It's that time! Proposal to merge into core. A 2-parter though. Whatcha think?
Hello everyone! This is the post you’ve all been waiting for. We on the REST API team (myself, @rachelbaker, @joehoyle, @danielbachhuber, and newest member and core committer @pento) would like to propose merging the REST API into WordPress core. We’ve been working a while on this, and think it’s now ready to get your feedback.
This is our first iteration of the proposal, and we’re actively looking for feedback. If you have thoughts on the project, or on this proposal, let us know! Only with your feedback can we make progress.
What is the REST API?
The REST API differs from existing WordPress APIs in that it is explicitly designed from the ground up for modern mobile and browser usage, using the lightweight and widely-supported JSON data serialization format with a modern REST interface.
Great news! The website and code are all coming in under the WordPress.org umbrella and financial support is also involved.
Every year there's a brand new default theme, and Helen Hou-Sandi post gives us a preview. Designed by Mel Choyce.
It’s that time again: time to build a new default theme for WordPress! WordPress 4.7 will launch with a brand new theme – Twenty Seventeen. Designed by Mel Choyce (@melchoyce), Twenty Seventeen sports a modern look and will make a good base for any business website or product showcase.
Check out the gallery below to preview our next default theme at full-size: Higher resolution mockups
In addition to having a wide appeal, Twenty Seventeen will focus on providing a seamless initial theme setup so anyone can set up a website for themselves or their business with minimal hassle.
Twenty Seventeen aims to show off some new core features and enhancements, such as:
A better flow for using a static page as your front page.
Visible edit icons in the Customizer, replacing the current hidden shift+click method.
Expanding custom header images to include video (think: atmospheric video headers!).
Dummy content for live previews.
Mel will keep an eye on all things design during the creation of Twenty Seventeen. Laurel Fulford (@laurelfulford) and David Kennedy (@davidakennedy) will assist her, leading the theme’s development. Lots of opportunities exist this year for getting
A must read! If you are a WordPress developer, you must read this post to find out about what's new in WordPress 4.4 releasing this December.
WordPress 4.4 is the next major release of WordPress and is shaping up to be an amazing release. While you have likely discovered many of the changes from testing your plugins, themes, and sites (you have been testing, right?), this post highlights some of the exciting
Mika does a descriptive guide on how to properly report plugin issues.
Note: I’ll be using Hello Dolly as my example ‘bad’ plugin for this post. It’s fine and not (to my knowledge) vulnerable. There are a few reasons people report plugins but the main two are as follows:
If you report a plugin, you can make everyone’s life easier if you do the following:
Verify that it’s still applicable
Before you do anything, check if the exploit is on the latest version of the code or not. If it’s not, we may not do anything about it, depending on how popular the plugin is.
Use a good subject line
“Plugin Vulnerability” is actually not good at all. “Plugin Vulnerability in Hello Dolly – 0 Day” is great.
Send it in plain text
SupportPress is a simple creature. It doesn’t like your fancy fonts and inline images. Attachments are fine, but we cannot read your ‘Replies in-line in red’ so just keep it simple.
Link to the plugin
Yes, it’s that easy. Put the URL on it’s own line, no punctuation around it, for maximum compatibility. With over 35k plugins, and a lot with similar names, don’t assume, link.
If the plugin is not hosted on WordPress.org, I’m sorry, but there’s nothing we can
If you got all mad about the shortcode breaking thing in the last update, here is your chance to smile again. They are unbreaking the shortcode thing now. :)
tl;dr WordPress 4.2.4 RC1 is available (download) for testing and fixes an issue with inline scripts. A change in WordPress 4.2.3 had the unintentional side effect of breaking some inline scripts when the CDATA block is used (see #33106). For example, consider the intended content here:
In 4.2.2, this content is left as is and _my_function() fires as expected. In 4.2.3, the content is manipulated as such:
This results in the script being commented out by the // and it will not fire. A workaround for this is to use /* for commenting.
However, this workaround should not be necessary. As a result, we intend on releasing WordPress 4.2.4 to fix this issue.
Additionally, WordPress 4.2.3 caused issues when using shortcodes within angle brackets (see #33116). For example, this shortcode usage worked in 4.2.2 but did not work in 4.2.3:
While we do not recommend this use of shortcodes and strongly encourage plugin developers to move away from this use of shortcodes, the breakage was unintentional
MIka explains policies regarding forks and copies in the WordPress repo.
