Welcome to ManageWP.org

Register to share, discuss and vote for the best WordPress stories every day, find new ideas and inspiration for your business and network with other members of the WordPress community. Join the #1 WordPress news community!

×

Pro | erineflynn.com | 6 hours ago

What to say when a potential client thinks you’re too expensive

Ready made templates to use with your client. Remember, your time should be worth much more than a cup of coffee.

What to say when a potential client thinks you’re too expensive

Pro | erineflynn.com | 6 hours ago

If you’ve been in the design business for a while, you’ve likely heard this from potential clients before, “you’re too expensive!” or something to that effect, anyhow. So what do you do?
You’ve got a few options! Here are some handy-dandy email scripts I’ve created that you can copy+paste, and tweak to send to those potential clients!
Note: These scripts are not intended to be used verbatim, but to be edited to fit your own situation and level of professionalism. Use these scripts as a starting point, but tweak them to work for you!
Option One – Educate Her on Why You’re Awesome
Hey ____!
I realize that this is a large investment, but I can assure you that I am delivering top-notch service that you won’t receive with a low-cost alternative. My clients have seen results such as ____ and ____ because I work with you to really make sure that you’re receiving a design that works for you and your brand. I’m not just creating a _____, I’m helping you achieve your goals.
If you don’t have the funds available at this time, I understand. Please keep me in mind for the future. If you are able and willing to invest

Community | kinsta.com | 14 hours ago

Interview with Sallie Goetsch of WP Fangirl

Check out this interview with Sallie Goetsch of WP Fangirl, a WordPress consultant who can help you build a new site. She also organizes the East Bay WordPress Meetup and is a regular panelist on the WP-Tonic podcast.

Interview with Sallie Goetsch of WP Fangirl

Community | kinsta.com | 14 hours ago

You can find Sallie on LinkedIn or Twitter. This is our recent interview with her, as part of our Kinsta Kingpin series. Q1: What is your background, & how did you first get involved with WordPress?
I’m actually a classicist: I spent 5 years not getting a PhD in Greek and Latin language and literature. That’s how I came to build my first website, too. My specialty was ancient theater in modern performance. It’s a small field; practically everyone who does it knows everyone else. In 1993, with the help of a couple of colleagues, I started an online journal about the subject (reviews, listings, articles), published by FTP and Gopher. In 1994, someone showed me the World Wide Web. I found a Teach Yourself HTML book and got started. That publication would have been perfect for WordPress, but this was the “Uphill both ways barefoot in the snow” days of web development. There was no such thing as a content management system. (Didaskalia (www.didaskalia.net) still exists, but alas, it’s still not on WordPress.)
At the end of 1998 I moved back to the US after four years in England and retired from teaching. I spent about 18 months just regaining my health

7 min read Dodgers Benny
Community | pagely.com | 13 hours ago

WordPress vs. Medium vs. Facebook Instant Articles: Which One is Right for Your Business?

If you have a blog for your business, there’s a good chance it’s built on WordPress. There’s a reason for that. WordPress is reliable and secure as both a blog and website platform. It’s also fairly intuitive to use. While other competitors have popped up over the years, but WordPress remains the most popular blogging and web tool. Today, more than 15 million websites use it!

WordPress vs. Medium vs. Facebook Instant Articles: Which One is Right for Your Business?

Community | pagely.com | 13 hours ago

These days, you’ve got more than just WordPress as a potential channel for your content marketing efforts. Other options, including Medium and Facebook Instant Articles, have their own merit. In this post, we’ll review and discuss the benefits and drawbacks of each so that you can make an informed decision about how best to reach your audience. Tried and True: WordPress
If you have a blog for your business, there’s a good chance it’s built on WordPress. There’s a reason for that. WordPress is reliable and secure as both a blog and website platform. It’s also fairly intuitive to use. While other competitors have popped up over the years, but WordPress remains the most popular blogging and web tool. Today, more than 15 million websites use it!
What It’s Best For: If you want a blog that’s incorporated into your website, making it easy for people to go from one to the other, having a WordPress blog is essential. It’s much easier to convert visitors into customers when information on your products or services is just a click away. With the other options we’ll discuss in a moment, converting visitors to customers is much more difficult.

