations. Users are not at risk as the phpBB software is not affected.

phpBBHomePagephpBB HomePage

According to an ongoing investigation, initial entry was gained through a staff member’s account. The attackers obtained access to the phpBB.com and area51 databases, meaning that user information, including hashed salted passwords, was also compromised. Area51 is a phpBB development website maintained by the phpBB team.

Additionally, all logins on area51 between Dec. 12th and Dec. 15th were logged in plaintext. Despite the passwords being hashed, users are encouraged to change their passwords, especially if you use the same password on other sites.

When it comes to using a forum in WordPress, bbPress is usually the go-to plugin because of its tight integration. However, there are a few plugins that bridge the phpBB forum software with WordPress. WP-United is one such plugin and has nearly 40k downloads. Its popularity indicates several site owners connect WordPress to phpBB instead of bbPress.

The team is in the process of restoring its website. Once the servers are back online, they will provide full details, including the steps they’ve taken since the compromise.

by Jeff Chandler at December 19, 2014 11:01 PM under phpbb

WPTavern: Postmatic Offers Free Concierge Service for Installation of Its New Comments Subscription Plugin

postmatic

Postmatic is currently offering free concierge installation, configuration, and user migration for its new comments subscription which is now in beta. The plugin allows users to subscribe to new posts/comments via email and leave a comment by simply hitting reply. Postmatic beta 6 introduced 1-click migration of subscribers from Jetpack, in order to make it easy for Jetpack users to get on board.

The plugin aims to make WordPress and post/comment subscription emails work seamlessly, so that users don’t have to leave their inboxes to interact with commenters. While the base plugin is free for any number of blogs and subscribers, the Postmatic creators are looking to monetize it in the future by offering paid delivery of outgoing mail for larger sites.

In an effort to compete against the Jetpack-dominated comment subscription feature, Postmatic is aggressively signing up new users via its free concierge service. For a limited time, the team will perform the following for users who wish to switch to Postmatic:

  • Keep things safe and back up your database
  • Handle the nuts and bolts to get the plugin installed
  • Customize your email template by creating a header image and assigning some handy widgets to your footer
  • Migrate your existing users from Jetpack, Mailpoet, Mailchimp, Feedburner or other double-opt-in email or subscription service
  • Invite your past commenters to join to subscribe so your content gets right into their inbox

The free concierge service is limited to the first 50 people who respond by filling out Postmatic’s application. If the service is successful, I wouldn’t be surprised to see it added to the product’s commercial offerings in the near future.

Comments are vital to the health of a blog and are often the strongest indicator of engagement on your content. Based on the initial response to Postmatic, WordPress users who value comments are eager to find better ways to extend them to boost interaction.

Postmatic, like many other new products, is entering the marketplace with the strategy of building a strong user base around its free plugin. Its creators are aiming to capture a share of the post/comment subscription market with importers for Jetpack, Mailpoet, Mailchimp, Feedburner and other services before the official public launch.

by Sarah Gooding at December 19, 2014 10:10 PM under postmatic

WPTavern: Menu Customizer Now in Development for WordPress 4.2

hammer

WordPress 4.1 was released just yesterday, but core contributors are already planning and working towards 4.2. The Menu Customizer feature plugin is back in development and contributors are hoping to have it ready for inclusion in 4.2. Nick Halsey, who originally started the Menu Customizer work as part of his Google Summer of Code project, will be leading the effort to get the feature prepared for the upcoming release.

During the last release cycle, Halsey was focused on improving the Customizer API in core to add dynamic and contextual controls, sections, and panels. The Menu Customizer plugin has now been updated to be compatible with WordPress 4.1 and is ready to pick up development where it left off. As it’s no longer a GSoC project, Halsey is now actively looking for contributors.

Currently, the menu customizer is usable and offers the ability to assign menus to locations, edit existing menus/menu items, and add new menus.

menu-customizer

Halsey outlined a roadmap for preparing the Menu Customizer for merge, which includes a number of PHP and Javascript development tasks, including, but not limited to, the following:

  • Build-out the core API for adding Customizer sections and controls entirely with JavaScript, #30741 and its related tickets (PHP, JS)
  • Drag and Drop menu item reordering needs to do sub-menus (code imported from nav-menus.php is commented out in menu-customizer.js currently) (JS)
  • Fix problems with previewing updates to menu items, and with previewing newly-added menus once items are added (JS)
  • Redo the add-menu-items “panel” to lazy-load its contents & utilize Backbone sub-views (PHP, JS)

He also hopes to improve the experience of using the customizer on mobile, followed by getting the menu customizer plugin to work on mobile. Halsey is also looking for contributors to assist on the design, code review, a backwards-compatibility audit, and inline documentation.

If you’re curious about how the Menu Customizer works, anyone is welcome to try the plugin and offer feedback. For the time being, it is compatible with WordPress 4.1 but may require 4.2-alpha down the road as it progresses.

Contributor interest is critical for the Menu Customizer to have a shot at inclusion in WordPress 4.2. If you can help in any way, jump in on the Make/WordPress Core post to volunteer.

by Sarah Gooding at December 19, 2014 08:57 PM under menu customizer

WPTavern: WordSesh 3 Begins Tonight at 7PM EST

WordSesh 3 Featured ImageWordSesh, the 24 hour virtual WordCamp, begins tonight at 7PM EST when one session per hour for 24 hours straight will stream live on the WordSesh homepage.

It’s free to attend with sessions covering a wide range of topics including, WordPress performance, WooCommerce, and business advice. Take a look at the schedule to see a list of sessions and their scheduled broadcast time.

In case you can’t watch a session live, each one will be recorded and made available immediately following the event. Scott Basgaard, the events primary organizer, plans to add each session to a video playlist through the WordSesh YouTube account.

Will you stay awake for 24 hours to watch WordSesh? I don’t think I’ll be able to make it, but I’m going to try!

 

by Jeff Chandler at December 19, 2014 08:53 PM under wordsesh

WPTavern: WPWeekly Episode 175 – New Years Resolution Slider

In this episode of WordPress Weekly, Marcus Couch and I discuss a number of topics. We give you a heads up on the latest round of attacks taking advantage of vulnerabilities in the Revolution Slider plugin. We congratulate John James Jacoby on successfully reaching his crowdfunding goal. We talk about a new plugin discovery tool released by ManageWP and compare it to what’s available on the official directory.

This is the last show of 2014. Thank you for listening and supporting the show throughout the year. The next episode will be on January 7th, 2015.

Stories Discussed:

100,000+ WordPress Sites Compromised Using the Slider Revolution Security Vulnerability
StoryFTW Now Available in The Plugin Directory
Jetpack 3.3 Introduces New Centralized Dashboard for Managing Multiple WordPress Sites
WordPress Themes Directory Now Requires All Themes to be Translation-Ready
BuddyPress, bbPress, and GlotPress Development Campaign is Now Fully Funded
Google Earth API to Retire December 12th, 2015
ManageWP Releases Plugin Discovery Tool

Plugins Picked By Marcus:

HTTPS Mixed Content Detector attempts to identify sources of mixed content warnings. The plugin will examine content loaded when admins are viewing the site. Any content that violates the policy of loading content that originates from “https:” resources will trigger an error and that resource will be logged.

Performance Tester allows you to launch a performance and quality analysis on your WordPress home page from your back office. The report is provided by DareBoost.

Idea Factory allows users to submit new ideas from the WordPress front-end and vote on them.

WPWeekly Meta:

Next Episode: Wednesday, January 7th 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #175:

by Jeff Chandler at December 19, 2014 02:11 AM under storyftw

WPTavern: Concept Image Shows Redesign of Drupal.org User Profiles

Open source projects rely on contributions from both paid and non-paid volunteers. As a project gets larger, there are more ways to contribute. Displaying a user’s contributions is a great way to show off a person’s impact to the project.

Like WordPress, Drupal.org provides a profile page for registered users. During the December 17th Drupal Association meeting, the team announced it’s going to redesign Drupal.org user profiles and released a concept image.

Drupal User Profile Page Redesign ConceptDrupal User Profile Page Redesign Concept

The proposed design will change slightly as members of the community continue to work on it, but I like what I see so far. It’s clean, uses colors, and does a good job of organizing a lot of information.

Meanwhile, the WordPress.org user profiles which are also a work in progress, don’t show nearly as much information. Activity, Plugins, and Favorites are split into sections. However, the main profile page looks nice, uses color, and contains badges.

WordPress.org User Profile PagesWordPress.org User Profile Pages

Difference in Approach

One of the differences between WordPress and Drupal is that the ticket dedicated to redesigning Drupal user profile pages is filled with discussion and contributions. On the other hand, WordPress uses a mixture of tickets, posts on the Make Community P2 website, and comments to decide how to redesign the profile pages. I’m a fan of keeping information about a specific feature in a central location as it’s easier to reference.

