Ian Stewart & Viper007Bond join Automattic; “Theme Team” in the works
Aside from his theme Kirby becoming the basis for 2010, the next default WordPress theme, Ian Stewart has announced that he joined Automattic as its new Theme Wrangler. Aside from this, he shared news that a “Theme Team” is being formed and that his own site, ThemeShaper, will be its home.
ThemeShaper will become a public-facing blog for the Theme Team now assembling at Automattic. A place where we can help provide the best possible experience for everyone involved in WordPress theming; from the noobiest of beginners to the most powerful of WordPress wizards.
The state of WordPress theme development has made leaps and bounds in the past few years, so it’s great to see an even bolder step taken with Ian and the Theme Team.
Another prominent contributor to the WordPress community got picked up. Viper007Bond, known for his plugins like Viper’s Video Quicktags and YOURLS, also announced that he’s joining Automattic full-time. He didn’t, however, mention any special plans on the plugin development front, but it makes sense for that to come along later on.
WordPress.com goes real-time with PubSubHubbub
PubSubHubbub or PuSH is a new protocol that makes publishing go real-time: instead of readers like Google Reader or Netvibes checking a website RSS or Atom feed every so often for new content, PubSubHubbub “pushes” the new content into the stream as soon as it is published. That feature has been enabled on all WordPress.com blogs.
WordPress.org users can also enjoy PubSubHubbub with the PuSHPress plugin available in the Plugins Directory. This turns your WP blog into a hub of its own that can send updates directly, without going through another hub.
BuddyPress 1.2 installs on WordPress
The biggest roadblocks to adopting social network software BuddyPress have finally been eliminated. With the latest version 1.2 coming out, you can now install BuddyPress on WordPress and not just WordPress MU. That goes for any WP version. Consider this the official way to run BP following this one.
Another highlight of this release is a quicker, simpler installation process: just 3 steps detailed in the download page. Simply add BuddyPress from your plugins page and activate a theme for it.
Probably the most exciting part of this release is a new default theme, which you can see running on the official site and the BuddyPress Test Drive site. BP is looking cleaner and more flexible than ever—you can create child themes with BP too.
WordPress 2.9.2
WordPress 2.9.2 fixes a bug that lets logged in users see trashed posts created by other authors. It’s not a very urgent update, only to whose who find the Trash bug an inconvenience, but it’s still wise to download the latest version whenever you can. This should give you ample time to backup first.
Haven’t used the new Trash feature before? Here’s a walkthrough on it and here’s how to customize it.
Get WordPress for Android
It was only a matter of time before WordPress released an official app for the Android platform, and now it’s here. WordPress for Android is based on wpToGo, and now version 1.0 is available in the Android Market. It works for both WordPress.org and WordPress.com blogs and lets you work with posts, pages, and comments on the go.
Features include the ability to:
- Configure and manage multiple blogs
- Comment moderation including the ability to reply to comments
- Create and Edit Posts including categories, tags and photos
- Create and Edit Pages
- Get notified of new comments in the Android notification bar
More detailed development info on the Android app can be found here. Download WordPress for Android here.
Early look at the WordPress 3.0 Menu Management interface
Over at the WordPress Development Updates blog, there’s an alpha preview of the Menu Management user interface that will be included in WordPress 3.0. Here’s the video:
Here’s a quick preview of the new menu management admin page (still alpha stage).
It highlights the dropdown section, which is the only unfamiliar element. All the rest are borrowed from the widget management screen.
Feedback on the UI is very welcome, either here, or on the dedicated ticket: #11817.
As mentioned in the post by Scribu, the interface is similar to the Widgets page. You can select either a page or a category from its respective dropdown menus, and when clicked it gets sent to the active menu panel on the right. There you can reorder the items. You can also add specific links and the Home link.
This feature can’t come soon enough! People tend to “hack” together site navigation menus in WP themes and for ordinary users editing them is a pain. Making WordPress features more usable through new interfaces like this is always a good thing.
Got feedback or want to keep up with this upcoming WP feature? Bookmark this Trac page.
WordPress Foundation established
The WordPress Foundation has just been launched. It’s inspired by the likes of the Mozilla Foundation, and aims to preserve, protect, and educate with the WordPress platform and related projects.
The WordPress Foundation is a charitable organization founded by Matt Mullenweg to further the mission of the WordPress open source project: to democratize publishing through Open Source, GPL software.
Aside from this great milestone for WordPress and its community, it’s worth noting that the new site runs on a develoment version of WP 3.0 and the next default theme, 2010. Check it out!
