WordPress Digest #1

Welcome to the first installment of my WP Digest. This is the blog version of our internal bi-weekly email which we use to inform, enlighten, and titillate our minds on some of the latest happenings in WordPress-land.

Release News

WordPress 4.2.4 Security and Maintenance Release was pushed out today. This fixes 6 issues, including 3 possible XSS vulnerabilities, an SQL injection vulnerability, and a few other things. If you would like more info on this release: blog post | release notes | list of changes.

WordPress 4.3 is set to drop on August 18. The release candidate is out now if you want to take a look. There is a nice run down of new features in the “dev-notes” tag for this release here: https://make.WordPress.org/core/tag/dev-notes+4-3/

Here are the pieces I found interesting:

  • COMMENTS TURNED OFF ON PAGES BY DEFAULT
    Rejoice, for sanity has won the day. Comments still on for posts by default, but this at least solves this annoying issue.
  • Singular.php added to Template Hierarchy
    I like this one. Check it out.
  • WYSIWYG Editor Enhancements
    Not a major improvement, but gives clients a new way to edit their content.
  • Get Transient Now More Strict
    We haven’t done a lot with transients to this point, but if it’s been on your radar, worth looking into.
  • More Password and Account Security
    • Password generator added
    • No longer emailing passwords to users
    • Password reset links now expire in 24 hours by default
    • When a password or e-mail changes, wp sends an e-mail (in the case of e-mail, to your old address). These can be disabled via the send_pass_change_email and send_email_change_email filters (just have them return false)
  • Site Icons
    This release adds the ability to manage favicons and mobile icons from WP. This is more of a feature geared towards themes being built for broader commercial use, since our stuff we typically just build favicons and icons into the theme, but worth noting that this stuff exists now.
  • Changes To Multisite
    Again, not something we use often, but worth the read if you are interested.

Extending WordPress

Some news in the realm of pushing the boundaries of WordPress and extending its capabilities.

  • EPOCH plugin for realtime commenting
    From the creators: “the goal: to provide a realtime commenting/chat experience using fully native comments while being compatible with page caching, CDNs, mobile, other comment plugins, and SEO best practices.”
    This looks to be a great competitor for Disqus and uses native comments so everything is housed in one spot. Definitely worth investigating deeper when we have another project that needs robust commenting.
  • Automated Slack invitations
    Nice little plugin that allows users to enter their email to get an invitation to a slack channel…good for large user groups and lazy slack admins!
  • PeepSo
    The newest, and really ONLY, competitor to BuddyPress in the realm of social network WP sites. It’s open source and comes with a ton of free features and some commercial add-ons available, too. Again, we don’t do too much (or really anything) in this world, but worth keeping in the back of our minds.
  • WordPress REST API: Coming soon to WP Core
    The WP REST API is going to be merged into the WP Core in the relatively near future. This is cool. In anticipation of this, the devs want to make the thing pretty damn-near bulletproof first. They posted up a request for people to reply with how they are using the API and there’s some interesting stuff in there. Take a look: https://make.WordPress.org/core/2015/07/23/rest-api-whos-using-this-thing/.

WP Drama

The dirty side of dev.

  • WordPress released a security update a couple weeks ago that contained breaking changes to the shortcode API. The change affected an edge-case where plugin and theme devs were using the shortcode API in ways that WP devs never really intended (which is part of the beauty of WordPress). ANYWHO, the security release was pushed out and sites auto-updated and lots of shit broke. Devs were mad. “Why no heads up?”, “We should have had time to prepare!”, etc etc. I personally fall on the side of the WP people with this issue in that they identified a security risk and rather than waiting to release it, they pushed it out to close the holes proactively. Better to have a broken plugin for a day or so than a hacked website. Here are some viewpoints and more info on the issue:
  • Thesis, Automattic, and WordPress | Mullenweg vs Pearson: A Conflict of Ideology
    Interesting article about the rivalry between Chris Pearson (founder of DIYthemes and pioneer of the early WP commercial theme business model) and Matt Mullenweg (co-founder of WP, founder of Automattic). Worth a read if you have the time (it’s long).

Misc

I don’t know where to file this crap.

  • WordPress Podcast Roundup
    Like podcasts? Well this fella wrote up a nice little round up article of some of the best WP-themed podcasts. If you are like me, that sounds pretty insufferable, but hey, to each his own.
  • WordCamp US
    The first ever WordCamp US will be held in Philly, Dec 4-6. This takes the place of the long running WordCamp San Francisco and expects roughly 2000 attendees. There will be two days of programmed sessions on Friday and Saturday and a full day contributor event on Sunday. Tickets are not on sale yet, but I’ll keep you informed as things shape up over there.

That’s all for now. Check back in two weeks for another rundown.