Planeta Pontevedra

WordPress 3.0 Thelonious passed 3 million downloads yesterday, and today the plugin directory followed suit with a milestone of its own: 100 million downloads.

The WordPress community’s growth over the years has been tremendous, and we want to reinvest in it. So we’re taking the next two months to concentrate on improving WordPress.org. A major part of that will be improving the infrastructure of the plugins directory. More than 10,000 plugins are in the directory, every one of them GPL compatible and free as in both beer and speech. Here’s what we have in mind:

We want to provide developers the tools they need to build the best possible plugins. We’re going to provide better integration with the forums so you can support your users. We’ll make more statistics available to you so you can analyze your user base, and over time we hope to make it easier for you to manage, build, and release localized plugins.

We want to improve how the core software works with your plugin and the plugin directory. We’re going to focus on ensuring seamless upgrades by making the best possible determinations about compatibility, and offer continual improvements to the plugin installer. And we also want to give you a better developer tool set like SVN notifications and improvements to the bug tracker.

We’re also going to experiment with other great ideas to help the community help plugin authors. We want it to be easy for you to offer comments to plugin authors and the community, including user reviews and better feedback. We may experiment with an adoption process for abandoned plugins as a way to revitalize hidden gems in the directory. I’m not sure there is a better way to show how extendable WordPress is and how awesome this community is at the same time.

As Matt said in the 3.0 release announcement, our goal isn’t to make everything perfect all at once. But we think incremental improvements can provide us with a great base for 3.1 and beyond, and for the tens of millions of users, and hundreds of millions of plugin downloads to come.

A weekend present, in haiku:

Last call; final bugs
Itch, scratch, contort; calmly wait
For now: RC3

That’s right. What will hopefully be the final release candidate, RC3, is now available for download and testing.

Plugin developers: test your plugins!

When I was a kid my dad used to practice his typing skills (on a real typewriter no less) with the phrase:

Now is the time for all good men to come to the aid of their country.

For some reason that has stuck with me all these years. Today I’m going to rephrase and repurpose that line:

Now is the time for great theme developers to come to the aid of their community.

The theme directory has been chugging along for more than a year now. During that time we’ve tinkered with the review process and some of the management tools, but haven’t really opened it up as much as we’d like. Time to rip off the band-aid and take some action, I’m asking for more community members to come and help with the process of reviewing themes for the directory.

Right now this is a bit like a New Year’s resolution to excercise every day, it’s what we need to do, but we’re still figuring out exactly how it will all work. And that’s part of the community involvement as well, I expect that those who come and help will also shape the process.

What’s involved in reviewing themes for the directory? There are the obvious things, you should be familiar with PHP and WordPress theme code (and the theme development checklist), with an eye for security issues. Also the ability to setup a separate install of the latest version of WordPress to test submitted themes with.

Hopefully a few people reading this right now are saying to themselves: I’d love to help, how do I to get started? Send in a subscription request to the theme-reviewers@lists.wordpress.org email list – http://lists.wordpress.org/mailman/listinfo/theme-reviewers – and we’ll get you hooked up!

As Matt teased earlier, the first release candidate (RC1) for WordPress 3.0 is now available. What’s an RC? An RC comes after beta and before the final launch. It means we think we’ve got everything done: all features finished, all bug squashed, and all potential issues addressed. But, then, with over 20 million people using WordPress with a wide variety of configurations and hosting setups, it’s entirely possible that we’ve missed something. So! For the brave of heart, please download the RC and test it out (but not on your live site unless you’re extra adventurous). Some things to know:

• Custom menus are finished! Yay!
• Multi-site is all set.
• The look of the WordPress admin has been lightened up a little bit, so you can focus more on your content.
• There are a ton of changes, so plugin authors, please test your plugins now, so that if there is a compatibility issue, we can figure it out before the final release.
• Plugin and theme *users* are also encouraged to test things out. If you find problems, let your plugin/theme authors know so they can figure out the cause.
• There are a couple of known issues.

If you are testing the RC and come across a bug, you can:

• Report it on the wp-testers mailing list
• Join the dev chat and tell us live at irc.freenode.net #wordpress-dev
• File a bug ticket on the WordPress Trac

We hope you enjoy playing with the 3.0 RC as much as we’ve enjoyed making it for you. Enjoy!