2010 is the year of open source design for WordPress
It’s no secret that a major design change is coming to this year’s WordPress development cycles in the form of a new default WordPress theme, but that’s not all. Jane Wells has announced plans for all things design—open source design, that is:
- Creation of the wp-ui mailing list for design-related updates
- Return of the design challenges that have determined the look and feel of the WordPress admin interface in the past
- Mobilization of a distributed Usability Testing group
- Creation of the #wordpress-ui chatroom on irc.freenode.com and setup of a weekly chat as with #wordpress-dev
- Launching of the WordPress UI/UX blog
While I’m surprised all these things haven’t been set up sooner, I’m excited that design and usability are finally getting the attention they deserve—makes you wonder how WordPress got to be so beautiful without all these in place yet.
Between this, WordPress 3.0, and WordPress Multi Site, it looks like 2010 is a packed year for WordPress! There are so many things to do and lots of volunteer work is needed, so if you can find your niche in the community, why not contribute?
Interview with Automattic CEO Toni Schneider
WPVibe has an exclusive interview with Automattic’s CEO, Toni Schneider. We get a look at how this telecommute-friendly company gets things done (P2, IRC, and Skype), a bit of WordPress.com talk, and Toni’s personal life.
What is one thing you’ve learned while being at Automattic that has made you a better CEO?
A brand new thing that I had never done before was figuring out how to build a distributed company, where team members work from places all over the world. That’s been a great learning experience for me. I love how much personal freedom the distributed model gives people. One of our “Automatticians” told us just yesterday that he is going to Chile for 40 days. He has rented an apartment and will work from there. That’s the kind of thing you can do in a distributed organization. The challenge is to create a sense of teamwork and common purpose despite being spread so far apart.
And here are some amazing figures for Automattic’s other services:
- 1 billion avatar requests on Gravatar every day
- 220 million visitors on WordPress.com every month
- 117 million people reached by PollDaddy every month
A lot of times we more closely associate the WordPress project with just-turned-26 Matt Mullenweg, and while is is the founder after all, it’s great to get to know other members of team Automattic.
WordPress Multi User becomes WordPress Multi Site
The road to the merger has begun. And the first step is a pretty major one: WordPress Multi User (WPMU) has now been renamed to WordPress Multi Site (WPMS). I mentioned in a previous post that the WPMU term “multi-user” in the context of a typical WordPress install could be confusing, so it’s great that they got this out of the way immediately. “Multi-site” is much better.
Another major change that’s been made: the old WPMU term “Site Admin” has also been renamed to “Super Admin”—again, to erase confusion between WordPress single-user and multi-site jargon.
These and other important topics were discussed in the January 7 WordPress Dev Chat on IRC, and WordPress Tavern has a fantastic report on it. Some tidbits:
- There is no ETA on WordPress 3.0 yet
- WordPress
MUMS 2.9.1 is just around the corner - Work on The Merge has begun
- Canonical plugins “need a community of developers like the core to survive”
- Priorities for WordPress 3.0 include: The Merge, menus, custom post types, the new default theme, core plugin integration; Media “will not happen” in said version
- WordPress.org will be redesigned starting “sometime in late February”
Exciting times for the future of WordPress, and it’s all happening this 2010!
Gallery of apps for WordPress.com launched
Between the recently discovered hack to access WordPress.com via the Twitter API and Hootsuite now supporting it, using 3rd-party applications with WP.com is hotter than ever. Which is why you should check out the just-launched Apps for WordPress.com page.
In there are familiar faces like the iPhone and Blackberry apps, as well as popular software for the desktop, but what’s notable is the presence of microblogging apps Spaz, Tweetie, Twitterrific, and Hootsuite. What were once limited for Twittering have now expanded into other networks such as Facebook, FriendFeed, and now WordPress.com.
If you think blogging is dead because these microblogging services have taken over, think again! Let WP.com join the fray and let you take publishing everywhere.
WordPress 2.9.1
A beta and release candidate later, WordPress 2.9.1 is finally out. It addresses several issues including errors with cron, pingbacks, and scheduled posts. The entire list of fixes can be viewed here.
If you still have reservations about moving up to WP 2.9, this release should stabilize the upgrade now.
Download WordPress 2.9.1 or upgrade from within your admin panel. Interesting fact: WP 2.9 has passed one million downloads already!
Read & blog on WordPress.com from your iPhone via Twitter
Here’s an odd but fascinating hack discovered by Team 55 at the WP Quebec meetup: using the Twitter API, you can read and publish posts on WordPress.com from your iPhone! Matt Mullenweg explains step by step in this article. Pretty much any third-party Twitter client is okay; the key is to change the API URL to twitter-api.wordpress.com and then you can log in using your WordPress.com account.
Instead of following users you will follow blogs. Refer to them by their domain names (e.g. matt.wordpress.com). Support for replies and retweets will be added soon.
