[Ga: een map omhoog, voorpagina]


Ready to get started?Download WordPress

WordPress Planet

October 02, 2014

Matt: Singapore Suites Class

Derek Low on What It’s like to Fly the $23,000 Singapore Airlines Suites Class. I’ve been on the Emirates First Class A380 with the shower before, but this looks like an entirely other level. I also must confess I think Emirates has rather gaudy design. The best I’ve seen design-wise is actually from Swiss Air, as you’d expect.

by Matt Mullenweg at October 02, 2014 11:27 AM under Asides

Akismet: September Stats Roundup

akisbot-partyT’was an exciting month around Akismet headquarters. We caught over 300 million spam messages in just one day for the first time, on September 26. And if that wasn’t enough, we saw over 300 million comments in one day again on September 30.

But wait, there’s more… we also broke our daily record a total of 4 times this month. Our last daily record was 269 million spam messages on August 21, here’s what happened since then:

  • We broke the daily record on September 4th with 280 million spam comments
  • And then again on September 7th with 284 million spam messages
  • And then again on September 26th with the groundbreaking 312 million comments
  • And finally, just yesterday – on September 30 -we broke our record again with 366 million spam comments

Phew. What a ride. :mrgreen:

There were two other times in Akismet history when we broke the daily record this many times in one month. In November 2011 we broke the daily record 8 times (!) and in December 2012, we broke it 6 times. Though, the numbers were much easier to beat then – 90 to 100 million daily spam comments in November 2011, and 177 to 196 million in December 2012.

Here are the daily numbers for September, with the previous record marked for comparison:

We saw 7,955,568,000 spam comments go through this month, and 357,739,000 real comments.

We saw 7,955,568,000 spam comments go through this month, and 357,739,000 real comments.

You may have also seen a rise in your own spam comments this month. If you’re noticing a larger number of comments than usual being missed by Akismet, please do get in touch through our contact form so we can help out. Let us know what your API key is, and on what website you’re seeing the increase, and we’ll be happy to take a look.

Our slowest day this month was September 14, with a mere 218 million spam comments going through. Compared with September of last year, the number of spam comments going through Akismet increased by 112%, and it increased from last month by 10%. This month, we missed about 1 in every 4,574 spams.

As usual, real comments make up only a small portion of the total comments we see coming through – at 4% this month.

This post is part of a monthly series summarizing some stats and figures from the Akismet universe. Feel free to browse all of the posts in the series.

by Valerie at October 02, 2014 01:00 AM under Monthly Roundup

October 01, 2014

WPTavern: WordPress Theme Review Team Gains 27 New Reviewers at WordCamp Europe Contributor Day


The contributor day following WordCamp Europe was a tremendous success, bringing approximately 180 people to the SiteGround offices in Sofia. A healthy mixture of veteran contributors were in attendance, as well as many folks who were brand new to contributing.

At the beginning of the day, contributors split off into smaller groups to focus on translations, core, documentation, theme review, support, GlotPress, and Rosetta. When Theme Review Team member Tammie Lister put out a call for theme reviewers, hands shot up all over the room. Automattic donates Lister’s time two or three days per week specifically for helping with WordPress.org theme review.

After the event, she reported that 27 new people were added to the WordPress Theme Review Team. They started by introducing themselves and discussing why one might want to get involved. Those who had some experience shared their individual processes. After this, they dove straight into reviewing and each person was given a theme.

“The current idea is that during the month of October we will be focusing on how we do contribution days now, so we’re having experiments and thinking about ways to improve that,” Lister said. During the last weekly meeting, the Theme Review Team identified the pain points in adding reviewers and brainstormed ideas for onboarding new reviewers during contributor days. This includes the possibility of creating a doing_it_wrong() theme, as a project at WordCamp San Francisco, that can be used for education and testing. Lister said they will be playing with a few ideas at upcoming contribution days in San Francisco and Toronto.

A Room Full of Themers

The best part of getting a record number of new reviewers together was packing a room full of themers who were all buzzing about the craft of WordPress theming. “What was really exciting about today is that it wasn’t just developers,” Lister said. “We had some people who didn’t know much HTML, some who were newer to theming, and some who were doing it the right way.”

The key thing for new reviewers is to take your time, Lister said. “I think the thing is that you just have to take it slowly when you start theme reviewing. You go through the process and you get faster.”

New reviewer Andrew Liyanage decided to jump in and join the Theme Review Team in order to sharpen his professional skills. “I wanted to get into theme design. I thought before designing a theme, I could get into review in order to get to know what the do’s and the don’ts are,” he said. “I’m already reviewing a theme right now, and it’s going better than I thought it would.”

Lister plans to match each new reviewer with someone from the new mentoring program, established last month. Although most of the communication happens on trac, there are more people than ever to help out with the process.

“A lot of it is trac focused, because it has to be, but we now have mentors, more admins, and trusted reviewers. So there’s a lot more people but there’s a lot more people looking after those people,” Lister said.

With a record number of new theme reviewers added in one day, the team now has 27 more people who are familiar with the guidelines. This is bound to make a significant dent in the queue and lighten the load for the rest of the team.

by Sarah Gooding at October 01, 2014 09:52 AM under WordCamp Europe

Post Status: Contribution as culture


This post spends a lot of time analyzing and referencing two other blog posts. Excuse me for that, but also be sure to read both, as they are relevant for this post and also interesting in their own right.

Matt Mullenweg wrote a blog post called Five for the Future yesterday that advocates his belief that WordPress-centric companies should aim to utilize 5% of their company resources toward contributing back to the project.

He noted in the post that Automattic isn’t quite to this point, but that they are working on it, and describes why he believes it’s important. He closes with this:

It’s a big commitment, but I can’t think of a better long-term investment in the health of WordPress overall. I think it will look incredibly modest in hindsight. This ratio is probably the bare minimum for a sustainable ecosystem, avoiding the tragedy of the commons. I think the 5% rule is one that all open source projects and companies should follow, at least if they want to be vibrant a decade from now.

This was followed up by one of the co-founders of one of the very hosting companies Matt partially referenced in his post — WP Engine’s Ben Metcalfe — who responded with a blog post of his own: WordPress: What exactly do they get for their 5%?

I think I was immediately thrown off by Ben’s post title, but so many times throughout reading it I was shocked at how he made assumptions of Matt’s intentions or missed what I would call “the point”.

5% is not a decree

Obviously, Matt is not speaking from the mountaintop with a proclamation of law. This is his recommendation — one that he believes will reward the firms that strive for it.

I believe that the community has already shown us that those that invest into WordPress are rewarded from it. We improve our understanding of a foundational software of our careers, improve our skills, are more marketable, more attractive to employers, and create natural opportunities for developing industry relationships.

How should 5% of “people” be defined? I’m pretty sure Matt would agree that 5% of people or 5% of revenue toward people doesn’t really matter to him; yet Ben makes a continuous sticking point about the cost of — and need for — engineers.

Additionally, while Matt utilizes full-time employees, the same (or better) effect could be had with shared time from more employees.

I’m not big into absolutes, so it’s important to remember that while I’m advocating that Matt’s recommendation of 5% time, I think it’s simply a good recommendation. This is a free economy and companies can do what they want. But I think in the current and long term, contribution will be key to greater corporate success for those that choose to do so.

What does 5% cost, and who does it require?

While Matt was careful to include numerous non-engineering roles companies could help with, ultimately what drives the open source project is source code contribution by software engineers. …

A reasonable engineer in the US costs $100k/y, and if you factor in benefits (tax funded health-care, anyone?) and overheads you could easily be looking at $130k or more per person, per year. …

A 200+ person web hosting company would need to hire 10 engineers to meet a 5% goal, requiring a budget of anything between $1MM-1.3MM+ per year. Those engineers probably need a manager – to mentor them, provide career development etc. Those 11 people also put pressure on human resources, finance, legal, facilities etc – probably equating to another person again. Now we’re talking probably more like $1.25-$1.5m annually.

First, I believe Ben has spent too much time in the world’s largest cities if he believes engineers cost $100,000 per year on average. In my experience (yes, I interview people myself), that’s not the case, and based on my decent view of the ecosystem it’s not an appropriate going rate — especially if the offer on the table is a particularly desirable position.

More importantly, the project needs far more non-technical contributors. Ben’s assertion that “ultimately” software engineers drive the project is not true. Users drive the project. A technically savvy user-minded contributor can be a beacon of light to a group of software developers. And given the user-facing nature of WordPress itself, non-engineer contributors could drastically improve the less code-sexy parts of the WordPress ecosystem: project management, docs, training, testing, support, translation, etc.

Additional to “core” contributions, WordCamps, plugins, themes, communities, and many other venues are outstanding places where contributors — yes, they’re still contributors! — can impact the overall project.

Finally, as I noted above, I think companies could quite effectively contribute parts of employees’ time versus dedicated 100% time, which would also prevent the need to have dedicated managers for open source contributors.

Foundational software to your business

Ben spends a chunk of time saying that big companies like GoDaddy get a “get out of jail free card” and that obviously Matt wouldn’t expect they dedicate 5% of their thousands of employees.

GoDaddy definitely benefits from WordPress and they also contribute to it; and no, they don’t contribute 5% I’m sure. But WordPress is not foundational to GoDaddy’s business. They have a dedicated sub-product for it, and they also have many contributors to it.

WP Engine, and many others (including mine), are almost completely or completely reliant on WordPress as a platform. WordPress and its underlying technologies are foundational to our careers and businesses.

It is simply a different story to compare a company that would continue on pretty much fine without WordPress and one that would have to seriously reconsider their entire business model.

