WordPress security issues come and go, and while some stay because it’s tough to get the crud out, other times it’s because site owners overlook an important part of keeping their hosts protected: file permissions.
A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.
Matt Mullenweg warns against web hosts and other security announcements that place the blame on the WordPress software without first checking if proper file permissions are in place.
Devlounge has an old but still applicable article on protecting your wp-config.php files, for starters. This article on WP Tavern also tackles the issue above and shares more file permission advice especially on shared hosting accounts.
Two of the biggest new features, custom menus and multi-site support, are in place, while as with the previous beta you’ll notice a much lighter admin area. Also visit this page to check out known issues, and report those others that aren’t on the list.
You can download WP 3.0 RC 1 here or automatically upgrade with the Beta Tester plugin.
There’s been a bit of a slowdown in the WordPress RC and final release schedule yet again, but here’s an important heads up from this week’s developer chat: In an effort to reduce server memory consumption and delays in the releases, WordPress 3.0 is dropping several core features. One is the WordPress Importer, which can then be installed as a plugin.
Another is the TinyMCE script, the most popular WYSIWYG editor out there. It’s not clear if eliminating it is a permanent move since a lot of people are dependent on creating properly formatted posts with it, but more details should follow when the new WP 3.0 releases come.
Read updates on the rest of the WordPress developer chat for 5-20-10 here.
There are a lot of helpful tips for organizing a WordCamp that can be found at the official WordCamp how-to site, but what’s got people buzzing is the announcement of stricter guidelines about who can and can’t be associated with an event, from individuals to companies in various roles as organizers, speakers, and sponsors. This all depends on whether they comply with WordPress philosophies.
Lately there have been a number of WordCamps accepting speakers, sponsorships, door prizes, etc from people/companies acting in violation of the WordPress license (GPL v2) with regard to their themes/plugins. It is the official policy of WordCamp that WordCamps not provide publicity/a platform for such individuals/businesses. They are welcome to attend, but WordCamps may not have non-GPL-compliant people as organizers, sponsors, or speakers.
It’s only fair that WordPress stand its ground on matters relating to the GPL, WordCamps included. For participants who aren’t as familiar with the software, its community, and philosophy, WordCamp is the perfect venue to discuss those things.
I’m curious to see if any part of this controversy will affect the upcoming WordCamp Philippines 2010.
The complete list of guidelines can be found at WordCamp Central.
Look how far WordPress has come in the span of a year. We’re still awaiting the final release of WordPress 3.0 for the much-touted WordPress MU/Multi Site merge, but we’re also getting a bunch of other exciting, game-changing features such as custom post types, a new default WordPress theme every year, canonical plugins, security checks, and more.
Can’t wait to see what will be added to this keynote when WordCamp Philippines 2010 comes around in October.
Following the successful post-WordCamp San Francisco code sprint, we are now ready to release the second beta of WordPress 3.0.
The update focuses on improvements to the menu interface and the WordPress importer/exporter. Everyone is encouraged become a beta tester with the help of the beta tester plugin.
WP Tavern has posted notes from Matt Mullenweg’s State of the Word at the 2010 WordCamp San Francisco. In it, Matt emphasizes the growth of WordPress into one of the most popular content management systems today: from the admin interface, to the number of plugins, to the upcoming features in WordPress 3.0: WordPress MU merge, menu navigation system, custom post types, and more.
Roughly 74% of WordPress sites are being used as blogs and content management systems. This is up from about 40% last year. It’s the fastest growing use case of the software. About 80% of people are making money from WordPress. 22% WordPress is their day job. 18% from custom development and hosting, 12%.
Other things to take from the talk:
- A new default WordPress theme will be created every year. This year’s Twenty Ten features custom post headers and backgrounds.
- WordPress should be as accessible as possible: the Post By Email feature will be turned into a canonical plugin.
- WordPress.org will be redesigned.
- Release cycles will go from 3 per year to 2.
- On security issues: Automattic will work with web hosting companies to help protect its WordPress users, via a mailing list, security checks, and a list of best practices.