8 min read Nevena Tomovic
AMA | managewp.com | 4 days ago

Ask WordPress influencers questions, get professional answers

Season 4 of Ask Me Anything is starting on March 8th. This season we have lots of experienced WordPress professionals ready to share their knowledge. You can get some valuable advice on design, business, development, community involvement, marketing, social media and much more. Don't miss out!

Ask WordPress influencers questions, get professional answers

AMA | managewp.com | 4 days ago

After the Christmas hype, and the New Year celebrations, skiing holidays, and endless afternoons cozied up with a hot chocolate, there is one more thing to look forward to this winter. It’s better than your favorite TV show, it’s season 4 of Ask Me Anything. This season we have a power line-up of business owners, WordPress core contributors, freelancers, designers, social media experts and WordPress enthusiasts. It’s the season of all seasons, and it starts on March 8.
If you want to find out a bit more about the idea of the AMA, and why it’s important, have a look at Get Free Expert Advice From WordPress Influencers. For those who are interested in a deeper behind the scene’s look, this is for you, Ask Me Anything: WordPress Influencers Answering Your Questions. One thing is certain, this season is promising to be the best one yet!
Without further adieu, I want to introduce you to the main protagonists, our lovely contributors. Drum roll please!
Kristina Romero
Actress, Writer, Web Consultant, Business Coach, Rockstar Teacher. Kristina has lots of work experience and knowledge to share. If you need advice on starting a business, maintaining or creating

8 min read WPLift
Plugins | wplift.com | 5 days ago

How Many WordPress Plugins is Too Many? The Answer Might Surprise You

The question that every wordpress admin asks himself from time to time: How many plugins can I have on my website? What is the limit? And what should I keep in mind when installing new plugins.

How Many WordPress Plugins is Too Many? The Answer Might Surprise You

Plugins | wplift.com | 5 days ago

If you’ve used WordPress for a while, I’m sure someone has told you that you “shouldn’t use too many plugins”. It’s obvious – using too many plugins will slow your WordPress site down, right? But is that actually true? I mean, people tell me I shouldn’t swim after eating, but I’ve done that my whole life and I’m still alive and kicking! So is the common knowledge that “too many plugins is bad” good for WordPress?
In this post, I’m going to attempt to answer that question. So, if your admin sidebar is bursting at the seams with links to plugin settings pages, join me on this adventure into the world of plugin collecting.
Is Having Lots of Plugins Always Bad?
Let’s start at the beginning. I’m not a developer, but in my reading, I’m fairly certain that I’m accurate in saying that there’s nothing inherently wrong with having lots of plugins.
I mean, I remember reading somewhere that Pippin Williamson has over 80 plugins running on some of his sites! Pippin knows a thing or two about plugins, so I’m going to trust him on this one.
In a perfect world populated with perfect developers,

Development | medium.com | 6 days ago

Matt Mullenweg on WordPress and Update Signing

Matt Mullenweg, on Medium (!!!), talks about update signing and security in general.

6 min read David McCan
Community | wptavern.com | 3 days ago

Disqus Hits Sites with Unwanted Advertising, Plans to Charge Large Publishers a Monthly Fee to Remove Ads

Sarah Gooding reviews the recent announcement by Disqus to start injecting advertising into the comments, which can be removed by a monthly subscription.

Disqus Hits Sites with Unwanted Advertising, Plans to Charge Large Publishers a Monthly Fee to Remove Ads

Community | wptavern.com | 3 days ago

When Disqus announced it would be releasing new, subscription-based versions later this year, users didn’t expect to have the new advertising model injected into their sites without notice. Disqus CEO Daniel Ha said the company would release finalized pricing and provide more details well in advance of its planned March release, but users are reporting that the advertising has already been forced into their comments without warning. Why did @disqus just add a bunch of ads to my site without my permission? https://t.co/CzXTTuGs67 pic.twitter.com/y2QbFFzM8U
— Harry Campbell (@TheRideShareGuy) February 1, 2017
“We are one of the lucky 5% who now has to pay if we don’t want really irrelevant and horribly spammy links just plopped on our site with zero warning,” BabyCenter Social Media Manager Dina Vernon Freeman said. “Unless our users (mainly millennial parents) should care about overpaying for dentures! We’re looking for other platforms ASAP.”
Brian O’Neill, who manages Slugger O’Toole, a site with more than 70,000 readers, was also hit with unwanted advertising on his site.
“Disqus has started to put ads into our comments

2 min read Matt Medeiros
Community | youtube.com | 6 days ago

Build a website the way you want to

So what if people criticize the way you build websites?

