04 Oct 2015

feedWordPress Planet

Post Status: How WordPress core development happens — Draft podcast

Welcome to the Post Status Draft podcast, which you can find on iTunes and via RSS for your favorite podcatcher. Brian and his guest co-host, Brad Williams discuss some of today's hottest, current WordPress news.

This week Brian and Brad talk about how to get involved in WordPress core, what to expect when you do, how to navigate the waters of core development. They also discuss term meta, its use cases, how it works, and why it's a great feature for WordPress 4.4.

Brad is guest hosting this week, as Joe is out. He's the co-founder of WebDevStudios, a co-organizer for WordCamp US, and wrote Professional WordPress Design & Development (my go-to book on WordPress development). You can follow Brad on Twitter @williamsba.


Direct Download


WordPress core development process:

Term meta:

04 Oct 2015 12:55am GMT

03 Oct 2015

feedWordPress Planet

WPTavern: WP101 Founded by Shawn Hesketh Turns 7 Years Old

Earlier this week, WordPress video training site WP101, founded by Shawn Hesketh, turned seven years old. Since launching in 2008, Hesketh's videos have been viewed more than a million times by over 500k people. He's also re-recorded the videos that make up the WP101 series 17 times. With seven years of experience under his belt, I asked Hesketh what he would have done differently in the beginning.

"From a technical standpoint, I wish I'd picked a solid membership plugin that would have enabled us to grow. We're planning a costly migration in the coming months, and a better membership plugin might have saved us the considerable hassle and cost," Hesketh told the Tavern.

Technical issues aside, Hesketh believes his business' success is largely due to his focus on serving people, "It's one thing to create an online course and hope people discover it. But it takes much more dedication to actually engage people on a daily basis, take the time to understand their goals, and then help them get clear on how to accomplish those goals," he said.

Hesketh doesn't have any regrets but wishes he launched the question and answer forum on the first day, "Its given me the opportunity to answer questions that may not be covered in our videos. That's the real value that WP101 brings to the table, real people helping others," he said.

WP101 launched around the same time as a lot of commercial theme shops such as iThemes, StudioPress, and WooThemes. Although WP101 doesn't sell commercial themes or plugins, Hesketh has carved out a space in the WordPress ecosystem that enables him to make a living. If you use WP101 or have in the past, I'd love to hear what you think of his videos in the comments.

03 Oct 2015 1:33am GMT

02 Oct 2015

feedWordPress Planet

WPTavern: The Top 100 Active WordPress Themes and Plugins on GoDaddy’s Hosting Network

It was a warm, sunny afternoon in Tempe, AZ as I walked with a group of GoDaddy employees on our way to lunch during Pressnomics 3 earlier this year. It's the first time I met Mendel Kurland, Christopher Carfi, and Kurt Payne in person. During lunch, we discussed a number of topics from the efforts made to change the company's image, to ideas that help the WordPress community.

I suggested to the team that GoDaddy create a billboard chart that shows the most popular themes and plugins used across its network. Not only would the information be beneficial to the company, it would also give the WordPress community valuable insight into what plugins and themes are used on a webhosting network with millions of customers.

Nine months after our discussion, GoDaddy turned the idea into reality with the Hot 100.

Top 100 Plugins and Themes of The WeekTop 100 Plugins and Themes of The Week

GoDaddy tracks which themes and plugins are activated across the millions of sites it hosts and puts the 100 most popular of each into a list. The list is generated each week and places the previous week of results into an archive allowing you to monitor trends.

Similar to the Billboard Hot 100, you can see the current rank of a plugin or theme, whether it's moved up or down, and what its rank was the previous week. With an influential list like the Hot 100, it would be easy to accept paid listings. Carfi, confirms it's not possible to purchase placement.

How the Lists Are Generated

The Hot 100 is determined by ranking the net change in the number of active installs of WordPress plugins and themes in aggregate across GoDaddy's hosting network. It looks at plugins and themes that are active at the time of the analysis and does not include plugins or themes that are deactivated.

Instead of using the total number of active installs, the Hot 100 looks at the week-over-week change in active installs. This enables the list to determine which plugins and themes are hot or part of a rising trend. It also prevents bias towards plugins that already have a large install base such as Jetpack.

