How do WordPress users choose plugins? To answer this question, we created a survey asking users what they find important in plugins Here are the results.
WordPress is the most popular CMS on the web, with 25% of the Alexa Top 10 million sites using it. Although there are a lot of people and companies using WordPress, there is not a lot known about WordPress user behavior. The focus is often on site visitor behavior and analytics like where visitors are clicking or how long they stay on the site. This is important, of course, but ignores a whole other part of the equation.
What about the people doing the work on the back-end of the site? The ones investing countless hours to make sure it looks good and functions well?
At CreativeMinds, we spend a decent amount of time thinking about how people make important decisions concerning their sites. We wanted to see what the current plugin landscape looks like, straight from WordPress users.
People have a ridiculously high number of plugins to choose from when developing or managing a site. On WordPress.org alone, there are over 40,000 free plugins. WordPress users, whether they are aware of it or not, have a method to sifting through the plugin madness.
What do users want in the plugins they use? Who is the average WordPress user? What is the process people use to pick plugins?
These are all
Because Calypso, I found an interesting article about Great opportunities that will emerge in the short terms for Wp developers.
WordPress.com now uses an API to communicate with a Node server, instead of processing with PHP. The advantage of this is that it’s much faster and more interactive, and there are no page refreshes. It’s the same approach that makes many mobile and web apps tick, and it has the performance many users have come to expect these days.
This is a huge shift for WordPress.com, and it’s a major milestone for WordPress in general. Even though many sites and apps have already been taking this API driven approach, this marks a huge shift in WordPress development philosophy.
The question I’m wondering is, where is this all going? What does this shift mean for developers, products, and WordPress core?
Calypso is awesome news for everyone, including ManageWP, for both personal and business reasons. We love WordPress, and Calypso is the first step in an exciting new direction. And business wise, it's about target audience and market share.
Brian interviewed Matt Mullenweg and asked about stuff related to REST API and Calypso. Must read, must listen category :)
Matt Mullenweg is the co-founder of WordPress, and founder and CEO of Automattic. In this interview, we talk about their new WordPress.com editor, and more. I had the opportunity to interview Matt Mullenweg about an ambitious project that included more than a year and a half of development to create an all new WordPress.com interface, both for the web and a desktop app. The project was codenamed Calypso, and we talked about many aspects fo Calypso, as well as a variety of subjects that relate to it.
You can subscribe (and you should!) to the Post Status Draft Podcast on iTunes, Stitcher or via RSS. If you like the show, I’d highly appreciate if you share it with your friends and colleagues.
Why did you make such a big bet on Calypso?
Matt has talked for a while now about his vision that WordPress can become an “app platform”, and this is an example of what that meant to him.
He also notes how he’s always looking for things that will “move the needle” for greater WordPress adoption. We were both thinking about the same statistic: that roughly 96% of WordPress.com users (and probably a high number of WordPress.org users too) essentially abandon their websites after a short tenure. So
Well played and good luck to Nick in his future ventures.
Earlier this year, Nick Haskins, founder of Aesop Interactive LLC, announced he was selling the company. Haskins was initially going to list the company on Flippa but after receiving advice from Syed Balkhi, used FE International to facilitate the sale. FE International is composed of website brokers that do the heavy lifting to help businesses find buyers. An anonymous company based on the US East Coast without ties to the WordPress community is the new owner of Aesop Interactive LLC. Although terms of the deal are not public, Haskins confirms that he received close to his asking price of $100K.
When Haskins put the company up for sale, he specified two conditions the new owner must follow.
Aesop Story Engine MUST absolutely be maintained and kept free.
Editus must continue forward with development, in some way shape or form.
It’s unclear what the new owner’s plans are for Aesop Story Engine, Editus, and Story.AM.
Advice for Selling Your Company
The WordPress ecosystem is filled with thousands of companies from individuals to 50+ person agencies. Haskins offers the following advice for those thinking about selling their business, “Make sure that the books are buttoned up tight, because
You’ll find accompanying material for this screencast available in a public GitHub repo — each screencast has a corresponding folder with a very simple theme that can be activated.
Based on my experience content marketing and reaching out to influencers is de-facto the best way to promote a WordPress product, particularly a plugin. Tom Ewer explains how to do it right.
One of the hardest things to do in technology is disrupt yourself. But we’re trying our darndest, and have some cool news to introduce today. When I took on the responsibility of CEO of Automattic January of last year, we faced two huge problems: our growth was constrained by lack of capital, and the technological foundations of the past decade weren’t strong enough for the demands of next one.
