WordPress Digest #5

Welcome to the fifth installment of my WP Digest. This is the blog version of our internal bi-weekly email which we use to inform, enlighten, and titillate our minds on some of the latest happenings in WordPress-land.

Release News

  • WordPress 4.3.1 security and maintenance release came out a couple weeks ago. This patches an XSS vulnerability when processing shortcode tags and another XSS related to the user list table. It also patched a bug where users without proper permissions could publish private posts and make them sticky. There are 26 other bugs patched in this release that you can read about here.
  • Some major improvements and upgrades are coming to multisite in WP 4.4. WP_Network has been committed to core, WP_Site will follow soon, *_network_option() will be replacing *_site_option(). Two improvements I am personally looking forward to (WP_Site_Query and WP_Network_Query) are looking like long shots for 4.4 and may wait until 4.5, but there’s always a chance.
  • Support for a feature so old and antiquated that I forgot it even existed has now been removed. “my-hacks.php” is dead.

Extending WordPress

  • Gravity Flow is a plugin that extends Gravity Forms by adding in customizable workflows. The use cases for this are super broad – basically any process that starts with a form and needs some kind of approval process; think HR, sweeps, productivity tools, etc. It was built by developers from Gravity Forms, so it’ll be very well supported and documented and won’t suffer from some of the bugs that other 3rd party add-ons have. Very cool stuff. More about this plugin.
  • The oEmbed Feature Plugin is chugging along, jumping the various hurdles necessary to become a part of the WP core. In the past few weeks they’ve seen new language translations (13 in total now), major improvements to performance and embed handline (including 404s and redirects for changed urls), better Rest API support, better multisite support, emoji support, etc.
  • WordPress REST API has had a lot of movement in the past couple weeks. The team behind it is pushing towards inclusion in WP core and lots of progress has been made. Check out the REST API Merge Proposal, it’s a fantastic overview of the project that shows why it makes total sense.
  • WP Engine has release a free Ebook guide to the Rest API that’s definitely worth a look if you are interested in jumping in and using the API. Download The Ultimate Guide to the WordPress REST API.
  • WP Super Cache version 1.4.5 was released last week and patches an XSS vulnerability as well as some other bugs and potential security problems. WP Super Cache is one cacheing plugin among many, but it has a bit more traction in that it is the recommended cacheing plugin for Rackspace Cloud Sites. If you are using it, update it!
  • The WordPress folks are working on building out metadata for taxonomy terms, and the biggest issues (as is the case with many new core features) is compatibility with plugins and customizations. I personally cannot wait until this functionality is part of core. We typically use the wp_options table to store taxonomy metadata now and it makes a lot more sense for it to have it’s own functions and DB tables. They’ve broken down the areas of concern and developers who build custom WP themes for clients (hint: Us) and custom plugins should absolutely read through and take note of any changes that need to be made.
  • WP Comment Humility is a plugin that moves the comments interface in the WP admin to a sub nav item under “Posts”. This is a logical move for sites that use post comments but not comments elsewhere in pages or custom post types.
  • WP User Activity is a new plugin that tracks logged in user behaviors in the Admin. Could be very useful for sites with lots of editors that need greater accountability for actions.

WP Drama

The dirty side of dev.

  • The WordPress Foundation filed a lawsuit against Jeff Yablon for trademark infringement earlier this year. The suit was recently settled out of court. Read out the results here, but long story short: Yablon got his ass handed to him. Lesson to take away: “open source” does not equal “pretend it’s yours”.
  • WordPress co-founder Matt Mullenweg has commented on the TechCrunch article “Move Over Slack? Automattic Mulls Commercializing its Own Internal Messaging Product” because it wasn’t a direct quote and missed the mark a bit: “Slack has become a really key tool for both Automattic and WordPress.org and anything we do with the evolution of P2 (some of which we already have running internally) will be complementary to Slack, not competitive with it.”

Misc

I don’t know where to file this crap.

That’s all for now. Check back in two weeks for another rundown.