An “ultimate” WP 2.8 optimization guide

November 30, 2009 | No Comments Yet

Still on the subject of keeping your WordPress site in tip-top shape, StoreCrowd has compiled the Ultimate WordPress 2.8 Optimization Guide. It’s a long list of code snippets, plugins, tools, and tips to improve the performance of your blog. For example:

Use a CDN or Subdomain for Static Files
Serving all your images from the same domain can means that your browser is waiting to download all the items one after the other. Lets say you have 12 items, if you split these out across 3 subdomains then they can be downloaded concurrently (as there’s 3 sources), instead of the browser waiting to download them from one source.

Check it out!

Leave a Comment | Tags: , , , ,

WordPress 2.8.6

November 13, 2009 | No Comments Yet

WordPress 2.8.6 is another important security release that tackles vulnerabilities in the Press This bookmarklet and upload file names.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Upgrade now!

Leave a Comment | Tags: , , , , , , ,

WordPress 2.8.5

October 21, 2009 | No Comments Yet

WordPress has come out with yet another security upgrade (they call it a “hardening release”), notably in line with this trackback-related 0-day exploit.

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.

The WordPress team also recommends users to install the WordPress Exploit Scanner plugin, which you can download here.

Leave a Comment | Tags: , , , , , ,

WordPress 2.8.4

August 12, 2009 | No Comments Yet

As expected, Automattic promptly released WordPress 2.8.4, a security update to the previously mentioned remote admin password reset vulnerability.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Whether you’ve patched your WP installation as instructed or not, better grab this upgrade immediately. As always, backup before doing so!

Leave a Comment | Tags: , , , , , , , , ,

WordPress 2.8.3

August 4, 2009 | No Comments Yet

WordPress 2.8.3 just dropped last night. It fixes several security issues that were overlooked with the WP 2.8.1 release, pointed out by several members of the WordPress community. Don’t you love it when everybody helps out?

Download the latest version now or upgrade automatically from your admin panel.

Leave a Comment | Tags: , , , , , ,

WordPress 2.8 sends pings by the hour, not instantly

July 21, 2009 | No Comments Yet

Update (07/22/09): “The delay in ping will change back to direct ping in WordPress 2.8.3.” As posted here.

Curious discovery from En Sur Karamell: changes have been made in WordPress 2.8 to the way pingbacks are being sent. Instead of immediate, real-time notifications pings are now being batch queued by the hour. The post points to the specific code which does so.

To fix the problem you can always modify the code or use MaxBlogPress Optimizer (requires signing up to the developers mailing list), but the question is if the WP development team should’ve announced this change.

For people who don’t really need the real-time benefit of pingbacks, this shouldn’t matter, and can enjoy the optimization this feature change provides. But most blogs don’t really send that many pings, do they? And the author of the blog post argues that now, more than ever, should we be embracing the Real-Time Web—why should WordPress take one step back?

Leave a Comment | Tags: , , , , ,

WordPress 2.8.2

July 20, 2009 | No Comments Yet

WordPress 2.8.2 is an important security update that addresses an XSS vulnerability with unsanitized comment author URLs. No betas or release candidates came out before this version, but upgrade away! The notice should already be up in your WordPress admin panel.

Leave a Comment | Tags: , , , , , , , ,

WordPress 2.8.1 Release Candidate 1 & WordPress 2.9 Media features poll

July 9, 2009 | No Comments Yet

WordPress 2.8.1 is almost good to go with Release Candidate 1. Check out the changes since the last revision (which is beta 2).

On the WordPress 2.9 front, Automattic is holding another community poll, this time with regard to the media manager.

Last Wednesday, the core development team and a number of contributing developers met in the IRC #wordpress-dev channel to talk about which features should be included in version 2.9, which is now entering the development phase. We’ve been planning to focus on media features in 2.9 for some time, and unsurprisingly, it was media features that dominated the discussion.* A large percentage of the requests we get from users are for more/better media features, so we’ve decided to focus 2.9 on building an infrastructure for improved media handling that we can continue to build on in versions to come. In that vein, we need your input to determine which features to prioritize and build sooner rather than later.