Mashable also conducted an interview with him, which covers pretty much the same things discussed at WordCamp. Watch it below:
The Akismet blog posts a 9-point summary of their findings over the last 5 years they’ve spent combating web spam. It’s a fascinating peek into the different types of spam out there, which has established itself as a highly organized and thriving business in various parts of the world.
Abe Olandres of YugaTech speculates that the first point on the list about human-posted spam, which is reportedly rampant in Southeast Asia, may very well be coming from the Philippines:
They didn’t really mention the Philippines but we all know that among the countries in South-East Asia, the Philippines is the top English-speaking country.
Another interesting discussion is on trackbacks and pingbacks, which are prone to the most abuse by both spammers and unwitting but legitimate bloggers that it’s not a feature anymore, but a nuisance.
Per the updated project schedule at the WordPress Development Updates blog, the last couple of release dates for WordPress 3.0, both the release candidates and final versions, have been pushed back by several weeks:
- May 1: Begin RC
- May 15: Launch WordPress 3.0
Since we have a beta version already out, the extended wait doesn’t seem so long now. That also means more time to get WordPress plugins and themes ready for the big update.
WordPress.com users can now enjoy a mystery feature called “Surprise Me”, which can be activated under the Personal Settings page under Global Dashboard > Profile. The announcement won’t reveal what it will actually do, but both the New York Times and BusinessWeek write about it.
They described their creation as an “emotional plug-in,” a virtual artwork to celebrate the “sacred act of publishing,” which the Web has transformed as fundamentally as Gutenberg did and which is, in turn, transforming society.
“Surprise Me” is the result of a collaboration between Matt Mullenweg and artist Evan Roth and was first presented at the 7 on 7 event, which brought together artists and technologists to create a project in under 24 hours.
WordPress 3.0 is not far along now, here’s Beta 1! We’ve been covering the many features packed in this release but if you can’t wait, go ahead and take the early release for a spin.
As usual this is the first of the pre-releases before the final version comes out (in a month or so) which means take precautions when using it. If you’d like to help with development through testing, download WordPress 3.0 Beta 1 now.
VaultPress is a premium offering from Automattic that lets you backup and even more interesting, protect your WordPress-powered site:
In the future, if your site is tampered with in any way, we’ll know within minutes and can take appropriate steps. The VaultPress core engine will be able to protect you against zero-day security vulnerabilities by updating your blog with hot-fixes, even while you sleep.
VaultPress runs as a plugin that runs and responds in real-time. It will also be closely integrated with WordPress.com. On the invitation-only beta signup page, the service costs $20 monthly. It also classifies users into personal, pro-blogger, small business, and enterprise.
WordPress is once again participating in the annual Google Summer of Code, whose application period just opened. For the unfamiliar, GSoC gives initiatives for student developers to work on open source projects (such as WordPress) in preparation for their foray into real-world software development.
Here is this year’s list of ideas for WordPress:
- Blog Import/Export
- User Roles
- Template Versioning
- Comment Moderation
- Move WordPress
- Enhance Profiles.WordPress.org
The WP GSoC also gathers some of the biggest names in the community to act as mentors to the participants. IRC chats will be held on March 31, April 3, and April 7 to interact with them.
Gravatar took a big step over the weekend and announced support for public profiles, going from an avatar service to a business card and social network service in an instant.
Thanks to Automattic’s acquisition of Gravatar a few years back, WordPress.com users can enjoy editing their Gravatar profiles right within their dashboards. For everyone else, it’s just a matter of logging into Gravatar and going to My Account > Edit My Profile. There you can add your personal details and link up other web services and sites.
I think this is a great way to add value to Gravatar’s original premise that doesn’t sound too ambitious, but who knows what they’ll think of next!
Aside from his theme Kirby becoming the basis for 2010, the next default WordPress theme, Ian Stewart has announced that he joined Automattic as its new Theme Wrangler. Aside from this, he shared news that a “Theme Team” is being formed and that his own site, ThemeShaper, will be its home.
ThemeShaper will become a public-facing blog for the Theme Team now assembling at Automattic. A place where we can help provide the best possible experience for everyone involved in WordPress theming; from the noobiest of beginners to the most powerful of WordPress wizards.
