WordPress.org

WordPress Planet

April 19, 2015

Matt: Amazing Cover of Radiohead’s Creep

by Matt at April 19, 2015 04:43 AM under Asides

April 18, 2015

Matt: Intuit Fighting Simpler Tax Returns

TurboTax Maker Linked to ‘Grassroots’ Campaign Against Free, Simple Tax Filing. That’s just evil.

by Matt at April 18, 2015 03:30 AM under Asides

WPTavern: WordCamp Belgrade Will Be Streaming Live Saturday, April 18

wordcamp-belgrade

WordCamp Belgrade will take place this weekend, April 18-19. Two years ago the WordPress community in Serbia was virtually non-existent but has grown rapidly and is now large enough to host the very first WordCamp in Belgrade. Registration kicks off at 8AM tomorrow morning where organizers will debut Wapuujlo, the official mascot of the event.

WordCamp Belgrade features speakers from around Europe and 8/10 of the presentations will be in English. Topics include Building SaaS with WordPress, A/B testing and usability testing, Git Tricks, the WP REST API, and more.

Tickets are no longer available, since the event completely sold out, but those who cannot attend can still catch the presentations live. The organizers will offer free live streaming of the event starting at 9AM in Belgrade (1 AM EST). The link for live streaming will be posted to the WordCamp Belgrade homepage, and you can also follow the #wcbg hashtag on Twitter for updates.

by Sarah Gooding at April 18, 2015 12:09 AM under wordcamp belgrade

April 17, 2015

WPTavern: Confessions of a WordPress Trac Ticket Lobbyist

Robert DallRobert Dall

This post was contributed by Robert Dall. Studying web design in college, he stumbled upon WordPress.com early in his career. Dall made the natural progression from WordPress.com to the self-hosted version of WordPress. Since then, he’s worked almost exclusively with WordPress using it as a blog, CMS, portfolio, and e-commerce. He’s also an avid photographer.


Coming in WordPress 4.2 is something that has been long overdue and something I have encountered as a former photographer working with WordPress. When you import a photo into WordPress that has IPTC data, the caption populates the description field and not the caption field.

This is mainly due to the fact that the IPTC (International Press Telecommunications Council) calls the caption the description. When WordPress integrated all of the camera metadata (also called EXIF meta data) and caption data, they mistakenly populated the caption field into the wrong field.

In this blog post, Samuel “Otto” Wood points out the problem and created a plugin to address the issue. While this is a good fix for projects like the new Art Wolfe website, I knew WordPress could be easier to use for photographers who use the IPTC data fields. Those who don’t wouldn’t notice a change.

The Benefits of This Small Change

I think media organizations that use WordPress and those that might in the future, will benefit from this industry standard being properly integrated into something that powers more than 20% of the internet.

Photography plugin developers such as WooCommerce Photography, could really benefit from this small change to core as similar plugins inherently use the built-in media uploader in WordPress. The problem is that it requires unit tests to be written and some changes to WordPress core, stuff that is well beyond my WordPress knowledge.

The Art Wolfe project has allowed me to work with a great WordPress developer named Sergey Biryukov. I knew if I gathered enough interest in a patch, I could approach Biryukov with the idea that we might get this fix into WordPress and put a seven-year-old trac ticket to bed.

What I Did to Get This Issue Fixed

I didn’t write a lick of code, write the ticket, and no props are coming my way, nor should they. It was Biryukov who wrote the final patch and got it committed with props to @beaulebens, @ericlewis, and @bendoh.

I attended every core meeting until it was committed. Whenever there was an “open discussion” time during the meeting, I mentioned the ticket. I also let Drew Jaynes, 4.2 release lead and former photographer, know of my intentions. I tested the patch on a number of heavily used photography plugins to see if there would be any adverse impact on them. Subsequently, I haven’t found any that were directly attributed to the patch.

Since I am mainly self-employed, I had the ability to lobby this ticket during what would be considered working hours and, like Rick Astley, “I was never going to give you up.” So photographers rejoice! Caption information will be automatically imported into WordPress and your work flow of importing, editing, and captioning using the IPTC standard will be completely integrated into WordPress.

by Jeff Chandler at April 17, 2015 11:30 PM under trac

Post Status: The Excerpt Episode 4 — WordPress news with Daniel Espinoza

Welcome to The Excerpt Episode 4, part of the Post Status Draft podcast, which you can find on iTunes. With The Excerpt, we cover a few of our favorite stories from the Post Status Club over the last week or two. The primary goal is to keep it short and informational: we keep the podcast to around 15 minutes.

In Episode 3, I’m joined by Daniel Espinoza, who is a WordPress developer with a focus on eCommerce, and he also owns ShopPlugins, an eCommerce plugin marketplace for EDD and WooCommerce.

Listen now:

https://audio.simplecast.fm/10521.mp3

Direct Download

Stories discussed:

by Brian Krogsgard at April 17, 2015 08:47 PM under Everyone

WPTavern: BuddyPress 2.3 Will Improve Avatar Uploads with the New BP Attachments API

BuddyPress contributors are polishing up new and existing APIs for the upcoming 2.3 release. For the past several months, core developer Mathieu Viet (@imath) has been spearheading the effort to get the new Attachments API ready for 2.3 with the help of contributions and feedback from the core team.

The Attachments API is a new library that will allow developers to create components that have the ability to manage uploads. The first example of this API in action is a vastly improved core interface for uploading, cropping, and setting profile photos for users and groups. This new extensible avatar UI landed in BP trunk yesterday.

As you can see below, the new interface allows for the traditional image upload. It also adds the ability for users to access their device camera to capture a profile photo, if they are using a browser that supports getUserMedia.

user-camera-capture

Administrators can also easily edit a member’s profile photo from the extended profile screen in the admin.

For those who prefer the legacy interface, you can use a filter to disable the new UI. This allows you to still keep your BuddyPress core updated, even if you don’t want to add the new avatar interface to your community. Check out @imath’s post on the BuddyPress development blog for details on using the filter, as well as more information on the applicable templates and theme compatibility.

One of the most exciting things about the new avatar UI is that plugin developers can easily extend it for their own unique purposes.

“Regarding extensibility: In the long run, we want plugins to be able to add their own versions of the uploader, ideally with a minimal amount of work,” BP lead developer Boone Gorges said in discussion on the ticket. “@imath has already demonstrated that it’s not too difficult, and in the future I imagine that we’ll discover ways to make it even easier.”

Gorges emphasized that the focus at the moment is to build a solid replacement for the avatar upload system in 2.3 and then work on continually improving the API over time.