User profiles are a common item shared between two large, open source projects. It’s interesting to see the approach each has taken towards improving the design and showcasing a user’s contributions to the project.

What do you think of the concept image and is there anything in the design you think would work well for WordPress.org user profiles?

by Jeff Chandler at December 19, 2014 12:39 AM under user profiles

December 18, 2014

WPTavern: Critical Git Vulnerability Patched: Update Your Git Clients Immediately

photo credit: git - the simple guidephoto credit: git – the simple guide

Git just announced version 2.2.1, a maintenance release that includes a security fix for a critical vulnerability that affects those using Windows and Mac OS X Git clients. This update also includes new releases with the same security fix for older Git versions.

GitHub confirmed that GitHub for Windows and GitHub for Mac are both affected and should be updated immediately. The GitHub engineering team explains how attackers might exploit the vulnerability:

The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to ovewrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

If you’re using GitHub’s client for Windows or Mac, the security issue has been patched and is ready for download. This includes an update to both the desktop application and the bundled version of the Git command-line client. If you’re using any other kind of Git client or software that connects to Git repositories, you’ll want to update immediately.

Although the issue should not affect Linux users, the release announcement encourages those who operate hosting services with users that fetch from Windows or Mac OS X machines to update in order to protect users with older versions of Git. Check out the 2.2.1 release notes for further information on the security fixes.

by Sarah Gooding at December 18, 2014 10:03 PM under security

WPTavern: Export Your WordPress Blog to Jekyll with One Click

jekyll

Jekyll fans are fond of the Ruby-powered static blogging software due to its ease of use and support for Markdown and the Liquid templating engine. With no database to maintain and no comments to moderate, Jekyll radically simplifies blogging. It’s also the software that powers blogging on Github Pages.

Moving content from WordPress to Jekyll is super easy, thanks to the Jekyll Exporter plugin created by Ben Balter. His Jekyll-powered blog is hosted on GitHub, along with his exporter plugin, which has been in development for more than a year. It was recently updated to be even easier to use and is now available on WordPress.org.

The one-click plugin converts all posts, pages, taxonomies, metadata, and settings to Markdown and YAML, which can be dropped right into Jekyll.

Who Needs a Jekyll Exporter?

I think WordPress is the best blogging software out there, but there are some bloggers who don’t want the hassle of comment moderation and all the maintenance that WordPress requires. This plugin is perfect for conveniently transitioning to Jekyll.

It’s also useful if you have created a bunch of documentation for a project on your WordPress site but decide to move the docs to a freely hosted Jekyll-powered site on GitHub Pages. This allows you to manage your documentation with version control and makes it easy for others to contribute.

I have not found Jekyll terribly easy to set up when I’ve worked with it in the past. That’s why this exporter plugin is a huge time saver – it basically does everything for you:

  • Converts all posts, pages, and settings from WordPress for use in Jekyll
  • Export what your users see, not what the database stores (runs post content through the_content filter prior to export, allowing third-party plugins to modify the output)
  • Converts all post_content to Markdown Extra (using Markdownify)
  • Converts all post_meta and fields within the wp_posts table to YAML front matter for parsing by Jekyll
  • Generates a _config.yml with all settings in the wp_options table
  • Outputs a single zip file with _config.yml, pages, and _posts folder containing .md files for each post in the proper Jekyll naming convention

The Jekyll Exporter plugin has no settings to configure. Just click the button and you’ll have all your content exported into the correct format for Jekyll and organized into the right structure.

If you’re having trouble with your server timing out on the export, Balter has ensured that the plugin is compatible with WP-CLI. You can run this command, which also has support for sites where wp-content isn’t in the traditional location:

wp jekyll-export > export.zip

Currently, the Jekyll Exporter is the only one of its kind in the WordPress.org plugin directory. Fortunately, it was created by a reputable developer who knows the ins and outs of using Jekyll after WordPress.

by Sarah Gooding at December 18, 2014 09:33 PM under jekyll

Post Status: WordPress 4.1, “Dinah”

wordpress-4-1
WordPress 4.1, “Dinah”, has just been released. WordPress 4.1 is the result of months of work and includes a number of excellent new features.

WordPress 4.1 was led by John Blackbourn, who did an outstanding job. Two hundred and eighty three contributors were part of WordPress 4.1, which Matt Mullenweg states is a new high.

Here are some of the new features.

Persistent Distraction-free Writing

I must begin with the new persistent Distraction-free Writing feature, as I’m using it to write this very post. We’ve had Distraction-free Writing since 2011, with the release of WordPress 3.2. However, it’s always been a single-experience decision. You hit the button to enter distraction free mode, and you utilize it for a single writing session.

Now, the button itself is persistent, and the experience of writing distraction free doesn’t enter a new screen, but rather fade away the distractions of the default editor.

Screen Shot

The left admin seamlessly floats away, as do the metaboxes to the right of and below the editor. The editor itself remains, versus using a modified editor like before.

When you update to WordPress 4.1, you are triggered with a note about Distraction-free Writing, and now that it’s a decision you only have to make once, I think this feature will finally get the broad use it deserves. It really is much more pleasant to write without everything else around you, to be lost in your thoughts as they make their way to the editor.

Twenty Fifteen theme

Screen Shot

The Twenty Fifteen theme is the finest work I’ve seen yet of the default theme team. A blogging, and personal, theme — Twenty Fifteen is simple, with beautiful typography, and capable of showcasing blog posts of any format with poise.

Twenty Fifteen comes in six base color schemes: default (light), dark, yellow, ping, purple, and blue. It also supports WordPress’ background and header image features, and allows you to customize colors from your base selection; Twenty Fifteen can be as quirky as you are.

Screen Shot

Here’s a link to the default theme demo, as well as it’s new page on WordPress.org.

Dozens of languages, available any time

Screen Shot

WordPress has made tremendous progress for non-English speaking users in the past few releases. With WordPress 4.0, you could choose a language on installation, whereas before it required many more steps. Now the team has gone a step further, so that language can be changed at any time, right from WordPress’ general settings page.

Given that a third of WordPress installs are non-English (and if I recall correctly half of new downloads are non-English now), this change further reduces the barrier of language in publishing software, and is an excellent move for the progression of the platform across the world.

Recommended plugins

Screen Shot

I believe recommended plugins is probably the most controversial feature in WordPress 4.1, though it is not without precedent. “Featured” themes have been in the WordPress dashboard for a while now. But with a tab for recommended plugins, now users can see plugin recommendations based on plugins already installed and plugins other sites have installed.

Recommended plugins are replacing the former popular plugins tab, and is mostly a change in the underlying API for showing the plugins themselves. Since it’s not a manual recommendation, I think this is a good change, and will more accurately help folks find relevant plugins than just listing the most popular plugins in the directory.

New template tags and theming tools

I’m really looking forward to using some of the new template tags introduced in WordPress 4.1.

My favorite is get_the_archive_title(). Themers out there all know about the big blob of conditionals in most theme archive templates to spit out the right string based on which archive template it is. Now, there’s a function for that, and it’s fully filterable to boot.

Descriptions of the new title functions, some new pagination functions, and some particularly nice body class assignment enhancements are well described on this Make WordPress post by Konstantin Obenland. There’s also a post about adding theme support to let WordPress handle title tags, which is a handy thing.

Log out from anywhere

A relatively small but nice security feature is the new ability to log out of all installs from a single location. WordPress uses cookies to keep you logged into your install for a period of time. Well, if you ever leave yourself logged in on a computer you don’t trust, you can now log out of all instances easily, from your profile page on an install.

There is a new button that says “Log Out of All Other Sessions,” and also tells you if you are logged in at more than one location.

More improvements to queries

I love how much progress has been made on the WordPress query tools in the last couple of years. WordPress 4.1 introduces the ability for a nested query syntax, which makes more complex queries possible for WP_Tax_Query, WP_Date_Query, and WP_Meta_Query. I don’t often call out single individual’s work on something, but Boone Georges really slayed it with the nested queries work. He wrote about it on his blog in detail.

More under the hood

WordPress 4.1 includes many other under the hood features you should check out on the Codex page about the release.

More excellent progress for WordPress

WordPress is better than ever, and hundreds (or thousands) of people make it so. Great job everyone. Now, go download WordPress 4.1.

by Brian Krogsgard at December 18, 2014 07:12 PM under Everyone

WPTavern: WordPress 4.1 “Dinah” Released

photo credit: Michael Ochs Archives/Getty Imagephoto credit: Michael Ochs Archives/Getty Image

After nearly four months of development, WordPress 4.1 “Dinah” in honor of jazz singer Dinah Washington, is available for download. Led by John Blackbourn, 4.1 contains several improvements such as a new default theme, an improved distraction free writing experience, and plugin recommendations.