For example, let’s compare the scenario to a publisher. Re/code is built on WordPress. They have a staff of 20+. Do they completely rely on WordPress for their website? Yes. For their business model? No. In their scenario, it makes sense for them — and could benefit them pretty directly — to allocate some time of some employees to WordPress, but if WordPress disappears they can and will migrate to a different platform.

Contributing to the full stack

It was questioned to me on Twitter, after my initial reaction to Ben’s post, whether I contribute 5% of my time to open source projects like PHP, MySQL, and other tools that WordPress relies on.

This is a good question and point, but it does not cause me to stumble in my opinions. I believe open source contributions in general benefit the entire software stack.

In my scenario, I can be more impactful on the WordPress project than others. But I believe contributions can take many shapes, in both directions.

Some folks, like Daniel Bachhuber, greatly contribute to the project as a whole by supporting upstream projects like WP CLI.

Automattic is a fantastic example of a company that has both upstream and downstream contributions. They are active contributors to, employers of contributors or founders, or monetary sponsors to a huge number of downstream projects: WordPress, PHP, Nginx, jQuery, Elastic Search, Node, Socket.io, and probably a bunch I can’t think of or don’t know about. Additionally, they are a driving force behind dozens of upstream, open source themes and plugins.

Edit: Matt says in a Tweet where Andrey Savchenko asked for clarification about PHP contributions that Automattic doesn’t actively contribute to PHP. Though I think I define contribution a bit more loosely than Matt does.

Whether a company is contributing to their foundational piece of software, a downstream or upstream application, or on an adjacent aspect that leads to the betterment of the platform that is foundational to their business objectives, then I believe it will in turn be beneficial to their bottom line.

Contribution as culture

Contribution should not be considered an isolated cost, but an enabling investment.

If I run a business that relies on a foundational piece of software like WordPress, then it benefits me greatly for my employees — no matter what role they play within the company — to be intimately familiar with that software.

In my last job, I was tasked with guiding a transition of my company from developing mostly on a proprietary CMS to WordPress. I consistently preached the importance for everyone in the company to understand some fundamentals of WordPress itself. During my time there and since I’ve moved on, I’ve seen other members of that company learn the software, get involved in our local community, and even contribute back to WordPress itself; and both they and the company are better off for it.

Whether an employee is in sales, customer service, design, development, management, or wherever else — every employee knowing your product is important. I firmly believe this. I would want anyone in an organization I’m part of to be able to discuss our product in detail and with confidence to anyone.

When your company relies on a foundational piece of software — such as those we’re discussing in this post — that’s in effect part of your product. We are building products and services around and for WordPress. How important should it be that our company’s employees understand it?

And how can they understand it better? By contributing of course!

Have a new support rep? Show them the WordPress.org forums to get their feet wet. New designer or front-end developer? Have them sit in on default theme conversations or read through the Make UI blog. New sales person? Get them involved at your local meetup and WordCamp. This list can go on.

Avenues for contribution are an incredible gateway for learning WordPress. Blogging about WordPress (another avenue of contribution) has greatly enabled me to be better at my job, and therefore made me significantly more valuable to the companies I’ve worked with.

Five for now

Matt called his post Five for the Future, and talked specifically about how a 5% investment by a company will ensure a greater future for WordPress and therefore said company. I disagree.

Contributing now will benefit the company and its employees right now. And while both Matt and Ben focused on individuals within the company being targeted contributors, I think it’s much more beneficial to have a much larger percentage of a company contributing a portion of their time (even if small). I’d rather see 2 of 200 employees be full time contributors and then have 80 10% contributors than have 10 full time contributors.

I think we’ve seen many, many examples of contributors (people and companies) reaping tangible and intangible benefits from when they contribute — whether that contribution is to the codebase or the community. Contributors in this ecosystem come out on top.

Contributions are not an isolated cost or burden. Nor should their effects be limited to good faith investments to the sustainability of the ecosystem.

Contributions benefit the bottom line, and they benefit the bottom line right now.

by Brian Krogsgard at October 01, 2014 06:17 AM under Business owners

WPTavern: Interview With Stream Project Lead, Frankie Jarrett

Frankie Jarrett Featured Image

Stream 2.0 is a significant update that changes the stand alone plugin into a service. But not everyone is happy with the change. Those who use Stream in enterprise environments have voiced disappointment regarding the latest update. The following is feedback from a user on the Advanced WordPress Facebook group. “Heads up if you use Stream. The 2.0 upgrade now stores everything in the cloud instead of the local database and requires a WordPress.com account to use it. It’s a great plugin but this new functionality is not optional and I can no longer use it with our enterprise data.”

I reached out to Stream project lead, Frankie Jarrett, and asked why the team decided to rely on third-party services. I also inquired whether users have any options to house data on their own servers or connect it to a service of their choosing. Jarrett gives insight into the future of Stream as a Service and let’s us know if they are working on a version that is compatible with enterprise environments.

Interview With Frankie Jarrett

WordPRess Loggingphoto credit: Claire L. Evanscc

Jeff – Why the decision to use an external service by default to offload Stream activity data?

Over the past 10 months we’ve learned a lot about logging events, specifically logging actions taken inside the WordPress Admin. As time went on, some of the biggest concerns we had revolved around the topics of performance and security. It became clear to us that Stream needed to be more than just a plugin to advance into a solid solution, it needed to be a service that was self-contained and lived alongside WordPress instead of trying to force it to work inside the WordPress architecture and never truly being scalable or secure.

MySQL is nice solution for storing content with simple querying, this is how WordPress uses it, but MySQL is actually bad for storing logs, especially if you want to retain them for a long time and/or run complex queries on them while also expecting those queries to be fast. Not to mention, you don’t want the performance of your website’s content to be affected at all. Since the primary purpose of the MySQL database is to store and serve up content to your website visitors, it was our view that should never be hindered by event logging.

Now that Stream is a service, we can use brand new technologies like Elasticsearch, that are better suited for (and even designed for) querying huge numbers of logs. The result is a more powerful querying performance, the possibility for users to do even more complex queries in the future (for their Reports), and have no worries about keeping logs for a very, very long time. The things we are now doing in Stream 2.0, and plan to do in the future, require the power of Elasticsearch and don’t translate into MySQL storage solutions.

In regards to security, websites and databases get hacked all the time. Unfortunately that’s just the way it is. Since all of Stream’s records had previously lived inside the website, it too was as vulnerable as the website itself. This means that any hacker that gained access could mess up a site and then cover up their tracks by simply deleting the Stream log data. This was a bad thing and meant those logs weren’t really a true security audit trail at all. Now that Stream is a service, those logs are untouchable by an intruder. Once an action is performed, it’s forever in the event history, so the site owner knows without a doubt what things have happened on their site and can go through an undo the damage.

Jeff – Why the connection between Stream and WordPress.com ID logins?

WordPress Stream Connectionphoto credit: Manchester-Monkeycc

This was an easy decision for us, actually. Over the past few years there have been several WordPress companies that have had their sites hacked and user passwords have been compromised as a result. It’s a sad and unfortunate thing that can be avoided by simply not storing them. Our solution for this was to use SSO (Single sign on) powered by WordPress.com.

This means Stream doesn’t have to store any login details for any customer and customers don’t have to sign up for yet another account somewhere. Furthermore, WP.com SSO supports two-factor authentication. This is a huge win for folks who are really concerned about the security of their logins, and we wanted Stream to have this capability.

The reason why we chose WP.com SSO was because of its status and reach in the WordPress community. Stream is a WordPress product and service, so it only makes sense to reach as many WordPress users as possible. When you think about all the people who use Jetpack, Gravatar, Akismet, VaultPress and Polldaddy – that’s a lot of people. Maybe not everyone, but again, we wanted to make a decisive decision not to store user login credentials at all, and that could mean some people might not be able to use it, but it’s for the good of all our users. WordPress.com SSO was also very easy to implement on our WordPress-powered site compared with the Facebook, Twitter or Google SSO alternatives.

Jeff – Is the connection between Stream and WordPress.com similar to Jetpack in that some things won’t work without the connection?

The only time Stream needs to talk to WordPress.com is during sign up, for login credentials. Stream doesn’t ping back to your website like Jetpack does. This means your site doesn’t have to be publicly accessible for Stream to work and can be run on a local/development environment without any problems or extra steps needed.

Jeff – Overall, what are the future plans for Stream now that it’s morphed into a service?

Future of Streamphoto credit: wwarbycc

Now that we have some scalability, performance and security milestones behind us, we are very much looking forward to making Stream even better in the coming months and years. You might have already noticed, but Stream 2.0 featured built-in integration with eight popular WordPress plugins. We intend to continue making Stream compatible out-of-the-box with tracking things that many other popular plugins do.

Another thing we plan to do is open up a REST API for people to be able to access their data and do anything they want with it. This is a very exciting prospect. Finally, we are working on ways to have a complete “mash-up” of all of your Stream data in one place. This is based on a lot of feedback we’ve been getting from folks who run not just multi-site, but multiple single-site installs for their clients and want to see everything that’s happening in one place. We think that will be another huge benefit to people and something that is only possible because Stream is now a service.

Jeff – One of the complaints I’ve seen is that Stream’s reliance on third-party services makes it incompatible with enterprise environments. What is the team doing to address this issue?

