CINXE.COM

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><head profile="http://gmpg.org/xfn/11"><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("http://wordpress.org/development/","20090930122251","https://web.archive.org/","web","/_static/", "1254313371"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" />  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>WordPress › Blog</title> <style type="text/css"> @import url("https://web.archive.org/web/20090930122251cs_/http://s.wordpress.org/style/wp4.css?2"); </style> <link media="only screen and (max-device-width: 480px)" href="https://web.archive.org/web/20090930122251cs_/http://s.wordpress.org/style/iphone.css" type="text/css" rel="stylesheet"/> <link rel="shortcut icon" href="https://web.archive.org/web/20090930122251im_/http://s.wordpress.org/favicon.ico?3" type="image/x-icon"/> <link rel="alternate" type="application/rss+xml" title="WordPress Blog RSS" href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/feed/"/> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://web.archive.org/web/20090930122251/https://ssl." : "https://web.archive.org/web/20090930122251/http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> var pageTracker = _gat._getTracker("UA-52447-1"); pageTracker._initData(); pageTracker._trackPageview(); </script>  <style type="text/css"> @import url("https://web.archive.org/web/20090930122251cs_/http://s.wordpress.org/style/blog-wp4.css"); </style> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://wordpress.org/development/xmlrpc.php?rsd"/> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://wordpress.org/development/wp-includes/wlwmanifest.xml"/> <link rel="index" title="WordPress Development Blog" href="http://wordpress.org/development"/> <meta name="generator" content="WordPress 2.9-rare"/> <link type="text/css" rel="stylesheet" href="https://web.archive.org/web/20090930122251cs_/http://wordpress.org/blog-wp-content/plugins/syntaxhighlighter/files/SyntaxHighlighter.css"></link> </head> <body id="wordpress-org"> <div id="header"> <div class="wrapper"> <h1><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/">WordPress.org</a></h1> <form action="https://web.archive.org/web/20090930122251/http://wordpress.org/search/do-search.php" method="get" id="head-search"> <input class="text" name="search" type="text" value="Search WordPress.org" maxlength="150" onfocus="this.value=(this.value=='Search WordPress.org') ? '' : this.value;" onblur="this.value=(this.value=='') ? 'Search WordPress.org' : this.value;"/> <input type="submit" class="button" value="Go"/> </form> <ul> <li><a href="/web/20090930122251/http://wordpress.org/" title="Home is where the heart is.">Home</a></li> <li><a href="/web/20090930122251/http://wordpress.org/showcase/" title="See some of the sites built on WordPress.">Showcase</a></li> <li><a href="/web/20090930122251/http://wordpress.org/extend/" title="Taking WordPress beyond your wildest imagination.">Extend</a></li> <li><a href="/web/20090930122251/http://wordpress.org/about/" title="About the WordPress Organization, and where we're going.">About</a></li> <li><a href="https://web.archive.org/web/20090930122251/http://codex.wordpress.org/Main_Page" title="Documentation, tutorials, best practices.">Docs</a></li> <li><a class="current" href="" title="Come here for the latest scoop.">Blog</a></li> <li><a href="/web/20090930122251/http://wordpress.org/support/" title="Support and discussion forums.">Forums</a></li> <li><a href="/web/20090930122251/http://wordpress.org/hosting/" title="Find a home for your blog.">Hosting</a></li> <li id="download"><a href="/web/20090930122251/http://wordpress.org/download/" title="Get it. Got it? Good.">Download</a></li> </ul> </div> </div> <div id="headline"> <div class="wrapper"> <h2><a href="/web/20090930122251/http://wordpress.org/development/">WordPress Blog</a></h2> </div> </div> <div id="pagebody"> <div class="wrapper"> <div class="col-9"> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/09/keep-wordpress-secure/">How to Keep WordPress Secure</a></h2> <div class="meta">Posted September 5, 2009 by <a href="https://web.archive.org/web/20090930122251/http://ma.tt/">Matt</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/development/" title="View all posts in Development" rel="category tag">Development</a>, <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/security/" title="View all posts in Security" rel="category tag">Security</a>. </div> <div class="storycontent"> <p>A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an <a href="https://web.archive.org/web/20090930122251/http://codex.wordpress.org/Upgrading_WordPress">upgrade now</a> saves a lot of work fixing something later.</p> <p>Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.</p> <p>The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.