Twenty Fifteen

New Default Theme For 2015New Default Theme For 2015

Twenty Fifteen is a two-column theme with a focus on content. In sharp contrast to Twenty Fourteen, Twenty Fifteen is light in color with a left hand sidebar and content in the right column. It’s designed with a mobile first approach and looks great on various screen sizes. Twenty Fifteen looks best when using large, featured images. It also ships with five different color schemes, ranging from dark to pink that are accessible from within the theme customizer.

Plugin Recommendations

Plugins Recommended To Me Based on Data of Sites with Similar Plugins InstalledPlugins Recommended To Me Based on Data of Sites with Similar Plugins Installed

When you browse to the Add New plugins screen, you’ll see a new Recommended tab. Recommendations are based on data from thousands of WordPress sites about plugins that are commonly used together. It’s similar to an online store’s “people who bought this also bought this” feature.  Because of the strict data set used, plugins that are 3-4 years old or older won’t be recommended.

Improved Distraction Free Writing

Distraction Free Writing in WordPress 4.1Distraction Free Writing in WordPress 4.1

When you enable Distraction Free Writing mode, the surrounding interface disappears as you type leaving important actions and menu items just a mouse movement away. This mode minimizes distractions without having to go through a clunky transition to access the admin menu or meta boxes. To bring back the menu and meta boxes, move the mouse cursor to the left or right of the editor.

Log Out of Every Session With One Button

WordPress Session UIWordPress Session UI

WordPress 4.1 includes a new Session UI. The UI shows up on the profile page when WordPress detects more than one active session. When pressed, the button logs out of every session except for the active one. This is useful for those times when users might have forgotten to log off from a laptop, phone, or public computer.

Inline Image Editing

Inline Image Editing ToolsInline Image Editing Tools

When editing an image using the Visual editor, a set of inline editing tools appear above the image. These tools provide a quick and easy way to align an image or access additional editing options.

oEmbed Support Added For Vine

WordPress 4.1 has oEmbed support for Vine which hosts short videos that continuously loop. Sharing a Vine is now as easy as copying and pasting the URL into the Visual editor.

Choose a Different Language at Any Time

Site Language Picker in WordPress 4.1Site Language Picker in WordPress 4.1

You can now choose a language for your site at any time by visiting the General Settings screen. Choosing a different language installs the required language pack.

Developer Items

Metadata, date, and term queries now support advanced conditional logic, like nested clauses and multiple operators. There are a couple of new Template tags and a major improvement with Title Tags in 4.1. There have also been several improvements to the Customizer API, including contextual panels, sections, and JavaScript templates for controls.

4.1 Represents Continued Improvement

WordPress 4.1 is the product of dedicated developers and 283 contributors. The ability to choose a language without having to touch a line of code is a great improvement. The default theme is refreshing compared to Twenty Fourteen and users have an entire year to manipulate the design. While some users will see the new Distraction Free Writing mode as a distraction, others will enjoy its convenience.

This is one of the first major WordPress releases in a long time that doesn’t have a video walk through. To take its place, here is a video featuring songs from Dinah Washington in 1954.

What do you think of the new default theme and will you try out the new Distraction Free Writing mode? Let us know what you think of 4.1 in the comments.

by Jeff Chandler at December 18, 2014 06:37 PM under vine

WPTavern: Intergalactic: A Bold Free WordPress Theme from Automattic

Despite a global decrease in public funding for space programs, humans are still reaching for the last frontier through film, music, and even design. Automattic’s latest free theme release on WordPress.org is a bold new take on the space motif.

Intergalactic features strong typography with post titles overlaying full-width featured images. The one-column layout is well-suited to a personal blog and the theme has support for all the standard post formats.

intergalactic-theme

Intergalactic also includes support for custom headers, custom backgrounds, and a social links menu. The theme keeps navigation out of sight via a high-contrast slideout menu. The sidebar is 530px wide with plenty of space for longer page titles and wider widgets.

intergalactic-slide-out-menu

The theme also has built-in styles for right-aligned, left-aligned, and centered pullquotes, which can be easily set in the text editor.

<blockquote class="alignleft">
   This is a left-aligned blockquote.
</blockquote>

Intergalactic’s bold design takes you back to the glory days when space photography was brand new and manned missions put explorers on the moon. It’s been more than 40 years since the Apollo 17 astronauts’ last visit to the lunar surface in 1972, but the idea of space travel remains firmly stuck in the public imagination.

If you need a new look for your blog and you’re aiming to publish at the speed of light in 2015, the Intergalactic theme is a powerful motivator. Check out the live demo on WordPress.com to see it in action. Intergalactic is now available to download for free from the WordPress.org Themes Directory.

by Sarah Gooding at December 18, 2014 06:19 AM under free wordpress themes

WPTavern: How to Take Control of The WordPress Heartbeat API

Heartbeat Control Featured Imagephoto credit: osseouscc

The WordPress Heartbeat API, introduced in WordPress 3.6, simulates a pulse and is responsible for revision tracking, session management, and more. The pulse is around 98 Bytes in size, but it can cause performance issues in certain situations.

If you’ve been notified by your webhost that your account is using too many resources and cite POST /wp-admin/admin-ajax.php as the cause, it’s likely due to the Heartbeat API.

How The Heartbeat API Works

Inmotion Hosting has an excellent article that explains how the Heartbeat API works. If you monitor server requests while in the post editor, you’ll see POST /wp-admin/admin-ajax.php "http://example.com/wp-admin/index.php appear every 15 seconds. This is the pulse generated by the API.

The pulse makes sure you have a persistent connection to the web server and provides a way for developers to trigger events. For example, if the pulse takes 30 seconds or longer to process, WordPress displays a connection error and attempts to reconnect to the server.

The Problem

Execution TimeExecution Time

There are several situations in which a pulse is generated either automatically, or by a user. Most of the time pulses are harmless and don’t do anything.

Each pulse (POST request) executes a PHP script equating to CPU time on the server. In an experiment, InMotion Hosting left the dashboard open for a half hour and noticed 25 PHP script executions that used 5.77 CPU seconds. The small amount of CPU time was used to do nothing.

The problem is compounded by the fact that each user who has access to the backend of WordPress generates a pulse. As the number of users navigating the WordPress backend simultaneously increases, so does the number of pulses generated from the API.

If a webhosting provider has strict limits on the number of processes or resources used, you could easily go over the limit.

How to Control The Heartbeat API

Heartbeat Control, developed by Jeff Matson, is a new plugin that enables you to control the interval of pulses. After activating the plugin, you’ll find the settings located in Tools>Heartbeat Control.

Heartbeat Control SettingsHeartbeat Control Settings

You can choose to disable the API entirely, only on the dashboard page, or allow it only on the post editing screen. You can also choose the interval when pulses are sent. The choices range from 15-60 seconds with 5 second intervals in between.

By changing the interval to 60 seconds, pulses are less likely to impact server performance. Several HostGator customers who use the plugin report they no longer experience suspensions for using too many resources.

Why InMotion Hosting Doesn’t Throttle The API by Default

If increasing the pulse interval from 15 to 60 seconds increases server performance, why doesn’t InMotion Hosting throttle the API on every webhosting server?

Matson, who works for InMotion Hosting, says a one size fits all approach doesn’t work. “The reason we don’t do that is because there are some users that require it at the default rate or an even higher frequency. When making server-wide changes, you have to be extremely careful that you do not impact a customer’s site.”

Matson goes on to say that, “As a host, the number one goal is making customers happy and restricting the normal operation of a user’s site is unacceptable.”

How HostGator Almost Deleted WP Tavern

I sympathize with those who use HostGator as they have a strict CPU resource restriction. If pulses from the Heartbeat API cause the CPU to become busy or cause a backup in processes, using 25% of the CPU longer than 90 seconds is easy to do.

HostGator’s policy for using too many resources is to suspend the account. This makes it impossible to troubleshoot the problem. If you exceed the resource allotment more than five times, the site is removed from the server and your account is banned.

HostGator Resource PolicyHostGator Resource Policy

In late 2013, when WP Tavern used HostGator, I experienced first-hand what it’s like to have a website suspended. When I upgraded the Tavern to WordPress 3.6, which introduced the Heartbeat API, I started to experience problems. The site would routinely lock up and when I viewed the processes tab in cPanel, it looked like a simple process repeated itself, leading to a denial of service.

Site Offline ErrorsI can’t confirm if the Heartbeat API was the culprit but it’s high on my list of suspicions. After suspending the Tavern twice, HostGator informed me that if the site was suspended again, it would be removed from the server without giving me a chance to back it up. Needless to say, I switched hosts immediately.

