01 Oct 2014

feedWordPress Planet

WPTavern: WordPress Theme Review Team Gains 27 New Reviewers at WordCamp Europe Contributor Day


The contributor day following WordCamp Europe was a tremendous success, bringing approximately 180 people to the SiteGround offices in Sofia. A healthy mixture of veteran contributors were in attendance, as well as many folks who were brand new to contributing.

At the beginning of the day, contributors split off into smaller groups to focus on translations, core, documentation, theme review, support, GlotPress, and Rosetta. When Theme Review Team member Tammie Lister put out a call for theme reviewers, hands shot up all over the room. Automattic donates Lister's time two or three days per week specifically for helping with WordPress.org theme review.

After the event, she reported that 27 new people were added to the WordPress Theme Review Team. They started by introducing themselves and discussing why one might want to get involved. Those who had some experience shared their individual processes. After this, they dove straight into reviewing and each person was given a theme.

"The current idea is that during the month of October we will be focusing on how we do contribution days now, so we're having experiments and thinking about ways to improve that," Lister said. During the last weekly meeting, the Theme Review Team identified the pain points in adding reviewers and brainstormed ideas for onboarding new reviewers during contributor days. This includes the possibility of creating a doing_it_wrong() theme, as a project at WordCamp San Francisco, that can be used for education and testing. Lister said they will be playing with a few ideas at upcoming contribution days in San Francisco and Toronto.

A Room Full of Themers

The best part of getting a record number of new reviewers together was packing a room full of themers who were all buzzing about the craft of WordPress theming. "What was really exciting about today is that it wasn't just developers," Lister said. "We had some people who didn't know much HTML, some who were newer to theming, and some who were doing it the right way."

The key thing for new reviewers is to take your time, Lister said. "I think the thing is that you just have to take it slowly when you start theme reviewing. You go through the process and you get faster."

New reviewer Andrew Liyanage decided to jump in and join the Theme Review Team in order to sharpen his professional skills. "I wanted to get into theme design. I thought before designing a theme, I could get into review in order to get to know what the do's and the don'ts are," he said. "I'm already reviewing a theme right now, and it's going better than I thought it would."

Lister plans to match each new reviewer with someone from the new mentoring program, established last month. Although most of the communication happens on trac, there are more people than ever to help out with the process.

"A lot of it is trac focused, because it has to be, but we now have mentors, more admins, and trusted reviewers. So there's a lot more people but there's a lot more people looking after those people," Lister said.

With a record number of new theme reviewers added in one day, the team now has 27 more people who are familiar with the guidelines. This is bound to make a significant dent in the queue and lighten the load for the rest of the team.

01 Oct 2014 9:52am GMT

Post Status: Contribution as culture


This post spends a lot of time analyzing and referencing two other blog posts. Excuse me for that, but also be sure to read both, as they are relevant for this post and also interesting in their own right.

Matt Mullenweg wrote a blog post called Five for the Future yesterday that advocates his belief that WordPress-centric companies should aim to utilize 5% of their company resources toward contributing back to the project.

He noted in the post that Automattic isn't quite to this point, but that they are working on it, and describes why he believes it's important. He closes with this:

It's a big commitment, but I can't think of a better long-term investment in the health of WordPress overall. I think it will look incredibly modest in hindsight. This ratio is probably the bare minimum for a sustainable ecosystem, avoiding the tragedy of the commons. I think the 5% rule is one that all open source projects and companies should follow, at least if they want to be vibrant a decade from now.

This was followed up by one of the co-founders of one of the very hosting companies Matt partially referenced in his post - WP Engine's Ben Metcalf - who responded with a blog post of his own: WordPress: What exactly do they get for their 5%?

I think I was immediately thrown off by Ben's post title, but so many times throughout reading it I was shocked at how he made assumptions of Matt's intentions or missed what I would call "the point".

5% is not a decree

Obviously, Matt is not speaking from the mountaintop with a proclamation of law. This is his recommendation - one that he believes will reward the firms that strive for it.

I believe that the community has already shown us that those that invest into WordPress are rewarded from it. We improve our understanding of a foundational software of our careers, improve our skills, are more marketable, more attractive to employers, and create natural opportunities for developing industry relationships.

How should 5% of "people" be defined? I'm pretty sure Matt would agree that 5% of people or 5% of revenue toward people doesn't really matter to him; yet Ben makes a continuous sticking point about the cost of - and need for - engineers.

Additionally, while Matt utilizes full-time employees, the same (or better) effect could be had with shared time from more employees.

I'm not big into absolutes, so it's important to remember that while I'm advocating that Matt's recommendation of 5% time, I think it's simply a good recommendation. This is a free economy and companies can do what they want. But I think in the current and long term, contribution will be key to greater corporate success for those that choose to do so.

What does 5% cost, and who does it require?

While Matt was careful to include numerous non-engineering roles companies could help with, ultimately what drives the open source project is source code contribution by software engineers. …

A reasonable engineer in the US costs $100k/y, and if you factor in benefits (tax funded health-care, anyone?) and overheads you could easily be looking at $130k or more per person, per year. …

A 200+ person web hosting company would need to hire 10 engineers to meet a 5% goal, requiring a budget of anything between $1MM-1.3MM+ per year. Those engineers probably need a manager - to mentor them, provide career development etc. Those 11 people also put pressure on human resources, finance, legal, facilities etc - probably equating to another person again. Now we're talking probably more like $1.25-$1.5m annually.

First, I believe Ben has spent too much time in the world's largest cities if he believes engineers cost $100,000 per year on average. In my experience (yes, I interview people myself), that's not the case, and based on my decent view of the ecosystem it's not an appropriate going rate - especially if the offer on the table is a particularly desirable position.

