Wordpress News

WPTavern: WordPress 5.1.1 Patches Critical Vulnerability

Wordpress Planet - Thu, 03/14/2019 - 03:42

WordPress 5.1.1 was released yesterday evening with an important security update for a critical cross-site scripting vulnerability found in 5.1 and prior versions. The release post credited Simon Scannell of RIPS Technologies for discovering and reporting the vulnerability. Scannell published a post summarizing how an unauthenticated attacker could take over any WordPress site that has comments enabled:

An attacker can take over any WordPress site that has comments enabled by tricking an administrator of a target blog to visit a website set up by the attacker. As soon as the victim administrator visits the malicious website, a cross-site request forgery (CSRF) exploit is run against the target WordPress blog in the background, without the victim noticing. The CSRF exploit abuses multiple logic flaws and sanitization errors that when combined lead to Remote Code Execution and a full site takeover.

Since WordPress ships with comments enabled by default, an attacker could exploit this vulnerability on any site with the default settings. Auto-updates went out yesterday but administrators who have background updates disabled are advised to update immediately.

The maintenance release also includes the ability for hosts to offer a button to prompt their users to update PHP ahead of WordPress’ planned minimum PHP version bump in 5.2. The “Update PHP” notice can be filtered to change the recommended version.

Version 5.1.2 is expected to follow in two weeks.

WPTavern: Dark Mode WordPress Plugin Up for Adoption

Wordpress Planet - Wed, 03/13/2019 - 22:51

Daniel James is putting his Dark Mode plugin up for adoption.

“I’m stepping back from plugin development (and WordPress contributions) and would like to see someone passionate about it pick it up,” James said.

Dark Mode has 2,000 active installations and is the most popular among a handful of dark or “night mode” plugins in the official directory. In August 2018, James submitted a merge proposal for including Dark Mode in core, but it was shot down the same day it was published. Gary Pendergast said the proposal “seemed premature” and noted that the project was lacking several merge criteria outlined on the Handbook page for feature plugins. He cited a lack of weekly chats, no kickoff and update posts, and no testing from the Flow team, among other concerns.

“I decided recently that because of the direction WordPress is going in with the move towards React with Gutenberg that I should probably focus my efforts elsewhere,” James said.

“That’s mostly to do with the merge proposal getting rejected fairly quickly without any helpful next steps on how to improve it. Plus, with how rapidly Gutenberg is being developed, I’d have to pretty much work in tandem with the Gutenberg team to ensure the Dark Mode plugin styled the UI correctly. That’s spare time I just don’t have.

“I feel like WordPress leadership is another reason. It’s really difficult (I think/feel) to get something like Dark Mode pushed through. It’s very much near the bottom of the priority list, which I get, but sucks a bit when you’re volunteering in spare time of course.” James said the plugin currently requires a few hours per week in support and maintenance.

The popularity of dark modes for applications has taken off after macOS Mojave introduced a dark mode, and has also been spurred on by the news that Apple’s 2020 iPhone lineup will be produced with OLED screens. Many popular applications, such as YouTube, Facebook Messenger, Twitter, and Google Maps already have a dark mode that either works automatically based on light conditions or can be manually enabled. Chrome also recently added a dark browsing mode for Mac users. Fans of dark mode claim it is easier on the eyes and conserves battery.

Users who tend to gravitate towards dark mode are still a small subset, but the feature is gaining momentum. A dark mode may one day come to WordPress core but it doesn’t seem likely in the near future. Daniel James’ Dark Mode plugin isn’t ready for core, since it doesn’t support the new editor, but he said he hopes the new owner will find the time to take it where it needs to go.

“I’m happy to transfer the plugin to someone else to continue it, as long as they’re well known/respected,” James said. “I won’t just be giving it away for security reasons. It would be great for it to be included in core one day, but at the very least it would be nice for someone who really likes it to just continue it.”

HeroPress: Work Life “Balance” With WordPress

Wordpress Planet - Wed, 03/13/2019 - 20:00

I always knew I wanted to have a career, and I also knew I wanted a family. As my family grew, I realized that a typical job where you have to show up at an office every day didn’t work with the dynamic and unpredictable nature of kids. I didn’t understand why being at a physical office was a requirement: wasn’t the most important thing getting the work done? I could work just as well from home, and the flexibility would mean I could do my work at hours that worked for me. Who cares if I finished a project at 11 pm, if I did it well and on time?

Creating Change

So after my fourth kid was born, I decided to create that flexibility for myself, and went freelance, but with a vision to grow into a company. That’s why from the beginning I created a brand for my services, and called the “company” illuminea. At first I offered content related services, like marketing writing, and Hebrew to English translation. Increasingly the work I was doing was related to company websites, and the power websites had in terms of communicating messages and content marketing really caught my attention. I also had always been fascinated by technology.

So I started to teach myself how to build websites, using Google as my teacher.

At first I built basic HTML websites, but as I also learned about web marketing I realized that a site that can’t be easily updated is not doing any favors for its owners. Website content needs to be quickly and easily updatable. So I started researching CMS options. Many companies in those days were using expensive and clunky proprietary CMSs, and I was not impressed. I tested the three leading Open Source CMSs, and fell in love with WordPress. I was impressed by the templating system, the plugin ecosystem, and the community.

Moving to WordPress

At that time companies did not take WordPress seriously as a CMS. Blogging was catching on, so companies would install a WordPress blog as a subdomain, but they weren’t using it for general site management. I thought it could be more, and managed to convince a few clients to let me build their sites on WP.

And then version 3.0 was released, and WP became a full-fledged CMS.

Companies started to become sick of the limitations and costs of their proprietary CMSs, and since I was one of the first in the Israeli market to offer WP as a service, I started to get more and more clients for full website projects.

Right before I had my fifth kid, I made my first hire: Rebecca Markowitz. I taught her whatever I knew, and she quickly surpassed me with her skills in many areas. We have been working (and laughing) together ever since!

One thing led to another and illuminea became one of the leading providers of custom WordPress business solutions in Israel. We were privileged to work with inspiring innovators and generally nice people.

Building Something New

I had had many ideas for products throughout the years, but managing a business and having babies meant I could not realistically build a product on the side. However, after about twelve years of illuminea, and when my youngest was no longer a baby, I had an idea for a WordPress-related product: our clients, and ourselves, were suffering from issues related to speed and security. No matter what we did, we could never speed up client websites as much as they or we would have liked; and no matter what we did on the security side, sites still had vulnerabilities too often. So I thought: why not convert WordPress websites to serverless and static versions of themselves so they’ll be fast and secure?

I decided to go for it. I got accepted to a Jerusalem startup accelerator called Siftech, and they gave me the tools and access to resources and mentors that I needed to take the next steps.