Interestingly, themes on the list that are non-GPL are specifically noted and link to the Hot 100 instead of their corresponding theme page. In a post published to the Advanced WordPress Facebook group, Jeff King, Senior Vice President of Hosting at GoDaddy explains why.

One great recommendation and valuable bit of feedback we received is that, since the community embraces GPL, we should reflect that ethos in the Hot 100 list. While some non-GPL themes or plugins may occasionally show up in the list due to the fact that some non-GPL items still exist in the ecosystem, we don't necessarily need to link to them. As of next week, we'll be removing links to non-GPL themes and plugins.

The Hot 100 Is a Valuable Resource

Although WordPress.org provides stats for plugin and theme authors, you can't determine where they're being used. The GoDaddy Hot 100 gives the public and developers of popular plugins and themes an opportunity to see how well they're doing on one of the largest webhosts in the industry. While Jetpack and Akismet are the two most active plugins and seven default themes make up the top 10 themes, it's the 25th-100th rankings that I find interesting.

For example, Hello Dolly which ships with WordPress and is activated by default after installation is ranked 27th this week. Last week, it ranked 38th meaning a lot of new installs of WordPress have taken place. This indicates that even though a lot of customers disable the plugin at some point after installation, it remains active on many sites hosted by GoDaddy.

One of the largest jumps I've seen so far is the Image Widget plugin by Modern Tribe. It was ranked 95th last week and 31st this week. It would be interesting to know why a lot of new WordPress installs are activating this plugin on GoDaddy hosted sites this week versus last week.

The Hot 100 is a valuable resource and I encourage you to see if your favorite plugins and themes made the list. Although it's specific to GoDaddy, do you think the data is valuable? Would you like to see other large webhosting companies provide a glimpse into the most active WordPress themes and plugins used across their network?

02 Oct 2015 6:51pm GMT

WPTavern: Jetpack 3.7.2 Patches Two Security Vulnerabilities

Jetpack 3.7.2 is available for download and patches two security vulnerabilities. The first is a cross-site scripting vulnerability in the contact form due to improper input sanitation that affects Jetpack 3.7.0 and below. Marc-Alexandre Montpas of Sucuri is credited with responsibly disclosing the vulnerability.

The second is an information disclosure vulnerability present in certain hosting configurations responsibly disclosed by Jaime Delgado Horna of Listae. In addition to patching the vulnerabilities, 3.7.2 also fixes an error with the REST API that creates multiple drafts and published posts. Other notable fixes includes:

Montpas has additional information on the cross-site scripting vulnerability discovered in Jetpack on the Sucuri blog, including a timeline of events. Please update to Jetpack 3.7.2 as soon as possible to protect your sites.

02 Oct 2015 4:12pm GMT

01 Oct 2015

feedWordPress Planet

WPTavern: WPWeekly Episode 208 – A Nod to the King

In this episode of WordPress Weekly, Marcus Couch and I discuss the death of Alex King who was a pillar of the WordPress project. King passed away a few days ago from colon cancer. We share stories of meeting and discussing WordPress topics with King and describe his many contributions to WordPress. King will be dearly missed by the WordPress community.

During the second half of the show, we discuss upcoming changes in WordPress 4.4, the lessons I learned moderating comments on WP Tavern, and WordCampus renaming to WPCampus.

Stories Discussed:

Alex King, Founder of Crowd Favorite Passes Away
Alex King's Final Request
WP Super Cache 1.4.5 Patches XSS Vulnerability
Lessons I Learned Moderating Comments in WordPress
WordCampus Renames Event to WPCampus
WordPress 4.4 to Possibly Rearrange Fields to the Comment Form
WordPress 4.4 Removes the View Post and Get Shortlink Buttons From the Post Editor

Plugins Picked By Marcus:

Contact Form 7 Customizer allows you to alter items like spacing and button size of the contact form using the customizer.

View Admin As lets you simulate what a site looks like from a user with a specific role or capability.

Grayscale Images converts images to gray-scale and displays the colored image hovered over.