More importantly, the project needs far more non-technical contributors. Ben's assertion that "ultimately" software engineers drive the project is not true. Users drive the project. A technically savvy user-minded contributor can be a beacon of light to a group of software developers. And given the user-facing nature of WordPress itself, non-engineer contributors could drastically improve the less code-sexy parts of the WordPress ecosystem: project management, docs, training, testing, support, translation, etc.

Additional to "core" contributions, WordCamps, plugins, themes, communities, and many other venues are outstanding places where contributors - yes, they're still contributors! - can impact the overall project.

Finally, as I noted above, I think companies could quite effectively contribute parts of employees' time versus dedicated 100% time, which would also prevent the need to have dedicated managers for open source contributors.

Foundational software to your business

Ben spends a chunk of time saying that big companies like GoDaddy get a "get out of jail free card" and that obviously Matt wouldn't expect they dedicate 5% of their thousands of employees.

GoDaddy definitely benefits from WordPress and they also contribute to it; and no, they don't contribute 5% I'm sure. But WordPress is not foundational to GoDaddy's business. They have a dedicated sub-product for it, and they also have many contributors to it.

WP Engine, and many others (including mine), are almost completely or completely reliant on WordPress as a platform. WordPress and its underlying technologies are foundational to our careers and businesses.

It is simply a different story to compare a company that would continue on pretty much fine without WordPress and one that would have to seriously reconsider their entire business model.

For example, let's compare the scenario to a publisher. Re/code is built on WordPress. They have a staff of 20+. Do they completely rely on WordPress for their website? Yes. For their business model? No. In their scenario, it makes sense for them - and could benefit them pretty directly - to allocate some time of some employees to WordPress, but if WordPress disappears they can and will migrate to a different platform.

Contributing to the full stack

It was questioned to me on Twitter, after my initial reaction to Ben's post, whether I contribute 5% of my time to open source projects like PHP, MySQL, and other tools that WordPress relies on.

This is a good question and point, but it does not cause me to stumble in my opinions. I believe open source contributions in general benefit the entire software stack.

In my scenario, I can be more impactful on the WordPress project than others. But I believe contributions can take many shapes, in both directions.

Some folks, like Daniel Bachhuber, greatly contribute to the project as a whole by supporting upstream projects like WP CLI.

Automattic is a fantastic example of a company that has both upstream and downstream contributions. They are active contributors to, employers of contributors or founders, or monetary sponsors to a huge number of downstream projects: WordPress, PHP, Nginx, jQuery, Elastic Search, Node, Socket.io, and probably a bunch I can't think of or don't know about. Additionally, they are a driving force behind dozens of upstream, open source themes and plugins.

Whether a company is contributing to their foundational piece of software, a downstream or upstream application, or on an adjacent aspect that leads to the betterment of the platform that is foundational to their business objectives, then I believe it will in turn be beneficial to their bottom line.

Contribution as culture

Contribution should not be considered an isolated cost, but an enabling investment.

If I run a business that relies on a foundational piece of software like WordPress, then it benefits me greatly for my employees - no matter what role they play within the company - to be intimately familiar with that software.

In my last job, I was tasked with guiding a transition of my company from developing mostly on a proprietary CMS to WordPress. I consistently preached the importance for everyone in the company to understand some fundamentals of WordPress itself. During my time there and since I've moved on, I've seen other members of that company learn the software, get involved in our local community, and even contribute back to WordPress itself; and both they and the company are better off for it.

Whether an employee is in sales, customer service, design, development, management, or wherever else - every employee knowing your product is important. I firmly believe this. I would want anyone in an organization I'm part of to be able to discuss our product in detail and with confidence to anyone.

When your company relies on a foundational piece of software - such as those we're discussing in this post - that's in effect part of your product. We are building products and services around and for WordPress. How important should it be that our company's employees understand it?

And how can they understand it better? By contributing of course!

Have a new support rep? Show them the WordPress.org forums to get their feet wet. New designer or front-end developer? Have them sit in on default theme conversations or read through the Make UI blog. New sales person? Get them involved at your local meetup and WordCamp. This list can go on.

Avenues for contribution are an incredible gateway for learning WordPress. Blogging about WordPress (another avenue of contribution) has greatly enabled me to be better at my job, and therefore made me significantly more valuable to the companies I've worked with.

Five for now

Matt called his post Five for the Future, and talked specifically about how a 5% investment by a company will ensure a greater future for WordPress and therefore said company. I disagree.

Contributing now will benefit the company and its employees right now. And while both Matt and Ben focused on individuals within the company being targeted contributors, I think it's much more beneficial to have a much larger percentage of a company contributing a portion of their time (even if small). I'd rather see 2 of 200 employees be full time contributors and then have 80 10% contributors than have 10 full time contributors.

I think we've seen many, many examples of contributors (people and companies) reaping tangible and intangible benefits from when they contribute - whether that contribution is to the codebase or the community. Contributors in this ecosystem come out on top.

Contributions are not an isolated cost or burden. Nor should their effects be limited to good faith investments to the sustainability of the ecosystem.

Contributions benefit the bottom line, and they benefit the bottom line right now.

01 Oct 2014 6:17am GMT

WPTavern: Interview With Stream Project Lead, Frankie Jarrett

Frankie Jarrett Featured Image

Stream 2.0 is a significant update that changes the stand alone plugin into a service. But not everyone is happy with the change. Those who use Stream in enterprise environments have voiced disappointment regarding the latest update. The following is feedback from a user on the Advanced WordPress Facebook group. "Heads up if you use Stream. The 2.0 upgrade now stores everything in the cloud instead of the local database and requires a WordPress.com account to use it. It's a great plugin but this new functionality is not optional and I can no longer use it with our enterprise data."

