29 Jul 2015

feedWordPress Planet

Post Status: Don’t make enemies, invest in friendships

Editor's note: The following is a guest post by Cory Miller, the CEO of iThemes. Cory describes his approach to making friends and avoiding making enemies. You should also check out his recent talk on mental health and entrepreneurship, which is terrific.

I'd rather wave a white flag and compromise than make an enemy. Every. Single. Day.

I've purposefully and intentionally, throughout my life (and business), sought to not make enemies, but rather build friendships.

Friends do the opposite.

My best example of this is my wife, Lindsey. I think of her as my greatest ally and my best friend. She's the opposite of an enemy.

The words I use to describe her are "caring," "supportive," "loving," and "wants my best."

So why would I spend my time seeking to create enemies, instead of friendships?

But, you can also, simultaneously, choose to make and focus on friendships.

Some of my best friendships have come through business, and some of them would be considered "competitors."

But I've cherished those friendships.

Additionally, I sleep better at night knowing we only want each other's best and that there is plenty of room for each other instead of someone actively, purposefully seeking my destruction.

But instead of seeking to fester anger and hate and competition, I've sought the opposite, asking, "Where can we find ways to help each other do better for each other?"

So what if we approached life and business like this:

Instead of using that anger, bile, jerk-ness, and negative energy in telling the world who you hate and how big of a jerk you can be, and how you don't want to be an enemy of - why not seek to build true, lasting, deep friendships?

The old quote, "Keep your friends close, and your enemies closer," is pure B.S.

Why not create a friend instead of nurture an enemy?

Why not tell the world that you can be the best friend they ever made? And prove it by your actions.

Friendships do take an investment. They take consistency. They take time. They take compromise sometimes. It means showing up for them when they most need it.

But those relationships have been some of the richest relationships I've ever had. And totally worth the investment (multiple times over and over in fact).

And yes, I have made enemies in my life. Purposefully and sometimes not. In fact, someone recently asked me jokingly on Twitter who didn't like me. I responded with:

"I can think of 1 or 2 a-holes but I don't like thinking about them. :) hahahahaha"

And although that's sadly true, I've sought to minimize the enemies I've made in my life and business.

My perspective on making necessary enemies is that if you have to make an enemy - and when I say that, I don't mean because your personality defaults to that of a jerk and you sadistically like being labeled one), but you have to make an enemy because you have to set a boundary and tell someone no, or take a legal action - make dang sure it's either for a very good purpose, value or strategic reason.

And even then, question yourself about why.

As my attorney told me recently: "You catch more flies with honey."

So don't be a jerk while making enemies. You'll make more enemies in the process.

Simple, lip-biting kindness in the face of anger and hate and bile helps deflate a situation rather than pour lighter fluid on it.

I tell people often: it doesn't cost me anything to be nice and kind. (In fact most of the time it makes me happier.) And I seek out different avenues to vent my frustration and relieve my stress.

So I say: Don't make enemies. Invest in friendships.

It should be common sense, but sometimes I (and maybe you) need a reminder.

29 Jul 2015 5:13am GMT

WPTavern: Adler: A Unique Personal Blogging Theme for WordPress

If you're on the hunt for a new WordPress blogging theme but the designs are all starting to look too similar, you may want to check out Adler. It is one of the more unique themes to land in the WordPress.org directory in recent months with its uncommon typography choices and bright bursts of color.

Adler was created by Romanian theme designer George Olaru of Pixelgrade. Olaru takes a unique approach to the popular fullscreen splash page style that many themes have adopted for a homepage layout, overlaying it with a serif font title paired with a hand-script style subtitle.

adler

Styling for single posts is similar to the home page with the featured image serving as a fullscreen background for the title. Scroll further down and the post content is centered with no distracting sidebar widgets.

Adler combines two unusual Google font choices in the design: Droid Sans Mono for paragraph text and Permanent Marker for blockquotes and subtitles. Images in posts overhang the text column to create a strong visual impact.

adler-images-blockquotes

Adler's files include a tiny leaf icon that is tastefully applied on the home and archive templates to separate posts. The effect is minimalist without appearing to be stark. The theme also includes support for Font Awesome icons.

font-awesome

The necessity for large featured images can sometimes be a drawback for users when selecting a blogging theme. After testing Adler, I found that the design doesn't break if you don't have a large featured image assigned to a post. In fact, posts lacking a featured image look just as nice as those that include one, so you're not tied down to hunting for one every time you publish.

Adler supports three menu locations for a primary, footer, and social menu. It includes support for one footer widget area, which spans three columns. There are just two options available in the native customizer that allow you to change the background color or add a background image.

Adler was created to be a personal blogging theme and the design instantly communicates: "I have something to say." Check out the live demo on Pixelgrade.com to see it in action. If you like what you see, you can download Adler for free from WordPress.org.

29 Jul 2015 1:09am GMT

28 Jul 2015

feedWordPress Planet

WPTavern: New WordPress Plugin Automates Slack Team Invitations

slack-logo

Generating Slack team invitations can become rather tedious when you're managing a large group of people - particularly when the team is open to almost anyone. In the case of a company or organization, a Slack admin can use the feature that permits anyone with an email from a specified domain to be accepted on signup. However, this feature isn't applicable to teams that are made up of people with diverse email domains and associations.

Julio Potier, a French security consultant and prolific plugin developer, created a solution for this particular scenario. As an admin on the WordPressFR.slack.com team, which is open to all French WordPress users, he needed a more convenient way to allow new signups. The team has 27 channels and 250+ members with 200 added in the first week.

Julio decided to create a plugin to make the invitation process easier in the future. The new Slack Lazy Invitation plugin automates the sending of Slack team invitations by adding a frontend signup on your WordPress site.

join-slack-team

The user simply enters an email address and the invitation is sent. A Slackbot confirmation will appear on the page.

slack-team-invite-sent

To configure the plugin for your Slack team all you need to do is enter the group name and the security token for your Slack invitations. As this token is not easy to find, Julio wrote a bookmarklet that will automatically capture it for you. From the plugin's settings page you can drag and drop the bookmarklet into your browser toolbar on the invitation page found at: https://YOURGROUP.slack.com/admin/invites.

lazy-slack-settings

Once the plugin is configured, the invitation signup page will be available at example.com/wp-login.php?action=slack-invitation. If you're using either the wp-reCaptcha or google-captcha plugins, Slack Lazy Invitation will automatically add protection to the form.

slack-invite-recaptcha

The plugin also includes support for the SF Move Login plugin, so that the invitation form is available at /slack-invitation instead of the much longer URL. This slug can be changed in the SF Move Login settings panel.

In the future Julio plans to add support for adding invite pages for multiple groups. I tested Slack Lazy Invitation and found that it works exactly as advertised. If you have a large Slack team with open invites, this plugin will save you quite a bit of time. Download it for free from WordPress.org.

28 Jul 2015 10:30pm GMT

27 Jul 2015

feedWordPress Planet

WPTavern: Meet PeepSo: BuddyPress’ Newest Competitor in Open Source Social Networking for WordPress

When the first BuddyPress beta arrived on the scene in 2008, there was nothing like it for WordPress. Facebook was still relatively new to the public and Twitter was just a couple years old. A plugin that transformed WordPress into a social network was an exciting prospect.

After seven years of virtually unchallenged dominance among WordPress social networking plugins, BuddyPress has a new competitor. PeepSo, trademarked "Your people. Your community. Your way," is the newest contender in WordPress' open source social networking plugin niche.

Unlike BuddyPress, which for the most part has improved slowly through community contribution, the PeepSo project is run more like a startup and is 100% self-funded. It is currently being marketed as an alternative to BuddyPress.

You've been asking for it. An alternative to BuddyPress. It's here! http://t.co/Uxd7AQcnCL #wordpress #buddypress pic.twitter.com/yYRI5pnXJR

- peepso (@peepsowp) July 22, 2015

The PeepSo plugin, available on WordPress.org, offers many of the same core features as BuddyPress but was launched with a collection of commercial add-on plugins for things like photos, videos, moods, tagging, locations, friends, and messages. A groups feature is noticeably absent from Peepso but planned for version 1.4. Current extensions seem to focus primarily on adding multimedia features to the activity stream.

peepso-profile

Who is Behind PeepSo?

merav-peepsoPeepSo was founded by Merav Knafo, owner of JomSocial, Joomla's most popular social networking solution. Knafo, a veteran in the Joomla community, brings a unique perspective on the differences between the Joomla and WordPress markets for social networking software. As Joomla captures roughly 7% to WordPress' 60% of the CMS market share, Knafo saw an opportunity to break into a larger market.

"As a business owner, it's my job to pay attention to trends in my industry and unfortunately, Joomla has been on a downward trend since 2009," Knafo said.

"Many of our JomSocial customers have asked us to 'make JomSocial for WordPress,' because they wanted to switch to WordPress but there was nothing like JomSocial for WordPress. Finally, I could not ignore the trend nor the requests and decided to get into the WordPress market as well."

Knafo hopes to parlay her experience with JomSocial into her new venture with PeepSo.

"We stuck with Joomla for almost 10 years now and took JomSocial to a whole new level when we took over in 2013," she said. "I am very proud of what we've accomplished with JomSocial and super excited to implement all this experience and knowledge into PeepSo."

How PeepSo Got Started

The idea for PeepSo was incubating for a few years before Knafo had the opportunity to execute it.

"Brad Bihun used to be a customer of ours at iJoomla, and then he switched to WordPress," she said. "We happened to live very close to each other in Encinitas, California, so we met up and suggested I'd created 'JomSocial for WordPress.'

"At that time, I didn't even own JomSocial and I was too busy with all the iJoomla products. Then a couple of years later, I acquired JomSocial and he approached me again, but once again, I was just too busy. A year and a half into JomSocial acquisition, when things got a lot smoother, I finally said yes, he introduced me to the SpectrOM team, and we got started."

Although the plugin appears to be marketed as a direct competitor to BuddyPress, Knafo said that it wasn't created specifically for that purpose but rather to give WordPress users a more robust array of options for building networks.

"Obviously we felt there was a need for another product as an alternative to BuddyPress," she said. "Leaving users with just one option is rarely a good idea, people like options.