When you post a status update using our Twitter API, the update will appear on your blog. (If you have more than one blog you can choose which one gets the updates. The option is in your profile.)
Read more about this here. Matt also announced that they plan to release a WordPress MU plugin for this, so stay tuned for that one.
Discuss features you’d like to see in WordPress 3.0
Even during Christmastime the WordPress team is hard at work planning for the next version of WordPress. Version 3.0 will definitely be a big release with the merging of WordPress MU into the core, but they’d also like to map out as early as now other features to be included.
Easy blog menu management, dynamic image resize/crop, media upload UI redesign (begun in 2.9 but postponed for implementation due to technical issues), photo albums, custom content type UI and API, supercharging queries (cross-taxonomies), categories/tags for pages, auto-taxonomy UI, custom fields UI (possibly to be registered by themes or plugins for something to be displayed), settings UI redesign, improve the upgrade process (inc. distros for specific use types), SVN awareness, canonical plugins and a UI for displaying them, plugin page redesign, themes UI redesign, comments UI touchup, decouple language updates and files, new default theme, choose your own start page, caps lock detection, accessibility admin theme, mobile admin theme, synching custom fields > taxonomies, exif refresh, role management simplification, credits page in app, default custom types (microblog, galleries, asides), admin bar, front end comment moderation, front end posting (a la P2), better importers, widget installer, importer installer, more inline documentation, built-in “Welcome to WordPress” guide for 1st time admin use/checklist (set settings, add profiles, set up comment options, dashboard modules, add widgets, pick a theme, etc) with ability to dismiss as you move through, better help tab, more template tags, better zone selector, new code editor, XSL for RSS feeds (pretty feeds), bulk user creation (lazy load importer?), below post widgets, image importing, HTML validation, customizable comment form, Twitter and Flickr importers, WordPress capitalization catcher, configurable QuickPress configurable (add categories), more dashboard modules, easy linking to internal content when writing new content in editor, audit of error messages and updating them to be clearer revisions for custom fields and taxonomies… the list is endless, really, because there are so many cool things we could do. But which ones *should* we do? And specifically, which should we do in 3.0? Discuss!
Whew, what a huge (and not so readable) list! The important thing is to figure out what should go into the core and what can be better served as a plugin. Discuss it in this thread. And if you’re interested in joining the weekly IRC chat, the topic for the next one will be the same. It’s great to see that no time is wasted looking ahead and to the next iteration of WordPress.
TypeKit for WordPress.com, WordPress.org, and WordPress MU
Good news for WordPress users looking to unleash the typography aficionado within: custom font embedding service TypeKit has released support for all flavors of WordPress.
For WordPress.com, it’s already built in:
Log into your WordPress dashboard and click on Appearance in the left-hand navbar. There, you’ll find “Typekit Fonts” with a place to add your Kit ID (available under “Embed Code” in the Typekit Editor). That’s it — you’re ready to go. You can choose fonts from our rapidly growing library to add them to any of the WordPress themes to give your blog a distinct look.
For WordPress.org, there are a couple of plugins you can use from the official directory.
For WordPress MU, there’s a special plugin you can use as well.
This is great news for both the web design and blogging communities: through plugins and integration with TypeKit it’s now a lot easier to incorporate the next big thing in creating more beautiful websites.
WordPress 2.9
WordPress 2.9 is finally here! Just days after the first release candidate comes out, the final version of the much-awaited WordPress upgrade has arrived. Looks like Christmas came early this year.
WP 2.9 been dubbed “Carmen” after jazz vocalist Carmen McRae, and is the most feature-packed upgrade to date. The most popular mentioned are: the Trash, a built-in image editor, batch plugin updating and compatibility checking, and easier video embeds using oEmbed. The whole list is detailed in the Trac, of course.
Backup and upgrade now!
WordPress 2.9 Release Candidate 1
WordPres 2.9 RC 1 is out. And you know what that means: it’s only a matter of time before the final version comes out. The dev team tells us that there are a couple of things we can do to get ready when 2.9 finally drops: check out the latest features as listed in the Codex, and contribute to the plugin compatibility checker.
Changes since the beta releases are listed here.
The WordPress core team meetup
Here’s an introductory video that tells the tale of the recently held WordPress core team meetup, which lasted for 3 days. Some of the biggest names in the WP community are featured: Andrew Ozz, Mark Jaquith, Jane Wells, Peter Westwood, Ryan Boren, Matt Mullenweg.