Build a website the way you want to

Community | youtube.com | 6 days ago

Get more videos like this: http://eepurl.com/f1Dhv She asked about hiding the names of themes & plugins she uses on her client projects, because she's afraid of the "WordPress Police."
"You're doing it the wrong way. You should build it from scratch. Who uses a plugin to do that?!"
We've all heard it, and maybe even said it ourselves. But here's the deal: the market is changing and it's time to adapt. Page builders, and for the most part plugins that make building sites easier, are getting better and better. The companies behind them realize no one likes lag or bloat -- it won't fly -- so they work hard to optimize their software.
Before you know it, WordPress core will have it's own builder-like features (https://make.wordpress.org/design/201...), which will certainly flip that argument on to it's head for naysayers.
In this video, I discuss where the problem *really* stems from, and what consultants AND clients can do to avoid it. Anyway, I'm sure my more seasoned colleagues may disagree, so I'm looking forward to debating in the comments or on Twitter!
Thanks for watching!
-- New version of Conductor Plugin is out! --
https://conductorplugin.com
Check it out,

7 min read Dodgers Benny
Community | halfelf.org | 4 days ago

A Case for REST API

This post isn’t about the reasons why someone might need to disable the automatic updates. No, this is about the argument I saw stem from the vulnerability, whereby people said it was proof the REST API should be disabled by default.

A Case for REST API

Community | halfelf.org | 4 days ago

WordPress 4.7.1 and 4.7 were vulnerable via the REST API. Any unauthenticated user could modify the content of any post or page on a site. Since the release of the information, a surprisingly large number of users failed to update to 4.7.2 and, thus, were hacked. I say surprisingly because WordPress enabled automatic updates quite a while ago (WordPress 3.7), which will automatically secure your WordPress install. There have been 18 automated releases since then (which is why we have 3.7.18) and the vast majority have addressed security in one way, shape, or form.
But this post isn’t about the reasons why someone might need to disable the automatic updates. No, this is about the argument I saw stem from the vulnerability, whereby people said it was proof the REST API should be disabled by default.
And to them I say “No.”
The REST API Probably Has More Vulnerabilities
Look, I’m not going to lie to you. The odds are high that the REST API, which is a very new feature, probably has some serious issues still. But, as my friend Helen pointed out to those arguing for it to be disabled by default.
Why should this be treated differently from XML-RPC? Have you gone through

4 min read Matt Cromwell
Tutorials | calderaforms.com | 4 days ago

Accepting payments from multiple gateways in WordPress - Caldera Forms

Using Caldera Forms just like a one-page checkout is pretty cool. Another great tutorial from the Caldera Team.

Accepting payments from multiple gateways in WordPress - Caldera Forms

Tutorials | calderaforms.com | 4 days ago

Andrew Lima is a Support Specialist and Developer at Caldera Labs. He also works on a handful of other WordPress projects, and is an active member of the community. Andrew is based out of Johannesburg, South Africa. Caldera Forms offers an array of payment gateways that gives you the opportunity to receive payments for memberships, donations, products and much more. Some of the popular gateways for Caldera Forms are PayPal Express, Stripe and Braintree. A couple of users have been curious to accept payments from multiple gateways with Caldera Forms, in this example we will be using the PayPal Express and Stripe add-ons.
Start accepting payments with Caldera Forms
Depending on your payment gateway, you may need to capture additional billing details. In this example, we don’t need to capture any additional data. I have created a simple donation form that a user will be able to donate $5, $10 or $15 through Caldera Forms and either choose PayPal or Stripe as their payment gateway. With this example, you are able to extend it to use all payment gateways that Caldera Forms offer – in this case the form consists of the following fields: name, email, dropdown (with the donation

3 min read Ahmad Awais
Community | make.wordpress.org | 5 days ago

Core Editor Meeting Notes 2017 [Gutenberg Editor]

Exciting things are happening while we build Gutenberg UI prototype, I wrote the meeting notes for this week's core-editor team meeting. Have at it!

