JJJ notices how a simple built-in, benign feature such as gravatars *could* give Automattic huge amount of data from all new self-hosted WordPreess installs.
I run @TryFlox; help build @BuddyPress, @bbPress, & @WordPress; am an alumni of @10up & @automattic; blog at jaco.by; everything else at jjj.me.
What does everyone think about doing another AMA next week? Maybe make it a weekly feature or something like that.
If you are interested I'd be happy to do the work of reaching out and seeing if we can get people to come on, but who would you like to hear from?
Perhaps there's someone who's already a member of managewp you'd like to learn more from?
I personally think it would be great to hear from someone like Jean-Baptise (WP-Rocket co founder - https://managewp.org/members/2873/jean-baptiste), or the WPBeaverBuilder team (fastline media - https://managewp.org/members/2552/fastline-media)
But who would you like to hear from?
Thanks to WordPress core team. Yet another, automatic WordPress security update, which fixes 6 issues mentioned at this page.
WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.
Already testing WordPress 4.3? The second release candidate is now available (zip) and it contains these fixes. For more on 4.3, see the
Nick Haskins is selling Aesop Interactive, the company behind Aesop Story Engine, Lasso and Story.AM. He announced his intention to sell earlier in another post, but this page provides full details about the business for those wanting to make an offer ($100,000 minimum).
Nick Haskins – CEO and lead developer Michael Beil – Support – 20hrs per week
7 themes, 9 plugins, each are covered in detail below.
Aesop Story Engine
Aesop Story Engine is a suite of 13 components that enable the creation of dynamic storytelling within any WordPress theme. The plugin was released in February of 2014, and since that time has amassed 35K downloads with 3K current active installations. Over $20K has been invested into the plugin for developing features, and is currently one of only a handful of plugins that offer editable shortcodes directly within TinyMCE.
We work with WP Translations and they’ve successfully translated the plugin into over 30 different languages.
The plugin’s code is hosted on Github and has quite a few active contributors.
There’s been significant press coverage with this plugin on both WP Tavern and Post Status.
Lasso is a premium plugin sold starting at $120, and is a front-end editor/framework for WordPress, which works together with Aesop Story Engine. The plugin was first developed as a way of making the components
My motivation for writing this is simply to call attention to the fact that the WordPress community is the most important factor in how WordPress is perceived, and Automattic should be making decisions on how best to serve the community, because WE are the ones that will help WP grow and evolve best. That's the spirit of Open Source, and the Spirit of WordPress.
If you make a living using WordPress in any way you most likely have noticed WordPress in the news in ways that might make you a little uncomfortable lately. Anyone who builds a site with WordPress or builds their profession from WordPress learns that often, they have to be all things to all people. You end up learning all kinds of things about SEO, Advertising, or Accounting that you certainly never willingly signed-up for when you started on this Open Source endeavor.
With the weight of all that pressure, why should WordPress users also have legal expertise? In some ways, it’s part and parcel to running a business, even for a sole proprietorship. But lately, with news of a domain name challenge against Automattic, and a suit against The WordPress Helpers, anyone paying attention to WordPress news suddenly feels responsible to wade through legalese and jargon. I can tell you that I personally felt like a fish out of water, but was also desperate to understand not just the legal implications but also the potential consequences of these suits. Specifically how these kinds of “ugly cases” might affect the broader WordPress community — a community I personally adore.
That’s why I reached
When not dreaming about sending a rocket to the moon, I run a WordPress business called ManageWP. I have been contributing to the WordPress movement since 2007; I've built popular plugins, developed themes, started a successful WordPress SaaS, talked at WordCamps and published a first book on WordPress development, back in 2009.
It is noon CEST (6 AM EDT) and I will be checking this for the next 10 hours. Thanks for your questions.
For me it is figuring out how to make a successful WordPress print magazine.
Interesting plugin to track and deploy configuration changes from Dev to Test and Live.
WP-CFM lets you copy database configuration to / from the filesystem. Easily deploy configuration changes without needing to copy the entire database. WP-CFM is similar to Drupal's Features module. How will WP-CFM benefit me?
Less need to copy over the entire database.