The new Stream relies on the power of Elasticsearch for performance and complex queries, but we are exploring ways for the Stream service stack to be run on-premise for Enterprise organizations who have strict internal policies that would require that. We don’t have have an ETA on when this type of solution will be ready, but we are actively pursuing it.

by Jeff Chandler at October 01, 2014 04:07 AM under stream

WPTavern: Stream Morphs From a Plugin Into a Service

stream plugin banner

Stream 2.0 is available for download and includes a plethora of enhancements. This version features a rewrite from the ground up with a focus on scalability, security, and activity. As part of the rewrite, Stream activity data is stored in the cloud using Amazon Web Services with Elasticsearch. This is the same type of setup Jetpack uses to power its Related Posts module.

Connect To Stream ServiceRequest For a WordPress.com ID

The data is stored over an SSL connection making it hard to tap into your activity stream. The Stream team explains the plugin as being the black box of a WordPress site that even the NSA can’t penetrate. As part of the security enhancements, Stream uses your WordPress.com ID to authorize your account.

After connecting my WordPress.com ID to Stream, it loaded a Plans and Pricing page in place of the backend instead of just connecting my account. This is unexpected behavior and a disappointing user experience. I ended up having to load the WordPress backend in a new browser tab.

I ran into a loop where each time I logged into the backend of WordPress, I’d see the Connect to Stream notification. Each time I clicked the button, it would load the Plans and Pricing page. As it turns out, the reason for the endless loop is because I didn’t have a subscription registered with the Stream website. Once I completed the process of registering for a free account, the WordPress backend loaded the Stream records screen.

Successful Connection To StreamSuccessful Connection To Stream

I recommend text be added to the top of the Plans and Pricing page. The text should explain that in order to complete the connection to Stream, a subscription plan needs to be selected. It’s not obvious and gave me the impression the plugin is broken.

Support For SMS Notifications Thanks to an Outside Source

One of the neat features in 2.0 is the ability to set up SMS notifications. For instance, every time a theme, plugin, or WordPress is updated, you can configure Stream to send you a text message.

Configuring SMS Notifications In StreamConfiguring SMS Notifications In Stream

SMS notifications ended up in 2.0 thanks to the contributing efforts of Jeff Matson. Matson is the author of the WP SMS Notifications plugin we highlighted on the Tavern back in July. Matson explains why he decided to contribute to the Stream project, “When I created WP SMS Notifications, the biggest comment I received was that I should work with Stream to add my functionality to their plugin. The team behind Stream agreed and I was given access to their Github account. Now, I can proudly say that my code is behind one of the greatest activity tracking plugins out there.” However, the only way to take advantage of SMS notifications is to use the Pro account which is available for $2 per month.

Older Version of Stream Will Remain Available For Download

Stream has undergone major changes and is now a service versus a stand alone plugin. For those who don’t want to update to the new version, the Stream Team is leaving the previous version online via Github. Versions 1.4.9 and below won’t receive any more updates outside of patching major bugs or security vulnerabilities.

Overall, a Solid Update

Stream 2.0 is a solid update. The latest edition supports activity tracking for eight of the most popular WordPress plugins out-of-the box including: Advanced Custom Fields, bbPress, BuddyPress, Easy Digital Downloads, Gravity Forms, Jetpack, WooCommerce and WordPress SEO by Yoast. SMS notification is a great enhancement and I think it’s respectable of the team to keep 1.4.9 available for those that don’t like the new direction Stream is heading in.

Are you satisfied with the latest update to Stream? Does using WordPress.com and Amazon Web Services turn you off from using it?

by Jeff Chandler at October 01, 2014 02:46 AM under wordpress.com

WPTavern: WordPress Plugin Checks if The Server Hosting Your Site is Vulnerable to The “ShellShock” Bug

ShellShock Featured Imagephoto credit: Tony Busercc

In recent days, a security vulnerability in Bash known as “ShellShock” has put millions of servers at risk. Without going into too much detail, the vulnerability allows an attacker to execute any code on a vulnerable server. The amount of servers at risk is far greater than the Heartbleed bug discovered earlier this year. The founder of ManageWP, Vladimir Prelovac, has released a new WordPress plugin that helps determine if the server hosting your website is vulnerable to the ShellShock bug.

The plugin checks for both disclosed ShellShock vulnerabilities CVE-2014-6271 and CVE-2014-7169. Simply download the plugin, activate it, and browse to Settings > Shellshock. Click the Run Test button. After the test is completed, a notice displays whether the server is vulnerable or not. In the following  screenshot, the server I tested is not vulnerable.

ShellShock Test ResultsShellShock Test Results

If the server is vulnerable, take a screenshot and contact your host as soon as possible. Create a trouble ticket. Then, inform the support representative you tested the server and the results show it’s vulnerable. Attach the screenshot to the trouble ticket with a link to this article by Troy Hunt, which explains everything they need to know about the bug. After filing the report, create a full back up of your site in case the server is attacked before it’s patched.

by Jeff Chandler at October 01, 2014 01:41 AM under shellshock

September 30, 2014

WPTavern: A New Project by Nick Haskins, WP Status Page

WP Status Page Featured Imagephoto credit: Luigi Rosa has moved to Ipernitycc

The creator of Aesop Story Engine, Nick Haskins, wants to know if there is any interest in a WordPress plugin that would provide a project status page. After browsing the WordPress plugin directory and coming up empty, Haskins is developing his own solution in the form of a plugin.

He describes the plugin will have a similar setup to StatusPage.io. “It would definitely have a mechanism to determine if a supplied URL and/or database is down or not. But the page would be more “alive” then a static coming soon page with the ability to send notifications (email/SMS) to users in addition to showing real-time status updates with a history of events,” Haskins told the Tavern.

Haskins explains how the plugin would work. “You’d provide a subset of items like maybe a URL, database , API endpoint, and we’d ping that and return the status in a pretty way. I think the key making this really work would be to provide some level of automation as in, a developer could push a commit to Github or Bitbucket with a specific tag that would then automatically update a message status on the status page.

An example of a status page is the Amazon Web Services health dashboard. Haskins says his page will look similar but will have a better design.

Amazon Web Services Status PageAmazon Web Services Status Page

One of the issues he brings up is where to host the plugin. It doesn’t make sense to host a status page on the same server as the project. Instead of forcing users to sign up for a cheap hosting account, Haskins may turn it into a hosted service. One option to consider is using OpenShift Online. OpenShift has free accounts available and is Red Hat’s public cloud application development and hosting platform.

If you’d like to know when the plugin is ready for testing, WP Status Page has a splash page available where you can enter your email address to receive updates on the project’s status.

Is this something you’d be interested in using? What other ideas or features would you like to see in a status page generation plugin? If you already use a service or have custom coded a solution to provide a status page for your project, please share it in the comments.

by Jeff Chandler at September 30, 2014 09:14 PM under status

Matt: Five for the Future

On Sunday at WordCamp Europe I got a question about how companies contribute back to WordPress, how they’re doing, and what companies should do more of.

First on the state of things: there are more companies genuinely and altruistically contributing to growing WordPress than ever before. In our ecosystem web hosts definitely make the most revenue and profits, and it’s been great to see them stepping up their game, but also the consultancies and agencies around WordPress have been pretty amazing about their people contributions, as demonstrated most recently by the fact the 4.0 and 4.1 release leads both hail from WP agencies (10up and Code for the People, respectively).

I think a good rule of thumb that will scale with the community as it continues to grow is that organizations that want to grow the WordPress pie (and not just their piece of it) should dedicate 5% of their people to working on something to do with core — be it development, documentation, security, support forums, theme reviews, training, testing, translation or whatever it might be that helps move WordPress mission forward.

Five percent doesn’t sound like much, but it adds up quickly. As of today Automattic is 277 people, which means we should have about 14 people contributing full-time. That’s a lot of people to not have on things that are more direct or obvious drivers of the business, and we’re not quite there today, but I’m working on it and hope Automattic can set a good example for this in the community. I think it’s just as hard for a 20-person organization to peel 1 person off.

It’s a big commitment, but I can’t think of a better long-term investment in the health of WordPress overall. I think it will look incredibly modest in hindsight. This ratio is probably the bare minimum for a sustainable ecosystem, avoiding the tragedy of the commons. I think the 5% rule is one that all open source projects and companies should follow, at least if they want to be vibrant a decade from now.

Further reading: There’s been a number of nice blog follow-ups. Post Status has a nice post on Contribution Culture. Ben Metcalf responded but I disagree with pretty much everything even though I’m glad he wrote it. Tony Perez wrote The Vision of Five and What it Means. Dries Buytaert, the founder of Drupal, pointed out his essay Scaling Open Source Communities which I think is really good.

by Matt Mullenweg at September 30, 2014 07:05 PM under WordPress

WPTavern: WordPress Beyond Boundaries: A Recap of WordCamp Europe 2014

WordCamp Europe 2014 - photo credit: Vladimir Kaladan PetkovWordCamp Europe 2014 – photo credit: Vladimir Kaladan Petkov

This weekend, 950 WordPress professionals and enthusiasts from all over the world descended upon Sofia, Bulgaria to participate in Europe’s largest WordCamp to date. WordCampers arrived excited to soak up new information and connect with others in the European community.

Sofia’s graffiti-lined streets are peppered with leftovers of communist architecture, contrasting the Neo-Bohemian culture that energizes the city. The event was held in the National Palace of Culture, a magnificent venue situated in the center of Bulgaria’s capital, designed nearly a decade before the fall of the Iron Curtain. Its halls are lined with murals and dark colors, which created an interesting backdrop for a conference devoted to a bright and growing free software community.

The warm hospitality of the organizers of WordCamp Europe lent an intimate atmosphere to what otherwise might have seemed like an impersonally large event. Attendees enjoyed a world class lineup of WordPress speakers and had the opportunity to try delicious local specialties during breaks and lunch.