Don’t End Up in a Similar Situation

If you’re using a webhosting service with strict resource limits, consider installing Heartbeat Control to limit the number of pulses. Not only will it mean fewer calls to the server, but it may lead to a performance increase as well. Keep a close eye on the resources used and if you come close to maxing out, it’s a sign you need to upgrade to a better plan. Don’t end up in a position where you may lose your site!

by Jeff Chandler at December 18, 2014 02:19 AM under wordpress 3.6

December 17, 2014

WPTavern: Atlanta WordPress Coders Guild: A New Meetup for Designers and Programmers

photo credit: FrenchKheldar - ccphoto credit: FrenchKheldarcc

The Atlanta metro area will soon be getting a new type of WordPress meetup, targeted towards programmers and designers. Local organizers Mike Schinkel and Micah Wood announced the Atlanta WordPress Coders Guild on Meetup.com and have already attracted 55 members who identify themselves as coders.

Due to the group’s unique requirements, it is not affiliated with the WordPress Foundation-sponsored community meetups. In order to become a member, one must be interested in working with technologies such as PHP, MySQL, Apache, Javascript, jQuery, Git, Backbone, Vagrant, Gulp, Grunt, SASS, and the WordPress API.

“We are not affiliated with the WordPress Foundation’s Community Meetups initiative because we are not open to WordPress end-users,” Schinkel emphasizes in the meetup’s description. “We are instead a group for serious professionals with a goal of raising the bar for WordPress coder talent in the Southeast and to make it more viable for the major project funders to choose WordPress instead of closed source solutions.”

Official community meetups have a requirement to have membership open to “all who wish to join, regardless of ability, skill, financial status or any other criteria.” Since the Atlanta WordPress Coders Guild isn’t open to all skill levels, it is running independently. The organizers plan to host workshops centered around best practices expected by clients who spend $100k+ on projects that demand a high level of performance and security.

Atlanta’s Fragmented WordPress Community

Schinkel has lived in the Atlanta area for several decades and has a great deal of experience organizing professional meetups. He’s an accidental connector who became acquainted with many people in the area and has a unique perspective on the Atlanta tech and WordPress communities.

“We have a really strong tech community backed by education like Georgia Tech and ~10 Fortune 500 companies in the Atlanta area, and tons on technology meetups,” he said. “Lots of Java, .NET, Ruby, Javascript and PHP, and at least 10 large digital agencies with probably up to 1000 agencies if you count the small ones.”

The startup community is also thriving in the area and Atlanta is experiencing growth across various sectors, including financial, health tech, IT security, and more. Unfortunately, this has not directly translated into a strong WordPress community.

“The WordPress community, however, is fragmented because of metro Atlanta’s expansive geography, lack of any natural geographic boundaries and no single entity with the clout to really organize a cohesive community,” Schinkel explained. The area has 10 different meetups, many of which fail to attract more than a handful of members on a regular basis.

The Atlanta WordPress Users Group, organized by Judi Knight, is the most successful with approximately 1600 members, but Schinkel says those are primarily people willing to travel to a meetup in town. Outer metro Atlanta residents are reluctant to attend.

“Also, from the perspective of a professional WordPress PHP, MySQL and jQuery coder, those meetups are characterized by really novice end-users,” he said. “Rarely, if ever, is there any significant WordPress coding talent in attendance, and intermediate to advanced topics are never announced or covered.”

The Need for More Workshops Focused on Advanced Topics

Schinkel believes that the Atlanta WordPress community needs the opportunity to have more advanced workshops and developer-focused meetups. “As far as I can tell the existing successful WordPress meetups all focus on the needs of end-users,” he said. “That’s great, it is what in part has driven the success of WordPress, but it also means that there are no local meetups to help WordPress coders to grow their skills.”

Schinkel used the term “coder” in the meetup name specifically to filter out those he would classify as developers.

Many people think of themselves as ‘WordPress Developers’ when what they do is install WordPress; select, install and configure a theme; select, install and configure plugins; maybe tweak CSS; and add some page templates with a bit if loop and template tag coding. So we think of those people as ‘Site Builders’ and think the term ‘developer’ is too broadly adopted to have any communicable distinction in the context of WordPress people.

There are a myriad of meetups in Atlanta for WordPress end users who want to learn about using themes and plugins, but virtually no meetups for coders who want to expand their skills. This is why the organizers are spearheading a WordPress coders guild in Atlanta.

“First and foremost we want to see more Atlanta agencies and internal teams in the larger Atlanta organizations choosing WordPress for their projects,” Schinkel said. “For that to happen there has to be a stronger talent base in Atlanta who are knowledgeable and experienced in WordPress best practices, at least as far as they relate to agency use of WordPress.”

He anticipates that the group will probably have its first “get to know each other” meetup in January and then start workshops in February. With advanced topics in the spotlight every week, Schinkel hopes that agencies and internal teams that rarely come out to network will be more motivated to attend.

“We want to create a stronger WP coder community than we currently have in Atlanta, and the one we currently have is really lacking,” he said. “Put it another way, Drupal has a far stronger developer community in Atlanta because of their Drupal meetup and yet Drupal has ~1/10th the marketshare of WordPress. Now that is really sad, don’t you think?”

Schinkel and Wood have identified a common problem with many community meetups where the topics focus on end user education. While connecting with people of all skill levels is important, more advanced WordPress professionals often become less motivated to attend meetups that don’t include topics that challenge them and help them become better at their work. The Atlanta WordPress Coders Guild aims to solve this problem with an alternative, non-traditional WordPress meetup.

by Sarah Gooding at December 17, 2014 11:34 PM under community

WPTavern: VVV-Dashboard Provides an Interface for Managing Varying Vagrant Vagrants Installations

VVV-Dashboard is a new tool that provides an interface for managing your Varying Vagrant Vagrants installations. Inspired by Variable VVV, a script that makes it easy to create and delete sites, Leo Gopal made VVV-Dashboard to complement it.

Gopal is a WordPress developer from Cape Town, South Africa. “I installed my first WordPress site seven years ago while in high school and started creating sites for clients ever since. Only recently, after Matt’s Five for the Future speech, did I decide to come out and offer what I have to everyone, more freely,” he said. VVV-Dashboard is one of his first public contributions.

The tool was designed to work with Variable VVV but can be used without it. “Because VVV is very terminal oriented, it’s easy to forget commands when you need them. For example, you might forget to ‘vagrant up –provision’ when working with Variable VVV (and other site creators),” Gopal said. VVV-Dashboard adds a quick reference page inside your vvv.dev site for commands and includes a list of all your Vagrant installs.

vvv-dashboard

The title of the page displays how many VVV sites you have installed on your machine. Each site and its admin are linked, along with a profiler button that offers a quick overview. In order for the profiler to work, you must have Xdebug turned on.

Many developers end up with a long list of dev sites, and it can be difficult to remember what sites are active and where they are located. The VVV-Dashboard interface saves you time with a convenient list and might even inspire you to perform a cleanup of sites no longer in use.

In the next few releases, Gopal plans to include more basic site info in the dashboard, such as whether or not WP_Debug is enabled, an indicator for if Xdebug is on/off, the current active theme, etc. Variable VVV recently added a blueprints feature, which allows you to set up different plugins, themes, mu-plugins, options, or constants that will be installed to a new site you create. Gopal plans to create a few blueprint examples and add them to VVV-Dashboard.

VVV-Dashboard is licensed under the GPL V2. It adds a friendly layer between you and your VVV sites to make management more convenient and efficient. Check out the project on GitHub where you’ll find complete installation instructions. If you have any tips on how to improve the project, make sure to leave your feedback for the developer.

by Sarah Gooding at December 17, 2014 08:01 PM under VVV

WPTavern: ManageWP Releases Plugin Discovery Tool

The WordPress plugin directory has nearly 35k plugins and discovering new ones that have been tested and downloaded a few thousand times is difficult. Users can browse the directory for newest, recently updated, most popular, and highest rated plugins. With the exception of the recently updated category, there’s no way to discover plugins in the middle of the pack. A new plugin discovery tool by ManageWP, attempts to solve the problem.

Algorithm Based

Best New PluginsBest New Plugins Page

The front page of ManageWP.org/plugins displays the best new plugins under 100k downloads. The plugins are determined using an algorithm that takes into account plugin quality and acceleration of growth. A plugin’s quality is determined using seven metrics:

  • Last Updated
  • WordPress Compatibility
  • Support
  • Rating
  • Plugin Popularity
  • Author Popularity
  • Other plugins from the same author

Using a combination of metrics, ManageWP is able to display a constantly evolving list of rising stars. Placing emphasis on a plugin’s compatibility with WordPress and when it was last updated might motivate plugin authors to keep these fields updated.

Comparing Plugins

If you’re curious to see how plugins compare to each other, check out the plugin comparison section of the site. Simply choose two different plugins and hit the compare button. The comparison displays each plugin’s statistics with a download chart at the bottom. At the moment, you’re limited to comparing only two plugins at the same time, but there are plans to allow for more in the future.

