News in the WordPress world, October 2015
WordPress 4.4 Beta 2 is available for testing. The new version of WordPress will include 3 new important features:
If you’ve had to deal with plugin translations in the past, you know it used to be a cumbersome process: people who translated your plugin had to send you .po and .mo files, and you would commit those files into your plugin’s languages folder in the next release. Things are much easier now, thanks to WordPress.org. All translations happen on translate.wordpress.org. You can contribute to translations for just about any plugin, and as soon as your translations get approved, they’ll be shipped to everyone using the plugin.
Even the readme can be translated, so we’re slowly moving towards a fully localized plugin repository!
Not a WordPress news, but something that will affect everyone with a website. Let’s Encrypt is a new free SSL certificate authority, and is now trusted by all major browsers. Soon they’ll stat issuing free SSL certificates to everyone who’d need one. They contribute to a safer internet for everyone.
More XML-RPC news
XML-RPC is a feature allowing you to interact with a WordPress site. It’s used by the mobile apps, by plugins like Jetpack, by services like IFTTT, and by many other apps and services.
Since it can be used to publish posts remotely, it’s one of the points of entry hackers like to target. They’ll try to authenticate to your site via XML-RPC, and access your site through there.
Unfortunately, it can be abused, and the Sucuri security firm discovered that hackers had discovered a new way to abuse that feature. They now use a method named
system.multicallto execute multiple methods inside a single request. That means they can test several username / password combinations to get into your site in one single request. That’s consequently not enough to just block folks who do multiple requests to your site’s XML-RPC in a short period of time, you now have to look at what people do in these requests. We’ll cover how to protect yourself against those attacks in my talk, a bit later.
It’s been a while since our last meetup! This time, we’d like to try something different. We haven’t decided about a topic yet and we’d like you to decide what you want to hear about!
Please fill in this survey, and tell us what you’re interested in. We’ll then find speakers and update this post and the Meetup page accordingly.
Hot summer days arrived and that is one more reason to get together talk about WordPress stuff, talk about non-WordPress stuff, discuss about meetups we had done and brainstorming for next season and usual casual conversations.
And we plan to do this while drinking excellent craft beers of Élesztő. If you don’t have better plans and you like a good and want to have a chat feel free to come by.
We hope to see you there!
In this presentation, you will learn the basic principles of how to make your idea, product or service attract buyers.
Update all the sites!
There were quite a few releases in the past few weeks:
- 4.1.2, 4.2, 4.2.1, 4.2.2
- Popular plugins, Security plugins (iThemes Security), Core, … Everyone has had their share of security issues in the past few weeks.
- Luckily, WordPress’ Automatic Updater took care of most of these updates for you. You can learn more about the updater and how to configure it here.
- The last security issue concerned Genericons, an icon font that’s bundled into several themes including Twenty Fifteen, and in popular plugins like Jetpack. You can read more about the vulnerability here.
- Update fatigue is dangerous. Don’t give up, update, and thank the Core Security team who’s there to save us by reacting quickly and shipping new releases to fix all these issues.
WordPress.org Now Requires Theme Authors to Use the Customizer to Build Theme Options
From now on, all themes submitted to the WordPress.org theme repository will have to use the Customizer for their theme options:
If you are not familiar with the customizer, and if you’d like to add options to your theme, I would suggest checking out the Customizer API docs on WordPress.org.
WordPress 4.3 will be all about enabling users of touch and small-screen devices.
WordPress 4.2 was shipped a couple of weeks ago, and the core developers are already planning 4.3. You can find out more about the focus of the next major WordPress release here:
I would also suggest subscribing to make/flow if you’d like to help with testing and share your opinions.
WordPress’s Rest API is still in the works, version 2.0 was released a few weeks ago
- The developers in charge of the API are looking for testers. If you’re interested, and if you want that feature to make it into core sooner rather than later, watch the GitHub repo and submit bug reports!
My WordPress Performance 101 presentation from our third meetup.
You are welcome to ask any question about it, feel free to comment.