WordPress Planet

May 27, 2016

WPTavern: Jetpack 4.0.3 Patches a Critical XSS Vulnerability


Jetpack 4.0.3 is a security release that contains an important fix for a critical vulnerability that has been present in the plugin since version 2.0, released in 2012. According to Jetpack team member Sam Hotchkiss, a stored XSS vulnerability was found in the way that some Jetpack shortcodes are processed, which allows an attacker to insert JavaScript into comments to hijack a visitor’s browser.

This particular bug is similar to one recently found and patched in bbPress.

“Similar issues may exist in other plugins, and it’s a good reminder about the power of regular expressions to create issues when parsing data,” Hotchkiss said.

The Jetpack team has been working with the WordPress security team to push out point releases for all vulnerable branches of the plugin’s codebase, which includes all versions following 2.0. They are using WordPress’ core automatic update system, so all sites that have not explicitly opted out will receive the security update.

“Fortunately, we have no evidence of this being used in the wild,” Hotchkiss said. “However, now that this update is public, it’s just a matter of time before someone attempts to exploit it.” The Jetpack team is advising users to update as soon as possible, as the update also fixes any potential exploits that may have already been put in place.

The team credits Marc-Alexandre Montpas from Sucuri for finding the bug and disclosing it responsibly. Users will be notified about the security release via email, but those who have Akismet and/or VaultPress installed have already been protected since the first reporting of the vulnerability.

by Sarah Gooding at May 27, 2016 01:05 AM under security

May 26, 2016

Post Status: Growing a lifestyle business without losing the lifestyle

Editor’s Note: This is a guest post by Nate Wright. Nate is a WordPress developer and solopreneur. He runs Theme of The Crop, a niche WordPress theme company geared toward restaurant websites. You can learn more about Nate on his Post Status profile and follow him on Twitter.

Here’s a scenario you’re probably familiar with: a friend or family member, not terribly tech-savvy, approaches you with an idea. Why don’t you build Facebook for clowns? What about Uber for sandwiches?

Their ideas are often a little better than these. Sometimes they’re worse. But in my case the conversation always gets to the same point in the end.

You can build stuff on the internet. Why aren’t you shooting for the stars? Don’t you want to be rich like Zuckerberg?

Right now some of you may be thinking: yes I do! This post isn’t for you.

This is for those of you who cringe at the thought of your days filling up with hiring and training staff, conducting meetings, or filling out paperwork. Those of you who don’t want to live the big siloed life of a CEO. Who dove into the WordPress market because you wanted to build things yourself. For yourself.

The rockstars and the rest of us

It’s hard to find someone more widely admired among WordPress developers — and more deserving of that admiration — than Pippin Williamson. So when he described his evolution from staunch go-it-aloner to team leader, many of us sat up and listened.

The comments in response to that post exhibit a common mix of anxiety, frustration and hope for us go-it-aloners, who have carved out small (and not so small) niches in the WordPress world.

We’re overstretched and under resourced. We lack good marketing strategies. And we can see that growth will come from transforming our businesses into larger enterprises.

But then we start thinking about what that means. The hiring. The firing. The training. The meetings. The paperwork. The liability.

‘I don’t want to be the next Zuckerberg,’ you may think. Then, hopefully, you’ll laugh at the absurdity. But really, you may think, ‘I don’t even want to be the next Carl Hancock or Joost de Valk.’

Let me be honest with you. I’ll stop putting words in your mouth and put them in mine.

I have a lifestyle business. No, I don’t sell lifestyle products. I have a business tailored to my lifestyle.

I have a business that allows to me to take lunch when I want, finish the day when I want, go on holiday when I want, write the code that I want. That’s my job perk. That’s my killer bonus. No, that’s my Shangri-La.

When people tell you to hire early or scale quickly, they’re right that giving up control can be liberating. But it can also be encumbering. It brings new responsibilities at the same time that it releases you from old ones.

Whether or not growing your team is right for you will depend on your temperament, your appetite and the kind of lifestyle you want.

Being a little fish in a big pond

But let’s be honest. You took a chance on the WordPress market because you saw a window of opportunity. That window may be closing.

In the last few years we’ve seen a lot of consolidation. The theme market exploded, made millions for a few, and then caused a gold rush which saturated the market and pushed out small operators.

At the same time, two big traditional distribution channels dried up: the official WordPress.org theme repository, which has a huge backlog of themes awaiting approval, and Automattic’s marketplace, which is closed to new entrants.

We’re also seeing more traditional investment in WordPress properties. The big one is the $160 million raised by Automattic and Automattic’s subsequent acquisition of WooThemes. Many actors are moving more aggressively to leverage or retain their market position. Syed Balkhi is on a buying and building spree (1, 2, 3, 4). Ninja Forms did a ground-up rebuild. Pippin’s shedding non-essential products (1, 2) and purging some third-party addons.

The ecosystem looks increasingly unfriendly to us go-it-aloners. Automattic was the first to go big. Given exclusive commercial access to the WordPress trademark, it carved out its own space and split WordPress down the middle. Now the other half — the WordPress for the rest of us — is going big too.

The nice thing about being a small operator is that you only need a tiny sliver of the pie. But as the size of the market has grown, it’s become more difficult to attract attention. Showing up with a good product isn’t enough.

Going it alone, together

My lifestyle business is working well for me. Revenue keeps inching up. Slowly.

But it might not make it in a different kind of WordPress space. I’ve been thinking a lot about that lately. And I bet you have too.

Where’s the market going? What am I willing to trade to survive? Which headaches are worth changing direction for and which headaches aren’t?

Here are some of the ideas I’ve been tossing around:


Hiring out. I could scale up or down easily, depending on how well it goes. But it’s tough to manage quality when juggling vendors.

And what would I contract? I’d like to shed my bumbling efforts in marketing and traffic generation. But that seems like precisely the kind of job full of jackals who don’t know what they’re doing.

Ok, that’s harsh. I’ll just say: I worry it’d be a headache to manage it well.

Theme development seems the most plausible, since there’s a large body of talented, hungry themers washing up from the stormy seas of ThemeForest. But it may be the least valuable since the market is being swallowed up by a few big themes.


Affiliate marketing is already working for me. A little. I could go further and recruit theme or plugin developers to sell from my site on commission.

Then I’m saddled with support for products I didn’t build. Can I maintain quality? Can I drive enough traffic to be an attractive outlet for them? Will I end up with all of the headaches I wanted to avoid?


Maybe I’ll trade in my king-of-the-hill cap and bring on partners. Not employees. Genuine partners with overlapping skill sets. Instead of being a go-it-aloner we can be two or three go-it-aloners going it alone together!

Or maybe that’s just a terrible way to run a business.


There are a lot of us out there. Independent themers looking to expand beyond ThemeForest or give up on the old freemium approach of the official repository. Plugin developers looking for a new home or seeking out themes that will integrate with their plugins.

We could probably do something special if we made stronger alliances. Combined to build to stronger platforms for our products.

But that sounds like a lot of project management. Isn’t that what we were hoping to avoid?

I don’t know. I’m going to go write some code.

by Nate Wright at May 26, 2016 06:10 PM under Business owners

May 25, 2016

WP Mobile Apps: WordPress for iOS: Version 6.2

Hi there, WordPress users! Version 6.2 of the WordPress for iOS app is now available in the App Store.

What’s New:

Sharing just got easier! Post content from apps to your WordPress.com site with a new Share extension. Also, share a post right from your editor’s preview screen.

IMG_2229_2 IMG_2230

Improved clipboard support: Working with images? You can now copy and paste single images in your editor.

Login with ease: We improved error messages for self-hosted users.

Enhancements: Because “good” is not enough! Here’s the full list of enhancements.

Bugs, be gone! We zapped bugs that prevented images from rendering properly and caused backspaces to misbehave.  You can see the full list of bug fixes here!