This has come up recently. What happens when someone submits a plugin that’s a copy of another? The tl;dr here is this: Please email us at email@example.com if you find someone has slipped an uncredited fork or identical copy of another plugin into the repository.
In general, we spot these before they ever get published. We rejected 10s of plugins a month for being identical copies. That said, we also approve double that for being legitimate forks.
While the GPL and it’s compatible licenses allow for forking, we have an ‘above and beyond’ rule for hosting here, that means your plugin must be a substantial change of the original. We do not allow direct copies of other plugins to be re-listed under somebody else’s name, we allow changed forks.
What does that mean? It’s very simple. You have to add new features, remove features, modernize, fix, clean up, or otherwise make a change to the plugin that differentiates it from the original. In rare cases, a simple clean-up will be accepted, but normally we try to get a hold of the original authors and have the fixes folded in to the original plugin. If you have a fork, we require you to retain all credit and/or copyright information.
Konstantin Obenland, Samuel “Otto” and Meta team is working on bringing V3 for WordPress.org plugin directory. They are looking for MVP by March 1 and working for the final release date of June 26. Stay tuned, and check all the improvement coming. Its big change, as instead of using bbPress, now all will be based in WordPress.
A year after relaunching the Theme Directory on WordPress, the Plugin Directory will finally get the same make over. With the entire process being open source from the start, please feel free to follow along and contribute on Meta Trac and in the #meta Slack channel. For more in-depth information, please consult the project overview page.
WordPress has supported custom page templates for over 12 years. With WP 4.7 the same functionality is coming to all post types, using "Template Post Type" in the file header.
WordPress has supported custom page templates for over 12 years, allowing developers to create various layouts for specific pages. While this feature is very helpful, it has always been limited to the ‘page’ post type and not was not available to other post types. With WordPress 4.7, it will be. By opening up the page template functionality to all post types, the template hierarchy’s flexibility continues to improve.
In addition to the Template Name file header, the post types supported by a template can be specified using Template Post Type: post, foo, bar. Here’s an example:
<?php/*Template Name: Full-width layoutTemplate Post Type: post, page, product*/// … your code here
That way, you’ll be able to select this full-width template for posts, pages, and products.
When at least one template exists for a post type, the ‘Post Attributes’ meta box will be displayed in the back end, without the need to add post type support for 'page-attributes' or anything else. The ‘Post Attributes’ label can be customized per post type using the 'attributes' label when registering a post type.
Selecting the post template
Great overview of many of the features coming to WordPress 4.5 from Aaron Jorbin
WordPress 4.5 is the next major version of WordPress and with it come some bang bang changes. This guide will describe many of the developer-focused changes to help you test your themes, plugins, and sites. So grab a ☕️ ,
Well, slap me with a feather! I never thought I'd see the day where perhaps the biggest annoyance in all of WPland is now going to be just a distant memory! Happy days, oh happy days! :D
In  and  for #31168, we’ve turned comments off on new pages by default. I know many of you have done the “make a bunch of pages, fill them out, realize comments are turned on, go back into the admin, turn off comments” dance. Now when you make a page, you won’t have to manually turn off comments — it’ll match the expected behavior of being off by default.
In addition to pages, this functionality has been extended to all custom post types. Post registrations that don’t explicitly add support for comments will now default to comments being off on new posts of that type (before, they defaulted to on). Up until now, post type support for comments has only affected admin UI; a developer could omit comment support on registration but still allow comments to be posted. This is a change in behavior, and we will be closely monitoring its effects during beta. Moving to explicit support will allow core behavior to be more predictable and robust in the future, but we will always consider real-world usage.
In trunk, you’ll notice two new things: the get_default_comment_status() function, which accepts the post type and comment type as arguments (both optional), and within it a get_default_comment_status
Twenty Sixteen is here, what do folks think, as always with default themes opinion seems mixed. I quite like it.
WordPress 4.4 will see a brand new default theme; that’s right, today is time to meet Twenty Sixteen! The process of selecting the Twenty Sixteen theme was a long one, taking several months. Lots of themes were considered, eventually settling on the one you see below. It’s a perfect fit! Twenty Sixteen features a new, never-released design that has some really unique touches on a traditional blog layout. It adapts well to different devices and is a joy to use.