Check out the roadmap to view other specific tickets that are in progress for the 2.3 release, which should be available in six weeks at the end of May.

by Sarah Gooding at April 17, 2015 07:33 PM under bp attachments api

WPTavern: VersionPress 1.0 Sees the Light of Day

Version Control Featured ImageVersion Control Featured Image

In mid 2014, Borek Bernard and Jan Voráček from the Czech Republic, launched a crowdfunding campaign to fund the development of VersionPress. VersionPress is a version control plugin for WordPress. It keeps the whole site in a Git repository enabling things like site-wide reverts, safe updates, and easy staging. Despite not reaching their funding goal, the team pressed on and has released the first stable version to early backers of the project.

I’ve been excited to try VersionPress ever since I learned about it last year. After downloading 1.0, I uploaded it to my test site hosted on BlueHost which is optimized for WordPress. When activated, it will go through a checklist to make sure the server meets the minimum requirements. The minimum requirements are as follows:

  • PHP 5.3
  • Execute external commands
  • Git 1.9+ installed
  • Write access on the filesystem
  • db.php hook
  • Not multisite
  • Standard directory layout
  • .gitignore
  • .htaccess or web.config support

Unfortunately, I’m unable to use VersionPress on my hosting account because it doesn’t have Git 1.9+ installed. I contacted BlueHost to see if it can be installed on the server and it can’t. If I want to use Git, I’d have to upgrade to a VPS or Dedicated hosting plan.

VersionPress Needs GitVersionPress Needs Git

If Git 1.9+ is not installed on a majority of shared webhosting servers, that’s a huge audience unable to use VersionPress. To be fair, functionally similar plugins such as Revisr and Gitium also require Git to be installed on the server. I asked Bernard why Git is needed to use the plugin, “To use Git was an important decision that enables all the nice things VersionPress provides but it also means that Git is required on the server, currently. In the future, we plan to relax this requirement but for version 1.0, Git is required,” Bernard said.

VersionPress is only available through the Early Access Program which is a cross between early access, crowd-funding, and a standard support plan. The team plans on releasing a new version approximately every three months.

To say that I’m disappointed is an understatement. My excitement for VersionPress to be the undo button for WordPress is tempered due to not being able to use it on a live site. I could run Git on my local server, but I want to see how it works in a live environment. Although managed WordPress hosting has become a popular option, the majority of sites on the web use shared hosting. Hopefully, the team can come up with a way to use its plugin without Git being required on the same server where VersionPress is installed.

If you know of a shared webhosting company that runs Git 1.9+ on its servers, tell us about them in the comments.

by Jeff Chandler at April 17, 2015 06:14 PM under versionpress

Matt: Jiro Ono and René Redzepi

An interesting and thoughtful conversation over a cup of tea between two food masters of our time, Jiro Ono and René Redzepi, from the MAD site. (WordPress-powered!)

by Matt at April 17, 2015 02:30 AM under Asides

WPTavern: Documentation Post Type: A WordPress Plugin for Documenting Products

documentation

A product’s documentation is usually a strong indicator of its quality, but creating docs is often the least exciting aspect of launching something new. Products that lack documentation can create a greater support burden, forcing you to write docs as a defensive measure after the fact.

The free Documentation Post Type plugin may be just the push you need to get started writing docs without a lot of hassle. The plugin creates a custom post type for product documentation. The advantage of storing docs in a custom post type is that you’ll be able to easily organize, export, and maintain your documentation to be separate from your regular posts and pages.

The Documentation Post Type plugin features the following:

  • Registers a “documentation” post type
  • Registers a “documentation-category” taxonomy
  • Registers a “documentation-tag” taxonomy
  • Registers a “product-tag” taxonomy
  • Adds the post count to the admin dashboard

documentation-post-type

Devin Price, owner of DevPress, created the plugin primarily for product documentation but encourages users to adapt it for any purpose. He created it based off of code from Gary Jones’ Dashboard Glancer class and Portfolio Post Type plugin.

The project also includes a Gruntfile.js and package.json file, which Price added for building translation files (.pot). If this isn’t necessary for your project, you can remove them from the plugin package. If you need a quick way to start documenting your products, download the zip file or fork the plugin on GitHub.

by Sarah Gooding at April 17, 2015 01:13 AM under documentation

April 16, 2015

WPTavern: Array Returns to Themeforest After Disappointing Experiences Selling on Creative Market and WordPress.com

array

The Array theme shop, founded by Mike McAlister, is celebrating one year since becoming a completely independent operation. Array, formerly known as Okay Themes, pulled out of Envato’s marketplace last April to rebrand and relaunch with the freedom to further build the business.

At that time, McAlister said, “After fighting the good fight for five years, my body of work has officially outgrown the ThemeForest marketplace. Although it has been a great platform for starting my business, my own ethos and aspirations have evolved.”

In a surprise about-face, Array is returning to Themeforest with a selection of themes and selling as a non-exclusive author. McAlister considers this an expansion of their independent shop, which has experimented with a number of different distribution channels.

“The thing is, Themeforest dominates when it comes to market share,” he said in a recent post explaining the change. “With all of the various avenues we tried, none came close to the reach or revenue that Themeforest has provided in years past.

McAlister replied to a thread on WP Chat to clarify that the decision was not motivated by a lack of sales or desire to cut back on Array. Rather, they see Themeforest as an opportunity to increase exposure to the brand, despite the fact that Array will now make just $19 per theme sale on the marketplace while still attempting to provide quality support.

“We’ve definitely been selling more themes at the $49 price point in the short term, but we’re still quantifying that data to see if it’s where we want to be ultimately,” McAlister said.

Drawbacks of Selling with WordPress.com and Creative Market

Even more interesting than Array’s move back to Themeforest are the insights McAlister shared about selling via other marketplaces. After exploring multiple avenues of distribution during the past year, he found the most significant drawbacks came with Creative Market and WordPress.com.

“The first few months of our time on Creative Market, we’ve only seen ~20 sales per month,” he said. “Although there is a ton of activity for other kinds of digital goods, the WordPress category simply doesn’t seem to be thriving.”

Array’s experience with WordPress.com was similarly disappointing, due to the company’s recent promotion of free themes in the past several months and lengthy wait times in the approval queue.

“The review process on WordPress.com is long,” McAlister said. “I’m not talking about weeks long, I’m talking about months long. Each Array theme review has taken at least a month, usually longer. Our latest theme for WP.com, Camera, took four months from the day I submitted it to the day it was released.”

While his experience may not represent that of all theme authors on WordPress.com, the structure of the selling process makes it difficult for authors to build a reliable source of income.