The state of WordPress theme development has made leaps and bounds in the past few years, so it’s great to see an even bolder step taken with Ian and the Theme Team.
Another prominent contributor to the WordPress community got picked up. Viper007Bond, known for his plugins like Viper’s Video Quicktags and YOURLS, also announced that he’s joining Automattic full-time. He didn’t, however, mention any special plans on the plugin development front, but it makes sense for that to come along later on.
PubSubHubbub or PuSH is a new protocol that makes publishing go real-time: instead of readers like Google Reader or Netvibes checking a website RSS or Atom feed every so often for new content, PubSubHubbub “pushes” the new content into the stream as soon as it is published. That feature has been enabled on all WordPress.com blogs.
WordPress.org users can also enjoy PubSubHubbub with the PuSHPress plugin available in the Plugins Directory. This turns your WP blog into a hub of its own that can send updates directly, without going through another hub.
The biggest roadblocks to adopting social network software BuddyPress have finally been eliminated. With the latest version 1.2 coming out, you can now install BuddyPress on WordPress and not just WordPress MU. That goes for any WP version. Consider this the official way to run BP following this one.
Another highlight of this release is a quicker, simpler installation process: just 3 steps detailed in the download page. Simply add BuddyPress from your plugins page and activate a theme for it.
Probably the most exciting part of this release is a new default theme, which you can see running on the official site and the BuddyPress Test Drive site. BP is looking cleaner and more flexible than ever—you can create child themes with BP too.
WordPress 2.9.2 fixes a bug that lets logged in users see trashed posts created by other authors. It’s not a very urgent update, only to whose who find the Trash bug an inconvenience, but it’s still wise to download the latest version whenever you can. This should give you ample time to backup first.
It was only a matter of time before WordPress released an official app for the Android platform, and now it’s here. WordPress for Android is based on wpToGo, and now version 1.0 is available in the Android Market. It works for both WordPress.org and WordPress.com blogs and lets you work with posts, pages, and comments on the go.
Features include the ability to:
- Configure and manage multiple blogs
- Comment moderation including the ability to reply to comments
- Create and Edit Posts including categories, tags and photos
- Create and Edit Pages
- Get notified of new comments in the Android notification bar
Over at the WordPress Development Updates blog, there’s an alpha preview of the Menu Management user interface that will be included in WordPress 3.0. Here’s the video:
Here’s a quick preview of the new menu management admin page (still alpha stage).
It highlights the dropdown section, which is the only unfamiliar element. All the rest are borrowed from the widget management screen.
Feedback on the UI is very welcome, either here, or on the dedicated ticket: #11817.
As mentioned in the post by Scribu, the interface is similar to the Widgets page. You can select either a page or a category from its respective dropdown menus, and when clicked it gets sent to the active menu panel on the right. There you can reorder the items. You can also add specific links and the Home link.
This feature can’t come soon enough! People tend to “hack” together site navigation menus in WP themes and for ordinary users editing them is a pain. Making WordPress features more usable through new interfaces like this is always a good thing.
Got feedback or want to keep up with this upcoming WP feature? Bookmark this Trac page.
The WordPress Foundation has just been launched. It’s inspired by the likes of the Mozilla Foundation, and aims to preserve, protect, and educate with the WordPress platform and related projects.
The WordPress Foundation is a charitable organization founded by Matt Mullenweg to further the mission of the WordPress open source project: to democratize publishing through Open Source, GPL software.
Aside from this great milestone for WordPress and its community, it’s worth noting that the new site runs on a develoment version of WP 3.0 and the next default theme, 2010. Check it out!
It’s no secret that a major design change is coming to this year’s WordPress development cycles in the form of a new default WordPress theme, but that’s not all. Jane Wells has announced plans for all things design—open source design, that is:
- Creation of the wp-ui mailing list for design-related updates
- Return of the design challenges that have determined the look and feel of the WordPress admin interface in the past
- Mobilization of a distributed Usability Testing group
- Creation of the #wordpress-ui chatroom on irc.freenode.com and setup of a weekly chat as with #wordpress-dev
- Launching of the WordPress UI/UX blog
While I’m surprised all these things haven’t been set up sooner, I’m excited that design and usability are finally getting the attention they deserve—makes you wonder how WordPress got to be so beautiful without all these in place yet.