No more rushing to figure out which settings you forgot to change.
Easily track and version configuration changes via git, subversion, etc.
Which data does WP-CFM support?
WP settings (wp_options table)
Multisite settings (wp_sitemeta table)
Custom Field Suite field groups
Coming soon: Advanced Custom Fields support
Bundle - A group of (one or more) settings to track
Push - Export database settings to the filesystem
Pull - Import file-based settings into the database
WP-CFM supports [pull / push / diff] of bundles from the command-line using WP-CLI:
wp config pull [bundle_name]
wp config push [bundle_name]
wp config diff [bundle_name]
wp config bundles
wp config show_bundle [bundle_name]
You can optionally set bundle_name to "all" to include all bundles.
Append the --network flag to include multisite bundles.
How to add custom configuration
add_filter( 'wpcfm_configuration_items', 'my_configuration_items'
A short and excellent guide by Tom Ewer to help commercial plugin developers decide whether and when to go Freemium vs. Premium.
If you’re new to WordPress plugin development you might be asking yourself if you should release your plugin for free to the public, or whether you should charge money for all the hard work that you put into it. The answer is a familiar one: It depends. Decisions, Decisions…
If you’ve developed a great new WordPress plugin and you’re ready to bring it to market, you have a decision to make. Do you just offer it via the WordPress plugin directory as a free download so that other WordPress users will help boost your reputation, or should you offer it for sale on a platform like CodeCanyon?
However, there is another option. Some developers offer a free version of the plugin for download on WordPress, but charge money for a “premium” (or upgraded) version of the product. With this approach, the developer allows people to “test drive” the plugin with certain limitations. If the user wants to release the plugin from those limitations, then he or she will have to fork over the cash for the premium version.
Free Is a Great Starting Point
If you’re just getting started with WordPress plugin development and nobody knows who you are, then it’s a great idea to offer your first WordPress plugin
Here's a preview of upcoming new features in WordPress 4.3! I have tested the new features and covered them in this post showing what general users can expect to see in the upcoming version that will hopefully ship on Tuesday, August 18,
WordPress 4.3, which is due next month, has just released its Beta 1 version with glimpse of several upcoming new features. While the new features mostly become topic of wide discussion amongst the developers’ community, I want to cover them from the perspective of what general users can expect in upcoming WordPress 4.3. The announcement for WordPress 4.3 Beta 1 includes changes and new features in areas including Menus, Site Icon, Better passwords, Editor Improvements, and list view improvements. I have further discussed the major changes and new features in WordPress 4.3 below;
1. Menus management added to Customizer
Although highly debated amongst the developers’ community, WordPress customizer has now included options to manage Menus. You can add new Menu, Menu items, and define Menu areas all from the font-end customizer with live preview of your changes.
To me, It works all perfectly but I think it’s not something that would hugely improve setup process of a website. If this feature really gets positive feedback from overall users will be interesting to see.
2. Site Icon Feature
The site icon feature will allow you to manage your website’s favicon and app icon as seen on several
Some pretty neat new plugins released so far this year, I especially like the looks of "Login Page Styler" and "Swifty Bar".
One of WordPress’ greatest strengths is its constant state of evolution. A solution that doesn’t exist today may well exist tomorrow. And while it can be all too easy to assume that the best plugins are those that have been in development for years, the latest plugins have a great deal to offer, even if they haven’t attracted a huge number of downloads (yet). With that in mind, I took it upon myself to trawl through the WordPress.org plugins directory to unearth some of the best free plugins available that were first released in 2015. I was surprised at how easy it was to find high-quality plugins, and I had to cut the list short at 10. In reality, I could have featured far more.
Whether you want to better manage comments, customize WordPress to match your branding, add social sharing buttons, turn your website into a fully-fledged digital media e-commerce store, or achieve something else altogether, there is something for you below. Enjoy!
WordPress comments management is, in my humble opinion, one of the most underdeveloped features within WordPress core. I’ve attempted to tackle that issue myself with Advanced Comments Moderation, and I’m always on the lookout for complementary plugins.
Nick Haskins is putting up Aesopinteractive for sale. Aesop Story Engine, Lasso, Story.AM, etc.
