This Week in WordPress: WP Security Scares and Finding the Perfect Plugin

This week’s round-up of WordPress news, views and reviews summarized in our daily email newsletter, The WhiP.

Subscribe to The Whip for daily lashings of WordPress goodness.

Hit Play

(WordPress News)

WordPress 4.2 beta 1 is out and ready for testing. At this point in the release cycle, features are locked in and contributors are focusing on bug fixes and inline documentation. The final version is due out during the week of April 22.On this week’s episode of WPWeekly, the guys at WP Tavern discuss a bunch of stuff, including CodeGuard’s survey results that indicate WordPress users need a lot more education on how to back up their site.

The latest DradCast podcast is also available and features GoDaddy evangelist Mendel Kurland.

Press Publish is on soon. It’s a one-day conference featuring inspiring WordPress bloggers and some of the people behind

Getting Started Up


Has Crazy Egg found the perfect WordPress theme? (Hint: We think so ☺

“I did not enable automatic plugin updates, and they updated anyways. End of story. There should be no discussion past this point. The fact that the update was a security release is irrelevant. An update, is an update, and WordPress automatically updated a 3rd party plugin without my consent.”Nick Haskins, who built Aesop Story Engine, is a little upset.

“I find it difficult to believe there is a particular layout that can’t be created with Upfront.” Chris Lema compares our Upfront theme platform with Obox’s layers and it stacks up well.

Is a WordPress plugin a startup?

Is your site keyboard accessible? ThemeShaper offers some advice on how to build a strong foundation for the accessibility of your site.

“… I’ll go as far as to say that for as much positivity that exists within the community, it’s counter-balanced by the infestation of people who are looking to disrespect and throw others under the bus before actually helping customers. And that’s where it sucks. It ends up looking more like a glorified rumor mill than it does about an industry that aims to democratize publishing and looking out for the customers above anything else.” Tom McFarlin asksis there a lack of integrity in WordPress?


(Plugins and Themes)

Adding plugins to a site using Upfront isn’t any different to adding plugins to a site using any other theme. The only difference is that with Upfront it’s even easier to style front-end plugin content with live preview.

We mentioned Nick Haskin in the last section. He’s released a new front-end text editing tool called Lasso and it’s cool.


(Tutorials, Tips and Tricks)

Tips for Simplifying WordPress to Make it Client-Friendly (WPMU DEV).

How to Disable the Full Height Post Editor in WordPress (WP Beginner).

The Best Dummy Content Generators for Your WordPress Website (WP Daily Themes).

A Safe And Easy Way To Add Code To A WordPress Website’s Header Footer (Pagely).

Tricky Stuff

(Off-Topic, Random Stuff)

“I have no secrets whatsoever. I do work fairly hard, but certainly not harder than a plumber or middle school teacher or garbage man. I sit in a chair for 8-ish hours a day and read and type.” Chris Coyier, the busy creator of CSS-Tricks, co-founder of CodePen and podcaster on ShopTalk did an AMA. All the best for a thoughtful and productive Friday and a fun weekend.

For Sale

(WordPress News)

There was some consternation and even anger last week when WordPress pushed a security update for Yoast’s WordPress SEO plugin to fix a security vulnerability. Is WordPress justified in pushing unwanted automatic updates? lead developer Dion Hulse explains what happened last week. Sarah Gooding at WP Tavern also explains the issues.”Providing a better salary to someone just because his/her negotiation skills are better than another employee’s is not a good way to do things.” WP Rocket, the company behind the caching and performance optimization plugin of the same name, has published the salary grid it uses to determine how much it pays its staff.

Transparency must be catching. WordPress design blog CodeinWP has published its first transparency report, including a breakdown of the company’s customer numbers and revenue.

WPLift and ThemeFurnace are for sale. Oli Dale, who runs both sites, says, this year he’s “… making the move away from web stuff to a new business.”

“It’s one thing to offer a really good product. It’s one thing to build a really good website. But if you don’t have the community behind you that’s going to be willing to trust in you with their wallet … It’s not going to go anywhere long term, sustainably.” CGCookie co-founder Jonathon Williamson shares his insights into running a successful membership site.