I called that venture Strattic, and today we are a venture-backed team of seven with a great product that our clients love.

I can’t imagine how I could have ever achieved my goal of integrating family and an impactful career without WordPress. To this day I love that I am always challenged and learning more, and always meeting more people in our amazing community, while also having the flexibility I need to be a mom. Of course it’s not perfect, but it’s pretty good, thank God.

The post Work Life “Balance” With WordPress appeared first on HeroPress.

WPTavern: Google Announces Season of Docs Program to Match Technical Writers with Open Source Projects

Wordpress Planet - Wed, 03/13/2019 - 01:17

Google is launching a new program called Season of Docs with the goal of fostering collaboration between technical writers and open source projects. The initiative is very similar to Google Summer of Code, except it is focused on documentation and technical writing contributions instead.

Prospective participants can apply during the month of April 2019. Google plans to publish a list of accepted organizations with their ideas for documentation projects. Technical writers can choose a project and submit a proposal to Season of Docs. The accepted proposals will be published July 30, 2019, and participants will then spend a month bonding with their open source communities and collaborating with mentors. The Season of Docs program officially runs from September 2 – November 29, and participants will receive a stipend of $2400 – $6,000 USD, calculated based on Purchasing Power Parity.

In 2017, Google’s Open Source Survey results showed that incomplete or missing documentation was one of the most common problems encountered in open source, observed by 93% of respondents. The Season of Docs program aims to give technical writers an opportunity to contribute to open source projects in a more structured way while learning about open source code. Participating organizations gain the chance to improve their processes for documenting their projects while working with a technical writer. Check out the FAQ section of the Season of Docs website for more detailed information.

WPTavern: WordCamp Nordic Hosts Successful Kids Workshop

Wordpress Planet - Tue, 03/12/2019 - 19:09

WordCamp Nordic hosted a successful kids workshop over the weekend where participants learned how to start publishing with WordPress. The event was held during Contributor Day at the same venue, tucked into a comfortable corner with soft chairs and ample floor space for the kids to stretch out.

Petya Raykovska led the workshop and participants followed along with the help of a large screen for demonstrating basic publishing-related tasks. The kids learned how to use the editor, add text and images, create galleries, and customize their sites by selecting a theme. Each participant left the workshop with their own WordPress site hosted at WordPress.com.

“It’s like an exercise in creativity, showing them how to use a tool to express themselves on the web,” Raykovska said.

Teaching kids how to use WordPress is far easier than teaching adults how to use it for the first time, because they don’t have preconceived notions about how the editor should behave. Raykovska said the group at WordCamp Nordic had no issues using Gutenberg.

“It doesn’t matter for them what editor they use,” Raykovska said. “They are very intuitive; they go along with anything that comes their way.”

She also reported that many of the kids from past kids workshop events have kept their blogs going and maintain strong relationships with the volunteers who helped them get started.

Each kids workshop is a new opportunity for organizers to test and refine different methods for teaching kids how to use WordPress. As these workshops become more common at WordCamps around the globe, it would be exciting to see them grow to become large scale events where more experienced kids can present on what they are learning and doing with WordPress.

If you are interested in running a kids workshop at another WordCamp, Raykovska has created an organizer kit for training the next generation of WordPress users and developers. It includes all the tasks and requirements for organizing this type of event, sample content, and a workshop script that organizers can follow.

WordPress.org blog: WordPress 5.1.1 Security and Maintenance Release

Wordpress Planet - Tue, 03/12/2019 - 03:34

WordPress 5.1.1 is now available! This security and maintenance release introduces 14 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.

This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.

WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.

Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

Other highlights of this release include:

  • Hosts can now offer a button for their users to update PHP.
  • The recommended PHP version used by the “Update PHP” notice can now be filtered.
  • Several minor bug fixes.

You can browse the full list of changes on Trac.

WordPress 5.1.1 was a short-cycle maintenance release. Version 5.1.2 is expected to follow a similar two week release cadence.

You can download WordPress 5.1.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

In addition to the security researcher mentioned above, thank you to everyone who contributed to WordPress 5.1.1:

Aaron Jorbin, Alex Concha, Andrea Fercia, Andy Fragen, Anton Vanyukov, Ben Bidner, bulletdigital, David Binovec, Dion Hulse, Felix Arntz, Garrett Hyder, Gary Pendergast, Ian Dunn, Jake Spurlock, Jb Audras, Jeremy Felt, Johan Falk, Jonathan Desrosiers, Luke Carbis, Mike Schroder, Milan Dinić, Mukesh Panchal, Paul Biron, Peter Wilson, Sergey Biryukov, and Weston Ruter.

WordPress 5.1.1 Security and Maintenance Release

Wordpress News - Tue, 03/12/2019 - 03:34

WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.

This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.

WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.

Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

Other highlights of this release include:

  • Hosts can now offer a button for their users to update PHP.
  • The recommended PHP version used by the “Update PHP” notice can now be filtered.
  • Several minor bug fixes.

You can browse the full list of changes on Trac.

WordPress 5.1.1 was a short-cycle maintenance release. Version 5.1.2 is expected to follow a similar two week release cadence.

You can download WordPress 5.1.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

In addition to the security researcher mentioned above, thank you to everyone who contributed to WordPress 5.1.1:

Aaron Jorbin, Alex Concha, Andrea Fercia, Andy Fragen, Anton Vanyukov, Ben Bidner, bulletdigital, David Binovec, Dion Hulse, Felix Arntz, Garrett Hyder, Gary Pendergast, Ian Dunn, Jake Spurlock, Jb Audras, Jeremy Felt, Johan Falk, Jonathan Desrosiers, Luke Carbis, Mike Schroder, Milan Dinić, Mukesh Panchal, Paul Biron, Peter Wilson, Sergey Biryukov, and Weston Ruter.

WPTavern: WordPress Explores Proposal for New Block Directory to Host Single Block Plugins

Wordpress Planet - Tue, 03/12/2019 - 01:32

WordPress core contributor Alex Shiels has published a proposal for a WordPress.org block directory that would host JavaScript-based, single block plugins. The directory would make blocks searchable and installable from within the Gutenberg editor. Building a directory for discovering blocks and seamlessly installing them is one of the nine projects that Matt Mullenweg identified as a priority for 2019.

Block collections have become one of the most popular ways for distributing a group of related blocks but this method can cause bloat. Users currently cannot search for individual blocks by name and plugin names and descriptions are not always a good indication of what the blocks do.