Between this, WordPress 3.0, and WordPress Multi Site, it looks like 2010 is a packed year for WordPress! There are so many things to do and lots of volunteer work is needed, so if you can find your niche in the community, why not contribute?
WPVibe has an exclusive interview with Automattic’s CEO, Toni Schneider. We get a look at how this telecommute-friendly company gets things done (P2, IRC, and Skype), a bit of WordPress.com talk, and Toni’s personal life.
What is one thing you’ve learned while being at Automattic that has made you a better CEO?
A brand new thing that I had never done before was figuring out how to build a distributed company, where team members work from places all over the world. That’s been a great learning experience for me. I love how much personal freedom the distributed model gives people. One of our “Automatticians” told us just yesterday that he is going to Chile for 40 days. He has rented an apartment and will work from there. That’s the kind of thing you can do in a distributed organization. The challenge is to create a sense of teamwork and common purpose despite being spread so far apart.
And here are some amazing figures for Automattic’s other services:
- 1 billion avatar requests on Gravatar every day
- 220 million visitors on WordPress.com every month
- 117 million people reached by PollDaddy every month
A lot of times we more closely associate the WordPress project with just-turned-26 Matt Mullenweg, and while is is the founder after all, it’s great to get to know other members of team Automattic.
The road to the merger has begun. And the first step is a pretty major one: WordPress Multi User (WPMU) has now been renamed to WordPress Multi Site (WPMS). I mentioned in a previous post that the WPMU term “multi-user” in the context of a typical WordPress install could be confusing, so it’s great that they got this out of the way immediately. “Multi-site” is much better.
Another major change that’s been made: the old WPMU term “Site Admin” has also been renamed to “Super Admin”—again, to erase confusion between WordPress single-user and multi-site jargon.
These and other important topics were discussed in the January 7 WordPress Dev Chat on IRC, and WordPress Tavern has a fantastic report on it. Some tidbits:
- There is no ETA on WordPress 3.0 yet
MUMS 2.9.1 is just around the corner
- Work on The Merge has begun
- Canonical plugins “need a community of developers like the core to survive”
- Priorities for WordPress 3.0 include: The Merge, menus, custom post types, the new default theme, core plugin integration; Media “will not happen” in said version
- WordPress.org will be redesigned starting “sometime in late February”
Exciting times for the future of WordPress, and it’s all happening this 2010!
Between the recently discovered hack to access WordPress.com via the Twitter API and Hootsuite now supporting it, using 3rd-party applications with WP.com is hotter than ever. Which is why you should check out the just-launched Apps for WordPress.com page.
In there are familiar faces like the iPhone and Blackberry apps, as well as popular software for the desktop, but what’s notable is the presence of microblogging apps Spaz, Tweetie, Twitterrific, and Hootsuite. What were once limited for Twittering have now expanded into other networks such as Facebook, FriendFeed, and now WordPress.com.
If you think blogging is dead because these microblogging services have taken over, think again! Let WP.com join the fray and let you take publishing everywhere.
A beta and release candidate later, WordPress 2.9.1 is finally out. It addresses several issues including errors with cron, pingbacks, and scheduled posts. The entire list of fixes can be viewed here.
If you still have reservations about moving up to WP 2.9, this release should stabilize the upgrade now.
Download WordPress 2.9.1 or upgrade from within your admin panel. Interesting fact: WP 2.9 has passed one million downloads already!
Here’s an odd but fascinating hack discovered by Team 55 at the WP Quebec meetup: using the Twitter API, you can read and publish posts on WordPress.com from your iPhone! Matt Mullenweg explains step by step in this article. Pretty much any third-party Twitter client is okay; the key is to change the API URL to
twitter-api.wordpress.com and then you can log in using your WordPress.com account.