I reached out to Stream project lead, Frankie Jarrett, and asked why the team decided to rely on third-party services. I also inquired whether users have any options to house data on their own servers or connect it to a service of their choosing. Jarrett gives insight into the future of Stream as a Service and let's us know if they are working on a version that is compatible with enterprise environments.

Interview With Frankie Jarrett

WordPRess Loggingphoto credit: Claire L. Evans - cc

Jeff - Why the decision to use an external service by default to offload Stream activity data?

Over the past 10 months we've learned a lot about logging events, specifically logging actions taken inside the WordPress Admin. As time went on, some of the biggest concerns we had revolved around the topics of performance and security. It became clear to us that Stream needed to be more than just a plugin to advance into a solid solution, it needed to be a service that was self-contained and lived alongside WordPress instead of trying to force it to work inside the WordPress architecture and never truly being scalable or secure.

MySQL is nice solution for storing content with simple querying, this is how WordPress uses it, but MySQL is actually bad for storing logs, especially if you want to retain them for a long time and/or run complex queries on them while also expecting those queries to be fast. Not to mention, you don't want the performance of your website's content to be affected at all. Since the primary purpose of the MySQL database is to store and serve up content to your website visitors, it was our view that should never be hindered by event logging.

Now that Stream is a service, we can use brand new technologies like Elasticsearch, that are better suited for (and even designed for) querying huge numbers of logs. The result is a more powerful querying performance, the possibility for users to do even more complex queries in the future (for their Reports), and have no worries about keeping logs for a very, very long time. The things we are now doing in Stream 2.0, and plan to do in the future, require the power of Elasticsearch and don't translate into MySQL storage solutions.

In regards to security, websites and databases get hacked all the time. Unfortunately that's just the way it is. Since all of Stream's records had previously lived inside the website, it too was as vulnerable as the website itself. This means that any hacker that gained access could mess up a site and then cover up their tracks by simply deleting the Stream log data. This was a bad thing and meant those logs weren't really a true security audit trail at all. Now that Stream is a service, those logs are untouchable by an intruder. Once an action is performed, it's forever in the event history, so the site owner knows without a doubt what things have happened on their site and can go through an undo the damage.

Jeff - Why the connection between Stream and WordPress.com ID logins?

WordPress Stream Connectionphoto credit: Manchester-Monkey - cc

This was an easy decision for us, actually. Over the past few years there have been several WordPress companies that have had their sites hacked and user passwords have been compromised as a result. It's a sad and unfortunate thing that can be avoided by simply not storing them. Our solution for this was to use SSO (Single sign on) powered by WordPress.com.

This means Stream doesn't have to store any login details for any customer and customers don't have to sign up for yet another account somewhere. Furthermore, WP.com SSO supports two-factor authentication. This is a huge win for folks who are really concerned about the security of their logins, and we wanted Stream to have this capability.

The reason why we chose WP.com SSO was because of its status and reach in the WordPress community. Stream is a WordPress product and service, so it only makes sense to reach as many WordPress users as possible. When you think about all the people who use Jetpack, Gravatar, Akismet, VaultPress and Polldaddy - that's a lot of people. Maybe not everyone, but again, we wanted to make a decisive decision not to store user login credentials at all, and that could mean some people might not be able to use it, but it's for the good of all our users. WordPress.com SSO was also very easy to implement on our WordPress-powered site compared with the Facebook, Twitter or Google SSO alternatives.

Jeff - Is the connection between Stream and WordPress.com similar to Jetpack in that some things won't work without the connection?

The only time Stream needs to talk to WordPress.com is during sign up, for login credentials. Stream doesn't ping back to your website like Jetpack does. This means your site doesn't have to be publicly accessible for Stream to work and can be run on a local/development environment without any problems or extra steps needed.

Jeff - Overall, what are the future plans for Stream now that it's morphed into a service?

Future of Streamphoto credit: wwarby - cc

Now that we have some scalability, performance and security milestones behind us, we are very much looking forward to making Stream even better in the coming months and years. You might have already noticed, but Stream 2.0 featured built-in integration with eight popular WordPress plugins. We intend to continue making Stream compatible out-of-the-box with tracking things that many other popular plugins do.

Another thing we plan to do is open up a REST API for people to be able to access their data and do anything they want with it. This is a very exciting prospect. Finally, we are working on ways to have a complete "mash-up" of all of your Stream data in one place. This is based on a lot of feedback we've been getting from folks who run not just multi-site, but multiple single-site installs for their clients and want to see everything that's happening in one place. We think that will be another huge benefit to people and something that is only possible because Stream is now a service.

Jeff - One of the complaints I've seen is that Stream's reliance on third-party services makes it incompatible with enterprise environments. What is the team doing to address this issue?

The new Stream relies on the power of Elasticsearch for performance and complex queries, but we are exploring ways for the Stream service stack to be run on-premise for Enterprise organizations who have strict internal policies that would require that. We don't have have an ETA on when this type of solution will be ready, but we are actively pursuing it.

01 Oct 2014 4:07am GMT

WPTavern: Stream Morphs From a Plugin Into a Service

stream plugin banner

Stream 2.0 is available for download and includes a plethora of enhancements. This version features a rewrite from the ground up with a focus on scalability, security, and activity. As part of the rewrite, Stream activity data is stored in the cloud using Amazon Web Services with Elasticsearch. This is the same type of setup Jetpack uses to power its Related Posts module.

Connect To Stream ServiceRequest For a WordPress.com ID

The data is stored over an SSL connection making it hard to tap into your activity stream. The Stream team explains the plugin as being the black box of a WordPress site that even the NSA can't penetrate. As part of the security enhancements, Stream uses your WordPress.com ID to authorize your account.

