This week contributors on the TGM Plugin Activation (TGMPA) library published a roadmap for the future of the project. TGMPA is widely used by WordPress developers to require and recommend plugins for themes (and other plugins). The library is recommended by Themeforest, CodeCanyon, and the WordPress.org Theme Review Team as an alternative to bundling everything…
Jetpack and the Twenty Fifteen default theme have been updated after a DOM-based Cross-Site Scripting (XSS) vulnerability was discovered. According to Sucuri, any plugin or theme that uses Genericons is vulnerable due to an insecure file included within the package. Genericons ships with a file called example.html which is vulnerable to attack from the Document…
WordPress lead developer Andrew Nacin spoke at the php[world] 2014 conference on “Challenging Your WordPress Assumptions from 2009.” The video was recently published on YouTube and provides an excellent overview of the major ways WordPress has changed over the past six years. Nacin explores common assumptions, such as “WordPress is insecure,” “WordPress doesn’t scale,” and…
When it comes to hosting, there are predominately two choices to manage your account or server; Plesk and cPanel. Dan Griffiths wants to shake things up by adding a third choice with HostPress. HostPress is an open-source, extensible server control panel built on top of WordPress. Griffiths has started an Indiegogo crowdfunding campaign to generate…
WordCamp Miami, one of the largest and longest running WordPress events in the US, is gearing up to celebrate its 6th year on May 29-31. Last year the event brought together 770 attendees and tickets for 2015 are selling fast. “We have sold over 600 tickets, and we see a sell-out on the horizon,” organizer…
Organizers of the very first WordCamp Belgrade are happy to report that the event was a smashing success. Serbia’s rapidly growing WordPress community started just two years ago with local meetups that became larger than some smaller WordCamps. “Our road from the first meetup back in April 2013 to the first WordCamp was brilliant,” organizer…
In March 2014, WordPress.com opened its marketplace to new theme authors. Prior to that time, new sellers were added via invitation only. A year ago there were only 300 themes available to WordPress.com users, but after having the marketplace open to new authors that count is up to 345. Recently the submission form disappeared from…
WordPress 4.3 development kicked off this week with release lead Konstantin Obenland at the helm. The main focus of this release will be to improve the experience of using WordPress on touch and small-screen devices. Contributors will also be renewing efforts to improve the Admin UI and the Network Admin UI, particularly as it relates…
Aaron Jorbin, who contributes to WordPress core on a regular basis, has published a script called WordPress Theme Directory Slurper. The PHP based script downloads and updates a copy of the latest stable version of every theme in the WordPress.org theme directory. Devin Price put the script to good use and has published a series…
Postmatic publicly launched its email-based commenting service today and is now officially out of beta. The free plugin aims to increase comment engagement by allowing readers to subscribe to new posts/comments via email and leave comments by simply hitting reply. Postmatic also launched a commercial service alongside version 1.0. For $9/month customers can add additional…
Contributors on the WP REST API project have released version 2.0 beta 1, named after Simpsons character Ralph Wiggum. This release is not backwards compatible with version 1, but project lead Ryan McCue assured developers that it is a direct continuation and that the fundamentals of the API haven’t changed. Documentation for version 2 is…
In light of the WordPress Theme Review team’s recent decision to enforce the use of the native customizer for themes in the official directory, the folks behind the Redux and Kirki frameworks are joining forces to better support developers for the new requirement. Redux, which is built on the WordPress Settings API, is one of…
This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released 4.2.1 within hours of being notified. WordPress’ official statement on the security issue: The WordPress team was made aware of…
Klikki Oy is reporting a new comment XSS exploit vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an unauthenticated attacker to inject JavaScript into comments. If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.…
If you’re thinking about applying to work for Automattic, you might want to read this article first. Dave Martin, Creative Director at Automattic, published an in-depth look behind the scenes of the remote hiring process for the design and growth portion of the company. He explains the five step process in detail which gives future…