The WordPress core team has released WordPress 4.5.2 which patches two security vulnerabilities in WordPress versions 4.5.1 and below. The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library used for media players. Auto…
Laravel, the open source MVC PHP framework created for application development, has just released Valet, a minimalist development environment for Mac. It uses just 7mb of RAM, because it doesn’t include Vagrant, Apache, Nginx, or a /etc/hosts file. Here’s how it works: Laravel Valet configures your Mac to always run PHP’s built-in web server in…
WordPress 4.6 will bid farewell to Open Sans in the admin in favor of using system fonts. Open Sans, which loads from Google Fonts as an external resource, has been in use in the admin since 2013. “At the time of introduction in 3.8, there were not good system fonts common to all platforms at…
Ninja Forms, a popular plugin active on more than 500K websites, released an update 48 hours ago that addresses a critical security vulnerability. Wordfence is reporting that Ninja Forms versions 2.9.36 to 2.9.42 contain multiple security vulnerabilities. One of the vulnerabilities allows an attacker to upload and execute code remotely on WordPress sites. The only…
Earlier this year, the WordPress project made a huge move by adopting accessibility coding standards for new and updated code. If you’re struggling to meet WCAG 2.0 guidelines in your WordPress projects and need help, check out the new Accessibility section in the WordPress.org support forums. Amanda Rush, who helps WordPress developers make their themes…
Font Awesome, the open source vector icon collection used by more than 300 plugins on WordPress.org and many free and commercial themes, announced the beta release of its new CDN. Developers can now add a single line of code to bring the icons and CSS toolkit into their projects. The icon files and CSS are…
On this episode of WordPress Weekly, I describe my experience attending WordCamp Chicago 2016 this past weekend. Marcus Couch and I then discuss the news of the week including a new tool that helps WordCamp organizers create customized name badges. We also have a lengthy discussion on the freemium business model and how it’s affecting…
WordCamp Chicago 2016 was held at University Center in the heart of Chicago, IL, where more than 300 attendees spent the weekend learning about WordPress. The event was organized by Ryan Erwin and a team of volunteers. Tracks were split up into three separate rooms limiting the amount of background noise during sessions. Giving attendees…
WooCommerce is the current leader in e-commerce software, capturing 31% of the market, thanks to its relatively user-friendly interface and connection to WordPress. However, setting up a WooCommerce site, or any e-commerce site for that matter, is not for the faint of heart, no matter how user-friendly the software. It requires knowledge of hosting, PCI…
Last week when Beyoncé released her new Lemonade album, lemon and bee emoji usage spiked on Twitter. According to Twitter’s stats, during the month of April there were more than 2 million tweets that included at least one lemon emoji, 62% of which happened since the album release. The bee emoji, representing the Beyhive of…
John James Jacoby, lead developer of bbPress, has released bbPress 2.5.9 to patch a security vulnerability, “bbPress 2.5.8 and below are susceptible to a cross-site-scripting vulnerability that’s due to the way users are linked to their profiles when they are mentioned in topics and replies,” Jacoby said. Marc-Alexandre Montpas is credited for responsibly disclosing the…
One of the main items on the agenda for the Theme Review Team this week was to finalize what type of upselling is allowed in themes hosted on WordPress.org. With the requirement of using the customizer for options, theme authors have gotten creative with upsells and will sometimes include panels and sections that are inoperable…
In February the WordPress Community team announced that it would be launching an experimental WordCamp Incubator program. After a short application window of less than two weeks, the team received 182 applications from cities all over the world. Andrea Middleton reported that the team has narrowed the submissions down to the following 16 communities: Denpasar,…
The BuddyPress codex has a long list of internal configuration settings that are not exposed in the plugin’s admin settings page. These are short definition lines that can be added to a site’s bp-custom.php file to make changes to BuddyPress default settings. BuddyExtender is a new plugin from the development team at WebDevStudios that aims…
Last week Weston Ruter and the folks at XWP released Customize Posts version 0.5, which includes a new framework for postmeta and the ability to preview featured images. The feature plugin aims to introduce basic content authorship in the Customizer to improve the new user site setup experience and make it easier to edit existing…
Enter your email address to subscribe to this blog and receive notifications of new posts by email.