Shiels proposed the new directory be limited to single block plugins, frontend JavaScript blocks with no UI outside of the editor. It would be a separate section inside the Plugins Directory, optimized for users to find blocks by name and description. Developers would be required to use a block.json file with metadata as outlined in the Block Registration RFC, which provides a technical specification for block type registration.

The most controversial part of the proposal is having blocks installable from within the Gutenberg editor. The long term goal is to make that process as seamless as possible. Block collections and blocks that do not meet the requirements of the single block directory would still be available via the normal plugin installation process. This could be confusing for users who do not know that blocks can be found in two separate directories.

“The Gutenberg editor should NOT be a plugin installation source,” Matt Cromwell commented on the proposal. “That just seems ripe for scope-creep. That’s not its purpose or function. Let it be an editor, layout builder, content manager, etc. Moving into searching an external library and installing plugins is the definition of losing site of the purpose of a ‘product.'”

Cromwell suggested a centralized block manager as an alternative that would offer a better experience for searching and installing blocks. He also echoed other participants’ opinions on the importance of including dynamic blocks in the directory, instead of limiting it to “JavaScript only” blocks.

“A centralized Block Manager like has already been suggested is a far better user-experience for searching and installing blocks than doing that in the Gutenberg editor. I like the idea of single-block plugins being the only option in the Directory. But make sure Dynamic Blocks that depend on other existing plugins or outside functionality are able to be added to that very important Directory as well. I really don’t see a benefit to limiting this Directory so much.”

WordPress developer Jamie Schmid also expressed hesitation about pursuing a solution that puts block installation inside the editor, as it may discourage users from thinking about their block usage across the entire site.

“I am not convinced that making blocks searchable and installable from within the editor is the best solution,” Schmid said. “This, along with page level block controls and style overrides, is encouraging a very short-sighted, page-level solution to an issue that is very likely a global site (or content or even business) issue. I’d love to instead see a central view for all installed blocks – similar to how plugins are, but more organized by type/function/etc and with a visual alongside. This will encourage making decisions at the site level, encouraging some bigger-picture reflection. And same to being able to apply access controls to the installation of new blocks.”

The proposal would place the single block plugin search interface inside the block inserter in the Gutenberg editor. This would enable users to quickly search for and install a block if they don’t see one they need among the existing blocks.

A mockup of what inline block installation might look like

Riad Benguella, Gutenberg’s technical lead for phase 2, encouraged participants in the discussion to think about blocks as pieces of content that do not rely on the post editor but can be configured anywhere inside WordPress.

“It is important to think of blocks as its own unit that have a meaning on its own, and that can be used in different contexts,” Benguella said. “A block is a piece of content (static or dynamic) that can be configured and rendered anywhere.” This includes blocks found both inside and outside post_content, content in a full site editor, inside the WordPress admin, a headless application, or even another CMS.

“We should be ambitious and think about all these contexts (the final picture), but at the same time we should be pragmatic and iterate to achieve this goal,” Benguella said.

The discussion regarding the new block directory and block plugin architecture continues across WordPress contributor teams. Shiels said the proposal was meant as a starting place and contributors are still in the preliminary stage of exploring ideas.

BuddyPress: Join the Worldwide BuddyPress table during the first Contributor Day of the 11th WordCamp Paris

Wordpress Planet - Tue, 03/12/2019 - 01:10

To start a new decade of WordCamps in Paris (France), the Parisian organizing team has scheduled their first Contributor Day on April 24th, 2019.

The « I contribute » badge

As a member of this team, I‘m very excited and as one of the BuddyPress core developers I’m very proud to announce I will run a BuddyPress contributor table !

The WordCamp Paris Contributor Day will start at 8:00am UTC and will end at 4:00pm UTC.

If you’re in Paris on April 24th : you can get your free ticket to have a sit at our table. We’ll work on resolving issues, testing patches, improving the documentation and the french translation and why not on enhancements we can imagine using the BuddyPress REST API (It’s arriving in BuddyPress 5.0.0 !).

BuddyPress is created by a worldwide network of friendly folks

John James Jacoby

Then I thought what about trying to extend our BuddyPress table to a Worldwide BuddyPress Contributor Time ? @boonebgorges & @johnjamesjacoby will try to be around in our Slack channel to help us, to review the code and commit our changes.

If you’re not in Paris on April 24th : you can participate from where you are, you simply need to hang around into our #BuddyPress Slack channel. If you’re not familiar with Slack, please read this short documentation about it.

Let’s contribute to BuddyPress together

Il existe une version française de cet article.

Beauty Salon Zymphones Theme

Drupal Themes - Sat, 03/09/2019 - 16:57

You can build SPA or Salon website yourself by choosing our Drupal Beauty Salon Zymphones Theme. This theme aims to provide you with all the features you need to build a website to promote your wellness center, spa, or beauty salon with Mobile-first feature. This also includes all the default Zymphonies theme features.  Read more

Live Demo Advanced Themes

  • Drupal 8 core
  • Bootstrap v4
  • Mobile-first theme
  • Client list
  • Social media links
  • Included Sass & Compass source file
  • Well organized Sass code
  • Custom slider - Unlimited image upload
  • Home page layouts
    • 4 column news layout
    • 4 column updates layout
    • 4 column bottom layout
    • 4 column footer layout
Most installed Zymphonies theme Contact Zymphonies

Have Queries? Click here to contact Zymphonies

  • Free theme customization & additional features
  • Drupal custom theme development
  • Drupal website design & development
  • Drupal website migration

Sponsored by Zymphonies

HeroPress: How WordPress Changed My Life

Wordpress Planet - Fri, 03/08/2019 - 01:30

هذا المقال متاح باللغة العربية

I’m about to get real! Vulnerable! Transparent! & guess what…I don’t give a fuck! So buckle up boys…you’re about to go for a ride!


June 2014 when I decided to leave my life I’ve lived with my husband for thirteen years, left everything behind. My community I always knew, my friends, my way of life, I just dropped everything!

The only thing I took with me was my idea box and my two kids to started our new life in Chandler Arizona. When I moved, I lived with my mom till I figured it out. At the time I was in school for my Computer Science degree at Austin Peay State University. I figured I have only one year, so why not finish, get a good paying job and my mom was ok with us living in her house. It was difficult and the most challenging experiences as my mom had her own health challenge and having her newly divorced 29 year old daughter with two kids in her house was not easy for her. I was so broken. I was broken spiritually. I was broken mentally and this affected my overall physical health. And still had to find the strength to be strong in front of my kids. I did not have a job. I had never worked a day in my life as my husband did not allow it.

So here I was, 29 years old, two kids, divorced, no degree, no work experience…yet I had to find a way to not only support myself but my kids as well.