"We don't necessarily plan to take on BuddyPress, we just want to offer those who want an alternative, a product that is of high quality and that is being continuously developed. Ultimately, people will choose the solution that serves them best. We are just getting started, but we have big plans and an excellent track record doing this successfully with Joomla."

The Differences Between PeepSo and BuddyPress

I asked Knafo what her team perceives to be the most notable differences between PeepSo and its more established competitor, based on what they found to be lacking in BuddyPress.

"I'd say the look and feel is a lot more modern in PeepSo right off the bat with no special themes needed," she said. "The features are more up-to-date with the latest and greatest features of big social networks, such as Facebook - from cover photos to 'likes' and so on."

BuddyPress core developers have opted to leave the aforementioned features to separate third-party plugins as opposed to packing them into core. With certain features, i.e. photos and videos, PeepSo does the same, except the add-ons are supported by PeepSo core developers.

"PeepSo is lightweight and allows you to only add features that you need, to keep it lightweight," Knafo said. "PeepSo's code is so beautiful it made our developers shed tears of joy when they first saw it - that said, I never looked at BuddyPress's code, nor would I be able to tell whether it's beautiful or not."

In terms of code differences, PeepSo's development team cited what they believe to be a few major differences between their codebase and BuddyPress:

"We have a track record creating and supporting a very large social networking application (JomSocial)," Knafo told the Tavern. "We know the ins and out of this business. We may be new to WordPress, but we are veterans when it comes to social networking applications."

Where is PeepSo Headed?

The PeepSo development team, guided by lead architect Dave Jesch of SpectrOM, has an aggressive roadmap for improving the plugin's core and adding more features via commercial plugins.

"Our main goal is to add more plugins to PeepSo, you can see our road map here. We'll start with a chat plugin, custom profile fields and then groups, events, pages and so forth," Knafo said. The team also hopes to partner with other developers who want to create PeepSo plugins.

I asked her if the team plans to create a hosted PeepSo platform for community managers. Knafo said it isn't totally out of the question but isn't high on the priority list at the moment.

"We tried to do this with JomSocial but we had a hard time finding the right hosting solution for it," she said. "That said, we are open to the idea, a bit down the road."

PeepSo is just getting started and has not yet attracted many customers. However, Knafo's experience of successfully running an open source project for the past 10 years has given her the determination to break into a new and unfamiliar market.

"The sales have been as can be expected this early after the initial release, not too shabby to start with but we expect whole lot more sales as the WordPress users become aware of PeepSo, download the free version and give it a try," she said.

"We're here for the long haul and we take no shortcuts in doing this right. We know it's a huge undertaking; there is so much more to do. I am confident that investing in WordPress was the right move, I've been very pleased by the feedback and the community. My hope is that WordPress developers will join us and create awesome plugins to take PeepSo to the next level."

27 Jul 2015 10:50pm GMT

WPTavern: Only 70 Tickets Remain to Livestream Prestige for Free August 1-2, 2015

Prestige Conference LogoWith just a few days remaining before Prestige takes place, there are only 70 tickets left to watch the event for free. Courtesy of Rocketgenius, the event's primary sponsor, more than 500 people will be watching the event for free this weekend. To watch the event for free, use the code GravityFormsLS when purchasing a streaming ticket.

Prestige is a conference founded by Kiko Doran and Josh Broton in 2014 that focuses on the business aspects of WordPress. The first event was held in Minneapolis, MN, in October of 2014. Earlier this year, Prestige was held in Las Vegas, NV. This weekend marks the third time the conference will be held.

The Future of Prestige

The first and second conference had approximately 100 attendees and Doran expects the same amount this weekend. However, future iterations of Prestige will have lower attendance. "We are transitioning to more of an online event. We're actually going to make the in-person events smaller moving forward." Doran told the Tavern.

There's also a chance the conference could morph into something completely different. "After organizing two WordCamps, I figured out some of the things I loved about them and some of the things I don't. Prestige has given me the freedom to try new things and see what people like and what they don't like," Doran said.

Prestige in Las Vegas NevadaPrestige in Las Vegas, NV Image courtesy of James Dalman

Although the conference has been held twice this year and in different cities, the organizing team plans to host at least one Prestige conference in Minneapolis every year. Talks are underway for the next event but details are not locked down.

"We plan to do one in Minneapolis every year because we love the community there. We'd like to do Minneapolis in the summer time, due to weather, then we'd like to do any winter events in a warm place," Doran said.

Organizing a conference is a challenging experience that benefits from having motivated organizers. Doran explains what motivates him to organize Prestige, sometimes twice a year.

"I have a small awesome team of organizers that love putting this event on. That and the people who come and share their knowledge. It's a smaller event but to me, that's the appeal of it. Everyone is far more approachable in this environment," he said.

A First for Prestige

This weekend's event features a hands-on workshop by Jennifer Bourn of Bourn Creative. It's the first session in Prestige's young history to involve hands-on exercises. The session is uncharted territory for the conference which has mostly focused on people sharing their experiences building businesses.

How Long Will Doran Organize Prestige?

With this being his third conference, I asked Doran how long does he plan to continue organizing Prestige, "I'll organize the conference as long as there is a demand for the content. People often say to scratch your own itch. This conference started off as a little self-serving in that I wanted to ask people all of these questions. Then I thought, couldn't others benefit from this information as well?" he replied.

I'll Be at Prestige Conference

I'll be among the 100 expected attendees at this weekends conference. If you're attending the event, please stop me and say hi. If not, make sure you grab one of the 70 tickets left to watch a livestream of the event. You can also monitor the #Prestigeconf hashtag on Twitter. If you've previously attended Prestige or watched the livestream, please share your experiences in the comments.

27 Jul 2015 9:13pm GMT

WPTavern: WordPress Users Association Under New Ownership

The WordPress Users Association (WPUA) is breathing new life after it was acquired by Paul DeMott earlier this year on Flippa for $797. WPUA originally launched in December 2010, with the goal of providing a central place for WordPress users to swap war stories, learn how to get the most out of WordPress, and take part in getting special discounts on themes and plugins.

Redesigned Front PageRedesigned Front Page

Three years after its launch, the site appeared to be dead. In 2013, I paid to become a member to confirm my suspicions and to see if the site still accepted payments. Free themes and plugins offered to members were not impressive and there wasn't much to choose from. All of the videos used for WordPress training were broken. Despite these setbacks, I was able to successfully complete the refund process.

Financial Details

Earlier this year, WPUA.org was listed on Flippa.com, a domain auctioning site. As part of the auction financial details of WPUA.org were made public. According to the seller, the site made $20K when it launched. The previous owners spent between $500-$1,000 on ads and answering WordPress questions through the Ask a WordPress Expert section of the site.

The following shows revenue, costs, and profit between October 2014 and March 2015. WPUA earned revenue primarily with product or service sales and affiliate income.

WPUA RevenueWPUA Revenue

At the time the site was listed for auction, it had 3,500+ total members made up of free and paid subscriptions. The site today boasts more than 5,600 members.

Previous Owner Explains Why He Sold The Site

Wesley Williams is the former owner of WPUA.org and helped launch the site in 2010. Williams transitioned away from the domain because his web development business used the majority of his time. "We felt with our limited time to invest in it that it was best to transition it to someone who shared our passion but had a little more time to invest in growing the community and serving the members. We completed this transition back in April," Williams told the Tavern.

From my perspective, the WPUA was not a successful venture but Williams says otherwise.

"I wouldn't say it wasn't a success. There are thousands of members and we provided a lot of help to a lot of new and experienced WordPress users. As my main core business grew and as the time requirements of our projects increased, we couldn't devote the time required to answer questions and give the help needed.

"Actually, WPUA was a big success in my mind. Just from a number of members point of view it was a success. From the amount and number of questions and people we helped it was a success and from a financial standpoint it was a success," he said.

Williams explains his goal with WPUA and why some members of the community may not be aware of the growth it had. "My goal was to help the under-served, those just getting started and without the technical know how to make what is actually simple fixes or changes to their WordPress site.

"I didn't run the WPUA in the circles of all the established WordPress technical crowd, even though a large number of them became members of the WPUA. I ran it focused on users new to the platform and so because of that, some members of the WordPress community might not be aware of the growth and success it had," he said.

Through the course of time, Williams and his team adjusted membership levels and access points which helped increase registrations. Williams also learned that what members wanted was a direct way to ask questions and receive expert answers.

"A person new to the platform didn't want to post their question in a forum and they weren't really sure what the real question was. Thus, we removed the forum and went to an 'Ask an Expert' system where they could email their questions. This seemed to work better for everyone," he said.

Overall, Williams is happy with how WPUA progressed and feels fortunate to have played a role in its growth and success.

Who is Paul DeMott?

In the following video, DeMott explains how to build a eCommerce site with WooCommerce and calls himself the new president of recruitment for the WPUA. According to his LinkedIn profile, he lives in Cincinnati, OH and is the owner of Paul's SEO and Web Expertise which works with companies to develop websites that bring in internet traffic and sales.

Not much is known about DeMott and multiple requests for comment have gone unanswered. It's unclear what his plans are for WPUA.org but so far, it's remained as a paid subscription membership site. If you are a past or current member of the WordPress Users Association, please tell us about your experience in the comments.

27 Jul 2015 8:39pm GMT

Matt: MPAA Smoking Gun

Sometimes truth is worse than what you would imagine: Smoking Gun: MPAA Emails Reveal Plan To Run Anti-Google Smear Campaign Via Today Show And WSJ.

27 Jul 2015 3:34pm GMT

25 Jul 2015

feedWordPress Planet

WPTavern: Plugin Developers Demand a Better Security Release Process After WordPress 4.2.3 Breaks Thousands of Websites

photo credit: Ravages - ccphoto credit: Ravages - cc

WordPress 4.2.3, a critical security release, was automatically pushed out to users yesterday to fix an XSS vulnerability. Shortly afterwards, the WordPress.org support forums were flooded with reports of websites broken by the update.