Core Editor Meeting Notes 2017 [Gutenberg Editor]

Community | make.wordpress.org | 5 days ago

WordPress community has been actively participating to help make the new editor for WordPress. There’s lots of activity both in Slack and at GitHub. It’s an incredible time to contribute. Here’s the meeting summary for this week’s editor team meeting (agenda here) in #core-editor Slack channel.
MEETING NOTES:
Let’s keep working on the UI prototype — Gutenberg UI prototype. Some ideas for improvements discussed in the meeting are mentioned below:
Toolbars
Five of them: I (@mrahmadawais) suggested that we should try to consolidate the multiple toolbars, so there aren’t five.
Text vs. Block: Mel (@melchoyce) also felt that Gutenberg UI prototype does feel heavier, she also suggested that the text shouldn’t feel like a block.
Blocks Or Not: I tend to agree with her considering it’s hard to think about aligning text across multiple blocks — maybe it’s the block feeling. That said, Weston (@westonruter) said that the different toolbars can be contextual to the block being edited.
Accessibility: @iseulde suggested the docked contextual toolbars make more sense from the accessibility point of view.
Colors
Ease of Use
Copy/Paste:

7 min read Alex Denning
Community | wpshout.com | 6 days ago

Why I'm Relearning WordPress Development

There's (probably) never been a better time to learn WordPress development – here's why I'm relearning it, and how you can too.

Why I'm Relearning WordPress Development

Community | wpshout.com | 6 days ago

Nearly eight years ago I started publishing about WordPress development here on WPShout. I was sixteen at the time, and had just discovered this magical publishing platform called WordPress. With a fair amount of time on my hands, I started to share what I’d learned. When I started, it was a lot easier to run a site about WordPress development. Indeed, fairly quickly WPShout became one of the most popular publishers on WordPress development – full stop – without me really knowing what I was talking about.
That was fine eight years ago; vastly fewer people knew what they were talking about. It was a totally acceptable to publish a (not great) code tutorial and update it when comments and feedback offered better ideas. There’s a lot of truth in Jeff from the WP Tavern’s idea that we were learning together at the time.
Over the years I published hundreds of posts on WPShout. And as I started working more with themes (I even had an ill-fated attempt to launch my own theme shop), I gradually became closer to the development expert I’d positioned myself as all along.
But David & Fred KNOW WordPress Development
As WordPress grew, more people who really

4 min read Donna Cavalier
Security | wptavern.com | 7 days ago

Why Plugins Sometimes Disappear From the WordPress Plugin Directory

This is NOT a good enough answer! This is important and should not be pushed under the rug.

Why Plugins Sometimes Disappear From the WordPress Plugin Directory

Security | wptavern.com | 7 days ago

Nearly 50K publicly available plugins call the WordPress plugin directory home but once in awhile a few of them seem to disappear. There is usually a good reason for why this happens but the only information available to the public is a page that says the plugin cannot be found. If the plugin is popular enough, concerned users will contact us and ask to investigate what happened. Mika Epstein, Plugin Directory Representative, says there are a number of reasons for why a plugin can end up hidden from view, “The most well-known, but not the most common, is security issues,” Epstein said.
“Plugins are removed and, by default, hidden mostly because we’re on bbPress 1.0 and there is not as granular a control with post statuses when compared to WordPress itself.”
The plugin review team has three options to choose from when altering a plugin’s visibility, active, closed, and disabled. Although rarely used, when a plugin is disabled, it is hidden from view but updates are able to be pushed out.
I asked Epstein why there’s not more detailed information when a plugin is hidden and the answer is complex, “The lack of information is partly technical

6 min read Igor Benić
Tutorials | 3.7designs.co | 5 days ago

Restricting Access to Custom Post Types Using Roles in WordPress

A simple tutorial on how to restrict access to a custom post type using roles in WordPress. It shows how to use custom capabilities and add those capabilities to specific roles. It is a bit older, but I found it pretty helpful today.