</p> <p>I’m talking about this not to scare you, but to highlight that this is something that has happened before, and that will more than likely happen again.</p> <p>A stitch in time saves nine. <a href="https://web.archive.org/web/20090930122251/http://codex.wordpress.org/Upgrading_WordPress">Upgrading is a known quantity of work</a>, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. <a href="https://web.archive.org/web/20090930122251/http://codex.wordpress.org/FAQ_My_site_was_hacked">Fixing a hacked blog, on the other hand, is quite hard</a>. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)</p> <p>2.8.4, the current version of WordPress, is immune to this worm. (<em>So was the release before this one.</em>) If you’ve been thinking about upgrading but haven’t gotten around to it yet, now would be a really good time. If you’ve already upgraded your blogs, maybe check out the blogs of your friends or that you read and see if they need any help. A stitch in time saves nine.</p> <p>Whenever a worm makes the rounds, everyone becomes a security expert and peddles one of three types of advice: snake oil, Club solutions, or real solutions. Snake oil you’ll be able to spot right away because it’s <em>easy</em>. Hide the WordPress version, they say, and you’ll be fine. Uh, duh, the worm writers thought of that. Where their 1.0 might have checked for version numbers, 2.0 just tests capabilities, version number be damned. </p> <p>The second type of advice is Club solutions; to illustrate, I’ll quote from <a href="https://web.archive.org/web/20090930122251/http://diveintomark.org/archives/2002/10/29/club_vs_lojack_solutions">Mark Pilgrim’s excellent essay on spam 7 years ago, before WordPress even existed</a>:</p> <blockquote><p>The <em>really</em> interesting thing about these approaches, from a game theory perspective, is that they are all <a href="https://web.archive.org/web/20090930122251/http://slate.msn.com/?id=2041" title="Slate, August 3, 1997: Property Is Theft: When protecting your own property is stealing from others">Club solutions, not Lojack solutions</a>. There are two basic approaches to protecting your car from theft: <a href="https://web.archive.org/web/20090930122251/http://www.theclub.com/">The Club</a> (or The Shield, or a car alarm, or something similar), and <a href="https://web.archive.org/web/20090930122251/http://www.lojack.com/">Lojack</a>. The Club isn’t much protection against a thief who is determined to steal <em>your</em> car (it’s easy enough to drill the lock, or just cut the steering wheel and slide The Club off). But it is effective protection against a thief who wants to steal <em>a</em> car (not necessarily <em>your</em> car), because thieves are generally in a hurry and will go for the easiest target, the low-hanging fruit. The Club works as long as not everyone has it, since if everyone had it, thieves would have an equally difficult time stealing any car, their choice will be based on other factors, and your car is back to being as vulnerable as anyone else’s. The Club doesn’t deter theft, it only deflects it.</p></blockquote> <p>Club blog security solutions can be simple (like an .htaccess file) or incredibly complex (like two-factor authentication), and they can work, especially for <em>known exploits</em>. Club solutions can be useful, like using a strong or complex password for your login — no one would recommend against that. (Another club solution is switching to less-used software on the assumption or more like the software’s claim that it’s perfect and more secure. This is why BeOS is more secure than Linux, ahem.)</p> <p>In the car world, if someone figured out how to teleport entire cars to chop shops, The Club wouldn’t be so useful anymore. Luckily for manufacturers of The Club, this hasn’t happened. Online and in the software world, though, the equivalent happens almost daily. There is only one real solution. <strong>The only thing that I can promise will keep your blog secure today and in the future is upgrading.</strong></p> <p>WordPress is a community of hundreds of people that read the code every day, audit it, update it, and care enough about keeping your blog safe that we do things like release updates weeks apart from each other even though it makes us look bad, because updating is going to keep your blog safe from the bad guys. I’m not clairvoyant and I can’t predict what schemes spammers, hackers, crackers, and tricksters will come up with with in the future to harm your blog, but I do know for certain that as long as WordPress is around we’ll do everything in our power to make sure the software is safe. We’ve already made upgrading core and plugins a one-click procedure. If we find something broken, we’ll release a fix. Please upgrade, it’s the only way we can help each other.