Instead of following users you will follow blogs. Refer to them by their domain names (e.g. matt.wordpress.com). Support for replies and retweets will be added soon.
When you post a status update using our Twitter API, the update will appear on your blog. (If you have more than one blog you can choose which one gets the updates. The option is in your profile.)
Read more about this here. Matt also announced that they plan to release a WordPress MU plugin for this, so stay tuned for that one.
Even during Christmastime the WordPress team is hard at work planning for the next version of WordPress. Version 3.0 will definitely be a big release with the merging of WordPress MU into the core, but they’d also like to map out as early as now other features to be included.
Easy blog menu management, dynamic image resize/crop, media upload UI redesign (begun in 2.9 but postponed for implementation due to technical issues), photo albums, custom content type UI and API, supercharging queries (cross-taxonomies), categories/tags for pages, auto-taxonomy UI, custom fields UI (possibly to be registered by themes or plugins for something to be displayed), settings UI redesign, improve the upgrade process (inc. distros for specific use types), SVN awareness, canonical plugins and a UI for displaying them, plugin page redesign, themes UI redesign, comments UI touchup, decouple language updates and files, new default theme, choose your own start page, caps lock detection, accessibility admin theme, mobile admin theme, synching custom fields > taxonomies, exif refresh, role management simplification, credits page in app, default custom types (microblog, galleries, asides), admin bar, front end comment moderation, front end posting (a la P2), better importers, widget installer, importer installer, more inline documentation, built-in “Welcome to WordPress” guide for 1st time admin use/checklist (set settings, add profiles, set up comment options, dashboard modules, add widgets, pick a theme, etc) with ability to dismiss as you move through, better help tab, more template tags, better zone selector, new code editor, XSL for RSS feeds (pretty feeds), bulk user creation (lazy load importer?), below post widgets, image importing, HTML validation, customizable comment form, Twitter and Flickr importers, WordPress capitalization catcher, configurable QuickPress configurable (add categories), more dashboard modules, easy linking to internal content when writing new content in editor, audit of error messages and updating them to be clearer revisions for custom fields and taxonomies… the list is endless, really, because there are so many cool things we could do. But which ones *should* we do? And specifically, which should we do in 3.0? Discuss!
Whew, what a huge (and not so readable) list! The important thing is to figure out what should go into the core and what can be better served as a plugin. Discuss it in this thread. And if you’re interested in joining the weekly IRC chat, the topic for the next one will be the same. It’s great to see that no time is wasted looking ahead and to the next iteration of WordPress.
Good news for WordPress users looking to unleash the typography aficionado within: custom font embedding service TypeKit has released support for all flavors of WordPress.
For WordPress.com, it’s already built in:
Log into your WordPress dashboard and click on Appearance in the left-hand navbar. There, you’ll find “Typekit Fonts” with a place to add your Kit ID (available under “Embed Code” in the Typekit Editor). That’s it — you’re ready to go. You can choose fonts from our rapidly growing library to add them to any of the WordPress themes to give your blog a distinct look.
For WordPress.org, there are a couple of plugins you can use from the official directory.
For WordPress MU, there’s a special plugin you can use as well.
This is great news for both the web design and blogging communities: through plugins and integration with TypeKit it’s now a lot easier to incorporate the next big thing in creating more beautiful websites.
WordPress 2.9 is finally here! Just days after the first release candidate comes out, the final version of the much-awaited WordPress upgrade has arrived. Looks like Christmas came early this year.
WP 2.9 been dubbed “Carmen” after jazz vocalist Carmen McRae, and is the most feature-packed upgrade to date. The most popular mentioned are: the Trash, a built-in image editor, batch plugin updating and compatibility checking, and easier video embeds using oEmbed. The whole list is detailed in the Trac, of course.
Backup and upgrade now!
WordPres 2.9 RC 1 is out. And you know what that means: it’s only a matter of time before the final version comes out. The dev team tells us that there are a couple of things we can do to get ready when 2.9 finally drops: check out the latest features as listed in the Codex, and contribute to the plugin compatibility checker.
Changes since the beta releases are listed here.