Download WordPress 3.0 RC1

Has it really been seven years since the first release of WordPress? It seems like just yesterday we were fresh to the world, a new entrant to a market everyone said was already saturated. (As a side note, if the common perception is that a market is finished and that everything interesting has been done already, it’s probably a really good time to enter it.)

The growth over the past year has blown me away. Since our last birthday we’ve doubled theme downloads to over 10 million, and doubled plugin downloads to 60 million. Most importantly, we continued to grow the development community to 1,528 people active on Trac and 13 committers, both numbers the highest in the history of WordPress.

That’s 1,528 people pouring their hearts and souls into GPL software we all own, we all build on, we can use as we please, we can all make better. We’ve evolved from a simple script to a web platform.

We’re on the cusp of version 3.0, with a release candidate coming out any minute now.

If you’d like to celebrate WordPress’s birthday with us — tell a friend! Help them upgrade their blog or find the perfect theme. Talk about how WordPress is built by and for a community. Drop in to help test 3.0, including all the plugins you use. Write something to take advantage of the new 3.0 features, or teach your friends how to. If you buy any themes or plugins, make sure they’re GPL or compatible just like WordPress. We’ve got a long road ahead of us, it’s important that we not forget that Open Source got us this far, and is the only way we’re going to get to the next level. The whole of what we can build together is far greater than the sum of our parts. Spread the good word.

Following the successful post-WordCamp San Francisco code sprint, we are now ready to release the second beta of WordPress 3.0.
Things to test:

• Revised menu user interface
• Changes to the WordPress exporter and importer to make it more flexible

Already have a test install that you want to switch over to the beta? Try the beta tester plugin.

Testers, don’t forget to use the wp-testers mailing list to discuss bugs you encounter.

We hope you like it! And if you don’t, well, check back when the release candidate is ready.

Download the WordPress 3.0 Beta 2 now!

Early next week, we’re hoping to release the 2nd beta release of WordPress 3.0 on our journey toward the final version. There are still over 200 bugs in the 3.0 milestone, and we can use all the help we can get on fixing these problems. If you’re a developer, take a look at the list of bugs that still need fixing in 3.0. Write a patch, or test and give feedback on someone else’s. The tickets around custom post types and taxonomies are especially in need of help. Every little bit helps, so if you’re a developer who’s never contributed to core before, maybe now is the right time! Check out our information on contributing to WordPress core, and head over to Trac to see if there’s a problem you might know how to fix. If you get stuck, need collaborators, or have a question about the best way to approach a fix, hop into the dev channel on IRC at irc.freenode.net, channel #wordpress-dev. Core developers will be around over the weekend working on bugs themselves, so if you’re trying to help, don’t be afraid to ask questions. With your help, maybe by Monday we can knock the bug count down to half of what it is right now. How great would that be? (Answer: pretty great)

The sprint will go full force until Monday afternoon, when the lead developers and core committers will all stop to take a breath and look at the remaining bug reports to see how we did over the weekend, so don’t wait! And thanks!

Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.

WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?

A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.

I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.

If you’re a web host and you turn a bad file permissions story into a WordPress story, you’re doing something wrong.

P.S. Network Solutions, it’s “WordPress” not “Word Press.”

Remember when I posted earlier about the Twitter account, and I said that hopefully you’d find out later today what has been keeping us all so busy? Beta testers, this is your moment: the WordPress 3.0 Beta 1 has arrived!

This is an early beta. This means there are a few things we’re still finishing. We wanted to get people testing it this weekend, so we’re releasing it now rather than waiting another week until everything is finalized and polished. There’s a ton of stuff going on in 3.0, so this time we’re giving you a list of things to check out, so that we can make sure people are testing all the things that need it.

You Should Know:

• The custom menus system (Appearance > Menus) is not quite finished. In Beta 2, the layout will be different and a bunch of the functionality will be improved, but we didn’t want to hold things up for this one screen. You can play with making custom menus, and report bugs if you find them, but this is not how the final screen will look/work, so don’t get attached to it.
• The merge! Yes, WordPress and WordPress MU have merged. This does not mean that you can suddenly start adding a bunch of new blogs from within your regular WordPress Dashboard. If you’re interested in testing the Super Admin stuff associated with multiple sites, you’ll need some simple directions to get started.
• We’re still fiddling with a few small things in the UI, as we were focused on getting the more function-oriented code finished first. For example, we’re getting a new icon for the Super Admin section.