Thank You

Thanks to all of the contributors who worked on this release:
@aerych, @akirk, @alexcurylo, @astralbodies, @diegoreymendez, @frosty, @jleandroperez, @koke, @kurzee, @kwonye, @maxme, @nheagy, @rachelmcr, @sendhil, @mattmiklic and @SergioEstevao.

You can track the development progress for the next update by visiting our 6.3 milestone on GitHub. Until next time!

by diegoreymendez at May 25, 2016 06:05 AM under Other

May 20, 2016

WPTavern: In Case You Missed It – Issue 9

In Case You Missed It Featured Imagephoto credit: Night Moves(license)

There’s a lot of great WordPress content published in the community but not all of it is featured on the Tavern. This post is an assortment of items related to WordPress that caught my eye but didn’t make it into a full post.

Chris Lema Launches Beyond Good

Chris Lema has launched a new site called Beyond Good that provides insight, tips, and methodologies for leading employees to become better than good. If it’s anything like his other sites, it’s sure to be a hit in the WordPress community.

Remote Jobs, a Remote Worker Specific Jobs Board

Chris Wallace and the team at Lift have launched Remote Jobs, a jobs board specifically catered to remote workers. According to Wallace, “The site exists to help others find remote jobs that connect them with their passions in life.” Check out the site as there’s already a decent listing of opportunities available for remote workers.

Why .Blog is Worth $19M

Matt Mullenweg participated in a phone interview with VentureBeat. The first question in the interview asks why the .blog domain is worth $19M.

Well, the domain business is actually a really good business because you can sell a domain and people use it and keep it forever. So, if you look at like a Verisign, or people who have TLDs, it’s actually an incredible business.

We really wanted .blog to be open, and some of the other applications for .blog were closed, including Google — so, let’s say for example, only Blogger could have a .blog domain. And we thought that .blog should be open to everyone, even if they’re not using WordPress.

I gotta be honest though, it was a stressful auction.

There are other tidbits of information included in the interview that I highly encourage you to read. If I were Google, I’d be upset as .blog is the perfect complimentary domain for Blogger.

Drupal Association Gives Community Member a Lifetime Ban

DrupalCon New Orleans took place last week and during the event, several speakers experienced online harassment in the form of derogatory racist, homophobic, and misogynistic comments and images from an anonymous Twitter account. Upon further investigation by community members and the Drupal Association technical and event staff, the harassment was tracked to an attendee at the event.

This person was then confronted by members of the Drupal Association staff and the Community Working Group. They were asked to leave the event and informed that they have been banned from attending any future DrupalCons as well as any events produced by the Drupal Association, in accordance with the DrupalCon Code of Conduct, which states, ‘We do not tolerate harassment of conference participants in any form.’ Shortly after the person left the conference, the account from which the harassing tweets were made was deleted.

This is an excellent example of why Codes of Conduct exist for events. By the way, check out the Code of Conduct that’s in place for every WordCamp. If you experience harassment of any kind at a WordCamp, please tell event staff.

Plans Published to Upgrade WordPress Support Forums

Jennifer Dodd published a detailed plan for migrating the WordPress.org support forums from bbPress 1.x to 2.x. The project is a huge undertaking and involves moving massive amounts of data. If all goes according to plan, the support forums will be on bbPress 2.x by the end of the year. I’m sure a lot of support forum volunteers are stoked to hear this news.

What NOT to Name a WordPress Theme

This tweet by Ryan Sullivan gave me a good laugh.

Tom McFarlin on Improving the WordPress Plugin UX

Tom McFarlin published a great article that offers ideas on how plugin developers can improve the WordPress plugin user experience. His first suggestion is a key reason I think GravityForms became successful.

Try to make sure that your project tightly integrates with the core WordPress user interface.

When I witnessed GravityForms for the first time in 2009, I loved how it integrated into the WordPress backend as if it were a part of the core software. Fast forward to 2016 and plugins that tie into a service are experimenting with overlay interfaces that replace WordPress’. The most recent example I recall is WP Forms that I reviewed earlier this year.

In my review, I specifically noted that the interface the developers used allowed me to focus on creating forms. It doesn’t seem like it’s a WordPress core feature and it didn’t have too. While the advice McFarlin gives is likely accurate for most cases, there are plugins that benefit from having a unique user interface different from WordPress’.

Don’t Edit Core

This comic created by CommitStrip made me smile.

Wapuu Tattoo!

In what is a traditional part of this series, I end each issue by featuring a Wapuu design. For those who don’t know, Wapuu is the unofficial mascot of the WordPress project. WordCamp St. Louis 2016, took place last weekend and one of the attendees had a Wapuu tattoo! Wapuu looks good everywhere, including human skin!

That’s it for issue nine. If you recently discovered a cool resource or post related to WordPress, please share it with us in the comments.

by Jeff Chandler at May 20, 2016 10:30 PM under support forums

WPTavern: WordPress Meta Team Publishes Prototypes of The Plugin Directory Redesign

In early 2015, the WordPress.org Meta team redesigned the WordPress plugin directory and added a number of new features. In an effort to iterate on the page’s layout, the Meta Team has published prototypes of a new design for the plugin directory’s home and search results pages.

The prototypes are inspired by Get WordPress, a landing page that provides key information about the WordPress project at a glance.

There are a few things to keep in mind while looking at these prototypes. The first is that plugin information displayed on the page is inaccurate. Second, the Pro and Light classifications are for design purposes only. Third, links at the bottom will point to their corresponding pages.

WordPress Plugin Directory Homepage ProtoypeWordPress Plugin Directory Homepage Protoype

Unlike the current design, the prototype displays far less information. Authors, Last Updated, Compatibility, and Active Installs are absent from the homepage view. Initial feedback highlights the concern that too much information has been stripped away.

In response to a comment on the announcement post, Samuel Sidler, Apollo Team Lead at Automattic and contributor to the Meta team, explains why he doesn’t think the information is useful to users.

Author, as you said, is only really useful for insiders. The latter two, meanwhile, are already taken into account in the search results. If a plugin doesn’t have a recent compatible version, it will move down the list. If it’s too old, it won’t get shown at all (which is the case today).

Active installs is more interesting, but we account for it weighting search results as-is. I actually find it refreshing to not show the active installs as it allows for less-popular plugins to get more downloads. Users will be less likely to click the popular plugins (outside of familiar names) and more likely to find the plugin they actually need.

Another commenter suggests creating a simple/advanced view. By default, the page could display a simplistic design while giving power users an option for more details.

“Just like WordPress core, we strive to design for the majority and build features for the 80%,” Sidler said in response to the comment. “An ‘advanced’ view doesn’t meet that requirement, in my eyes.”

The Meta team is iterating quickly and will soon publish a prototype of the plugin details page. If you have feedback on the plugin homepage and search result prototypes, please leave a comment on the announcement post.

by Jeff Chandler at May 20, 2016 08:19 PM under meta

May 19, 2016

WPTavern: WPWeekly Episode 235 – Interview with James Giroux Envato’s WordPress Evangelist

In this episode, Marcus Couch and I are joined by James Giroux, Envato’s WordPress evangelist. We discuss a number of topics including what he’s accomplished since taking over the position in January, the item support policy change, and author driven pricing.

We also find out what his favorite part of the job is and what he enjoys most about his role at Envato. Last but not least, we discover what the company is doing to shorten the length of time it takes to get through the review queue.

WPWeekly Meta:

Next Episode: Wednesday, June 1st 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #235:

by Jeff Chandler at May 19, 2016 07:18 PM under themeforest

WPTavern: BuddyPress Launches Style Modules Trial Initiative

photo credit: Paintbrush - (license)photo credit: Paintbrush(license)

BuddyPress core developer Hugo Ashmore announced a new trial initiative this week that aims to create a library of CSS and JavaScript snippets to help users customize their communities. The Style Modules project will aggregate community-submitted code that enhances BuddyPress components in a plug-and-play manner.

Developers who want to contribute to the project can submit their modules by creating a ticket on BP trac and attaching a zip file that includes the CSS/JS files, a readme.md, and a screenshot.