“At any rate, as you can imagine, releasing products this far apart makes it difficult to gain momentum, predict sales figures, and establish a reliable stream of income,” he said. “On top of that, because theme sales aren’t calculated until after the refund window has passed (understandably), it can be several months until you see return on a theme.”

McAlister’s disappointing experiences with Creative Market and WordPress.com contributed to his decision to move back to Themeforest. Although Array is currently bringing in double the monthly revenue it was making on Themeforest previously, the shop still relies on outside distribution channels.

“It would be super great if Array was suddenly wildly successful and we could just sell themes solely through the site and not rely on marketplaces, but that’s not the reality of the commercial theme world right now,” McAlister said in response to comments on his announcement.

No marketplace is perfect and each has its own unique drawbacks, but Array’s experiences this past year re-established Themeforest as the clear winner for the shop’s current needs.

Furthermore, as poignantly stated by Philip Moore recently, there exists no better or more accessible platform for developers to distribute commercial WordPress themes right now. WordPress.com isn’t accepting new partners, Creative Market doesn’t have a sustainable market for themes, and starting a new theme shop without an established following would be nothing more than an exercise in futility.

McAlister hopes that Array can have a positive impact on the Themeforest marketplace, instead of remaining among those that criticize from the sidelines.

“Given that we spend a great deal of time crafting themes to high standards, in both form and function, we want to help further promote the idea of design-driven, feature-conscious themes, without sacrificing quality or selling your soul to the devil,” he said.

“We want to show people that you can, in fact, make a living creating honest products.”

by Sarah Gooding at April 16, 2015 10:12 PM under themeforest

WPTavern: Cloudup Refreshes Its Web Interface and OSX 10.10 Desktop App

Cloudup, the file storage and sharing service acquired by Automattic in 2013, has refreshed its web interface. Many of the changes are subtle and place more emphasis on your content.

Stats and FAQ links have been moved under the account menu. On the desktop and mobile versions of the site, the add new file button is permanently fixed to the bottom right part of the screen. Streams have a better looking exit icon with less redundancy on the edit sidebar.

CloudUp Dashboard Web InterfaceCloudup Dashboard Web Interface

Cloudup for OSX 10.10 looks more modern and is fully compatible with Yosemite. The service has also made some architectural enhancements to improve scalability and security. Details of these improvements are not available, but the service plans to publish them at a later date.

I rarely visit the dashboard, but I appreciate these subtle changes. One thing I don’t like is having to click my avatar image to access the menu that contains account settings and other useful links. There’s nothing on the site that indicates this action is necessary. I think it should be a drop down menu to eliminate possible confusion. If not a drop down menu, then at least one text label next to my avatar image that when clicked, opens the menu.

Cloudup continues to be a service I value and use almost every day to quickly upload and share images and since Jetpack supports oEmbeds for Cloudup, embedding content into posts is easy. If you use Cloudup, let us know what you think of the service in the comments.

by Jeff Chandler at April 16, 2015 10:12 PM under osx

WPTavern: WPWeekly Episode 188 – The Nearly Perfect WordPress Role Model

Marcus Couch and I didn’t have a guest on this week’s episode, so we used the time to get you caught up on the week’s headlines. We discussed the release of WordPress 4.2 RC1 and if all goes well, expect to see the release of 4.2 next Wednesday. If you use iThemes Security, you’ll want to update as soon as possible to fix a security vulnerability.

Easy Digital Downloads celebrated its third birthday. We discussed the impacts successful software can have on people’s lives. Marcus and I both agree that Pippin Williamson, founder of Easy Digital Downloads, sets the bar when it comes to being a role model in the WordPress ecosystem. I closed out the show with a rant on how media companies fail to recognize the distinct differences between Automattic, WordPress.com, and WordPress.org.

Stories Discussed:

WordPress 4.2 Release Candidate
iThemes Patches Vulnerability that Affects All Versions of the iThemes Security Plugin
Ionic WordPress App from Scott Bollinger on GitHub
Easy Digital Downloads Turns 3 Years Old
Quick Reference Guide For Those Writing About WordPress

Plugins Picked By Marcus:

Custom Post Type Calculator allows you to create a multipurpose category based calculator and use it to calculate item amounts and values.

Time Lord lets you make modifications to your content based on a set of time parameters. You can show or hide part of a post at a given point in the future, calculate age, and more.

Plugin Groups allows you to organize plugins into groups. For example, if you use a group of extensions tied to an e-commerce plugin, you can group them  together for easy sorting. Read our review of Plugin Groups to see it in action.

WPWeekly Meta:

Next Episode: Wednesday, April 22nd 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #188:

by Jeff Chandler at April 16, 2015 07:53 PM under wordpress 4.2

WPTavern: Banking on WordPress: Matt Mullenweg Weighs in on Security Concerns

photo credit: Will Montague - ccphoto credit: Will Montaguecc

If you follow WordPress topics on Quora, you may have noticed a popular question making the rounds regarding security. The question has been viewed more than 30,000 times:

I am powering a bank’s website using WordPress. What security measures should I take?

Ordinarily, such a question is a magnet for trollish responses and uninformed WordPress bashing. However, this time Quora users were delighted to find that Matt Mullenweg, co-creator of WordPress, dropped by to offer an answer to the question.

Following a barrage of anti-WordPress remarks from other users, Mullenweg chimed in to clarify how WordPress can be used successfully in the banking industry.

I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.

He follows it up with two simple tips for keeping WordPress secure, including making sure the software is updated diligently, and using strong passwords for all user accounts. Mullenweg also solicited examples of WordPress-powered bank websites on his post highlighting his Quora response, and several commenters provided links to their work.

WordPress is often singled out for security concerns, given its high profile and dominant CMS marketshare. The platform is also regularly the target of hackers looking to maximize the return on their efforts. According to Mullenweg, WordPress’ security boils down to how you deploy it:

As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.

In other words, the security of a WordPress-powered banking website depends entirely on whether or not its developers have the necessary security expertise to manage the technology in a responsible way.

Even with all of the negative reactions to the Quora question, the other answers are important to consider, as it offers a window into how people perceive WordPress. Battling negative perceptions about security is one of the biggest challenges facing the platform today.

The recent rash of security vulnerabilities popping up in some of WordPress’ most popular plugins has exposed the need for better education on basic security measures, such as regularly updating your software. Hopefully, a few words of clarification from the project’s co-founder can go a long way towards building consumer confidence.

by Sarah Gooding at April 16, 2015 03:43 AM under security

April 15, 2015

WPTavern: Easy Digital Downloads Turns 3 Years Old

EasyDigitalDownloadsFeaturedImagePippin Williamson, founder of Easy Digital Downloads, looks back on three years of building an e-Commerce product for WordPress. Williamson describes the last three years as containing some of the highest and lowest points of his life.