The first has a relatively straightforward answer. We found some fantastic partners, agreed on a fair price, issued new equity in the company to raise $160M, and started investing in areas we felt were high potential, like this year’s WooCommerce acquisition. This “war chest” gives us a huge array of options, especially given our fairly flat burn rate — we don’t need to raise money again to keep the company going, and any capital we raise in the future will be purely discretionary. (Since last May when the round happened we’ve only spent $3M of the investment on opex.)
The second is much harder to address. The WordPress codebase is actually incredible in many ways — the result of many thousands of people collaborating over 13 years — but some of WordPress’ greatest strengths were also holding
A good article on Calypso telling what this means for self hosted WordPress websites.
But first… WordPress is still a PHP app
Some for good reason and others for not so good reasons It seams there’s a lot of misinformation in the community.
Sure you’ve seen it by now, but here’s my pal @photomatt on the decision to rebuild WordPress from scratch. https://t.co/htQSMMD9tt
— Jeffrey Zeldman (@zeldman) November 24, 2015
Basically, the way I see it, right now Calypso is the future of Automattic and WordPress.com (the company that offers hosted WP installs ), not the Open Source project WordPress.org.
Yes, you can:
I work at iThemes, where we make software that helps make people’s lives awesome. I manage our developer, support, and sales teams as well as running the day to day operations of the company. My job is to put out fires before anyone else knows they’re burning (it’s easier when you’re the one that starts most of the fires).
My wife and I live in Oklahoma City, where the wind comes sweeping down the plains. We both love whiskey, and are particularly fond of the Scottish varieties. Outside the office, I work with wood, fly remote control quadcopters, and am an active archer and hunter. Ask me anything.
10% of top 1000 plugins have an unpatched security vulnerability. Spanning over 4,000,000 installs. I hope Marcin can open-source his tool and that it can be become a part of the plugin screening process at wordpress.org
░▒▓█ Introduction I've been making php static code analysis tool for a while and few months ago I ran it against ~1000 (more or less) top wordpress plugins.
Scanning results were manually verified in my spare time and delivered to official email@example.com from 04.07.2015 to 31.08.2015. Most of reported plugins are already patched, some are not. Vulnerable and not patched plugins are already removed from official wordpress plugin repository.
103 plugins vulnerable with more than 4.000.000 active installations in total (~30.000.000 downloads)
List of reported plugins (original reports contain verification/reproduce sections and urls to plugin wordpress repository entries, where you can also verify changelog) :
Cross-Site Scripting (XSS) in Duplicator 0.5.24 [original report - Sat, 15 Aug 2015]
Cross-Site Scripting (XSS) in All In One WP Security 3.9.7 [original report - Thu, 13 Aug 2015]
Cross-Site Scripting (XSS) in AddThis 5.0.12 [original report - Tue, 11 Aug 2015]
Cross-Site Scripting (XSS) in Display Widgets 2.03 [original report - Tue, 11 Aug 2015]
Blind SQL injection in Pretty Link Lite 1.6.7 [original report - Wed, 8 Jul 2015]
Blind SQL injection in WP Statistics
Do the things that light you up, while making other's lives awesome.
I grew up lower-middle class on the outskirts of Copenhagen. Anywhere outside of Scandinavia, the socioeconomic label would probably have been ‘poor’, but Danish safety nets and support systems did their best to suspend the facts and offer better. But don’t worry: This isn’t a rags-to-riches story. I loathe the I-did-it-all-by-myself heroic myth mongering. I got where I am thanks to government-sponsored maternity leave, child care, health care, education, and even cash assistance. I grew up in housing provided by AAB, a union-founded affordable housing association. And my mother was a damn magician at making impossible ends meet without belaboring her tricks (like biking an extra 15 minutes to find the lowest price on milk).
I took two important lessons away from this upbringing. First, as long as your basic needs are met, the quality of your lived experience is only vaguely related to the trappings of material success. While it wasn’t all roses and butter cookies, I had a great childhood. Second, I wouldn’t learn to appreciate the truth of the first lesson until I saw the other side of the golden fence. More on that in a bit.
I remember playing the “What would you do if you won a million
Calypso is probably more important than just a new UI. Written down some thoughts on it.
Calypso is the big news of the week and here are some random thoughts on it. 1. This is awesome
First and foremost, I am personally extremely excited about this. Not only because the new UI is really nice and pleasant to use but also because this finally shows the modern side of WordPress, or at least starts to. With VersionPress, if you abstract from all the technicalities and specific features, what we are trying to do is to modernize WordPress workflows, and I am always very pleased when I see a project in the same camp, be it this new UI, WP-CLI for a great scripted experience, roots.io always pushing for best practices, testing tools like WP_Mock and many other projects and initiatives. WordPress needs this and it’s great to see such a huge contribution from Automattic.
Technically, I am also very happy that Automatticians chose React. There are a myriad of options available today but I personally believe that React is the best bet in the long term (well, you could probably guess that as we use React for our UI too ).