Roughly eight hours later Robert Chapin (@miqrogroove) published a post to the Make.WordPress.org/Core blog, detailing changes to the Shortcode API that were included in the release. According to Chapin, these changes were necessary as part of the security fix:

Due to the nature of the fix - as is often the case with security fixes - we were unable to alert plugin authors ahead of time, however we did make efforts to scan the plugin directory for plugins that may have been affected.

With this change, every effort has been made to preserve all of the core features of the Shortcode API. That said, there are some new limitations that affect some rare uses of shortcodes.

The security team had no reasonable way of accounting for every single edge case, but the negative impact of these changes were far more wide-reaching than they had anticipated. This particular use case likely wasn't covered in their testing. Unfortunately, plugin developers found out about the breaking changes only after the security release had already left a slew of broken websites in its wake.

"I fully understand this is an issue, but isn't this a weird way of updating - almost all our clients are calling / e-mailing us at the moment as their sites seem to be broken," one developer commented on the Shortcode API post. "Normally it would be better to announce such huge impact changes to the plugin and theme developers. This means I need to fully reschedule my agenda, which already is full during holiday season."

Comments on the WordPress.org post are full of developers scrambling to find a way to fix client websites. Many were disappointed that the total secrecy of the security team, which is necessary in situations like this, was not immediately followed up with a public post on the important changes to the Shortcode API. Meanwhile, the email inboxes of agencies and plugin developers are filling up with urgent messages from outraged clients.

Developers want better communication from the those who are managing security releases. Amir Helzer, author of Types and Views, two plugins majorly affected by the release, sums up the thoughts of many other commenters on the Make/WordPress.org/Core post:

We are updating the Views plugin today, so that we resolve all shortcodes before passing to WordPress to process content.

This is a straightforward change, which takes us one day to complete.

Would have been great to receive a heads-up about an upcoming change in WordPress, so we could do this change on time.

We received a huge amount of support requests due to this, but this isn't the issue. We can deal with a wave a support issues. This time it wasn't "our fault", but sometimes it is.

What worries us, as mentioned above, is seeing our clients (folks who build WordPress sites for a living), losing their faith in the system. They feel like the system sees them as little ants and not as humans. People don't like seeing their problems being dismissed.

Many of them run hundreds of sites. They cannot afford to stop everything and fix content on so many sites. Especially not if they are currently away for their family vacation.

What others have asked here, and I would like to ask, too, is to setup a mechanism that allows WordPress core developers to privately communicate such upcoming issues with plugins developers.

We are your partners.

Without WordPress (secure, stable and reliable), we would not exist.

Without great themes and plugins, WordPress would not power 24% of the Web.

WordPress core members already volunteer a lot of their time. I'm not asking for anyone to volunteer more time. Need help? Ask us. There is a huge community of developers who rely on WordPress. We would be happy to get involved and set up whatever is needed.

User confidence in WordPress' automatic background updates took a dent with the 4.2.3 release. Waking up to broken websites causes users to second guess automatic updates after being assured that maintenance and security releases would not include breaking changes.

When users get burned by automatic updates, in the end it doesn't matter which party is at fault - whether it's the core team or a theme or plugin. They simply expect updates to work and not break anything. Even in instances where a poorly coded extension may be at fault, the average user has no way of determining whether or not their active plugins follow WordPress best practices.

The aftermath of the most recent security release is one reason why many developers and users are still wary of automatic updates. Amir Helzer represents many other plugin developers who are eager to find better ways to work together with the core team to provide a better update experience for users. This is especially important for releases like this one where the Shortcode API changes directly affected users' content. Hezler's comment reaffirms the fact that development agencies, plugin developers, and core developers are all partners on the same team. It's time to find better ways of working together to provide the best update experience possible for WordPress users.

25 Jul 2015 2:46am GMT

24 Jul 2015

feedWordPress Planet

WPTavern: FooPlugin’s Digital License Key Management Plugin is Now Open Source for Developers

photo credit: 16th st - (license)photo credit: 16th st - (license)

Three years ago, FooPlugins built FooLicensing, a digital license key management tool that enabled them to manage customers of their EDD-powered commercial plugins store. Although EDD already offered a license creation and management extension, FooPlugins required more features than it had at that time and opted to build their own.

As of today, FooLicensing is now open source and free for anyone to use, along with the associated EDD connector plugin.

"We love the community and wanted to give back," FooPlugins co-founder Adam Warner said.

"We know FooLicensing could be so much more but we just don't have the time to dedicate to it alone. We are a small team and because of that we find ourselves with dozens of projects that could be so much more if only we had more time and people."

Open sourcing a project can change its trajectory if there's enough interest and developers willing to contribute to improve it. Warner isn't counting on that, however, and simply hopes other developers will find it useful.

"It's a bit of a leap of faith, but if it helps someone else get involved to help create an even more robust system, then great," he said. "Bonus if it helps someone build additional extensions to help others."

FooLicensing's main features include:

A logged-in user who has entered a license key will see all the relevant account information detailing status, activations, expirations, etc.

foolicensing-user-admin

Administrators who are using the plugin together with its EDD Connector will see a menu with various license creation and management tools.

foolicensing-admin-view

The EDD Connector, also now open source, enables the following:

Foo Licensing is Extensible for Other Platforms

FooLicensing was built from the beginning to be extensible for use with other platforms beyond EDD. The team at FooPlugins had plans to expand their library of connectors but didn't have the time to execute them.

"Our goal for FooLicensing was to build additional integrations for other eCommerce plugins and digital sales platforms but it quickly took a back seat as our FooBox and other plugins like FooGallery gained popularity," Warner said.

"Documentation is non-existent at this point, but we welcome you to step through the code and consider getting involved with the core plugin or with extensions for other eCommerce platforms."

Warner said the team is considering a full-fledged site dedicated to FooLicensing if enough developers become interested and would consider the possibility of a marketplace to host any extension built. FooPlugins does not currently have plans to create additional extensions in house.

"We'll see what the future holds, but for now we need to move forward with some other things rather than holding this tight to our chests," Warner said. "Open sourcing the plugins just fits in with what we believe is the right thing to do to make the web (and the WP community) a better place."

24 Jul 2015 8:17pm GMT

Post Status: Thesis, Automattic, and WordPress

Chris Pearson and Matt Mullenweg have hardly communicated with one another in the last five years, but they are ideological enemies. They are both wealthy individuals (though of different magnitudes) thanks to their online endeavors, with very strong personalities and unshakable beliefs on business and software. This is a story of their dispute, their idealism, and the implications it will have on the WordPress project.

Matt Mullenweg co-founded WordPress, founded Automattic, and is one of the most successful entrepreneurs of his generation. He runs a billion dollar "unicorn" startup centered on a culture of embracing open source technology and has achieved incredible success embracing principles counterintuitive to either Silicon Valley or big corporate culture. He's paving a new path for how to create a valuable software company while religiously defending and promoting open source software.

Chris Pearson founded DIYthemes and helped pioneer the early WordPress commercial theme industry. He has run his business successfully for over seven years, despite unique hurdles that result from a very public dispute with Mullenweg in 2010. He vehemently defends his work as his own non-derivative achievement and rejects the religiosity and cult mentality that he believes exists in the WordPress ecosystem. He views WordPress as a huge chunk of the web, available to be monetized - which he has done so to the tune of millions of dollars - but he does not believe he must adopt Matt Mullenweg's principles in order to meet customer demand, run his own business, and protect his own inventions.

By all normal definitions, Mullenweg and Pearson have done incredibly well for themselves. However, from a pure size perspective and principles aside, Mullenweg is the big nation army and Pearson is the small revolutionary militia. Mullenweg views Pearson as a threat to everything he stands for and has worked to accomplish, and Pearson views Mullenweg as an overbearing figure with no true authority over his decisions.

Mullenweg has the motivation, resources, and ability to squash Pearson - and indeed most thought he'd done so already. While he has far fewer resources, Pearson has some tools available to protect his business or to potentially even disrupt the entire WordPress ecosystem as we know it today.

During their first conflict in 2010, and in the resurgent one going on now, Mullenweg and Pearson have both at times made mistakes, acted childishly, or been in the wrong. Both also have merit in various aspects of their positions. Neither conflict, so publicly debated, reflects well on the WordPress ecosystem as a whole - even though I believe it is right that each conflict is best observed under a public eye, as the results can affect so many other businesses and potentially even WordPress itself.

With this post, I aim to outline the entire conflict; to describe the implications past, present and future; to highlight non-WordPress comparisons for precedent and potential implications; and to share my own thoughts on who is in the right and who is in the wrong, as viewed for the good of the global WordPress community.

A history of conflict

The commercial theme movement started in 2007 and took off in 2008. Thesis was one of the pioneers of commercial WordPress themes. The theme industry was young and evolving rapidly, and many sellers hardly considered or understood licensing issues at all.

Many of the sources for this period are from Siobhan McKeown's excellent account in the book, Milestones: The Story of WordPress (which I'll refer to as Milestones).

Themes as derivative works of WordPress

WordPress is licensed by the GNU General Public License (GPL), version 2 or later. The GPL ensures certain freedoms that protect both WordPress and those that utilize it. The "four freedoms" that are the heart of the GPL are as follows:

  • The freedom to run the program as you wish, for any purpose (freedom 0).
  • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
  • The freedom to redistribute copies so you can help your neighbor (freedom 2).
  • The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

As WordPress co-founder Mike Little phrased it in the Post Status Slack, "The GPL is meant to be restrictive for developers and permissive for users." The GNU philosophy page and subsequent articles are a good resource for understanding the nature of the license.

The GPL is a Copyleft license, which creates the "stipulation that the same rights be preserved in derivative works down the line." In an immature theme market, licensing was given relatively little notice, and many theme authors provided their themes with no license or proprietary licenses.

Matt Mullenweg, to many, would be considered BDFL, or Benevolent Dictator for Life, of WordPress. It's a common term for folks that lead open source projects and have final say on project decisions. In his role as WordPress BDFL, he now has a reputation - at least within certain circles of folks that pay close attention - for making large, impactful decisions with little description of why he has done so.