WPWeekly Meta:

Next Episode: Wednesday, October 7th 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #208:

01 Oct 2015 9:25am GMT

WPTavern: 6 WordPress Plugins That Take Native Comments to the Next Level

Last week, I shared the lessons I learned and the drawbacks to moderating comments in WordPress. In this post, I highlight six plugins that solve a problem I encountered or enhance comments for both readers and site administrators. All of the plugins are free of charge and available from the WordPress plugin directory.

Problem Solvers

Crowd Control

Crowd Control Plugin BannerI discovered that not all comments need to be moderated. Crowd Control, by Postmatic, gives readers the ability to report comments they feel don't adhere to a site's commenting policy.

When enabled, a new option is displayed on the General - Discussion settings page. You can configure how many reports a comment needs before it's sent to the moderation queue and whether administrators should be notified when it happens.

Crowd Control SettingsCrowd Control Settings

If an administrator approves a comment that's in moderation due to hitting the threshold, it won't end up back in the moderation queue. This gives administrators the last word on whether a comment is acceptable or not.

Crowd Control in ActionCrowd Control in Action

If you think a comment needs an administrator's attention or does not adhere to the WP Tavern commenting policy, hover over the comment and click the report button. A new column is added to edit-comments.php that displays how many reports a comment has. It's important to note that detailed information of who reported the comment is not saved to the database.

Reported Comments ColumnReported Comments Column

The system is open for abuse but I trust that the Tavern readership will use it responsibly.

Show Parent Comment

Comments that are pending moderation in the WordPress backend that are in response to another comment are hard to moderate. Show Parent Comment, developed by Stephen Cronin, adds a Show More dropdown to the edit-comments.php screen that allows administrators to see the text of the comment that a person is responding too.

Click to view slideshow.
I've used this plugin for more than two weeks and I enjoy the user interface. It looks and acts as if it's a natural part of WordPress. Chris Christoff created a ticket in Trac with the suggestion that a user interface element like the one in Cronin's plugin be added to core. If you have feedback on the best way to accomplish this, please add it to the ticket.

Enhancements to Native Comments


Epoch Plugin BannerEpoch is a plugin developed by Postmatic and a few other contributors that enhances WordPress' comment system. Unlike services such as Disqus or Livefyre that replace the comment system, Epoch adds features to WordPress' native comments. This allows you to keep comments within your database at all times without relying on a third-party.

Epoch applies a series of visual enhancements to the comment form. Replies from the post author are a different color from regular responses and the date and time the comment is written is displayed at the top. Epoch also uses Ajax to send and receive comments which eliminates the need to refresh the page.

Click to view slideshow.

Epoch has a front end moderation capability that allows site administrators to approve, trash, or spam comments. Unlike the native comment form, Epoch doesn't load the comments unless the browser reaches a certain point on a post or is accessed via a direct link.

In most instances, the comment form loads quickly but on certain mobile devices, the lack of speed is noticeable. The team is aware of the performance issues and is attacking the problem with a three stage approach.

Epoch relies on JavaScript to function so if a visitor browsing your site has JavaScript disabled, the comments don't load. Again, the team is aware of this issue and is creating a fallback to WordPress' native comment system if the files can't be retrieved from its CDN or JavaScript is disabled.

Basic Comment Quicktags

Basic Comment Quicktag Plugin BannerIn WordPress 4.3, the allowed HTML tags text displayed near the comment form was removed. The tags were removed because they're note relevant and confusing to most users. While I agree that the text is not relevant, I think the comment form should have basic text formatting buttons so readers don't have to remember and manually type HTML tags.

Basic Comment Quicktags in ActionBasic Comment Quicktags in Action

Once Basic Comment Quicktags is installed, navigate to Settings - Discussion and check the box to enable them for comments. When enabled, the comment text area will have Bold, Italic, Link and Quote buttons. The best part of this plugin is that it exposes a built-in core feature using the Quicktags API added to WordPress 3.3. Text formatting buttons in the comment area is a courtesy I'd like more site owners to give to readers.