After connecting my WordPress.com ID to Stream, it loaded a Plans and Pricing page in place of the backend instead of just connecting my account. This is unexpected behavior and a disappointing user experience. I ended up having to load the WordPress backend in a new browser tab.

I ran into a loop where each time I logged into the backend of WordPress, I'd see the Connect to Stream notification. Each time I clicked the button, it would load the Plans and Pricing page. As it turns out, the reason for the endless loop is because I didn't have a subscription registered with the Stream website. Once I completed the process of registering for a free account, the WordPress backend loaded the Stream records screen.

Successful Connection To StreamSuccessful Connection To Stream

I recommend text be added to the top of the Plans and Pricing page. The text should explain that in order to complete the connection to Stream, a subscription plan needs to be selected. It's not obvious and gave me the impression the plugin is broken.

Support For SMS Notifications Thanks to an Outside Source

One of the neat features in 2.0 is the ability to set up SMS notifications. For instance, every time a theme, plugin, or WordPress is updated, you can configure Stream to send you a text message.

Configuring SMS Notifications In StreamConfiguring SMS Notifications In Stream

SMS notifications ended up in 2.0 thanks to the contributing efforts of Jeff Matson. Matson is the author of the WP SMS Notifications plugin we highlighted on the Tavern back in July. Matson explains why he decided to contribute to the Stream project, "When I created WP SMS Notifications, the biggest comment I received was that I should work with Stream to add my functionality to their plugin. The team behind Stream agreed and I was given access to their Github account. Now, I can proudly say that my code is behind one of the greatest activity tracking plugins out there." However, the only way to take advantage of SMS notifications is to use the Pro account which is available for $2 per month.

Older Version of Stream Will Remain Available For Download

Stream has undergone major changes and is now a service versus a stand alone plugin. For those who don't want to update to the new version, the Stream Team is leaving the previous version online via Github. Versions 1.4.9 and below won't receive any more updates outside of patching major bugs or security vulnerabilities.

Overall, a Solid Update

Stream 2.0 is a solid update. The latest edition supports activity tracking for eight of the most popular WordPress plugins out-of-the box including: Advanced Custom Fields, bbPress, BuddyPress, Easy Digital Downloads, Gravity Forms, Jetpack, WooCommerce and WordPress SEO by Yoast. SMS notification is a great enhancement and I think it's respectable of the team to keep 1.4.9 available for those that don't like the new direction Stream is heading in.

Are you satisfied with the latest update to Stream? Does using WordPress.com and Amazon Web Services turn you off from using it?

01 Oct 2014 2:46am GMT

WPTavern: WordPress Plugin Checks if The Server Hosting Your Site is Vulnerable to The “ShellShock” Bug

ShellShock Featured Imagephoto credit: Tony Buser - cc

In recent days, a security vulnerability in Bash known as "ShellShock" has put millions of servers at risk. Without going into too much detail, the vulnerability allows an attacker to execute any code on a vulnerable server. The amount of servers at risk is far greater than the Heartbleed bug discovered earlier this year. The founder of ManageWP, Vladimir Prelovac, has released a new WordPress plugin that helps determine if the server hosting your website is vulnerable to the ShellShock bug.

The plugin checks for both disclosed ShellShock vulnerabilities CVE-2014-6271 and CVE-2014-7169. Simply download the plugin, activate it, and browse to Settings > Shellshock. Click the Run Test button. After the test is completed, a notice displays whether the server is vulnerable or not. In the following screenshot, the server I tested is not vulnerable.

ShellShock Test ResultsShellShock Test Results

If the server is vulnerable, take a screenshot and contact your host as soon as possible. Create a trouble ticket. Then, inform the support representative you tested the server and the results show it's vulnerable. Attach the screenshot to the trouble ticket with a link to this article by Troy Hunt, which explains everything they need to know about the bug. After filing the report, create a full back up of your site in case the server is attacked before it's patched.

01 Oct 2014 1:41am GMT

30 Sep 2014

feedWordPress Planet

WPTavern: A New Project by Nick Haskins, WP Status Page

WP Status Page Featured Imagephoto credit: Luigi Rosa has moved to Ipernity - cc

The creator of Aesop Story Engine, Nick Haskins, wants to know if there is any interest in a WordPress plugin that would provide a project status page. After browsing the WordPress plugin directory and coming up empty, Haskins is developing his own solution in the form of a plugin.

He describes the plugin will have a similar setup to StatusPage.io. "It would definitely have a mechanism to determine if a supplied URL and/or database is down or not. But the page would be more "alive" then a static coming soon page with the ability to send notifications (email/SMS) to users in addition to showing real-time status updates with a history of events," Haskins told the Tavern.

Haskins explains how the plugin would work. "You'd provide a subset of items like maybe a URL, database , API endpoint, and we'd ping that and return the status in a pretty way. I think the key making this really work would be to provide some level of automation as in, a developer could push a commit to Github or Bitbucket with a specific tag that would then automatically update a message status on the status page.

An example of a status page is the Amazon Web Services health dashboard. Haskins says his page will look similar but will have a better design.

Amazon Web Services Status PageAmazon Web Services Status Page

One of the issues he brings up is where to host the plugin. It doesn't make sense to host a status page on the same server as the project. Instead of forcing users to sign up for a cheap hosting account, Haskins may turn it into a hosted service. One option to consider is using OpenShift Online. OpenShift has free accounts available and is Red Hat's public cloud application development and hosting platform.

If you'd like to know when the plugin is ready for testing, WP Status Page has a splash page available where you can enter your email address to receive updates on the project's status.