In late 2008, more than 200 free WordPress themes were removed from the WordPress.org theme repository. While many of the themes were removed due to spammy links, some were pulled due to GPL violations within the themes or within the theme upsells that were linked from the theme listings.

The move, which was made without announcement, shocked many theme providers that felt they were unfairly included in the group of removed themes. The situation created a spark and initiated a serious debate about theme licensing.

Authors were concerned that GPL licensed themes would mean that their themes would be bought and freely distributed, removing their ability to make money from their works. A few, such as Brian Gardner with his Revolution theme, changed their licensing as a result of conversations with Mullenweg and Toni Schneider, Automattic's CEO at the time. In Brian's case, he made his theme free and offered paid support services.

Eventually though, most authors "selling" themes started actually selling support, access to download, and updates for their themes. This model was both GPL compatible, as well as workable for authors to get paid.

In mid-2009, Matt Mullenweg also posted on the official WordPress blog that he was introducing a new commercial theme listing page on WordPress.org, and he shared an opinion he requested from the Software Freedom Law Center (SFLC), where they determined that the two themes packaged with WordPress were derivative works.

The SFLC opinion did leave room for a "split license" where the WordPress and PHP code must inherit the GPL, and the CSS, Javascript, and images could be under a proprietary license:

In conclusion, the WordPress themes supplied contain elements that are derivative of WordPress's copyrighted code. These themes, being collections of distinct works (images, CSS files, PHP files), need not be GPL-licensed as a whole. Rather, the PHP files are subject to the requirements of the GPL while the images and CSS are not. Third-party developers of such themes may apply restrictive copyrights to these elements if they wish.

Finally, we note that it might be possible to design a valid WordPress theme that avoids the factors that subject it to WordPress's copyright, but such a theme would have to forgo almost all the WordPress functionality that makes the software useful.

"Split license" is the colloquial term the community has assigned to this statement, but in fact the actual splitting of which parts are GPL and which parts are not matters, so it may not do the reality of the situation justice. Perhaps it should be termed "PHPGPL" or "Non-Assets GPL".

A number of prominent theme sellers were unhappy with Mullenweg's insistence that their themes maintain a 100% GPL license, but they were not willing to shake the boat over it. At this point, themes were becoming big businesses and making new millionaires (or close to it) of some of these shop owners. This settled the issue for nearly all theme sellers, and most moved to either 100% GPL or a PHPGPL license, and the doomsday scenarios never came; the theme industry continues to thrive.

Thesis holds out

But not everyone agreed to go either 100% GPL or PHPGPL license. Chris Pearson kept his Thesis theme under a proprietary license.

Thesis was one of the most popular and flexible themes in the world, and Pearson boasted on Andrew Warner's Mixergy podcast of revenues of $1.2 million+ over the 12-18 month period prior to the interview. Mullenweg and Pearson criticized one another publicly, and Warner invited them both to Mixergy where they debated the merits of GPL licensing.

By most accounts, Mullenweg had the better argument on the Mixergy episode, and also came off as a calmer and more collected personality - in contrast to Pearson's often heated, and sometimes very strange, statements.

The debate continued between Mullenweg, Pearson, and a variety of WordPress community members and their blogs. Mullenweg was extremely aggressive, to the extent that he offered to buy alternative commercial themes for users of Thesis that agreed to switch. Mullenweg tells me that many took him up on his offer, but it was, "less than a thousand." In my opinion, this was a step too far by Mullenweg, though for him the issue was already personal.

Pearson held his ground over the following days until an admission by one of his own team members of wholesale copying of code in Thesis from WordPress code, which violates the WordPress copyright.

At this point, Pearson finally capitulated and announced that Thesis would be a split license GPL compatible theme, and the debate died down. Pearson put his head down and started working on Thesis 2.

He released Thesis 2 in late 2012, and by this time the debate was cool - the community had moved on to other drama (yes, even more GPL drama) - and the release of Thesis 2 was largely ignored outside of DIYthemes' audience, which was quite large but also largely isolated from the WordPress "community" that cares about stuff like licensing.

Therefore, not many people paid attention to the new Thesis or the licensing it contained. Mullenweg, however, was still paying attention.

The battle over thesis.com

If you consider the word thesis, what do you think of?

If you are a regular person walking down the street, you probably think of the general concept for stating a theory, or perhaps you think of the long papers that university students write as part of their programs.

If you are in the WordPress world, you may also consider the Thesis WordPress theme by DIYthemes.

Good, single word domain names are hard to come by. Thesis.com, if you visit it now, redirects to the ThemeShaper blog. ThemeShaper is owned and operated by Automattic, and frequently posts articles about WordPress themes.

ThemeShaper is not a dedicated commercial property, but it does link to Automattic's primary website, and Automattic does make and sell WordPress themes.

Automattic buys thesis.com

Automattic hasn't always owned thesis.com. Matt Mullenweg met a third party owner of the domain at a conference - a guy named Larry - and inquired about the domain by email in January of 2014. Chris Pearson had already attempted to purchase the domain from Larry, and did not agree to pay the $150,000 that Larry requested.

According to Pearson's accounts, he and Larry had a few exchanges that stalled with Pearson unwilling to bid beyond $37,500 for the domain, and Larry sticking to $150,000. With a $100,000 offer on the table from Mullenweg, Larry gave Pearson an opportunity to buy the domain for $115,000, which he didn't do - in part because he thought it too expensive, but also because he suspected Larry didn't really have the offer from Mullenweg.

As we now know, Larry did have the offer and Automattic became the owner of the thesis.com domain name.

Pearson didn't know that Mullenweg actually bought the domain until November of 2014, when he was notified by a friend that Mullenweg's WordCamp San Francisco State of the Word Q&A session included a section where Mullenweg noted that he owned the domain (more on that later).

Pearson attempts to force domain transfer

On April 9th, 2015, Pearson and his lawyers filed a UDRP (Uniform Domain-Name Dispute Resolution Policy) complaint, which is a formal method for resolving domain disputes, recognized by ICANN. UDRP isn't a formal government court, but serves as arbitration for domains due to the recognition by ICANN.

There are many, many examples of UDRP complaints in regard to trademark infringement. There are a number of criteria that come into play that guide the UDRP panel's decision making process.

The three basic tenets that must be met are as follows:

(i) your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and

(ii) you have no rights or legitimate interests in respect of the domain name; and

(iii) your domain name has been registered and is being used in bad faith.

The panel reviews the initial complaint (in this case, by Pearson) and gives the respondent (Automattic) an opportunity to respond. All correspondence is in writing and not in person. The panel has two weeks after everything has been submitted to reach a decision.

In this case, which is available publicly, the panel denied Pearson's complaint.

Pearson's complaint cited that he fulfilled each of the three criteria:

In the response, Automattic did not contest Pearson's trademark on the word thesis. However, Automattic also noted that the word is very generic, and also that ThemeShaper was not a commercial part of Automattic, but a "blogging site."

For the bad faith argument, Automattic claimed that the redirect to ThemeShaper furthers their, "purpose in providing a blogging site," and highlights that the intention for the domain is not as a commercial entity or one to be confused with Pearson's trademark.

Automattic wins dispute

Automattic won the dispute against Pearson. As noted, the panel had two weeks to deliver the decision, and Automattic proposed a settlement with Pearson before the decision was handed down.

Pearson was considering the settlement when the decision came a day before the two week deadline, which is apparently not a common occurrence. Had the decision not come early, Pearson may have saved himself some trouble, especially in regard to eliminating the trademark cancellation requests by Automattic on thesis and related terms.

In Pearson's blog post, The Truth about Thesis.com, he notes the general terms of the proposed settlement:

Automattic's attorneys drafted the original settlement, which included the following terms:

  • Automattic would keep thesis.com
  • Automattic would withdraw the federal trademark cancellation request
  • I would withdraw the UDRP
  • Both parties would mutually release one another (agree not to sue over this issue in the future)

Nothing in the original settlement addressed the trademark infringement, and since this was the reason I took action in the first place, I added a requirement that Automattic no longer infringe upon my mark (which would mean they stop forwarding the domain).

At this point in the proceedings, I agreed to the settlement.

However, since the decision came early, the settlement was never binding. It's also worth noting that Mullenweg commented to me that Pearson's stated terms are actually not the terms of the settlement:

In the settlement Automattic offered Chris we agreed not to infringe his trademarks (which is the law, regardless of what the settlement said). He never asked us to change the redirect of thesis.com in the settlement, and if he asked after, we would have said no. There were no restrictions on thesis.com in the settlement.

He also said, "I wish he had reached out before litigating," and noted that it would have "definitely" changed the outcome of the entire situation. Whether it truly would have is neither here nor there.

Possibility for appeal

The UDRP doesn't have an official appeals process. Instead, they are willing to not make the changes that a ruling states, if indeed a domain transfer or other action is ordered, if the affected party files a suit in court within ten days of the ruling.

In this case, Pearson did not file in a court within the given timeline, and since the ruling did not require a change in domain ownership, there is no further recourse with the UDRP. However, there is no time limit if Pearson wishes to file in court - but that is the only path remaining if he truly wants to go after the domain.

Legitimacy of the trademark dispute

Trademark law has a long history. Trademarks follow a categorical system, meaning words and terms must be trademarked within a particular category to be applied to.

Pearson has three trademarks for the Thesis and DIYthemes brands, all under international trademark class 42, for computer, scientific, and legal purposes:

The applications were filed in 2010 and registered in 2011. On June 16th, 2015, Automattic filed cancellation requests for all three trademarks, which were instituted June 25th. Pearson has 40 days from the date the application was instituted (which would be August 4th) to file a response to the cancellation requests. His answers, "must contain admissions or denials of the allegations in the petition for cancellation, and may include available defenses and counterclaims." It is his burden as the defendant to establish his defense, and, "Failure to file a timely answer may result in entry of default judgment and the cancellation of the registration."

Basically, Automattic is holding his feet to the fire to defend the trademarks, which their counsel feels should not apply for two primary reasons, as listed in their formal filing.

If upheld, the trademarks will be deregistered by the US Patent Office, further limiting Pearson's options to defend his claims to the thesis.com domain name in a formal court suit.