Simple Comment Editing

Simple Comment Editing Plugin BannerSimple Comment Editing, developed by Ronald Huereca, adds the ability for readers to edit their comments in a limited time frame. By default, readers have five minutes to edit their comment once it's submitted. Although no configuration is necessary, you can alter the time and behavior of the plugin by using actions and filters. I've changed the time limit to 15 minutes on the Tavern to make sure readers have plenty of time to make edits.

Simple Comment Editing Countdown TimerSimple Comment Editing Countdown Timer

With Simple Comment Editing installed, the amount of contact form submissions and requests to edit a comment have gone down considerably.


Postmatic Plugin BannerPostmatic is a plugin that ties into a service and has a number of features. Readers can subscribe to posts or to comments and receive updates via email. Postmatic has a beautiful email template that shows the most recent reply, the commenter's Gravatar, and a recap of the post and conversation.

Postmatic Comment Email TemplatePostmatic Comment Email Template

Readers can respond to comments via email without having to visit the comment form. Site administrators can reply, trash, or submit comments to Akismet via email. It's important to note that Postmatic is not a third-party commenting service. Instead, it uses the native comment system in WordPress allowing you to keep and own your data at all times.

While I moderate comments from the WordPress mobile app or the WordPress backend, Postmatic is a great fallback. I also think the email template looks great and offers a better user experience than the comment notification emails provided by WordPress. Postmatic does a lot more than what I describe above but for the purpose of this article, I focused on the comment portion of the service.

Postmatic is a new addition to the Tavern that I encourage you to try. After trying it out, please tell me about your experience. I especially wany to know if it's easier to keep track of and take part in conversations.

Notifications That a Comment in Moderation is Approved

One of the problems I've yet to solve is being addressed by a number of WordPress contributors in ticket 33717. If all goes well, it's possible this feature will be added to WordPress 4.4. Once added, readers whose comments end up in the moderation queue will automatically be notified by WordPress when it's approved.

It's Not Perfect but It's an Improvement

Even with all the features these plugins provide, I don't think the comment system in WordPress or the form on WP Tavern is perfect. I'm not sure if perfection of either can be achieved. However, I think both are improvements over the previous iterations. If there's a plugin you use to improve WordPress' native comments or its moderation system, let me know about it in the comments.

01 Oct 2015 8:28am GMT

29 Sep 2015

feedWordPress Planet

Donncha: The Web Won’t Forget Alex King

If you use a WordPress site, either as a visitor or owner, you're using code that Alex King, one of the original developers of WordPress, worked on.

He passed away after fighting cancer for 2 years but his online presence lives on in the form of his blog with it's deep archive of posts going back years, and in so much code that it's humbling to look at his projects page. Looking through the svn log of WordPress trunk shows he still had a hand in helping the WordPress project until relatively recently:

trunk$ svn log|grep alexkingorg
props alexkingorg for the initial, long-suffering patch.
props alexkingorg. fixes #24162.
Props alexkingorg
`wp.media` instead of just `media`. props alexkingorg, see #22676.
Add $post_ID context to the pre_ping filter. props alexkingorg, devesine. fixes #18506.
Add filter so the users can select custom image sizes added by themes and plugins, props alexkingorg, fixes #18520
esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
Escape links by default. Props alexkingorg. see #13051
Safely include class-json.php, class-simplepie.php and class-snoopy.php, props alexkingorg, fixes #11827
Fix user creation from admin after changes for #10751. Fixes #10811 props alexkingorg.
Hooks needed to allow alternate category admin inteface. Props alexkingorg. fixes #3408
Wrap cat name in CDATA. props alexkingorg. fixes #3252

I'm sorry I never met Alex, however I remember working virtually with him and Adam Tow on AllThingsD which seems like a lifetime away now. Adam has a great article on Alex on his blog, as does Matt who went into detail about Alex's involvement with WordPress going back to the days of b2. I had completely forgotten the CSS competition he mentioned!

Alex, your legacy lives on.

Related Posts

29 Sep 2015 8:44pm GMT

WPTavern: WordPress 4.4 Removes the View Post and Get Shortlink Buttons From the Post Editor

In WordPress 4.4, the View Post button in the post editor is disappearing in favor of a clickable permalink. Four years ago, Scribu, who is a former WordPress contributor, created ticket #18306. In the ticket, Scribu explains that the View Post button is redundant functionality and suggests that it be removed in favor of a clickable permalink.