Williamson acknowledged that without his dedicated team, the product wouldn’t be anywhere close to what it is today. For example, when EDD was first released, it contained 8,085 lines of PHP. Today, EDD has 64,195 lines of PHP, which is nearly an 800% increase.

He describes what it was like to discover the first severe security vulnerability in EDD that didn’t require special knowledge to exploit:

On Valentine’s day, 2013, I was notified of a critical security flaw in Easy Digital Downloads that made it possible for someone to gain full admin access to EDD sites that were running a specific configuration of settings in the plugin. Exploiting the flaw was trivial and required no special knowledge of typical exploit methods. With the click of a button, any unauthenticated visitor could become a full admin.

Realizing that flaw was out in the wild was terrifying, and I hated myself for allowing it to happen. Suddenly I was faced with the very real possibility of being the person responsible for the compromise of a large number of sites. To say that I slept poorly that night would be a vast understatement.

Besides the stats, growth, and personal experiences, the thing I find most impressive is the last part of the article where Williamson discusses the impact EDD has had on the lives of those who work on it.

Of all reasons to be happy about earning more, the one I like the most is the excellent set of opportunities that open up. I’m not talking about expensive cars, luxury vacations, fancy houses or anything of that nature. No, I’m referring to the opportunities to change peoples lives.

He shares the personal stories of Dan Griffiths, Chris Christoff, Sean Davis and others who are able to make a comfortable living thanks to the success of EDD.

Griffiths was homeless for five years before he started contributing to EDD. After creating a few successful extensions for the marketplace, he found himself in a welcoming community that valued his ideas and contributions. Through his involvement with EDD, he was able to move off the streets, become an active contributor to the project, and regularly attend WordCamps.

I asked Williamson how long it took to come up with the words to describe the impact his product is having on people’s lives, he responded, “It took all day.” If I were in his position, I too would likely have a difficult time putting the impact into words.

All too often, I think we focus so much on the product that we forget about the impact it has on people’s lives. For Williamson and his team at EDD, the impact is well documented and celebrated.

by Jeff Chandler at April 15, 2015 11:04 PM under easy digital downloads

Matt: A Bank Website on WordPress

There’s a thread on Quora asking “I am powering a bank’s website using WordPress. What security measures should I take?” The answers have mostly been ignorant junk along the lines of “Oh NOES WP is INSECURE! let me take my money out of that bank”, so I wrote one myself, which I’ve copied below.

I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.

In terms of security, there are a two simple points:

  1. Make sure you’re on the latest version of core and all the plugins you run, and update as soon as new version become available.
  2. Use strong passwords for all user accounts. For extra credit you could enable a 2-factor plugin, use Jetpack’s WordPress.com login system, or restrict logged-in users to a certain IP range (like behind a VPN).

If your host doesn’t handle it, make sure you stay up-to-date for everything in your stack as well from the OS on up. Most modern WP hosts handle this (and updates) for you, and of course you could always run your site on WordPress.com VIP alongside some of the top sites in the world. If you use any non-core third party code, no harm in having a security firm audit the source as well (an advantage of using open source).

For an example of a beautiful, responsive banking website built on WordPress, check out Gateway Bank of Mesa AZ. WordPress is also trusted to run sites for some of the largest and most security-conscious organizations in the world, including Facebook, SAP, Glenn Greenwald’s The Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures, NASA, and literally hundreds more.

As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.

If you wanted any help on this feel free to reach out to Automattic as well, we have a decade of experience now dealing with high-risk, high-scale deployments, and also addressing the sort of uninformed FUD you see in this thread.

If you’ve developed a major bank site in WordPress leave a link in the comments.

by Matt at April 15, 2015 07:19 PM under WordPress

WPTavern: WooCommerce Dominates Global E-Commerce Platforms, Passes 7 Million Downloads

woo-commerce

Last week WooCommerce announced that the plugin had passed 7 million downloads and the WordPress.org plugin directory reports that it is currently in use on over a million websites.

WooCommerce is not only head of the pack when it comes to WordPress e-commerce solutions, the plugin is also the global leader among e-commerce platforms. According to recent stats from BuiltWith, WooCommerce is currently powering roughly 30% of all online stores.

wc-percentages-620x571

WooCommerce Accounts for 85% of Overall Sales at WooThemes

WooThemes supports the product through the sale of extensions and themes for WooCommerce. However, when WooThemes first forked Jigoshop to create the plugin, they had no idea that it would become the staple of their business.

“We saw potential, but didn’t envision such a drastic change of direction for our overall business,” WooThemes co-founder Magnus Jepson told the Tavern. “When we initially had the idea for eCommerce for WordPress, our goal was to increase our revenue by selling more eCommerce themes.

“James and Mike, our two core WooCommerce developers, came up with the extension model for WooCommerce, which was the key success to turning WooCommerce into the revenue machine that it has become today, making up around 85% of our overall sales.”

Downloads of the core plugin are on the rise from 1 million in 2013, to 4 million in August 2014, and 7 million so far this year. WooCommerce currently has 339 free and commercial extensions listed in its official directory, which is the main revenue source driving support and continual development.

“I can’t disclose our exact income unfortunately, but we do process several million dollars per year,” he said. “Our revenue has been climbing steadily over the past few years, and we are regularly breaking monthly revenue records.”

Thanks to the success of the plugin and the growth of its global community, WooThemes hosted the first WooConf in San Francisco last year. The conference was solely devoted to WooCommerce products and development.

“Our first WooConf was a huge hit, and exceeded all of our expectations,” Jepson said. “We had 320 participants join us for this amazing event, and we are planning on almost doubling the size of the second WooConf being held in Austin in November of this year.”

Global WooCommerce usage is on a steady upwards climb, and the WooThemes team plans to go after more partnerships this year.

“The future is big, and I see WooCommerce being the dominating eCommerce platform online, reaching more people through a larger distribution network (hosting providers and partners),” Jepson said. “Our goal for 2015 is ‘Strengthening Partnerships,’ and I’m sure we’ll surprise quite a few people when they see our growth.”

by Sarah Gooding at April 15, 2015 05:55 PM under woocommerce

WPTavern: Group and Filter Plugins by Functionality with Plugin Groups by CalderaWP

Plugins such as WooCommerce and Ninja Forms have a lot of extensions available to add functionality and each extension is usually a separate plugin. Depending on the functionality you need, extensions can add several additional plugins to the plugin management page in the backend of WordPress.

Plugin Groups is a free new plugin by CalderaWP that adds the ability to organize plugins by groups for easy filtering. For example, you can create a group called e-Commerce and add all plugins dealing with e-Commerce to the group. When you browse to the Plugins page, you’ll see a new filter at the top called e-Commerce. Clicking on it will display only the plugins within that group.