I don't know how good of a case Automattic has, but purely on the surface it looks pretty good. I spent time reviewing the application and the US Code and the arguments appear fairly sound - especially the argument that Pearson applied for the trademarks as an individual and utilizes them as DIYthemes, despite DIYthemes already having been registered as an LLC.

Automattic's justification for the domain

During the WordCamp San Francisco Q&A, Mullenweg noted the existence of the redirect of the domain name with a sense of pride, and a bit of a side-eyed smirk. In response to a question about relationships with commercial theme sellers and marketplaces, he states:

With the premium theme and plugin folks? … We have had some ups and downs, particularly with marketplaces that didn't follow the GPL, for example, or violated WordPress's license - themes that violated WordPress's license. Um, you can go to thesis.com to learn more about that. Type it in, seriously.

I was at this Q&A in person, and don't remember him saying this, as it was so buried in a much larger conversation, and I was simultaneously writing a wrap-up post about the State of the Word. However, once the UDRP ruling surfaced publicly, a number of WordPress community members recalled Matt's statement and it brought a new dimension to the ruling and Mullenweg's motivation for the domain.

While Automattic bought the domain, Matt Mullenweg was clearly the driving force behind the decision. When WP Tavern prompted Automattic for a comment on their motivation for purchasing the domain, they responded with the following:

We're happy the panel ruled in our favor. We think Thesis.com is a cool, generic .com that could be used for a variety of things. Just because you have a small WordPress theme doesn't mean you have a right to seize generic English word .com domains.

We can accept Automattic's case that they had a general interest in a generic .com domain, but in reality we know better. Mullenweg was clearly presented with an opportunity by this Larry character that checked all of the right boxes for him.

He could get a domain he obviously knew Pearson would want, and deny him.

It has a side benefit that it is a high quality generic domain that will likely maintain or increase its value. And he probably thought it was funny.

I doubt Mullenweg even knew what kind of trademarks Pearson held, but despite Pearson holding the trademarks, it seems Automattic's attorneys now have the upper hand, and it is highly unlikely Pearson will ever own the domain now.

Mullenweg commented on his refusal to give up the domain to Pearson on WP Tavern:

I'm not going to give a domain worth several hundred thousand dollars to the worst actor in the entire WP ecosystem, someone who keeps repeatedly violating the GPL and now has gone beyond that into patents. Why reward that? I wouldn't sell it if he offered a million dollars.

There are so many people doing amazing things in the WP community, and 100% GPL! I can and have supported them almost every opportunity I can, and one of the things I'm most proud of in the world is how many fantastic open source businesses have been built on top of WordPress.

And it's just the beginning - if you remembered in 2010 Chris said that going GPL would destroy businesses and sticking to the principles of our license would destroy investment in WordPress - we all know how that's worked out since then.

Such a statement, combined with the WCSF video, highlights that the issue is about far more than the domain and its investment potential - a 10x return in less than a year would make for an excellent investment, in the near impossible situation Pearson would offer that.

No, the move was quite clearly a personal one - if also convenient - for Mullenweg, and that's why terms like "bully", "petty", and "spiteful" have been used by many WordPress community members surprised by his actions. They expected more. They expected better, even when directed toward someone as controversial as Chris Pearson.

Pearson's patent

While a tantalizing story, the battle over thesis.com is not the story here. It has simply been the spark to reignite old disputes with new fervor with potentially much bigger consequences than the 2010 affair ever reached.

One of two additional large components of this story is an active patent application by Pearson that was submitted in 2012 and published in 2014. Keep in mind - and Chris Pearson reiterated this to me many times - it is an application for a patent, not a published patent.

A patent on Thesis 2, or all web templates?

The main patent is titled, Systems, Servers, and Methods for Managing Websites. Chris Pearson is listed as the inventor and DIYthemes the assignee.

The patent never mentions WordPress or WordPress themes, however both in the abstract and in the text, it does have many similarities to what one may expect as a description of a general template mechanism for a website, versus a specific description of the Thesis 2 technology.

Here is the abstract in full (and here is the full patent application PDF, including art):

Systems, servers, and methods for managing websites. Some embodiments provide methods which include, according to a user selection of a website skin, activating the selected skin. The skin comprises at least one structural box further comprising structural code for the website. The method also includes receiving a request (for instance a call to a hook) to serve the website. Further, the method includes, responsive to the request, outputting (by echoing PHP code if desired) the structural code with style related code applied thereto according to a reference between the box and a style package (which comprises the stylistic code). The outputting can occur in an order associated with the boxes. In some situations, another skin can be activated. Moreover, a change (or, perhaps, an edit) can be made to another skin and displayed without affecting the website. Moreover, another skin can be selected and associated with the website.

I discussed the patent at length with Chris Pearson, and while much of that conversation is off the record, I can share what I believe his motivations are with the patent application, and what I think the potential implications for this new chapter of Pearson versus Mullenweg are.

Discovery and publicity of the patent

This patent and another that's since been rescinded were discovered by Automattic's lawyers during the UDRP proceedings. There is debate as to how members of the WordPress community discovered the patents' existence - Jeff Chandler of WP Tavern and Carl Hancock of Gravity Forms were two of the first to discuss it publicly - but there is speculation from Chris Pearson and others that the community discovery of these patents was leaked by Mullenweg himself in order to deflect the attention at the time away from the domain issue and onto the patents and their potential implications.

I honestly don't care how they came up, though Pearson's questioning of Jeff Chandler's journalistic integrity were uncalled for. It is anyone's right and ability to tip someone off to legitimate news - and these patent applications are legitimate news - and I don't believe for a second that Chandler has played puppet to his boss's wishes. He has dutifully and to the best of his ability written about whatever news matters to the community, and I respect him for it.

Nevertheless, this patent does potentially have significantly more newsworthiness, depending on if it is approved and how it is defended by Pearson if it is approved.

Patent law and litigation

Patents often get a bad reputation, and their role in the software world is quite murky. I apologize in advance for this long sidebar on the wild world of patents.

Patent trolls

Most folks have heard of "patent trolls" that prey on companies using vague or overly generic patents, demanding big payouts.

Patent law is weird, and the lawsuits that result are infamously unpredictable and cause a scenario ripe for abuse. For example, filing patent lawsuits in one district over another can have enormous impact, like the case of Marshall, Texas, which is a hotbed for patent trolls:

Patent litigation is a growing business across the country; Marshall is just the most visible example. Among the weightier issues behind the mushrooming of its patent docket is whether the elements that have made it expand - hungry plaintiffs' lawyers, speedy judges and plaintiff-friendly juries - are encouraging an excess of expensive litigation that is actually stifling innovation.

Some say yes. "A lot of the cases being filed in Marshall are by patent holding companies, or patent trolls, as they're called, whose primary and only assets are patents," Mr. Tyler said.

Companies that deal in patents but do not utilize the patented technology are called non-practicing entities (NPEs).

One of the concerns with Pearson's patent would be if it were approved and he sold it to an NPE. It's not uncommon for NPEs to acquire patents with the express purpose to enforce them:

Finally, of course, some entities buy patents with the express purpose of licensing them aggressively. For instance, about 25% of "parent" NPEs tracked by PatentFreedom are enforcing only patents that they had acquired. Another 60% are asserting patents originally assigned to them, and the remaining 15% are asserting a blend of originally assigned and acquired patents. However, if we add in the more than 2,100 subsidiaries and affiliates of these entities and treat them all as standalone entities, we find that 19% of them are originally assignees, and 69% are acquirers, and 12% are blends.

Regardless of the important variations in their origin and behavior, NPEs present a fundamentally different challenge than operating company patent assertions.

Software patents unpredictability and "obviousness"

The concept of software patents at all has been in dispute for a long time. Thousands have been awarded, but there are a handful of past court rulings that seem to govern the US Patent and Trademark office's interpretations for making decisions when reviewing software patents.

Obviousness is a key term in the patent world. Patent applicants aim to create "meaningful" patents, but "at a minimum you must have claims that embody patent eligible subject matter, demonstrate a useful invention, cover a novel invention and which are non-obvious in light of the prior art. Obviousness is typically the real hurdle to patentability, and unfortunately the law of obviousness can be quite subjective and difficult to understand. At times obviousness determinations almost seems arbitrary."

"Art" is the outlay of the invention by the applicant, and the invention's ability to be patented depends on "prior art" not deeming the invention as obvious. Establishing non-obviousness for software has a contentious history. If it can be shown that, "any combination of prior art references that when put together would be the invention in question," then the applicant is in trouble.

But there is a great deal of potential for subjectivity from thousands of patent examiners:

Still, ever since the Supreme Court's decision in KSR [reference] there has been a great deal of subjectivity in the application of the law of obviousness, which is apparent if you look at the patents that issue, patents that are finally rejected and ultimately abandoned, and the patents the Federal Circuit ultimately finds to include obvious patent claims. There is little to no predictability at the edges.

The Alice case

In my research, the Alice case came up many times as a pivotal case for helping to define the legitamacy of software patents. Martin Goetz is the holder of the first ever software patent, and has an excellent write-up on the importance of the Alice case.

I have been asked for my opinion based my long history in the software industry and from my perspective as someone that has followed that controversial question "Is Software patentable"? That question first began to be publicly debated when I received the first software patent in 1968 for an invention on a new way of sorting data on a computer. Shortly thereafter a publication printed a page one headline "First Patent is Issued for Software, Full Implications Are Not Yet Known."

Forty five years later a variation of that question was again before the Supreme Court when it agreed to hear the appeal of the Alice v. CLS Bank case.

Goetz argues that the Alice case is a victory for software patents on both sides: that it helps true inventions gain patents (he and others assign a high standard to define "invention"), and it also helps prevent abuse of overly vague or non-inventive "obvious" patents to be denied:

The Alice v CLS Bank Supreme Court decision in June 2014 was a great victory for those that believe that inventors that use a digital computer to innovate can get a patent on their invention. It is also a victory for those people and organizations that recognize how the patent System has been abused for many years by trolls and others where there was no invention. Since the Supreme Court decision in June, thousands of patents that should never have been issued are now being deemed invalid by the US Courts and by the Patent Office.

