29 May 2015

feedWordPress Planet

WPTavern: Nametiles Plugin Brings Blockchain-Powered Profiles to WordPress


Openname, the decentralized identity and naming system built on the blockchain, was recently renamed to Blockchain Name System (BNS). Founders Muneeb Ali and Ryan Shea are pioneering decentralized identity with the long-term goal of creating decentralized authentication.

Earlier this month, BNS debuted Passcard, a digital form of identity and access control combined. It's essentially a digital passport, secured by the blockchain, that allows you to control and display your identity.

A few months ago, Larry Salibra, founder and CEO of Pay4Bugs, released a plugin that adds Openname avatars to WordPress. An ardent fan of blockchain technology, Salibra has just released another plugin called Nametiles that adds Passcard profiles and tagging to WordPress.

Nametiles works like this: Type the plus character and a person's +passname on a post or page and it will automatically display that person's Passcard profile information when you hover over the link.


The plugin also includes the ability for registered users on your site to optionally use their Passcard avatar via a setting in wp-admin/profile.php.

The Nametiles site has a live demo of how the tiles appear on your website. You can also see Nametiles in action on the Bitcoin Association of Hong Kong's website, where it's in use on the members page and posts.

Salibra created Nametiles to help publishers keep people's information and links continually up-to-date. Its two primary benefits for publishers include:

"Publishers have no idea when the people mentioned or linked on their blog update their profile pic, bio, or website and no practical way to find out," Salibra said. "The result is a site littered with broken links and out of date information that conveys sloppiness and apathy to visitors."

This plugin is especially useful for sites that often have guest post authors, as well as news and organization sites that frequently reference names in content.

"With Nametiles, profile information about those you mention on your site is always up to date because the information is maintained by those who care most, the owners of the information," Salibra said.

The only catch is that users who are linked have to be registered for a Passcard profile. The blockchain-powered identity service is free but it is also so new that it hasn't yet caught on.

The idea of Passcard is similar to Gravatar but has the potential to be more powerful, as it is secured by the blockchain and may eventually support decentralized authentication. If Passcard founders are successful in building the future of identification, it may be a long before the identity system is mainstream enough for the Nametiles plugin to be useful beyond certain niche websites.

29 May 2015 12:35am GMT

Matt: Money and Motivation

The Misconception about Money and Motivation, a good summary of the work by Dan Pink, Dan Ariely, and others.

29 May 2015 12:23am GMT

28 May 2015

feedWordPress Planet

WPTavern: Sucuri is Building a Comprehensive Alternative to CloudFlare

Sucuri launched a new free performance tool today. The Global Website Performance Tester allows anyone to enter a URL and get a quick assessment of how fast the website is loading from 13 globally distributed testing stations. Results include three key metrics: connection time, time to first byte (TTFB) and total load time.


At the moment, there are no plans for an API, but Sucuri CEO Tony Perez said that it's possible to build one if there's enough demand.

The new performance checker is a simple free tool that the Sucuri team built for its own use but also signifies the company's foray into performance-related products and services.

"Performance can easily fall into the realm of Availability, and as such we see it as an important piece of security," Perez told the Tavern. "There is no denying that performance is top of mind to most website owners, as is security."

Sucuri has been quietly beefing up its architecture to support an expansion into performance-related services that would go hand-in-hand with its WAF (Website Firewall) product.

"We've been building out our network and performance is a tenant of our Website Firewall," Perez said. "It was imperative that we understood how good or bad our network was compared to the other performance (CDN) providers. Like most things we do, the performance tool was a tool to satisfy our own needs."

Sucuri Is Expanding to Accommodate Plans for a Full-Featured CloudFlare Alternative

Sucuri is currently managing over 40 billion page views per month via its WAF network. The team is working on expanding to a full WAF/CDN solution to serve performance-related features.

"The fundamental difference is that it's security first, performance second," Perez said. "So yes, in the coming months you'll see more as our solution blossoms into a full WAF/CDN solution."

Up until now the company has been limited by using a leased architecture but is making changes to support the WAF/CDN expansion.

"We're actively migrating from a leased architecture to our own infrastructure, giving us full control of the website," Perez said. "This gives us optimal control to mitigate all attacks, including large scale DDOS attacks; a by-product of that will be performance in the form of a global CDN."

Sucuri is is building its own DNS architecture with full DNS management within its application.