</p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/09/keep-wordpress-secure/#comments" title="Comment on How to Keep WordPress Secure">413 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/08/2-8-4-security-release/">WordPress 2.8.4: Security Release</a></h2> <div class="meta">Posted August 12, 2009 by <a href="https://web.archive.org/web/20090930122251/http://ma.tt/">Matt</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/releases/" title="View all posts in Releases" rel="category tag">Releases</a>, <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/security/" title="View all posts in Security" rel="category tag">Security</a>. </div> <div class="storycontent"> <p>Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.</p> <p>We fixed this problem last night and have been testing the fixes and looking for other problems since then. <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/download/">Version 2.8.4 which fixes all known problems is now available for download</a> and is highly recommended for all users of WordPress.</p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/08/2-8-4-security-release/#comments" title="Comment on WordPress 2.8.4: Security Release">377 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/08/upcoming-wordcamps-2/">Upcoming WordCamps</a></h2> <div class="meta">Posted August 7, 2009 by <a href="https://web.archive.org/web/20090930122251/http://jane.wordpress.com/">Jane Wells</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/development/" title="View all posts in Development" rel="category tag">Development</a>. </div> <div class="storycontent"> <p>Every now and then I see someone ask in the dev channel how they can meet up with other local WordPress developers. We’re thinking about ways to make WordPress.org more of a resource to facilitate local connections, but in the meantime, I thought it might be helpful to publicize some <a href="https://web.archive.org/web/20090930122251/http://central.wordcamp.org/schedule/"> upcoming WordCamps</a>, the weekend conferences organized by local communities to talk about all things WordPress. </p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://wordcamp.org.nz/">WordCamp New Zealand</a>:</strong> Wellington, New Zealand, August 8-9, 2009</p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://wordcamphsv.org/">WordCamp Huntsville</a>:</strong> Huntsville, Alabama, USA, August 15–16, 2009</p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://la.wordcamp.org/">WordCamp Los Angeles</a>:</strong> Los Angeles, California, USA, September 12, 2009</p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://wordcamp.ph/">WordCamp Philippines</a>: </strong>Makati City, Philippines, September 19, 2009</p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://www.wordcampportland.org/">WordCamp Portland</a>: </strong>Portland, Oregon, USA, September 19-20, 2009 <em>(Last year’s PDX WordCamp was awesome, IMO.)</em></p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://www.wordcampseattle.com/">WordCamp Seattle</a>: </strong>Seattle, Washington, USA, September 26, 2009</p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://wordcampbirmingham.org/">WordCamp Birmingham</a>:</strong> Birmingham, Alabama, USA, September 26-27, 2009</p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://wordcampnl.org/">WordCamp Netherlands</a>:</strong> Utrecht, Netherlands, October 31, 2009</p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://2009.newyork.wordcamp.org/">WordCamp NYC</a>:</strong> New York, New York, USA, November 14-15, 2009 <em>(<a href="https://web.archive.org/web/20090930122251/http://2009.newyork.wordcamp.org/2009/07/24/logo-contest-again/">Logo contest in progress</a>!)</em></p> <p><strong><a href="https://web.archive.org/web/20090930122251/http://wordcampmexico.wordpress.com/">WordCamp Mexico</a>:</strong> Mexico City, Mexico, November 20, 2009</p> <p>If any of these are within a reasonable distance to you, consider attending. WordCamps are a great way to meet other WordPress users, find collaborators, and expand your t-shirt collection*. I know I’ll be hitting at least a few of these; WordCamps are also a great way to get user feedback to take into consideration while we’re making decisions about what to include in core. </p> <p>You can always find an up-to-date list of upcoming WordCamps at <a href="https://web.archive.org/web/20090930122251/http://central.wordcamp.org/">WordCamp Central</a>. You can also try searching for WordPress groups at <a href="https://web.archive.org/web/20090930122251/http://www.meetup.com/">Meetup.com</a> to find more regular monthly gatherings in your area. </p> <p>*<em>Most WordCamps include an event t-shirt in the registration fee. </em></p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/08/upcoming-wordcamps-2/#comments" title="Comment on Upcoming WordCamps">13 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/">WordPress 2.8.3 Security Release</a></h2> <div class="meta">Posted August 3, 2009 by <a href="https://web.archive.org/web/20090930122251/http://boren.nu/">Ryan Boren</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/releases/" title="View all posts in Releases" rel="category tag">Releases</a>. </div> <div class="storycontent"> <p>Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/download/">Download</a> 2.8.3, or upgrade automatically from your admin.