Plugin Groups in ActionPlugin Groups in Action

You can organize groups by clicking on a group’s name and dragging it up or down. One thing I noticed is that clicking the save button doesn’t appear to do anything, even though it saves the configuration. I recommend displaying a visual notification that tells me I clicked the save button and the configuration saved successfully.

I tested the plugin on WordPress 4.2 and it works as advertised. Plugin Groups is a nice way to organize and access plugins based on functionality. Plugin Groups should definitely come in handy for those who use 50 plugins or more. You can try Plugin Groups yourself by downloading it for free from the WordPress plugin directory.

by Jeff Chandler at April 15, 2015 01:44 AM under orginization

WPTavern: iThemes Patches Vulnerability that Affects All Versions of the iThemes Security Plugin

iThemes has released new versions of iThemes Security and iThemes Security Pro to address a critical security vulnerability. Every version of both plugins is at risk, including Better WP Security 3.0. The vulnerability allowed potentially dangerous JavaScript to run when viewing 404 logs.

When the 404 Detection feature is enabled, data about requests for non-existent pages are stored in the database. Attackers could potentially add JavaScript code to these page requests, which would then be stored. This update fixes a security flaw that could allow those scripts to run when viewing the Security > Logs page

If you’re using iThemes Security Pro, there are three ways to update:

  • Update immediately now from the Sync Dashboard
  • Update directly from the WordPress dashboard for licensed Pro sites
  • Download the latest version from the iThemes Member Panel

If you’re using iThemes Security, visit Dashboard – Updates to install the latest version. Every branch of iThemes Security has been patched. To check if you’re running a patched version, please review the following information.

  • If you were running on 4.6 or higher, you’ll auto-update to 4.6.13
  • If you were running on 4.5.*, you’ll auto-update to 4.5.11
  • If you were running on 4.4.*, you’ll auto-update to 4.4.24
  • If you were running on 4.3.*, you’ll auto-update to 4.3.12
  • If you were running on 4.2.*, you’ll auto-update to 4.2.16
  • If you were running on 4.1.*, you’ll auto-update to 4.1.6
  • If you were running on 4.0.*, you’ll auto-update to 4.0.28
  • If you were running on 3.6.*, you’ll auto-update to 3.6.7
  • If you were running on 3.5.*, you’ll auto-update to 3.5.7
  • If you were running on 3.4.*, you’ll auto-update to 3.4.11
  • If you were running on 3.3.*, you’ll auto-update to 3.3.1
  • If you were running on 3.2.*, you’ll auto-update to 3.2.8

Ole Aass is credited with discovering and responsibly disclosing the vulnerability. The WordPress.org security team has pushed out an automatic update, but if you haven’t received it yet, manually update as soon as possible.

by Jeff Chandler at April 15, 2015 01:25 AM under security

April 14, 2015

WPTavern: WordPress for Android Version 3.9 Adds Two-Factor Authentication and Improvements to the Media Library

mediapicker-576x1024The mobile developers behind WordPress for Android released version 3.9 today on Google Play. The app now supports two-factor authentication without the need for application passwords. In the past, WordPress mobile apps required an extra step wherein you would generate a unique password for the app on each of your mobile devices. This release eliminates that extra requirement.

One of the most visible new features in 3.9 is the improved experience of adding media from your device to your site’s media library. Previously, adding media required a couple extra clicks to navigate to the correct screen for capturing a photo/video or selecting from the mobile device’s gallery.

The new media screen includes new buttons at the top that allow you to capture a photo or video with your device. It also displays all of your media sources from one location, a major improvement that makes adding media faster and more convenient.

Also new in 3.9 is a language selector specific to the app, which currently supports 32 different languages for publishing.

The release post credits 11 different people for their contributions to 3.9. Development for the 4.0 milestone is already underway on GitHub.

Android users who are eager to update to the latest version may need to wait a few hours. According to contributor Tony Rankin, the update was moved to production today and can take awhile to fully propagate. Users can expect the 3.9 update to hit their devices within 24 hours.

by Sarah Gooding at April 14, 2015 11:33 PM under wordpress for android

Matt: Why We Love Repetition

What is music? There’s no end to the parade of philosophers who have wondered about this, but most of us feel confident saying: ‘I know it when I hear it.’ Still, judgments of musicality are notoriously malleable. That new club tune, obnoxious at first, might become toe-tappingly likeable after a few hearings. Put the most music-apathetic individual in a household where someone is rehearsing for a contemporary music recital and they will leave whistling Ligeti. The simple act of repetition can serve as a quasi-magical agent of musicalisation. Instead of asking: ‘What is music?’ we might have an easier time asking: ‘What do we hear as music?’ And a remarkably large part of the answer appears to be: ‘I know it when I hear it again.’

Elizabeth Hellmuth Margulis writes on why we love repetition in music and the neurological effects repeated songs have on us. Hat tip: Brian Groat.

by Matt at April 14, 2015 09:34 PM under Asides

WPTavern: WPSessions Changes Pricing Structure, Live WordPress Training Events are Now 100% Free

wpsessions-brian-richards

WPSessions founder Brian Richards announced a radical shift in his pricing structure this week. The site was launched two years ago to provide developer education through videos that allow customers to learn from WordPress experts.

Live events are now 100% free for everyone to attend, and the price of the recorded sessions has been reduced from $30/each to $9.

“The changeup has come entirely from my struggles to get multiple speakers to present within the same small window of time,” Richards said. With a global audience of both presenters and customers, coordinating timezones often posed a roadblock to scheduling. Richards can now tell the presenters to pick a day and time that works for them and he will be there to record it. The changes also allow for a greater variety of topics.

“Rather than bundling three similar presentations under a single event, I can now have entirely different topics going on within the same month, or still keep the month focused to a single topic but have the presentations spread out over a couple of weeks,” he said.

In the past, Richards struggled even to get paying customers to attend the live events, as they opted instead to watch the recorded sessions later.

“With the live broadcasts, having direct access to all of these presenters is a HUGE opportunity, so it was always disappointing in past sessions when I’d sell dozens of tickets but still only have 20 or so people attend the live event,” he said.

“Making the events 100% free to watch live serves a bunch of different purposes. First, it makes the event accessible to someone where the cost could be a blocker (blocker in a sense of ‘I don’t yet know if this resource is worth the investment,’ not ‘I don’t think I can afford this,’ because the sessions were already super cheap).

“Second, it encourages people to actually show up and participate, rather than just sitting back and thinking ‘I don’t need to make it live because I can just watch it whenever.'”