Users who want to add a module will need to create a /style-modules/ directory and then unzip the module inside it. The next step requires the user to copy functions from the module’s readme file to their theme’s functions.php file, a step which provides a significant hurdle for a non-technical BuddyPress community manager.

“Initially this is a trial to see whether we get sufficient interest in the concept to continue and develop further, perhaps enhancing the loading process with enqueueing of files based on directory scanning and loading of files as an array but run from the core theme compat class, removing the need for users to copy the loading functions to their functions file,” Ashmore said.

The project’s GitHub repository includes an example module that re-styles the members list into a grid layout. Other example ideas Ashmore suggested include a new look for profile entries, a different presentation for the activity posting form, or something as simple as changing the font size for the activity stream.

The experimental initiative will test the waters to see if the BuddyPress community will chip in to provide enough modules to make this a real library. The support policy stated in the proposal doesn’t offer much incentive for module authors to submit their work:

Provision of modules and use of them is entirely the discretion of the authors and users, while BP will run some basic checks on the module BP does not guarantee that the modules will work in all given situations or installs, or accept any liability in their use. Support for a module remains the responsibility of the author to ensure the continued effectiveness of the module with updates to themes, WP or BP.

Historically, BuddyPress has struggled to present itself as an easily customizable solution for communities. Theme compatibility, introduced in April 2013, made it easier to use BP with any theme, but unless you purchase a theme specifically designed for the plugin, its default output is rather generic and in need of heavy styling.

The BuddyPress Style Modules concept is an attempt to make it easier for community managers to enhance BP components with different looks, but the project will need to provide a compelling reason for developers to contribute modules and continue to maintain them.

by Sarah Gooding at May 19, 2016 02:34 AM under BuddyPress

May 18, 2016

WPTavern: The .blog Domain Extension Is Now Open to Registrars

photo credit: Luis Llerenaphoto credit: Luis Llerena

Today marks a moment in internet history, as the very first .blog domain is now operational on WordPress.com. Knock Knock, WHOIS There, a subsidiary of Automattic, launched Nic.blog today to begin getting registrars to sign up to sell the new TLD.

Automattic won the rights to oversee the sale and registration of the .blog domain in 2015 via a bidding process that is estimated to have closed around $20 million. The domain extension is so new that Twitter doesn’t yet support it as a valid link, but Automattic expects to activate 250,000 new names in 2016.

According to the new nic.blog information site, registrars that sign up to sell .blog domains will be able to participate in an incentive partnership model that rewards a higher volume of sales:

Pricing will be in the standard range for new gTLDs, with premium names available in several tiers. High margins for registrars will be guaranteed by an incentive model, rewarding sales above a certain baseline. Final terms will be published in the coming weeks.

Automattic is opening up the .blog TLD to registrars around the world and companies can sign up on nic.blog to learn more about the requirements. Individuals who are interested in purchasing a .blog domain should review the tentative launch plan published today. Registration will be open to trademark owners during the Sunrise period starting in August 2016, followed by a Landrush period in October.

by Sarah Gooding at May 18, 2016 11:26 PM under blog

WPTavern: After Eight Years, Thematic Theme’s Lead Developers Discontinue the Project

Gene Robinson, lead developer of the Thematic WordPress theme, has announced that the project will no longer be developed. Thematic was last updated in 2013 and is actively installed on more than 4K sites. Users are advised to migrate to a different theme as updates will no longer be released. As WordPress core evolves, sites using Thematic may develop incompatibilities.

Continuing The Legacy with a Different Name

Although development on Thematic is discontinuing, Robinson has forked the project and renamed it to Deciduous. The project picks up where Thematic leaves off. Those interested in continuing development can follow it on GitHub where pull requests are welcomed. Robinson is also seeking links to other projects that are derivative of Thematic.

Where to Get Support for Thematic

Users who need support are advised to post on the WordPress.org support forums for the Thematic theme, “The support forums on the Thematic website are shutting down due to the lack of community involvement, moderation, and developer feedback,” Robinson said. “Hopefully the greater WordPress support community will be able to help you find a resolution.”

A Look Back

The years 2008-2009 is an interesting time frame in WordPress’ history. A number of commercial theme and plugin companies, WordPress-centric sites, and projects were launched. Among these was the Thematic theme by Ian Stewart, theme Wrangler for Automattic. Thematic was more than just a theme, it was an opportunity for Stewart to learn how WordPress’ theme system works.

Thematic Theme Preview from WordPress.orgPreview of Thematic from WordPress.org

He regularly shared his knowledge with the community through ThemeShaper.com, a site now owned by Automattic that features contributions from other members of the theme team. It was the wild west of theme development in 2008 and any person who regularly shared theme development techniques became an influential member of the community.

Two years after launching Thematic, Stewart joined Automattic as a theme wrangler.

What can I say besides awesome, awesome, awesome? The enormous opportunity for learning and improvement; all the super-talented, friendly people; the chance to work on so many really, really cool projects—it’s almost unbelievable. This is a dream job for me.

The hiring allowed him to make available all of his commercial child themes built on the Thematic framework available free of charge to the community.

Did You Learn From Thematic?

It’s bittersweet and slightly nostalgic to see the theme come to an end. When I launched the Tavern in 2009, I regularly linked to tutorials and articles published by Stewart. I’m almost certain Thematic and its creator helped out a number of budding theme developers between 2008-2011. Let us know in the comments if you used Thematic for any projects or what you learned from its code.

by Jeff Chandler at May 18, 2016 08:45 PM under thematic

Post Status: WordPress as a Headless CMS — Draft podcast

Welcome to the Post Status Draft podcast, which you can find on iTunesGoogle PlayStitcher, and via RSS for your favorite podcatcher. Post Status Draft is hosted by Joe Hoyle — the CTO of Human Made — and Brian Krogsgard.

Joe and Brian discuss WordPress as a Headless CMS. They talk about what a Headless CMS is, WordPress’s strengths and weaknesses as a Headless CMS, popular frameworks to utilize, and offer up example websites to check out.

Direct Download




Today’s show is sponsored by OptinMonster. OptinMonster allows you to convert visitors into subscribers. You can easily create & A/B test beautiful lead capture forms without a developer. They recently released OptinMonster 3.0, with an all new builder interface and other great features.

by Katie Richards at May 18, 2016 05:47 PM under Everyone

WPTavern: Take Granular Control of WordPress’ Update System with Easy Updates Manager

When WordPress 3.7 “Basie” was released in 2013, it brought automatic updates to the masses. By default, WordPress automatically updates to point releases. Using additional constants within wp-config.php, you can configure WordPress to automatically update themes, plugins, and major releases.

Easy Update Manager Featured Image

If you want granular control over the WordPress update system without touching code, check out Easy Updates Manager. Easy Updates Manager is a free plugin that’s active on more than 70k sites. It’s maintained by Matthew, Ronald Huereca, Roary Tubbs, and BigWing Interactive.

Countless Number of Configurations Available

Once activated, you’ll find the options page by browsing to Dashboard > Update Options. There are two different interfaces for configuring updates. The first includes a number of toggle switches that disable/enable updates. The second is a traditional screen with radial buttons.

Easy Update Manager DashboardEasy Updates Manager Dashboard

Traditional settings page for Easy Updates Manager.

Easy Update Manager General SettingsEasy Updates Manager General Settings

One of the highlights of Easy Updates Manager is the ability to enable automatic updates for individual themes and plugins. It’s a convenient way to update themes and plugins that rarely cause issues. There’s also a built-in logging feature that when enabled creates a new table in the database. It logs the username, update type, version, action, status, and date.

Logging is listed as a beta feature and should be used at your own risk. It also may not work with all commercial themes and plugins. Here’s what the log looks like after I updated three plugins.

Easy Update Management LogEasy Updates Management Log

Easy Updates Manager also includes the ability to exclude users from manipulating the plugin’s settings. The plugin contains additional features that I encourage you to explore by using it on a test site.