Twenty Sixteen is a modernised approach of an ever-popular layout — a horizontal masthead and an optional right sidebar that works well with both blogs and websites. It has custom color options that allow you to make your own Twenty Sixteen. The theme was designed on a harmonious fluid grid with a mobile first approach. This means it looks great on any device.
Let’s take a look at more!
We have the pleasure of welcoming back Takashi Irie as the designer of Twenty Sixteen. This year, the core team developing our new default theme will be myself and @iamtakashi — and you! We hope you can join us in getting Twenty Sixteen out to the world. Along with us, @iandstewart and @samuelsidler will be making sure the ship stays
"A long overdue change is in the air " — Emil Uzelac
Sometimes, things need to change; that’s true for everything. The Theme Review Team is aware that we currently have problems. This post proposes some suggestions for how we should change. The objective of these changes are to reduce queues and make reviewing easier, both for those being reviewed and those doing the review. A big thanks goes out to everyone that has helped with writing this post. Specific props to @emiluzelac, @grappleulrich, @greenshady, @samuelsidler, @cais and @jcastaneda. The admin team have signed off on this in agreement.
Our role as a team should be to check that the theme has no licensing, security, or “breaking” issues. Any issues beyond those three categories should be dealt with after the fact, not during review. We all want to do more, but without ensuring we provide the minimum review to themes in a timely manner, we aren’t succeeding.
Let’s have a look at the following sections and see how we can improve.
In order for us to function, we should change the structure of our team.
Reduce down to 2 tiers for reviewers: key reviewers and reviewers. No more admins. If you have not been actively contributing to theme review
Sheding some light on the recent discussion. Comments like these from the .org team make things more transparent.
The WordPress.org security and plugin review teams have recently been working together to push automatic security updates for plugins to fix critical vulnerabilities. These updates are supported by WordPress 3.7+. Andrew Nacin, a fellow lead developer of WordPress who helped write this post, wrote this after WordPress 3.7 was released:
“The automatic updater also supports themes and plugins on an opt-in basis. And by default, translations (for themes, plugins, and eventually core) are updated automatically. At some point in the future, the WordPress.org plugin security team will be able to suggest that installs automatically update malicious or dangerously insecure plugins. That’s a huge win for a safer web.”
Some have interpreted this as the end-user is required to opt-in, but it’s always been the case that it could be opt-in by either the site administrator, or by the WordPress.org security team if we deemed an issue severe enough to warrant it.
Back in April of 2014, the WordPress.org security team was contacted by Automattic with the details of a security issue affecting Jetpack, looking for help to get the update out to affected users as fast as possible (you can read more about
It's that time again, when you can make your suggestions count, and dump your wishlist for WP 4.4 :)
Would like to see improvements in these areas: User profile screen.
To be make as post edit screen. Means we could add custom metaboxes, collapse metaboxes, use featured image in profiles (avatar ?), rearange drag and drop sections (metaboxes) in profile screen. Anyway WordPress would benefit tremendously if profiles worked similar way as post/pages.
User/Role dependent TinyMce settings. (as Drupal has long time ago)
Visual Editor in comments, maybe optional as one checkbox in settings.
Post/Page/Settings/etc.. Save and Close button. Saving close edit screen and redirect to the list.
Easy to adapt Dashboard.
Random Math captcha in the core for registration, login, comments. Forms can follow and use core code.
Default featured image fallback.
Put basic robots.txt in root.
Put Interconnect script for converting URLs in core folder, or implemented in settings. Dont know how other people do but I am using it 100%, on all websites. If this doesnt qualify as candidat for core, I dont know what would.
Number of revisions and Autosave interval as settings in backend.
Backend left sidebar auto adapting to longer menu item names, adapting middle area too.
One or two metaboxes of beer and collapsible
Finally, the WP importer is getting some love! Major renovations have already been made. Download and play with it. Yay!
Hi, I’m Ryan McCue. You may remember me from such projects as the REST API. I’m here today to talk about something a bit different: the WordPress Importer. The WordPress Importer is key to a tonne of different workflows, and is one of the most used plugins on the repo.