And here’s the list of topics they covered in the meetup:
Topics: Direction for the coming year(s), canonical plugins, social i18n for plugins, plugin salvage (like UDRP for abandoned plugins), WordPress/MU merge, default themes, CMS functionality (custom taxonomies, types, statuses, queries), cross-content taxonomy, media functions and UI, community “levels” based on activity, defining scope of releases, site menu management, communications within the community, lessons learned from past releases, mentorship programs, Trac issues, wordpress.org redesign, documentation, community code of conduct.
As you can see from above, there are tons of exciting things going on with the WordPress project right now, not just with developing new features for future versions, but also on improving the WordPress community as a whole. More than talk of new features, it’s even better to know that one of the strongest aspects that makes WordPress what it is today is not forgotten but brought to the forefront. Onward with the community, WP!
Will bbPress turn into a canonical WordPress plugin?
BloggingPro reports that sister software for forums bbPress might become the first WordPress canonical plugin after the first IRC meetup for new direction.
Between the integrating of WPMU into the WordPress core and this development, it seems that the Automattic and the rest of the development team is pushing WordPress as the end-all, be-all publishing platform on the web. It will definitely be much easier to persuade site owners to choose bbPress as their forum software over third-party brands like vBulletin, or third-party plugins like SimplePress. And of course, it will also be exciting to see how bbPress can tap into the core features of WordPress.
Rise of the WordPress “canonical” plugins
Over at the WordPress Development blog, a poll is being held to see which term the community prefers to call “canonical” plugins, which are developed closely with the WordPress core.
Canonical plugins would be plugins that are community developed (multiple developers, not just one person) and address the most popular functionality requests with superlative execution. These plugins would be GPL and live in the WordPress.org repo, and would be developed in close connection with WordPress core. There would be a very strong relationship between core and these plugins that ensured that a) the plugin code would be secure and the best possible example of coding standards, and b) that new versions of WordPress would be tested against these plugins prior to release to ensure compatibility. There would be a screen within the Plugins section of the WordPress admin to feature these canonical plugins as a kind of Editor’s Choice or Verified guarantee. These plugins would be a true extension of core WordPress in terms of compatibility, security and support.
The issue is that the term “canonical” may be confusing for a lot of people, so the development team would like to know if there’s a better suited name for this class of plugins. Voting ends on December 10 at 11:59pm UTC time.
I’m more excited, though, about the actual existence of these plugins because they’re setting high standards for the WordPress project. More importantly, they address the issue of how many features should go into the WordPress core before it succumbs to bloat, if it hasn’t already.
I’d love to see examples of such plugins in the coming days. They could be things we’ve already installed on our WordPress sites, or cool new ideas we’d find useful all the same.
WordPress MU merging with WordPress in version 3.0
Donncha O’Caoimh writes about what might be the last merging of code from WordPress (2.9 beta 1) to the WordPress MU (2.8.6) Trunk. He writes later on in a comment that WP MU will merge with WP in version 3.0:
It’s probably the last big merge because WP and MU will be merged in WordPress 3.0
He’s talked about it before but now another confirmation of the WP version to look forward to when this merge happens. Since we’re still waiting for version 2.9 to come out though, the date for the next release will take a while. In any case, a good heads-up for those running WP MU or planning to.
WordPress 2.9 Beta 2
Round two of the WordPress 2.9 betas is out. Grab it here, and check out the changes at the Trac. As usual, download and install only if you’re fine with potentially unstable software.
If you’re running beta 1 already, just auto-upgrade from with your WP admin panel.
Matt explains the WordPress & Windows Azure connection
There’s been some buzz going on in the WordPress community about Matt Mullenweg’s recent appearance at the Microsoft Professional Developer Conference, where talk of its cloud computing platform, Windows Azure, powering WordPress.com blogs. Which is surprising, considering the WordPress project is a strong advocate of open source, while the Windows platform is proprietary.
Automattic founder and CEO Matt Mullenweg took the stage with Ozzie to talk about why he chose to use Azure for distributed hosting for WordPress and the millions of blogs its customers have online. Automattic is known as a strong advocate of Open Source technology. Mullenweg has built WordPress to run primarily atop Open Source software such as the Linux operating system, the MySQL database and the Apache Web server. Yet there he was onstage with Ozzie plugging Microsoft. Huh?
But Matt clears things up today in this blog post, saying he wants to show how WordPress can run on both open source and proprietary software, and that now includes the Azure platform.
What did you announce about WordPress at Microsoft PDC 09?
As part of the introduction of the Windows Azure platform, we announced that self-hosted WordPress can be run in an Azure environment on an open source stack of Apache, MySQL, and PHP. Showing MySQL in particular at a Microsoft conference was unusual.
He also emphasizes in the post that WordPress.com is not migrating to Azure.
Are you moving WordPress.com to Azure?