Thanks to the number of options available, users have a countless number of update configurations to choose from. I tested the plugin on WordPress 4.6 alpha and it works as expected. You can download it for free from the WordPress plugin directory.

by Jeff Chandler at May 18, 2016 07:17 AM under updates

May 17, 2016

WPTavern: WordPress 4.6 Improves the Accessibility of the Tag and Category Management Pages

Among the improvements coming in WordPress 4.6 are accessibility enhancements to the Category and Tag management pages. The flow of each page has been changed so that the visual order of elements match the tab order. This allows those who navigate with keyboards to access the Add New Tag or Add New Category area first.

Andrea Fercia, WordPress core committer and a member of the accessibility team, explains why the changes matter, “For accessibility, the visual order should always match the tab order. The main functionality in a page should just be the first thing in the source markup and other parts of the user interface should never be ‘skipped’.”

The following image shows the tab order of elements on the Tag management screen in WordPress 4.5. In order to reach the Add New Tag section, you need to tab through a number of checkboxes, each tag in the tag cloud, and various quick edit links. This is a time-consuming and frustrating process.

WordPress 4.5 Tag Management Element OrderWordPress 4.5 Tag Management Element Order

In WordPress 4.6, the Add New Tag section is the first visual element as well as the first section accessed when pressing the tab key.

WordPress 4.6 Tag Management ScreenWordPress 4.6 Tag Management Screen

The new flow is more logical and provides consistency between the tag and category management screens, “From an accessibility point of view, the content structure and organization will be easier to understand and navigate,” Fercia said.

WordPress theme and plugin authors who have added custom functionality to these screens are advised to double-check their code against the bleeding edge version of WordPress 4.6. There’s also an in-depth ticket where developers and users can see how the team reached a consensus to implement the changes. If you have any questions or concerns please leave a comment on the announcement post.

by Jeff Chandler at May 17, 2016 07:30 PM under tags

WPTavern: New Plugin Uses BuddyPress Email API to Send bbPress Forum Emails


BuddyPress 2.5, released in March, introduced customizable emails via a new BP Email API. This new feature allows community managers to easily edit BuddyPress-generated emails in the admin and make design changes in the customizer.

It didn’t take long for developers to think of bringing this same customizability to bbPress emails. Brandon Allen has just released BP Emails for BBP, a plugin that sends forum and topic subscription emails using the new BP Email API.

Once installed, administrators will find templates for new forum topics and topic replies under the same Emails menu item with the 16 customizable BuddyPress core emails.


Allen noted that the plugin sends emails differently than bbPress, which puts every subscriber email in the BCC field and sends one email. Instead, it sends a separate email to each subscriber, which Allen said may improve deliverability given that some email providers look unfavorably on emails with large BCC fields.

I tested the plugin and found that it works as advertised for customizing and sending bbPress emails. There are no settings to configure. It simply adds the same functionality that users now expect from BuddyPress core emails with all the same customization options.


BP Emails for BBP is available on WordPress.org. It does not work with bbPress alone but requires both bbPress 2.5+ and BuddyPress 2.5+ to be active. With the help of this plugin, a community manager can brand all the email communications generated by the site so that the design and wording is consistent across both plugins.

by Sarah Gooding at May 17, 2016 05:32 AM under BuddyPress

WPTavern: BuddyPress 2.6 to Introduce New API for Navigation


In an exceptionally well-documented commit message, BuddyPress lead developer Boone Gorges introduced a new API to manage single item navigation, thanks to contributions from core developers Mathieu Viet and Raymond Hoh. Gorges summarized the changes to how BuddyPress will handle navigation in the upcoming 2.6 release:

The new BP_Core_Nav overhauls the way that BuddyPress registers, stores, and renders navigation items. Navigations are now component-specific, eliminating the potential for confusion and conflict between navigation items with similar names in different components, and opening the possibility of generating navs for separate objects of the same type on a single pageload.

The previous navigation system used bp_nav and bp_options_nav, global properties that managed nav and subnav across all of BuddyPress’ components. Developers had a difficult time extending navigation and sometimes ended up stepping on each other’s toes when adding similar navigation items.

“The new system eliminates most of these problems, by removing direct access to the underlying navigation data, while providing a full-fledged API for accessing and modifying that data,” Gorges said.

Although the new API ensures backward compatibility with the legacy bp_nav and bp_options_nav, plugin developers whose extensions depend on these methods will want to update their code. With the exception of certain configurations running PHP 5.2.x, most plugins should work the same as before.

However, Gorges’ commit message details a handful of small ways that the new API may break backward compatibility in a few rare instances. BuddyPress plugin developers will want to review these ahead of the upcoming 2.6 release. Beta 1 is just one week away from release on May 25 and the official release is targeted for June 15.

by Sarah Gooding at May 17, 2016 05:06 AM under buddypress 2.6

May 16, 2016

WPTavern: Wes Bos Launches Free React.js + Redux Online Course


Wes Bos, a developer and educator known for his high quality video tutorials, has just launched a free online course for building JavaScript apps with React.js and Redux. The 2.5 hour Learn Redux course includes 20 videos that guide developers through building an example ‘Reduxstagram’ app to present the core ideas behind Redux.

To get the most out of Learn Redux, students should have a decent foundation of React and ES6. Bos recommends those who are not comfortable with React to start with his React for Beginners course.

After you sign up, you’ll receive an email with a link to the starter files and access to the videos. The example app uses Webpack to bundle ES6 modules into a single JavaScript file, so the course begins with a video on using NPM and Webpack to set up a local development environment. Learn Redux includes:

  • Access to all 20 videos
  • All starter files
  • Webpack Build Templates
  • Stepped and finished solutions

Bos spent more than 100 hours producing this series in partnership with Sentry as a sponsor. Anyone who signs up receives a $50 Sentry credit.

After Calypso was announced, Bos, who describes himself as “a huge WordPress fan,” wrote a post dispelling rumors that WordPress was ditching PHP and being rewritten in Node.js. He also urged WordPress developers to learn JavaScript.

“This is thunder in the distance as to what is to come in WordPress,” Bos said. “Much of the theme writing I do is already in JavaScript – I often use WordPress as just an API to get data out of, and then use frameworks like Angular, React, Google Maps or jQuery to display that data. I’m not building an entire website in a JavaScript framework, but much of the interactive view layer of these sites is moving into JavaScript frameworks.”

If you want to be ready to dive into the next generation of WordPress site and application development with knowledge of one of the most popular JS frameworks, the free Learn Redux course offers all the tools necessary for getting started with React.js, Redux, and React Router.

“Our trusty PHP template files aren’t going anywhere anytime soon, but I’ll bet you dollars to donuts you’ll be writing a lot more JavaScript in your WordPress sites in the years to come,” Bos said.

by Sarah Gooding at May 16, 2016 09:50 PM under react

WPTavern: Daniel Bachhuber Discusses WP-CLI, the WP REST API, and the Challenges of Contributing to Open Source on Roots Radio Podcast

daniel-bachhuberDaniel Bachhuber, maintainer of the WP-CLI project and a contributing developer to the WP REST API, joined Chris Carr and Austin Pray on a recent episode of the Roots Radio podcast. Bachhuber discussed his recent experience crowdfunding his work on “A More RESTful WP-CLI” as well as the challenges he’s encountered as a contributor to various open source projects over the years.

In the first part of the episode, Bachhuber shared how he spent the 283 hours of time that the WordPress community funded to advance the WP-CLI and WP REST API projects. The funding gave him the opportunity to dedicate time split between the two projects. Bachhuber put in approximately 95 hours towards the REST API in January and February but the bulk of the hours went towards making WP-CLI more friendly for developers who work with the REST API.

“WordPress developers are going to be putting a lot of time now towards writing REST endpoints that expose their functionality to the world, and it would be really nice if WP-CLI interoperated nicely with that and allowed you to use that functionality at the command line without having to separately write your own WP-CLI commands,” Bachhuber said.

He discussed the challenge of scoping out this broad goal and what he learned about crowdfunding during the process.