While living with my mom, the atmosphere got a little tense. As I mentioned above, my mom went through a lot, she had her own struggles, her own journey, and I happened to be a part of her narrative. With the loss of the man she loved so dearly, and her health declining, she as well had her own capacity of what she can handle, and having me in the house with the kids was getting burdensome. I tried to do my part with buying food in bulk as there was nine of us in a five bedroom house. But sometimes, my idea of “doing my part” does not match the other, and issues may arise.

One day my mom approached me with the Cox internet bill and asked me to pay for it. Honestly, I probably could have afford the bill under $100.00 dollars, but the inconsistent deposit of child support from my ex at that time, I was not able to commit to paying for anything. That is why I would buy food from Costco in bulk, etc. But, that was the turning point for my mom to pull the plug and say,

“I don’t want you in my house anymore.”

So the plan to finish school within a year went out the door!

I came home one day I and found my stuff in a baskets in front of the garage. I reversed the car from my moms driveway and went in search of an apartment I could afford. At the time, my ex was depositing a total of $1,000 dollars in the joint account for our kids. I had to find an apartment that was under $1,000 dollars plus cover the cost of gas and food. To my surprise I found an apartment called CrossWinds Apartments for $550 a month on Arizona Ave and Pecos rd.


On Aug. 2014 I moved in my first apartment with my two kids.

So here I was 29 years old, no job yet, the idea of finishing school went out the door, and I have to find a way to make it.

Breath…just breath…(sometimes breathing doesn’t work. I mean…I feel like I was gasping for air in order to breath!)

My kids where very sad. I was confused. I had no idea what to do and where to go and I needed a job.

After reaching out my friend,  Deedra Hill Abboud who helped me with revamping my resume based on past experiences, I started applying to every job I could find. And just a side note, Deedra Hill Abboud not only helped with my resume which I was clueless on how to put together, but also helped me with my mindset, reminded me to be grateful even though I felt so defeated, and I was at my lowest point in my life. But, I had no luck with my job hunt and I was ready to settle for anything! I was hired as a nanny on Aug 29, 2014. I moved that month into a new apartment, never lived on my own before, never payed for bills (like what the fuck are those yo), and was able to find a job by the end of the month that payed me $300.00 a week. I was so happy. Like you have noooo idea! I was so happy.

My family visited sporadically. But, on October 2014, my sister Eman, who’s known for Eman B. Fendi, came over to visit. I had no couch, no bed, no furniture for a while. We had a long conversation about life, and everything in between. During the conversation, I pulled out my idea box and shared with her a card game I had created when I used to tutor Muslim kids back in Clarksville TN. She informed me about Score, a non-profit organization that provides free business mentorship all over the USA. She said, “reach out to them. They will help you with your idea.”

First Steps

I’m like…OMG! I was soooo excited! I went to Peixoto coffee in Chandler AZ…for internet…I could not afford internet at the time. I checked out Score website and they had an event I attended on November 2014. I was so nervous and so scared. As I did not know what to really do with my idea. All I know is I had an idea, I was passionate about it, and had the drive to do something about it! The event host asked everyone in the room to stand up and introduce themselves. Everyone had their fancy title and so much amazing experience to represent themselves, and here I am trying to make something out of myself I have never done before. In all my insecurities, self doubt, and internal contradictions, my intro goes as follows…

“Hi! My name is Amena Mabrouk and I have a card game idea that helps kids learn the name and position of Salah(prayer). I am here because I have no idea what to do with my idea.”

After the session was over a man walked towards me by the name of Doug Whitney. He was a certified Score mentor helping clients who want to start or grow their businesses. He approached me and said,

“Hi! My name is Doug Whitney. I think I can help you with your idea. Here’s my business card.”

WOW! I was thrilled! I booked an appointment with him that day and I continued to meet with my business mentor weekly for two years. The journey was lonely. As I was so focused on work, my kids, and my idea, I started to miss being apart of a community.

During the two years I was meeting with my business mentor, Whitney said to me, “You need to start building a website. I recommend you start building your website on WordPress.”

“I’m like, WordPress. Ok! I will start tonight. Like what is it? I press words? “

Ha…ha…Just kidding! I figured you lasted this long reading my blog, we’re practically related at this point….might as well add a little humor…lol

So please continue on…


So I went to Peixoto coffee, opened my computer, went to wordpress.org, created an account and started to build my website. This was my first time building a website. I googled everything and lots of youtube videos. And man, I got stuck. I was frustrated. I was so disappointed especially when you see all the pretty websites out-there, I was a little discouraged to continue. In the process of trying to figure out this WordPress thing, I also learned about co-working spaces which I became obsessed with!

Did you know there all over the valley! OMG!

I found out about one near my home called GangPlank in Chandler Arizona. I started working out of GangPlank and fell in love with the community there. This was the first time in two years to finally feel a sense of community after my divorce. I worked there consistently and an amazing woman by the name of Anne Watson Barber. During our conversation, I informed her about my dilemma with my WordPress website. She automatically, without hesitation, offered to help me without any question. I was so so excited! Thrilled! You have no idea!

I consistently met up with Anne Watson Barber at GangPlank for a while. In all honesty, without this WordPress thing, I would have never looked for a place where people work out of, which led me to meeting Anne Watson Barber and many other amazing people. But that was the beginning. As not only did I get a sense of community I was missing in my life at GangPlank, I was making legit friends who selflessly are willing to help out no matter what! WOW!

Can we just stop for a moment and talk about it!

Throughout our meetings my friend Anne informed me about Meetup groups for WordPress.

I started to google Meetup groups around the valley for WordPress. I went to all of them! Some WordPress Meetup where one hour and thirty minutes way! I loved every bit of it! Disclaimer, most of it was over my head, but I still went, made new friends, and continued building my WordPress website.

How WordPress Changed My Life, well the story speaks for itself. Choosing to build my site on WordPress was the catalyst from the beginning that opened many doors I was not aware of. I continued to build my site for a few years, and then moved on to a different venture.

But, without WordPress which lead to the WordPress community, I would not have learned how to build an online presence, to fearlessly ask questions when I’m stuck, to be around people who are willing selflessly help out, even-though I needed the information repeated over and over again for me to understand it.

Without the WordPress community, I would not have learned to be ok with failure that’s free of judgment, as we are all trying to make it. Without the WordPress community, I would not have learned to be ok with the idea of shared information – because your success is my success. Without the WordPress community, I would not have learned how to be tolerant when feeling defeated and to continue with the little courage I had to figuring it out. It really did change my life.