No. WordPress.com, which is Automattic’s hosted blogging service, is going to stay on its existing infrastructure. Martin Cron from the Cheezburger Network launched a new blog Oddly Specific on Azure, which some people confused with Automattic.
It’s great that Microsoft and Automattic, proprietary and open source advocates, can work things out like this. And the more ways that WordPress can be run, the better.
WordPress 2.9 Beta 1
And the road to WordPress 2.9 begins. WP 2.9 beta 1 is out.
It’s also the best way to check out what’s new, but if you can’t be bothered with a mere beta version yet, at least take this as an early heads up that you’ll be upgrading soon enough. So get ready!
WordPress.com adds geotagging on posts and profiles
Going local is one of the hottest technologies on the Web today, and on WordPress.com, you can now geotag your blog posts and profile.
Interested in reading blogs by other people in your area? A quick search will find them, and in the future could even be used to organize local WordPress.com user meetups. [...] Geotagged posts get marked up with the geo microformat, geo.position and ICBM meta tags, and GeoRSS and W3C geodata in feeds.
The featureset is pretty modest right now but Jane Wells spells out the possibilities coming near you:
This is just the beginning. Building on this platform, we’ll gradually roll out more geotagging features, such as showing the location of your commenters, the location of poll votes, a live map view of blog updates on WordPress.com, or an annual report showing you where your posts were written and where your comments came from — kind of a blogger’s version of the Dopplr annual travel report.
That will definitely up the WordPress coolness factor even more. For more information, visit the geotagging support page. Using a self-hosted WordPress version? There are plenty of plugins out there for geotagging.
WordPress 2.8.6
WordPress 2.8.6 is another important security release that tackles vulnerabilities in the Press This bookmarklet and upload file names.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
10 things coming in WordPress 2.9
We’ve talked about WordPress 2.9 quite a bit already, but Aaron Brazell of Technosailor has a comprehensive list of new features and things to expect when that upgrade notice arrives on your dashboard. He classifies each item according area: themes, plugins, users, and system.
Another important thing to note is that in WordPress 3.0, running PHP 5 will be a requirement. That’s not until a several months from now, but it’s good to be ready.
“Hello world!” post gets a makeover in WordPress 2.9
Weblog Tools Collection reports on the recently agreed upon move to modify the default blog post that comes with every new WordPress installation, the one entitled “Hello world!” People on the WordPress Hackers mailing list thought it would be better to add more meaningful information and links on the starting post, which serves as a welcome mat to every new WordPress user.
A draft of the post’s contents can be viewed here, and will be integrated come WordPress version 2.9. Super convenient!
Upgrade multiple plugins at once in WordPress 2.9
Here’s another new feature coming in WordPress 2.9 that will make maintaining your blog a lot easier. You can now upgrade multiple plugins that have updates available all at once. No need to go through them one at a time. A welcome improvement for WordPress sites of all sizes. Visit WP Engineer for a screenshot of the feature.
There are few details yet but it’s great that we’re getting news about all these new improvements to WordPress before it comes out, so we know what to expect.
Discuss the future of bbPress
Want to keep up with or contribute to the future plans for bbPress? Matt Mullenweg started a thread about it:
A few people have reached out to me and I just wanted to let everyone know that bbPress is still an important project for the WP community. (It powers our forums and plugin directory, for one thing!) It’s not going away.
Strategically the most important thing we need to figure out is how to integrate bbPress better with WP more for people who want that — right now it’s easier to use one of the WP plugins for forums than bbPress.
As to where bbPress goes in the future, I’d be curious to hear who wants to help with that. The world is our oyster.
Right now bbPress isn’t enjoying the same popularity and feature set as the other forum software out there, but it has potential especially since it has close ties with WordPress. People working on WP-powered sites should look into bbPress and possibly even contribute to its development.
WordPress Plugins Directory adds user-voted compatibility checker
WordPress plugins listed at WordPress.org’s official plugin directory now have a new feature for compatibility checking. It uses the naturally-helpful WordPress community to gather statistics on how compatible a plugin is for a certain WordPress version. Weblog Tools Collection reports:
Normally, the plugin information within the FYI box tells you which version of WordPress is required and which version the plugin is compatible up to. Unfortunately, the version the plugin is compatible up to is not updated that often which is why some plugins which state that they only work up to WordPress 2.5 end up working with the latest release.
[...] The beauty of this system is that it leverages the community in order to figure out what works with what. However, just because it works for the majority of users is no guarantee it will work on your particular setup. But using these statistics, it should make it easier to figure out whether the issue is with the plugin and WordPress or with your setup.
One of the biggest fears users have when it comes time to upgrade WordPress is whether their plugins will work on the newest version or not. There are a large handful of people who upgrade to the latest version of WordPress as soon as it’s released and the hope is, these folks will visit the plugin page and report their findings for others to take advantage of. If more users see that their plugins work on the newest version, they are more likely to upgrade.