Reviving WPSessions Sales with Cheaper Pricing and Free Live Events

WPSessions dropped off the map for a short spell from December to March when Richards struggled to get presenters to commit to scheduling. With the new plan in place, he already has the next five presentations locked in and more on the line.

WPSessions currently has 100 VIP Members, and Richards hopes to grow that number to 400 this year. He’s not worried about a loss of revenue with the drastically reduced session pricing.

“My data shows that most (upwards of 90%) of sales on each session happen within the first two months, and then drop off dramatically after that,” he said.

“If anything, I think this may actually lead to an increase in revenue from the sessions, because it’s incredibly easy for someone to show up for free and see what WPSessions is all about, and because the back catalog is now so much less expensive.”

The Future of WPSessions in the WordPress Education Space

Richards is currently working on producing an intensive WordPress Training Curriculum for developers. The first module, WordPress Website Mastery, will be going up next Monday.

“The overall goal of this will be to take someone in any field and teach them the necessary skills to become a profitable WordPress developer – either as an independent contractor, or by joining the ranks of an agency,” he said.

The long term goal for WP Sessions is to provide the most comprehensive collection of WordPress training materials that exists anywhere. Entrepreneurs are building new products for WordPress every day but very few have ventured into the WP education space to train developers. Richards has found that it’s not the easiest market to tackle.

“Developers are a fickle bunch,” he said. “They like to figure things out for themselves and hack around the internet until they find the answer to a specific problem they’re facing. It’s hard to introduce them to a specific training track because what they want to learn and what they need to learn are often two wholly different things. I know, because I am one.”

The WordPress ecosystem does not have an official, respected training certification for developers. While various training sites offer instruction, ranging from site management to development, WPSessions is rare in that it pulls in knowledge from presenters in all corners of the WordPress community.

“I have yet to find a site that offers the curriculum I’m looking to provide, which is a full-on cradle-to-grave instruction on Development 101 all the way through to Advanced Techniques, while also hitting on design basics, business development, marketing, and all the other skills an independent contractor needs to have in their wheel house,” he said.

WPSessions isn’t currently a full-time endeavor, but Richards is working on getting it there this year. By opening up the live events for free, he’s hoping to expand his audience and attract more customers to his catalog of learning resources.

The next live event features Scott Bolinger, who will teach viewers how to build mobile applications using WordPress. If you’re interested to learn how to use the WP REST API with an AngularJS frontend and compile it into a mobile application package, mark your calendars to attend the free live event on April 23 at 4pm EST (UTC+4).

by Sarah Gooding at April 14, 2015 09:15 PM under wpsessions

WPTavern: Wordfence Premium Adds the Ability to Audit User Passwords in WordPress

By utilizing the power of graphical processing units and partnering with Netriver, Wordfence can simulate a password cracking attempt using a library that contains more than 260 million passwords.

The library is made up of previous hacks on major websites and services. For example, if your password was leaked during the LinkdIn hack in 2012, Wordfence will inform you that it’s no longer safe to use.

WordFence Password AuditingWordfence Password Auditing

I audited the passwords of all users on the Tavern test site and no weak passwords were discovered. I changed my password to password and within seconds, Wordfence detected a weak password.

Weak Password DetectedWeak Password Detected

When a weak password is detected, you can email selected users and request that they change it to a strong one. Alternatively, you can let Wordfence change it to a strong one automatically and email it to the user.

Wordfence explains how the auditing process works.

Internally this feature uses a double layer of encryption to protect your data during the audit. First, we encrypt the hashes we are going to operate on using a combination of AES encryption and RSA public key encryption.

Then we send your encrypted data via SSL to our servers which provides a second layer of encryption. Once on our servers, the data is stored encrypted until it is audited and we never return sensitive data to your website.

Although WordPress 3.7 added an improved password strength meter, WordPress doesn’t enforce password strength for new users. After performing an audit, I recommend turning on the option in Wordfence to enforce strong passwords for new users. This way, you’ll know that all passwords from that point forward are strong.

Enforce Strong PasswordsEnforce Strong Passwords

Earlier this year, SplashRiver released its list of the 25 worst passwords used in 2014. The passwords include, 123456, password, and 12345. Password auditing in Wordfence is a convenient way to make sure none of the users on your site are using weak passwords like those in the report.

by Jeff Chandler at April 14, 2015 07:51 PM under wordfence

Matt: Start With The Result 

Starting with the results helps refocus the day, clear away busy work, and make sure your actions and time are being spent with an eye on the results you want to achieve. Results, not just work.

Sara Rosso writes Start With The Result.

by Matt at April 14, 2015 03:58 AM under Asides

April 13, 2015

WPTavern: Going Behind the Scenes with the Jetpack Team

jetpack-team

Have you ever wondered what it takes to support a WordPress plugin with a million active users? At the beginning of 2015, Matt Mullenweg highlighted Jetpack as one of the most important tools in helping WordPress remain competitive and preventing the decline of its market share.

The team surrounding Jetpack is laser focused on adding compelling features that will help self-hosted sites get everything they need in one convenient pit stop. Whether or not you believe the future of WordPress is hinged on Jetpack’s success, there’s no doubt that the professionally-supported plugin has helped self-hosted sites to thrive, with much less effort required on the part of site administrators.

With 36 modules currently available in the plugin and a never-ending support queue, the distributed team behind Jetpack meets up regularly to build teamwork and keep things running smoothly. At WordCamp London 2015, a good number of the newly expanded team met in person for the first time.

I had the opportunity to sit down with a few Jetpack representatives, including team lead George Stephanis, support specialist Carolyn Sonnek, and pit crew team member Jesse Friedman to discuss what it takes to keep Jetpack going strong.

Managing the Jetpack Support Load

Since their last meetup in August, the Jetpack team has experienced quite a few shakeups. Automattic’s BruteProtect acquisition added five new team members to the pit crew, bringing their numbers to 10. The Jetpack Manage team, which ties into WordPress.com, has 10 members and is led by Beau Lebens. There are also 10 additional team members allocated for supporting Jetpack user happiness.

Stephanis always tries to include someone from support, as they represent those who are on the front lines with users every day. The happiness engineers are also divided into sub-teams to manage a support queue that often adds up to several hundred tickets per day. Requests pour into an email inbox from the plugin itself, as well as the WordPress.org support forums.

Jetpack team members are also active on Twitter and Facebook where they triage requests and help to move users to a more traditional support avenue. The happiness engineers are currently working on a quicker turnaround for support.