Organizing WordCamp Europe 2014


WordCamp Europe is an event that requires many months of planning and an army of volunteers to make it happen. Local organizer Petya Raykovska helped to organize WordCamp Sofia’s 300 attendees last year, in addition to being part of the WCEU organizing team. She commented on how welcoming and helpful the Bulgarian community has been in hosting the event. “We have a bunch of local volunteers who have been amazing. Everybody wants to help,” she said. “But that is WordPress everywhere, not just in Bulgaria. People in WordPress share these same values in common.”

Out of the event’s 950 attendees, 240 were Bulgarian, with the vast majority of others from outside the country. WordCamp Europe is made up of an international team of organizers, strategically chosen to unite the different areas of the Europe. The location of the event changes every year and potential host cities have the opportunity to compete for the spot by submitting a proposal and demonstrating support from the local community, much like the Olympics. This year it was a close competition between Lisbon and Sofia.

“Any local community that has had a WordCamp before has the opportunity to bid,” explained Remkus de Vries, a leader in the Dutch WordPress community and one of the original organizers of WCEU. “They have to have experience and know how to manage everything.”

In its first year, WordCamp Europe was held in Leiden, located in Western Europe. “It’s not just who has the best story,” De Vries commented on the selection process. “We have an agenda, and the agenda is to unite Europe as best as we can and to have open source be the vehicle.

“We picked Sofia because we thought it would be good to have Eastern Europe be a part of it. We have a large WordPress community in Romania, Bulgaria, and a few neighboring countries like Serbia and Croatia,” he said. For them it’s relatively easy to come here and we wanted to have them here.”

No Boundaries: Uniting People Across Borders with WordPress

The European WordPress community has a checkered history of division. De Vries and fellow organizers founded the event in 2013, with the hopes of uniting different languages, nationalities, and cultures in a way that only WordPress can.

“Diversity,” is the one word answer De Vries gave when asked about the distinguishing characteristics of the community. “We’ve had a lot of issues with countries not liking each other in the last seven years, and that, in some regard, is somewhat always there,” he said. “ and I had the idea in 2009/2010 that we should have a European WordCamp, for the simple reason that when we went to the other EU WordCamps, we saw that there was the beginning of people looking outside their borders when it came to the WordPress community.”

De Vries highlighted a few of the differences that the EU community has to overcome. “If you just look at the way we write, from the Cyrillic alphabet to the Greek to the Latin ones, that’s a big difference,” he said. “Additionally, there are cultural differences between Eastern, Western, Northern and Southern Europe. Obviously you have stuff like that in America as well but this is truly different in a lot of senses. One of our goals was that the local communities would start looking outside of themselves. That’s exactly what happened.”

Prior to the first WordCamp Europe, many across the continent kept to their own small communities and didn’t often travel to connect with each other. De Vries shared an example of how things have changed:

I would say Germany is a beautiful example. Germany is a very close knit community, one of the strongest running and one of the oldest, other than the US. Earlier this year WordCamp Hamburg had many foreigners in attendance. That didn’t happen in Germany in the past. That’s the big difference. Now they’re looking outside.

Once everyone comes together around WordPress, differences disappear. “There’s a funny thing about the people who enjoy WordPress, in the raw sense of the word, is that they tend to be people who like each other in real life,” De Vries said. “Which is why I think WordCamps are such a huge success. I can’t speak that much for other open source communities but I do have a feeling that that’s something special about the WordPress community.”

WordCamp Europe is so well-supported that within two or three days, every single sponsor package was sold out, despite the fact that they weren’t featured very well in the previous year. Companies are still lining up to offer support, because they recognize the value of a unifying event like this in Europe.

Looking to the Future of WordCamp Europe

De Vries and many of the core organizing team are in it for the foreseeable future. He’s addicted to the high of connecting people who might not otherwise have the opportunity to connect with their peers. “Yes, it costs a lot of time. I have a busy company as well, but I just think it’s worth it,” he said.

Why does he continue to put so much time into WordPress? De Vries put it simply. “WordPress saved my life. It allowed me to come out of a very dark place to make money to provide for my family at a time when I was experiencing something very rough,” he said. He wouldn’t have been able to get there without the community surrounding the project.

“It is the way the software is structured and the way the community is structured around that,” he said. “It makes it very easy to jump in anytime. If you put in the hours and you want to learn and understand what it’s about and translate that into your work, I would say that WordPress is as good as a community can get. So for me, giving back is also part of that. ”

The first year WordCamp Europe sold 750 tickets. This year it reached 950, despite the fact that travel to Bulgaria is more difficult for some. With the exception of a few direct flights, most everyone else has two or three connecting flights to make it to Sofia. “To see that the attendance has actually risen, I think is a testament to what we’re doing here,” De Vries remarked.

When asked if they will expand the event’s attendance next year, he replied, “Maybe 1200 would be nice. I think if we pick a location that’s even more of a direct flight, attendance could go in that direction.”

But for De Vries, attendance is of less importance than the unifying power of the WordCamp. “Attendance is not the end goal. The goal is people of different countries and backgrounds realizing that, in this community, there are no boundaries.”

by Sarah Gooding at September 30, 2014 02:48 PM under WordCamp Europe

Matt: No Longer Use TimThumb

Ben Gillbanks, the co-author of TimThumb, says I No Longer Use TimThumb — Here’s What I do Instead.

by Matt Mullenweg at September 30, 2014 06:24 AM under Asides

September 29, 2014

WPTavern: GoDaddy and Media Temple Engage in Strategic Partnership With WP101

WP101 LogoCustomers who host sites with GoDaddy or Media Temple will see a new WordPress resource in their control panel. Thanks to a strategic partnership with WP101, GoDaddy and Media Temple customers can watch a 20-part WordPress 101 video tutorial series, directly within the WordPress dashboard.

I reached out to WP101 founder, Shawn Hesketh, to learn more about the partnership and what his thoughts are on the state of WordPress training. He also shares the valuable lessons he learned during the process. Near the end of the interview, he provides a list of resources for those interested in learning WordPress.

Interview With WP101 Founder, Shawn Hesketh

Jeff – How difficult has been for you to keep up with WordPress development through your training videos?

To be perfectly honest with you, I was a bit nervous when I first heard Matt Mullenweg outline a strategy for increasingly rapid releases, eventually leading to constant background updates to WordPress at some point in the near future. But so far, it’s been fairly manageable, as we’ve only seen an additional one or two revision cycles in a given year.

I’ve given a great deal of thought to how we might continue to keep the WordPress 101 tutorial series up-to-date should WordPress move to more transparent and automatic updates. But for the time being, we should be able to continue updating and re-recording our videos with each major release.

I continually monitor the WordPress development blog, Trac, and the IRC channel, which helps me stay abreast of coming changes and prepare ahead of time as much as possible. Without access to those invaluable resources, it would be quite a challenge.

Jeff – As WordPress continues to grow, WordPress Training continues to be a business in high demand. How have you differentiated yourself from the other trainers/coaches out there?

CMS MarketShare reportMarketshare via OpensourceCMS.com 9/29/2014

It certainly helps that WP101 was one of the first WordPress video tutorial series to be launched, way back in 2008, at a time when almost no one was providing high-quality WordPress tutorial videos. Since then, we’ve certainly seen a number of other sites emerge to address the growing need for WordPress education, not only for beginners, but also intermediate and advanced users.

Still, the feedback I receive almost daily is that the WP101 videos are some of the best-produced, easy-to-follow video tutorials for beginners. I’ve spoken about this in the past, but I maintain that fanatical attention to detail and careful craftsmanship can still help differentiate you from competitors, no matter what product or service you provide.

Finally, I don’t create my tutorials in a vacuum. Rather than simply producing what I think will work best, I’m constantly listening to input and feedback from our audience, developers, and beginners alike revising the WP101 series, improving it with each release. I think it’s this commitment to building meaningful, long-term relationships and serving our audience that continues to set WP101 apart.

Jeff – What challenges did you face in making this strategic partnership a reality?

WP101 PartnershipImage Courtesy of WP101

The partnership with GoDaddy and Media Temple is a great example of the importance of long-term relationship building. We spent the first several weeks in conversations about the challenges they faced with regard to on-boarding new WordPress users. It was only after I had a clear understanding of their challenges that we began to explore the best way to put the WP101 videos to work for their customers.

Although it may appear on the surface to be a relatively simple solution, it was actually the product of several months of hard work, both in terms of developing the custom software required and arriving at a pricing model that worked for both parties.

To be honest, I didn’t expect the process to take several months to fully materialize, but this was never about a quick win. From the beginning, we were all working toward the best solution, not just for our two companies, but ultimately for their customers.

Jeff – Did you learn any lessons that others can use when trying to partner with large, well-established brands and or companies?

Have patience. Don’t underestimate the amount of time you (or your legal team) will spend carefully crafting an agreement that is truly a win/win.

It’s true that the best agreements are those in which both parties feel that they came out ahead. But as with anything of lasting value, it takes time. Time spent in conversations that results in a clear understanding of the desired outcome. Time spent carefully crafting a custom solution, rather than simply applying a quick fix. And throughout the entire process, keeping an eye firmly fixed on the end goal, which is ultimately to better serve the customer.