</p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/#comments" title="Comment on WordPress 2.8.3 Security Release">252 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/2-9-vote-results/">2.9 Features Vote Results</a></h2> <div class="meta">Posted July 31, 2009 by <a href="https://web.archive.org/web/20090930122251/http://jane.wordpress.com/">Jane Wells</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/features/" title="View all posts in Features" rel="category tag">Features</a>. </div> <div class="storycontent"> <p>Earlier this month, over 3500 of you responded to our survey asking you to help us prioritize some of the media features that had been suggested for the 2.9 release. While the exact features for 2.9 have not been hammered out yet, as we continue to match up developers with features, we wanted to share the survey results and let you know what we’re thinking in terms of approach.</p> <p>First, the results. The first question, and the only one that was mandatory, asked what single media feature you would choose to include in version 2.9. The top vote-getter was standalone editable photo albums (as opposed to the current per-post gallery) at 17.5%, followed closely by easier embeds for videos and other third-party content at 16.5%. Next came basic image editing (such as rotating, cropping and resizing) at 13.7%, and post thumbnails (image teasers for posts featured on the home page) at 12.9%. The rest of the features each took less than ten percent of the vote. The full list came in like this:</p> <p><a href="https://web.archive.org/web/20090930122251/http://wpdotorg.wordpress.com/files/2009/07/q1.png"><img src="https://web.archive.org/web/20090930122251im_/http://wpdotorg.wordpress.com/files/2009/07/q1.png" alt="Results of question 1" width="620"/></a></p> <p>The second question was optional (3406 people answered it), and asked you to rate each feature on a scale going from <em>top priority</em> down to <em>definitely not</em> for implementation priority. Results here were in line with the results from the first question, with most features rated as <em>nice to have</em> more often than anything else. The features that scored the highest in question 1 were more likely to have earned higher votes in the Top Priority column, but no feature was ranked as a Top Priority more often than it was ranked as a Nice to Have (though Media Albums, Easier Embeds and Post Thumbnails came close). The complete tabulations are shown in the chart below.</p> <p><a href="https://web.archive.org/web/20090930122251/http://wpdotorg.wordpress.com/files/2009/07/q2.png"><img src="https://web.archive.org/web/20090930122251im_/http://wpdotorg.wordpress.com/files/2009/07/q2.png" alt="Results for question 2" width="620"/></a></p> <p>Question three was getting at the same thing, but in a more granular fashion, asking you to rank the eleven features in order of priority to you. As only one feature could be assigned to each position, this prevented people from assigning the same priority to multiple features, and we wondered if it would alter the results. Though some features got more recognition in this question, the overall rankings were still in line with the results from question 1. Here are the exact votes per feature/per position:</p> <p><a href="https://web.archive.org/web/20090930122251/http://wpdotorg.wordpress.com/files/2009/07/q3.png"><img src="https://web.archive.org/web/20090930122251im_/http://wpdotorg.wordpress.com/files/2009/07/q3.png" alt="Results for question 3" width="620"/></a></p> <p>The fourth question asked for your preferences regarding including new media features in core, bundling them as plugins with the core download, or developing them as plugins but not bundling them with the core download. This vote was more interesting to watch. As the notice for the voting went first to the development community, then to the user community, it was possible to see a shift in the voting. Earlier in the voting cycle, there were more votes for bundling ‘core plugins’ for the advanced media features, while later votes skewed heavily toward just putting the features in core. This vote shows, I think, one of the differences between developer and user perspectives. While developers are heavily interested in keeping the core code lean and relying on plugins for advanced functionality, many users would prefer features they want to be included in core rather than being a separate plugin. The final tally on this question was 56.2% for including features in core, 38.1% for bundled plugins, and 5.7% for non-bundled plugins. The actual numbers:</p> <p><a href="https://web.archive.org/web/20090930122251/http://wpdotorg.wordpress.com/files/2009/07/q4.png"><img src="https://web.archive.org/web/20090930122251im_/http://wpdotorg.wordpress.com/files/2009/07/q4.png" alt="Results for question 4" width="620"/></a></p> <p>Clearly this issue deserves more discussion, and the concept of how we move toward a system of canonical plugins and/or core “packages” intended for different use cases (CMS, photoblog, portfolio, etc) will be a big topic in the months ahead.