“Right now our goal is to get under 12 hours, and then once we hit that goal, we’re going to go to five hours, and then on to 1 hour someday,” Sonnek said. If you take a look at the plugin’s support forums, you’ll find that nearly all of the issues are resolved or in process, which is a rarity for WordPress.org plugins. It takes 10 team members to keep it that way.

Automattic is aware of the number of people currently using Jetpack but will not be disclosing that information publicly. “We use those numbers internally for reference for how we are doing, or to see if there has been some change that has resulted in an uptake of new connections or something along those lines,” Stephanis said.

“In the end it’s a number, and a number without context is very easy to take out of context. Instead of dwelling on the numbers, we’re much more interested in what adoption looks like.” He said that the total number is comparable to the million installs reported by WordPress.org but is probably somewhat less if you account for test sites and hosting partnerships where the plugin is automatically installed but not yet active.

Jetpack Focus for 2015: Iterating and Polishing of Current Features

For the past few years the Jetpack team has managed a unique balancing act of prioritizing support while fixing bugs and tackling new features at the same time. Many recent releases have introduced new modules, but the team is switching gears in 2015 to focus on keeping the ride smooth.

“Our focus for the next year is largely going to be on iterating and putting the next bit of spit and polish on features that are already in,” Stephanis said. “A lot of the things we’ve launched need a v2; they need a second pass on it.”

This new focus will be a change as compared to the previous breakneck speed with which the team was cranking out new modules.

“There are couple of minor things that other teams are working on that will probably get rolled out to WordPress.com and will probably get synced down to Jetpack as well,” he said. “But there’s no large ticket features that we’re currently focusing to get into Jetpack and get launched.

“This is very much a year focused on building up the team, building up familiarity with our internal processes and cultures, and addressing some long-standing technical debt that we’ve been kind of swamped with paying down.

“But now with the resources we currently have, it’s much easier to focus on the core product offering and how to explain that,” Stephanis said.

Pushing for Goals Over Deadlines

Stephanis has been leading Jetpack releases for awhile, but recently the team has started rotating release leads in preparation for his upcoming paternity leave. I asked him if he still feels the weight of pushing out code to millions of users at release time.

“Every time,” he said. “I’m just thinking – What edge cases have I missed? Have I forgotten to do something? Have I updated the translations? What if we’re not compatible with some other plugin? What if there’s a name space conflict and we white screen some sites?”

With a massive user base using a myriad of different themes and plugins, there’s always the chance for some unforeseen conflict. The support team has to be prepared to handle that.

However, Stephanis believes the many problems with releases can be prevented by making sure you’re never in a rush.

“If you’re forcing it through to get it out super quick, you’re not giving your subconscious the time to turn things over in its own time,” he said. “I’m not saying intentionally slow down the development process, but making sure you’re never overly rushed by deadlines is one of my best ways to ensure that we’re not having oops moments or shipping something and then two hours later go ‘Oh we forgot the…'”

As part of this approach, the team focuses on goals and testing more than meeting an arbitrary release schedule.

“We set goals more than deadlines,” Stephanis said. “Yes, it’s nice to have deadlines and goals but if you’re overly concerned about the deadline, the quality can slip. We make sure we’re not shipping anything unless we’re really comfortable with it, we’re confident, and we’ve tested it.”

The team aims to do at least a one-week translation freeze before releases and generally catches a good deal of bugs during the freeze.

“We have a fantastic Jetpack beta group that we pass releases out to and explain everything new that’s coming,” he said. “Some of the edge cases they turn up just blow my mind.” Having that cushion of time to focus on compatibility and cross testing is essential to mitigating Jetpack’s conflicts with other plugins.

Very small issues become very big issues when you’re running at scale with millions of users,” Stephanis said. “If something is only hitting one tenth of one percent, guess what, that’s a couple thousand users now.”

With an ever growing user base, the cost of a mistake or conflict gets even more expensive in terms of support. This is where the Jetpack team has learned that not rushing really pays off. The goal, in the end, is not about hitting a release date but rather providing a smooth experience with the release.

Overcoming Negative Perceptions of Jetpack

One of the constant struggles for the Jetpack team is addressing the negative perceptions of the plugin, especially criticism from the development community.

“There are still a lot of folks who don’t understand what we’re actually trying to accomplish,” Stephanis said. “I occasionally get questions like, ‘With as many things as Jetpack is doing, how are individual plugin authors meant to in any way compete against this?’

“The answer to that is we do a lot of general things aimed at raising the tide that lifts all the ships, but we don’t go in any way in depth. For example, I don’t think the contact form module in Jetpack has in any way hindered the sales of Gravity Forms.

“Developers still have the ability to pick one aspect and go incredibly in depth on it – yes, we have related posts, but if someone wants to do a plugin that just does related posts and really knocks it out of the park, we’ll be able to get folks started on the idea of it. Then they’ll get comfortable and will be much more willing to move to a premium version that they find elsewhere.”

Stephanis also emphasized Jetpack’s extensibility. Plugin authors are even at liberty to utilize the WordPress.com infrastructure while extending Jetpack features. Despite having 36 different modules, the goal has never been to add every possible feature.

“One of the things we fight perception-wise is the concept that Jetpack is bloated,” Stephanis said. “Which is an easy thing to think when you see what appears to be 30 some different plugins that you can turn on and off.

“When they all tie together with the common core, one plugin can be just one line of code or one plugin could be humongous. It’s very easy to fall into the idea of: ‘I turn off a plugin and that’s going to make my site go faster, right?’ But the fact of the matter is that everything we do in WordPress and life is always going to be a matter of trade offs.

“If you do something else, it’s going to affect your site in some fashion. Just by the very fact that you’re adding some level of complexity. It’s more of a question of if you want this feature what’s the best trade off you can get for it. Sam ran a couple comparisons and published them on the group blog comparing our commenting form and several of our other features to WP plugins. In comparison, we wind up coming out a little bit ahead.”

The download size of Jetpack, currently at 8.2MB, is often a concern for many users.

“The code base gets a lot of misunderstanding,” Stephanis said. “The translations are about 2/3 of it and the Custom CSS module includes a megabyte in and of itself, because we include some JavaScript and CSS to make it pretty as you’re editing it, SASS and Less precompilers, the CSS sanitization library, all of which for the vast majority of page views isn’t even loaded.”

At the moment, three quarters of Jetpack sites are using English, which means that two thirds of the download size is irrelevant to three quarters of Jetpack users. Getting translations on demand is a major goal for the plugin, but the team has to work with WordPress.org to make it happen.

“We are waiting on support from WordPres.org to let us use a GlotPress instance to manage our translation flow and then it’s just a quick switch to start serving it up on their end,” Stephanis said.