After venturing off with other things, the universe has it’s way of reminding me of where I belong. I was informed about volunteering at WordCamp Phoenix 2019 by a good friend, Justin Nealey at GoDaddy. So I used my volunteer and sick time to take off from work to be apart of the event. I was blown away! I never knew what WordPress really meant to its people. I did not understand the heart of the WordPress project, and how important it is in the way it impacts the community. When I started with WordPress, it was about building my website for my startup business. But this time, I had a glimpse of it’s magnitude in the world and I am so thrilled to be apart of it on a whole new level!

During my time at WordCamp Phoenix 2019 , I meet amazing people and had the time of my life! This event lead to the opportunity to take photos/video during Contributor Day + Organizing WordPress Panels at Galvanize Phoenix. This further opened doors to meeting Topher DeRosia who approached me and inspired me to write this essay for his website called HeroPress; to meeting Adam Warner | Field Marketing Manager for GoDaddy Pro; to the amazing conversation with Aaron Campbell |WordPress Core/Ecosystem; and so many amazing humans who came into my life because of it!

Currently, I work at GoDaddy Hosting Support. I love my job and I’m making a comeback into my WordPress community here in the valley. I am working closely with Matthew Clancy to record and edit the Advanced WordPress Developer Meetup and other upcoming events as well. I am so excited for the future!

Oh, and in case you’re wondering about my Salah(Prayer) card idea…that’s another blog post, another joy ride boys! In the meantime, let’s be friends! Let’s connect! Twitter @AmenaMabrouk