Here are two screenshots of the post editor. The first is WordPress 4.3 and the second is WordPress 4.4. Clicking the permalink allows you to preview the post in its current state. Notice the slug part of the URL is in bold. You need to click the Edit button to edit the permalink.

WordPress 4.3 Post EditorWordPress 4.3 Post Editor WordPress 4.4 Post EditorWordPress 4.4 Post Editor

Not only does this change remove redundant functionality, it removes a UI element from the page. Enhancements like these are a huge win for WordPress because it makes the interface simpler without permanently removing the button's purpose.

In addition to the View Post button, the Get Shortlink button is also removed. The button shows up if you're using a custom shortlink and can be re-enabled using code or a plugin. For most users, the Edit button is the only one they'll see between the post title and content box.

I expect some users will be frustrated as they go through the process of changing their workflow but overall, I think it's a great improvement. What do you think?

If you're using the WordPress beta testing plugin by Peter Westwood, I encourage you to set it to bleeding edge nightlies and update your site. You'll be able to test this change and others during the WordPress 4.4 development cycle.

29 Sep 2015 7:22pm GMT

Matt: Remembering Alex King

Alex speaking at WordCamp SF 2009One of the original WordPress developers, Alex King, has passed from cancer at far too young an age. Alex actually got involved with b2 in 2002 and was active in the forums and the "hacks" community there.

Alex had a background as a designer before he learned development, and I think that really came through as he was one of those rare people who thought about the design and usability of his code, the opposite of most development that drifts toward entropy and complexity. One of my favorite things about Alex was how darn tasteful he was. He would think about every aspect of something he built, every place someone could click, every path they could go down, and gave a thoughtfulness to these paths that I still admire and envy today.

As an example look at his project page (essentially a category archive) for the Post Formats Admin UI, isn't that clever and intuitive how the posts connect together, and when more time passes in the thread it's shown as a break. It's classic Alex: something simple and thoughtful that in hindsight is so gobsmackingly obvious you wonder why everything doesn't work that way, but you never would have imagined it beforehand. And Alex wouldn't just imagine it and do it for himself, he released his best work as open source, as a gift to the community and the world, over and over and over again.

Back when WordPress was getting started Alex was a celebrity of the b2 world, his hacks (plugins before plugins) were some of the coolest ones around. We had a ton of overlapping interests in web standards, photography, development, and gadgets so we frequently read and commented on each other's blogs. I would never miss a post on his site, and that's back when we were both doing one or more posts a day. To get a sense of Alex it's worth exploring his blog - he was a clear thinker and therefore a clear writer. The straightforward nature Alex wrote with was something I always admired about him.

We discussed WordPress early on, Alex signed up to help with what later became the plugin directory, and his CSS competition (look at those prizes! and notice it's all GPL) was hugely influential on the path to themes, and he officially became a contributing developer in August of 2003.

The list of what Alex was one of the first to do in the WordPress community is long, and in hindsight seems gobsmackingly obvious, which is the sign of innovation. I smile when I think of how he moved from the Bay area to Denver before it was cool, or his love of scare quotes. Once there was something going on in WordPress and he called me to talk about it, I was so surprised, he said the number was right on my contact page (and it was) but even though it had been there for years no one had ever called it before, but that was just the type of person Alex was, always reaching out and connecting.

Adam Tow, myself, Barry Abrahamson, Alex King; Photo from Adam Tow's post.

I'm not sure how to include this next part: I couldn't write last night - I was too tired. After falling asleep I had one of those super vivid dreams that you can't tell are dreams. There had been some sort of mix-up on Twitter and Alex was still alive, I visited Colorado with my sister and saw him surrounded by family at a picnic table, all the rooms were taken so they put me on a floor mattress where I slept. Tons of his friends were around and we took pictures together, he was excited about the better front camera on the 6s+. (Alex understood mobile all the way back to the Treo days.) It was all very ordinary and in a group setting, until we decided to walk alongside a small highway, past some grain silos, to meet the group at a bar. The walk was just the two of us and we talked and laughed about the big mix-up and he asked about this post, what was going to be in it. He got most excited and emphatic with the part about him being a developer with great taste, and a clear writer William Zinsser would be proud of, so I like to think that those were two things he was proud of. The overwhelming emotion I remember was joy. Waking up was disconcerting, part of me wants to believe part of Alex's spirit was there, where another more logical part thinks my mind was just going through the denial stage of grief. Regardless I know that Alex will stay in the minds of people who knew him for many years to come.