Is this something you'd be interested in using? What other ideas or features would you like to see in a status page generation plugin? If you already use a service or have custom coded a solution to provide a status page for your project, please share it in the comments.

30 Sep 2014 9:14pm GMT

Matt: Five for the Future

On Sunday at WordCamp Europe I got a question about how companies contribute back to WordPress, how they're doing, and what companies should do more of.

First on the state of things: there are more companies genuinely and altruistically contributing to growing WordPress than ever before. In our ecosystem web hosts definitely make the most revenue and profits, and it's been great to see them stepping up their game, but also the consultancies and agencies around WordPress have been pretty amazing about their people contributions, as demonstrated most recently by the fact the 4.0 and 4.1 release leads both hail from WP agencies (10up and Code for the People, respectively).

I think a good rule of thumb that will scale with the community as it continues to grow is that organizations that want to grow the WordPress pie (and not just their piece of it) should dedicate 5% of their people to working on something to do with core - be it development, documentation, security, support forums, theme reviews, training, testing, translation or whatever it might be that helps move WordPress mission forward.

Five percent doesn't sound like much, but it adds up quickly. As of today Automattic is 277 people, which means we should have about 14 people contributing full-time. That's a lot of people to not have on things that are more direct or obvious drivers of the business, and we're not quite there today, but I'm working on it and hope Automattic can set a good example for this in the community. I think it's just as hard for a 20-person organization to peel 1 person off.

It's a big commitment, but I can't think of a better long-term investment in the health of WordPress overall. I think it will look incredibly modest in hindsight. This ratio is probably the bare minimum for a sustainable ecosystem, avoiding the tragedy of the commons. I think the 5% rule is one that all open source projects and companies should follow, at least if they want to be vibrant a decade from now.

30 Sep 2014 7:05pm GMT

WPTavern: WordPress Beyond Boundaries: A Recap of WordCamp Europe 2014

WordCamp Europe 2014 - photo credit: Vladimir Kaladan PetkovWordCamp Europe 2014 - photo credit: Vladimir Kaladan Petkov

This weekend, 950 WordPress professionals and enthusiasts from all over the world descended upon Sofia, Bulgaria to participate in Europe's largest WordCamp to date. WordCampers arrived excited to soak up new information and connect with others in the European community.

Sofia's graffiti-lined streets are peppered with leftovers of communist architecture, contrasting the Neo-Bohemian culture that energizes the city. The event was held in the National Palace of Culture, a magnificent venue situated in the center of Bulgaria's capital, designed nearly a decade before the fall of the Iron Curtain. Its halls are lined with murals and dark colors, which created an interesting backdrop for a conference devoted to a bright and growing free software community.

The warm hospitality of the organizers of WordCamp Europe lent an intimate atmosphere to what otherwise might have seemed like an impersonally large event. Attendees enjoyed a world class lineup of WordPress speakers and had the opportunity to try delicious local specialties during breaks and lunch.

Organizing WordCamp Europe 2014


WordCamp Europe is an event that requires many months of planning and an army of volunteers to make it happen. Local organizer Petya Raykovska helped to organize WordCamp Sofia's 300 attendees last year, in addition to being part of the WCEU organizing team. She commented on how welcoming and helpful the Bulgarian community has been in hosting the event. "We have a bunch of local volunteers who have been amazing. Everybody wants to help," she said. "But that is WordPress everywhere, not just in Bulgaria. People in WordPress share these same values in common."

Out of the event's 950 attendees, 240 were Bulgarian, with the vast majority of others from outside the country. WordCamp Europe is made up of an international team of organizers, strategically chosen to unite the different areas of the Europe. The location of the event changes every year and potential host cities have the opportunity to compete for the spot by submitting a proposal and demonstrating support from the local community, much like the Olympics. This year it was a close competition between Lisbon and Sofia.

"Any local community that has had a WordCamp before has the opportunity to bid," explained Remkus de Vries, a leader in the Dutch WordPress community and one of the original organizers of WCEU. "They have to have experience and know how to manage everything."

In its first year, WordCamp Europe was held in Leiden, located in Western Europe. "It's not just who has the best story," De Vries commented on the selection process. "We have an agenda, and the agenda is to unite Europe as best as we can and to have open source be the vehicle.

"We picked Sofia because we thought it would be good to have Eastern Europe be a part of it. We have a large WordPress community in Romania, Bulgaria, and a few neighboring countries like Serbia and Croatia," he said. For them it's relatively easy to come here and we wanted to have them here."

No Boundaries: Uniting People Across Borders with WordPress

The European WordPress community has a checkered history of division. De Vries and fellow organizers founded the event in 2013, with the hopes of uniting different languages, nationalities, and cultures in a way that only WordPress can.

"Diversity," is the one word answer De Vries gave when asked about the distinguishing characteristics of the community. "We've had a lot of issues with countries not liking each other in the last seven years, and that, in some regard, is somewhat always there," he said. " and I had the idea in 2009/2010 that we should have a European WordCamp, for the simple reason that when we went to the other EU WordCamps, we saw that there was the beginning of people looking outside their borders when it came to the WordPress community."

De Vries highlighted a few of the differences that the EU community has to overcome. "If you just look at the way we write, from the Cyrillic alphabet to the Greek to the Latin ones, that's a big difference," he said. "Additionally, there are cultural differences between Eastern, Western, Northern and Southern Europe. Obviously you have stuff like that in America as well but this is truly different in a lot of senses. One of our goals was that the local communities would start looking outside of themselves. That's exactly what happened."