Unfortunately, the Importer is also a bit unloved. After getting immensely frustrated at the Importer, I figured it was probably time we throw some attention at it. I’ve been working on fixing this with a new and improved Importer!
If you’re interested in checking out this new version of the Importer, grab it from GitHub. It’s still some way from release, but the vast majority of functionality is already in place. The plan is to eventually replace the existing Importer with this new version.
The key to these Importer improvements is rewriting the core processing, taking experience with the current Importer and building to fix those specific problems. This means fixing and improving a whole raft of problems:
Way less memory usage: Testing shows memory usage to import a 41MB WXR file is down from 132MB to 19MB (less than half the actual file size!). This means no more splitting files just to get them to import!
A collection of useful links to all the things shipping with WordPress 4.7. A must-read for all WordPress developers.
WordPress 4.7 is shaping up to be the best WordPress yet! Users will receive new and refined features that make it easier to “Make your site, YOUR site”, and developers will be able to take advantage of 173 enhancements and feature requests added. Let’s look at the many improvements coming in 4.7… RESTing, RESTing: 1, 2, 3
The foundation for RESTful APIs has been in core since 4.4, and 4.7 sees the addition of Content Endpoints after a healthy discussion. We’ve defined four success metrics as part of the merge discussion and you can help by building themes and plugins on top of the API, using the API in custom development projects, and utilizing the API for a feature project, core features, or patches. So, dive in, start playing around, and let us know what you build!
Hi everyone, it’s your friendly REST API team here with our second merge proposal for WordPress core. (WordPress 4.4 included the REST API Infrastructure, if you’d like to check out our previous merge proposal.) Even if you’re familiar with the REST API right now, we’ve made some changes to how the project is organised, so … Continue reading
It don’t mean
So, this is one post today that is not an April fool joke! Team responsible for the redesign of Plugin Directory, spend some time in drawing board, and here they are sharing some initial iteration. Take a look.
Earlier this week, a few of us met to discuss the design direction of the Plugin Directory. Myself, @michael-arestad, @hugobaeta, @melchoyce, @helen, and @samuelsidler looked at the current directory and challenged ourselves to look at it from a fresh perspective, exploring flows, UI, and content. The overall goal was to set a direction for the design. After a couple days of whiteboard drawings, we’re a lot closer and I wanted to share some explorations with you.
Please note that the below explorations are wireframes and heavily subject to change. They’re only meant to give you an idea of the direction we’re looking at.
We discussed three views:
The landing page (wordpress.org/plugins/)
The Search results view
The Single Plugin View
Plugins Landing page
Plugins Search Results Plugins Single View
On each view, here are some thoughts on the direction.
Plugins Landing page (/plugins/)
The title block is much longer, with a more prominent search field at the top. Search is the primary action in the directory and we’re working to improve it.
The addition of a slider for featured plugins… yes that’s not misspelled, I wrote “slider”.
The WordPress Theme Developer Handbook has finally been released. Congrats to the almost 100 involved. Feedback welcomed.
Weekly Meetings As well as discussing docs issues here on the blog, we use Slack for group communication.
Individual teams have their own regular meetings – you can find details of those in the sidebar.
The call is out for those interested in leading 4.8 and beyond releases. Release leads do not need to be developers!
WordPress 4.6 will be released in a couple of weeks, and Helen Hou-Sandí is preparing to lead 4.7, the final major release of 2016. With five months left in 2016, it’s time to start considering release leads for 2017. Giving release leads time to prepare is beneficial to the success of the release. It might seem advantageous to announce a year’s worth of release leads, but it puts the first and even second release lead at a disadvantage. Going forward, identifying and pre-announcing the next two release leads will help give them time to prepare. For example, at the start of the 4.8 cycle, both the 4.9 and 5.0 release leads should be confirmed.
Leading a release is a substantial time commitment. It blends aspects of being a product manager, project manager, engineering manager, and release manager. The release lead works across teams to ensure the success of the release. They are supported by the lead developers, permanent committers, and deputies of their choosing. Release leads do not need to be developers, but having experience contributing to WordPress is recommended.
Here’s how some previous release leads have described the role:
Leading a release of WordPress
Hugo Baeta conducted a survey a few months ago to better understand how contributors and other community members interact with WordPress.org sites -- he posted on Meta Make Blog with the survey results and relevant comments.
