WordPress.org

While brushing my teeth this morning, which is usually when my mind wanders, I noticed that just on the counter everything I was looking at had a brand or logo of some sort on it. It’s usually invisible to me but once I noticed it became garish as Times Square.

I counted 11 brands on the counter at that exact moment: Dr. Hauschka, Orabrush, Common Good (soap), Kohler (sink), Bongio (faucet), Philips (toothbrush), Rembrandt, Royal Velvet (toothpaste), Sonos, Neorest (toilet), and Tom’s of Maine (mouthwash). My iPhone was on the counter but the Apple was covered in a WordPress iPhone case, I guess a 12th brand, but the only one I chose to be there.

None of these labels are easy to remove either — the Common Good, a liquid soap dispenser, looked like it was going to be easy but as it started to peel off lots of sticky residue was left behind. I’ll try soaking it later. For most of the others, including the sink and faucet, the brand was embedded in a way that would be impossible to remove without switching the contents to a different container (toothpaste, mouthwash, or moisturizer) or sanding something off (toothbrush, Sonos…).

Earlier this year I attended Burning Man for the first time, and one of the things you notice after a day there is the complete absence of brands — it’s considered gauche to have visible branding there, some people even cover up small logos (Patagonia, the Polo horse) on their clothes. As much as the rest of the experience was bizarre, living a few days in the absence of brands and advertising makes it as alien as anything else.

I don’t think you can call it a trend, but it is interesting that brands like Muji or high-end fashion like Bottega Veneta distinguish themselves as much by the absence of branding as their product quality, the visual antithesis of Louis Vuitton luggage. It’s like the first level of affluence is about broadcast, and then the ultimate level is about (apparent) minimalism.

But for regular, everyday goods, how can we get all of the advertising off them? I don’t need my sink telling me who made it. If there’s a brand around me, I want it to be one I choose. I think this is one reason people appreciate the ability to 100% customize WordPress, and counter-intuitively why most choose to leave the “Powered by” somewhere on the site, because they have the choice.

Take a look around you, how many visible brands or logos can you count?

Yesterday John Blackbourn publicly released Query Monitor, a brand new debugging plugin for WordPress. Query Monitor gives developers an easy way to monitor database queries, hooks, conditionals, HTTP requests, query vars, environment, redirects, and more. The repository is trending on github today as more WordPress developers are discovering it.

There are many excellent debugging tools available for WordPress, but this one does a few unique things that are truly noteworthy. Query Monitor provides automatic AJAX debugging and the ability to narrow things down by plugin or theme.

Once installed, the plugin adds a new admin bar menu that gives you a quick overview of the current page.

Click on any item in the menu and it will display complete data in the footer of the page. Here’s a sample output of clicking on “Hooks” in the Query Monitor menu. It displays all hooks fired on the current page with their priorities.

Query Monitor has more features than we can list here, but this is a quick very abbreviated list:

• Shows all database queries performed on the current page
• Shows affected rows and time for all queries
• Shows notifications for slow queries and queries with errors
• Shows any transients that were set, along with their timeout, component, and call stack
• Shows all WordPress conditionals on the current page, highlighted nicely
• Filter displayed actions by component (WordPress core, Plugin X, Plugin Y, theme)
• Shows the template filename for the current page
• Shows the available body classes for the current page
• Shows all HTTP requests performed on the current page (as long as they use WordPress’ HTTP API)
• Whenever a redirect occurs, Query Monitor adds an X-QM-Redirect HTTP header containing the call stack, so you can use your favorite HTTP inspector to easily trace where a redirect has come from
• Shows various PHP information such as memory limit and error reporting levels
• Shows various MySQL information, including caching and performance related configuration

That is only a small sampling of what is built into Query Monitor. You can use it to debug themes and plugins, find out why a WordPress site is running slow, track down mysterious redirects, and anything else you want to cook up.

I put the plugin on my dev environment and was blown away by how easy it is to use. The output is displayed in an organized, readable fashion. Query Monitor is aces. You can download the plugin from github or get it from wordpress.org via the WordPress admin. This is one debugging plugin you’ll want to bookmark for your toolbox.

A lot of really interesting plugins have been released into the repository this past weekend. Among them I have chosen six that really grabbed my attention. Most of these plugins are general use that can be used in almost any niche or application. However, please remember to test these on a staging site to be assured of total compatibility.

Create dazzling lightbox gallery layouts with a simple shortcode

New gallery plugin Space Boxes lets you generate unlimited gallery grids with many different layouts. This isn’t just a plugin that makes a gallery shortcode. It completely reassembles and compiles a fresh looking gallery on the fly. Each “Space Box” set is made from a standard WordPress gallery that is then inserted into a custom post type. When the shortcode is inserted [spaceboxes id=XX”] it displays the title and captions for each image, if you provided them. What is truly unique about the plugin is that it can completely modify the entire gallery template by changing just a few parameters within the shortcode. Want to change the size of each thumbnail? It’s easily done within the confines of the shortcode! Many options including the title display settings are all changed on a per-display basis. The plugin worked well with 3 different themes that I tested it on and seemed to pick up the native CSS without any difficulties. Overall I found this to be an outstanding plugin with a lot more layout variations than I was initially expecting.

Rearrange the order of your WordPress site users

Custom Users Order is a handy plugin that boasts a drag-and-drop interface within the user administration page. Simply drag the users in the order you would like them to appear in, click the update button and you’re done! This could be used to move frequent users to the top of a long list for faster access. Use caution with this one if your other users also have access to the drag and drop features on the back-end! You may turn it into an unexpected popularity contest. Just like the “Favorites” on your phone’s contact list, the order that users appear on your site could ignite controversy!