"Users will have an alternative to solutions like CloudFlare," Perez said. "The fundamental difference being we're a security company first.

Sucuri is building its expansion on top of the an Anycast network, which means that users' requests will be routed to the nearest node on request.

"With most of the content cached at the edge it'll be designed for optimal speeds regardless of where you are in the world," Perez said. "That's perhaps the biggest feature - most everything comes down to our design and configuration and how we handle the traffic."

When asked if he sees the final WAF/CDN solution to be a comprehensive Cloudflare alternative, Perez responded, "Oh hell yeah - with one key differentiator: we'll clean the mess too."

"The idea is when you think of Sucuri it's a complete package - Protection - Detection - Response. It's all built in-house, no third-party integrations," he said.

"The cleaning is the one thing that no one else can match us on, it's either too much liability or they haven't figured out how to scale."

Sucuri's WAF service is currently used by iThemes, Gravity Forms, List25, and many others in the WordPress space. If the company is able to deliver on their CloudFlare alternative, which is planned for this summer, customers will have the opportunity to get their security services bundled in with the new performance-enhancing features of the CDN.

28 May 2015 7:23pm GMT

WPTavern: Fast Page Switch Adds a Quick Way to Switch Between Pages in the WordPress Backend

If you find yourself editing pages often and want a quick way to switch between them without visiting the All Pages screen first, try the Fast Page Switch plugin by Marc Wiest.

Fast Page Switch adds a metabox with a drop down menu to the Page editing screen that allows you to quickly switch to a different page. This eliminates the need to visit the All Pages screen and search for the next page you want to edit.

Fast Page Switch saves time if you have less than 20 pages. If you have more than 20, it could be cumbersome to use and outweigh the time saving benefits.

Fast Page Switch in ActionFast Page Switch in Action

I tested Fast Page Switch on WordPress 4.2.2 and didn't experience any issues. You can download it for free from the WordPress plugin directory.

28 May 2015 5:48am GMT

WPTavern: WPWeekly Episode 194 – Celebrating WordPress’ 12th Birthday with Matt Mullenweg

In this birthday celebration episode of WordPress Weekly, Marcus Couch and I are joined by Automattic CEO, Matt Mullenweg. We covered a lot of ground with Mullenweg discussing the following topics:

We talked about a number of other topics as well. I apologize for the audio glitches in this episode as Mullenweg experienced bandwidth issues. We also experienced some technical difficulties with Google Hangouts.

WPWeekly Meta:

Next Episode: Wednesday, June 3rd 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #194:

28 May 2015 3:52am GMT

27 May 2015

feedWordPress Planet

WPTavern: WordPress Theme Review Team is Cracking Down on Violations of the Presentation vs. Functionality Guideline

photo credit: pollas - ccphoto credit: pollas - cc

During this week's WordPress.org Theme Review Team meeting Chip Bennett opened the floor to discuss the "grey areas" of presentation vs. functionality distinctions in themes. The hotly debated topic concerns what is permissible in terms of "content creation" for themes that are hosted in the official directory.

"We know that CPTs and custom taxonomies are off-limits; likewise with non-presentational post custom meta data," Bennett said. "But what about content created via theme options, custom widgets, etc.?"

This question often comes up in relation to themes that offer static front pages with custom widgets or textareas in the customizer where users can add small blocks of text. For example, a theme might offer a biography section or a place to enter copyright text. The concern is that a user is entering content, not knowing that it will be lost upon switching themes.

The Theme Review Team has had an established policy for years that forbids theme authors from defining the generation of user content. However, due to disorganization during the process of moving the official version of theme requirements from the Codex to the Theme Review Handbook, this particular guideline was omitted.

Bennett posted a review of Theme Review Requirements and documentation today on the Make/Themes blog with previously omitted items highlighted in red for clarity.

Presentation vs. Functionality
Since the purpose of Themes is to define the presentation of user content, Themes must not be used to define the generation of user content, or to define Theme-independent site options or functionality.

As this is a fairly general statement, the Theme Review Team will be discussing the finer points of how it applies during the next meeting. In the past, this guideline has been subjectively and inconsistently applied, allowing many themes to slip by with functionality that falls into these grey areas.

Theme Review Team to Begin Aggressively Enforcing "No Content Creation" Guideline

Zerif Lite, one of the top themes on WordPress.org, was highlighted during the meeting as an example of a theme that has been permitted to skirt this guideline, among others.