Code that Alex wrote still runs billions of times a day across millions of websites, and long after that code evolves or gets refactored the ideas and philosophy he embedded in WordPress will continue to be part of who we are. Alex believed so deeply in open source, and was one of the few people from a design background who did. (Every time you see the share icon on the web or in Android you should think of him.) I like the idea that part of his work will continue in software for decades to come, but I'd rather have him here, thinking outside the box and challenging us to do better, to be more obvious, and work harder for our users. He never gave up.

29 Sep 2015 5:57pm GMT

WPTavern: Alex King, Founder of Crowd Favorite Passes Away

Alex King with his daughter HeatherAlex King with his daughter Caitlin

Alex King, who founded web development agency Crowd Favorite, and author of several WordPress themes and plugins passed away last night at his home. In January 2013, King was diagnosed with stage four colon cancer. He used his blog to tell the story of his fight to stay alive.

On August 24th, King finished the first cycle of a new clinical trial that he says went well.

I'm nearly through my first cycle of the new clinical trial and overall I think it's gone pretty well. I was able to get the 6 pills/day (3 in the morning, 3 in the evening) without too much concern. That said, by the end of the 5 days taking the pills I would basically sleep for the day.

On the same day, he published what would be his final request to the WordPress community. King requested that anyone with memories of him and his career to submit them to his wife.

One of the things my wife and I are trying to do is put together some information about my career that will hopefully give my 6 year-old daughter a better sense of who I was as an adult. She knows me as "dad", but when she gets older she'll be curious about who I was to my peers and colleagues.

If you have any memories of King, please honor his request and submit them to his wife.

Outpouring of Support

As the news of King's death spread throughout the community, many shared grief on Twitter while others reflected on his accomplishments in WordPress.

Most #WordPress users will never know how important @alexkingorg was to our CMS. A great loss to the community. https://t.co/JPtI3gMfE7

- Name cannot be blank (@mor10) September 28, 2015

alex king (@alexkingorg) was an incredible asset to #wordpress. he will be missed.

- Tom McFarlin (@tommcfarlin) September 28, 2015

Things @alexkingorg committed to WordPress: Rss feeds for comments, password protected posts, comments having linkable URLS, & Localization.

- Aaron Jorbin (@aaronjorbin) September 28, 2015

So sad to hear of the death of @alexkingorg. One of the original WordPress developers. RIP.

- Mike Little (@mikelittlezed1) September 28, 2015

Very sad to hear about the passing of @alexkingorg - smart, analytical, kind, every time I met/talked w/ him.

- Cory Miller (@corymiller303) September 28, 2015

One of the earliest @techstars mentors passed. An original @wordpress developer w/ @photomatt, @alexkingorg embodied #givefirst perfectly.

- Micah Baldwin (@micah) September 28, 2015

In addition to Twitter, many published their thoughts and memories of King on their site.

King's Impact on WordPress Early On

King is one of a handful of people who witnessed the transition from b2 to WordPress. He's one of the earliest WordPress developers and is largely credited with motivating developers to build themes using the template engine in WordPress 1.5.

Alex King wrote a CSS Style Switcher hack, which came with three CSS stylesheets. Not everyone who had a WordPress blog wanted to create their own stylesheet, and many didn't know how. Users needed a pool of stylesheets to choose from. To grow the number of stylesheets available, Alex ran a WordPress CSS Style competition. Prizes, donated by members of the community, were offered for the top three stylesheets; $70, $35, and $10 respectively. - WordPress History Book

In the first contest, King received 38 submissions with Pink Lillies by Naoko Takano winning first place.