Here’s an introductory video that tells the tale of the recently held WordPress core team meetup, which lasted for 3 days. Some of the biggest names in the WP community are featured: Andrew Ozz, Mark Jaquith, Jane Wells, Peter Westwood, Ryan Boren, Matt Mullenweg.
And here’s the list of topics they covered in the meetup:
Topics: Direction for the coming year(s), canonical plugins, social i18n for plugins, plugin salvage (like UDRP for abandoned plugins), WordPress/MU merge, default themes, CMS functionality (custom taxonomies, types, statuses, queries), cross-content taxonomy, media functions and UI, community “levels” based on activity, defining scope of releases, site menu management, communications within the community, lessons learned from past releases, mentorship programs, Trac issues, wordpress.org redesign, documentation, community code of conduct.
As you can see from above, there are tons of exciting things going on with the WordPress project right now, not just with developing new features for future versions, but also on improving the WordPress community as a whole. More than talk of new features, it’s even better to know that one of the strongest aspects that makes WordPress what it is today is not forgotten but brought to the forefront. Onward with the community, WP!
Between the integrating of WPMU into the WordPress core and this development, it seems that the Automattic and the rest of the development team is pushing WordPress as the end-all, be-all publishing platform on the web. It will definitely be much easier to persuade site owners to choose bbPress as their forum software over third-party brands like vBulletin, or third-party plugins like SimplePress. And of course, it will also be exciting to see how bbPress can tap into the core features of WordPress.
Over at the WordPress Development blog, a poll is being held to see which term the community prefers to call “canonical” plugins, which are developed closely with the WordPress core.
Canonical plugins would be plugins that are community developed (multiple developers, not just one person) and address the most popular functionality requests with superlative execution. These plugins would be GPL and live in the WordPress.org repo, and would be developed in close connection with WordPress core. There would be a very strong relationship between core and these plugins that ensured that a) the plugin code would be secure and the best possible example of coding standards, and b) that new versions of WordPress would be tested against these plugins prior to release to ensure compatibility. There would be a screen within the Plugins section of the WordPress admin to feature these canonical plugins as a kind of Editor’s Choice or Verified guarantee. These plugins would be a true extension of core WordPress in terms of compatibility, security and support.
The issue is that the term “canonical” may be confusing for a lot of people, so the development team would like to know if there’s a better suited name for this class of plugins. Voting ends on December 10 at 11:59pm UTC time.
I’m more excited, though, about the actual existence of these plugins because they’re setting high standards for the WordPress project. More importantly, they address the issue of how many features should go into the WordPress core before it succumbs to bloat, if it hasn’t already.
I’d love to see examples of such plugins in the coming days. They could be things we’ve already installed on our WordPress sites, or cool new ideas we’d find useful all the same.
Donncha O’Caoimh writes about what might be the last merging of code from WordPress (2.9 beta 1) to the WordPress MU (2.8.6) Trunk. He writes later on in a comment that WP MU will merge with WP in version 3.0:
It’s probably the last big merge because WP and MU will be merged in WordPress 3.0
He’s talked about it before but now another confirmation of the WP version to look forward to when this merge happens. Since we’re still waiting for version 2.9 to come out though, the date for the next release will take a while. In any case, a good heads-up for those running WP MU or planning to.
If you’re running beta 1 already, just auto-upgrade from with your WP admin panel.
There’s been some buzz going on in the WordPress community about Matt Mullenweg’s recent appearance at the Microsoft Professional Developer Conference, where talk of its cloud computing platform, Windows Azure, powering WordPress.com blogs. Which is surprising, considering the WordPress project is a strong advocate of open source, while the Windows platform is proprietary.
Automattic founder and CEO Matt Mullenweg took the stage with Ozzie to talk about why he chose to use Azure for distributed hosting for WordPress and the millions of blogs its customers have online. Automattic is known as a strong advocate of Open Source technology. Mullenweg has built WordPress to run primarily atop Open Source software such as the Linux operating system, the MySQL database and the Apache Web server. Yet there he was onstage with Ozzie plugging Microsoft. Huh?