Plugin ComparisonsPlugin Comparisons

Plugin Awards

Awards are a quick way to determine how well a plugin is doing in specific categories. For example, WordPress SEO by Team Yoast, has a number of awards for being the most downloaded and highest rated in multiple categories. I think it would be beneficial if this area was extended to highlight more ranks like top ten, top five, and number one.

ManageWP Plugin AwardsManageWP Plugin Awards

Future Improvements

ManageWP founder, Vladimir Prelovac, says he’s not finished with the site. In the announcement, he shares a couple of ideas on what he’d like to see in the next iteration.

  • Simpler plugin comparison, allow multiple plugins compared at once.
  • Include WP Vulnerability Database security data to plugin details page and Plugin Quality score.
  • Allow plugin authors to ‘claim’ their pages. This will allow all sorts of activity like adding the links to their premium support, answering Q&A
  • Open everything via an API so everyone can use the engine and its data

The WP Vulnerability Database will be a nice enhancement, especially if you can see how many vulnerability reports a plugin has. Something to keep in mind is that ManageWP/Plugins is utilizing the WordPress.org Plugins API, which limits the types of data it’s able to work with.

A Plugin Directory Without The Plugins

I love the idea behind ManageWP/Plugins because it fills a void created by the plugin directory. It’s essentially a sub-section of the directory without the plugins. When I look for plugins to review, the directory leaves me little choice between one that’s popular or brand new. ManageWP/Plugins gives me an opportunity to discover them before they reach global popularity.

by Jeff Chandler at December 17, 2014 05:58 AM under resources

December 16, 2014

WPTavern: WordPress Accessibility Team Is Mobilizing to Make Accessibility Required for WordPress.org Themes

guided-road

Throughout the first half of this month, the WordPress Accessibility team has been working together with the Theme Review Team to discuss the possibility of requiring the accessibility-ready tag for themes hosted on WordPress.org. The team will need to create an official proposal to submit to the Theme Review Team in order to make this happen.

In preparation, the Accessibility team is increasing efforts to educate theme authors on accessibility best practices. Joe Dolson published a post with tips for making WordPress themes accessible, which includes basic instructions for making themes work with a keyboard, creating event triggers as accessible controls, and adding supporting text for images.

The Accessibility team also created a GitHub repository for sharing WordPress-specific code examples for accessibility and plans to add resources in the near future. The theme handbook and reviewer’s handbook will potentially need to be reworked in order to account for the new guidelines. “The goal is for those documents to explicitly correlate to the theme accessibility guidelines, so that theme authors have specific guidance on what to do to meet those requirements,” Dolson said at a recent meeting.

The Accessibility team hopes to announcing new guidelines for theme developers in April 2015, which would then be required as of November 2015. Once the guidelines are finalized for both required and recommended items, the Accessibility team will also need to train the Theme Review Team on reviewing for accessibility.

For most traditional WordPress sites, the active theme is the face of the website, and accessibility-ready themes undoubtedly improve the experience of WordPress for users with disabilities. However, making accessibility required for themes is a long and difficult path. The possibility of the requirement already has opposition among Theme Review Team administrators.

When we published about WordPress.org’s newest requirement for themes to be translation-ready, several readers chimed in on the comments to advocate for accessibility to be required. Justin Tadlock, a TRT admin, replied, “As an admin of TRT, full compliance with our current accessibility guidelines is something I’d fight to not make a requirement.

“Unfortunately, making a theme accessible can sometimes mean not respecting a designer’s artistic vision. This is particularly an issue with color contrasts. Anything that would hinder design decisions like this is not something I would support. That’s beyond the scope of what TRT’s role is.”

Even with more education for theme authors, additional guidelines pose another hurdle to overcome in the rigorous review process. Tadlock believes it would stifle submissions from new theme authors. “Requiring accessibility-ready themes would be such a huge barrier to entry for new theme authors that it would be detrimental to the system.”

The Accessibility team is highly motivated to push for this new requirement and is currently working on a precise proposal that will be voted on by the Theme Review Team. “The important thing with the proposal is clarity,” Dolson said, recognizing that it could be blocked if the two teams are unable to communicate effectively about the issues at stake. The decisions made in the first part of 2015 will determine the immediate future of theme accessibility in the WordPress.org Themes Directory.

by Sarah Gooding at December 16, 2014 09:24 PM under accessibility

Post Status: Let’s WordSesh together

wordsesh-3

This weekend, WordSesh 3 will begin. WordSesh is 24 straight hours of live streamed presentations and discussions from a variety of intelligent folks in the WordPress world.

It starts at 0:00 UTC Saturday, which really means 7:00 p.m. Eastern time on Friday for those of us in America. It’ll run through Saturday evening.

The lineup for WordSesh is as good as any WordCamp, and the chat around the past events has been fantastic. Scott Basgaard and his team of volunteers do a great job.

I’ll be on a WordPress news roundtable at the tail end of WordSesh. On Friday, I’m going to have some news that will help explain my radio silence of late, and will probably spice up the conversation I’m to have with Jeff Chandler (of WP Tavern), Dre Armeda and Brad Williams (of DradCast) and Doc Pop (of Torquemag). I hope you’ll watch.

Check out all the information on the WordSesh website, follow @WordSesh on Twitter, and RSVP if you’d like to attend. There are already over 600 people signed up. It’s completely free and community supported. I love this event and I’m glad to see it happen again.

by Brian Krogsgard at December 16, 2014 07:43 PM under Everyone

WPTavern: Jetpack 3.3 Introduces New Centralized Dashboard for Managing Multiple WordPress Sites

Jetpack 3.3 is now available. The highlight of this release is the new centralized site dashboard feature that allows users to manage multiple Jetpack-connected WordPress sites and WordPress.com sites from one location in WordPress.com.

The new dashboard is mobile friendly and includes the centralized posting feature that was introduced in Jetpack 3.2. It also allows users to see all of their sites listed together and perform a number of housekeeping actions:

  • Plugin management: Turn plugins on or off with one click — per site or in bulk.
  • Initiate plugin updates: Update plugins for a single site or all sites in bulk.
  • Automatic updates: Turn on auto-updates for any plugin on a per-site basis or in bulk.

Jetpack 3.3 is required in order to use the plugin management features, so you’ll need to update at least one of your sites to check it out. You also need to activate Jetpack’s JSON API feature and ensure that the “Allow remote actions” setting is enabled.

To view all the plugins you have installed, visit WordPress.com/Plugins. When you click through a plugin, you’ll find a short description of it and a list of the sites where you have it installed.

jetpack-plugin-management

WordPress.com’s one dashboard to rule them all is now in direct competition with services like ManageWP, WP Remote, InfiniteWP, and several others that provide centralized site management.

As WordPress has become an increasingly popular solution for building websites, developers are often responsible for more sites than they can safely keep track of for updates. Centralized dashboard management is critical for scaling maintenance capabilities. It comes as no surprise that WordPress.com is getting its hook into self-hosted sites by moving to support centralized site management via Jetpack.

In addition to the new centralized dashboard, Jetpack 3.3 also brings many other enhancements to the plugin:

  • Adds responsive video support to BuddyPress
  • Custom Content Types: Added ‘order’ and ‘orderby’ options to portfolio shortcode
  • Display notice when Jetpack Development Mode is on
  • Compatibility with Twenty Fifteen
  • Likes: Updated the code to accept arbitrary CPTs
  • Related Posts: Allow filter by post_format
  • Sharing: add new jetpack_sharing_counts filter for option to turn off sharing counts
  • Sharing: Use the Site Logo Theme Tool and the Site Icon as fallbacks for image tags

The 3.3 release also adds several filters that allow developers to further customize Jetpack’s behavior. Check out the changelog for the full list of enhancements and improvements.

by Sarah Gooding at December 16, 2014 06:24 PM under wordpress.com

December 15, 2014

WPTavern: 100,000+ WordPress Sites Compromised Using the Slider Revolution Security Vulnerability

photo credit: Ravages - ccphoto credit: Ravagescc

Over the weekend, the security team at Sucuri discovered that more than 100,000 WordPress sites have been hit with the SoakSoak.ru malware campaign. This campaign has resulted in more than 11,000 domains being blacklisted by Google.

SoakSoak modifies the wp-includes/template-loader.php file in order to inject Javascript, which contains the malware, into every page on compromised sites. You can check to see if your site is affected by using Sucuri’s free SiteCheck scanner.

After researching the compromised sites, Sucuri found that SoakSoak’s vehicle of attack is the critical security vulnerability that was discovered in the Slider Revolution plugin and made public in September. At that time, Envato identified more than 1,000 themes sold through its marketplace that were potentially affected by this particular vulnerability.

The Slider Revolution issue, though silently patched in February, has been actively exploited since its disclosure. Many WordPress site administrators have not updated their copies of the Slider Revolution plugin to the patched version, leaving their sites open to compromise. Since the plugin is packaged with many themes sold through Themeforest, site owners are not always aware that they are vulnerable.