“I would like to see WordPress have more serious competition. In many ways, WordPress is a victim of its own success. Over the last two years, we have seen WordPress refine what was already a great product. However, I believe that competition in the marketplace would encourage more innovation and the addition of brand new features to WordPress.” Kevin Muldoon talks to Pagely about working with WordPress and helping to educate the masses.



Helpful Technology, a small London web consultancy, is deploying a WordPress-based intranet solution inside several UK central government departments.

Contact Form 7 or Gravity Forms? WinningWP compares the two.

“We are bootstrapped, we made mistakes and we hopscotched across the country to WordCamps to foster relationships. However, in no other space that I’m aware of, could two unknowns from Toronto, with no corporate or real sales experience, have made such an impact on large brands, so quickly.” The brief story of how voice-guided software company SIDEKICK came to be.

Tom McFarlin, who maintains a few free plugins, offers some advice on how he does it.

In Real-Time

(Plugins and Themes)

BuddyPress 2.0 adds real-time notifications for users.

If you want to launch a new site, these top 25 WordPress starter themes will help you get your site off the ground in no time.

And here’s some minimalist themes at WP Tavern.

And also a collection of blog resources (themes and plugins) at WP Mayor.

The Smart Way

(Tutorials, Tips and Tricks)

Creating a Featured Content Widget — With its Own Image Uploader (WPMU DEV).

Limit Access to the WordPress Login Page to Specific IP Addresses (WPMU DEV).

Handling WordPress 404 Errors The Smart Way (SpinPress).

An In-Depth Guide on How to Integrate MailChimp into WordPress (Torque).

How To Customize The Style Of Contact Form 7 To Match Your Website(Elegant Themes).


(Off-Topic, Random Stuff)

Google Feud is Family Feud mixed with Google autocomplete. Hope you weren’t planning on getting any work done today…

All the best for a thoughtful and productive Monday.


(WordPress News)

Are terrorists exploiting vulnerabilities in WordPress plugins? Maybe not, according to the FBI. Multiple sites in the US have been the target of recentattacks by hackers claiming to be affiliated with ISIS. The source of at least two of the attacks was related to the FancyBox plugin, which was updated last month after a security vulnerability was discovered.

More and more WordPress companies are publishing details of their income in a bid to be transparent. WP Lift takes a look at the companies leading the trend.

BuddyPress contributors will converge on WordCamp London this weekend, so if you’re a BuddyPress fan, why not say hello?

The usual WPwatercooler crew got together this week to discuss using the Genesis framework.

And on the KitchensinkWP podcast, IntegralWP’s Jamie Currie talks about Netbeans, Assembla and Git.

Remember the Little People


“As important as it is to know that you can find an awesome plugin to do an awesome thing, it’s also important to know that the people producing these plugins are putting their time, energy, and love of all things open source into their work which is nothing to sneeze at especially when said plugin is available as a free download.” Corey Collins from WebDevStudios wants you to remember the little people.

Is it okay to resell a commercial plugin that is licensed under the GPL?Lawyer Richard Best explains.

Matt Medeiros from The Matt Report has paid tribute to the late Clint Warren, a developer who credited WordPress with saving his life after a stint in jail.

One More Time

(Plugins and Themes)

Ultimate Member is a new, free membership plugin that places a heavy emphasis on front-end community features.

Pods Framework users are urged to updated to the latest version after a security vulnerability — similar to that found in the WordPress SEO plugin last week — was discovered and patched.

bbPress 2.5.6, a maintenance release, is out. It fixes an issue with subscription emails that was plaguing a few sophisticated installations.

If you’ve ever updated a plugin and wished you didn’t, here’s how to download older plugin versions from

Boiling Point

(Tutorials, Tips and Tricks)

8 Must-Haves When Adding E-Commerce to Your WordPress Site (WPMU DEV).

How to Create a Video Slider in WordPress (WP Beginner).

WP Sessions: Using The WordPress Plugin Boilerplate (Tom McFarlin).

How to Improve the Speed of Your WordPress Site — the Ultimate Guide(WP Kube).

The Top Rapid Prototyping Programs And Techniques For Designers(Elegant Themes).