Until that is resolved, the cost of supporting a global user base will continue to be an extra 5MB on the initial download. Apart from some vocal opposition from developers, most Jetpack users do not seem to mind the size of the download or the number of modules. The features it provides in one package are too compelling and convenient for most of the plugin’s users to notice the download size.

Jetpack also gives self-hosted sites access to the infrastructure available on WordPress.com for features that might otherwise create a toll on budget hosting providers, such as related posts and the free Photon CDN. However, Stephanis believes that the quality of maintenance and support are the most compelling reasons to use Jetpack.

“One of the biggest gripes most folks have with the WordPress.org plugin repository is that there are so many abandoned plugins,” he said. “These are plugins that either have bugs and never get attention or plugins that, if something breaks, you can never get support.

“By far the biggest advantage and the best reason to use Jetpack is the fact that we have 20 active developers between Beau’s team and the pit crew itself, and an active crew of about 10 support folks that are daily focused on enriching the experience, fixing any issues that come up. That, by far, to me is the biggest selling point, the biggest advantage over using 30 different plugins where the code quality may be more questionable.”

by Sarah Gooding at April 13, 2015 10:22 PM under jetpack

Matt: John Oliver meets Snowden

John Oliver is pretty much always fun to watch, but you should especially send this episode to everyone you know, it’s important for people to see and understand it.

by Matt at April 13, 2015 04:30 AM under Asides

April 11, 2015

Matt: Apple Watch Horror Story

Read through this amazing horror story constructed of actual sentences (with links) from reviews of the Apple Watch. (Hat tip: Laughing Squid.) As for me? I tried on the Watch yesterday and was very impressed, I’ll be getting one as soon as I can once they’re available. I would have picked up one of the new Macbooks as well if it was available, but the stores had them on display but none in stock.

by Matt at April 11, 2015 04:41 PM under Asides

WPTavern: Visualize the Disk Space Used on Your Site with the Disk Usage Sunburst Plugin

Disk Usage Sunburst is a new plugin created by Raidboxes that enables you to visualize the disk spaced used by your WordPress site. After installing and activating the plugin, you’ll find the sunburst chart under the Tools – Disk Usage menu.

A sunburst chart is generated in SVG format that displays the amount of disk space used by each directory and file. The chart takes a little while to get used to as it’s an alternate way of browsing directories and files. Click any of the arches to browse deeper into a directory. Clicking the center circle will take you back a directory.

Suburst Disk UsageOne thing I noticed during testing, is that there’s no visual indication when you click on an arch. There’s also a delay when selecting an arch since it takes time to render the chart. There might be a bigger impact on performance for sites with large file and directory structures.

In future updates, I’d like to see a list of shortcuts such as, largest file, largest directory, etc. This would make it quick to view pertinent information and give users an idea on how the chart works. I’d also like to see improvements to speed and performance. Disk Usage Sunburst serves its purpose and works fine on WordPress 4.2. You can download it for free from the WordPress plugin directory.

by Jeff Chandler at April 11, 2015 04:28 AM under disk usage sunburst

WPTavern: BuddyPress 2.2.2 Released Addresses Two Potential Security Issues

BuddyPress Featured ImageBuddyPress 2.2.2 is available from the WordPress plugin directory. It fixes two potential security issues and has a few bug fixes. This is what is fixed in 2.2.2.

  • Activity: sanitize output of “Load More” link
  • Members: better nonce check on members widget
  • Core: improve filtering of wp_title

The security issues were responsibly disclosed by Todd Gibson and Justin Heideman. I jokingly asked BuddyPress lead developer, John James Jacoby, about releasing security fixes on a Friday evening. He said he’d rather be annoying than irresponsible.

If I used BuddyPress, I’d want security fixes as soon as they’re available. Thanks to Jacoby and the rest of the BuddyPress team for helping to keep sites safe no matter what time of day it is. You can download BuddyPress 2.2.2 from the WordPress plugin directory, or visit Dashboard – Updates in the WordPress backend.

by Jeff Chandler at April 11, 2015 03:29 AM under security

Matt: Ambiguity and the Art of Meaning

Ambiguity. It’s the defining characteristic of this age. Yesterday offered many certainties. A secure job, stable income, lasting community…a predictable economy, culture, society. But that’s not the case anymore. Something surrounds us, permeating our worlds, defining our lives; though we call it by different names. Economic uncertainty; social instability; political unpredictability. All simply different kinds of ambiguity.

Umair Haque writes on Ambiguity and the Art of Meaning.

by Matt at April 11, 2015 03:00 AM under Asides

April 10, 2015

WPTavern: New Plugin Adds a WhatsApp Button to Jetpack’s Sharing Module

jetpack-whatsapp

Facebook shocked the world when it acquired WhatsApp for $19 billion dollars in February 2014. As of January 2015, the app’s user base has grown to more than 700 million active users, making it the third largest social network on the planet.

Last year very few WordPress sharing plugins prioritized adding WhatsApp, despite its enormous popularity. This has gradually improved in 2015, as more than two dozen social plugins on WordPress.org now include a WhatsApp sharing button.

A new plugin released today brings WhatsApp sharing capabilities to Jetpack, which surprisingly doesn’t include this by default. A ticket was opened on Jetpack’s GitHub account to request this feature, but Jetpack representatives recommended that the service be added as a separate plugin.

The WhatsApp Sharing Button for Jetpack was created by Brazilian WordPress developer Valerio Souza. It works seamlessly with the sharing module’s drag-and-drop configuration and uses the same design style as the other buttons.

whatsapp-sharing

After testing the plugin I discovered that the WhatsApp sharing button is intuitively hidden on the desktop version. Users will only see it if viewing a post from a mobile device, including smartphones and tablets. If you don’t see the button on mobile, make sure you meet the plugin’s minimum requirements: PHP 5.4+, MySQL 5.5+, WordPress 3.8+.

I’d like to see Jetpack add more sharing options for messaging apps. These social networks generally provide a more personal avenue for sharing a post, as opposed to publicly broadcasting to Twitter or Facebook. As an enthusiastic Telegram user, I’d love to see a similar plugin created for it.

A service with 700+ million active users is one social network you can no longer afford to ignore when it comes to sharing, especially if your blog enjoys a global audience. WhatsApp users’ geographical distribution is heaviest in India, Brazil, and Mexico, three emerging markets where smartphones usage is just now starting to explode. Installing the WhatsApp Sharing Button for Jetpack plugin may help your posts reach more readers in other parts of the world.

by Sarah Gooding at April 10, 2015 10:57 PM under whatsapp

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this send an email to Matt.

Official Blog

For official WP news, check out the WordPress Dev Blog.

Subscriptions

Last updated:

April 19, 2015 09:00 PM
All times are UTC.