According to the report from Sucuri, the SoakSoak attack first scans sites to locate the vulnerable file within the Slider Revolution plugin in order to gain access to the wp-config.php file. If successful, the intruder then attempts to upload a malicious theme to the site, followed by injecting the Filesman backdoor into the website. The attacker then injects another backdoor in order to modify the swfobject.js file to inject malware that redirects visitors to soaksoak.ru.

This malware attack is particularly difficult to clean up after. If your site has been compromised, you cannot simply remove the infected files. The backdoors will also need to be addressed, as well as the Slider Revolution vulnerabilities. Sucuri advises stopping malicious attacks through a firewall. If your site or one of your clients’ sites is using the Slider Revolution plugin, it is imperative that you check to see if you are affected and update your site and plugins immediately.

by Sarah Gooding at December 15, 2014 10:42 PM under slider revolution

WPTavern: Pippin Williamson on Building a Community Around Your Open Source Project

photo credit: inQbationphoto credit: inQbation

When Pippin Williamson launched Easy Digital Downloads in early 2012, he could not have predicted the success that the open source project is experiencing today. The core plugin is approaching half a million downloads and recently passed 100 contributors on GitHub. It provides the foundation for a profitable commercial marketplace of more than 190 extensions authored by the EDD community.

The Birth of Easy Digital Downloads

As is the case with many entrepreneurs, Williamson discovered one of his best ideas while solving one of his own problems. He had become an avid plugin developer long before EDD was in the picture. “I wanted a better way to sell WordPress plugins I was creating through my own site,” he said. “I had been using the Code Canyon marketplace from Envato for a while and had toyed with a few of the other e-commerce plugins, but I wanted something a bit different.” Williamson had no idea that EDD would soon become his full-time job.

When a project starts out that way, it’s really hard to guesstimate what the future holds for it. As I continued building on the plugin and making more generalized features that had a wider audience than just my site, it became apparent pretty quickly that others were looking for some of the same things. The project was started in March and by November of the same year, I really started to consider the prospect of it becoming a full-time job for me.

Williamson was inspired by Jigoshop’s and WooCommerce’s successes with the “extensions marketplace” business model. “As an outsider, it seemed as though the extensions model was working well for them, so I thought, ‘Why not?’ It seemed like a good fit. Early on though I had no idea that we would reach more than 150 extensions in so short a time.”

He built the first couple of extensions for himself, including the Stripe integration. “Those first extensions were really the ones that proved building a marketplace around EDD wasn’t an utterly insane idea. Mostly insane but plausible.”

Extensibility Has a Direct Correlation to Profitability

Easy Digital Downloads is well known for having a codebase that is easy to extend and friendly to developers. Williamson built this into the project out of principle from the early days of EDD, not knowing how vital extensibility would become further down the road.

“It definitely started as a core philosophy but became a fundamental requirement as the project grew. EDD wouldn’t be even half as successful as it is now if it weren’t for the extensibility,” he said. “There are still severe pain points in terms of our extensibility, but they are being worked on for future releases. A commitment to always making the plugin more and more extensible is one of the things that has really helped us along the way.”

Extensibility is the backbone of the EDD marketplace, and it’s paying off for Williamson and the project as a whole. On an average day, the core EDD plugin sees 400-1000 downloads. “The revenue of the project has grown consistently since first launching two and a half years ago,” Williamson said. “In its first year, we saw steady growth, but nothing amazing by any means. It was enough to tell me there was potential for much, much more.”

In 2012, Williamson reports that the project pulled in $25,000 in extension sales, with one fifth of this paid out to third party developers for extension sales. Over the course of 2013, EDD grew its monthly revenue from ~$2,000 per month up to nearly $16,000 per month. Williamson finished that year with ~$190,000 in sales and paid out nearly $64,000 in commissions to third party developers.

“And now, just as we are wrapping up 2014, we have seen more than $456,000 in sales and have generated more than $200,000 in commissions for third party developers,” Williamson said. “In 2015 these numbers are expected to grow, just as they have for the last two years. To say we’re excited for the future would be to put it lightly.”

Attracting and Keeping a Community of Contributors

Without EDD’s large community of contributors, the project’s success would have been severely limited. EDD seems to have an organic way of attracting and keeping contributors. Williamson attributes this to three key aspects of the community surrounding the project:

  • We work hard to always try and make new contributors few welcome. No one should ever be told (even indirectly) to go away when they are trying to give back to a project. By being open to criticism and suggestions from the community, and working to ensure the community feels encouraged to speak up, we have gained a lot of long-time contributors, simply because they didn’t feel like their suggestions were lost in a dark abyss of nothingness or intentionally ignored. When people feel welcomed, they tend to stick around.
  • Every suggestion gets an answer of some kind. Period. We strive to never leave a support ticket or github issue unanswered. Even if the answer is “no”, we still answer it. When people are ignored, they leave, so we never ignore anyone. Period.
  • We have actively asked people to help out on the project. There are tons of people out there ready, willing, and wanting to help; sometimes all it takes is an invitation.

Williamson doesn’t think that any of these efforts are unique to EDD, but they have been the most important factors for growing and keeping a large contributor base. He aims to make sure every single contributor gets an answer to their suggestions, no matter how small the contribution or bug report. “If someone that is brand new to the project feels they have been ignored, how likely are they to ever come back? I think we see this a lot with WordPress core contributors,” he said.

“There are hundreds of tickets on trac that have gone unanswered from new contributors, and I suspect a huge percentage of those people have decided to move on and not contribute since they felt ignored. It doesn’t matter if someone is actually ignored; it matters that they feel they were ignored.

In order to maintain a good follow-up process, Williamson has streamlined development of the core plugin through its GitHub repository. New contributors who want to get involved with extension or theme development also have access to a private Trello board where they can connect with other developers.

Advice for New Open Source Project Leaders

When reflecting on the early days of EDD, Williamson has a few regrets and encourages developers to think about the future when it comes to plugin architecture. “There is one major architectural change I would make, and that is the use of custom tables for storing data,” he said.

“We opted out of using custom tables from day one, and that was a mistake. Not properly leveraging custom tables that had the exact database schema that we needed actually made it dramatically more work for us in the long run. We’ve had to jump through a lot of hoops to build advanced queries for solid store reporting.”

This mistake has made it difficult to build EDD in a way that will scale the plugin up to a larger user base on larger websites, as needed. Williamson and contributors continue to find ways to deal with it but it is still costing the team a great deal more effort.

On the community aspect of the project, he has a few simple tips for open source project leaders who want to attract a decent base of contributors.

  • Be nice.
  • Respond to everyone.
  • Make it publicly known that you want contributions.
  • Do what you can to make it easy (hint: asking people to email patches is not making it easy.)
  • Be very open to criticism.
  • Work hard to build an awesome product, as that alone will attract a certain number of interested in contributors.

Holding to these principles has made Easy Digital Downloads a resounding success, as well as an inspirational example for WordPress plugin developers. Williamson hopes to expand operations to include a hosted version of the plugin, but doesn’t yet have a roadmap for how that will play out.

“I would like to see a hosted version be available within the next year or two. We haven’t officially decided if we will offer one or if we will seek partnering with an agency or other group, but I’d love to see it come about,” he said. If he’s able to launch a hosted version, Williamson will have the opportunity to tap into a whole new demographic of customers, many of whom are likely not developers.

“I’ve never run a hosted service before so it will be a whole new experience for me with a whole new set of challenges,” he said. Williamson counts the strong EDD community as one of his assets in pursuing this new venture:

One advantage that I feel we will have, however, is the rapid development pace that having a strong community of contributors affords us. As we iterate quickly on the self-hosted version, those same changes will be able to be applied to a hosted version. It will also be able to go in reverse: as we test out new features in a hosted version, we can apply those same changes upstream to the self-hosted version. Much like WordPress.org and WordPress.com.

With a large number of people building extensions for the project, and a regular stream of contributions and bug fixes, Williamson and EDD are uniquely prepared to support a hosted version. The success of Easy Digital Downloads demonstrates the value of building a strong community around your open source project. With the right cultivation and a healthy community, any quality project can become more profitable and prepared for the future.

by Sarah Gooding at December 15, 2014 08:19 PM under wordpress community

WPTavern: The Majority of Shark Tank Contestants Use WordPress and WooCommerce

Have you ever wondered what CMS and eCommerce system Shark Tank contestants use? WP Engine used BuiltWith and looked at the websites of each contestant appearing on the show between seasons 1-5. They also manually investigated each site to determine some of the more complex setups. Factors WP Engine looked for include: if the site was still active, site-wide SSL implementation, and what kind of eCommerce solutions are being used. Here are a few highlights from the infographic.