How To Easily Create Custom Category Pages In WordPress (Pagely).

The Evolution of the Web

(Off-Topic, Random Stuff)

CSS Sans is a new font made entirely with CSS.

Skifree.js is a version of the cool, free skiing game from the early 1990s, but built in JavaScript.

All the best for a thoughtful and productive Tuesday.

The Perfect Plugin

(WordPress News)

Would you pay $35 for someone to find you a plugin? The Tidy Repo plugin recommendation service is the first of its kind and aims to help users find the perfect plugin.

When Hackers Attack


As Sucuri points out, the past seven days have been busy with a number of vulnerabilities being disclosed on multiple WordPress plugins, including Fancybox. WP Tavern takes a closer look at the recent suspected ISIS hacks.

Remember VersionPress? A crowdfunding campaign for the version control plugin flopped after failing to attract enough backers. WP Tavern looks behind the scenes at what it takes to run a successful crowdfunding campaign.

What are WordPress theme extensions?

Any Device

(Plugins and Themes)

The latest release of our Domain Mapping plugin makes it easier than ever to bundle simple mapping, domain name resale, and mapping as a premium service.

The responsive mode in Upfront aims to provide a seamless experience for users viewing a site, but more importantly for people who want to create a responsive site with ease that looks fantastic on any device.

Torque explains how to add a forum to your site with bbPress.

Solid Foundation

(Tutorials, Tips and Tricks)

9 Best WordPress SEO Plugins and Tools That You Should Use (WP Beginner).

Five of the Best Plugins for Improving the Default WordPress Search Functionality (WinningWP).

Choosing a Well-Built WordPress Theme: A Step-By-Step Guide (WP Shout).

How To Improve Your Google Page Speed Score (Elegant Themes).

Doesn’t Everyone Use Chrome?

(Off-Topic, Random Stuff)

Matt Mullenweg wants to change the music industry with open source.

Apparently, people who use Firefox or Chrome are better employees.

Google is celebrating 30 years of .COM and the future of .DOMAINS

All the best for a thoughtful and productive Wednesday.

Under Review

(WordPress News)

From GitHub developers to Dropbox engineers, WP Engine reveals the 20 most common keyboard patterns in 10 million passwords — and whose passwords are the easiest to crack.Matt Mullenweg has been named one of this year’s World Economic Forum’s Young Global Leaders. According to the WEF’s website: “Current and former YGLs head governments and Fortune 500 companies, win Nobel Prizes and Academy Awards, become UN Goodwill Ambassadors and Social Entrepreneurs.”

Justin Tadlock and Emil Uzelac have launched their theme review business on Envato Studios in the hope of improving the code quality of ThemeForest themes.

Burning Money


“Always think like an attacker would.” Developer Josh Pollock explores what we need to learn from WordPress security vulnerabilities. WP Rocket lays down the rules for making sure your customer support rocks, while WP Site Care looks at the anatomy of an awesome WordPress support request. WP Tavern checks out Frito-Lay’s custom project management app, which is built on WordPress. “I mean, telling someone that you’re not writing bloated code and that you’re writing high quality code means no more to the typical customer than someone telling you about the quality of the materials that went into all of the components of, say, your television.” Developer Tom McFarlin believes code quality is not feature.

And if you’re not using a child theme, you’re burning your client’s money.

Under the Hood

(Plugins and Themes)

Elegant Themes has launched its new email opt-in plugin Bloom.

Jetpack 3.4 adds protection against brute force attacks.

Bob Dunn takes a look under the hood at GoDaddy Pro WordPress managed hosting.

Keep it Simple

(Tutorials, Tips and Tricks)

Using AJAX With PHP on Your WordPress Site Without a Plugin (WPMU DEV).

How to Add a Featured Image Column to The Post Listing Page in The WordPress Backend (WP Tavern).

Create a Simple CRM in WordPress: Advanced Custom Fields (tuts+).

Using Tynt To Extend Copy and Paste On WordPress Sites (tuts+).

How to Create a Wiki Knowledge Base Using WordPress (WP Beginner).

Function For Post Type Labels (Paul Underwood).

All the best for a thoughtful and productive Thursday.

Originally published at