Restricting Access to Custom Post Types Using Roles in WordPress

Tutorials | 3.7designs.co | 5 days ago

Custom post types extend the capabilities of WordPress in terms of what types of content can be published and managed, but these days at 3.7 we find ourselves working on projects that need more granular permissions related to custom post types. The most common situation I’ve run into is a particular user (or group of users) needs the ability to manage specific custom post types but shouldn’t have the ability to alter the rest of the site. For example, you may have someone in an organization that needs to manage job listings (a custom post type) but shouldn’t be allowed to edit posts or pages.
For this example, I’ll base the situation off our project management plugin Panorama. Many of our customers need users to manage projects, but don’t want them to have access to any other types of content. There are some good tutorials out there, but many of them are a few years dated and I found a slightly updated approach was necessary to make this work.
What We’re Aiming For
In the case of Panorama, we wanted our “projects” custom post type to be managed by Editors, Administrators and a new role of “Project Managers.” Project Managers

10 min read Lizz Ehrenpreis
Business | zao.is | 5 days ago

Zao: A Look Back at 2016 - WordPress eCommerce & Plugin Development

Zao looks back at their year, including the clients we worked with and the WordPress plugins they worked on (and how many were downloaded) in 2016.

zao.is |

Zao: A Look Back at 2016 - WordPress eCommerce & Plugin Development

Business | zao.is | 5 days ago

Our small team more than doubled, we worked on several amazing projects, and we contributed back to open source, of course. Here’s a rundown of what we did and what we’re excited about moving forward. A 2016 Retrospective
The Zao Team
Team Zao grew considerably in 2016 – we more than doubled our staff size and even found some incredible contractors who have been an integral part of our success.
Full-time Staff
Mihai
In February, we hired Mihai Joldis as a full-time developer. Hailing from Romania, he leads the charge with many of our enhancements to WP eCommerce and is an invaluable engineer on many of our client projects as well. To top it all off, he provides excellent support to our growing customer base at wpecommerce.org.
The Other Justin
In May, we hired Justin Sternberg as a lead developer, staff sergeant, managing partner, and all around excellent human being. He leads many of our agency projects; clients pretty much love him the moment they start working with him. After less than a year on our team, we can’t imagine life without him.
Contractors
Lizz
Late last year, we had the good fortune of finding Lizz Ehrenpreis. Lizz is the only reason you’re

2 min read Ahmad Awais
Development | 10up.com | 12 days ago

Introducing the WordPress Component Library

Accessible WordPress Components Library from 10up is awesome! Check it out!

Introducing the WordPress Component Library

Development | 10up.com | 12 days ago

We’re proud to introduce the WordPress Component Library: a collection of front-end components constructed with WordPress and accessibility at the forefront. Many of the HTML and CSS components we build for our clients are structurally similar, particularly for prolific features like menus, search forms, posts, and blogrolls. A common starting point offers efficiencies to our clients while simultaneously raising the bar on polish and compliance with standards like accessibility. In evaluating existing libraries, we found that the industry was missing a good, open source project built with WordPress’s often opinionated markup (e.g. menus) and basic layout structure in mind.
Since accessibility is a top priority for many of our clients, and critical to our mission to make the web a better place, each component in the library is WCAG 2.0 accessible. We think that this project will help engineers and clients who value accessibility, but may struggle to budget for it, achieve a higher standard with little-to-no added cost.
We are actively adding to and improving the components. Hosted on GitHub, we welcome feedback, questions, and pull requests.

16 min read Tom Zsomborgi
Business | kinsta.com | 8 days ago

Important Changes - Disqus Ads Are No Longer Free to Disable

Starting from March 2017 you'll have to pay $10/m to remove ads from your Disqus comments section.