كيف غير وورد بريس حياتي

أنا على وشك أن اصبح صادقة! و قوية و صريحة ! هل تعلم… انا لا اكترث نهائيا! .. أنتم على وشك الذهاب فى نزهه! فى يونيو 2014 عندما قررت أن أترك حياتي التى عشتها مع زوجي لمدة ثلاثة عشر عاما ، تركت كل شيء خلفى. مجتمعي ألذى عرفته ،أصدقائي ، طريقه معيشتى، فقد تركت كل شيء! الشيء الوحيد الذي أخذته معي كان صندوق أفكارى وأطفالي الاثنين لكى نبدأ حياتنا الجديدة في تشاندلر أريزونا. عندما انتقلت ، عشت مع أمي حتى أكتشفت الأمر. ويوم ان كنت في المدرسة لكى أحصل على درجتى العلميه فى علوم الكمبيوتر في جامعة أوستن بيي ستيت. كان لدى سنة واحدة فقط لانهى دراستى، فلماذا لا انهيها ، وأحصل على وظيفة جيدة الأجر ، وكانت أمي طيبه معنا في منزلها. كان ذلك صعبا ومن اكثر  التجارب تحدياً …فقد كانت أمي تواجه تحديهاالخاص من الناحيه الصحيه ، ولديها ابنتها المطلقة حديثا والبالغه من العمر 29 عاما مع طفلين في منزلها لم يكن ذلك سهلا بالنسبه البها. كنت محطمه بشكل كبير . فقد تحطمت روحيا وعقليًا وأثر ذلك على حالتى الصحيه بشكل عام. وكان يجب ان أكون قويه أمام أطفالي. ولم أكن أعمل. فلم أعمل ابدا ولم يسمح زوجي بذلك. ﻟذا ، والان ، انا ابلغ 29 ﻋﺎﻣﺎً ، وأم لطفلين  ومطلقه وليست لدى درجه علميه ولا خبره مهنيه  ورغما عن كل ذلك كان يتوجب على ان ابحث عن وسيله ليس فقط لاعاله نفسى و لكن لاعاله أطفالى أيضا ً. أثناء الاقامه مع والدتى ، أصبحت الحياه  متوترةً شيئا ما . فكما ذكرت ، فقد مرت أمي بالكثير ، ولديها صراعاتها ورحلتها  الخاصة ، وقد أصبحت انا جزءا من قصتها. ومع خسارتها بفقدان الرجل الذي أحبته كثيرا ، وصحتها المتدهوره، فهى أيضا لها قدراتها الخاصة على تحمل ما تتعامل معه ، وأصبح وجودى في المنزل مع اطفالى عبئا ثقيلا بالنسبه اليها. وقد حاولت أن أقوم بدوري بشراء الطعام بكميات كبيرة فقد كنا تسعة أشخاص  في منزل مكون من خمس غرف نوم. لكن أحيانا ، لا تتطابق مع وجهه نظرى عن “القيام بدوري” مع الأخرىن ، وأحيانا تحدث بعض المشكلات. ففي أحد الأيام اتصلت والدتى وطلبت منى دفع فاتوره الإنترنت . بصراحة ، قد استطيع  دفع فاتورة أقل من  100.00 دولار ، ولكن النفقه الغير عادله  لاطفالى من طليقى في ذلك الوقت ، لم تمكننى من الالتزام بدفع أي شيء. وذلك هو السبب في أنني أشتري الطعام من كوستكو بكميات كبيرة ، وهكذا. ولكن ،  كانت تلك نقطة التحول بالنسبة لأمي فقد قالت لى  ، “أنا لا أريدك في منزلى بعد الآن”. لذا فإن خطتى لإنهاء المدرسة في عام واحد اختفت ! وعدت إلى المنزل في يوم ما  لاجد أغراضي قد وضعت في سلات أمام الجراج. فغيرت اتجاه السيارة  وذهبت في البحث عن شقة أستطيع تحمل نفقتها. في ذلك الوقت ، كان زوجى السابق يودع  1000 دولار في الحساب المشترك لأطفالنا. كان علي أن أجد شقة أقل من 1000 دولار بالإضافة إلى تغطية تكلفة البنزين والطعام . ولدهشتي وجدت شقة تسمى شقق كروس ويندز مقابل 550 دولار شهريا فى أريزونا افي وبيكوس . في أغسطس 2014 ، انتقلت للعيش فى شقتى الأولى مع أطفالى. كنت في التاسعة والعشرين من عمري ، ولم يكن لدى وظيفة بعد ، وتلاشت فكرة إلانتهاء من المدرسة ، ولا بد لي من إيجاد طريقة للتغلب على ظروفى . اتنفس … فقط اتنفس … (فاحيانا لا أستطيع. أعني … أشعر وكأنني كنت أبحث عن الهواء حتى اتنفس!) وكان أطفالي فى حاله حزن شديده. وكنت مشوشه. لم يكن عندى أدنى فكرة عما يجب أن أفعله وأين أذهب فأنا أحتاج إلى وظيفة.  بعد أن وصلت إلى صديقتي ، ديدرا هيل ابود التى ساعدتني في ان اجدد السيرة  الذاتية الخاصه بى بناءا على خبراتى السابقة ، بدأت أتقدم بطلب لكل وظيفة أعثر عليها. وكملاحظة جانبية ، فإن ديدرا هيل ابود لم تساعدنى في عمل سيرتي الذاتية والتى لم أكن أعرف طريقه تنظيمها فقط ، ولكن أيضا  ساعدتني  في طريقه تفكيري ، وذكّرتني بأن أكون  شاكره حتى مع  شعوري بالهزيمه ، وقد كنت في أدنى نقطة من مراحل  حياتي. ولكن ، لم أكن محظوظه في البحث عن عمل  ، وكنت على استعدادأن أقبل بأى شىء!  ولكن في أكتوبر 2014 ، جاءت شقيقتي إيمان ، التي كانت شهرتها إيمان بى فندي ، لزيارتى. لم يكن لدي مقعد ، ولا سرير ، ولا أثاث لفتره. وتحدثنا طويلا عن الحياة ، وكل شيء بيننا. خلال المحادثة ، حدثتها عن فكرتي وشاركت معها لعبة بطاقة ابتدعتها عندما كنت أعلم الأطفال المسلمين مرة أخرى في كلاركسفيل تينيسي.  وفى 29 أغسطس  2014 تم تعيينى كمربية. وانتقلت في ذلك الشهر إلى شقة جديدة ، لم أحيا أبدا فى شقه خاصه بى من قبل ، ولم أقم بدفع أيه  فواتير (كما يفعل الاخرون ) ، وأستطعت العثور على وظيفة فى نهاية الشهر وكان راتبها  300.00 دولار في الأسبوع. وكنت سعيدة جدا بدرجه لا يمكن أن تتخيلوها. كنت سعيدة جدا. وكانت عائلتي تزورنى فى اوقات متفرقه.  أخبرتني عن “سكور” ، وهي منظمة غير ربحية تقوم بتقديم  إرشادًات مهنيه مجانيًة في جميع أنحاء الولايات المتحدة الأمريكية. قالت ، “تواصلى معهم. سيقومون بمساعدتك في فكرتك. و انا “يا اللهي!” فقد كنت متحمسة للغايه! ذهبت إلى مفهى بيكسوتو في تشاندلر  أيه زى … للولوج الى الإنترنت … فلم أكن أستطيع تحمل تكلفة الإنترنت في ذلك الوقت. وتفقدت موقع سكور على الإنترنت  وكان لديهم حدث قمت بحضوره في نوفمبر 2014. كنت متوترة وخائفه جدًا.  لاننى لم أكن أعرف ماذا أفعل  بفكرتي. كل ما أعرفه هو أن لدي فكرة ، وكنت متحمسة لها ، ولدى الدافع لعمل أى شيء لتلك الفكره! طلب مضيف الحدث من جميع الحضور الوقوف وتقديم أنفسهم. الجميع كان لهم لقب ممتاز وتجربة رائعة جدا لتقديم أنفسهم ، وعندئذ حاولت ان اقدم شيئا عن نفسى لم اقم به من قبل. بكل ما لدى من عدم الاحساس بالامان ، وعدم الثقة بالنفس ، والتناقضات الداخلية ، وقمت بتقديم نفسى كالتالى  … “مرحبا! اسمي أمينة مبروك ولدي فكرة لعبة بطاقة تساعد الأطفال على ان يتعلموا اسم ومكان  (الصلاة).  أننى هنا لأنني لا أعرف ماأفعله بفكرتي “. بعد الجلسة ، كان هناك رجل يتجه نحوي يسمى” دوج ويتني “. وهو معلمًا معتمدًا في سكور ، وهو يساعد العملاء الراغبون في البدء فى أعمالهم أو تنمية أعمالهم. اقترب مني قائلا: “مرحبا! أنا اسمي دوج ويتني. أظن أنني أستطيع أن أساعدك في فكرتك.هذا هو الكارت المهنى الخاص بى . وااو ! فقد شعرت بسعادة كبيره! وقمت بحجز موعدًا معه في ذلك اليوم ، واستمريت فى مقابلة المشرف المهنى الخاص بى اسبوعيا و لمدة عامين.  كنت أشعر بالوحدة  فى رحلتى . فقد كنت أركز على العمل ، أطفالي وفكرتي ، بدأت أفتقد كونى جزء من المجتمع. خلال السنتين اللتين كنت التقى فيهما مع المشرف المهنى  ، قال لي ويتني: “يجب عليكى ان تبدأى  في بناء موقع إلكتروني. أنصحك  بإنشاء موقع الويب الخاص بك على وورد بريس . ” أنى أحب وورد بريس . حسنا! سأبدأ الليلة. و انا كمن يقول “ما هذا؟ اقوم بالضغط علي الكلمات؟” ها ها اني امزح فحسب! لقد اكتشفت انك استغرقت هذا الوقت في قراءة مدونتي,  حيث ترتبط عمليًا في هذه المرحلة … .كما يضفى قليلا من المزاح …   أكمل ارجوك  … ثم ذهبت إلى قهوة بيكسوتو ، وفتحت جهاز الكمبيوتر الخاص بي ، ثم ولجت إلى wordpress.org ، أنشأت حسابًا وبدأت إنشىء موقع الويب الخاص بي. كانت هذه المرة الأولى التي أنشئ فيها موقعًا على الويب. وبحثت فى جوجل عن كل شيء وكثيرا من  الفيديوهات على يوتيوب. اتدري, لقد تعلقت بما ابحث فيه. فقد كنت محبطة. واحسست بخيبة أمل كبيرة وخاصة عندما رأيت المواقع الجميلة هناك ، كنت متردده قليلاً فى الاستمرار.  ففي محاولة معرفة  هذا الوورد بريس  ، تعلمت أيضًا ماهى مساحات العمل المشترك التي صرت مهووسة بها! هل تعلم أنهم هنا في جميع أنحاء المدينه! يا الله ! لقد اكتشفت أن أحدا هنهم قريبا من منزلى   جانج بلانك في تشاندلر أريزونا. بدأت العمل من خلال جانج بلانك وأحببت ذلك المجتمع. كانت تلك هي المرة الأولى منذ عامين أشعر بالتواصل الاجتماعى بعد الطلاق. عملت هناك باستمرار وقابلت سيدة رائعه اسمها أن واتسون باربر ومن خلال أحاديثنا ، أخبرتها عن مشكلتى مع موقع الوورد بريس

