Category Archives: wordpress

WordPress Takes Control Of ACF Plugin



The dispute between WordPress founder Matt Mullenweg and hosting provider WP Engine continues, with Mullenweg announcing that WordPress is “forking” a plugin developed by WP Engine, TechCrunch reported. 

Specifically, Advanced Custom Fields — a plugin making it easier for WordPress users to customize their edit screens — is being taken out of WP Engine’s hands and updated as a new plugin called Secure Custom Fields.

Mullenweg wrote that this step was necessary “to remove commercial upsells and fix a security problem.”

The Advanced Customs Fields team responded on X, describing this as a situation where a plugin “under active development” has been “unilaterally and forcibly taken away from its creator without consent,” which is said has never happened “in the 21 year history of WordPress.”

Some background: WordPress is a free, open source content management system used by many websites (including TechCrunch), while companies like WP Engine and Mullenweg’s Automattic offer hosting and other commercial services on tap.

Matt Mullenweg posted on WordPress about Secure Custom Fields:

On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory guidelines and are forking Advanced Custom Fields (ACF) into a new plugin, Secure Custom Fields. SCF has been updated to remove commercial upsells and fix a security problem.

On October 3rd, the ACF team announced ACF plugin updates will come directly from their website. This was also communicated via a support notice in the WordPress.org support forum on Oct. 5th. Sites that followed the ACF team’s instructions on “How to update ACF” will continue to get updates directly from WP Engine. On October 1st, 2024, WP Engine also deployed its own solution for updates and installations for plugins and themes across their customers’ sites in place of WordPress.org update service.

Sites that continue to use WordPress.org’s update service and have not chosen to switch to ACF updates from WP Engine can click to update to switch Secure Custom Fields. Where sites have chosen to have plugin auto-updates from WordPress.org enabled, this update process will auto-switch them from Advanced Custom Fields to Secure Custom Fields.

This update is as minimal as possible to fix the security issue. Going forward, Secure Custom Fields is now a non-commerical plugin, and if any developers want to get involved in maintaining and improving it, please get in touch…

The Verge reported WordPress.org has taken a popular WP Engine plugin in order “to remove commercial upsells and fix a security problem,” WordPress cofounder and Automattic CEO Mark Mullenweg, announced today. This “minimal” update, which he labels a fork of the Advanced Custom Fields (ACF) plugin is now called “Secure Custom Fields.”

It’s not clear what security problem Mullenweg is referring to in the post. He writes that he’s “invoking point 18 of the plugin directory guidelines,” in which the WordPress team reserves several rights, including removing a plugin or changing it “without developer consent.”

Mullenweg explains that the move has to do with WP Engine’s recently-filed lawsuit against him and Automattic.

In my opinion, it sounds like Matt Mullenweg might be hoping to get out of a lawsuit against him and his Automattic company.

 


The Fediverse Has Arrived On WordPress.com



Matthias Pfefferie wrote on the WordPress website: Exciting times are here for all WordPress.com users! The revolutionary ActivityPub feature is now available across all WordPress.com plans, unlocking a world of engagement and interaction for your blog. You blogs can now be part of the rapidly expanding fediverse, which enables you to connect with a broader audience and attract more followers.

What is the “fediverse”?

The fediverse consists of federated platforms like Mastodon, which hare networks of independent websites or servers that can communicate with each other while still operating individually. It’s much like email; you can send emails to users with accounts on different services (like Gmail, Yahoo, etc.), yet all of them can interact seamlessly. Similarly, federated platforms enable users to follow, share, and interact with content across different services in a unified network.

What is the ActivityPub plugin?

ActivityPub is a WordPress plugin that facilitates seamless integration between your blog and a host of federated platforms, including Mastodon, Pleroma, Frendica, and more. This plugin empowers your readers to follow your blog posts on these platforms.

In addition, replies to your posts from these platforms are automatically turned into comments on your WordPress blog, creating a more interactive and dynamic conversation around your content. Synchronicity for the win!