Important Changes - Disqus Ads Are No Longer Free to Disable

Business | kinsta.com | 8 days ago

As of March 2017, Disqus is now going to be charging a monthly fee to remove advertisements from your WordPress comments. This is something that has always been free to disable in this past and is a pretty big change that will affect thousands of businesses and bloggers that rely on Disqus to power their comments. Today we are going to dive into what all this entails, some pros and cons, and some recommendations if you do choose to seek out an alternative comment system. Its important to note that the Disqus ads also affect the performance (speed) of comments on your WordPress site. What is Disqus?
For those of you who might not be familiar with Disqus, it is a service designed to improve web comments and discussions. It was originally developed by Daniel Ha and Jason Yan and launched in 2007. It has actually been around for over a decade now. So when it comes to working with the WordPress comment ecosystem, they are no newcomers.
Many WordPress businesses and blogs use the Disqus WordPress plugin because it extends the feature set of the WordPress native comments. Features such as powerful moderation and admin tools, spam filtering, blacklisting, email notifications, and well designed

Community | wptavern.com | 5 days ago

WordCamp Miami 2017 to Host JavaScript Track, AMA Spots, and 2-Day Kids’ Camp

Kids track and "call for speakers for kids" - absolutely amazing ideas, gj Miami!

WordCamp Miami 2017 to Host JavaScript Track, AMA Spots, and 2-Day Kids’ Camp

Community | wptavern.com | 5 days ago

The event’s organizers usually attempt to get “” by inviting speakers with experience in other platforms to share with attendees. This year’s lineup includes two sessions from members of the Drupal and Joomla communities. Mike Herchel, a front-end web developer at Lullabot, will present a session titled “WordPress & Drupal: Community and Contribution Differences and Lessons.” Aleksander Kuczek, CEO of Perfect Dashboard and a Joomla Extension Directory team member, will be speaking about how Joomla handles plugin contributions.

Community | howibuilt.it | 7 days ago

Episode 23: Scott Bolinger and AppPresser - How I Built It

It's all about mobile apps and Javascript frameworks in this episode of How I Built It! Scott and I talk about building and transforming AppPresser with the changing landscape of both WordPress & mobile apps.

11 min read Benjamin Intal

How We Increased Our Plugin's Javascript Performance by 200%

A few tips on how we increased the performance of our Javascript-heavy WordPress plugin using Chrome's Timeline Profiler, FastDom, and a few JS guidelines.

How We Increased Our Plugin's Javascript Performance by 200%

Last February 2, 2017, Ann Taylor wrote the article 12 Things We Need to See From WordPress Page Builders in 2017 + Who Already Gets It Right in CodeInWP. We’ve been continuously improving Page Builder Sandwich for more than a year now: we do our research, listen to our customers, so we thought Page Builder Sandwich was gonna make it to CodeInWP’s “Who Got it Right” article. We didn’t, though, because of performance. So we asked Ann about it, and she replied:
…I played around with a free version a bit. It shows a lot of promise: lots of modules, pretty intuitive UI, great WYSIWYG experience, everything is dragged around easily. However, when I had around 10 modules on the page, it became hard to continue working with it because of low editing speed…
So according to her, Page Builder Sandwich has performance issues. And since we always listen to feedback, we checked it out.
Testing the Performance
We needed a way to check out PBS’s performance; since PBS mostly runs on the browser via Javascript, Chrome’s Timeline profiler was the right tool for the job. The timeline profiler can identify and measure which processes are taking place

10 min read Codeinwp
Plugins | codeinwp.com | 8 days ago

New Tags Coming to the WordPress Plugin Repo? Users Respond With an Unanimous "Meh"

Will the proposed new WordPress plugin tags play an important role? 90% of survey respondents say "we don't care."

New Tags Coming to the WordPress Plugin Repo? Users Respond With an Unanimous "Meh"

Plugins | codeinwp.com | 8 days ago

According to our small survey, 90% of users say they don’t care if a free plugin they’re getting from the directory is only a limited, “lite” version of the fully-featured PRO. Okay, I might have BuzzFeeded the stats a bit here. The exact question we asked was, “Would you not use a WordPress.org plugin, just because it has a PRO version also available?” Again, 90% said “no.”
“Wait, what is this about anyway?!”
Okay, let’s rewind to the beginning:
What’s up with the new WordPress plugin tags
The whole thing started several months ago when Matt Mullenweg encouraged the WordPress community to brainstorm some ideas on how to improve the way plugins are presented in the official repository:
In short, the main goals:
better indicate if a plugin needs an external service to work,
indicate if there’s a more feature-rich premium (or “PRO”) version of the plugin available.
In today’s WordPress ecosystem, with more than 45,000 plugins in the repo, it gets harder and harder to find the right one, and many of them just don’t live up to the expectations.
And I have to give it to Matt, what he’s

7 min read David McCan
Community | wptavern.com | 5 days ago

Matt Mullenweg Responds to Security Rant: Digital Signatures for WordPress Updates Are Important but Not a Priority

This article at the Tavern reviews the discussion on adding digital signatures to WordPress updates. It summarizes Scott Arciszewski thoughts and Matt Mullenweg's response.