But Matt clears things up today in this blog post, saying he wants to show how WordPress can run on both open source and proprietary software, and that now includes the Azure platform.
What did you announce about WordPress at Microsoft PDC 09?
As part of the introduction of the Windows Azure platform, we announced that self-hosted WordPress can be run in an Azure environment on an open source stack of Apache, MySQL, and PHP. Showing MySQL in particular at a Microsoft conference was unusual.
He also emphasizes in the post that WordPress.com is not migrating to Azure.
Are you moving WordPress.com to Azure?
No. WordPress.com, which is Automattic’s hosted blogging service, is going to stay on its existing infrastructure. Martin Cron from the Cheezburger Network launched a new blog Oddly Specific on Azure, which some people confused with Automattic.
It’s great that Microsoft and Automattic, proprietary and open source advocates, can work things out like this. And the more ways that WordPress can be run, the better.
And the road to WordPress 2.9 begins. WP 2.9 beta 1 is out.
It’s also the best way to check out what’s new, but if you can’t be bothered with a mere beta version yet, at least take this as an early heads up that you’ll be upgrading soon enough. So get ready!
Going local is one of the hottest technologies on the Web today, and on WordPress.com, you can now geotag your blog posts and profile.
Interested in reading blogs by other people in your area? A quick search will find them, and in the future could even be used to organize local WordPress.com user meetups. […] Geotagged posts get marked up with the geo microformat, geo.position and ICBM meta tags, and GeoRSS and W3C geodata in feeds.
The featureset is pretty modest right now but Jane Wells spells out the possibilities coming near you:
This is just the beginning. Building on this platform, we’ll gradually roll out more geotagging features, such as showing the location of your commenters, the location of poll votes, a live map view of blog updates on WordPress.com, or an annual report showing you where your posts were written and where your comments came from — kind of a blogger’s version of the Dopplr annual travel report.
That will definitely up the WordPress coolness factor even more. For more information, visit the geotagging support page. Using a self-hosted WordPress version? There are plenty of plugins out there for geotagging.
WordPress 2.8.6 is another important security release that tackles vulnerabilities in the Press This bookmarklet and upload file names.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
We’ve talked about WordPress 2.9 quite a bit already, but Aaron Brazell of Technosailor has a comprehensive list of new features and things to expect when that upgrade notice arrives on your dashboard. He classifies each item according area: themes, plugins, users, and system.
Another important thing to note is that in WordPress 3.0, running PHP 5 will be a requirement. That’s not until a several months from now, but it’s good to be ready.
Weblog Tools Collection reports on the recently agreed upon move to modify the default blog post that comes with every new WordPress installation, the one entitled “Hello world!” People on the WordPress Hackers mailing list thought it would be better to add more meaningful information and links on the starting post, which serves as a welcome mat to every new WordPress user.
A draft of the post’s contents can be viewed here, and will be integrated come WordPress version 2.9. Super convenient!
Here’s another new feature coming in WordPress 2.9 that will make maintaining your blog a lot easier. You can now upgrade multiple plugins that have updates available all at once. No need to go through them one at a time. A welcome improvement for WordPress sites of all sizes. Visit WP Engineer for a screenshot of the feature.
There are few details yet but it’s great that we’re getting news about all these new improvements to WordPress before it comes out, so we know what to expect.
Want to keep up with or contribute to the future plans for bbPress? Matt Mullenweg started a thread about it:
A few people have reached out to me and I just wanted to let everyone know that bbPress is still an important project for the WP community. (It powers our forums and plugin directory, for one thing!) It’s not going away.
Strategically the most important thing we need to figure out is how to integrate bbPress better with WP more for people who want that — right now it’s easier to use one of the WP plugins for forums than bbPress.
As to where bbPress goes in the future, I’d be curious to hear who wants to help with that. The world is our oyster.
Right now bbPress isn’t enjoying the same popularity and feature set as the other forum software out there, but it has potential especially since it has close ties with WordPress. People working on WP-powered sites should look into bbPress and possibly even contribute to its development.
