Plugin Directory Refreshed
By · CommentsBeen hanging out with a few WordPress.org hackers — Scott, Nacin, and Otto — the last few days in a BBQ-fueled haze of hacking to make plugin directory better. There are over 19,000 plugins listed and they’re really the heart and soul of WordPress for many people, so they deserve a little tender loving care. Here’s a quick before and after snapshot you can zoom in on to see a visual overview of some of the changes:
Our first focus was around improving the discussion and support around plugins.
You’ll now notice that threads about a plugin are pulled directly into a “support” tab on the plugin page — each plugin has its own forum. We’ve made authors much more prominent and with bigger Gravatars and better placement, so you can get a sense of who made the plugin you’re using. And finally to show how active and well-supported a plugin is, you can see ”16 of 75 support threads in the last two weeks have been resolved.” Finally, if you’re logged in you get access to the new “favorites” feature that lets you mark the plugins you use the most so you can share them on your profile page and find them quickly later. We soft-launched favorites a few days ago and there have already been 2,000 saved!
If you’re a plugin author, we’ve started with a short threshold (2 weeks) for the resolved stats so it’s easy to catch up and stay on top of it. (It’ll eventually go to two months.) You also now have the ability to set stickies on your plugin forum to put FAQs or important information at the top, and of course any person you put as a committer on the plugin will have moderation access. People on the forum tag will see your custom header and links to the other resources attached to your plugin.
We’ve tightened up the styling a bit on the forums and plugin pages, though still some cleanups to do there. Some older improvements you might have missed, but are still useful for users and developers alike:
- “Plugin headers” or those cool graphics you see at the top of plugin pages have really taken off, there are over 1,600 active now.
- You can now subscribe to get an email whenever a commit is made to a plugin repository even if it isn’t yours. There is no better way to follow the development of your favorite plugins. There’s nothing like the smell of fresh changesets in the morning.
- Behind the scenes, we’ve dramatically ramped up proactive scanning of the entire repository to help authors fix security and other problems they might not even know about yet. The quality level of the repo has gone way, way up.
All of this will continue to evolve as we get feedback and see usage, but we’re happy to have been able to make some key improvements in just a few days while hanging out in Memphis. (This is why WordCamps usually have BBQ — it imparts magical coding powers.)
Calling All Contributors: Community Summit 2012
By · CommentsEach year, the WordPress core development team meets in person for a week to work together and discuss the vision for WordPress in the coming year. As annual events go, it’s easily my favorite. Don’t get me wrong, I love attending WordCamps and local WordPress meetups (which are awesome and you should try to attend if you are able), but at the core team meetup, the focus on working together and getting things done is unique, as is the experience of every person in the room being so highly qualified. This year, instead of just planning a core team meetup, I’m aiming a little higher and shooting for a full-on contributor/community summit.
Core code isn’t the only way to contribute to the WordPress project. We have an active theme review team, support forum volunteers, people writing documentation, plugin managers, community event organizers, translators, and more. The teams have been siloed for too long, so we’ve recently begun the process of bringing them together by having teams elect representatives to facilitate more communication between the contributor groups. These reps will form the nucleus of the contributor summit now being planned for a long weekend at the end of October in Tybee Island, GA. This is completely different from a WordCamp. It will be a combination of co-working, unconference, and discussions among the project leaders, and participation will be by invitation.
In addition to bringing together the active contributor team reps to work together, I think it’s important to include community members who don’t fall into that category (at least not yet!). Successful WordPress-based business, authors of popular plugins and themes, and people using WordPress in unexpected but intriguing ways should have a place at the table, too. That said, part of the magic of the core team meetup is the small size; it allows every voice not only to be heard, but to engage. Since this is my first attempt at bringing together so many groups and points of view, I want to try and keep it small enough to retain that personal atmosphere while at the same time ensuring that the best possible mix of people and businesses in the WordPress ecosystem is represented. This is where you come in!
Taking a cue from events with limited availability like AdaCamp (attendance) and the jQuery conference (speaker roster), I want you to nominate people and/or WordPress-based businesses to participate in the summit. Yes, you can nominate yourself.* You can nominate up to 10 additional people — be prepared to provide URLs and the reason you think they should participate. You can also nominate up to 10 WordPress-based businesses without naming individual people, so if there’s a theme or hosting company (for example) that you think should be there, you don’t need to go looking for employee names. This nomination process will hopefully ensure that we don’t overlook someone who is making a difference in our community when it comes time to issue invitations.
Nominations will be open for a week, after which the survey will be closed and the process of analyzing the results** will begin. The nominations process will lead to invitations in June, confirmations in July, planning in August and September, and the summit itself in October. Hopefully we can stream and/or record some of the activity to share online at WordPress.tv. Additional invitations may be extended up until the event if there are people/businesses that become more active in the community. If you’re thinking to yourself that maybe now’s the perfect time to start contributing time to the WordPress project, good thinking! In the meantime, if you want to weigh in, fill in the community summit nomination form. Thanks, and wish us luck!
* Nominating yourself: Do nominate yourself if you fall into one of the categories described in the post above, or if you believe that you have a unique point of view. Please do not nominate yourself if you just think it would be cool to hang out with this group. This is a working event, and everyone is expected to bring something special to the table.
** I (and/or a helpful community volunteer) will sift through the nominations and compile a shortlist of the most-nominated people/businesses and the most intriguing underdogs. This list will be reviewed by the summit planning committee (made up of team reps) to create the invitation list.
WordPress 3.4 Beta 4
By · CommentsLess bugs, more polish, the same beta disclaimers. Download, test, report bugs. Thanks much. /ryan #thewholebrevitything
WordPress 3.3.2 (and WordPress 3.4 Beta 3)
By · CommentsWordPress 3.3.2 is available now and is a security update for all previous versions.
Three external libraries included in WordPress received security updates:
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.
WordPress 3.3.2 also addresses:
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
- Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.
These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2. Consult the change log for more details.
Download WordPress 3.3.2 or update now from the Dashboard → Updates menu in your site’s admin area.
WordPress 3.4 Beta 3 also available
Our development of WordPress 3.4 development continues. Today we are proud to release Beta 3 for testing. Nearly 90 changes have been made since Beta 2, released 9 days ago. (We are aiming for a beta every week.)
This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments and reporting any bugs you find. (See the known issues here.) If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’s famous 5-minute install and spin up a secondary test site. Let us know what you think!
Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2. Download WordPress 3.4 Beta 3 or use the WordPress Beta Tester plugin.
WordPress 3.3.2 (and WordPress 3.4 Beta 3)
By · CommentsWordPress 3.3.2 is available now and is a security update for all previous versions.
Three external libraries included in WordPress received security updates:
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.
WordPress 3.3.2 also addresses:
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
- Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.
These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2. Consult the change log for more details.
Download WordPress 3.3.2 or update now from the Dashboard → Updates menu in your site’s admin area.
WordPress 3.4 Beta 3 also available
Our development of WordPress 3.4 development continues. Today we are proud to release Beta 3 for testing. Nearly 90 changes have been made since Beta 2, released 9 days ago. (We are aiming for a beta every week.)
This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments and reporting any bugs you find. (See the known issues here.) If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’s famous 5-minute install and spin up a secondary test site. Let us know what you think!
Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2. Download WordPress 3.4 Beta 3 or use the WordPress Beta Tester plugin.