It’s not yet on all plugins, and it doesn’t appear yet inside details screen when you install from within your WP admin, but expect that to change soon. After all, this feature is still in beta.
But the biggest advantage, as WLTC notes in the last paragraph above, is key here. WordPress-powered sites often stay outdated and unable to fight off security attacks because their owners fear for incompatible plugins breaking their site. This checker should help quell those fears. And of course, this is a great incentive to make sure you’re grabbing plugins from the most legitimate source out there.
WordPress.com blogs now use mobile themes automatically
WordPress.com users can now serve mobile versions of their blogs thanks to modified version of WPtouch and WordPress Mobile Edition. People with more capable mobile browsers, such as iPhones and Android-based phones will use the first theme, while other mobile devices will use the second theme.
Mobile visitors greeted by WPtouch will get easy access to posts, pages, and archives. They’ll get fancy AJAX commenting and post loading. If you are using a custom header image, it will be scaled to size and displayed at the top of your blog. When viewing your blog on other phones, the focus will be on loading the blog quickly while displaying the important information about your content.
More details about the mobile themes here.
WordPress 2.8.5
WordPress has come out with yet another security upgrade (they call it a “hardening release”), notably in line with this trackback-related 0-day exploit.
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
The WordPress team also recommends users to install the WordPress Exploit Scanner plugin, which you can download here.
Embed media using only URLs in WordPress 2.9
Here’s another great feature coming up in WordPress 2.9: easy media embedding using just the URL of the photo or video you want to place in your blog posts.
The catch is the URLs must be enclosed in [/embed] shortcodes, and that the media must come from one of the predefined media providers: YouTube, Blip.tv, Flickr, Hulu, Viddler, Qik.com, Revision3, Google Video, PollDaddy, DailyMotion.
Of course, there are methods for adding more providers: using (a) wp_oembed_addprovider() function for oEmbed-compatible website and (b) defining a handler/callback function that checks the URL and generates the necessary embed code in its place.
Finally, wp_expand_dimensions() lets you resize the media to the largest dimensions possible given an example width-height ratio.
Read more about these in Viper007Bond’s post.
the_post_image() in WordPress 2.9
In WordPress 2.9, users will now be able to set a representative image per post, one of the most popular features found in advanced or premium WP themes.
The image can be added via the function the_post_image(), with possible parameters 'medium' and 'thumbnail' to indicate the size.
I’m still on the fence about this. On the one hand it’s one of the biggest things that’s missing in in the WordPress core for anybody who wants to transform their websites to more than just a blog. But on the other hand other smart solutions, like the Get the Image plugin, exist. I would love to see the_post_image() expand its feature set to extract the first uploaded image within the post automatically, and provide the option of setting that as the featured image for that post.
Either way, we’re seeing a huge focus on the media management aspect of WordPress in this upcoming version.
Real-time blogging through IM on WordPress.com
WordPress.com users have yet another fascinating new feature to play with that will bring blogging straight into the real-time era. Using a Jabber- and XMPP-based instant messaging (IM) client, you can post and subscribe to WordPress.com blogs, and it all happens inside chat windows. The video below explains how to get started:
At im.wordpress.com we have been experimenting with instant delivery of blog posts and comments. We started by providing a firehose for our partners but that was only the beginning. Now you can subscribe to WordPress.com blogs in your Jabber IM client and receive posts and comments the instant they are published. It is also possible to post to blogs from the chat client. In time we plan to add these real-time features to web pages. Soon the conversations on blogs will be as fast as chat rooms.
Read more about Real-Time Blogs using im.wordpress.com here.
Custom CSS Revisions for WordPress.com users
WordPress.com users who have purchased the Custom CSS Upgrade feature can now access previous revisions of the edited stylesheet. Basically, Automattic has taken the post revisions idea and applied it to your custom CSS editor. Simple, yet very useful idea.
If you’ve ever considered the CSS upgrade, now’s a great time to take the leap. With this new CSS revisions feature, you’ll be able to make changes to the look of your theme without worrying about losing earlier versions, and can see how CSS changes will affect your blog’s appearance.
As usual, us WordPress.org users will have to see if this will come out as a standalone plugin. For WordPress.com users who haven’t heard of Custom CSS, read more about the upgrade here.
Long term support for old WordPress branches? Not likely
From WPTavern’s report on the latest WordPress Dev Chat, one of the questions raised was the possibility of bringing back long-term support (LTS) for older versions of WordPress in light of the security issues that have been plaguing the software. The short answer? No way.
jeffr0 – Directed at Mark. Has their been any talk of a new supported legacy branch?