Pink Lillies Wins First Design ContestPink Lillies Wins First Design Contest

Each sylesheet submitted to the contest was available to the public. In essence, King's website was an early version of the WordPress theme directory. In the second contest, he received over 100 submissions. In total, King hosted 138 themes on his site. He decided not to host the competition again in 2006 due to the sheer amount of work required.


King appeared on several different WordPress podcasts and spoke at a number of WordCamps. Here are links to a few of them.

My Memorable Experience With Alex King

The last time I spoke to King in person was at WordCamp San Francisco 2013. A group of us rode together in a party limo complete with blinking lights inside. I sat across from him and asked a few questions related to his health. I also asked him about the early days of WordPress. King was a soft-spoken man who at times is hard to hear but it turned out to be a great and memorable conversation.

The WordPress community has lost an inspirational person and a pillar of the WordPress project. My deepest condolences go out to his friends and family. King is survived by his wife Heather and his daughter Caitlin.

29 Sep 2015 2:42am GMT

28 Sep 2015

feedWordPress Planet

Post Status: Rest in peace, Alex King

The prototypical WordPress developer and blogger, Alex King was a tremendously influential member of the WordPress ecosystem.

He was one of a very small group of people involved during the transition of b2 to WordPress. He helped to create the website that would become the first WordPress.com VIP client. He started the first WordPress-centric consulting agency. He was fundamental to the development and direction of dozens of WordPress features. He even created a small icon that would go on to become the ubiquitous "share icon".

Alex was a selfless contributor, a driven entrepreneur, and a friend to many. He was also a husband to Heather and a father to Caitlin.

In addition to web work, Alex loved golf and photography. His blog is an outstanding example of the art, where he logged his story, his passions, and his challenges. I could not possibly tell his story better than he himself can.

Following are more valuable links to help remember Alex:

Today is a sad day for the WordPress community, and Alex King will be missed. May he rest in peace.

28 Sep 2015 8:29pm GMT

27 Sep 2015

feedWordPress Planet

WPTavern: WordPress 4.4 to Possibly Rearrange Fields to the Comment Form

WordPress plugin and theme developers need to take note of an important change in WordPress 4.4 that rearranges the comment form. In WordPress 4.4, the comment form is arranged so that the text area is displayed first followed by the name, email, and website fields.

Comment Text Area is FirstComment Text Area is First

According to Aaron Jorbin, WordPress core developer, the change improves navigation when using the keyboard to toggle through fields. It also makes it easier for users to leave comments.

Since the change requires filters and actions to run in a different order, the HTML output by comment_form will be different. Jorbin explains that if developers use any of the hooks inside comment_form, especially comment_form_field_comment and comment_form_after_fields, developers should test their themes and plugins using WordPress 4.4 nightlies.

If you run into any problems or inconsistencies, please report them to ticket #29974. What do you think of the change? Do you think readers want to write their comment first instead of filling out the other three fields?

27 Sep 2015 7:02pm GMT

WPTavern: WordCampus Renames Event to WPCampus

WPCampus Featured ImageWhen WordCampus was announced, some of our readers expressed concern that the event's name is too similar to WordCamp US and would cause confusion.

There was also concern that without being officially sanctioned by WordCamp Central, the event would infringe the WordCamp trademark that is owned and protected by the WordPress Foundation. To alleviate these concerns, the organizing group changed the name from WordCampus to WPCampus.

Rachel Carden, one of the event's primary organizers, says the team had a backup plan from day one, "While most of the community agreed that the name WordCampus was spot on, the possibility of changing our name was proposed from day one as WordCampus was being confused with WordCamp US," Carden said.

"As much as we love WordCampus, we didn't want it to get in the way of what we hope to achieve, so the topic was passionately discussed at a planning meeting. The entire community cast their votes for a new name and WPCampus was selected as the clear winner," Carden told the Tavern.

More than 250 people have expressed interest in WPCampus. If you're interested in speaking, sponsoring, or attending the event, please fill out the survey.