Prior to the first WordCamp Europe, many across the continent kept to their own small communities and didn't often travel to connect with each other. De Vries shared an example of how things have changed:

I would say Germany is a beautiful example. Germany is a very close knit community, one of the strongest running and one of the oldest, other than the US. Earlier this year WordCamp Hamburg had many foreigners in attendance. That didn't happen in Germany in the past. That's the big difference. Now they're looking outside.

Once everyone comes together around WordPress, differences disappear. "There's a funny thing about the people who enjoy WordPress, in the raw sense of the word, is that they tend to be people who like each other in real life," De Vries said. "Which is why I think WordCamps are such a huge success. I can't speak that much for other open source communities but I do have a feeling that that's something special about the WordPress community."

WordCamp Europe is so well-supported that within two or three days, every single sponsor package was sold out, despite the fact that they weren't featured very well in the previous year. Companies are still lining up to offer support, because they recognize the value of a unifying event like this in Europe.

Looking to the Future of WordCamp Europe

De Vries and many of the core organizing team are in it for the foreseeable future. He's addicted to the high of connecting people who might not otherwise have the opportunity to connect with their peers. "Yes, it costs a lot of time. I have a busy company as well, but I just think it's worth it," he said.

Why does he continue to put so much time into WordPress? De Vries put it simply. "WordPress saved my life. It allowed me to come out of a very dark place to make money to provide for my family at a time when I was experiencing something very rough," he said. He wouldn't have been able to get there without the community surrounding the project.

"It is the way the software is structured and the way the community is structured around that," he said. "It makes it very easy to jump in anytime. If you put in the hours and you want to learn and understand what it's about and translate that into your work, I would say that WordPress is as good as a community can get. So for me, giving back is also part of that. "

The first year WordCamp Europe sold 750 tickets. This year it reached 950, despite the fact that travel to Bulgaria is more difficult for some. With the exception of a few direct flights, most everyone else has two or three connecting flights to make it to Sofia. "To see that the attendance has actually risen, I think is a testament to what we're doing here," De Vries remarked.

When asked if they will expand the event's attendance next year, he replied, "Maybe 1200 would be nice. I think if we pick a location that's even more of a direct flight, attendance could go in that direction."

But for De Vries, attendance is of less importance than the unifying power of the WordCamp. "Attendance is not the end goal. The goal is people of different countries and backgrounds realizing that, in this community, there are no boundaries."

30 Sep 2014 2:48pm GMT

Matt: No Longer Use TimThumb

Ben Gillbanks, the co-author of TimThumb, says I No Longer Use TimThumb - Here's What I do Instead.

30 Sep 2014 6:24am GMT

29 Sep 2014

feedWordPress Planet

WPTavern: GoDaddy and Media Temple Engage in Strategic Partnership With WP101

WP101 LogoCustomers who host sites with GoDaddy or Media Temple will see a new WordPress resource in their control panel. Thanks to a strategic partnership with WP101, GoDaddy and Media Temple customers can watch a 20-part WordPress 101 video tutorial series, directly within the WordPress dashboard.

I reached out to WP101 founder, Shawn Hesketh, to learn more about the partnership and what his thoughts are on the state of WordPress training. He also shares the valuable lessons he learned during the process. Near the end of the interview, he provides a list of resources for those interested in learning WordPress.

Interview With WP101 Founder, Shawn Hesketh

Jeff - How difficult has been for you to keep up with WordPress development through your training videos?

To be perfectly honest with you, I was a bit nervous when I first heard Matt Mullenweg outline a strategy for increasingly rapid releases, eventually leading to constant background updates to WordPress at some point in the near future. But so far, it's been fairly manageable, as we've only seen an additional one or two revision cycles in a given year.

I've given a great deal of thought to how we might continue to keep the WordPress 101 tutorial series up-to-date should WordPress move to more transparent and automatic updates. But for the time being, we should be able to continue updating and re-recording our videos with each major release.

I continually monitor the WordPress development blog, Trac, and the IRC channel, which helps me stay abreast of coming changes and prepare ahead of time as much as possible. Without access to those invaluable resources, it would be quite a challenge.

Jeff - As WordPress continues to grow, WordPress Training continues to be a business in high demand. How have you differentiated yourself from the other trainers/coaches out there?

CMS MarketShare reportMarketshare via OpensourceCMS.com 9/29/2014

It certainly helps that WP101 was one of the first WordPress video tutorial series to be launched, way back in 2008, at a time when almost no one was providing high-quality WordPress tutorial videos. Since then, we've certainly seen a number of other sites emerge to address the growing need for WordPress education, not only for beginners, but also intermediate and advanced users.

Still, the feedback I receive almost daily is that the WP101 videos are some of the best-produced, easy-to-follow video tutorials for beginners. I've spoken about this in the past, but I maintain that fanatical attention to detail and careful craftsmanship can still help differentiate you from competitors, no matter what product or service you provide.

Finally, I don't create my tutorials in a vacuum. Rather than simply producing what I think will work best, I'm constantly listening to input and feedback from our audience, developers, and beginners alike revising the WP101 series, improving it with each release. I think it's this commitment to building meaningful, long-term relationships and serving our audience that continues to set WP101 apart.

Jeff - What challenges did you face in making this strategic partnership a reality?

WP101 PartnershipImage Courtesy of WP101

The partnership with GoDaddy and Media Temple is a great example of the importance of long-term relationship building. We spent the first several weeks in conversations about the challenges they faced with regard to on-boarding new WordPress users. It was only after I had a clear understanding of their challenges that we began to explore the best way to put the WP101 videos to work for their customers.

Although it may appear on the surface to be a relatively simple solution, it was actually the product of several months of hard work, both in terms of developing the custom software required and arriving at a pricing model that worked for both parties.

