Version 1.0.0 of the ActivityPub plugin was released this week with major updates that make it possible to have a blog-wide account, instead of just individual author accounts, where followers receive updates from all authors. This new feature allows people to follow blogs on decentralized platforms like Mastodon (and many others) with replies automatically published…
WordPress core developer John Blackbourn sparked a heated discussion yesterday when he posted an image of his WordPress User Switching plugin ranking higher for the WordPress.com listing than the page on WordPress.org. Blackbourn later apologized for the inflammatory wording of the original post, but maintains that .com plugin listings being displayed higher in search results…
It has be nearly one year since WordPress silently turned off active install growth data for plugins hosted in the official plugin repository, a key metric that many developers rely on for accurate tracking and product decision-making. “Insufficient data obfuscation” was cited as the reason for the charts’ removal, but this opaque decision landed without…
Advanced Custom Fields (ACF), one of the plugins WP Engine acquired from Delicious Brains in 2022, has published the results if its first annual survey. Although ACF reports more than 4.5 million active users, including PRO site installs, the survey only gathered feedback from 2,031 respondents. These results are more representative of the plugin’s developer community, as…
After an accumulation of undisclosed and unpatched vulnerabilities in plugins hosted on WordPress.org, Patchstack has reported 404 plugins to WordPress’ Plugin Review Team. “This situation creates a significant risk for the WordPress community, and we decided to take action,” Patchstack researcher Darius Sveikauskas said. “Since these developers have been unreachable, we sent the full list…
WordPress Playground, an experimental project that uses WebAssembly (WASM) to run WordPress in the browser, makes it possible for users to quickly test plugins and themes without having to set up a local development environment. Ordinarily, testing a plugin or theme with Playground requires visiting playground.wordpress.net, which will instantly create a real WordPress instance with admin access without having…
group.one, a European cloud hosting and digital marketing services provider, has acquired the BackWPup, Adminimize, and Search & Replace plugins from Inpsyde. Together the products have more than 1.1 million active installs and will join group.one’s growing portfolio of WordPress products, which include WP Rocket, Imagify, and Rank Math SEO. Inpsyde sold the plugins to focus more on its consulting…
WordPress’ Plugin Review team is wading through a backlog that was over 900 plugins awaiting approval earlier this week. The current count has 870 plugins sitting in the review queue, with an average wait time of 61 days before initial review. WordPress developer Marcus Burnette drew attention to the matter on Twitter after submitting a…
The Kadence Blocks plugin, which is used on more than 300,000 WordPress sites, has patched a critical vulnerability in its Advanced Form Block file upload capability. Version 3.1.11, released on August 8, 2023, patches the security issue with the form uploads. The plugin’s development team is getting out ahead of the situation by posting an…
ConvertKit has updated its official WordPress plugin and WooCommerce add-on to support a range of new features. More than 40,000 sites use ConvertKit’s plugin to integrate their newsletters, email campaigns, and digital products with WordPress. The service is free for the user’s first 1,000 subscribers but offers more automated features and third party integration on…
Jetpack 12.4 was released today, launching the plugin’s Newsletter product. It allows users to send blog posts as newsletters, without the hassle of having to copy and paste from the WordPress editor into another newsletter service’s campaign editor and reformat it for email. This launch comes seven months after WordPress.com launched its newsletter offering, which…
Snicco, a WordPress security services provider, has published an advisory on a vulnerability in the MalCare plugin, which is active on more than 300,000 sites. “MalCare uses broken cryptography to authenticate API requests from its remote servers to connected WordPress sites,” WordPress security researcher Calvin Alkan said. “Requests are authentication by comparing a shared secret stored…
A new era has begun for WordPress.org’s Plugin Review Team. Mika Epstein, who has served for the past decade, is stepping down, but not before launching a new crew of volunteers. The team is responsible for approving newly submitted plugins, maintaining the Plugin Reviewer Handbook, as well as investigating any reported security issues and guideline…
WPScan is reporting a hacking campaign actively exploiting an unpatched vulnerability in the Ultimate Member plugin, which allows unauthenticated attackers to create new user accounts with administrative privileges and take over the site. The vulnerability has been assigned a CVSSv3.1 (Common Vulnerability Scoring System) score of 9.8 (Critical). Automattic’s WP.cloud and Pressable.com hosting platforms picked…
Really Simple SSL, a popular plugin used on more than five million sites for installing SSL certificates, handling website migrations, mixed content, redirects, and security headers, has added a new feature in its most recent major update. Version 7.0.0 introduces vulnerability detection as part of a partnership with WP Vulnerability, an open source, free API…