</p> <p>So where does that leave us regarding features coming down the road? When the vote closed, the results were discussed in the #wordpress-dev IRC chat to divvy up feature development.</p> <p>The top-voted feature, standalone photo albums, is being worked on as a <a href="https://web.archive.org/web/20090930122251/http://gsoc2009wp.wordpress.com/rudolf-photo-albums/">Google Summer of Code project by Rudolf Lai</a>, under the mentorship of WordPress Lead Developer <a href="https://web.archive.org/web/20090930122251/http://markjaquith.com/">Mark Jaquith</a>. The “pencils down” date for GSOC is in less than two weeks, at which point we’ll be assessing the state of Rudolf’s project. Hopefully, we’ll be able to incorporate it with 2.9 development, do some testing, amend the code and/or UI as needed, and have this launch with the 2.9 release (in core or as plugin TBD). Undoubtedly, additional functionality will be contributed by core contributors who have also been working on media plugins.</p> <p>Easier embeds, the second most popular feature, is being looked at in a couple of ways. One, more shortcodes for third-party services. Work on this has already begun. In addition, <a href="https://web.archive.org/web/20090930122251/http://viper007bond.com/">Viper007Bond</a>, of <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/extend/plugins/vipers-video-quicktags/">Viper’s Video Quicktags plugin</a> fame, has taken on the task of working on a way to improve the embed experience in core. We’re not sure quite how this will work yet, but stay tuned.</p> <p>Adding some basic editing functions like 90-degree rotation, cropping and resizing was considered an obvious winner in the dev chat, and as several plugins handle this functionality, we’re hopeful it will be included soon.</p> <p>Post thumbnails are being handled by Mark Jaquith, who has created this functionality before, with an assist from <a href="https://web.archive.org/web/20090930122251/http://scribu.net/">Scribu</a>, who has a <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/extend/plugins/custom-field-images/">similar plugin</a> in the repository.</p> <p>Lower ranked features aren’t off the radar, but may take lower priority than some other (non-media) features we have in the works. One of my favorite 2.9 features is in trunk now, and changes the way we delete content. Goodbye, annoying popup asking me if I’m sure I want to delete a comment/post/etc. Hello, fast and quiet removal into a trash can, from which the content can be retrieved if it was deleted by accident. Think Gmail style. We’re also hoping to work on improving page management, though that has a number of technical issues that may cause it to be a 3.0 feature instead.</p> <p>As always, you can keep track of development progress in a number of ways:<br/> 1. Keep track of Trac. Contribute a patch, test a patch, just read through tickets if you have some time to kill, whatever. There are <a href="https://web.archive.org/web/20090930122251/https://core.trac.wordpress.org/query?status=reopened&status=assigned&status=reviewing&status=new&status=accepted&group=status&milestone=2.9">over 500 tickets against the 2.9 milestone</a> currently. Patches and testing can help us get that number down.</p> <p>2. Follow Trac commits on Twitter. Don’t want to get involved in the nitty gritty, just want to see what’s getting committed? Follow <a href="https://web.archive.org/web/20090930122251/http://twitter.com/wpdevel">wpdevel on Twitter</a> and you’ll get core commit updates in your stream.</p> <p>3. See what’s on the dev agenda. Each week for the IRC dev chat, there’s an agenda, created based on developer suggestions posted at <a href="https://web.archive.org/web/20090930122251/http://wpdevel.wordpress.com/">wpdevel.wordpress.com</a>. This blog also contains discussions about specific development issues.</p> <p>4. Join the dev chat. The day changed this week, to accommodate European schedules. Chats are now held for one hour each week on Thursday at 21:00 UTC. That’s 5pm NYC, 2pm in California, etc. Chats are in the #wordpress-dev room at irc.freenode.com.</p> <p>5. Watch this blog. If you’re not a developer and prefer to stick to major announcements, the occasional survey to help decide a feature, and security notices, just keep doing what you’re doing. Reading this blog will get you all of these things.