“The RESTful WP-CLI kickstarter project was intentionally ambitious, because I’m a guy who has big ideas and likes to do big things,” Bachhuber said. “There are some things I feel really happy that I’ve been able to ship and produce so far, and there are other features that, for one reason or another, I haven’t quite been able to execute yet and that’s a bit frustrating.

“It’s a whole different ball game trying to manage the expectations of your Kickstarter backers than it is a single client. I’ve got 107 clients that I have to make happy,” he said.

Nevertheless, Bachhuber said he was able to get the issue backlog for WP-CLI down to less than 60 issues and the dedicated time has allowed him to resolve old issues that have “languished since the dawn of time.”

As part of the rewards offered for contributors to the crowdfunding campaign, Bachhuber offered his time consulting with individuals and organizations, which he found to be easier than traditional physical swag rewards.

“I’m really glad that I chose [consulting] over having to give out physical swag, because it’s very difficult to procure and ship to everyone, particularly when you have international backers,” he said. “Even though I’ve spent a lot of my time fulfilling the rewards and talking with people and having calls with them and meeting up with them in person, it’s a much easier effort to manage than sending 100 coffee mugs across the world.”

When asked if he’d do it again, Bachhuber said yes but emphasized that spending this much time on an open source project only works if you keep a healthy balance with other aspects of life.

“I think it’s really important that if you’re contributing to open source projects on a regular basis or even maintaining them, that you balance your time between that and other things,” he said. “It’s really easy to get burned out on said open source project if you spend 100% of your time on it for a whole month or six months.

“I was pretty intentional to say that the money I was raising was going to cover my involvement with the project for six months, a certain number of hours, and that it was going to be a part-time thing. That was a really healthy way to approach it. I think I would have gotten burned out if I had just tried to dive into it, crank it out, and move on to the next thing,” Bachhuber said.

The Emotional Challenges of Working on Open Source Projects

During the course of the interview Bachhuber was asked to share his feelings on what he referred to as “the kerfuffle with the REST API” that happened in February. The REST API team had written a merge proposal in September 2015 that recommended merging the API in two parts – the infrastructure in 4.4 and the posts, comments, terms, and users endpoints in 4.5 or 4.6. After partially executing on that proposal, the team held a status chat to discuss the plan moving forward.

Bachhuber said that the discussion became “a very emotionally fraught event” after Matt Mullenweg said the project needed feature parity with the WordPress admin before any of the endpoints could be considered for merge. After putting hundreds of hours into the project alongside a handful of dedicated contributors who were already spread thin, he found this new requirement was a difficult pill to swallow.

“For better or for worse, as a maintainer or even a participant of an open source project, you have to have a thick skin and realize that all the time the decisions that are made are not about you – they are about the project,” Bachhuber said. “Even if you are personally offended by the decision, it doesn’t matter because it isn’t about you. It’s really difficult to deal with emotionally.”

Bachhuber’s years of contributing to and maintaing open source projects has taught him a few things about managing stress and conflict that he plans to share at WordCamp Europe in a talk titled, “My condolences, You’re now the maintainer of a popular OS project.”

“I find a lot of joy in maintaining open source projects,” Bachhuber said. “I also have to actively work to address the emotional side of the equation to make sure I’m in a healthy space to continue maintaining the project and the project is not affecting me personally. It’s taken me years to come to a point where I’m comfortable with that.”

In the case of the WP REST API, Bachhuber has come to a place where he can compartmentalize his emotional reactions and responses to the differing opinions.

“I’ve come to a point now where I care but I don’t care,” he said. “I care in the sense that I’d still love to see those endpoints go into core and see the fruits of our labors realized. I don’t care because I’m not emotionally attached to that happening on any particular time frame. I honestly would rather it happen when it’s ready to happen over prematurely, and I realize I might not be the best qualified person to make that decision.”

In the remainder of the episode, Bachhuber and Carr discuss React, Redux, Karma, Enzyme, and other tools for testing and developing with the REST API. Check out the recording of the episode on Roots Radio for more details about Bachhuber’s work on WP-CLI and his crowdfunding experience.

by Sarah Gooding at May 16, 2016 06:03 AM under wp-cli

May 14, 2016

WPTavern: The WordPress.org Recommended Hosting Page is Revamped, Features Flywheel for the First Time

DreamHost, Flywheel, and SiteGround have joined Bluehost on WordPress.org’s new recommended hosting page. In mid 2015, Matt Mullenweg, co-founder of the open source WordPress project, announced the page would be revamped. To have a chance at being listed webhosting companies needed to fill out a 40-question survey.

2016 Recommended Hosts Page2016 Recommended Hosts Page

This is Flywheel’s first time on the page. Flywheel, launched in 2013, is a managed WordPress hosting company with an emphasis towards designers and agencies. I asked Dusty Davidson, co-Founder and CEO of Flywheel, what it means to be included on the page. “We’re obviously excited to be included, and think it really reflects on the work we’ve done to create a great experience for WordPress users,” he said.

The recommended webhosting page on WordPress.org is incredibly lucrative. Based on conversations I’ve had with employees of hosts listed, it can generate millions of dollars in revenue. I asked Davidson what impact this will have on his company, “I’m sure it will undoubtedly send a good deal of traffic, but honestly we’re just humbled and excited to be recognized,” he said.

A New Round of Controversy

Over the years, companies have come and gone from the recommended hosting page. However, Bluehost in particular has consistently appeared on the list, including the most recent iteration. Bluehost is owned by Endurance International Group who invested in Automattic in 2014. Because Mullenweg is the CEO of Automattic and controls who is listed on the page, it’s easy to see why it regularly generates controversy.

Kevin Ohashi of ReviewSignal.com, criticized the lack of transparency regarding the process for how hosts.

Who is responsible for this revamp? What were the selection criteria? How often will it be updated? Will existing companies be continuously re-evaluated?

These are important questions to ask and there are no publicly documented answers. In a follow up post, Ohashi investigated what criteria needs to be met for being listed on the page. The post contains a number of screenshots of his private conversation with James Huff, who has volunteered for the WordPress project for 12 years and has worked at Automattic for five years.

Huff was directly related to the project and influenced who was chosen thanks to his involvement on the WordPress Support Team. Within the conversation, he shares details of the process and mentions that no money exchanged hands. Early in the conversation, Ohashi tells Huff that he wants to learn and publish how the process works. However, Huff had no idea that everything he said would be made public.

“I was invited to what sounded like a friendly chat over direct message from a concerned community member, after he was referred to me by a friend,” Huff said. “At no point was it clarified or even implied that anything discussed would be made public.”

Conversations held in a private matter should remain private unless given permission to publish them, something I discovered the hard way. Unfortunately, the post comes across as a public interrogation of Huff. I asked Huff, who was shaken by the experience, how it has affected him moving forward as it relates to the WordPress project.

“I’d be lying if I said my feelings weren’t at least shaken by the experience, especially considering how polite he was to my friend and how hostile he was towards me apparently just because I work for Automattic, but this isn’t the first time that has happened to me and I don’t expect it to be the last,” he said.

“There’s an usually prevalent negative bias against Automatticians who contribute to WordPress.”

Mullenweg Provides Clarification

Mullenweg commented on the post where he not only sticks up for Huff, but answers some of the controversial questions raised by Ohashi. Mullenweg explains how the applicants were chosen, how the criteria is weighted, who makes the final decisions, and how much money is involved. Here is his comment in full.

‘I would like to see some transparency in the process’

As stated on the page, the listing is completely arbitrary. The process was: There was a survey, four applicants were chosen, and the page was updated. That might repeat later in the year, or the process might change.

‘how criteria are weighted’

There is no criteria or weighting. It ultimately is one person’s opinion. Information that is important is reflected in the questions asked in the survey, but that is not everything that is taken into account. (I have looked at this site in the past, for example.)

‘who is making the decisions’

I am. James helped in sorting through the many submissions that came in, doing additional research, and digging on finalists, but ultimately the decision was mine. You can and should blame me fully for any issues you have with it. I appreciate James’ help in this go-round, but he will not be involved at all with any future updates. (So, please leave him alone.)