A couple weeks ago I moved the entire family across a few states from Texas to North Carolina, in search of something better in life. You see in Texas, there just isn’t anything to do, or see. You can drive for eight hours (no exaggeration) and the land stays flat, and you’ll still be in Texas. Sure you can hike, for maybe 10 minutes out of the year when it’s not 200 degrees. Sure you can swim in the river, for a couple months out of the year and you’re guaranteed to have 3000 other people there too, because it’s the only place to go. You surely can’t live off the land very easily, and seasons? Yeah right, there’s two. Really hot, or really cold.
So we’ve been here in North Carolina for a couple of weeks, and we couldn’t be happier. My kids are happy. My wife is happy, and the weather is just amazing. During this time, I’ve learned one important lesson.
Family. Is. Everything.
But unfortunately the last couple of years I’ve been putting my code before my family. That stopped two weeks ago. At 3 o’clock I turn the computer off, and I spend time with my family. I’m committed to my job at CG Cookie, and at the end o the day I really don’t want to spend any more time on the computer than
David Hayes and Fred Meyers teamed up to write a book and do a bunch of Screencasts. - #ShoutOut.
Deluxe: The Full Package Deluxe is our most full-featured version of Up and Running.
It features the following awesome ways to learn:
You'll Get Our Approachable and Friendly Book!
We couldn't not include the text of the book. You'll get clear prose about all the core things you need to start developing in WordPress with confidence and ease. Our book is chock-full with answers to common questions we've been answering for new developers to WordPress for years. There are many common terminology issues in WordPress that trip people up, the book illuminates everything about them.
The book isn't a canonical reference for every feature and function in WordPress. That exists already. It's called the WordPress Codex, and you should know about it. But chances are when you do (or when you have) you'll find that concepts in a small terse sentence there don't quite resonate with you. That's where the book comes in — it's exactly what you don't know as a relatively beginner to WordPress development that the book will help with. After you've read the books, those small terse sentences will be telling just what you need to know.
More than 50 Screencasts on Common WordPress Tasks and Concepts
The team behind Postmatic is aiming to breathe new life into WordPress native comments with the 1.0 release of Epoch today. The plugin was created to provide a Disqus alternative with faster loading and submitting for comments.
Epoch integrates with your existing theme by matching the colors, typography, and width of your content area. Automatically. Epoch is compatible with other 3rd party commenting plugins such as Postmatic (enable commenting by email), WordPress Social Login (for logging in via Twitter, Facebook, and more), WP-reCAPTCHA, Aksimet, and WordPress Zero Spam (Spam protection), and WYSIWYG Comment Form (for adding a toolbard to the comment area).
David Decker shares tips on preparing a WordPress plugin's readme.txt file. This is great for first-time plugin authors and perhaps those of us not taking full advantage of the readme file.
When beginning writing plugins for WordPress, most developers will publish the fruits of their work in the official WordPress.org Plugin repository. It’s a great way to get into plugin development for your favorite CMS. I started this myself in June 2011 and so far it has gotten me lots of experience on how to code better and manage the whole process. My Experience
If you’ve already published on WordPress.org or plan to do so, your plugin or theme is required to provide a so-called “readme.txt” text file. This is required because the repository parses it with Markdown language and draws all appropiate information from it, which is then displayed on the public repository. The header of that file also controls all aspects of the title, tagging, author, donate link etc. for your plugin or theme.
So, in this tutorial I’ll give you a lot of tips on how to do it the right way, based on my experiences over the last six months. I’ve seen so many great plugins in the repository but only a few have great descriptions and documentation. A lot of plugins have very minimal descriptions and documentation and leave the user alone. We want to change this.
All readme files are split into sections and
If you got all mad about the shortcode breaking thing in the last update, here is your chance to smile again. They are unbreaking the shortcode thing now. :)
tl;dr WordPress 4.2.4 RC1 is available (download) for testing and fixes an issue with inline scripts. A change in WordPress 4.2.3 had the unintentional side effect of breaking some inline scripts when the CDATA block is used (see #33106). For example, consider the intended content here:
In 4.2.2, this content is left as is and _my_function() fires as expected. In 4.2.3, the content is manipulated as such:
This results in the script being commented out by the // and it will not fire. A workaround for this is to use /* for commenting.