There are a whole lot of suggested new features, so choose wisely! WordPress is well on its way to becoming a heavy-duty media management machine, and it’s all up to you. Poll permalink is here. Voting ends on July 10 at midnight, UTC time.

Leave a Comment | Tags: , , , , , , ,

bbPress 1.0

July 6, 2009 | No Comments Yet

Version 1.0 (codename “Bechet”) of WordPress sister forum software bbPress has finally been released. The biggest achievement in this milestone is associating itself more closely with the WordPress family through familiar WP features we all know and love:

  • Single sign-on from WordPress 2.7/2.8 to bbPress is now supported
  • Forum posts can now receive pingbacks and trackbacks
  • Themes now support the functions.php file
  • The administration panel has been redesigned to look more like the familiar WP dashboard

If you’ve been holding back on using bbPress, there’s no better time to try it than now!

Download bbPress 1.0

Leave a Comment | Tags: , , , , , , , , , ,

WordPress 2.8.1 Beta 2

June 29, 2009 | No Comments Yet

The second beta of WordPress 2.8.1 is already out. This comes just days after the download counter for WordPress 2.8 crosses 1 million, just 12 days!

The list of bug fixes in this beta are mentioned here.

Download WordPress 2.8.1 Beta 2

Leave a Comment | Tags: , , , , , , , ,

WordPress 2.8.1 Beta 1

June 22, 2009 | No Comments Yet

Almost two weeks after the big release comes the first beta of WordPress 2.8.1. The bug fixes are listed here, which includes memory fixes and added security.

Instructions for upgrading from WordPress 2.8 to WordPress 2.8.1 beta 1 can be found here. If you still haven’t upgraded to WordPress 2.8 and are more of a cautious user, you might want to wait until WP 2.8.1 comes out.

Leave a Comment | Tags: , , , , , , ,

WordPress 2.8

June 11, 2009 | No Comments Yet

Six months after the release of the previous version comes WordPress 2.8 codename “Baker”, with the slogan “cool, smoother, simpler blogging”. Matt writes that the latest version is a nice fit and finish release for WordPress with improvements to themes, widgets, taxonomies, and overall speed:

  • Load pages, particularly styles and scripts, faster
  • Browse and install themes from the Theme Directory from the WordPress dashboard (just like plugins)
  • Edit theme and plugin code with syntax highlighting using the CodePress editor
  • Enjoy more user-friendly Widgets with a revamp of its interface
  • Use Screen Options to every page in the dashboard
  • And more!

Backup your database and files then hit “update now” in your dashboard. Don’t forget to check out the video above!

Leave a Comment | Tags: , , , , , , , ,

WordPress 2.8 Release Candidate 1

June 8, 2009 | No Comments Yet

Almost there folks! WordPress 2.8 now has a release candidate available for download. Check out the changelog for a list of modifications since beta 2. It’s June 8 and only a couple of days left before the final version ships.

According to the announcement, “With Release Candidate 1, we think WordPress 2.8 is ready and complete.” Will you hold out until then, or grab this one anyway?

Leave a Comment | Tags: , , , , ,

What’s new with WordPress 2.8

June 5, 2009 | No Comments Yet

Here’s another post that checks out some of the new features in WordPress 2.8. If you’ll go through the comprehensive write-up, you’ll observe that a lot of the improvements lean toward usability, accessibility, and performance optimization, which in turn improve one’s overall experience with WordPress. Example:

JavaScript files properly registered via the appropriate script API can now be placed at the bottom of the page. In most cases this is preferable, because JavaScript blocks parallel downloads (browsers need to evaluate it before proceeding) and can delay the time by which a page is usable and also the time by which the rendering is complete. So, unless a JavaScript file needs to be at the top, it can be moved to the bottom for better performance.

Check out the rest here.