</p> <p>Thanks again for your help in prioritizing features for version 2.9, hopefully coming toward the end of the year to a server near you!</p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/2-9-vote-results/#comments" title="Comment on 2.9 Features Vote Results">28 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/the-wordpress-2-0-x-legacy-branch-is-deprecated/">The WordPress 2.0.x Legacy Branch is Deprecated</a></h2> <div class="meta">Posted July 30, 2009 by <a href="https://web.archive.org/web/20090930122251/http://markjaquith.com/">Mark Jaquith</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/development/" title="View all posts in Development" rel="category tag">Development</a>, <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/security/" title="View all posts in Security" rel="category tag">Security</a>. </div> <div class="storycontent"> <p>The WordPress team had initially committed to maintaining the WordPress 2.0.x legacy branch until 2010. Unfortunately, we bit off more than we could chew—the 2.0.x branch is now retired and deprecated, a few months shy of 2010.</p> <p>Many of the security improvements to the new versions of WordPress in the last couple of years were complete reworks of how various systems were handled. Porting those changes to the 2.0.x branch would have been a monumental task and could have introduced instability or new bugs. We had to make hard decisions between stability and merging in the latest security enhancements. Additionally, far fewer people stayed on the 2.0.x branch than we anticipated. I take that as a testament to the new features in WordPress and perhaps even more the features offered by plugins, many of which don’t support older versions of WordPress!</p> <p>I’m disappointed that we weren’t able to keep the branch maintained until 2010, but since one of the big reasons for that failure was the massive scope of our security improvements for the newer versions of WordPress, 2.0.x doesn’t die in vain!</p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/the-wordpress-2-0-x-legacy-branch-is-deprecated/#comments" title="Comment on The WordPress 2.0.x Legacy Branch is Deprecated">21 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/improving-your-plugin-changelogs/">Improving your plugin – Changelogs</a></h2> <div class="meta">Posted July 21, 2009 by <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/">Peter Westwood</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/documentation/" title="View all posts in Documentation" rel="category tag">Documentation</a>. </div> <div class="storycontent"> <p>We’ve <a href="https://web.archive.org/web/20090930122251/http://westi.wordpress.com/2009/06/20/changelogs-changelogs-changelogs/">recently made some changes</a> to help improve the communication between plugin authors and plugin users about the changes that are made between versions.</p> <p>We feel that all software should have a changelog that details, at a high level, what changes have been made in each version so that the user can make an informed decision about when to upgrade and how much testing they should do with their site.</p> <p>In order to make this an easy and open communication channel we have added support for a Changelog section in the plugins <code>readme.txt</code> file. This changelog information is then displayed as a separate tab in the <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/extend/plugins/">plugin directory</a> and also in the back end of your WordPress blog when you view the details on a new version of a plugin.</p> <p>The new section is formatted as follows:</p> <pre name="code" class="css"> == Changelog == = 1.0 = * A change since the previous version. * Another change. = 0.5 = * List versions from most recent at top to oldest at bottom. </pre> <p>We would also like to recommend that you also provide meaningful log messages when you commit changes to the subversion repository for your plugin so that people who want to dig further into your changes can see why things are changing (At the moment is seems a large number of plugin authors leave this field blank which isn’t very helpful).</p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/improving-your-plugin-changelogs/#comments" title="Comment on Improving your plugin – Changelogs">19 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/wordpress-2-8-2/">WordPress 2.8.2</a></h2> <div class="meta">Posted July 20, 2009 by <a href="https://web.archive.org/web/20090930122251/http://boren.nu/">Ryan Boren</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/releases/" title="View all posts in Releases" rel="category tag">Releases</a>. </div> <div class="storycontent"> <p>WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/download/">Download</a> 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.