‘how much money is involved’

There was no money involved. Obviously being listed on the page is hugely valuable and impacts the listed (or unlisted) businesses a great deal. This is why I take full responsibility for the listing, now and in the future — I have been fortunate to be extraordinarily successful and no financial or business consideration any of the applicants could offer matters to me. A host could offer $100,000,000 to be listed on the page for 1 day, and I would say no.

It’s unfortunate that the information in Mullenweg’s comment is not published in an official post announcing the changes to the recommended hosting page. If an official post was published that included the same information in his comment, it’s possible it would have eliminated most of the confusion, uncertainty, and doubt surrounding it.

Should WordPress.org Have a Recommended Hosting Page?

Due to the investments EIG has made in Automattic, Mullenweg’s role at the company, and him making the final decisions, there will always be a potential conflict of interest despite taking full responsibility of the page and the processes associated with it.

Should WordPress.org have a recommended hosting page? What if the page was replaced with information people could use to make informed decisions on choosing a host? It would eliminate potential conflicts of interest and if there was a host Mullenweg felt strongly about, he could label it as a partner of the project. This would make it clear that any financial connection with the company is a business relationship.

Are you hosting with any of the companies listed on the recommended hosting page? If so, tell us about your experience in the comments.

by Jeff Chandler at May 14, 2016 04:39 PM under webhosting

May 13, 2016

WPTavern: WordPress Accessibility Team Seeks Testers Using Speech Recognition Technology

photo credit: Let's Read - (license)photo credit: Let’s Read(license)

The World Health Organization estimates that 285 million people worldwide are living with some form of visual impairment and 39 million of those are estimated to be blind. Many people with low vision depend on speech recognition technology to navigate the web and communicate their thoughts. This type of software also assists people who have carpal tunnel, RSI (Repetitive Stress Injuries) and/or limited mobility in their hands and arms.

Rian Rietveld and the Accessibility team are working to improve the experience of using WordPress with speech recognition software, such as Dragon Naturally Speaking (widely considered as one of the best for desktop use.) In particular, the task of adding media to a post has a number of obstacles that make it nearly impossible for those using speech recognition software.

Rietveld posted three tests to the Accessibility team’s blog today, inviting those who use Dragon Naturally Speaking or other assistive technology to help the contributors determine the roadblocks that need to be removed for adding media. These tests include actions like adding media, editing attachment details, and creating a gallery.

If you use WordPress with assistive technology for speech recognition, completing these tests and offering your feedback is one way to get involved as a contributor. You don’t necessarily have to use Dragon Naturally Speaking, as there are many newer alternatives such as Windows Speech Recognition (Cortana) and Chrome’s speech recognition powered by Google Speech to Text. Testers can report their experiences, along with the assistive technology/browser/OS, in the comments on Rietveld’s post.

by Sarah Gooding at May 13, 2016 10:40 PM under accessibility

WPTavern: Happytables Pivots to Provide Restaurant Analytics and Insights


Happytables is changing from being a platform that hosts restaurant websites to one that provides analytics and insights by tapping into apps that restaurants are already using to promote their businesses. The company uses WordPress as a command center for the application that communicates with various restaurant-tech APIs to deliver information to the dashboard in realtime.

“We started with the website builder a while back,” Founder and CEO Noel Tock said. “It’s been a great ride, but we realized two things: 1) Website builders have become a race to the bottom with regards to revenue as well as extremely competitive, and 2) From our many conversations with restaurants, their challenges have become much larger; consolidating data and insights from all the products they now use.”

One of the Happytables beta restaurants in London uses 14 different applications to manage its sales, operations, and marketing, and Tock says this trend is only growing.

“The centre of gravity is shifting from the Point of Sale to a very fragmented collection of siloed products (reservations, online ordering, staff scheduling/wages, loyalty, waitlist, social, etc.),” Tock said. “Becoming that 30,000 foot view whilst generating actionable insights across the portfolio of applications is the challenge we’ve taken on with the new Happytables.”

The first installation of the new Happytables was set up for Whyte & Brown in London where the team is focusing their beta testing. The application currently aggregates data from POS (Point of Sale) and Social, but Tock says this will rapidly evolve to providing various insights from POS and Labor, such as revenue forecasting, employee performance, and breakfast/lunch/dinner performance.

“It’s been very exciting working towards actionable insights, whereby we can tell a waiter that he/she was underselling a certain product or category compared to their colleagues, or that a particular employee performs a lot better on lunch then on dinner,” Tock said.

Below you can see an example of Happytables’ latest kitchen dashboard, using the team view as opposed to the individual employee recommendations/suggestions view.


The new Happytables uses WordPress as a backend and the WP REST API and ReactJS on the frontend. Although the development team still uses WordPress as one of its core technologies, the infrastructure is a bit more complicated.

“It’s not pure WordPress for the data storage,” CTO Aaron Jorbin said. “In fact, very little of it is actually stored inside WordPress. It is used to store some information about the restaurant and manage requests to third parties where we fetch the data and then store it in DynamoDB.”

The screenshots in this post show the WordPress theme in full screen mode, but Jorbin said the restaurant staff never interact with wp-admin. Restaurant operators use the app to view all the realtime information coming in so that they can make better decisions about how they run their businesses.

Happytables is still hosting its customers from its first iteration as a website builder, but Tock said most are not good candidates for the beta.

“The infrastructure is quite different now as we’re capturing different types of data (previously web content, now largely transactional data),” he said. “Our customers on the website builder platform came from all walks of life, so there’s not many who fit the ideal beta candidate (using Micros/Aloha as POS, based in London, run a multiunit restaurant, etc.).

“We’re just looking to see how we can fit this into the larger Happytables model downstream,” Tock said. “If we’re going to implement so many API’s, there’s also value in tying those back to the website.”

Not many aspects of the new infrastructure have been open sourced yet, as the team has been moving fast. Tock said they hope to make some of their code public further down the road after it’s been tested.

“Once we’re past testing/beta, I’m sure a number of features will become more mature tools and move into their own public repo if they are of that sort of benefit,” he said. The new infrastructure is one of the many exciting ways that the WP REST API is being used to bring a host of information into WordPress from various third party applications and tie it all together in a useful way.

by Sarah Gooding at May 13, 2016 07:45 PM under News

Matt: Mom on Tinder

If you’re looking for a fun Friday read, check out this story of a young GQ writer who gave control of his Tinder account to his Mom. It’s adorkable.

by Matt at May 13, 2016 04:35 PM under Asides

WPTavern: GitLab Courts Disgruntled GitHub Customers with Response to Recent Pricing Hike


Yesterday GitHub announced pricing changes that give all paid plans unlimited repositories and change plans to a pricing-per-user model. Individual developers are the most likely customers to benefit from the changes, but many organizations will see an exponential increase in pricing.

GitLab, a competitor in the Git repository hosting space, immediately addressed disgruntled GitHub customers with a pricing comparison on the company’s blog. Co-founder and CEO Sid Sijbrandij noted that the three main players in this space, GitHub, Bitbucket, and GitLab, all offer unlimited private repositories but that it doesn’t cost companies more to host additional repositories for a given user.

Sijbrandij attributes the change to the increase in the microservices model, a development approach that breaks software down into smaller, related pieces that communicate with one another via APIs.

“As more and more developers, teams, and organizations seek out the advantages of microservices, they’ll need more repositories to support this new code structure,” Sijbrandij said. “Basically, the more microservices you have the more repositories you’ll need. That is why it is not surprising that GitHub has announced free private repositories.”

Sijbrandij referenced several examples where GitHub’s pricing changes hit open source organizations hard, including Open edX, a non-profit with a large number of contributors, which posted the following on Hacker News:

I work for a non-profit open source organization that collaborates on github. We have lots of people who aren’t employees, but have signed a contributor agreement with our organization and contribute changes to our software. Our bill will go up from $200/month to over $2000/month with this new pricing. We can afford it (it’s still a small fraction of our AWS bill) but it will force us to look at other alternatives. Github’s code review tools are already pretty mediocre compared to other tools like gerrit, and we’ve long since moved off of GitHub issue tracking due to lack of features compared to JIRA.