Obviousness and invention for Pearson's patent

This long and boring description of patents is necessary because Pearson's patent application is still just an application, and it can be challenged, both by the patent reviewer, but also by third parties.

As patent obviousness is "so unevenly applied," there is some risk in not challenging Pearson's patent, if a third party like Automattic (or a myriad of other web template providers) is worried about the potential implications of the patent. Although, the Alice case does seem - in my very amateur opinion - to offer better guidance to reject the patent based on a lack of true invention.

Pearson's reasoning for a patent, and its likelihood for success

Patents are not cheap to apply for. The patent application Pearson submitted is 34 pages of art diagrams and text describing the inventiveness of Thesis 2, though Thesis 2 is not specifically named.

I asked Pearson why he applied for the patent, which he did not want to share the specifics of his position due to the open nature of the application. I've racked my brain to try and determine the potential causes as well.

There are only a couple of decent outcomes for Pearson with this patent application. The most likely, and not good outcome for him, is that he is denied the patent; and in this case he would have spent a great deal of money for nothing.

In the event he does get the patent - or perhaps even before it is fully reviewed for approval - he could face a challenge from Automattic or other parties that may be concerned his invention's description could apply more broadly than Thesis 2.

If he gets the patent, and he survives a challenge, I see three ways he could theoretically use it:

Honestly, the whole patent route seems odd. I don't love the idea of this patent being approved, because the application does seem overly broad toward all web templates to me, from the title to the meat of the application's art. However, there are loads of patents in the world for incredibly silly things that have never really impacted a lot of folks' life; it's just that it doesn't mean a silly patent couldn't become a problem. The Electronic Frontier Foundation has mountains of evidence of patent holders causing havoc.

I'm not much of a gambler, but if I had to gamble on this I'd put my money on this patent never being approved, and definitely never truly impacting the web or WordPress industry at scale.

I don't think Pearson is a bad guy for wanting to patent his work. When I requested comment about the patents, he told me, "If I were ever to consider selling my business, things like trademarks and patents show up on the balance sheet and add to the bottom line," but that he views them as, "one of many expensive, ridiculous options for bolstering one's business," versus a way to celebrate and protect his achievements as I previously characterized his intentions.

The GPL

Most agree that the GPL has not been well tested in court, though a software license is a "legal instrument." There is often confusion over whether a license is a contract or not.

License versus contract

One of my favorite things I've read on this is by former Adobe Associate General Counsel Robert Pierce:

A license is not a contract. This much I know.

Rather, a license is a permission granted by one party to another allowing use of a property without fear of lawsuit brought by the granting party. A license does not include a return promise (i.e., consideration) from the licensee. So, as we all learned in law school, a license cannot be a contract under law. This is not to say that a license cannot be an element of a contract under which two parties trade promises, one of such promises being a license. This is commonly known as a "license agreement." But a bald license, a one-way promise, is enforceable outside of contract law. It is something apart. It exists and is enforceable under property law doctrine.

What makes things difficult is that the scope of a license's grant, and the conditions and restrictions on the license (or all of them together) can make what is intended to be a one-way license look a lot like a contract. The precise wording used becomes critical.

The distinction can be significant because, "contracts are enforceable by contract law, whereas licenses are enforced under copyright law," though even this rule depends on the jurisdiction where the matter is being discussed. His larger point is that a license is a one-way street, whereas a contract is agreed upon by both sides.

Spirit of the GPL

There is little debate that a "Split GPL" or "PHP GPL" license is perfectly GPL compatible, though Mullenweg doesn't consider that the "spirit of the GPL," and companies like Envato's ThemeForest and others have felt the consequences of not adopting 100% GPL licenses.

From Milestones:

While not everyone liked the fact that the WordPress project would only support 100% GPL products, most people had accepted it. Many, however, were taken by surprise, by a sudden flare-up around not just the legalities of the GPL, but the "spirit" of the license. In a 2008 interview, Jeff Chandler asks Matt about the spirit of the GPL. Matt says that the spirit of the GPL is about user empowerment, about the four freedoms: to use, distribute, modify, and distribute modifications of the software. Software distributed with these four freedoms is in the spirit of the GPL. WordPress was created and distributed in this spirit, giving users full freedom with regard to the software.

The Software Freedom Law Center's opinion - with regards to WordPress themes, however - gives developers a loophole, one that helps them achieve GPL compliance, but denies the same freedoms as WordPress. PHP in themes must be GPL, but the CSS, images, and JavaScript do not have to be GPL. This is how Thesis released with a split license - the PHP was GPL, while the rest of the code and files were proprietary. This split license ensures that the theme is GPL compliant yet it isn't released under the same spirit as the GPL's driving user-freedom ethos.

The loophole may have kept theme sellers in line with the GPL, but WordPress.org didn't support that approach. In a 2010 interview, Matt says "in the philosophy there are no loopholes: you're either following the principles of it or you're not, regardless of what the specific license of the language is." Theme sellers that sell their themes with a 100% GPL license are supported by WordPress. Those that aren't don't get any support or promotion on WordPress.org or on official resources. This is also one of the WordCamp guidelines, introduced in 2010; that WordCamps should promote WordPress' philosophies. If a speaker, volunteer, or organizer is distributing a WordPress product it needs to be 100% GPL, i.e., the CSS, JavaScript, and other assets need to be GPL, just like the PHP.

Mullenweg believes that Thesis 2 is not only not in the spirit of the GPL, but flagrantly operates in total violation of it, as Thesis 2 carries a 100% proprietary license. Considering the implications for folks that make stuff compatible with the GPL, it's little surprise that Mullenweg has taken the stance and actions he has toward Pearson.

Thesis 2 carries a proprietary license

Chris Pearson's comment on his blog post describes that the theme has always been a proprietary license, and he describes why it is okay to be such:

In October 2012, I released an all-new version of Thesis that carried the same name as the original (which had a split-GPL license), but that's where the similarities stopped.

The new Thesis is not a Theme-it is an operating system for templates and design. This system runs Skins and Boxes, which are similar to Themes and Plugins, but with a boatload of built-in efficiencies that Themes and Plugins cannot provide.

It is worth noting the final paragraph of the SFLC's opinion that Mullenweg has cited numerous times as justification against proprietary licenses does have a provision for avoiding WordPress's copyright:

Finally, we note that it might be possible to design a valid WordPress theme that avoids the factors that subject it to WordPress's copyright, but such a theme would have to forgo almost all the WordPress functionality that makes the software useful.

That's exactly what Pearson believes Thesis 2 is. But the GPL has rarely been tested in a proper court, and never from a WordPress perspective. The SFLC's opinion is just that, for now, whether Mullenweg likes it or not.

The GPL in court

The Free Software Foundation maintains the copyright on the text of the GPL itself, and between the FSF and the SFLC, a small number of lawsuits have occurred, and a German court upheld the GPL as a "valid, legally binding" license, but most of these tests have occurred outside of the United States. From what I can tell, cases involving the GPL have largely settled outside of court when based in the United States, or were argued on whether the GPL was legally applied, like in the case of SCO vs IBM, rather than whether the GPL was legally binding itself.

In another case, Wallace vs FSF, Daniel Wallace compared the GPL to price fixing, as it required software to be free. The FSF won the case, as the judge cited, "The GPL encourages, rather than discourages, free competition and the distribution of computer operating systems, the benefits of which directly pass to consumers. These benefits include lower prices, better access and more innovation."

A much newer case involving VMware again tests the GPL. The Software Freedom Conservancy, "claims VMware is using the Linux kernel without respecting the terms of its copyright license, the GPL." This case may offer a better precedent for WordPress and its derivative works, as it is centered on "module loading" in VMware, "with an insulating layer to allow its kernel to use unmodified Linux drivers." The case gets murkier than that, as it may not have been as isolated as it was attempted, but the result could be decent precedent for similarly loading WordPress themes and plugins, in my opinion.

Limited guidance

Few lawyers want to be the first to test something in court. It's easier to make a case when there are many cases before you to provide guidance. With the GPL, there is what's called "limited guidance," meaning that it's untested, and therefore the outcome of a GPL case in the US could be very difficult to predict.

If a lawsuit does occur, it could prove costly to all parties involved, and I think it's clear that Pearson and Mullenweg both wish that litigation was not happening, though both of them maintain a bit of a "you started it" attitude.

Without a formal court proceeding, which could last years, it's going to be near impossible for Matt Mullenweg to fully prevent non-GPL compatible licenses to exist for WordPress themes and plugins. His best method to prevent it is to do what he's done so far: make an example of bad offenders and cause anyone thinking of using a non-GPL compatible license to reconsider.

Are all WordPress themes derivative works?

A key question to whether themes and plugins must be GPL compatible licensed is whether the theme or plugin is a derivative of WordPress itself. If it is derivative, then it is under the umbrella of the GPL's Copyleft nature.

Folks disagree a good bit on how themes and plugins should be considered as derivative works, though most either agree with Mullenweg's strict "spirit of the GPL" view, or at least have molded to avoid being an outcast.

The strongest argument I've seen in favor of all themes being derivative of WordPress - no matter how much or little they rely on WordPress functionality - is from WordPress lead developer Mark Jaquith:

There is a tendency to think that there are two things: WordPress, and the active theme. But they do not run separately. They run as one cohesive unit. They don't even run in a sequential order. WordPress starts up, WordPress tells the theme to run its functions and register its hooks and filters, then WordPress runs some queries, then WordPress calls the appropriate theme PHP file, and then the theme hooks into the queried WordPress data and uses WordPress functions to display it, and then WordPress shuts down and finishes the request. On that simple view, it looks like a multi-layered sandwich. But the integration is even more amalgamated than the sandwich analogy suggests.

Here is one important takeaway: themes interact with WordPress (and WordPress with themes) the exact same way that WordPress interacts with itself. Give that a second read, and then we'll digest.

The same core WordPress functions that themes use are used by WordPress itself. The same action/filter hook system that themes use is used by WordPress itself. Themes can thus disable core WordPress functionality, or modify WordPress core data. Not just take WordPress' ultimate output and change it, but actually reach into the internals of WordPress and change those values before WordPress is finished working with them. If you were thinking that theme code is a separate work because it is contained in a separate file, also consider that many core WordPress files work the same way. They define functions, they use the WordPress hook system to insert themselves at various places in the code, they perform various functions on their own but also interact with the rest of WordPress, etc. No one would argue that these core files don't have to be licensed under the GPL - but they operate in the same way that themes do!