Considering the security stuff earlier this month, some folks have been suggesting that WordPress bring back a supported legacy branch of WordPress. I decided to ask if any talk of this has been ongoing in the inner dev circle and Mark replied that he wasn’t aware of any. In fact, Mark stated he would be extremely opposed to an LTS (Long Term Service) branch. Sivel doesn’t think it is something that they are ready to undertake.
MarkJaquith – I’d rather direct resources to making upgrades smoother and showcasing well-coded plugins that won’t break on upgrade.
westi – The only way a LTS branch is going to exist is if the person that wants it creates it. our resources are better directed elsewhere
Clearly the WordPress development team is focused on moving forward rather than stepping back. If you ask me, as long as they’re putting security and the push to keep people’s WordPress versions up-to-date as top priorities, it’s all good. People usually put plugin compatibility before blog security, and that’s really not a responsible thing to do. Having little to no support for outdated versions of WordPress is one of the ways to change this bad habit.
Automattic’s WordPress Consultants list moves to CodePoet.com
CodePoet is Automattic’s very own domain for WordPress consultants. They moved their massive list to a specialized site for professionals specializing in WordPress design and development.
As the largest operator of WordPress blogs (over 9 million and counting), we receive a steady stream of requests from people looking for WordPress savvy web design and software development firms. In response we’ve started CodePoet, a directory of consultants who specialize in building beautiful and efficient WordPress sites.
The site is still in its early stages, running on a barebones P2 theme and categories limited by geography, but knowing the developers of WordPress, there’s bound to be some great features coming up. Perhaps even expanding to accommodate firms working on other Automattic products like bbPress, BuddyPress, VideoPress, Akismet, Gravatar, PollDaddy, IntenseDebate, etc.
And if you’re wondering why it’s called CodePoet, the WordPress slogan is “code is poetry”. Very apt. And very cool too—wouldn’t you love an email address at that domain?
Automattic gets spelling and grammar checker After the Deadline
Automattic has acquired After the Deadline, a next-generation tool that does spelling, grammar, and style checking all in one. It’s now a default feature of WordPress.com, and it’s also available as a plugin for self-hosted WordPress.org sites.
At its core WordPress has always been about writing — that’s why we put so much effort into things like the visual editor, revisions, and auto-save, so you never lose your work. Now you have another arrow in your quiver to help you present the best possible face to your readers and the world.
After the Deadline is an acquisition you probably didn’t see coming, but makes total sense! Kudos to the makers of ATD and Automattic for making the world a better place, at least when it comes to writing.
Update and secure your WordPress installation
There’s a worm circling the WordPress community and it’s attacking all sites that have not been updated to version 2.8.4. Lorelle reported its symptoms:
- “There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”” - “The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.”
This certainly sounds familiar. Matt explains further:
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.
It must be stressed that upgrading is a preventive measure; if you’ve been attacked, you’ll need to go through your files and databases to get rid of the offending code.
A stitch in time saves nine. Upgrading is a known quantity of work, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. Fixing a hacked blog, on the other hand, is quite hard. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)
An early look at WordPress.org Profiles
WP Tavern reports on the first instance of BuddyPress running on an official WordPress site: WP Profiles.
While we briefly talked about this during episode 70 of WordPress Weekly with Andy Peatling, today during the early part of the WordPress developer chat, Jane Wells passed on a link to http://profiles.wordpress.org which is the first public instance of BuddyPress in action on the WordPress.org domain
On the front page is a list of the recently active members. Click on one of them to view his/her profile, which lists contributions to the WordPress project, particularly the following sections: Plugins, Support forums, Ideas, and Trac. From that you can deduce that if you have an account at WordPress.org, you can login to WP Profiles.
One of its more important features is the ability to add oneself to the Consultants List. WordPress professionals can opt to have their names listed in the WordPress consultants list, presumably this page or something similar on WordPress.org. That’s instant exposure for your business, courtesy of the official WordPress site itself!
The WP Profiles site is a good example of taking BuddyPress to the next level with a custom members site, and of course increasing the social aspect of the official WordPress community site. But is this also a hint at the previous cryptic announcement at WordCamp San Francisco that WordPress.org and WordPress MU are going to merge?
BuddyPress to ship with a theme framework; will WordPress be next?
Social networking platform BuddyPress has modified its theme structure to contain by default a theme framework, basically a parent theme which custom themes can override with child themes.
In BuddyPress 1.1 there will be one single theme to handle everything. BuddyPress will ship with a theme framework that acts as a parent theme. The default theme will be a child theme based on this framework and contains only images and css. Building a new BuddyPress theme will be as simple as creating a child theme based on the framework. If you’re not familiar with child themes a quick google search will bring up lots of useful information.