</p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/wordpress-2-8-2/#comments" title="Comment on WordPress 2.8.2">251 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/wordpress-2-8-1/">WordPress 2.8.1</a></h2> <div class="meta">Posted July 9, 2009 by <a href="https://web.archive.org/web/20090930122251/http://boren.nu/">Ryan Boren</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/releases/" title="View all posts in Releases" rel="category tag">Releases</a>. </div> <div class="storycontent"> <p>WordPress 2.8.1 fixes <a href="https://web.archive.org/web/20090930122251/http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=2.8.1&resolution=fixed">many bugs</a> and tightens security for plugin administration pages. <a href="https://web.archive.org/web/20090930122251/http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=list&type=advisory">Core Security Technologies</a> notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, but we advise upgrading to 2.8.1 to be safe.</p> <p>What else is new since 2.8? Read through the highlights below, or <a href="https://web.archive.org/web/20090930122251/http://core.trac.wordpress.org/log/branches/2.8/?action=stop_on_copy&mode=stop_on_copy&rev=11699&stop_rev=11553&limit=500">view all changes since 2.8</a></p> <ul> <li>Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.</li> <li>Dashboard memory usage is reduced. Some people were running out of memory when loading the dashboard, resulting in an incomplete page.</li> <li>The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.</li> <li>A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.</li> <li>Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.</li> <li>Translation of role names fixed.</li> <li>wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.</li> <li>Upload error messages are now correctly reported.</li> <li>Autosave error experienced by some IE users is fixed.</li> <li>Styling glitch in the plugin editor fixed.</li> <li>SSH2 filesystem requirements updated.</li> <li>Switched back to curl as the default transport.</li> <li>Updated the translation library to avoid a problem with mbstring.func_overload.</li> <li>Stricter inline style sanitization.</li> <li>Stricter menu security.</li> <li>Disabled code highlighting due to browser incompatibilities.</li> <li>RTL layout fixes.</li> </ul> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/wordpress-2-8-1/#comments" title="Comment on WordPress 2.8.1">290 Pings</a> </div> <h2 class="fancy"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/wordpress-2-8-1-release-candidate-1/">WordPress 2.8.1 Release Candidate 1</a></h2> <div class="meta">Posted July 7, 2009 by <a href="https://web.archive.org/web/20090930122251/http://boren.nu/">Ryan Boren</a>. Filed under <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/releases/" title="View all posts in Releases" rel="category tag">Releases</a>. </div> <div class="storycontent"> <p>2.8.1 is nigh. Release Candidate 1 is our last stop before the final release. Please <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/wordpress-2.8.1-RC1.zip">download</a> RC1, review the <a href="https://web.archive.org/web/20090930122251/http://core.trac.wordpress.org/log/branches/2.8/?action=stop_on_copy&mode=stop_on_copy&rev=&stop_rev=11654&limit=100">changes made since beta 2</a>, and have a look at <a href="https://web.archive.org/web/20090930122251/http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=2.8.1&resolution=fixed">all of the tickets fixed in 2.8.1</a>. Thanks for testing WordPress.</p> </div> <div class="feedback"> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/2009/07/wordpress-2-8-1-release-candidate-1/#comments" title="Comment on WordPress 2.8.1 Release Candidate 1">38 Pings</a> </div> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/page/2/">Older Posts »</a> <p>0.130</p> </div> <div class="col-3"> <div class="blog-categories"> <p>For more WordPress news, check out the <a href="https://web.archive.org/web/20090930122251/http://planet.wordpress.org/">WordPress Planet</a>.</p> <h4>Categories</h4> <ul> <li class="cat-item cat-item-74"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/cousins/" title="View all posts filed under Cousins">Cousins</a> </li> <li class="cat-item cat-item-1"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/development/" title="View all posts filed under Development">Development</a> </li> <li class="cat-item cat-item-9"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/documentation/" title="View all posts filed under Documentation">Documentation</a> </li> <li class="cat-item cat-item-10"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/events/" title="View all posts filed under Events">Events</a> </li> <li class="cat-item cat-item-51"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/features/" title="View all posts filed under Features">Features</a> </li> <li class="cat-item