Communicate clearly. When there are large teams of people involved, it’s easy to get lines crossed. I’m a big fan of UIHD (Unless I Hear Differently). It helps everyone involved stay crystal clear on roles and timeframes, who’s doing what, and when. It helps eliminate downtime due to unnecessary communication cycles. Keep emails simple, limited to just one question at a time, and close every communication with, “Unless I hear differently…

Finally, don’t underestimate the importance of finding a great attorney, which also takes time. I’ve worked with general business attorneys in the past, but it’s another matter altogether to find an attorney who understands the intricacies of licensing intellectual property for online distribution. I went through several recommendations before finally finding a local attorney who had the understanding and expertise to craft the agreement we needed.

Jeff – Last but not least, when you take a step back and look at the big picture, what do you see in terms of the WordPress training landscape?

Landscape WordPress Training Horizonphoto credit: Kristofer Williamscc

It’s an exciting time to be a WordPress educator. The increasing popularity of WordPress means there is also a growing demand for WordPress training. There have never been more educational resources available for nearly every level of expertise.

From written tutorials and code snippets on individual blogs to personalized, one-on-one coaching, there is a wide variety of training available for just about every learning style. The WordPress community is filled with knowledgeable, friendly people who are willing to share their knowledge with others.

But with so many resources out there, it can also be challenging, particularly for beginners, to separate the good from the bad. How do you know whether a tutorial is accurate, reliable, or up-to-date?

With powerful tools like ScreenFlow and Camtasia, it’s never been easier to create screencast tutorials. But it’s increasingly difficult to ensure they’re continually up to date with each new release of WordPress.

In the six years since I launched WP101, I’ve updated and re-recorded my WordPress 101 series 12 times. During that same period of time, I’ve seen several tutorial sites come and go. Their content becomes out-of-date after just one or two release cycles. As I mentioned earlier, it’s only going to become more challenging as WordPress continues to release updates more rapidly.

So, it’s hard work, and quite tedious at times, but for those of us who truly enjoy the reward of teaching others how to use WordPress, it’s also a labor of love. But one of the things that excites me the most is the spirit of “co-opetition” that exists in the WordPress community.

Resources Hesketh Recommends for Learning WordPress

Some people learn best by reading. So I often recommend the excellent books by Stephanie LearyLisa Sabin-Wilson, or Brad Williams and team.

Others learn best through one-on-one training, so I send them to BobWP.

There’s the ever-growing library of web design webinars by my friends at iThemes.

I’m excited about the possibilities of SIDEKICK for helping developers to create custom interactive walkthroughs.

Nobody has a larger library of written tutorials than WPBeginner.

Of course, there are plugins like Video User Manuals, or our own WP101 Plugin that enable developers to provide WordPress tutorials directly in their clients’ dashboard.

To say nothing of learning sites like Lynda.com or Treehouse.

With our new partnership with GoDaddy and Media Temple, we’re starting to provide valuable WordPress training right where customers need it most, in their own WordPress dashboard.

Not a day goes by that I don’t recommend one or more of these excellent learning resources if I feel they might be the best fit for someone and many, if not all, of these folks do the same for WP101. This creates an environment in which everyone wins. Most importantly the individuals who just want to learn how to use WordPress to build a gorgeous blog or compelling business site.

In a perfect world, WordPress would be so intuitive where no training or manual would be required. Until then, we’ll be there to help fill in the gaps, answer questions, and help folks learn how to use WordPress as quickly as possible.

A Win-Win Situation

As the WordPress training scene becomes increasingly crowded, it’s becoming more difficult to differentiate between all of the resources available. Partnering with a webhosting company is an excellent way for WordPress training materials to be seen by thousands of customers who might not otherwise be aware of their existence.

The material also provides an opportunity to lessen the support burden. As customers learn the basics of WordPress, the support team can dedicate more resources towards difficult support queries.

If you’re a GoDaddy or Media Temple customer, let us know what you think of the videos in the comments.

by Jeff Chandler at September 29, 2014 09:31 PM under wp101

WPTavern: Ben Gillbanks Announces The End of TimThumb

TimThumb Ends Development photo credit: katybirdcc

The once popular image resizing script known as TimThumb is no longer supported according to co-creator, Ben Gillbanks. In 2011, TimThumb made headlines when a major security vulnerability was discovered and used to hack into several websites.

The exploit that was found was a bug with the external image resize functionality and the fact it could be used to download and execute files. There was code in place that restricted the downloads to a whitelist of clean sites, but it wasn’t strict enough and so a hole was found that could inject php onto your server.

In 2009, Gillbanks estimated that 95% of commercial WordPress themes supported TimThumb. Several major commercial theme companies such as WooThemes, used the script in most of its products. This set the stage for thousands of sites to be affected by the vulnerability.

The outcome of the event has weighed heavily on Gillbanks and is one of the primary reasons he’s giving up development.

In particular in 2010 there was a major security exploit found and it hurt a lot of websites, my own included. There are still people who are suffering because of it. I’ve felt incredibly guilty about this for years now, and so my enthusiasm for TimThumb has dropped to nothing.

Because of this lack of enthusiasm, and a fear of doing something else wrong, I have barely touched the code in years.

If you’re using TimThumb, Gillbanks recommends removing it and using something else. An excellent alternative is the WordPress TimThumb Alternative on Github. Created by Matthew Ruddy, the function uses WordPress’ native resizing functions to mimic TimThumb resizing.

Timeline of Notable Events

The following is a timeline of notable events surrounding TimThumb. Feel free to add more in the comments.

  • March 27th, 2008 – TimThumb added to Google Code
  • July 6th, 2009 – Ben Gillbanks takes over development of the script
  • August 1st, 2011 – Mark Mauder reports a major vulnerability in TimThumb and releases WordThumb, a fork of TimThumb with the necessary patched files. The patches are merged into TimThumb during the development of 2.0
  • August 8th, 2011 – Matt Mullenweg chimes in on the TimThumb saga
  • August 11th, 2011 – TimThumb 2.0 Released
  • June 24th, 2014 – Zero-Day vulnerability discovered in TimThumb script dealing with Webshots
  • September 27th, 2014 – Ben Gillbanks announces that he will no longer support or maintain TimThumb

With the development of TimThumb being discontinued, it’s the end of an era for WordPress theme development. Are you happy or sad to see it go? Since TimThumb has an open source license, will developers pick up where Gillbanks left off?

by Jeff Chandler at September 29, 2014 07:19 PM under timthumb

Matt: Hemingway on Writing

I believe that basically you write for two people; yourself to try to make it absolutely perfect; or if not that then wonderful. Then you write for who you love whether she can read or write or not and whether she is alive or dead.

— Ernest Hemingway to Arthur Mizener, 1950 Selected Letters, p. 694.

I got it from Hemingway on Writing which is a short and pleasant read I’m going through right now. It turns out Hemingway was 64 years ahead of me in his advice about who to write for.

by Matt Mullenweg at September 29, 2014 01:46 PM under Asides

Lorelle on WP: Research on the WordPress, Web Development, and Web Design Job Market

In 2012 and 2013, I did extensive research for the grant program to develop and rewrite the Web Developer degree program at Clark College. This research included an analysis of current and future job opportunities for students graduating with that degree with a solid understanding of WordPress. Now that the program has completed its first […]

by Lorelle VanFossen at September 29, 2014 11:35 AM under wordpress training

September 28, 2014

WPTavern: Meet John Blackbourn, WordPress 4.1 Release Lead

John Blackbourn speaking at WordCamp London 2013 - WordPress.tvJohn Blackbourn speaking at WordCamp London 2013 – WordPress.tv

Nine years ago, John Blackbourn was stocking shelves at a supermarket 40 hours per week and returning home to do another 20 hours of freelance work on the side. His journey with WordPress started much like many others, when his first patch was accepted seven years ago. This past weekend at WordCamp Europe, Blackbourn was named WordPress 4.1 release lead.

“I’m sure my first contribution was because I found a bug that annoyed me, so I thought I’ll patch that up and get it in there,” he said. Submitting bug reports led him to learn about Subversion, patching files, and the trac ticket manager. “That’s actually a great way for people to get into version control – when someone turns around and says ‘Write a patch for it,’ and you have to go off and figure out how to do it.”

It started off as a hobby, Blackbourn said, “building my own websites and playing around a bit.” After awhile his freelance work started to take off. “Then I was lucky enough to be able to drop my hours down to part time while I ramped up my freelance work,” he said. A couple years later, he got a job at Code For The People, a WordPress development agency and WordPress.com VIP partner.

Code for the People is made up of a flock of regular contributors to WordPress core, with founders who are passionately committed to giving back to open source software. When Blackbourn was put forward to lead the 4.1 release, his agency was behind him 110%.

“I had previously talked to Andrew Nacin about leading 3.9 and 4.0 and he’d already spoken to my bosses at Code For The People. They said, ‘Yeah go for it – we’ll give you time off work, adequate resources, and time to lead it.'”

Simon Wheatley, one of the founders of CFTP, spoke at WordCamp Europe about running an open source business, during which his co-founder, Simon Dickson, commented on donating Blackbourn’s time to core. “CFTP is a small team. Contributing John Blackbourn to WP Core won’t make our lives easy. But it’s important to us. We’ll find a way,” he said.

What’s on the horizon for WordPress 4.1?

This will be the first time that Blackbourn has led a release, although he has been a core committer for both 3.9 and 4.0. WordPress 4.1 will be a short release cycle, with less than three months, due around December 12th. He shared a few ideas with us about where he thinks 4.1 will be heading.

We’re going to try to reign in expectations for the release so we’re going to get a few nice things to do with session management and password security, etc. If we keep the potential features reigned in a bit, then hopefully we won’t be needing to take weeks off work. I expect to be doing a couple days a week that I would normally be working.