This makes theme development for a relatively more complex CMS much easier. But what’s more interesting about this is there are several WordPress theme frameworks already out there, and it looks like the BuddyPress development team has taken a cue from that. My question is: should future versions of WordPress also ship with a default theme framework just like BuddyPress? For those who aren’t familiar with the benefits:
When building a new theme you don’t need to re-create every template file. You can override specific template files where needed. Most importantly though, your theme will update automatically with the latest functionality when the framework theme is updated.
In the meantime, however, check out these 3rd-party theme frameworks for WP.
WordPress.com and Gravatar.com redesigned
There’s been a lot of new homepage designs coming out of Automattic lately: apart from the sneak peek we got from get.wp.com, we also have a refreshed WordPress.com and Gravatar.com.
The WordPress.com homepage showcases the top blogs hosted on their service like Cute Overload and Technologizer, stats on usage like the number of blogs and words pressed today, and the features offered like themes and widgets. I also noticed a nice little hint that says “WordPress.com is also available in Tagalog.”—especially timely if you want to blog in our native language this Buwan ng Wika.
The Gravatar.com homepage shows a video demo explaining what the service is all about, and WordPress.com users enjoy immediate access. Matt Mullenweg notes in his announcement of the refresh that the design is a sign of things to come, which makes us wonder exactly what he means by it. I hope it has something to do with making Gravatar more mainstream. It should be a fixture on all the major social networks!
WordPress.com rolls out URL shortener, WP.me
WordPress.com, whose frontpage just underwent a makeover, has finally rolled out its own URL shortening service, WP.me, to benefit its microblogging crowd. The feature is built right into the post editor: just click on the Shorten button and you can grab a short link 70% smaller than your permalink.
Another great advantage of having this built right into WordPress.com is its rel=shortlink code integrated automatically into the header. Automattic is also proud to say that WP.me will remain spam free, since they are constantly keeping tabs on and removing spam on WordPress.com.
That last feature will probably be the reason WP.me won’t be applicable to self-hosted WordPress sites, but I’m sure lots of WordPress.org would love to have access to the service.
Now that WordPress.com has a shortening service of its own, however, it erases the possibility of WP.com filling that need. So what will it be used for? Matt Mullenweg says it’s still a secret!
WordPress 2.8.4
As expected, Automattic promptly released WordPress 2.8.4, a security update to the previously mentioned remote admin password reset vulnerability.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
Whether you’ve patched your WP installation as instructed or not, better grab this upgrade immediately. As always, backup before doing so!
WordPress 2.8.3
WordPress 2.8.3 just dropped last night. It fixes several security issues that were overlooked with the WP 2.8.1 release, pointed out by several members of the WordPress community. Don’t you love it when everybody helps out?
Download the latest version now or upgrade automatically from your admin panel.
WordPress 2.9 media features survey results
Results of the WordPress 2.9 media features survey are out. Aside from the detailed breakdown of votes for each feature, what’s interesting is the list of alternative plugins you can use right now while these proposed new features have not been implemented natively.
But rest assured that the development team is attending to the WordPress community’s requests:
The top-voted feature, standalone photo albums, is being worked on as a Google Summer of Code project by Rudolf Lai, under the mentorship of WordPress Lead Developer Mark Jaquith. The “pencils down” date for GSOC is in less than two weeks, at which point we’ll be assessing the state of Rudolf’s project. Hopefully, we’ll be able to incorporate it with 2.9 development, do some testing, amend the code and/or UI as needed, and have this launch with the 2.9 release (in core or as plugin TBD). Undoubtedly, additional functionality will be contributed by core contributors who have also been working on media plugins.
WordPress 2.0.x now deprecated
The WordPress development team is now ending support for the WordPress 2.0.x branch, just a few months earlier than the planned 2010 deprecation.
Many of the security improvements to the new versions of WordPress in the last couple of years were complete reworks of how various systems were handled. Porting those changes to the 2.0.x branch would have been a monumental task and could have introduced instability or new bugs. We had to make hard decisions between stability and merging in the latest security enhancements. Additionally, far fewer people stayed on the 2.0.x branch than we anticipated. I take that as a testament to the new features in WordPress and perhaps even more the features offered by plugins, many of which don’t support older versions of WordPress!
The good news is, there are way fewer people who have left their WordPress installations outdated than updated. If you’re part of that group, though, do the right thing and upgrade now! The advantages—both in features and security—far outweigh the disadvantages.
WordPress 2.8.2
WordPress 2.8.2 is an important security update that addresses an XSS vulnerability with unsanitized comment author URLs. No betas or release candidates came out before this version, but upgrade away! The notice should already be up in your WordPress admin panel.