However, this workaround should not be necessary. As a result, we intend on releasing WordPress 4.2.4 to fix this issue.
Additionally, WordPress 4.2.3 caused issues when using shortcodes within angle brackets (see #33116). For example, this shortcode usage worked in 4.2.2 but did not work in 4.2.3:
While we do not recommend this use of shortcodes and strongly encourage plugin developers to move away from this use of shortcodes, the breakage was unintentional
Amanda shows how as a developer who is blind WordPress gives her freedom.
We Should Probably Start at the Beginning I got my first computer in 1995. I used them a lot in school so that I could turn in homework to my sighted teachers, but screen readers were and are expensive so owning one was out of the question for a long time. Screen reader technology for Windows was in its infancy then, so I worked in DOS almost exclusively. This meant that the command line interface was my best friend. It still is.
I graduated high school in 1998, and went to college to study computer science. I did all my programming with DOS-based tools, because compilers for Windows were inaccessible, even though screen reading for Windows had vastly improved by this point. As part of my computer science course of study, I learned HTML. Thus began my career in web development.
I started maintaining a website where I posted links to my favorite things. It was an ugly thing, because there was very little styling. But I didn’t start publishing actual content until 2004, when I started blogging with LiveJournal. LiveJournal was great in some ways, because it gave me a hosted place to write down my thoughts. But I soon grew bored with it because it wasn’t very easy for me to control the
An extremely through guide to the features and performance of WordPress hosting providers by Sam Anthony. He uses zero affiliate links so bias should not be a factor. This should be good to share with people in the market for hosting for a WordPress site. I agree with most of the recommendations.
Making a decision on which WordPress hosting company was right for you used to be much more simple than it is now. It used to be about how much space a host would give you or whether or not they had an automatic installer for WordPress. Nowadays there are so many different features that can make your life easier, different control panels/interfaces that can improve the user experience inside the hosting account and 3rd party integrations that bring outside functionality right to your fingertips inside the account. In this section we will outline literally everything that could factor into the decision of choosing the right host for your WordPress site.
As discussed above, the real question is always how much would it cost your business if your site went down for 1 business day? Here at TheSiteEdge, this is simply one of the most essential elements that we stress to our clients when they are deciding on hosting. Do your research and choose a hosting company that does not have hundreds of “downtime complaints.”
Hosting Security Features
Yet another topic that we already touched on — and one that people just do not like to talk about — but sites get hacked. There are
We are running a short survey about the commercial WordPress plugin marketplace, and will be sharing the data not specific to us (or private information) with the community. And we're giving out prizes!
We’d like to give you a gift in exchange for filling out or short survey about commercial WordPress plugins in general, as well as our plugins. We will share the general information, without any identifying data with the community. Everyone who completes the survey can choose to receive a free, one year, 15 site license for one of our our plugins or a one year extension on their existing CalderaWP plugin license. Please specify which gift you want at the end of the survey.
The data in the first two parts of this survey will be shared, in aggregate form, with the public. The third part is too specific to our plugins to be useful to the community, and the last part is personal information that we would never share, but need, so we can send you a free plugin or upgrade.
Here is the survey, created with Caldera Forms:
This giveaway and survey ends August 17th at midnight, eastern standard time.
Please note that the free plugin or extension will be fulfilled manually. Please give us up to three days to send you your free license or upgrade your existing license. NOTE: We reserve the right to not provide the free gift to those who do not answer in good faith, at our discretion, or cancel
A list of tools you may not be using. I especially liked the "Theme Test Drive", which I actually had never heard about!
Bearing in mind the busy lives of many WordPress developers coupled with the ever-expanding multitude of WordPress tools around, it seems unreasonable to expect everyone to be able to keep up with everything that becomes available. This Weekend WordPress Project aims to fix that.
Share on Facebook
Everybody loves revenue reports, here is an insight into another WordPress business.