Blackbourn hopes to further extend the improvements to sessions that were made in the previous release. “The new thing in WP 4.0 is the sessions – when you log in, you actually get assigned a session now, so you can forcibly log one of your sessions out,” he explained. “So if I’m logged in on my laptop and my phone I can kick myself out of one or the other.” This now exists in WordPress on an API level and Blackbourn is hopeful that 4.1 will add a UI for it.

He has extensive experience working with multisite on a daily basis at CFTP. “We haven’t got many clients who don’t use multisite these days,” he said. When asked if there are any multisite improvements planned for 4.1, he said that there may not be much time to make significant strides on the roadmap. However, he’s optimistic about including improvements related to multisite password resets.

Since it’s his first time to lead a release, Blackbourn plans to meet with several past release leads in attendance at WordCamp Europe in order to get an overview of how it’s done. He’s one of the most humble, talented people I had the privilege of meeting at the event. Query Monitor, his comprehensive WordPress debugging plugin, is truly a work of art, and many developers can no longer live without it. Blackbourn is a benefit to the project and an excellent example of a WordPress professional who has become a high-end expert by sharpening his skills through contribution to core.

by Sarah Gooding at September 28, 2014 10:18 PM under wordpress 4.1

Matt: 4.0 Recap

If you want to see some of the thought and care that went into the WordPress 4.0 release, check out Scott Taylor’s peek under the hood and Helen Hou-Sandi’s reveal of a 4.0 Easter egg.

by Matt Mullenweg at September 28, 2014 05:10 AM under Asides

September 27, 2014

Matt: Sedaris on Fitbit

David Sedaris in the New Yorker on how his Fitbit took over his life.. Hat tip: Jeremey Duvall.

by Matt Mullenweg at September 27, 2014 12:03 PM under Asides

WPTavern: WPWeekly Episode 163 – Interview With Andrea Middleton of WordCamp Central

In this episode, Marcus Couch and I are joined by Andrea Middleton who manages WordCamp Central. She tells us what it means to be a “dot organizer” within Automattic and what her day to day duties are managing WordCamp Central. We discuss whether the WordCamp Guidelines allow for differentiation between WordCamps. Middleton explains the various initiatives in place to help first-time organizers with planning their event. Last but not least, we talk about the importance of sponsorships and how they’ve enabled WordCamps to be affordable to the general public.

WordCamp Resource Material:

Stories Discussed:

BuddyPress 2.1 Patsy Released
iThemes Suffers Security Breach, Customers Urged To Reset Passwords
Netropolitan “Facebook for Rich People” is Powered by WordPress and BuddyPress

Plugins Picked By Marcus:

Admin Branding – Completely brand the admin dashboard and login screen through easy and straight forward controls. You can do advanced customizations and branding by adding your own CSS and JavaScript. Fits both regular users and developers.

CoursePress – CoursePress turns WordPress into a powerful online learning platform. Set up online courses by creating learning units with quiz elements, video, audio etc. You can also assess student work, sell your courses and much more.

Widget Menuizer – Widget Menuizer makes it possible to embed sidebars within your site’s menus. Anything you can do with a widget can now be done inside your menus. This makes the menu system much more powerful, as it allows for easy creation of sophisticated “mega dropdowns” and other menu fanciness without completely overhauling the menu management system into something unfamiliar.

WPWeekly Meta:

Next Episode: Wednesday, October 1st 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #163:

by Jeff Chandler at September 27, 2014 01:39 AM under wordcamps

September 26, 2014

WPTavern: Reader Poll: What Are Your Favorite Features In WordPress 4.0?

Since the release of WordPress 4.0, users have had nearly a month to get used to its new features. It’s time to find out which ones are your favorite. My favorite features are the sticky toolbar, oEmbed previews in the visual editor, and the overall improvements to the writing experience. I’ve found the sticky toolbar is especially useful on smaller screens.

If you select not listed, please use the comments to tell us what it is.

Note: There is a poll embedded within this post, please visit the site to participate in this post's poll.

WordPress 4.1 Development to Kickoff on Monday

As we get used to the improvements in 4.0, development on WordPress 4.1 is about to get underway. The first meeting to discuss WordPress 4.1 will be on Monday, September 29, at 1400 UTC. Also note that the Wednesday meeting (October 1) is still on for 2000 UTC as well. Since time zones can be difficult to figure out, Andrew Nacin provided further clarification on the exact time.

  • 10am U.S. Eastern (GMT-4), 7am U.S. Pacific (GMT-7).
  • This is midnight Tuesday for the East Coast of Australia (GMT+10).
  • If you’re at WordCamp Europe’s contributor day (GMT+3), this will be 5pm.

The meeting takes place on IRC in the #wordpress-dev channel. If you don’t have access to an IRC client, you can use a web-based client at webchat.freenode.net. If there is a particular feature you’d like to see in 4.1 or have a plugin you’d like to see merged into core, say so in the meeting or within the comment section of the announcement.

by Jeff Chandler at September 26, 2014 09:56 PM under wordpress 4.0

WPTavern: WordPress.com Publishes First Ever Video Ad Entitled “Welcome Home”

WordPress.com released a new video on its YouTube account entitled Welcome Home. In the 15 second video, featuring music from Childish Gambino, photos are taken with a iPhone in various locations. Near the end of the video, the WordPress app is opened displaying a post with one of the images captured by the phone. The central theme of the video is to create your home on the web at WordPress.com.

My initial reaction to the video is that it puts too much emphasis on photos. It makes it seem like the WordPress app is only capable of sharing photos similar to Flickr or Instagram. A home on the web has more than just photos, something that doesn’t come across in the 15 second message.

Something else I find odd is the choice to highlight the app versus WordPress.com. There’s no mention or video of the WordPress.com user interface or other aspects of the site. As WordPress.com likes to do, this video is likely an experiment but in my opinion, fails to deliver on their central message. It’s aimed at too narrow of an audience and doesn’t adequately show off what WordPress.com is truly capable of. Granted, we’re talking about 15 seconds of video which is why I’d like see what the team creates if given one minute to get the point across.

Just for the sake of comparison, watch this SquareSpace ad. It’s a minute long, more to the point, and delivers on the message of creating a home on the web or in this case, creating your own space. The ad also does a good job of showing how the service can be used on various devices. When I watch this ad, I feel like people from all walks of life are able to easily create a site through SquareSpace.

Jon Burke Provides Context For The Video

In an effort not to cloud my judgement and reaction to the video, I reached out to Jon Burke, who works for Automattic, after publishing this post and received more information concerning the video.

Is the video actually a commercial or more or less an experiment?

WordPress.com has a freemium model and we run house ads. We have been running this video as a promotion on free sites. This video is part of a series. This video focuses on the utility of photos and the mobile apps. Other videos we are producing will focus on other aspects of WordPress.com.

The video is brief for a couple of reasons. We don’t want to interrupt the site viewers’ experience for too long and we wanted it to be viewable by our visitors where English is not the primary language.

So it is a commercial, but we are also experimenting with different videos about WordPress.com to see how we can best get our message out in a way that is organic with the culture of Automattic and the WordPress community.

Is it aimed towards raising awareness of the WordPress mobile app or WordPress.com?

This video is focused on our mobile apps. The comparison to the SquareSpace video is a fair one but our ambition is to get our message across better in a dozen videos rather than in a single, longer video. We create a lot of products and have a number of services and don’t think we can cover it all well in a single short video.

Now It Makes Sense

The explanation provided by Burke provides the missing context surrounding the video. The video now makes perfect sense in that it’s part of a series with plans to produce more like it focusing on other areas of WordPress.com. This information completely changes my tune. Instead of failing to deliver the message, it’s on point.

by Jeff Chandler at September 26, 2014 08:02 PM under wordpress.com

WPTavern: Ryan Hellyer’s AWS Nightmare: Leaked Access Keys Result in a $6,000 Bill Overnight

WordPress developer Ryan Hellyer had always wanted to open source his website. As a strong supporter of open source software and an avid plugin developer, he enjoys sharing his code and learning from others. This desire led him to put his site up on GitHub one evening, not knowing that he would wake to find himself in a security nightmare due to a simple oversight.

Open sourcing a website is not such an uncommon practice, as it brings with it a number of benefits. Hellyer shared his story with the Tavern and identified the main reasons wanted to make his site’s code public on GitHub:

  1. It allows people to see what plugins and themes I use
  2. It makes it super easy to get help with my website, since people can see the code
  3. It encourages me to use best practices across my entire website, not just the bits I post for download (custom plugins, themes etc.)
  4. It is a handy way to sync the files between locations

“I was aware that keeping my wp-config.php file off of GitHub was critical,” Hellyer said.

“Leaving that open for download would also make my database credentials, security salts etc. known to attackers. To mitigate this, I simply moved it one folder down (it still works even when it’s not in the root of your site). As a double protection, I also used the .gitignore file to forcibly prevent Git from pushing it to the repository.”

Satisfied that his website was totally backed up and thinking that he had taken all the necessary security precautions, Hellyer pushed all the contents of his site (with the exception of the uploads directory) to a new GitHub repository. Pleased with his efforts, he dozed off to sleep.

An Urgent Message Arrives from Amazon

Not four hours later, Hellyer received an urgent message from Amazon, though he didn’t have the chance to read it until later in the morning.

“I awoke fresh the next morning, began work for the day, then decided to check my personal email account and saw the email I had received overnight,” he said. “The email was marked URGENT.”

Hellyer initially thought it was spam but went with his instinct and opened it anyway, as it appeared to be fairly legitimate. Amazon emailed to notify him that his account may have been compromised.