Transform your blog into a fediverse profile

Your WordPress blog can now become a profile for the fediverse. This means your readers can follow you and receive all the latest posts from your blog directly on preferred platform. More so, they can engage in enriching conversation by replying to your posts, with their replies reflecting as comments on your blog post, creating a synchronized and interactive experience.

On Free, Personal, and Premium sites, you can enter the fediverse through your settings; for Business and Commerce sites, simply install the ActivityPub plug and follow the prompts to set up your profile.

The Verge reported bloggers and other publishers using WordPress to host their site can now use it to join the fediverse through an official ActivityPub plug-in.

ActivityPub allows social networks to talk across platforms, meaning users can see and engage with content on other platforms without making a new account. wordpress.com owner Automattic acquired the ActivityPub for WordPress plug-in earlier this year, and the feature is now available for anyone to install through WordPress settings.

According to The Verge, in the case of a WordPress.com blog, audiences will be able to follow a publisher through other federated platforms like Mastodon. Responses on other platforms will automatically turn into comments on a publisher’s WordPress post, allowing them to interact directly with off-platform audiences. The setting is available across WordPress sites on free, personal, and premium tiers – millions of blogs will now be able to join the fediverse in a few seconds.

In my opinion, the ActivityPub plug-in could potentially give WordPress blog creators more comments and views. As for me, I’m not against the plug-in. That said, I prefer placing some of my blog’s content onto the Fediverse by hand so I can choose for myself what goes there.


Day One Journal App Joins Automattic



Automattic announced that Day One, a journaling app, has joined the Automattic team. This information was posted on the WordPress blog. Day One will remain under the leadership of Founder and CEO Paul Mayne.

While WordPress.com and Tumblr have you covered for sharing your thoughts with the world, journaling with Day One is just for you. In fact, privacy is at the heart of Day One, thanks to the full end-to-end encryption applied to every entry, in every journal.

A person can choose to share specific journal entries publicly, or can decide to make their entire journal accessible to be read by the world. According to Automattic, you can expect seamless integrations with both WordPress.com and Tumblr if you want to share part of all of your Day One journal.

Day One journals can also be published as hardcopy books. It is unclear to me what, exactly, the process is to go from digital journal to physical hardcopy journal that can be kept by the author or given out as a gift. The hardcopy option is interesting. It is much harder for a content thief to scrape an entire physical book than it is for them to scrape a digital book and attempt to sell copies of it.

TechCrunch reported that unlike WordPress and Tumblr, which focus on publishing to a public audience, Day One focuses on privacy. Day One offers end-to-end encryption of all of your journal entries. Those entries can include text, media, and audio recordings.

According to TechCrunch, Day One also allows auto-import of Instagram posts, voice transcriptions, templates, rich text formatting, location history. It also has integration with Spotify, YouTube, Facebook, Twitter and more.


WordPress will Treat Google’s FLoC as a Security Concern



WordPress announced that they plan on treating Google’s new FLoC tracking technology as a security concern and plan to block it by default on WordPress sites, BleepingComputer reported. WordPress has joined the growing list of creators of browsers and search engines that refuse to implement Google’s FLoC in their content.

There is a proposal on WordPress.org titled: ““Treat FloC as a security concern”. The first thing mentioned is the EFF’s post titled: “Google’s FLoC is a terrible idea”, which notes that “placing people in groups based on their browsing habits is likely to facilitate employment, housing and other types of discrimination, as well as predatory targeting of unsophisticated consumers.”

WordPress powers approximately 41% of the web – and this community can help combat racism, sexism, anti-LGBTQ+ discrimination, and discrimination against those with mental illness with four lines of code…

The proposal also points out why it is important to take action against Google’s FloC now, instead of waiting for it to be implemented in the next update. “While it is indeed unusual to read a new ‘feature’ this way, there is precedent in that something that was not strictly a security vulnerability in comments was back-ported to previous versions for the good of the community as a whole.”