WordPress plugins listed at WordPress.org’s official plugin directory now have a new feature for compatibility checking. It uses the naturally-helpful WordPress community to gather statistics on how compatible a plugin is for a certain WordPress version. Weblog Tools Collection reports:
Normally, the plugin information within the FYI box tells you which version of WordPress is required and which version the plugin is compatible up to. Unfortunately, the version the plugin is compatible up to is not updated that often which is why some plugins which state that they only work up to WordPress 2.5 end up working with the latest release.
[…] The beauty of this system is that it leverages the community in order to figure out what works with what. However, just because it works for the majority of users is no guarantee it will work on your particular setup. But using these statistics, it should make it easier to figure out whether the issue is with the plugin and WordPress or with your setup.
One of the biggest fears users have when it comes time to upgrade WordPress is whether their plugins will work on the newest version or not. There are a large handful of people who upgrade to the latest version of WordPress as soon as it’s released and the hope is, these folks will visit the plugin page and report their findings for others to take advantage of. If more users see that their plugins work on the newest version, they are more likely to upgrade.
It’s not yet on all plugins, and it doesn’t appear yet inside details screen when you install from within your WP admin, but expect that to change soon. After all, this feature is still in beta.
But the biggest advantage, as WLTC notes in the last paragraph above, is key here. WordPress-powered sites often stay outdated and unable to fight off security attacks because their owners fear for incompatible plugins breaking their site. This checker should help quell those fears. And of course, this is a great incentive to make sure you’re grabbing plugins from the most legitimate source out there.
WordPress.com users can now serve mobile versions of their blogs thanks to modified version of WPtouch and WordPress Mobile Edition. People with more capable mobile browsers, such as iPhones and Android-based phones will use the first theme, while other mobile devices will use the second theme.
Mobile visitors greeted by WPtouch will get easy access to posts, pages, and archives. They’ll get fancy AJAX commenting and post loading. If you are using a custom header image, it will be scaled to size and displayed at the top of your blog. When viewing your blog on other phones, the focus will be on loading the blog quickly while displaying the important information about your content.
More details about the mobile themes here.
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
The WordPress team also recommends users to install the WordPress Exploit Scanner plugin, which you can download here.
Here’s another great feature coming up in WordPress 2.9: easy media embedding using just the URL of the photo or video you want to place in your blog posts.
The catch is the URLs must be enclosed in
shortcodes, and that the media must come from one of the predefined media providers: YouTube, Blip.tv, Flickr, Hulu, Viddler, Qik.com, Revision3, Google Video, PollDaddy, DailyMotion.
Of course, there are methods for adding more providers: using (a)
wp_oembed_addprovider() function for oEmbed-compatible website and (b) defining a handler/callback function that checks the URL and generates the necessary embed code in its place.
wp_expand_dimensions() lets you resize the media to the largest dimensions possible given an example width-height ratio.
Read more about these in Viper007Bond’s post.
In WordPress 2.9, users will now be able to set a representative image per post, one of the most popular features found in advanced or premium WP themes.
The image can be added via the function
the_post_image(), with possible parameters
'thumbnail' to indicate the size.
I’m still on the fence about this. On the one hand it’s one of the biggest things that’s missing in in the WordPress core for anybody who wants to transform their websites to more than just a blog. But on the other hand other smart solutions, like the Get the Image plugin, exist. I would love to see
the_post_image() expand its feature set to extract the first uploaded image within the post automatically, and provide the option of setting that as the featured image for that post.
WordPress.com users have yet another fascinating new feature to play with that will bring blogging straight into the real-time era. Using a Jabber- and XMPP-based instant messaging (IM) client, you can post and subscribe to WordPress.com blogs, and it all happens inside chat windows. The video below explains how to get started:
At im.wordpress.com we have been experimenting with instant delivery of blog posts and comments. We started by providing a firehose for our partners but that was only the beginning. Now you can subscribe to WordPress.com blogs in your Jabber IM client and receive posts and comments the instant they are published. It is also possible to post to blogs from the chat client. In time we plan to add these real-time features to web pages. Soon the conversations on blogs will be as fast as chat rooms.
Read more about Real-Time Blogs using im.wordpress.com here.