2. But there’s more to it
After the initial reaction, about a hundred of different thoughts went through my head. What does this really mean? How will this change
Automattic has released a desktop app for Macs that allows you to control your WordPress.com website and (supposedly) any Jetpack connected site. More interesting is the re-imagined interface which isn't limited by backwards compatibility requirements.
Calypso is an ambitious Mac app from Automattic to bring the WordPress publishing and site management experience to the desktop. Today, Automattic released a WordPress.com Mac app, called Calypso, that allows users to manage both WordPress.com and Jetpack enabled websites using a desktop interface.
Here’s a quick video walkthrough:
The project has been going on for at least 18 months, according to the press release, with input from more than 140 Automatticians. Andy Peatling, who has been at Automattic since 2008, was the project lead.
If you could rebuild the admin from scratch
Matt Mullenweg said that Automattic wanted to completely rethink the WordPress admin experience, with the burden of backward compatibility that WordPress core must hold sacred:
What would we build if we were starting from scratch today, knowing all we’ve learned over the past 13 years of building WordPress? At the beginning of last year, we decided to start experimenting and see.
Calypso is an ambitious project. Not only does it bring the WordPress editing and publishing experience to a Mac app, but pretty much the entire WordPress.com admin experience is now available on the desktop, from stats to theme shopping.
Not sure if podcasts are allowed to be linked here but this episode has some very good points on Calypso, the development processes around it etc. Worth listening.
Guys and gals, have you heard about Calypso? I hope you have, and I hope you are interested in our thoughts on this project from WordPress.com and Automattic, cause if you have a listen to this episode… yer gonna get ’em!
Subscribe on iTunes or via RSS
Listen to Episode 10
Calypso github repo
WP.com “reader” feature
Reusable react components
Demo of Calypso components/docs
Get us your questions for the podcast! On Discourse
Chris Carr – The Host
Scott Walkinshaw – The Canadian
Austin Pray – J
NathanielKS – The Other Other Texan
Sweet interview with the team behind the new WP form plugin (that takes courage!)
Creating a new WordPress plugin dedicated to web forms can be challenging in such a market. You need to brainstorm with the team, debate and make the best decisions. In these situations, the team members involved in the process have lots of ideas. And then, there comes an avalanche of questions: what name to choose for the plugin, what’s the right strategy, what are the differentiators? Product development and launch can be quite risky, so here are some tips and ideas on how to do that successfully.
Alexandra Draghici, CaptainForm Product Owner will tell us more about this process and also give some tips for those interested in creating a WP form plugin. Let’s find out!
1. Why did you start to develop a WordPress form plugin dedicated for online forms and surveys? What were the reasons?
Web forms is what we have been doing successfully for 7 years. The accelerated growth of our company (123ContactForm) has allowed us to launch derived products for specific markets, and building a product for the WordPress community was an obvious and exciting vertical to take on.
The WordPress market is a fascinating one, not only in terms of volume (a quarter of all websites run on WordPress), but
Brenda Barron shares her experience of creating a simple plugin for the first time. Great to see her excitement and taking her first steps into development!
Day 1: I Can Do This! Filled with naive enthusiasm and a positive attitude, I opened up a tutorial and set to work. It’s objective was to add Facebook Open Graph tags to the header of your site. The first step in Daniel’s tutorial requires creating a folder in your WordPress installation in the wp-content/plugins/ directory called my-facebook-tags.
Next, I needed to create a PHP file to go into this folder.
And from there, I just had to copy and paste some code from the tutorial into this file. I opened it up and slapped that code in there quick.
Okay, that went surprisingly well. Let’s head over to my dashboard and see if the plugin showed up.
Oh my gosh. It’s totally there. Am I a developer now? Okay, I think I’m getting ahead of myself. But still. As someone who only makes slight tweaks to themes now and then, this is pretty exciting.
I activated the plugin as per Daniel’s instructions. It doesn’t do anything yet, but it’s a live, functioning plugin.
From there, the tutorial goes on to discuss hooks. I’m not going to repeat everything Daniel talks about because that wouldn’t be a good use of our time here. However, I will say that the concept of hooks is surprisingly straightforward.
This article looks at submitting a theme to the WordPress repository and shows how to use the Do It Wrong theme to learn about the guidelines.
Did you know that all themes hosted on the WordPress.org repository undergo a thorough review process by dedicated volunteer members of the Theme Review Team (TRT)? Not all professionals working with WordPress are aware of the review process and what this involves. If you’re among them, should you decide to submit your theme to the repository for the first time, you could be in for a surprise.
Realizing that there is a substantial number of guidelines and best practices to follow can strike you as being a bit overwhelming at first. If a reviewer keeps coming back asking for changes to your theme, you can even be tempted to give in to mounting frustration and throw in the towel.