cat-item-3"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/focus/" title="View all posts filed under Focus">Focus</a> </li> <li class="cat-item cat-item-15"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/general/" title="View all posts filed under General">General</a> </li> <li class="cat-item cat-item-14"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/hosting/" title="View all posts filed under Hosting">Hosting</a> </li> <li class="cat-item cat-item-4"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/meta/" title="View all posts filed under Meta">Meta</a> </li> <li class="cat-item cat-item-5"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/newsletter/" title="View all posts filed under Newsletter">Newsletter</a> <ul class="children"> <li class="cat-item cat-item-7"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/newsletter/docs-project/" title="Stuff to do with docs.">Docs project</a> </li> <li class="cat-item cat-item-6"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/newsletter/interviews/" title="Er. Interviews.">Interviews</a> </li> </ul> </li> <li class="cat-item cat-item-2"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/releases/" title="View all posts filed under Releases">Releases</a> </li> <li class="cat-item cat-item-13"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/security/" title="View all posts filed under Security">Security</a> </li> <li class="cat-item cat-item-18"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/store/" title="View all posts filed under Store">Store</a> </li> <li class="cat-item cat-item-8"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/switchers/" title="View all posts filed under Switchers">Switchers</a> </li> <li class="cat-item cat-item-33"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/ui/" title="View all posts filed under User Interface">User Interface</a> </li> <li class="cat-item cat-item-16"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/widgets/" title="View all posts filed under Widgets">Widgets</a> </li> <li class="cat-item cat-item-17"><a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/category/wordcamp/" title="View all posts filed under WordCamp">WordCamp</a> </li> </ul> </div> </div> </div> </div> <script src="https://web.archive.org/web/20090930122251js_/http://stats.wordpress.com/e-200940.js" type="text/javascript"></script> <script type="text/javascript"> st_go({blog:'1109246',v:'ext',post:'0'}); var load_cmc = function(){linktracker_init(1109246,0,2);}; if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc); else load_cmc(); </script>  <script type="text/javascript" src="https://web.archive.org/web/20090930122251js_/http://wordpress.org/blog-wp-content/plugins/syntaxhighlighter/files/shCore.js"></script> <script type="text/javascript" src="https://web.archive.org/web/20090930122251js_/http://wordpress.org/blog-wp-content/plugins/syntaxhighlighter/files/shBrushCss.js"></script> <script type="text/javascript"> dp.SyntaxHighlighter.ClipboardSwf = 'https://web.archive.org/web/20090930122251/http://wordpress.org/blog-wp-content/plugins/syntaxhighlighter/files/clipboard.swf'; dp.SyntaxHighlighter.HighlightAll('code'); </script> <div id="footer"> <div class="wrapper"> <p> <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/report-bugs/">Report a Site Bug</a> | <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/about/privacy/">Privacy</a> | <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/about/gpl/">GPL</a>     See also: <a href="https://web.archive.org/web/20090930122251/http://wordpress.com/" title="Hassle-free WP hosting">WordPress.com</a> | <a href="https://web.archive.org/web/20090930122251/http://wordpress.tv/" title="Videos, tutorials, WordCamps">WordPress.TV</a> | <a href="https://web.archive.org/web/20090930122251/http://central.wordcamp.org/" title="Find a WordPress event near your home">WordCamp</a> | <a href="https://web.archive.org/web/20090930122251/http://jobs.wordpress.net/" title="Find or post WordPress jobs">WP Jobs</a> | <a href="https://web.archive.org/web/20090930122251/http://ma.tt/" title="Co-founder of WordPress, an example of what WordPress can do">Matt</a> | <a href="https://web.archive.org/web/20090930122251/http://www.facebook.com/pages/WordPress/6427302910">Fan WP on Facebook</a> | <a href="https://web.archive.org/web/20090930122251/http://wordpress.org/development/feed/" class="rsslink">Blog RSS</a> </p> <h6>Code is Poetry</h6> </div> </div> <script type="text/javascript">_qoptions={qacct:"p-18-mFEk4J448M"};</script> <script type="text/javascript" src="https://web.archive.org/web/20090930122251js_/http://edge.quantserve.com/quant.js"></script> <noscript><img src="https://web.archive.org/web/20090930122251im_/http://pixel.quantserve.com/pixel/p-18-mFEk4J448M.gif" style="display: none;" border="0" height="1" width="1" alt=""/></noscript> </body> </html>