It notes that the 5.8 update is scheduled for July 2021, while FLoC will likely be rolling out this month.

Personally, I really like that WordPress is interested in protecting its users from Google’s FLoC. I’ve been using WordPress for my personal blog for years. It is really nice to know that WordPress is taking the preemptive steps to ensure that Google cannot inflict FLoC on WordPress sites.


WordFence Announces WordPress Security Learning Center



wordfence logoWordfence has launched the WordPress Security Learning Center. It is a comprehensive guide that has been designed to help the WordPress community learn about website security and how to protect their websites from attackers.

The WordPress Security Learning Center has been created for learners of every skill level. Those that are new to WordPress, or not yet confident about their tech knowledge, can start with a solid introduction to WordPress security.

Those with considerable experience can view the resources for expert developers. It really is for anybody who wants to learn more about WordPress Security.

Every article on the WordPress Security Learning Center has been labeled in order to make the difficulty level of it as clear as possible. Options include: “Basics”, “Intermediate” and “Advanced”.

You can find tutorials from beginner to advanced and developer level, helpful information about security threats and attack types, and guides for developers to help them avoid writing vulnerabilities and to penetration test their own code. Content includes in-depth articles, videos, industry survey results, helpful graphics, and more.

The WordPress Security Learning Center is a completely free resource. Anyone who wants to can visit the website, browse the resources, and start learning. Registration is not required. No payment is needed. There is no “offer”, signup, subscription, or anything like that. You don’t have to enter an email address before you can see the content. It is easily accessible.


WordPress and Jetpack combine for Annual Report



2012 Annual Report

I you run a blog then odds are you are using WordPress  as your content management system. One of the most popular plugins is Jetpack — a great solution for site stats that provides much better information than what is provided by default. Now the two have combined for an interactive annual report.

It is not clear which is behind this, or if WordPress is providing this information to non-Jetpack users, as the email comes from WordPress, while the site linked within it takes you to a Jetpack.me location. Either way, it’s a interesting, and highly interactive look at your site’s 2012 history.

Included are lists of top posts by traffic, top commentors, where the traffic came from — location, referring site and more. The email went out early this morning and a link also now appears at the top of site stats page. It also allows you to make the stats public and share them with your readers.

“Our stats helper monkeys have been busy putting together a personalized report detailing how your blog did in 2012!”


Facebook Has a New Plugin For Sharing WordPress Posts



Facebook is always looking for ways to integrate with outside platforms. It just launched something called Facebook for WordPress plugin. It enables bloggers to make their WordPress blog more social, “in a couple of clicks”. You don’t have to know how to do coding in order to make it work. Facebook has created a page that will talk you through exactly what to do.

Unlike some of the other plugins that connect to Facebook, this one was built by Facebook engineers. It seems to me that if Facebook created it, in house, that Facebook should be able to continuously update the Facebook for WordPress plugin in order to make it work with whatever changes happen to Facebook in the future. We all know that Facebook loves to change things around!

What does it do? According to Matt Kelly, who is an engineer at Facebook, it makes social publishing much easier. He said in a blog post:

“Once the plugin is installed, you can cross-post content published to WordPress to your Facebook Timeline and the Facebook pages you manage. You can also mention the names of Pages and friends as you post to further distribute your content”.

This is great for people who have a personal blog that they like to post updates about onto their Facebook page. It is also excellent for podcasters who use WordPress to post their show notes. It makes the process of adding links to your Facebook page, and the Facebook page for your podcasts, much more streamlined.

As a podcaster, I can see how the Facebook for WordPress plugin would make my life easier. Right now, when I finish the show notes for a podcast, I go into Facebook and manually copy and paste the link from my WordPress blog onto my Facebook page.

I have to do it again in order to post the link to the episode onto a Facebook page my husband and I share, (where we post all our creative projects). If I want to let a band that I played in that episode know about it, I have hunt down their Facebook page, and then post the link, again. The plugin is going to let me do all of that right from my WordPress blog. This will save a lot of time!