But wait, don’t give up just yet.
In this article, you’ll meet an unusual learning tool of the TRT’s own devising, i.e., the doingitwrong theme.
I’m going to show you what it is and how you can use it to your advantage.
What Is the doingitwrong Theme?
The TRT has set up a fair number of resources to get both new reviewers and theme developers up to speed with the repository guidelines.
The core resource is the Theme Review Handbook. Here you can find chapters about the review process, theme requirements (stringent
If you code PHP you should know about the PSRs
According to the PSR Workflow Bylaw each PSR has a status as it is being worked on. Once a proposal has passed the Entrance Vote it will be listed here as "Draft". Unless a PSR is marked as "Accepted" it is subject to change. Draft can change drastically, but Review will only have minor changes. Index by Status
Legend: A = Accepted | D = Draft | R = Review | V = Voting | X = Rejected
In this 8th and final instalment of his popular series Hosting WordPress Yourself, Ashley releases a complete Nginx configuration example as a GitHub repo and shows how to better organize your config files for reusability.
In the previous post of this series Hosting WordPress Yourself, I covered security enhancements, automatic server updates, WooCommerce caching and automated server tasks. In this final post I will demonstrate a complete Nginx configuration tuned for WordPress powered sites. In addition to amalgamating all information from the previous 7 articles, best practices from various sources, such as the WordPress Codex and H5BP are included. The following example domains are also included, which each demonstrate a different scenario: singlesite.com – A basic WordPress install
ssl.com – WordPress on HTTPS
fastcgi-cache.com – WordPress with FastCGI page caching
multisite-subdomain.com – WordPress Multisite using subdomains
multisite-subdirectory.com – WordPress Multisite using subdirectories
Although this article may appear relatively short compared to previous articles, I hope the accompanying GitHub repo will provide a wealth of information. The configuration files contain inline documentation throughout and are structured in a way to reduce duplicate directives, which are common across multiple sites. This should allow you to quickly create new sites with sensible defaults out of the box, which
Background story by Andy Peatling Calypso Project Lead - lots a interesting information.
A little over a year and a half ago, we had a dramatic rethink of the technologies and development workflows for building with WordPress. Our existing codebase and workflows had served us well, but ten years of legacy was beginning to seriously hinder us from building the modern, fast, and mobile-friendly experiences that our users expect. It seemed like collaboration between developers and designers was not firing on all cylinders. So we asked ourselves the question:
“What would WordPress.com look like if we were to start building it today?”
A New Beginning: Prototyping and Iterating
We’d asked ourselves this question before, and had our fair share of initiatives that didn’t result in useful change. Looking back, we were able to pinpoint our biggest mistakes: we’d been starting with a muddy vision, and were trying to solve an ill-defined problem. These insights really helped us change our approach.
One of the original Calypso prototype screens, listing all of your WordPress sites.
Calypso, the codename for this new WordPress admin interface project, started differently. To present a clear vision, we built an aspirational HTML/CSS design prototype — based on clearly defined product
Wordpress.com urges gov of Georgia to check email. They intended to take down ISIS's blog, instead blocked the whole site.
Keyboard shortcuts are available for common actions and site navigation.
Let's find out the truth about DDoS protection. What can you and your host do.
After causing $1.7 billion in damages in the first documented DoS attack in early 2000 the techniques behind DDoS attacks have only become more potent. While many hosts tout DDoS protection, can they really do anything when faced with an attack of epic proportions? Denial of service (DoS) attacks are nothing new – according to Britannica the first documented case dates back to early 2000. Despite being the first one it was a doozie, Amazon and eBay were brought to their knees, resulting in an estimates $1.7 billion in damages.
Today DoS attacks have only become a lot more sophisticated, their potential to do damage has been multiplied many-fold as multiple networks can be utilized to create distributed attacks called DDoS attacks. Thankfully, the protection we have against these attempts to bring our sites down has also become a lot more potent, but can hosts really cope? The answer is not that simple.
What Is A DDoS Attack
To make sure we’re on the same page, let’s go through what denial of service actually is, the basics are pretty simple – even though there are quite a few sub-types. The simple goal of these attacks is to overwhelm your server with traffic.
That’s really all there
Certainly interesting to see what this all does and if it makes the interface better.
'We realized that the tech wasn't going to take us to the next decade.'
WordPress has come a long way since Matt Mullenweg co-founded the project in 2003 as an open source project to continue develping the defunct blogging software b2/cafelog. The software now powers about 25 percent of all websites, according to technology survey outfit W3Techs. Automattic, the company Mullenweg founded to commercialize WordPress, turned 10 years old this year and now employs more than 400 people. But the software