"Looking at Zerif Lite: testimonials, our team, our focus, about us - these are all CPTs, disguised as custom widgets," Bennett said. In a ticket where the theme is currently being reviewed for updates, Bennett encouraged Zerif Lite's author to remove any custom post meta data, except for that that which is presenatational, as it falls into plugin territory. This includes aspects of the theme such as author details, team member position, social network profiles, etc.

Reviewers are already aggressively cracking down on Zerif Lite's violation of this specific guideline and will likely extend their vigilance to uphold the guideline more consistently with all themes as they come up for review.

Codeinwp, the company behind Zerif Lite, replied to Bennetts' requests on the ticket:

Most of the things that you are pointing out are really sensitive for two reasons:

  • Probably 50% of the most popular themes use some custom content on the homepage
  • A lot of things like contact issue or testimonial can't be solved without breaking 100k sites which use the theme

Codeinwp contends that the approach used in Zerif Lite is far more user friendly than having to install a plugin, or multiple plugins, in order to add small bits of text to the home page.

At the end I agree that our approach was a bit different/radical. However, it looks like it is something that people really want (Zerif is one of the hottest themes at the moment, with mentions all over the web). I mean most of them want to build a beautiful site in 10 minutes, without any knowledge and with Zerif Lite they can easily do it. They don't want 10 CPT, 10 required plugins, contact form, and Captcha plugins for a simple site.

The theme author believes that creating a plugin to handle four of the theme's focus widgets would simply waste users' time.

"Also, you realize the amount of work required to do this for 100+ themes installed on million of sites, right?" Codeinwp said. The author also cited several other examples of popular themes in violation, including AccessPress Parallax, Onetone, and Colorway.

Given that the WordPress.org theme directory is riddled with violations of what is purported to be a long standing guideline, it's clear that reviewers have been exceedingly lax in enforcing it. Theme authors who were ignorant of this guideline will be in for a rude awakening on their next submission for an update. Bennett confirmed in the ticket open on Zerif Lite that the policy will be strongly enforced in the future:

It has recently come to our attention that possibly several themes have been approved that may have similar issues. We'll address them as we find them, and work with the developers to come up with a plan to bring the themes back into conformance with the requirements - just as we'll do here with your theme.

This will mean a considerable amount of work for authors who have defined ways for users to generate content through the theme. They will need to port this functionality into a plugin(s).

WordPress.org themes are not permitted to bundle plugins, but authors can recommend plugins using the TGM Plugin Activation Library or another method. Themes are only permitted to recommend plugins that are listed in the official WordPress.org plugin directory. This means that authors who remove functionality in favor of companion plugins will need to get those plugins approved for WordPress.org before submitting their themes for updates.

Next week's Theme Review Team meeting will include a discussion on specific examples of types of content that themes should or should not be allowed to create, i.e. button text, copyright text, etc. The team is generally in favor of authors using core methods for content creation.

Documentation regarding this issue has been unclear, incomplete, and scattered, spread across the Codex, Make/Themes, and two different places in the Theme Handbook. The team is working to rectify this in light of its renewed dedication to systematically enforce the "no content creation" guideline.

This will affect many of the top themes hosted on WordPress.org, which will be forced to implement changes that are likely to break thousands of sites' appearance on update. Without a change log in place, many users will not be aware when they are receiving an update that suddenly requires the installation of new plugins.

27 May 2015 9:31pm GMT

Matt: Why Awe?

In the great balancing act of our social lives, between the gratification of self-interest and a concern for others, fleeting experiences of awe redefine the self in terms of the collective, and orient our actions toward the needs of those around us.

The New York Times answers Why Do We Experience Awe?

27 May 2015 4:48pm GMT

WPTavern: My Struggle to Learn How the WordPress REST API Works

Earlier today, I watched a free presentation on how to use the WordPress REST API by Rachael Baker via WPSessions. If you missed it, you can watch the recording for $9.

As I watched the presentation, it was clear that no matter how many tutorials I read, WordCamp sessions I attend, and videos I watch, I won't be able to grasp the API until I use products built with it. I'm not a developer and the REST API is developer centric technology.

What I Think the REST API Is

Based on what I've learned so far, I've figured out that the API provides a series of end points which are specific parts of WordPress. These end points can be connected to and manipulated through the REST API.