It isn't correct to think of WordPress and a theme as separate entities. As far as the code is concerned, they form one functional unit. The theme code doesn't sit "on top of" WordPress. It is within it, in multiple different places, with multiple interdependencies. This forms a web of shared data structures and code all contained within a shared memory space. If you followed the code execution for Thesis as it jumped between WordPress core code and Thesis-specific code, you'd get a headache, because you'd be jumping back and forth literally hundreds of times. But that is an artificial distinction that you'd only be aware of based on which file contained a particular function. To the PHP parser, it is all one and the same. There isn't WordPress core code and theme code. There is merely the resulting product, which parses as one code entity.

Jaquith's argument that the theme and WordPress execute together to form a joint "modified work" is the key phrase, I believe. As he states, and I tend to agree, it does not matter that the files are separate or that they can be distributed independently; together, when executed, they are so intertwined that they become a single work.

That said, the theme is clearly dependent on WordPress itself, which is another common justification that themes are derivative. Explaining this concept is simple: WordPress can be distributed without any theme but those that ship with it by default. But a distributed theme, like Thesis, must be installed and activated using WordPress's own schema for loading a template, and cannot operate independently of WordPress.

What about the WordPress REST API?

Thus far, we've discussed the derivative nature of WordPress themes and plugins, which require they operate within the WordPress install. It is a different matter if we consider applications that consume data or interact with WordPress as an outside application.

The WordPress REST API enables one to interact with or consume data from WordPress, while being wholly independent of the WordPress install. Jaquith makes a clear exception for a scenario like this (and also applies it to technologies like RSS and XML-RPC):

Something that interacts with these APIs sits entirely outside of WordPress. Google Reader doesn't become part of WordPress by accessing your feed, and MarsEdit doesn't become part of WordPress when you use it to publish a post on your WordPress blog. These are separate applications, running separately, on separate codebases. All they are doing is communicating. Applications that interact with WordPress this way are separate works, and the author can license them in any way they have authority to do so.

The GNU's take

The GNU agrees with Jaquith's take. They provide an FAQ to answer, ""What is the difference between an 'aggregate' and other kinds of 'modified versions'?" The emphasis provided is my own:

An "aggregate" consists of a number of separate programs, distributed together on the same CD-ROM or other media. The GPL permits you to create and distribute an aggregate, even when the licenses of the other software are non-free or GPL-incompatible. The only condition is that you cannot release the aggregate under a license that prohibits users from exercising rights that each program's individual license would grant them.

Where's the line between two separate programs, and one program with two parts? This is a legal question, which ultimately judges will decide. We believe that a proper criterion depends both on the mechanism of communication (exec, pipes, rpc, function calls within a shared address space, etc.) and the semantics of the communication (what kinds of information are interchanged).

If the modules are included in the same executable file, they are definitely combined in one program. If modules are designed to run linked together in a shared address space, that almost surely means combining them into one program.

By contrast, pipes, sockets and command-line arguments are communication mechanisms normally used between two separate programs. So when they are used for communication, the modules normally are separate programs. But if the semantics of the communication are intimate enough, exchanging complex internal data structures, that too could be a basis to consider the two parts as combined into a larger program.

The GNU argument falls very much in line with Jaquith's, though admits itself that judges must decide whether it's the case, in the end.

The case against The GNU position on derivative works

The University of Washington School of Law has a section of their website devoted to the, "business, legal and technical consequences of choosing Open Source Software (OSS) or proprietary software." They cover many of the topics I've outlined in this post so far, and in the case of the GPL and derivative works, they believe the GNU is overstepping with an "expansive definition" of derivative works with consequences, "counter to the goals of the proponents of Free Software."

The most compelling of multiple derivative works examples they provide is that of subclasses. For example, imagine a class, Some_Theme_Class that extends Some_Core_WordPress_Class. The GPL FAQ is very hardline on the topic (and for what it's worth, Thesis 2 does extend some WordPress core classes). Washington believes the GNU stance on inheritance is too over-reaching:

Example 5: Programmer X wishes to write a class D, that is a subclass of existing class B. Class B is subject to the terms of the GPL. If X distributes D, does it have to be licensed under the terms of the GPL?

The answer given in the GPL FAQ is short and to the point: "Subclassing is creating a derivative work." In our example, this makes D a work derived from B, and thereby makes D subject to the terms of the GPL upon distribution. This approach attempts to further broaden the reach of the GPL, but it again leads to counter-intuitive results.

Typical object oriented programming languages include a standard class hierarchy. This hierarchy provides a framework within which application developers can build their programs. The standard classes typically provide useful classes that represent user interface elements (e.g. windows, buttons, etc.), collection classes (for handling collections of data), and input-output abstractions (e.g. files and networking connections). In many object oriented languages, each class must be a subclass of exactly one superclass. And for this reason, the class hierarchies are rooted by a highly generic, standard class called Object. (The question of the superclass of Object is beyond the scope of this article.) The class Object describes only the most general properties and behaviors. For instance, in Java, the class Object only performs a handful of functions. In Java, every class is a subclass (directly or indirectly) of the Object class. Under the GPL approach, then, every program written in Java is a derived work of Object, because every program written in Java by definition consists of classes that inherit from the Object class.

Whether this argument or any of the others Washington outlines would apply to WordPress themes and/or plugins would, again, need to be settled in court. But Washington does give a compelling argument.

They conclude with the following:

In some ways, the apparent weaknesses in the GPL should come as no surprise, as the GPL was born of an era in which the central artifact of software development and distribution was the monolithic executable. In such a universe, software development proceeded principally by modifying the existing source text of programs, compiling source modules, linking the corresponding object files, and distributing the resulting executable. This model of software development and distribution has become increasingly fractured in an era characterized by highly dynamic, late binding, object- and network-based systems. The GPL, consequently, strains to cover these newly arising scenarios.

To effectuate the goals of the free software movement, the drafters of the GPL urge a generally expansive definition of derivative work. The great irony is, of course, that such an expansive definition would have second order consequences that are exactly counter to the goals of the proponents of Free Software. A broad definition of derivative would give code authors less freedom to create software that they can truly call their own and do with as they please. And if naive analytic approaches such as "subclassing equals derivation" reign, then proprietary vendors such as Microsoft could arguably stake claim to every program ever written in C#, because they authored the original class hierarchy. And since it seems unlikely that courts would employ different standards depending on the goals or ideological motivations of licensors, proponents of free software might want to be careful what they wish for: what's good for the GNU might not be good for the gander.

Aggressive license agreements

Both the GPL and DIYthemes' proprietary license could be appropriately identified as aggressive. The Copyleft nature of the GPL annoys many open source advocates, who would prefer a less restrictive license for developers, like the MIT or BSD licenses. The GPL is absolutely an opinionated license.

Pearson's proprietary license is also aggressive, in the other direction. I've never purchased a WordPress-centric product that so strongly forced me to accept a license. Usually, you have to look in the source code or a page on the website for a license; DIYthemes forces you to accept the terms of the proprietary license before you can download the product at all.

Derivative works are not a bright line

The GNU attempts to offer a "bright line" distinction for derivative works. A bright line, in much of the legal analysis I've read, is where thing x is so because of thing y, and can be applied across the board. You can clearly see the bright line, and when it has been crossed.

Washington proves the point quite well that the GNU's bright line approach to derivation is quite challengeable. But I don't think their arguments prove that WordPress themes in particular are not derivative. I believe, from a legal perspective, it's fuzzier than a bright line approach, and if I were Mullenweg or anyone defending GPL software, I would not be excited to take the issue to court.

The "spirit of the GPL" is to offer users liberal freedoms, even while restricting developers building on a GPL licensed application. And I believe there is merit in the fact that WordPress, its co-founders, its lead developers, and the vast majority of its copyright holders (contributors) wish to defend the spirit of the license, even if it's not been tested in court.

Pearson is not in the majority opinion by using a proprietary license, but he is also not definitively in a position of legal wrongdoing. His desire to protect his works from user freedoms with a proprietary license may well be tested all the way to the courts, and he must be prepared to deal with that, but I don't believe there is clear wrongdoing, legally, with his license.

A tale of idealism

Matt Mullenweg and Chris Pearson are two of the most idealistic people I've ever observed. They are near polar opposites, from their business belief systems and even their general world views.

One of the most depressing components of my research was something Pearson told me. I asked him why he doesn't just get out of it all and do something else. He's not married to the culture of WordPress bestowed on it by its leaders. He called it, the "zeitgeist of western culture," with its openness, zen attitude, and more that he feels no need to embrace if he doesn't want to.

But he admits that WordPress, "is the most used piece of software to build a website in the world. WordPress was the beneficiary of impeccable timing." And it's a tool for him to make his living; it's his job, and he doesn't see a need to be in love with every aspect of his job. This is what made me sad, because for most of us that make our living within this space, we were able to escape the "it's just a job" mentality and be emotionally enriched by what is possible on the open web.

Matt could probably drop his various issues with Pearson and life would go on. The vast majority of WordPress businesses could understand the status quo and live by it, and those that don't can keep living their lives outside of the approval of Mullenweg, and for that matter, the official WordPress project and website. But he too insists to stand up for his ideals and the web he believes in. He sees himself as a defender of the user, and his defense of the GPL is an extension of his core beliefs on software.

They will never agree on licensing, that much is clear. The question of what's next is multi-layered.

Will litigation continue?

Undoubtedly, yes, litigation will continue. But the litigation should be viewed as three distinct parts:

Is this debate bad for WordPress?

The way this debate has occurred is bad for WordPress. Neither Matt Mullenweg nor Chris Pearson looks like a saint right now. And parts of the whole thing don't do a whole lot to further the conversation.

At the root of the debate is licensing, and that debate is worth having.

It is important that we separate the intent and the legal interpretation of the GPL. It is also important that we separate one's legal ability to not license distributed WordPress products as GPL compatible, versus the business and community consequences that may result from such a decision.