To be honest, I didn't expect the process to take several months to fully materialize, but this was never about a quick win. From the beginning, we were all working toward the best solution, not just for our two companies, but ultimately for their customers.

Jeff - Did you learn any lessons that others can use when trying to partner with large, well-established brands and or companies?

Have patience. Don't underestimate the amount of time you (or your legal team) will spend carefully crafting an agreement that is truly a win/win.

It's true that the best agreements are those in which both parties feel that they came out ahead. But as with anything of lasting value, it takes time. Time spent in conversations that results in a clear understanding of the desired outcome. Time spent carefully crafting a custom solution, rather than simply applying a quick fix. And throughout the entire process, keeping an eye firmly fixed on the end goal, which is ultimately to better serve the customer.

Communicate clearly. When there are large teams of people involved, it's easy to get lines crossed. I'm a big fan of UIHD (Unless I Hear Differently). It helps everyone involved stay crystal clear on roles and timeframes, who's doing what, and when. It helps eliminate downtime due to unnecessary communication cycles. Keep emails simple, limited to just one question at a time, and close every communication with, "Unless I hear differently…"

Finally, don't underestimate the importance of finding a great attorney, which also takes time. I've worked with general business attorneys in the past, but it's another matter altogether to find an attorney who understands the intricacies of licensing intellectual property for online distribution. I went through several recommendations before finally finding a local attorney who had the understanding and expertise to craft the agreement we needed.

Jeff - Last but not least, when you take a step back and look at the big picture, what do you see in terms of the WordPress training landscape?

Landscape WordPress Training Horizonphoto credit: Kristofer Williams - cc

It's an exciting time to be a WordPress educator. The increasing popularity of WordPress means there is also a growing demand for WordPress training. There have never been more educational resources available for nearly every level of expertise.

From written tutorials and code snippets on individual blogs to personalized, one-on-one coaching, there is a wide variety of training available for just about every learning style. The WordPress community is filled with knowledgeable, friendly people who are willing to share their knowledge with others.

But with so many resources out there, it can also be challenging, particularly for beginners, to separate the good from the bad. How do you know whether a tutorial is accurate, reliable, or up-to-date?

With powerful tools like ScreenFlow and Camtasia, it's never been easier to create screencast tutorials. But it's increasingly difficult to ensure they're continually up to date with each new release of WordPress.

In the six years since I launched WP101, I've updated and re-recorded my WordPress 101 series 12 times. During that same period of time, I've seen several tutorial sites come and go. Their content becomes out-of-date after just one or two release cycles. As I mentioned earlier, it's only going to become more challenging as WordPress continues to release updates more rapidly.

So, it's hard work, and quite tedious at times, but for those of us who truly enjoy the reward of teaching others how to use WordPress, it's also a labor of love. But one of the things that excites me the most is the spirit of "co-opetition" that exists in the WordPress community.

Resources Hesketh Recommends for Learning WordPress

Some people learn best by reading. So I often recommend the excellent books by Stephanie Leary, Lisa Sabin-Wilson, or Brad Williams and team.

Others learn best through one-on-one training, so I send them to BobWP.

There's the ever-growing library of web design webinars by my friends at iThemes.

I'm excited about the possibilities of SIDEKICK for helping developers to create custom interactive walkthroughs.

Nobody has a larger library of written tutorials than WPBeginner.

Of course, there are plugins like Video User Manuals, or our own WP101 Plugin that enable developers to provide WordPress tutorials directly in their clients' dashboard.

To say nothing of learning sites like Lynda.com or Treehouse.

With our new partnership with GoDaddy and Media Temple, we're starting to provide valuable WordPress training right where customers need it most, in their own WordPress dashboard.

Not a day goes by that I don't recommend one or more of these excellent learning resources if I feel they might be the best fit for someone and many, if not all, of these folks do the same for WP101. This creates an environment in which everyone wins. Most importantly the individuals who just want to learn how to use WordPress to build a gorgeous blog or compelling business site.

In a perfect world, WordPress would be so intuitive where no training or manual would be required. Until then, we'll be there to help fill in the gaps, answer questions, and help folks learn how to use WordPress as quickly as possible.

A Win-Win Situation

As the WordPress training scene becomes increasingly crowded, it's becoming more difficult to differentiate between all of the resources available. Partnering with a webhosting company is an excellent way for WordPress training materials to be seen by thousands of customers who might not otherwise be aware of their existence.

The material also provides an opportunity to lessen the support burden. As customers learn the basics of WordPress, the support team can dedicate more resources towards difficult support queries.

If you're a GoDaddy or Media Temple customer, let us know what you think of the videos in the comments.

29 Sep 2014 9:31pm GMT

WPTavern: Ben Gillbanks Announces The End of TimThumb

TimThumb Ends Development photo credit: katybird - cc

The once popular image resizing script known as TimThumb is no longer supported according to co-creator, Ben Gillbanks. In 2011, TimThumb made headlines when a major security vulnerability was discovered and used to hack into several websites.

The exploit that was found was a bug with the external image resize functionality and the fact it could be used to download and execute files. There was code in place that restricted the downloads to a whitelist of clean sites, but it wasn't strict enough and so a hole was found that could inject php onto your server.

In 2009, Gillbanks estimated that 95% of commercial WordPress themes supported TimThumb. Several major commercial theme companies such as WooThemes, used the script in most of its products. This set the stage for thousands of sites to be affected by the vulnerability.

The outcome of the event has weighed heavily on Gillbanks and is one of the primary reasons he's giving up development.

In particular in 2010 there was a major security exploit found and it hurt a lot of websites, my own included. There are still people who are suffering because of it. I've felt incredibly guilty about this for years now, and so my enthusiasm for TimThumb has dropped to nothing.