WordPress is the most popular platform, followed by Shopify and Magento. One of the most disappointing discoveries is that out of 341 websites, only 39 have SSL support. SSL is important because it provides a level of encryption between you and the server. It also protects customer information which is extremely important if you’re going to sell things online.

For over a year, Magento was the eCommerce system of choice, but it’s now in second place. WooCommerce is now the most popular eCommerce system used by Shark Tank contestants. This makes sense since WordPress is the most popular platform and WooCommere is built to be used with WordPress.

Check out the rest of the data in the image below and let us know if any of the data surprises you. The image is over 1mb in size so it might take a little while to load.

WPEngine Shark Tank InfographicInfographic Created By WP Engine

by Jeff Chandler at December 15, 2014 08:15 PM under wpengine

WPTavern: Google Earth API to Retire December 12th, 2015

Google Earth API Featured Imagephoto credit: Ludovico Ceracc

For over six years, the Google Earth API has enabled countless developers to build 3D mapping applications in the browser. Those days are over as Google announced on its developer blog that the API is deprecated and will officially retire December 12th, 2015.

The Google Earth API is built on the NPAPI plugin framework which Chrome and Firefox no longer support due to security reasons. Over the past six years, the API has experienced dwindling support across multiple platforms, especially on mobile. It’s worth noting that Google Earth is not going away; only its API is being retired.

A quick search of the WordPress plugin directory for Google Earth shows at least three pages of results. However, several of the plugins look like they use Google Maps instead of Google Earth. If using an external API, most authors put the information in the plugin’s description. If you’re using a plugin that uses the API, please get in touch with the author and let them know it’s no longer supported.

by Jeff Chandler at December 15, 2014 06:33 PM under maps

December 12, 2014

WPTavern: BuddyPress, bbPress, and GlotPress Development Campaign is Now Fully Funded

jjj

John James Jacoby’s crowd-funding campaign for development on WordPress’ sister projects is now closed and fully funded at $51,500. For the first six months of 2015, he will be working full-time to push the BuddyPress, bbPress, and GlotPress projects forward.

Jacoby is essentially pioneering a new way of working as an open source developer funded by the community. There’s no prescription for how to tackle each project’s goals, but working remotely in the past has uniquely prepared him for this opportunity.

“Previous experience working mostly independently and remotely certainly doesn’t hurt, particularly for things like consistent communication and maintaining momentum,” he said. “It will be nice to get back into the swing of posting public status updates and more strictly planning out my days and weeks again. I appreciate the freedom I’ve had since July, but being completely without structure can be risky, too.”

Jacoby anticipates splitting his time equally between BuddyPress, bbPress, and GlotPress. “In my imagination, fairly evenly in priority order for a few of the long standing issues that have been prohibiting enhancements to WordPress.org, specifically for the Rosetta sites,” he said. “GlotPress will require a little more time for me to start being helpful, so I’ll likely try to focus on the BuddyPress and bbPress queue first.”

What will a typical day look like for Jacoby when he starts working full-time on the sister projects? He plans to be involved in every aspect, from writing code to mentoring to adding codex contributions.

I think a typical day will look like a cup of coffee, reading Trac and Slack, providing feedback and mentorship, and shepherding as much activity as I can. That might mean committing patches and doing feature development, increasing unit test coverage and working on the codex, or helping with tools to enable others to contribute easier. There is no shortage of things to do, and I’ll be looking at ways to multiply my efforts to get the maximum value out of the time I have.

If the development project is successful, other developers may be inspired to create similar campaigns. Jacoby isn’t the only one with the capability to make a strong impact on these projects. He believes that there are many others who would be able to do that same.

I really hope people look at this campaign as something they can try, too. Stephen Edgar has been absolutely killing it all across .org, so removing that barrier for him is a priority of mine. Mathieu Viet keeps putting out comprehensive BuddyPress concepts that could make their way into core with just a bit more free time and focus. Ryan McCue already volunteers a huge amount of time; imagine if he was 100% focused.

Matt Gross (currently at 10up) is such a fast learner and can really crank stuff out quickly. Alison Barrett (also currently at 10up) is the same way; crazy fast at learning and implementing new things. I’d love to work with either of them on the bb’s again. A few of these individuals may not require outside funding, but it’s an interesting idea to use it as an option to reduce an employer’s monetary burden.

Working full-time on open source community projects without distraction, while still paying the bills, is a rare opportunity that Jacoby intends to maximize. If all goes as planned, the first half of 2015 will bring about the removal of the projects’ most pressing hindrances. The success of Jacoby’s campaign demonstrates that the WordPress community believes in the potential of BuddyPress, bbPress, and GlotPress enough to invest in a trustworthy developer to make dedicated improvements.

by Sarah Gooding at December 12, 2014 10:01 PM under glotpress

WPTavern: A Newbie’s Guide to bbPress

If you’re brand new to bbPress, you may not know about some of the ways it can be extended beyond being a simple forum. Additional functionality can be added with plugins, its output can be manipulated through CSS, and development is easy to keep up with. Even though bbPress has a getting started guide available, I came up with my own mini guide. Here are some tips to get you started on building a bbPress forum.

Where to Find Plugins

bbPress is a plugin that was designed to be extended by other plugins. Once installed and configured, simply browse the plugin directory from the backend of WordPress and search for bbPress. There are at least 314 plugins that show up in the search results, not including the ones hosted on Github.

bbPress Plugins in The WordPress Plugin DirectorybbPress Plugins in The WordPress Plugin Directory

Even though bbPress.org has a section dedicated to plugins, it’s essentially an alternative to browsing the WordPress plugin directory. Instead of being able to view all of the plugins available, the pages only list bbPress specific plugins.

Similar to WordPress, bbPress has a list of feature plugins that may one day, be merged into core. The list contains plugins that offer features found in most forum software out of the box, so it’s a good place to start when adding features. Pay close attention to the Last Updated: information as I encountered a lot of plugins that haven’t been updated in over 2 years.

Altering The Look and Feel

bbPress comes with built-in theme support where all required elements such as front-end editing are included. If a WordPress theme doesn’t have support for the various elements that make up bbPress, you’ll still be able to use it. The built-in support makes it compatible with nearly every WordPress theme. However, I strongly encourage you to use a theme that is bbPress compatible as it almost always looks better than the default.

Free bbPress Compatible ThemesFree bbPress Compatible Themes

A search of the theme directory indicates four pages of free WordPress themes that are explicitly compatible with bbPress. If you’d simply like to override the default markup to give it a custom look, check out this Codex article.

How to Keep up With Development

While WordPress releases three major versions a year, bbPress averages two a year. So far in 2014, there have been no major versions released. Compared to WordPress, bbPress development occurs at a slower pace due to a smaller number of people contributing and spending time on the project. Not only does this make it easy to keep up with changes, it increases the opportunity to influence the project.

bbPress DevelopmentbbPress Development

bbPress uses Trac for development where user’s can submit bug reports and patches. If you use Slack, you can join the #bbPress channel where core developers and contributors hang out. This is a great way to get in touch with people and communicate in real-time.

Where to Get Support

The best way to get support is through the official bbPress forum. While not as active as the WordPress support forum, there’s still a good amount of activity that takes place. It’s also monitored by all of the core developers.

bbPress Support ForumbbPress Support Forum

The bbPress support forums follow the same rules and guidelines set forth by the WordPress support forums. There are two documents you should read to familiarize yourself to how it works. Using the Support Forum and the Forum Welcome message.

bbPress Nomenclature

bbPress has a set of nomenclature that is different from forum software you may have used in the past. This small guide explains what each term means.

  • Forums – Are segments of the main forum similar to categories.
  • Topics – Topics are created within forums, they are the issues that are being discussed.
  • Replies – Replies are made to topics, this is the actual discussion.
  • Voices – Voices represent the number of individuals participating in a conversation

The Next Six Months

Although development has come to a crawl in recent months, it’s encouraging that John James Jacoby successfully reached his crowd funding goal as bbPress will likely experience a surge in development and community based contributions over the next six months. Hopefully, the next six months are among the project’s brightest.

Codex Volunteer

The documentation and organization of documents on the bbPress.org website leaves a lot to be desired. Several links point to placeholders or the incorrect pages. I’m working with the team as a Codex volunteer to try to clean up the mess so others can benefit by finding the information they need.

This guide is a Cliff’s Notes version of what’s available on bbPress.org. I hope it helps you as it did me when putting it together.

by Jeff Chandler at December 12, 2014 08:32 PM under Themes

WPTavern: Variable VVV: A New VVV Site Creation Wizard for WordPress

vagrant

Brad Parbs and his colleagues at WebDevStudios have created a new tool for the thousands of developers out there who utilize Varying Vagrant Vagrants for WordPress development. As Vagrant development environments are a daily staple of work life at WDS, the team needed a faster way for setting up new WordPress sites with VVV.