Over the years, with a lot of resources being put into core, the WordPress.org network of sites has been interated upon without much structural or art direction. As we take on efforts of documenting and creating more polished and art directed design foundations for the WordPress project as a whole, the .org sites need to get some love as well. The first step is understanding what can be improved, what the real pain points are. So I conducted a survey a few months ago to better understand how contributors and other community members interact with WordPress.org sites. The survey was sent to a select group of people – project leads, team reps, highly active community members, etc. The sampling was small (32 participants) and so the survey had a lot of open-ended questions, allowing the participants to write their thoughts freely, revealing the biggest pain-points. The survey was divided into sections for better understanding of the usage of the several parts of the website.
This survey will help us get a better idea of the direction we need to go on a long-term plan to make improvements to WordPress.org, building a more solid and thought-out foundation so the community can grow and thrive
This is 2016 and email is no longer the only way to send notifications. We have many more options, like push notifications to mobile platforms, desktop notifications to browsers, messages to chat apps, endless services via webhooks, SMS messages, or even notifications in the WordPress admin area. Maybe it's time we get a really flexible API.
Most of the situations where WordPress sends an outgoing email can be classified as a notification. X just happened on your website and you should be aware of it. Back when WordPress was a youngster, the only way to reliably notify a user was via email. In 2016 we have many more options, including push notifications to mobile platforms, desktop notifications to browsers, messages to chat apps, endless services via webhooks, SMS messages, or even notifications in the WordPress admin area. The list goes on. For many users, email is no longer the optimal delivery mechanism for ephemeral notifications.
To that end, let’s think about replacing wp_mail() with a modern API that allows developers to route notifications to services other than email, allow them to better modify notifications and the way in which they’re formatted, and allow them to do so without stepping on each others’ toes.
The current lack of a notifications API (or even an email sending API) can be easily summed up:
Problem: Plugin A wants to provide HTML emails, and Plugin B wants to send emails via an email delivery service such as Mandrill. Plugin C wants to disregard emails and send Slack notifications.
It almost looks like TwentySeventeen is getting into Page Builder Territory with its "Sections" feature built into the Customizer.
Here’s the summary for this week. The meeting was busy, so feel free to add anything missed in the comments. Housekeeping
Slack archive of meeting.
Meetings are every Friday at 18:00 UTC in #core-themes in Slack.
The major design implementation pull request was merged today.
discussed #37974 (Add multi-panel feature to pages through add_theme_support) for the majority of the meeting. The goal was to find a minimum viable product that could be developed in the time left.
decided to shoot for this feature to be 1. limited to the front page only. 2. exist in the Customizer 3. provide basic markup, created by Core.
decided this story board stood out as the strongest to be iterated on and mocked up as a design.
decided live preview in the Customizer wasn’t critical at the current time.
@helen and I will work on marshaling people to help with the project.
@karmatosed will work on the initial mock-up of the feature.
briefly discussed #38172 (Enable video headers in custom headers) It also needs to have a minimum viable product defined and those interested were encouraged to comment on the ticket with that in mind.
brought up #19627, and that could be worked on
Latest from the API team, including thoughts from Ryan McCue on the roadmap of the REST API in WordPress 2.6/2.7.
Hi folks! I’m here with another exciting update from the API team. Beta 13
First off, we’re excited to announce 2.0 Beta 13 “yoink.adios\losers” is now available. Grab it from the plugins repo or GitHub while it’s hot. Here’s some of the key updates:
BREAKING CHANGE: Fix Content-Disposition header parsing. This technically breaks backwards compatibility to correctly match the header specification. (#2239)
BREAKING CHANGE: Use compact links for embedded responses if they are available. We now use CURIEs for sites on 4.5+, which look like wp:term (but canonicalise to the full URI relation). (#2412)
Updated JS client to the latest version. (#2403)
There’s lots more changes in this release; check out the release notes or the commits for this release.
We’ve been thinking about how to tackle the API in the coming future. We want to do the most we can to ensure you can build sites with confidence.
Along these lines, we’re going to release a 2.0 final version in the coming months. This will be a completely stable release with guaranteed backwards compatibility for the foreseeable future. This backwards compatibility ensures that your sites can remain up-to-date with minimal maintenance