Inspired by many other businesses in the WordPress ecosystem that have been sharing their revenue numbers and other details behind their businesses, we’ve decided to post a transparency report of our own. I hope this information will help developers who are interested in transitioning from a consulting business to a products-based business. We’re also launching our new PMPro Plus level of membership this week via a series of emails. The emails themselves cover the process we’re using to launch the new level; the details in this post will provide some extra context.
Who are we?
First, some information on who “we” are when talking about where this revenue goes. The company behind Paid Memberships Pro is Stranger Studios; and we consist of myself, Jason Coleman, and my wife Kim Coleman. We’ve also had a few part time contractors over the past few years. Most recently we have two, part-time contractors helping us with PMPro support and select development projects: Harsha and Jess. Things change week to week, but the basic time chart looks something like this:
Jason: 40+ hours per week.
Kim: 20 hours per week.
Jess: 10 hours per week.
Harsha: 10 hours per week.
Top line numbers.
That's an awesome and easy way to integrate raw data, stats, charts and graphs into Wordpress posts.
Let’s take a look at the plugin’s main features and capabilities: There are 9 types of charts – there are multiple ways to showcase your data with this plugin, specifically: line charts, area charts, column charts, bar charts, pie charts, gauge charts, geo charts, candlestick charts, and scatter charts.
It’s flexible and customizable – you can create any chart you want, use an unlimited number of fields, lots of colors and options to make it look exactly like you need it. That being said, all customizations are optional and the basic settings are perfectly ready to go.
There’s HTML5 and SVG support – charts are rendered using HTML5 and SVG. This guarantees cross-browser compatibility.
In short, every blogger or website owner who has ever published any sort of data visualization.
It’s that simple. The plugin will give you an edge over everybody else and make your content pop.
Also, getting into specific niches, if you’re in the financial sector, the plugin is a no-brainer. I’m sure you’re publishing quite a lot of number-driven content. Another area is researchers and academic bloggers. Again, lots of number-driven content.
Nothing difficult here! You can get it and install it easily
The definitive guide on WordPress hosting performance and speed. It tests 19 WordPress hosting companies and a variety of plans to see which can handle large amounts of traffic reliably.
Sponsored by LoadStorm. The easy and cost effective load testing tool for web and mobile applications. This is the third round of managed WordPress web hosting performance testing. You can see the original here, and the November 2014 version here.
Note: Pressable and WebSynthesis [Reviews] were not interested in being tested this round and were excluded. WordPress.com dropped out due to technical difficulties in testing their platform (a large multi-site install).
Every company donated an account to test on. I checked to make sure I was on what appeared to be a normal server. The exception is WPEngine*. They wrote that I was “moved over to isolated hardware (so your tests don’t cause any issues for other customers) that is in-line with what other $29/month folks use.” From my understanding, all testing was done on a shared plan environment with no actual users on the server to share. So this is almost certainly the best case scenario performance wise, so I suspect the results look better than what most users would actually get.
†Tests were performed with SiteGround‘s proprietary SuperCacher module turned on fully with memcached.
The Products (Click for Full-Size Image)
Interesting Trac ticket to add a "Restrict Access" option to the Media Library. Some initial feedback in AWP suggests most feel this is plugin territory because of the complexity of the server environments. Should that hinder enhancements? Or is that a REASON this should be considered in Core?
Description I've had many WordPress site owners who've e-mailed in a panic when they discover that a PDF, Word Doc, Spreadsheet, etc. they've uploaded in the Media Library has been discovered on Google with information that wasn't intended to be public. They thought that because the post or page that it was linked to was restricted, so what the media within.
The solution to this (for me) as been to move these files into a new folder, restrict it with .htaccess, and then have a PHP handler that checks for the appropriate permissions before passing the file content back to the browser.
Given I've run across this problem multiple times (with a relatively small customer base) I'd like to propose that the Media Library incorporate functionality to handle this in core.
Add a checkbox on media upload "Restrict Access to this media"
Media with that checkbox check would be uploaded into a wp-content/uploads/restricted/ tree (could still use the year/month/ subfolders).
Set .htaccess to restrict access to anything in that tree of folders.
(Haven't fully thought through this part), but create a permalink structure for accessing these resources that would be passed through the PHP engine.