JetBrains announced today that it has released a security update for PhpStorm and all of its other IntelliJ-based IDEs due to a set of critical vulnerabilities: The cross-site request forgery (CSRF) flaw in the IDE’s built-in webserver allowed an attacker to access local file system from a malicious web page without user consent. Over-permissive CORS…
GitHub has been inundated with negative feedback after announcing a major change to its pricing today. All paid plans now include unlimited private repositories, but there’s a catch. The new pricing structure requires GitHub.com organizations to purchase a seat for each user. At $9 per user/month, collaborating on private repositories is now far more costly…
Affinity is the latest addition to WordPress.com’s small collection of themes created specifically for weddings. This highly customizable, elegant theme was designed by Caroline Moore with weddings and family announcements in mind. Affinity is a one-page theme with support for five different panels. Each panel’s content can be assigned in the customizer under Theme Options…
The organizers of WPCampus are seeking feedback via a survey on how schools and campuses utilize WordPress in their environments. The survey consists of five sections: How Do You Use WordPress on Campus Site Demographics, Traffic, and Data Plugins, Themes, and Features Security, Performance, and Hosting Your Team Structure & Workflows There are a couple…
In late 2014, WordPress 4.1 added a Recommended Plugins tab that takes into account the plugins you have installed and suggests plugins based on which ones are commonly used together. After nearly a year and a half since it was added, I asked the Tavern’s Twitter followers if they have ever installed plugins recommended by…
When Automattic acquired WooThemes in 2015, it gained employees, plugins, themes, and the company’s trademarks. These trademarks include, standard character marks, logos, and specific graphics such as the Verified WooExpert badges. One of the responsibilities of a trademark owner is to protect it from infringement. WooGPL is a service that provides customers with commercial themes,…
Storefront, the official WooCommerce theme built to work seamlessly with the plugin, has just passed the 2.0 milestone. This release introduces a new “best sellers” section to the homepage and adds compatibility with the upcoming WooCommerce 2.6’s tabbed “My Account” section and the average rating widget. The most important update in Storefront 2.0 is the…
Last week the creators of Timber, the plugin that enables WordPress theme developers to write HTML using the Twig Template Engine, released version 1.0 on WordPress.org. The plugin is active on more than 10,000 websites where theme authors have elected to keep PHP files separate from HTML. Timber is built on DRY and MVC principles…
VersionPress 3.0, released this week, is the first version since the plugin became a free, open source project. Creators Borek Bernard and Jan Voráček, who originally attempted to crowdfund the project and then raised $400,000 in seed funding, announced last month that they are transitioning to a public development model. The team’s goal with this…
The WordPress core team has released WordPress 4.5.2 which patches two security vulnerabilities in WordPress versions 4.5.1 and below. The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library used for media players. Auto…
Laravel, the open source MVC PHP framework created for application development, has just released Valet, a minimalist development environment for Mac. It uses just 7mb of RAM, because it doesn’t include Vagrant, Apache, Nginx, or a /etc/hosts file. Here’s how it works: Laravel Valet configures your Mac to always run PHP’s built-in web server in…
WordPress 4.6 will bid farewell to Open Sans in the admin in favor of using system fonts. Open Sans, which loads from Google Fonts as an external resource, has been in use in the admin since 2013. “At the time of introduction in 3.8, there were not good system fonts common to all platforms at…
Ninja Forms, a popular plugin active on more than 500K websites, released an update 48 hours ago that addresses a critical security vulnerability. Wordfence is reporting that Ninja Forms versions 2.9.36 to 2.9.42 contain multiple security vulnerabilities. One of the vulnerabilities allows an attacker to upload and execute code remotely on WordPress sites. The only…
Earlier this year, the WordPress project made a huge move by adopting accessibility coding standards for new and updated code. If you’re struggling to meet WCAG 2.0 guidelines in your WordPress projects and need help, check out the new Accessibility section in the WordPress.org support forums. Amanda Rush, who helps WordPress developers make their themes…
Font Awesome, the open source vector icon collection used by more than 300 plugins on WordPress.org and many free and commercial themes, announced the beta release of its new CDN. Developers can now add a single line of code to bring the icons and CSS toolkit into their projects. The icon files and CSS are…