Things to test:

• Play with the new default theme, Twenty Ten, including the custom background and header options.
• Custom Post Type functionality has been beefed up. It’s really easy to add new types, so do that and see how it looks!
• WordPress MU users should test the multiple sites functionality to make sure nothing broke during the merge.

Already have a test install that you want to switch over to the beta? Try the beta tester plugin.

Testers, don’t forget to use the wp-testers mailing list to discuss bugs you encounter.

We hope you like it! And if you don’t, well, check back when beta 2 is ready.

Download the WordPress 3.0 Beta 1 now!

Scene: A college classroom

Professor: So. Out of the 20 students in the class, half wrote WordPress Summer of Code proposals good enough to receive an A. How many of you are planning to apply for the program?

Jack, a student: I am. They opened applications today.

Sophie, a student: I am. And that sentence was grammatically terrible.

Jack: Shut up.

Chris, a student: I’m not applying.

Jack (to Chris): Chicken?

Sophie: You’re such a jerk! Maybe he has a job lined up or something, did you ever think of that?

Professor: Whoa -

Chris: Actually, I’m going backpacking in Australia with my Dad. No internet for about half the time, and when I emailed the people at WordPress they said I should probably wait until next year to apply and make sure I’d be able to be online through the whole summer.

Professor: Fair enough. The application period opens today at 19:00 UTC and goes through April 9th, so let’s hear from the people who are applying.

Jack: I’m submitting mine today.

Sophie: That’s just stupid.

Andrea, a teacher’s assistant: Hey, that’s not necessary.

Jack: Yeah! The early bird gets the worm, or hadn’t you heard?

Sophie: What I heard was that the WordPress mentors are holding open IRC chats this week to talk to prospective students and give them feedback on proposals and ideas, and that talking directly to the mentors ups your chances of being selected. But I guess you don’t think you need the people who are actually choosing the students to know your name because your proposal is so brilliant?

Jack’s jaw drops.

Jack: Where did you hear that? It wasn’t on the GSoC mailing list.

Sophie: I joined the wp-hackers list and asked all the core contributors for feedback on my idea, and then I emailed 3 potential mentors to see what they thought of it personally. By the time applications are due, I’ll have revised it based on community and mentor feedback, and enough people will know who I am — and that I’m full of initiative — that my chances of being accepted will be much better.

Jack: You think you’re all Felicia Day with your MW2 level 70, but you’re just a computer nerd.

Sophie: Um, duh. We’re in an advanced computer programming class. We’re all computer nerds.

Professor: Now, now. Sophie’s correct; talking to community members and mentors will improve her chances. But, Jack, there’s no reason you can’t join the IRC chats and the mailing list to get your name out there, too, even if you submit your application today. Most proposals get tweaked a bit after the students are chosen anyway.

Sophie: Plus, Felicia Day is awesome! And she uses WordPress, so ha!

End Act II.

Here’s the deal. The application period opens today. Early applications will likely get a bit more attention up front, but it’s also important that your ideas and approach are vetted by the community and the mentors. If you haven’t already, you should join the wp-hackers mailing list and send your proposal to the list for feedback. We’ll also be doing a few IRC chats during the application period to give students a chance to talk directly with the mentors. Note that not every mentor will attend all three chats, so if you want to talk to a specific person, you might want to email them. Please arrive on time to the chats, as they will be scheduled for an hour, and will have to accommodate multiple students. IRC chats will be held at irc.freenode.net in room #wordpress-gsoc.

• Wednesday, March March 31 at 20:30 UTC (4:30pm eastern)
• Saturday, April 3 at 21:30 UTC (5:30pm eastern)
• Wednesday, April 7 at 20:30 UTC (4:30pm eastern)

This chat room will remain open during the application period, and various mentors and community members may be there and able to answer questions, but the scheduled chats are the only official times at which they are scheduled to do so.

Oh, and if you want to help publicize the WordPress summer of code, grab a flyer and post it somewhere on a bulletin board at your local college campus. Professors, don’t forget to encourage your brightest students to apply!