Sijbrandij emphasized that the team at GitLab believes “everyone can contribute,” a mission which drives GitLab.com’s pricing structure to offer unlimited private repositories, unlimited contributors, and unlimited CI runners for free. The on-premises solution, which includes enterprise features and support, is what keeps the lights on at the company. GitLab.com, the free, hosted version, runs the same enterprise edition software but is, by Sijbrandij’s own admission, still struggling with sluggish performance.

Earlier this year when open source project maintainers confronted GitHub with an open letter on issue management, GitLab differentiated itself by responding to the situation with a new initiative focused on “making GitLab the best place for big open source projects.”

Nearly a month later, GitHub finally responded with an apology to open source project maintainers and a promise to address their concerns with a steady string of changes.

GitHub has not given any indication of reversing its recent decision to change its pricing structure. However, with competitors like GitLab putting on the heat, GitHub may be forced to make some changes to its paid plans. At the very least, it could inspire the company to address concerns about organizations having to pay for inactive users and perhaps spur GitHub to offer customers the ability to distinguish between collaborators on open source projects and users who simply need access to private repositories.

by Sarah Gooding at May 13, 2016 02:33 AM under gitlab

WPTavern: How Authors With Plugins in the Official Directory Can Use Tags to Get a Moderator’s Attention

WordPress Advice For New Usersphoto credit: What You Need To Know About Food Poisoning(license)

It’s almost inevitable that as a WordPress plugin gains popularity, it will receive a bad review. How plugin authors handle and respond to bad reviews is crucial, especially in a public forum. Mika Epstein, who helps review plugins before they’re added to the directory and is a dedicated support forum volunteer, gives advice on how to handle and respond to bad reviews.

Bad reviews are classified as those written as spam, trolling, emotional blackmail for support, and those that should have been a support post. Since the plugin review system is powered by bbPress, plugin authors can add tags to reviews in order to draw a moderator’s attention. The tags include:

  • Modlook – This tag notifies moderators that a particular thread needs their attention. If you think a review is spam, don’t respond to it. Instead, add the Modlook and Spam tags and let a moderator decide if the review should be deleted.
  • Sockpuppet – If you suspect a review is part of a spamming campaign where a group of people are marking a plugin as one or five stars, apply the sockpuppet and modlook tags to the review.
  • Wrongplugin – Add the wrongplugin tag to the review if you believe it’s for a different plugin. The team can move the review to the appropriate place.
  • Pluginmod – Add this tag to a review if you need an administrator’s attention. This usually results in the team performing a full review of your plugin. If it’s determined that it breaks any of the guidelines, it will be removed until they’re fixed.

Developers who host plugins in the official directory should make note of these tags and use them when necessary. The tag system is generally unknown to the public but it’s a great way for moderators to keep on top of the forums and reviews.

by Jeff Chandler at May 13, 2016 01:06 AM under tags

May 12, 2016

WPTavern: WPWeekly Episode 234 – All Things WordCamp with Andrea Middleton

In this episode of WordPress Weekly, Marcus Couch and I are joined by Andrea Middleton, who works at Automattic as a Community Organizer for the WordPress open source project. We discuss a number of topics including, updates to the WordCamp Central website, the for-profit subsidiary, and the experimental WordCamp incubator program.

At the conclusion of our interview with Middleton, Mendel Kurland, GoDaddy’s Evangelist, joined us to describe his experiences attending DrupalCons. DrupalCons are events similar to WordCamps but on a larger scale. He tells us what the similarities and differences are and the unique things they do that he’d like to see WordCamps adopt. We close out the show with Marcus’ plugin picks of the week.

Stories Discussed:

WordPress 4.5.2 Patches Two Security Vulnerabilities
Automattic is Protecting its Woo, WooThemes, and WooCommerce Trademarks

Plugins Picked By Marcus:

Disable WordPress Core Update Email allows used to disable the default notification email sent by WordPress after an automatic core update is applied.

Downgrade enables users to easily downgrade WordPress to an earlier version. It’s a handy diagnostics tool that helps determine if a new WordPress release is the cause of errors.

Woo Customer Insight provides greater insight into what visitors are doing on your sites. It allows you to see the pages your customers are visiting, where they’re clicking, the time spent on the different pages, and more.

WPWeekly Meta:

Next Episode: Wednesday, May 18th 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #234:

by Jeff Chandler at May 12, 2016 11:23 PM under wordcamps

Matt: .Blog

It’s now public that Automattic is the company behind Knock Knock Whois There LLC, the registry for the new .blog TLD. (And a great pun.) We wanted to stay stealth while in the bidding process and afterward in order not to draw too much attention, but nonetheless the cost of the .blog auction got up there (people are estimating around $20M). I’m excited we won and think that it will be both an amazing business going forward and give lots of folks an opportunity to have a fantastic domain name in a new namespace and with an easy-to-say TLD. You can sign up to be first in line to reserve a domain here. If you have a trademark you can get in August, and then October for the “land rush.”

by Matt at May 12, 2016 07:23 PM under Asides

WPTavern: Automattic to Oversee the Sale and Registration of Top-Level .Blog Domains

photo credit: Luis Llerenaphoto credit: Luis Llerena

Automattic announced today that it will begin offering top-level .blog domain registration starting in August 2016. The .blog domain extension will be available to both WordPress and non-WordPress sites.

According to Mark Armstrong, an Automattic subsidiary is exclusively managing the registration of .blog domains and will be offering it for purchase through WordPress.com and other domain registrars.

“Automattic subsidiary Knock Knock Whois There LLC, in partnership with the domain company Primer Nivel, won the rights to the .blog domain in 2015 through an auction process overseen by the Internet Corporation for Assigned Names and Numbers (ICANN), the non profit organization that oversees namespaces of the internet,” Armstrong said.

In an announcement on his blog, Automattic CEO Matt Mullenweg said they used the Knock Knock Whois There LLC company name to “stay stealth while in the bidding process,” which closed around $19 million.

Although WordPress.com is currently providing the registration information site at dotblog.wordpress.com, Armstrong said that the company is using Nominet (the backend registry provider for .UK) to provide the technical infrastructure for managing the domain extension.

Registration for .blog domains will be offered in a phased approach during the second half of 2016, according to the following estimated timeframe:

  • Sunrise (August): Trademark owners will be able to register .blog domains associated with their brands
  • Landrush (October): Before .blog becomes available to the public, domains may be registered during the landrush period on an application basis.
  • General Availability (November): Automattic plans to begin offering .blog domains to the general public before the end of the year.

With the exclusive rights to manage the sale of millions of .blog domains, Automattic has the opportunity to promote WordPress.com as a potential host for new registrants. The company hasn’t finalized the price but Armstrong said it will be “in the standard range for new top-level domains with some premium pricing for higher-value names.”

by Sarah Gooding at May 12, 2016 06:19 PM under automattic

May 11, 2016

WPTavern: Critical Vulnerabilities Found in PhpStorm, Immediate Update Advised


JetBrains announced today that it has released a security update for PhpStorm and all of its other IntelliJ-based IDEs due to a set of critical vulnerabilities:

The cross-site request forgery (CSRF) flaw in the IDE’s built-in webserver allowed an attacker to access local file system from a malicious web page without user consent.

Over-permissive CORS settings allowed attackers to use a malicious website in order to access various internal API endpoints, gain access to data saved by the IDE, and gather various meta-information like IDE version or open a project.

PhpStorm is by far the most favored IDE for PHP developers. It’s also widely used among WordPress developers, especially since version 8 added official support for WordPress.

The update issued today patches the critical vulnerabilities inside the underlying IntelliJ platform that powers nearly a dozen popular IDEs. Installing the update is as easy as selecting ‘Check for Updates’ inside the IDE. Alternatively, customers can download the most recent version from JetBrains.com and the security announcement includes links to download older versions.