It's this API that opens up a slew of new opportunities for application developers to send and receive data. This is what allows a developer to build an app that connects to WordPress with minimal code.

Learning Custom Post Types

In 2010, there were a lot of requests for tutorials on how to give specific posts a unique style. When Custom Post Types were introduced in WordPress 3.0, I was excited because I thought they would provide the ability to create custom styles for posts.

Looking back, some of the requests are due to the post_class() function added in WordPress 2.7 that provides the ability to use CSS to style a post. It took a few years to rewire my brain to not think of Custom Post Types this way.

When I described how long it took to figure out Custom Post Types on Twitter, Justin Tadlock responded, that end users should have never been introduced to the term post type.

@jeffr0 End users should've never heard the term "post type". We devs did a poor job with that. We should've said "forums," "e-commerce,"…

- Justin Tadlock (@justintadlock) May 26, 2015

Reviewing Products Helps Connect the Dots

I didn't fully comprehend Custom Post Types until I reviewed several WordPress products that utilized them. After awhile, I was able to connect the dots between what I saw in the WordPress backend and what appeared on the front end.

I think the same thing will happen when the REST API is added to WordPress core. I'll be able to connect the dots and figure out how it works by reviewing products that use it.

27 May 2015 2:02am GMT

26 May 2015

feedWordPress Planet

WPTavern: Replace the BuddyPress Mystery Man with Unique, Colorful Identicons


Nothing makes a BuddyPress site seem more active or more colorful than when members upload their own unique avatars. Unfortunately, not all users have the motivation to follow through with adding a profile picture. You could use a plugin to add avatar upload to registration, or even force BuddyPress users to upload a profile photo before accessing other pages. However, this may seem a bit heavy handed for some social networks.

The BuddyPress Identicons plugin is one alternative that will bring some color to the members directory without troubling users to upload a profile photo. By default, those who haven't uploaded an image will have the mystery man avatar assigned. Too many of these can turn your directories into a sea of grey and white and give the impression that members are not invested in the community. BuddyPress Identicons replaces the mystery man with GitHub-style identicons.


BuddyPress developer Henry Wright, the plugin's creator, was inspired by GitHub's implementation of identicons, which the social network added in 2013 for users who do not have a Gravatar. The idea is based on Don Park's original Java and Canvas implementations for creating unique identicons.

henry-identiconBuddyPress Identicons are uniquely generated from a hash of the member's username. The implementation will not look exactly how it does on GitHub, as the logic used to generate the identicon is somewhat different. In fact, this plugin allows for a few customizations to better fit your social network. You can set the background to transparent in the BuddyPress settings menu and also adjust the image size by defining the constants in your bp-custom.php file.

The plugin is compatible with both WordPress multisite and bbPress. After testing it on a BuddyPress site, I can confirm that it works as advertised. If you've been frustrated by a lack of unique avatars on your social network, the BuddyPress Identicons plugin provides an instant fix. Simply install it from WordPress.org, activate it, and all of your mystery men will be transformed into unique, colorful identicons.

26 May 2015 11:04pm GMT

WPTavern: Postcard Project Discontinued, iOS and Android Apps Now Open Source

postcard-shareKyle Newsome, creator of Postcard, announced over the weekend that the project will be discontinued. The free social sharing app for iOS launched in February of 2014 with the aim to make it easy to share content from your phone to multiple social networks, including your own website.

Postcard's chief selling point was the idea of owning your own content. Instead of posting content directly on Facebook or Twitter, for example, you could set your own website as the "host" network and direct all the traffic there.

Newsome also built a free WordPress plugin as a companion to the app to allow users to host and archive their data. He intended it to help users make sure their websites didn't go stale as they regularly posted short form content to social networks.

Unfortunately, the idea did not catch on as Newsome hoped it would and he was unable to keep up with the maintenance.

"I've fallen behind on maintenance and, due to some sweeping new policy changes in Facebook's platform as of May 2015, the live iOS and Android development versions are broken and it's been the final kick in my ass necessary to admit Postcard is unsustainable," he said.

Despite making progress on the Android version last month, he was ultimately unable to get it ready for release on the Android market.

Android version making progress. It is very real. pic.twitter.com/7nYYtnHZpm

- Postcard (@postcardsocial) April 21, 2014

In Postcard's post mortem, Newsome identified changes to external services and their APIs as one of the primary factors for discontinuing the project.