“I immediately went to check my AWS billing page, but thankfully it was only at US$17 for the month so far, which was about my normal usage,” he said, noting that he uses AWS (Amazon Web Services) for backing up to Amazon S3 and for providing a CDN service to his website (via Amazon Cloudfront).

The email specifically asked him to check his EC2 instances, which Hellyer found to be odd, since he doesn’t even use Amazon EC2.

“I checked anyway, and surprisingly, here were 80+ servers running. I thought ‘OHHH CRAP!’

“So I shut them all down. Problem solved I thought, and since my bill was still looking normal I figured it wasn’t a problem.”

Ten minutes later Hellyer discovers another 80+ servers running at a different location on EC2. Digging deeper, he found five more locations, all with 80+ servers running. After fully auditing his account, he found more sections of “reserved instances” with even more servers running.

“In total, there seemed to be around 600 servers running. The time between realizing all this and uploading my Git repository was approximately 12 hours.”

Digging Out of a Hole

photo credit: Code & Martini by Ivana Vasilj - cc licensephoto credit: Code & Martini by Ivana Vasilj – cc license

Hellyer went into damage control mode, scrambling to find the source of the problem.

“My immediate thought was ‘YOU IDIOT! You didn’t remove the wp-config.php file which contains AWS access keys!’ he said. “But I went to check the repository, and it was not there. It turned out though, that there was another file called ‘wp-config.php.save,’ which DID contain my AWS access keys.”

That file also contained his database password and security salts, but so far he hasn’t found any indication that the site was compromised by those. Hellyer immediately changed the password and swapped out the config keys.

“But those horrid little AWS access keys were sitting on the repository in view of everyone. I immediately deleted the entire repository from GitHub.”

Unfortunately, it took him two hours to delete all of the Amazon EC2 instances created by the exploited keys. “The evil little blighters had cranked up the security protection and actually made it very awkward to shut them all down,” he explained. “I wasn’t able to just terminate them and in fact had to go through one by one and manually turn off termination protection, then stop them, then terminate them. Then I had to go through and delete many volumes which had been setup (I think this is the EC2 equivalent of a drive).”

Hellyer is Slapped with a $6,000 Bill for Unauthorized Usage

AWS bills don’t update in real time, and Hellyer’s bill still read $17 USD. After contacting support to find out the damage, he saw his bill jump from $17 to $3,087.97. AWS was helpful throughout the process and give him a list of tasks to complete, including deleting some hidden EC2 instances which had not previously been visible in the console.

“After doing all of this, I went to take a snapshot of the billing statement to show everyone my lovely US$3,087.97 bill, only to find it had shot up to US$5994.08 in the meantime,” he said.


Amazon followed up with the following note:

We’ve submitted a concession request for the unauthorized usage charges you incurred for the current month. The concession request requires approval from levels of management therefore the process can take up to 7 – 10 working days to complete.

He’s hoping that the leaked keys will not result in him having to cough up $6K for unauthorized use, but he hasn’t yet received confirmation that he won’t be held responsible.

Why were his AWS Credentials in his wp-config file?

If you’ve been following along with this nightmare situation, you may be wondering why Hellyer was storing his AWS credentials in wp-config.php. This was required for the Photocopy plugin he released a few years ago. There are many other plugins that utilize this same method. Although the plugin didn’t seem to have any security flaws, he decided to remove it from the site and discontinue development due to the unpleasant experience of having his keys leaked. “The only other option is store it in the database, but I think that’s actually worse as you would run into exactly the same problem if your database were leaked,” Hellyer said.

Keep Your Keys Safe and Private

This cautionary tale should serve as a reminder to keep your keys safe and private. Hellyer unknowingly sabotaged himself when trying to open source the code for his site and learned an expensive lesson:

“Not only should you be extremely careful with your usernames, passwords, plugin and theme security etc., but you need to be even more careful about credentials for services which cost money,” he advised.

“I’d rather see my blog(s) hacked than to have this happen again. Hacked sites can be easily fixed. Deleted data can be restored. A $6000 bill however is something else entirely,” Hellyer said. He also noted that if the exploit had just been a few extra dollars here and there, it could have quietly leached his account indefinitely without him noticing. As it was, if Amazon hadn’t issued him an urgent notice, he probably wouldn’t have noticed until he received a $100,000 bill at the end of the month.

The lesson here is that if you can avoid having to store AWS credentials in wp-config.php, by all means, find another way. What started out as a well-meaning effort to open source his site, quickly became a horrible nightmare that has yet to reach a conclusion. There are people out there ready and willing to exploit stolen or leaked AWS keys, and they clearly have a sophisticated way of scouring the web to find them.

Hellyer sums it up: “Long story short … don’t do stupid stuff with publicly accessible code. Also, don’t store your AWS credentials unless you absolutely have to.”

by Sarah Gooding at September 26, 2014 04:38 PM under security

Matt: Faith in Eventually

During the development of most any product, there are always times when things aren’t quite right. Times when you feel like you may be going backwards a bit. Times where it’s almost there, but you can’t yet figure out why it isn’t. Times when you hate the thing today that you loved yesterday. Times when what you had in your head isn’t quite what you’re seeing in front of you. Yet. That’s when you need to have faith.

Jason Fried writes Faith in eventually. Good to share with anyone who’s been working on something for a while.

by Matt Mullenweg at September 26, 2014 04:10 PM under Asides

WordPress.tv Blog: Leveling-up with WordPress: Great videos for developers

WordCamps are a great place to jump-start your education in the world of WordPress development, or build upon yours current skills to make even greater plugins and themes. Here are some recent videos from WordCamp Asheville and WordCamp Vancouver focused on how you can polish your development skills

Introduction to WordPress Plugin Development

Jonathan Daggerhart gives a basic introduction to the creation of a new plugin, including using the Codex, actions, filters, shortcodes, custom settings, and some best practices. An existing understanding of some PHP is required to get the most value from this presentation.

View on WordPress.tv

How To Build A Custom Widget

Widgets are a great way to deliver added content or functionality to a WordPress site. In this presentation, Mel Karlik shows you how to create a simple custom widget then see how you can distribute theme with a theme or as a stand-alone plugin.

View on WordPress.tv

Advanced Custom Fields – Beyond the basics

This presentation by Merrill Mayer covers the use of advanced custom fields in non-blog oriented websites, focusing on using them in custom post types as well as demonstrating custom queries along with custom prev/next posts.

View on WordPress.tv

Jonathan Daggerhart: Introduction to WordPress Plugin Development
Mel Karlik: How To Build A Custom Widget
Merrill Mayer: Advanced Custom Fields – Beyond the basics

by Jerry Bates at September 26, 2014 12:12 AM under Announcement

September 25, 2014

Lorelle on WP: What Does WordPress, iThemes, Goodwill, Home Depot, and Target Have in Common? Your Identity and Security.

We received a new credit card in the mail today to replace our old one AGAIN. An “unsuccessful attempt” to access our secure security data happened and this is a precaution the bank is taking to protect us. I have no other information so I’m left wondering. Yesterday I received an email supposedly from Home […]

by Lorelle VanFossen at September 25, 2014 09:57 PM under wordpress security

Matt: Circa 3

Circa is how I get news on my phone every day, and they’ve just redesigned with some slick new features. They’re an Audrey company, too.

by Matt Mullenweg at September 25, 2014 08:49 PM under Asides

Post Status: The anatomy of a security breach, and how to do good in a bad situation


On Tuesday, iThemes posted an announcement that they had suffered from a security breach of their website and servers. The attackers had reached the servers which stored customer information, including email addresses, IP addresses, full names, and yes, passwords.

iThemes was quick to notify customers via their blog, social media, and their full customer email list about the breach. Approximately 60,000 users were affected. They warned that passwords were vulnerable. In the second update, posted today, they gave more information about passwords, in response to many questions from users.

It turns out that passwords were stored in plaintext on iThemes’ server. That is, obviously, very bad practice.

Why Would You Store Passwords in Plain Text?

This is how the membership software we started using in 2009 did it. There are a number of factors for this, none that will make much of a difference at this point or make anyone feel any better about it, myself included.

Know that it’s not because we did not value your data. As an organization, we have been working on a very large migration process that has required us to interlink legacy systems with the latest technologies. Anyone that has ever gone through that process understands the complexities and challenges.

Frankly put, it’s been something we identified as a potential risk and are working rapidly now to rectify this issue as fast as humanly possible.

It’s also worth noting that their customer database and iThemes.com users were affected, but customers that use their Sync product to manage their own websites were not. So if you use iThemes Sync, and utilized your site passwords to connect, those accounts and passwords were not part of this breach.

aMember and legacy membership platforms

The membership platform that Cory highlights in the update is aMember, a membership management system that’s been around for many years. aMember only introduced encrypted passwords in version 4, which was released in November of 2011.

I discussed aMember and plaintext passwords with some other folks that have a significant history with the membership platform, and there are some significant problems that anyone using aMember have experienced.

First, most folks heavily using aMember aren’t using it out of the box. At the time, most membership sites were doing significant customizations to aMember to achieve desired functionality. So when the v.4 update came out, it was a very difficult update procedure for people to take advantage of the features.

iThemes would even tell you that their current version of membership software doesn’t look much like aMember at all.

iThemes is also not the first to be hacked and their aMember passwords leaked. Tuts+ Premium had the same issue in 2012.

I discussed aMember at length with Pippin Williamson. He has done a lot of work on his brother’s membership site, CGCookie, which also used aMember until 2012, when he did a huge migration of tens of thousands of members to a new platform.