وبدون تردد و بتلقائيه عرضت على مساعدتى بدون أى سؤال. كنت متحمسة جدا! ليس لديك فكره عن السعادة الكبيرة التى احسست بها! كنت ألتقي باستمرار مع آن واتسون باربر في جانج بلانك كثيرا. وبأمانة ، بدون الوورد بريس ، ماكنت بحثت  عن مكان يعمل فيه الناس معا ، والذى قابلنى بآن واتسون باربر والكثير من الأشخاص الرائعين . لكن ذلك كان البداية.  فلم احصل فقط على شعور التواصل الاجتماعى والذي كنت افتقده في حياتي في جانج بلانك ، بل قمت بعمل صداقات مع اشخاص رائعين ممن هم مستعدين لتقديم المساعدة مهما حدث ! هل يمكن ان نتوقف لحظه ونتحدث عن ذلك.! فمن خلال اجتماعاتنا ، أخبرتنى صديقتي “آن” عن مجموعات Meetup   في وورد بريس. بدأت أبحث فى جوجل عن مجموعات الميت اب من حولى  للوورد بريس. ذهبت الى كل منهم! بعض من  WordPress Meetup  تكون ساعة وواحد وثلاثون دقيقة  ولقد احببت كل هذا !  ولكني استمريت فى تكوين أصدقاء جدد ، واستمريت في بناء موقعي على وورد بريس. كيف غيرت وورد برس حياتي ، تتحدث القصة عن نفسها.  فاختيارى لبناء موقعي على وورد بريس كان هو الحافز منذ البداية والذي فتح لى الكثير من الأبواب التي لم أكن على علم بوجودها. واصلت بناء موقعي لسنوات عديده ، ثم انتقلت إلى مشروع آخر. ولكن ، بدون الوورد بريس والذى عرفنى على  مجتمع الوورد بريس ، لم أكن لاتعلم كيفية بناء وجود لى على الإنترنت ، لكى أطرح الأسئلة بلا خوف عندما أعجز عن عمل الاشياء ، وأن يكون حولى أشخاص على استعداد للمساعده بلا أنانيه ، وبالرغم من أنى أحتاج إلى تكرار المعلومات كثيرا لكى افهمها.

فبدون مجتمع الوورد بريس  ، لم أكن لاتعلم أن أتقبل الفشل والذى يخلو من  من النقد ، حيث أننا جميعا نحاول أن نحقق مانريد. وبدون مجتمع الوورد بريس ، لم أكن لاتعلم فكرة مشاركه المعلومات  – حيث أن نجاحك هو نجاحي. بدون مجتمع وورد بريس ، لم أكن لأتحمل ألشعور بالهزيمة وان استمر ولو بقليل من الشجاعة التى امتلكها لتحقيق ما أريد. لقد غير الوورد بريس حياتى حقا. بعد المغامرة بأشياء أخرى ، و للكون طريقتة فى تذكيري بما أنتمي إليه. أبلغت عن التطوع. ففي  15 – 17 من فبراير 2019 ابلغنى صديقى جاستن نيلى بالتطوع فى وورلد كامب فينكس #WCPHX  ،  في جو دادى.  لذا استخدمت تطوعي وأوقات المرض  للإبتعاد لاكون جزءا من هذا الحدث. لقد كنت b! لم أكن أعرف أبداً ماذا تعنى الوورد بريس لاصحابها. لم أفهم قلب مشروع الوورد بريس ، ومدى أهميته في طريقة تأثيرة على المجتمع. عندما بدأت مع الوورد بريس  ، فقد كان من أجل بناء موقعي على الويب لنشاطي المبدئى. لكن في هذه المرة ، تلقيت نظره خاطفة عن أهميتها في العالم ، وأننى سعيدة بأن أكون جزءا منها على مستوى جديد! وأثناء تواجدى فى وورد كامب فينكس من 15 – 17 فبراير 2019  قابلت اشخاصا رائعين  وكان هذا من اسعد اوقات حياتى! وقد اتاح لى هذا الحدث الفرصه لالتقاط الصور والفيديوهات فى يوم المشاركة و تنظيم أجتماعات المناقشة الخاصه بوورد بريس فى جالفانيز فينكس.  وفتح ذلك مزيدا من الأبواب لمقابلة توفر دى روسيا الذي اقترح  وألهمني أن أكتب  هذه المدونة لموقعه الإلكتروني والذي أطلق عليه أسم هيرو بريس ؛ ولمقابلة آدم وارنر مدير التسويق الميداني لـ جو دادى ؛  ولمحادثة رائعة مع آرون كامبل | WordPress Core / Ecosystem؛ والكثير من الاشخاص  الرائعين الذين ظهروا فى حياتي بسبب ذلك! والان اناأعمل  في جو دادى هوستنج سابورت. فأنا أحب عملي وأقاتل فى مجتمع الوورد بريس هنا في المدينه.  إنني أعمل قريبه من  ماثيو كلانسي لتسجيل وتحرير برنامج وورد بريس المتقدم وتطوير الاجتماعات وغيرذلك من الأحداث القادمة. أننى متحمسة جدا للمستقبل! ، وأذا ما كنت تتساءل عن فكرتى لبطاقه الصلاة … فهذه مدوّنة أخرى ، و سعادة أخرى. في نفس الوقت ، دعنا نكن أصدقاء! دعنا نتواصل! على تويتر  AmenaMabrouk

The post How WordPress Changed My Life appeared first on HeroPress.

WPTavern: WPWeekly Episode 348 – RIP Alex, Facebook Moderators, and Shorter Release Cycles

Wordpress Planet - Thu, 03/07/2019 - 22:11

In this episode, John James Jacoby and I review feedback from last week’s show, share a few more memories of Alex Mills, and discuss an article that describes what it’s like to be a content moderator for Facebook. We also share our opinions on the idea of WordPress having shorter release cycles.

Stories Discussed:

The Drive Remembers Alex Mills

The Secret Lives of Facebook Moderators

Jetpack 7.1 Released

PressNomics 6 Tickets are on sale

Freemius Patches Severe Vulnerability in Library Used by Popular WordPress Plugins

WordPress Contributors Propose Shorter, Time-based Release Cycles

Fighting uphill

WPWeekly Meta:

Next Episode: Wednesday, March 13th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #348:

WPTavern: Watch WordCamp Nordic Sessions for Free via Livestream March 8

Wordpress Planet - Thu, 03/07/2019 - 22:09

The inaugural WordCamp Nordic will be live streamed for free on March 8, from the Paasitorni Congress Center in Helsinki. The conference starts at 9 AM. Those watching remotely can tune into both tracks via the following links:

Track 1

Track 2

The WordCamp’s organizers published the direct links, so there is no need to sign up for a livestream ticket. Session topics include Gutenberg development, environmentally friendly WordPress development, preparing for PHP 7.2, Gutenberg Cloud, WooCommerce, blog marketing, multilingual websites, and more. Check out the full schedule for a list of all the sessions.

United States Web Design System Base

Drupal Themes - Thu, 03/07/2019 - 14:05

Currently being developed.