Leave a Comment | Tags: , , , , ,

Important announcements from the #wordpress-dev IRC meetup

June 4, 2009 | No Comments Yet

A few heads-up announcements regarding the future of WordPress development at the #wordpress-dev IRC meetup:

  • WordPress 2.8 target release date is June 10, next week.
  • WordPress 2.9 will require MySQL 4.1.2. (Might be good to start contacting your webhost this early to see if yours is compatible, or can be made compatible within the coming months.)
  • Upgrading to PHP 5 from PHP 4 is highly recommended and will pushed for in the future WordPress upgrader. (Another thing to ask your webhost about.)
  • In case you want to check out the IRC meetup, they’re held weekly every Wednesday at 9 pm UTC.

Very useful information to help you prepare for future versions of WordPress. Although WP is pretty easy to deal with when it comes to web hosting requirements, it doesn’t hurt to know about these things even if you’re an ordinary blogger.

Leave a Comment | Tags: , , , , , , , ,

WordCamp SF State of the Word and Q&A with Matt Mullenweg

June 3, 2009 | No Comments Yet

Aside from the merging of and WordPress MU, many other announcements were made during WordCamp San Francisco’s State of the Word, delivered of course by Matt Mullenweg. Check out the summary posted by The WordCamp Report, including this Q&A.

Some highlights:

  • Lots of changes that caused “minor revolutions”: return of Quick Post, threaded comments, 1-click upgrades, etc.
  • WordPress core focuses on speed and simplicity, then “let the people do whatever they want”
  • WordPress themes and the GPL still a big issue
  • WordPress is the fastest growing skill on Elance
  • WordPress 2.8: coming soon! New features: rewritten Widgets, theme directory built into admin, CodePress syntax editor, multiple galleries per page, per page options for plugins, improved language support
  • WordPress 2.9 to focus on under-the-hood improvements

For more links, catch this round up by Weblog Tools Collection.

Leave a Comment | Tags: , , , , , , , ,

7 reasons to get excited over WordPress 2.8

May 29, 2009 | No Comments Yet

Clint Maher lists 7 reasons we should look forward to WordPress 2.8. Search for and install themes within the WordPress admin, manage tags more easily, customize the dashboard components, and so on.

Of course there are many other new features in WP 2.8, including under-the-hood improvements most users won’t notice, so why not give the beta version a spin? Just make sure you’re either in a testing environment or all your files are properly backed up if you’re using it live.

Leave a Comment | Tags: , ,

How to set dynamic body IDs/classes in WordPress

May 28, 2009 | No Comments Yet

Perishable Press lists 9 different ways you can “label” your <body> element using PHP and WordPress—very useful for development themes with special features depending on where you are in a WP site. A lot of them are derived from theme development experts and popular theme frameworks like the WordPress Sandbox.

The 9th way must be mentioned here: when WordPress 2.8 comes out, things will become much easier since it now has the body_class() function. More info about that here (since there’s no page on the Codex for it yet).

Leave a Comment | Tags: , , ,

How to create Widgets in WordPress 2.8

May 27, 2009 | No Comments Yet

Justin Tadlock has a nice tutorial on the new way to create WordPress Widgets in WP 2.8. You might remember that in the upcoming version of WordPress the admin interface for Widgets has been revamped, but the method of developing Widgets has been updated as well.

In this tutorial, I’ll walk you through the steps of setting up a widget, its settings form, and displaying it on your site. At the end of the tutorial, you can download an example plugin to build from. Of course, you can apply this to your themes as well.

According to him, coding a widget is much easier this time because you just have to extend the WP_Widget class. The tutorial also gets into advanced widget controls and display settings.

Leave a Comment | Tags: , , ,

WordPress 2.8 Beta 2

May 25, 2009 | No Comments Yet

WordPress 2.8 Beta 2 is out. You can check out the changes made since the first came out here. But as always, the Codex is your reference for the major changes since 2.7.

Download WordPress 2.8 beta 2

Leave a Comment | Tags: , , , , ,

WordPress 2.8 Beta 1

May 18, 2009 | No Comments Yet

WordPress 2.8 is coming! Technically, it’s already arrived with the release of this first beta. If you’ve been absolutely impatient about it, download away. If not, you can wait a few more days until it hits gold.