Endmatter

This post would not be possible without the Post Status Partners and Members that fund the website, and my ability to write about WordPress full time. If you enjoyed this post, please consider becoming a Post Status member to fund more free content, plus loads of great members-only benefits, including a daily-ish newsletter that keeps you covered on the happenings of the WordPress world.

I would also like to thank Matt Mullenweg and Chris Pearson for the interviews they provided me in preparation of this post.

And I'd like to thank my lawyer, Keith Lee (a WordPress fan and blogger himself!) for helping me think through some of the legal matters discussed - though the opinions themselves are my own.

Finally, I'd like to thank the folks that helped me review the post, consider my positions, and organize my thoughts. You know who you are.

24 Jul 2015 1:42am GMT

23 Jul 2015

feedWordPress Planet

WPTavern: Who’s Using the WordPress REST API?

wp-rest-api

Ryan McCue and the WP REST API team are seeking feedback on the project ahead of the API merging into core. McCue invited comments on the post to find out how and where it's currently being used, in hopes of identifying any roadblocks developers may be facing.

"We'd love to hear feedback from everyone using this, from JS-only developers coming to WP for the first time, through WordPress plugin and theme developers, all the way through to PHP developers not involved with WordPress," he said.

Comments on the post provide a nice overview of places where the API is already in use in production all over the WordPress development community. A few examples include:

Those are just a small sampling of places where the API is being used to make WordPress more flexible for creating custom solutions. For many who are using the API or hoping to use it, the main hindrance is that it's not yet in core.

"The biggest issue right now is that the REST API isn't included in core," a representative from Ashworth Creative commented. "If we build plugins or a theme that needs to consume data asynchronously, we'd either have to bundle the API and have to maintain it in our repositories as a dependency, or have clients install and maintain it on their own."

WordPress developer Nate Wright echoed that opinion and is eager to be able to extend it for use in his products, without having to include it as a plugin.

"Put it in core, so that as a plugin developer I can make use of it in my products," he said. "I built the most popular Restaurant Reservations plugin in the .org repo, and I am eager to add a robust capacity/table management component for it using the REST API and a jQuery/Underscore/Backbone stack."

Early adopters have the unique opportunity to provide feedback on the REST API and help shape priorities for development. If you are using the API somewhere in the wild, make sure to leave your feedback on McCue's post to help the team make any necessary changes required before it's merged into core.

23 Jul 2015 9:15pm GMT

WPTavern: WPWeekly Episode 200 – The Big Two Oh Oh

In this special 200th episode of WordPress Weekly, I'm joined by Marcus Couch, Brad Williams, Ronald Huereca, and Ptah Dunbar. Brad, Ronald, and Ptah were among the first to support WordPress Weekly. They helped get the show off the ground and provided momentum.

Seven years have passed since I started WordPress Weekly. In those seven years, each one of my guests have gone on to do great things with WordPress. We find out what they're up to these days and recall memorable moments of the show. Near the beginning of the show, we held a moment of silence in Kim's memory.

I had a great time hosting episode 200, but I'm sad that the late Kim Parsell couldn't celebrate with us. When I started WordPress Weekly in 2008, Kim would often join me on each episode to provide a countdown before I pressed the record button.

She was occasionally a guest on the show. After the show, she would stick around for a half hour to an hour to talk about whatever was on her mind. In many ways, the show offered her an opportunity to connect and speak to WordPress people every week. It was the closest thing to a meetup she could regularly attend.

Thanks to everyone who listens to the show and provides us with valuable feedback. Join us next Wednesday, as we begin the journey to episode 300.

History of WordPress Weekly:

Plugins Picked By Marcus:

Flow-Flow Social Streams lets you display your Facebook, Twitter, and Instagram messages in a responsive grid.

Test Payment Module for Woocommerce gives you the option to test payments in WooCommerce locally without using services such as Paypal or Authorize.net.

DropBox Backup by Supsystic allows you to backup to Dropbox and FTP with one click. You can also restore full or partial backups from DropBox.

WPWeekly Meta:

Next Episode: Wednesday, July 29th 4 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #200:

23 Jul 2015 8:30pm GMT

WPTavern: Philadelphia, PA to Host WordCamp US December 4th–6th

Matt Mullenweg announced that Philadelphia, PA, will host WordCamp US December 4th-6th at the Pennsylvania Convention center. Philadelphia will also host WordCamp US in 2016, although no dates have been chosen yet.

According to Mullenweg, "Having it the same place two years in a row allows us to keep logistics a set variable and really focus on the rest of the event in the second year." The 2017 and 2018 host cities will be chosen in between the first and second event. This allows the team in the host city to volunteer and gain on-the-ground experience in Philadelphia.

Out of six cities chosen to possibly host WordCamp US and 1,390 total voters, Tavern readers voted to have it in Phoenix, AZ, citing its warm weather during winter months. Philadelphia, home of the cheesesteak, was a close second.

The event is inspired by WordCamp Europe, where organizers take an entire year to plan and coordinate the event. Some readers questioned whether the event would be held this year considering applications to be the host city weren't accepted until June.

With only half a year to plan and organize WordCamp US, it will be interesting to see how the first one goes. Let us know if you plan on attending the event and if you're going to bring ear muffs as Philadelphia during that time of year is cold.

23 Jul 2015 5:31pm GMT

Matt: WordCamp US to be in Philadelphia

WordCamp USThere were amazing applications for teams and cities to host the inaugural WordCamp US, a concept originally floated at the State of the Word last year. It was very hard to make a choice, but can now announce that the birthplace of the United States, Philadelphia, will host the first WCUS on December 4th-6th. They will also host it in 2016, but no dates have been chosen yet.

Having it the same place two years in a row allows us to keep logistics a set variable and really focus on the rest of the event in the second year. I also want to use it to facilitate experience transfer: We'll choose the 2017 + 2018 host city in between the first and second event, so that team can volunteer on the ground the second year Philadelphia hosts it to learn from their experience. Hat tip: Cool graphic by Andrew Bergeron.

23 Jul 2015 4:38pm GMT

WPTavern: WordPress 4.2.3 is a Critical Security Release, Fixes an XSS Vulnerability

photo credit: Lock - (license)photo credit: Lock - (license)

WordPress users in the Americas woke this morning to find update notices in their inboxes due to a critical security vulnerability. WordPress 4.2.3 was released today and automatically pushed out to sites that have auto-updates enabled.

Because this is a security release for all previous versions of WordPress, those who do not have automatic update enabled will need to manually update their sites immediately. Core contributor Gary Pendergast explained the severity of the bug in the release post:

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.

Pendergast thanked all parties reporting vulnerabilities for responsibly disclosing them to the WordPress security team.

This release also contains fixes for 20 bugs from 4.2, including one that might require you to update your database before being allowed back into the admin.

wp-update-db

Not all WordPress users who are updating will be greeted with this message, but if you see it, don't panic. It's related to one of the bug fixes included in the release.

"It was a bug fix in 4.2.3, not backported - some versions of PHP didn't run the utf8mb4 update correctly," Pendergast said when asked about the required database update.

Unfortunately, in some instances, clicking the "Update WordPress Database" button may require multiple attempts. This is unusual but Pendergast said that improving database upgrades is high on the team's list of priorities.

A list of all the files revised is available on the 4.2.3 release page.

23 Jul 2015 2:06pm GMT

WPTavern: WordPress Custom Post Type UI Plugin Passes 1 Million Downloads

photo credit: Stephanie McCabephoto credit: Stephanie McCabe

In June of 2010, WordPress 3.0 Thelonious was released with the historic merge of WordPress MU into core and the debut of the brand new Twenty Ten default theme. This pivotal release also gave developers the ability to register their own custom post types. Expanding WordPress' custom content capabilities beyond simple posts and pages has been critical to the platform maintaining its dominance as the world's most used CMS.

Thousands of WordPress developers make a living from products that are based on custom post types. Five years ago, when the feature was still new, you had to know how to write the code to register a new post type. That's when the folks at WebDevStudios released Custom Post Type UI, a plugin that offers an admin interface for creating and managing post types and their associated taxonomies.

cptui_post_type_editor

The company counts more than 30 plugins in its collection on WordPress.org, but Custom Post Type UI is by far the most successful. Last week it passed one million downloads and maintains a 4.6 out of 5-star average rating from users. The plugin is currently active on more than 200,000 WordPress sites.

Passing the 1 Million Downloads Milestone

Michael Beckwith, the current maintainer of Custom Post Type UI, published a post detailing the evolution of the plugin's UI and codebase. His transparent account covers how the team overcame the challenges of their massive codebase overhaul and the undetected bugs that come crawling out of the woodwork with a major release.

A plugin with a user base in the hundreds of thousands that manages to maintain a nearly 5-star average rating on WordPress.org is a notable achievement, especially when it involves weathering the UI and code updates required to keep pace with WordPress.

"I believe this milestone represents the fact that making features usable and more user-friendly to the 'average Joe' can take you a long ways," Beckwith said. "Custom Post Type UI made it easier for more people to tap into the power and customization ability that custom post types and taxonomies offer to a WordPress powered website. Because of that ease of use, many have added it to their toolbox for every website they have or work on, and recommend it to their friends."

The plugin is being developed on GitHub. Although there are many enhancements under consideration, Beckwith said that no major changes are planned for the near future.

"I would love more to get more people up-to-date on the current version and let it be the stable version for awhile," he said.

"Looking at our stats page, we still have reported active installs using as far back as version 0.6. While I can sit here scratching my head as to why, I also have to consider that that version is stable enough and still meeting the needs of 0.6% of our users.

"If it is not breaking for them, and there is no security concerns, then it is not all bad that they are still marching on. There is also the minimum version requirement to keep in mind. There are still WordPress installs active and out in the wild that are not running WordPress 3.8 or higher. Until they are, those users are not going to be notified that there is even an update available," he said.

If you want to learn more about what it takes to maintain a popular plugin while successfully navigating the years of changes and support, check out WebDevStudios' 1 million downloads celebration post.

23 Jul 2015 1:35am GMT