27 Sep 2015 5:25pm GMT

26 Sep 2015

feedWordPress Planet

Matt: Cars should be Open Source

"The reality is that more and more decisions, including decisions about life and death, are being made by software," Thomas Dullien, a well-known security researcher and reverse engineer who goes by the Twitter handle Halvar Flake, said in an email. "But for the vast majority of software you interact with, you are not allowed to examine how it functions," he said.

The Times has a great look at hacker and car manufacturer mishaps and makes the case over and over again for Open Source. It's great to see more of the world waking up to the importance of open source.

26 Sep 2015 6:18pm GMT

25 Sep 2015

feedWordPress Planet

WPTavern: Freenode to Purge Inactive Nicks, Channels, and Accounts on October 2nd

photo credit: 13Moya 十三磨牙 - ccphoto credit: 13Moya 十三磨牙 - cc

Freenode, the IRC network responsible for hosting communication servers for WordPress and many other open source projects will be performing maintenance on or around October 2nd. Freenode will remove expired nicks, channels, and accounts.

Although a lot of people have switched to SlackHQ from IRC to communicate in real-time, the WordPress support channel with hundreds of users still exists on Freenode with no plans to move it to Slack.

If you have a registered account on Freenode and have not identified with the service in 120 days or more, you must authenticate your account before October 2nd. You can do this by connecting to Freenode and using the /msg nickserv identify command, then enter your password.

If you've forgotten your password, use the /msg nickserv sendpass command to recover lost passwords. Alternatively, use the /msg nickserv help sendpass command to receive help recovering your password.

It's especially important for users who have registered channels on Freenode to authenticate or else the username and channels associated with it will be removed.

25 Sep 2015 6:57pm GMT

Donncha: WP Super Cache 1.4.5

WP Super Cache is a fast caching plugin for WordPress. It will help your site run faster and serve more traffic.

This is a security and bugfix release.

When you upgrade, your "legacy cache" files for logged in users will be deleted. This may have an impact on your site:

Your site will suddenly have to generate new cache files for all visiting known users.

Relying on caching like this is not recommended for these types of users as it's very inefficient. Each user has a separate cache file that must be checked whenever the plugin does administration work like cleaning up stale cache files.

If most of your traffic is anonymous users who don't comment you don't need to worry about this.

Directory Listings

If a server is configured to show directory listings it will show files and directories in the cache directory to visitors who access those directories directly through their browser. This might reveal private posts, and in the case where legacy caching is enabled for known users the login cookie was stored in ".meta" files that could be downloaded.


Files named "index.html" were added to the main cache directories to stop remote users viewing the contents of the cache directories. Unfortunately it's not possible to add empty index.html files to the supercache directories because those files could be served by accident to legitimate visitors of the site. However, the plugin will also add a directive that disables directory listings to the file cache/.htaccess. You can now also change the location of the cache directory on the Advanced Settings page of the plugin. If you can't disable directory indexing on your server and you have private posts you should change this location and use PHP mode to serve cache files.


If a directory index is found in the cache directory it will show a warning like this to administrators:

index.html warnings

Clicking the logout link will log everyone out, except the user who clicks it, but it guarantees that the login cookies are updated, just in case someone has copied the cookie from an old meta file.

Directory Traversal and File Deletion

User input in the settings page wasn't properly sanitised. The code that sanitised directory paths when deleting cache files wasn't secure and might allow an attacker to view or delete files named index.html. Deletes are protected by a nonce, limiting the useful lifetime of the URL however.

PHP Object Injection

The plugin used serialize and unserialize to store data in "legacy cache" meta files. This might be used to perform a PHP object injection attack. Serialised data is now stored as JSON data.

The format of legacy cached files has changed. The files in the meta directory no longer have a .meta extension. They are .php files now and each file has a "die()" command to stop anyone loading them.
The data stored in those files is now stored as JSON serialised data. The login cookie is an MD5 hash now as well.
When you upgrade the plugin your existing legacy cache files will be deleted and regenerated as visitors use your site.

Apart from those security fixes there have been a number of enhancements and bugfixes:

This release wouldn't be possible without the help of Brandon Kraft, Dane Odekirk, Ben Bidner, Jouko Pynnönen and Scrutinizer. Thank you all!

Related Posts

25 Sep 2015 5:19pm GMT