Although the JetBrains security team is not aware of these vulnerabilities having been exploited, immediate update is recommended.

by Sarah Gooding at May 11, 2016 10:26 PM under security

WPTavern: GitHub Introduces Unlimited Private Repositories, Hikes Prices for Organizations


GitHub has been inundated with negative feedback after announcing a major change to its pricing today. All paid plans now include unlimited private repositories, but there’s a catch. The new pricing structure requires GitHub.com organizations to purchase a seat for each user. At $9 per user/month, collaborating on private repositories is now far more costly than the legacy plans which started at $25/month for 10 repositories and unlimited members.


The change is good news for individual developers with paid accounts, as they are no longer charged on a per-repository basis. However, many owners of organizations are finding the new pricing to be untenable and are actively considering alternatives. For comparison, Bitbucket offers unlimited private repositories and charges $1/user/month. Unlimited users caps out at $200/month.

While unlimited private repositories is an exciting benefit that enables developers to make their code more modular, it isn’t a benefit that every organization needs.

Easy Digital Downloads creator Pippin Williamson explained why he is frustrated with what amounts to a 2,276% increase in costs for his organization:

I actually have no problems with the pricing for new organizations. It’s their space and they provide a huge number of valuable tools. It is absolutely worth it.

The problem I have is the drastic increase for existing customers. It’s largely the principal of increasing a customer’s cost by 2,276% without giving them any additional value.

The value that Github provides me and my team does not change at all with the new pricing, only what I pay per month.

Samuel “Otto” Wood contends that GitHub’s $9/user/month is a reasonable price to pay for having all the functionality of GitHub hosted for an organization but that the alternative of building your own is far more economical.

A “private” repo is, you know, private. On your own server. Git is, after all, decentralized. You could plop a normal git repo on any private VPS you like in a matter of under an hour. If you’re collaborating with a small group of like 5 people, then coordination is not really a big deal that I’d pay $45 a month to use GitHub for it. You can use any tooling you like, make any website you like. You could probably reproduce the important parts of GitHub that you need for your private setup using WordPress in like a day or two.

It just seems to me that any advantages of using GitHub at all seem largely nullified by using private repos. Yes, collaboration and using the same toolset you are used to, I get that. But here you’re falling prey to vendor lock-in once again. You’re used to it, you like it, you’re afraid of change, pay up. Simple.

The advantage of open source software is the freedom to say “up yours” and build your own version instead. Git is open source. Think about it. A $15 a month VPS could easily fit your needs for both privacy and collaboration.

GitHub has established itself as the de facto code collaboration site by offering free hosting for public, open source repositories. However, the emphasis on “social coding” no longer extends to private repositories as organization owners will have little incentive to add more collaborators under the new pricing structure. It discourages organizations from adding users to be bug reporters or third-party collaborators. Teams and agencies hit hardest by the changes are now examining competitors like Bitbucket and self-hosted GitLab.

Organization owners will not be forced onto the new pricing plans immediately and GitHub promises to give a year’s notice before mandating a switch to the new plans:

We want everyone to have a plan with unlimited private repositories, but don’t worry—you are welcome to stay on your current plan while you evaluate the new cost structure and understand how to best manage your organization members and their private repository access. And while we’re currently not enforcing a timeline to move, rest assured that you’ll have at least 12 months notice before any mandated change to your plan.

While many individual developers will see lower monthly prices and even prorated credits on their accounts, the exponential cost increase for GitHub’s largest customers may cause a mass exodus to the company’s more affordable competitors. Are you moving your organization off of GitHub? Let us know in the comments.

by Sarah Gooding at May 11, 2016 07:27 PM under github

WPTavern: Affinity: A Free WordPress Wedding Theme from Automattic


Affinity is the latest addition to WordPress.com’s small collection of themes created specifically for weddings. This highly customizable, elegant theme was designed by Caroline Moore with weddings and family announcements in mind.

Affinity is a one-page theme with support for five different panels. Each panel’s content can be assigned in the customizer under Theme Options by selecting a page from a drop-down.


With the customizable panel approach users are not locked into providing content for sections they don’t need. Single posts and pages support full screen featured images that, if used as a panel, become the background of that section. Affinity offers the option to set the header image opacity to create better contrast with header text. Users can also enable or disable scrolling on the header and front-page featured images.


Affinity includes support for a sidebar widget area and three optional widget areas in the footer. If widgets are added to the sidebar, the one-column layout becomes a two-column layout. It also has a fullwidth page template for removing the sidebar on select pages.

The different panels give users ample space for adding photos, links to registries, personal stories, info about the bridal party, and anything else related to the event. Affinity includes a Guestbook page template with a special format for displaying visitors’ comments. Turning the Guestbook on is as easy as setting the page template and making sure that comments are enabled.

Another unique feature of the theme is its post intro area that displays beneath the headline before the first paragraph. It pulls content from the excerpt field and post authors can use it to capture readers’ attention with a quick summary or highlight.


Check out the live demo to see the theme in action. It shows an example of panels that display quotes, an RSVP form, event details, and an engagement story.

Since no wedding or family announcement is the same, Affinity’s multi-panel approach offers flexibility for many different types of uses. If you’re creating a wedding website and are not finding enough customization options with a hosted service, this theme makes it quick and easy to set it up with WordPress. It’s not yet available on WordPress.org, but you can download a copy for your self-hosted site for free from the sidebar of its homepage on WordPress.com.

by Sarah Gooding at May 11, 2016 06:52 AM under free wordpress themes

WPTavern: Help WPCampus Gather Data on How Schools and Campuses Use WordPress

The organizers of WPCampus are seeking feedback via a survey on how schools and campuses utilize WordPress in their environments. The survey consists of five sections:

  • How Do You Use WordPress on Campus
  • Site Demographics, Traffic, and Data
  • Plugins, Themes, and Features
  • Security, Performance, and Hosting
  • Your Team Structure & Workflows

There are a couple of perks for those who fill out the survey. Respondents will receive an anonymized version of the complete data set. Those who complete four or more sections will be entered into a drawing to win a free ticket to the conference and will receive a $5 Starbucks or Amazon Gift card.

Answer the questions that you know and skip the ones you don’t. The team needs as much data as possible to provide a clearer picture of WordPress’ use in higher education. If you know someone or an organization that uses WordPress in higher education, please share the survey with them. The survey closes on May 27th.

by Jeff Chandler at May 11, 2016 03:21 AM under wpcampus

WPTavern: What Do You Think of the Recommended Plugins Page in WordPress?

In late 2014, WordPress 4.1 added a Recommended Plugins tab that takes into account the plugins you have installed and suggests plugins based on which ones are commonly used together. After nearly a year and a half since it was added, I asked the Tavern’s Twitter followers if they have ever installed plugins recommended by WordPress.

I was surprised to discover that some people don’t know the tab exists.

Steve Brown says the recommendations are useful.

Some people view the page as an opportunity for Automattic to advertise its plugins while others don’t trust the recommendations.

When I viewed the recommended plugins page in 2014, the results displayed plugins that weren’t updated in years.

Plugins Recommended To Me Based on Data of Sites with Similar Plugins InstalledPlugins Recommended To Me Based on Data of Sites with Similar Plugins Installed

Today, the page displays more relevant results with recently updated plugins. On the first page of results for WP Tavern, only one plugin from Automattic is recommended. The second page of results doesn’t list any plugins authored by Automattic.

Recommended Plugins in 2016Recommended Plugin Results in 2016

To help determine how useful the recommended plugins page is, I’d like you to take this short survey. Results will be displayed on Tuesday, May 17th. In addition to the survey, you can leave your feedback in the comments.

by Jeff Chandler at May 11, 2016 03:19 AM under recommended plugins

Follow our RSS feed: 

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this site, send an email to Matt.

Official Blog

For official WordPress development news, check out the WordPress Core Blog.


Last updated:

May 27, 2016 12:00 PM
All times are UTC.