Matt Mullenweg Responds to Security Rant: Digital Signatures for WordPress Updates Are Important but Not a Priority

Community | wptavern.com | 5 days ago

Scott Arciszewski, Chief Development Officer for Paragon Initiative Enterprises, who is most widely known for his cryptography engineering work, published a post on Medium criticizing Matt Mullenweg, co-creator of the WordPress open-source software project, for not caring enough about security. Arciszewski has since retracted the post but you can read it via the Wayback Machine. Arciszewski is working on a project known as libsodium, a core extension to PHP 7.2 which allows for encryption, decryption, signatures, password hashing and more. Its goal is to enable developers to build higher-level cryptographic tools.
WordPress’ automatic update system is handled through api.wordpress.org. Since updates do not have a digital signature, if api.wordpress.org were compromised, attackers could send malicious updates to thousands or millions of sites. This scenario was at the forefront of people’s minds late last year after Wordfence published details of a complex security vulnerability that could have compromised the update servers.
Arciszewski suggests offline code signing and elliptic curve cryptography as solutions, “The key that can produce a valid signature for a file

Editorials | kevinmuldoon.com | 12 days ago

Pay Attention to Your WordPress Database (19.5GB down to 159MB)

Great little post by Kevin on a reminder to pay attention to your WordPress database. Without knowing it, his DB grew to 19.5GB due to one plugin.

Pay Attention to Your WordPress Database (19.5GB down to 159MB)

Editorials | kevinmuldoon.com | 12 days ago

In general, I am quite good at maintaining my WordPress websites. I use the fantastic update service WP Remote to ensure all plugins and themes are kept up to date and I regularly remove plugins that I am not using. However, I am only human.
From time to time some things do slip through the net and I don’t realise I have missed anything until much later.
When I started getting automatic disk warning emails from my server telling me that this blog was using most of its allocated block, I knew something was wrong.
The Investigation Begins
I began looking into where the storage was being used up and saw that phpMyAdmin was reporting that this blog’s database is 19.5GB in size. When I sorted the database by row size I started to get a better picture of what was happening.
The top four rows all had profiler in the name. The profiler_functions table was taking up 9.3GB, profiler_queries was taking up 8.8GB, profiler_requests was taking up 607.6MB, and profiler_plugins was taking up 583.8MB.
To put into perspective how large these tables are, you need to look at the next tables. The next largest table is the prli_clicks table created by the link tracker Pretty Links Lite. After

5 min read Donna Cavalier
Development | khromov.se | 6 days ago

WordPress needs another long term support version

I seriously doubt this will occur. The tiniest changes take years, so this is likely a pipe dream. But dreaming is fun too, right?

WordPress needs another long term support version

Development | khromov.se | 6 days ago

Imagine reading the following update notes in a coming version of WordPress: “We have a number of exciting features for WordPress 5.0. The new Gutenberg editor has replaced TinyMCE and heralded in a new and simpler way to edit any type of content. The Fields API now provides a utilized way for plugins and themes to create fields in the customizer, on any type of content, or in options pages. We also welcome new endpoints in the REST API – which is finally becoming a full-fledged citizen and allow you to build fully JavaScript-based sites.”
Most developers would be very happy to read this changelog. But many also understand that all of this is years into the future. How can we change that?
An ode to WordPress versioning
WordPress 3.7 introduced automatic updates, and while many hardcore developers quickly wanted to find ways to disable them t0 not disrupt finely-tuned deployment systems, there is no doubt that it was a net win in terms of usability and security for the vast majority of people running a WordPress site.
When 3.8 was released, we saw patches to the 3.7 branch to fix vulnerabilities found in 3.8. This is great, as backporting security updates ensures ample