Drupal Themes - Wed, 03/06/2019 - 14:01

Zippy is a Zurb foundation based for Drupal 8 websites. It is suitable for Blogs, personal portfolios and community websites. It provides a Home Page Slider, Dropdown main menus and colour configurable pallet for Home Pages through which a user can easily change the Background colour and text colour.

Streamline By HTML5UP

Drupal Themes - Wed, 03/06/2019 - 12:58

Gary: Authentication in WordPress

Wordpress Planet - Wed, 03/06/2019 - 02:13

WebAuthn is now a W3C recommendation, bringing us one step closer to not having to use passwords anymore. If you’re not familiar with WebAuthn, here’s a little demo (if you don’t own a security key, it’ll probably work best on an Android phone with a fingerprint reader).

That I needed to add a disclaimer for the demo indicates the state of WebAuthn authenticator support. It’s nice when it works, but it’s clearly still in progress, and that progress varies. WebAuthn also doesn’t cover how the authenticator device works, that falls under the proposed CTAP standard. They work together to form the FIDO2 Project. Currently, the most reliable option is to purchase a security key, but quality varies wildly, and needing to carry around an extra dongle just for logging in to sites is no fun.

What WordPress Needs

Anything that replaces passwords needs to provide some extra benefit, without losing the strengths of the password model:

  • Passwords are universally understood as an authentication model.
  • They’re portable: you don’t need a special app or token to use them anywhere.
  • They’re extendable: strong passwords can be enforced as needed. Additional authentication (2FA codes, for example) can be added, too.

Magic login links are an interesting step in this direction. The WordPress mobile apps added magic login support for WordPress.com accounts a while ago, I’d love to see this working on all WordPress sites.

A WebAuthn-based model would be a wonderful future step, once the entire user experience is more polished.

The password-less future hasn’t quite arrived yet, but we’re getting closer.

WPTavern: Global WordPress Translation Day Set for May 11, 2019

Wordpress Planet - Fri, 03/01/2019 - 23:53

One of the the most important factors in WordPress’ growth is the software’s availability in 186 languages. Its vibrant community of translation volunteers, known as the Polyglots team, continually update the translations to ensure access for millions of non-English speakers around the world. In 2016, the team began hosting their own events dedicated to educational sessions and topics that affect the translation community, along with coordinated translation sprints.

The 4th edition of the Global WordPress Translation Day (GWTD) has been set for Saturday, May 11, 2019. It is a 24-hour virtual and in-person event that brings together new and experienced translators. The most recent event was held in 2017 with 71 local events in 29 countries. More than 1,300 people RSVP’d for local events and volunteers around the world translated 93,179 strings in core, themes, and plugins. The event was also successful at growing the local translation communities, adding 217 new translators to the project.

It’s hard to overstate the importance of events like this that support and grow WordPress’ vital translation community. This colorful chart shows the percentage of users running the software in different locales. WordPress has a diverse global user base, thanks in large part to the efforts of volunteer translators.

If you want to get involved in the next Global WordPress Translation Day, mark your calendar for May 11, 2019. For more information, check out the #GWTD4 tag on the Polyglots blog and join in on the #polyglots-events Slack channel.

WPTavern: Freemius Patches Severe Vulnerability in Library Used by Popular WordPress Plugins

Wordpress Planet - Fri, 03/01/2019 - 19:47

Freemius, a monetization, analytics, and marketing library for WordPress plugin and theme developers, patched an authenticated option update vulnerability in its wordpress-sdk four days ago. The library is included with many popular plugins, such as NextGEN Gallery (1,000,000+ installs), 404 – 301 (100,000+ installs), WP Security Audit Log (80,000+ installs), and FooGallery (100,000 installs+). Freemius CEO Vova Feldman said he would classify it as “a severe vulnerability.”

Feldman had planned to wait to publish anything about the vulnerability until more plugin authors had updated, but the security team at PluginVulnerabilities.com published a detailed explanation of the vulnerability within 24 hours of plugin developers getting notified about the patch:

The vulnerability, an authenticated option update vulnerability, would allow anyone with access to a WordPress account to take complete control of the website. That is a type of vulnerability that hackers will try to exploit if there is significant usage of a plugin. Anyone that allows untrusted individuals access to WordPress accounts and is using a plugin with this library is at a pretty significant risk if they haven’t updated the plugin to a version that fixes this or deactivated the plugin.

Plugin developers using the library have already been notified by Freemius, the team at pluginvulnerabilities.com, and will soon be contacted by the WordPress.org plugin team. A full list of the plugins impacted by this vulnerability is not available yet, but Freemius has a page on its website showcasing 96 WordPress.org plugins and nine themes that use it.

“More than 60% of the developers who are using our SDK have already upgraded to the patched version,” Feldman said. As of today, Feldman said he has not received any reports of the vulnerability having been exploited.

Feldman published a summary of his company’s actions on the security issue and described how Freemius is working to mitigate exposure and try to give users more time to update. The company requested two things from developers using its wordpress-sdk library:

  • If this security upgrade will be included in your changelog, please only use generic wording like “Security fix”.
  • Even after updating and releasing the patched versions, please do not disclose this issue during the next 30 days, allowing enough time for all our partners and their users to update.

It is in a company’s best interest to keep the details of a product’s security issue under wraps for as long as possible, but that may leave some users exposed when the vulnerability has already been published on the web. Any user who sees an update for a plugin using Freemius is advised to act on that update immediately, regardless of whatever generic note appears in the changelog.

As a company providing a security service, PluginVulnerabilities.com had different priorities in publishing details about the vulnerability, according to a representative who identified himself as John:

In this case where we are not the discoverers. The biggest issue is that vulnerability looks to have already been being exploited when we came across it, so hiding the situation from the public seems highly irresponsible. Our customers pay us to warn them about vulnerabilities in their plugin, so we would need to warn them right away once we became aware of this. If we only warned our customers that obviously raises some serious questions since others in WordPress community would be left in the dark.

In cases like this, where developers are including a third-party library in their plugins, it can take longer for users to receive an update that fixes the vulnerability, since the need for a patch has to be communicated to multiple parties. The situation is similar to the recent vulnerability that Bootstrap patched two weeks ago. Bootstrap announced the vulnerability in the same week it was reported and fixed, instead of trying to delay disclosure, even though thousands of products across the web use the Bootstrap framework.

WordPress.org doesn’t currently have a mechanism to flag certain plugin updates as security updates, but if a security update is severe enough, the plugin team can push updates out faster with cooperation from plugin authors. That route has not yet been pursued in this case, but we will continue monitoring the situation. In the meantime, if you are using a plugin that includes Freemius and the author has not updated, you may want to consider turning the plugin off temporarily until a patch is available.