At the time, Pippin notes that aMember did not disclose passwords were stored in plaintext, so CGCookie had no idea that their users were vulnerable until they learned of the Tuts+ hack, wherein they put a planned migration “into hyperdrive.”

The problem with iThemes’ situation is that they knew of the plaintext passwords and didn’t address the obvious security vulnerability.

All in all, the migration for CGCookie took months to perfect and significant juggling of priorities by their team.

Ticking time bomb

Speaking with Pippin, migrating from aMember was not an easy task. Paypal’s IPN handlers (a payment notification system) were tightly linked to aMember and preventing customer accounts from being disconnected from the membership site took weeks of engineering. Additionally, simply upgrading to the newer versions was also terrible.

Many other WordPress companies have used aMember in the past as well, storing plaintext passwords just like iThemes today.

So, aMember has definitely been a problem before now, but iThemes has absolutely slacked in their prioritization of the issue. Simply put, it’s inexcusable to put users into long term risk if you know their passwords are stored in plaintext.

That said, we should consider the potential consequences — though it doesn’t make it excusable. Because iThemes doesn’t store credit card details, emails and names and passwords are about the worst things at risk. Still, a tiny percentage of the general population uses responsible passwords, so getting a list of names and emails and passwords is a treasure trove of information for third party (as in other websites like banks and email providers) to steal identities and break directly into user accounts.

This should also be a significant lesson for any user to always use different passwords for every website where you keep an account. Tools like LastPass and 1Password make account password management easy. Additionally, learn about 2-factor authentication and use it whenever the service enables it.

Owning mistakes

This is clearly a horrible situation for iThemes to be in. Users have a right to be mad. In 2014 we should be able to expect that our passwords are encrypted, and that even if a server where our information is stored is hacked, that certain valuable details like credit cards or passwords are not exposed. Thankfully, iThemes doesn’t store credit card details, but those passwords should now be assumed stolen, and users have to pay that price.

But where I have enormous respect for iThemes is how they have owned it. Especially in the update post, Cory Miller — iThemes’ founder and CEO — took ownership of the issue and told the full story of the breach.

I realize this will generate a lot of concern. Again, I am deeply sorry for this mistake and how it has affected you.

Let me say: we have made mistakes in the past at iThemes … and as humans will make mistakes in the future. To make a promise otherwise would be absurd and misleading.

But my promise to you, our customers, is this … and it’s the same promise that I’ve held to since January 2008 when I started iThemes in my home:

  1. We will identify mistakes as best we can. You have helped us with this and appreciate that accountability.
  2. We will own up to our mistakes. Again, we’ve done this in the past, we did this yesterday and this post is another example of us living this value.
  3. We will fix the mistake as fast as humanly possible. A number of priority issues have been unearthed, shone a hard light on, but we are working to resolve them.
  4. We will learn and grow from it and be better for it and for you.

Additionally, as the founder and CEO, the leader of this company, I want you to know: the buck stops with me and me alone.

At the end of the day, I am responsible for our company, iThemes, and the work we do. I’ve often tried to defer credit for the great work we’ve done to our team, but as for the mistakes we make, that credit belongs solely to me.

Not every company that’s been breached can say the same. Even huge organizations (I’m thinking of Home Depot as the latest) have done a horrible job at responsible and honest disclosure to their customers.

iThemes could have made this much more quiet and kept it from being a priority to their users or a big deal in WordPress news-land. But they didn’t. They owned it, they apologized, and they’ve been rewarded for that.

In the comments of the security update post, users were appalled by the lack of responsibility on the security priorities, but the honesty paid off in the sense that users were verbally thankful for it so that they could accept the problem and deal with it, when the alternative was to be in the dark.

While this breach has cost iThemes some credibility, and some trust, I believe those things are recoverable. Had they obfuscated the hack itself, my post and users reactions (had they found out) would be very different.

What iThemes is doing now

iThemes has learned a hard lesson this week, as many other companies have before them. Now they must react, and react strongly. In a situation like this, nothing should take priority over getting this issue fixed.

Until they get their password storage issue fixed, they still are storing passwords in plaintext, even the new ones. Thankfully they’ve already updated password restrictions — which previously limited passwords to 20 characters — to now accept up to 255 characters. But storing them in plaintext means that they are still as vulnerable today as they were last week if someone gets into the server again. So they must be absolutely vigilant to protect their servers through this migration.

What we can all learn

Security is not a sexy industry. Too often we don’t consider it until it’s a problem. “Going on offense” should be our default when we consider security actions, but more often — even with some of the best companies and people in the tech space — we react to issues and aren’t appropriately proactive.

That said, our job is not done either. All of us should consider our own security situation and how we can improve it. Especially if you have users of your own (and many of my readers do), consider that state of your own security, and make sure it’s a priority in your business.

When we think about what pays the bills, it’s not security awareness and proactive security investments. But we should consider security breaches and vulnerabilities as risks that must be managed; meaning investment into security priorities should be a significant part of any business.

iThemes, Envato, and WooThemes are all “big” businesses from a WordPress business perspective. Each of them has fought a website security battle. Envato and WooThemes before iThemes have recovered and maintained their users and the community’s trust. I think iThemes will too. But before you, or me, decide “it won’t happen to us”, consider that it can happen to anyone, and our investments into security measures and best practices are not only worthwhile, but the only responsible thing to do.

And for users, use different passwords on every site. Use LastPass or 1Password. Enable 2-factor authentication. Be vigilant. Do not use the excuse that it’s too hard or a burden. What’s much more of a burden is dealing with a hacked email or bank account. Protect yourself and learn how to protect your accounts. It’s easy to adjust to and modern tools make it a much simpler task to manage.

Let’s all — web professionals and users — learn with iThemes here, and do better.

by Brian Krogsgard at September 25, 2014 08:01 PM under Site Owners

WPTavern: iThemes Confirms it Stored Customer Passwords in Clear-Text

Clear Text Passwordphoto credit: thegloamingcc

The CEO of iThemes, Cory Miller, published a second update concerning the security breach that occurred on Tuesday. After news of the breach, customers were left wondering whether or not their passwords were stored in clear-text. The latest update confirms that passwords were in fact stored in clear-text and affected approximately 60,000 customers.

There is no easy way to say this: We were storing your passwords in clear-text. This directly impacted approximately 60,000 of our users, past and current.

Yes, those credentials were used across our entire platform, from our iThemes membership login to your iThemes Sync login.

Passwords stored in clear-text allow hackers to easily obtain them if the database becomes compromised. According to the announcement, storing passwords in clear-text dates back to membership software used in 2009. Since that time, the company has been involved with a large migration process moving from legacy systems to newer technology.

Know that it’s not because we did not value your data. As an organization, we have been working on a very large migration process that has required us to interlink legacy systems with the latest technologies. Anyone that has ever gone through that process understands the complexities and challenges.

Frankly put, it’s been something we identified as a potential risk and are working rapidly now to rectify this issue as fast as humanly possible.

I asked the CTO of CrowdFavorite, Chris Lema, who has over 20 years of experience in enterprise and SaaS products, if what iThemes experienced is common. “I can tell you this isn’t the first or last time I’ve heard of legacy systems that needed to be migrated or code that needed to be refactored. Sometimes you do it before anything bad happens. Sometimes you’re not fast enough. The trick is to prioritize it, even when things are ‘working’.”

In order to avoid the issues iThemes is working through, Lema offers the following advice. “Companies that have legacy systems – especially membership sites or eCommerce sites with users/passwords need to create a strategy for migrating those old systems while keeping everything running. This often means the creation of several interim systems. In other words, the migration isn’t a straight path but a multi-stop journey.”

Honesty is a Virtue

Customers have expressed disappointment that a company who sells one of the most popular WordPress security plugins failed to adhere to security best practices. However, thanks to Miller’s honest approach of attacking the issue head on, a lot of those same customers are pledging their support.

Although this is a difficult situation for iThemes and its customers, the way Miller has handled the situation is an excellent example of leadership. The easiest thing to do in situations like these is to sweep it under the rug or go around the issue. While customers have every right to be outraged, Miller’s human and honest approach has kept a backlash to a minimum.

by Jeff Chandler at September 25, 2014 04:22 PM under security

September 24, 2014

WPTavern: A New Resource Devoted To WordPress and Photographers

WP Photographers, is a new resource created by Aaron Hockley, to help photographers and WordPress users share their photos and build photography businesses. Whether you’re a beginner or a photographer looking for the best webhosting service, WP Photographers has you covered. In addition to guides, Hockley routinely publishes reviews of WordPress themes and plugins related to photography.

WP Photographers Front PageWP Photographers Front Page

He started the site because there were few resources on the web that discuss the intersection between WordPress and photography. “Being deep in both worlds I get lots of questions from photographers figuring out WordPress and WordPress folks trying to better use images,” Hockley told the Tavern. He hopes WP Photographers becomes a valuable resource to photographers and plans on starting a podcast to supplement the content on the site.

As Hockley continues to add relevant content,  it could become the go-to place for budding photographers using WordPress. There are several articles on the subject but it’s convenient to see a website devoted to the topic.

To learn more about Hockley and the inspiration behind WP Photographers, check out this interview on PhotoFocus.com.

by Jeff Chandler at September 24, 2014 11:37 PM under resource

Matt: Corporate News

The Invasion of Corporate News.

by Matt Mullenweg at September 24, 2014 10:05 PM under Asides

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this send an email to Matt.

Official Blog

For official WP news, check out the WordPress Dev Blog.


Last updated:

October 02, 2014 04:30 PM
All times are UTC.