Because of this lack of enthusiasm, and a fear of doing something else wrong, I have barely touched the code in years.

If you're using TimThumb, Gillbanks recommends removing it and using something else. An excellent alternative is the WordPress TimThumb Alternative on Github. Created by Matthew Ruddy, the function uses WordPress' native resizing functions to mimic TimThumb resizing.

Timeline of Notable Events

The following is a timeline of notable events surrounding TimThumb. Feel free to add more in the comments.

With the development of TimThumb being discontinued, it's the end of an era for WordPress theme development. Are you happy or sad to see it go? Since TimThumb has an open source license, will developers pick up where Gillbanks left off?

29 Sep 2014 7:19pm GMT

Matt: Hemingway on Writing

I believe that basically you write for two people; yourself to try to make it absolutely perfect; or if not that then wonderful. Then you write for who you love whether she can read or write or not and whether she is alive or dead.

- Ernest Hemingway to Arthur Mizener, 1950 Selected Letters, p. 694.

I got it from Hemingway on Writing which is a short and pleasant read I'm going through right now. It turns out Hemingway was 64 years ahead of me in his advice about who to write for.

29 Sep 2014 1:46pm GMT

Lorelle on WP: Research on the WordPress, Web Development, and Web Design Job Market

In 2012 and 2013, I did extensive research for the grant program to develop and rewrite the Web Developer degree program at Clark College. This research included an analysis of current and future job opportunities for students graduating with that degree with a solid understanding of WordPress. Now that the program has completed its first […]

29 Sep 2014 11:35am GMT

28 Sep 2014

feedWordPress Planet

WPTavern: Meet John Blackbourn, WordPress 4.1 Release Lead

John Blackbourn speaking at WordCamp London 2013 - WordPress.tvJohn Blackbourn speaking at WordCamp London 2013 - WordPress.tv

Nine years ago, John Blackbourn was stocking shelves at a supermarket 40 hours per week and returning home to do another 20 hours of freelance work on the side. His journey with WordPress started much like many others, when his first patch was accepted seven years ago. This past weekend at WordCamp Europe, Blackbourn was named WordPress 4.1 release lead.

"I'm sure my first contribution was because I found a bug that annoyed me, so I thought I'll patch that up and get it in there," he said. Submitting bug reports led him to learn about Subversion, patching files, and the trac ticket manager. "That's actually a great way for people to get into version control - when someone turns around and says 'Write a patch for it,' and you have to go off and figure out how to do it."

It started off as a hobby, Blackbourn said, "building my own websites and playing around a bit." After awhile his freelance work started to take off. "Then I was lucky enough to be able to drop my hours down to part time while I ramped up my freelance work," he said. A couple years later, he got a job at Code For The People, a WordPress development agency and WordPress.com VIP partner.

Code for the People is made up of a flock of regular contributors to WordPress core, with founders who are passionately committed to giving back to open source software. When Blackbourn was put forward to lead the 4.1 release, his agency was behind him 110%.

"I had previously talked to Andrew Nacin about leading 3.9 and 4.0 and he'd already spoken to my bosses at Code For The People. They said, 'Yeah go for it - we'll give you time off work, adequate resources, and time to lead it.'"

Simon Wheatley, one of the founders of CFTP, spoke at WordCamp Europe about running an open source business, during which his co-founder, Simon Dickson, commented on donating Blackbourn's time to core. "CFTP is a small team. Contributing John Blackbourn to WP Core won't make our lives easy. But it's important to us. We'll find a way," he said.

What's on the horizon for WordPress 4.1?

This will be the first time that Blackbourn has led a release, although he has been a core committer for both 3.9 and 4.0. WordPress 4.1 will be a short release cycle, with less than three months, due around December 12th. He shared a few ideas with us about where he thinks 4.1 will be heading.

We're going to try to reign in expectations for the release so we're going to get a few nice things to do with session management and password security, etc. If we keep the potential features reigned in a bit, then hopefully we won't be needing to take weeks off work. I expect to be doing a couple days a week that I would normally be working.

Blackbourn hopes to further extend the improvements to sessions that were made in the previous release. "The new thing in WP 4.0 is the sessions - when you log in, you actually get assigned a session now, so you can forcibly log one of your sessions out," he explained. "So if I'm logged in on my laptop and my phone I can kick myself out of one or the other." This now exists in WordPress on an API level and Blackbourn is hopeful that 4.1 will add a UI for it.

He has extensive experience working with multisite on a daily basis at CFTP. "We haven't got many clients who don't use multisite these days," he said. When asked if there are any multisite improvements planned for 4.1, he said that there may not be much time to make significant strides on the roadmap. However, he's optimistic about including improvements related to multisite password resets.

Since it's his first time to lead a release, Blackbourn plans to meet with several past release leads in attendance at WordCamp Europe in order to get an overview of how it's done. He's one of the most humble, talented people I had the privilege of meeting at the event. Query Monitor, his comprehensive WordPress debugging plugin, is truly a work of art, and many developers can no longer live without it. Blackbourn is a benefit to the project and an excellent example of a WordPress professional who has become a high-end expert by sharpening his skills through contribution to core.

28 Sep 2014 10:18pm GMT

Matt: 4.0 Recap

If you want to see some of the thought and care that went into the WordPress 4.0 release, check out Scott Taylor's peek under the hood and Helen Hou-Sandi's reveal of a 4.0 Easter egg.

28 Sep 2014 5:10am GMT

27 Sep 2014

feedWordPress Planet

Matt: Sedaris on Fitbit

David Sedaris in the New Yorker on how his Fitbit took over his life.. Hat tip: Jeremey Duvall.

27 Sep 2014 12:03pm GMT