Variable VVV is their solution, a script that automates the creation and deletion of new WordPress sites using VVV. The script is based on Alison Barrett’s VVV Site Wizard.

“The original site wizard hasn’t been updated in about half a year. I’ve designed this to be a drop-in replacement,” Parbs told the Tavern. “All the flags and commands from vvv-site-wizard function 100% the same, so you can just install this and start using it exactly the same.” Anyone who has used the VVV Site Wizard in the past will be comfortable using Variable VVV right away.

The new script has a few additional features beyond the original VVV Site Wizard, including the following:

  • The ability to pass vagrant command through to VVV
  • An easier way to set your VVV installation path
  • The ability to clone a git-repo as wp-content
  • The ability to set more installation options

While creating the script, Parbs went through the issues list at the vvv-site-wizard repository and fixed a number of issues. He sees Variable VVV as the spiritual successor to the original tool and has designed it to be a bit easier to use. He noted that it takes just 1/3 the time to type the commands and the command results have also been vastly improved. “One example is the list command to show you all sites. With vvv-site-wizard, it is a plain list of site names. vv list will show you a colorized output, along with URLs and marking VVV defaults,” Parbs explained.

The WebDevStudios team has an extensive roadmap of features for future implementation. Parbs is most excited about the idea of “blueprints,” which would offer the ability to install themes and plugins while setting up a new site.

A blueprint would define a list of plugins, themes, mu-plugins, and various site options. When installing, you could grab that blueprint and it would set it all up. I’m planning on letting you grab from Github, WP.org, a zip file link, etc. I’ve outlined the idea on GitHub. You’d setup multiple blueprints, and when you do an install, you could grab a blueprint and use that. For example, an ‘ecommerce’ blueprint might install WooCommerce, some other plugins, and _s, or whatever you like.

As the VVV Site Wizard doesn’t seem to be maintained anymore, Parbs plans to keep Variable VVV going and has also outlined a number of other enhancements in the project’s issues queue:

  • Enable vv to auto-update itself
  • Add deployment capability
  • Delete site database during removal
  • Add option to add dummy content when creating site
  • Allow overriding of /htdocs install location

Parbs plans to add anything that will make developers’ lives easier at WebDevStudios, but he is also open to suggestions. “I’ve built the script to be extremely easy to add new functionality, so implementing features people request will be as easy as possible,” he said.

The script is now ready for public use. “Over the past few days, a few people here at WebDevStudios have been beta-testing it, and its really solid,” Parbs said. Variable VVV is now publicly available on GitHub for anyone who wants to use it or contribute back to the project. If you test the script, make sure to leave your feedback and suggestions in the project’s issues list, as WebDevStudios plans to consistently maintain and extend the tool to make it better.

by Sarah Gooding at December 12, 2014 07:47 PM under wordpress development

WPTavern: Idea Factory: A Frontend Submission and Voting System for WordPress

idea-factory

One of the oldest and simplest ways of accessing public opinion is through an up/down voting system. When offered in a controlled setting where everyone has the chance to vote, the system causes the best ideas to float to the top.

Idea Factory is a plugin designed to make it easy for WordPress administrators to set up a voting system where users can submit new ideas from the frontend. The plugin was created by Nick Haskins, author of the Aesop Story Engine.

“Idea Factory was born out of necessity, and the frustration of the lack of plugins that did exactly what I wanted it to do,” Haskins wrote in the plugin’s description. His implementation is simple but built to be extensible, offering developers a number of filters, hooks, and actions. Idea Factory features the following:

  • AJAX powered front-end submission and voting
  • Voting is limited to logged-in users
  • 1 vote allowed per user per idea
  • Emails the admin with notification of a new submission
  • Extensible with hooks and actions on events
  • More ideas loaded with AJAX on front-end
  • Mobile friendly

Logged-in users can enter new ideas via a modal submission box. The plugin creates an Idea custom post type and data is stored in post_meta and user_meta tables.

idea-submit

Ideas are displayed at yoursite.com/ideas. Users can only vote once on each idea before they are locked out. Up votes push ideas to the top and down votes send ideas further down the list.

ideas

The design is generic enough to drop nicely into any theme, but you can further customize it by copying the file from the plugin’s /template-ideas/ directory into your theme. Idea Factory’s settings also allow you to disable the core CSS file from loading so that you can take full control.

Each idea and its description can be edited in the admin. If you have a highly active voting board, you may want to turn off email notifications for new submissions. The settings also include an option to hold all new ideas as drafts to be approved before publishing.

After testing Idea Factory, I was impressed with how easy it was to set up and use. Both idea creation and voting are anonymous, but it might be nice to have an option to display users for each. However, one of the best things about Idea Factory is that it maintains a limited set of features in favor of keeping the plugin lean and extensible.

An idea voting system can help community managers or developers get a better idea of where to invest their time and how to prioritize new features. It’s a quick way to take the temperature of your user base, because it allows them to freely express their ideas and participate in voting up the best ones. It’s also far less time-consuming than conducting a survey. Check out Idea Factory on WordPress.org for a solid, simple way to bring new ideas to light.

by Sarah Gooding at December 12, 2014 07:03 AM under voting plugin

December 11, 2014

WPTavern: WPWeekly Episode 174 – What Would it Take to Lose The Throne?

In this episode of WordPress Weekly, Marcus Couch and I discuss what it would take for WordPress to lose its dominant market share position. We both agree that WordPress isn’t going anywhere soon but it’s something to be mindful of.

We share our thoughts on the recommended plugins tab coming in WordPress 4.1 and whether or not it will help users discover new plugins. Last but not least, we discuss Google’s attempt to simplify reCAPTCHAs by replacing distorted text with a check box.

Stories Discussed:

What Would it Take For WordPress to Lose its Dominance?
Google’s New reCAPTCHA API Replaces Distorted Text with a Checkbox
WordPress 4.1 To Introduce Plugin Recommendations
nRelate Will Shutdown Its Service December 31st
Manage Multiple WordPress Sites with WPDASH, Now in Beta

Plugins Picked By Marcus:

StoryFTW by Patrick Shanahan, is a simple swipe based story engine that allows you to use any kind of media imaginable to create your own dynamic slide by slide story. The review is based on an Alpha copy as the plugin is not publicly available yet.

Test User Role allows you to quickly test other user roles from a super admin account to see what other users experience.

Grid is a container based landing page editor.

WPWeekly Meta:

Next Episode: Wednesday, December 17th 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #174:

by Jeff Chandler at December 11, 2014 09:13 PM under wpdash

Akismet: Akismet 3.0.4 Plugin for WordPress Released

Version 3.0.4 of the Akismet plugin for WordPress is now available.

This update adds better compatibility with Apache 2.4, allows https author URLs to be removed from comments, removes the “Check for Spam” button from the “Trash” and “Approved” queues, and allows for automatic API key configuration when Jetpack is installed and connected to a WordPress.com account.

To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.


by Christopher Finke at December 11, 2014 06:44 PM under WordPress

WPTavern: WordPress Themes Directory Now Requires All Themes to be Translation-Ready

photo credit: . Entrer dans le rêve - ccphoto credit: . Entrer dans le rêvecc

WordPress made great strides in 2014 towards improving internationalization for the global community. WordPress 4.0 streamlined language management in the admin and brought language selection to the installation process.

In the State of the Word address this year, Matt Mullenweg highlighted the importance of internationalization to the project when he said, “If WordPress is going to be truly global, truly inclusive, it has to be fully available for other languages.” He also announced that fully localized plugin and theme directories will be available in the admin as of 4.1.

This week the WordPress Theme Review Team updated its guidelines to require all new theme submissions to be translation-ready. Theme authors submitting new themes to the official directory must ensure that all text strings are translatable. This also applies to any updates to existing themes.

Tips for Making Your Theme Translation-Ready

The WordPress Theme Review Handbook doesn’t yet contain a section with information about preparing themes for translation. However, you can find all the basics on how to internationalize a theme in the WordPress Theme Developer Handbook, which is still a work in progress.

The internationalization section also links to a number of videos and tutorials in its resources section. Many of these will be helpful in walking theme developers through the process of preparing themes for translation:

If a WordPress theme isn’t translatable, then the site it is running on is limited to the theme author’s language. If you invest your time and hard work into creating a WordPress theme, why not make sure that it’s able to be used all over the world?

The new requirement from the Theme Review team is a major milestone in expanding WordPress’ global reach. The official themes directory is often the first place that self-hosted WordPress users look when shopping for themes. The new translation-ready requirement will help ensure that WordPress.org’s vast library of themes are ready for global use.

by Sarah Gooding at December 11, 2014 06:34 PM under internationalization

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this send an email to Matt.

Official Blog

For official WP news, check out the WordPress Dev Blog.

Subscriptions

Last updated:

December 20, 2014 03:30 AM
All times are UTC.