The latest features of WordPress 2.8 are documented here. Lots of admin improvements and hopefully, few additional features that will break existing themes and plugins.

Download WordPress 2.8 beta 1

Leave a Comment | Tags: , , , , ,

New WordPress 2.8 Widgets interface

April 27, 2009 | 2 Comments

Jeff Chandler of WPTavern takes a look at the new Widgets interface in the upcoming WordPress 2.8:

Just as I had hoped for, the system works like a cross between 2.3 and 2.5 leaning more towards 2.3. On the left, you have a listing of available widgets. On the right, you have sidebars available where you drag widgets from the left, to the right, just like it worked in WordPress 2.3. However, there are a few differences.

While in the latest version you had to switch between sidebars (if you have multiple ones) using a dropdown menu to add or remove widgets, in the new version all the sidebars show up. This is much more convenient because you get to see which widgets you’ve already used and which ones you’ve not. But you can reuse widgets all the same.

Looking forward to more improvements such as this in WordPress 2.8!

Leave a Comment | Tags: , ,

Super-Awesome WordPress 24-Hour Has-Patch Marathon

April 14, 2009 | No Comments Yet

The WordPress developers are inviting everyone to help contribue to the lower-priority open tickets for WP 2.8 in a 24-hour marathon starting April 16 at 8am Pacific time.

To keep things moving, we’re announcing a new kind of event, related to bug hunts, but with a different slant. We need a sprint to clear out these tickets. Thursday is the day (and Friday for those over the date line). Core devs will spend 24 hours going through all the tickets tagged with has-patch, and committing those that have been tested and work. So how can you get in on the Super-Awesome WordPress 24-Hour Has-Patch Marathon?

Write a patch. There are dozens of tickets for discrete little pieces of correction (change … to actual ellipses in admin interface, change the ‘go back’ link to a ‘view page’ link, etc.), dozens that are browser-specific bugs, dozens that might be more challenging. Pick the one you want to work on, add a comment to the thread so other marathon contributors know someone is working on it, and get the patch submitted before the marathon ends. If you start coding now, your patch could be in by the weekend!

Test a patch. There are, as of right now, 177 tickets marked with has-patch. Patches can’t be committed until they’ve been thoroughly tested. If you’re already running the nightly build start testing out these patches in as many operating system/browser combinations as you have. Only have one? Hey, it’s probably more than has been tested already! If you’re not already running the nightly build, you can download it here to set up a test blog. Don’t forget to add what you found to the comment thread for each ticket. If it doesn’t work, be specific about what is not working so that others can jump in and fix it.

Check out all the tickets tagged as has-patch here. Great way to help out with the devs without committing too much of one’s time.

Leave a Comment | Tags: , , , , ,

WordPress 2.8 feature ranking survey

December 24, 2008 | No Comments Yet

With over 600,000 thousands in just a few weeks, WordPress 2.7 is a sure hit. And that success has a lot to do with the active participation of its community.

Automattic continues to acknowledge this, and they are moving on to develop for the next version of WP, they’re enlisting our help once more in deciding the key features to include in its release.

Right now, the lead developers are thinking the top priorities for 2.8 will be widget management, theme browser/installer and performance upgrades. The rest of the development time will be taken up with bug tickets and additional features/enhancements from a prioritized list. To that end, we’ve posted a new survey for you to help us prioritize features for 2.8. The list pulls from the developers’ “2.7 leftovers” list as well as the most popular features from the Ideas forum. Just rank each feature and tell us your top pick (up to three). You also have the option of adding comments or additional suggestions, but this is not mandatory. For your response to count, you must rank all of the features in the list. The survey has only one page.

Take the survey here. Deadline is on December 31.

Other miscellaneous announcements from the above post:

  • Lead developers will resume IRC chats and discuss weekly progress on feature development. Everybody is invited to participate in these chats.
  • You should submit your ideas for new WordPress features to the Ideas section, not the Trac.

Leave a Comment | Tags: , , , , , ,