Postcard was an interesting project for me. It started from a frustration with ever changing policies and lack of standardization in social media and ironically will be shutting down for exactly the same reasons. I really have to say that social media management is a tough thing to tackle for any single developer. It's hard enough to depend on code that you didn't write yourself and it's even harder to depend multiple on APIs. It takes a lot of maintenance just to stand still.

Keeping the WordPress plugin updated was also a challenge, and Newsome was discouraged at the prospect of having to rebuild it in the near future.

"The WordPress plugin also got stale as a major update and even a new forthcoming JSON API made the custom work I had done seem like a large investment made in something soon to be obsolete," he said.

Additionally, he found that the costs of maintaining the app, both financially and in terms of time spent, were unsustainable, as the app only pulled in a total of $750 over the past year. This barely covered the app store licensing fees.

Postcard Mobile Apps Now Open Source

Newsome has no intention of maintaining or developing the mobile apps or the WordPress plugin anymore. The apps are now available on GitHub under the MIT license with broken/partial functionality:

All the code is available to any developer who wants to take the original Postcard idea and run with it or modify it to suit another purpose.

"I don't want to be that developer who never admits their project is over when it's over," Newsome said. "Both myself and my users deserve better."

He hoped that Postcard would fundamentally change how people use social networks, but the idea of having your WordPress site as the host network for your social content never really caught on. Since many people do not host and maintain their own websites, the golden feature of this app probably went unused by the majority of those who tried it. The ability to broadcast the same content to multiple networks was likely the more popular feature. In the end, the Postcard iOS app was downloaded just 6,000 times.

Postcard's failure may be an indication that people are still not ready for decentralized social networking, where you host your own data and distribute it to third-party social networks at will. Given that the project was powered by a one-person team (a developer who is otherwise employed), Postcard had little chance of being able to keep pace with the development burden of external networks and their changing APIs.

Newsome may not have launched it with enough resources, or it may not have been the right approach or the right time. Multiple factors combined ultimately spelled Postcard's doom, but if any interested parties have the vision and time to revive it or fork it, Newsome is happy to assist in any small way. You can contact him directly via the Postcard post mortem blog or on Twitter.

26 May 2015 5:18pm GMT

Matt: Best of Thelonious Monk

Monk was the master of the single note, perfectly selected, timed, and struck so that it would have a symphonic amplitude. The asymptote of his music is a punctuated silence, which is why he was especially sensitive to his drummers and dependent on them to organize the music's forward motion.

The New Yorker reviews the 15 CD set, The Best of Thelonious Monk, which sounds like a lovely set of music to spend a weekend with.

26 May 2015 4:21pm GMT

25 May 2015

feedWordPress Planet

Matt: WordPress + Japan

Did you know that WordPress users in Japan have meetups dedicated just to eating crab in the Fukui prefecture? WP Tavern has has a fantastic article on Community, Translation, and Wapuu: How Japan is Shaping WordPress History. There is so much that is quotable, just check out the entire thing!

25 May 2015 10:53pm GMT

24 May 2015

feedWordPress Planet

Matt: Bosworth says Be Kind

Andrew Bosworth, one of the early engineers and leaders at Facebook tells the story about how he almost got fired in the early days despite being a top engineer. "If I was a good engineer, why would it be hard to work with me? Of course that question was the very foundation of my problem."

24 May 2015 11:45pm GMT

Andrew Nacin: Smarter algorithms, smarter defaults

Instead of showing the user an alert that something might not work, maybe we can build a smarter algorithm. Instead of asking the user to make a choice up front, maybe we can set a smart default and see if there is high demand after launch for more customization.

- Rebecca Rolfe on the Google Chrome team, interviewed in The Badass Women of Chrome's Security Team in Refinery29.

(More on making decisions, not options.)

24 May 2015 11:11pm GMT

Matt: Soaring SV Housing

Talent is leaving Silicon Valley because of high real estate costs. Today, the median price for a home just exceeded $1 million.

Why one in four Silicon Valley homebuyers wants to leave. Yep.

24 May 2015 1:38am GMT

23 May 2015

feedWordPress Planet

Matt: TC on Apple Watch

The John Biggs article on Why I'm Still Wearing My Apple Watch almost perfectly describes how I'm feeling about the watch right now. It is a very personal device, I've gotten attached to the little fellow, and I should probably start selling all my mechanical watches.

23 May 2015 12:55am GMT