Easily display contact and social networking info

Social Contact Display offers a great way to present links to all of your social homes online. I’ve been looking for a way to spruce up my personal site with a more prominent representation of my social networking locations. This widget-based plugin provides many different display options in both horizontal and vertical axis. The item of most interest about this plugin is that there are many different icon sets provided directly within the plugin. There are other plugins out there that offer one or two graphic options, but this is the most comprehensive that I’ve seen to date. I’ve included a mix of some of the different variants that this plugin has regarding design options. Keep in mind that there are no CSS modifications to the plugin in the screen captures. This plugin also allows you to add traditional contact info within the widget, such as business name, address, phone, email, etc. It’s a great solution to get a quick social link section installed on the sidebar, the header/footer areas or all of these sections combined.

Track your most active site users

Log User Stats provides an ongoing activity log for users on your WordPress installation. It displays the ‘Total Minutes“, “Number of Logins“, and “Average Time in Minutes Per Login” that each user has logged on the site. Stats can be exported to .CSV and can be reset manually. Statistics that track engagement are quite valuable. It helps to identify your most ardent readers and contributors. This could also serve the role as an audit log for people who charge for client work based on time.

Monitor sales and sign-ups using Google Conversion Tracking

The new Pronamic Google Conversion plugin adds an shortcode to easily integrate a Google Conversion code. About 80% of WordPress users have Analytics installed, but few ever use it to the capacity for which it was intended. Items like Google Conversion Tracking are often left by the wayside in Google Analytics because of what seems to be a difficult process in implementing a conversion code from Google. This plugin makes the process a bit easier by implementing a shortcode to be used as the end-goal tracker. Simply insert the shortcode on your “goal” page. A goal page could be anything that represents a successful action on the part of the user. This could be the page that thanks a user for signing up to a newsletter, a successful transaction notice from an e-commerce site or sign-ups to individual events/webinars. No matter what your end goal is regarding conversions, this plugin will help you to track and monitor more effectively.

Embed Schema.org business data into WordPress

Installing Organization Schema Widget enables you the opportunity to display the newest Schema.org microdata. For those that are unfamiliar with what Schema.org micro-data is and how it works, let’s take a second or two to break it down. As of June 2, 2011 Bing, Google and Yahoo! implemented a common schema set for micro-data markup on web pages. In order to further classify what entity a website represents, further meta data was developed by Schema.org. These different classifications identify different types of organizations. Current official classifications include a general category in addition to Corporations, Educational organizations, Government organizations, Local Business, NGO’s, Performing Groups and Sports Teams. The data can be as simple as contact information, but also as complex as social “interaction count” that accounts for all the shares and likes that your business entity has received. While not a lot of people are implementing this background micro-data, those who do find a clear strategic advantage within search engines. Another nice feature about this plugin is that I can embed the contact data into the widget, yet choose not to display it in text format. This setting would only display the data as meta data.

Though Google does not currently use Schema.org data in its ranking calculations, there are certainly going to be inclusions in the near future. I have also used different Schema.org info on different pages. Sometimes I have client sites that have multiple locations. In this case, I just make the widget display dynamically and change the data to reflect the individual location widget that will be shown based on my dynamic display criteria. This is a powerful plugin and worth taking a look at. Overall, the schema.org data is something worth studying if you frequently work on corporate or local business sites.

Conclusion

Let me know if you found any use for the plugins that we’ve mentioned here today. I’m always in awe of the alternative uses that others have brought forth. Also remember to leave your ratings and reviews for these plugins in the WordPress Plugin Repository. Your feedback is valuable to the developers of WordPress plugins!

Jetpack is a plugin developed by Automattic, made up of a bunch of useful modules.. However, some of these modules require a connection to WordPress.com. You also can’t use one or two modules unless Jetpack as a whole is installed. I decided to challenge myself to see how many plugins it would take to mimic the functionality bundled with Jetpack. As you’ll find out, not every module can be replicated in a plugin.

WordPress.com Stats – WordPress.com Stats makes the most popular metrics easy to understand through a clear and attractive interface. WordPress.com stats was merged into Jetpack in favor of the stand alone plugin. As an alternative, you can try WP-Stats-Dashboard or Google Analytics.

Publicize – Publicize automatically shares links to published articles on networks connected to the plugin. The networks supported are LinkedIn, Facebook, Twitter, Tumblr, and Patch. 1-click Retweet/Share/Like is able to push out links to over 30 social networks, including the ones supported by Publicize. NextScripts: Social Networks Auto-Poster is another plugin that can automatically post links to a number of social networks.

Notifications – Keep up with the latest happenings on all your WordPress sites and interact with other WordPress.com users. Since this module interfaces with WordPress.com, there are no alternative plugins.

Jetpack Comments – Jetpack Comments enables your visitors to use their WordPress.com, Twitter, or Facebook accounts when commenting on your site. Social Login allows your visitors to comment, login and register with 20+ Social Networks.

Subscriptions – Allow users to subscribe to your posts and comments to receive a notification via email. Simple Email Subscriber is a nice alternative that even allows users to select which categories of the site they would like to subscribe to. You can also try Subscribe2.

Likes – Likes allow readers to show their appreciation for posts and other published content using their WordPress.com accounts. Readers will then be able to review their liked posts from WordPress.com. Since this feature of Jetpack relies on the inner network of WordPress.com, there are no alternative plugins.

Carousel – With Carousel active, any standard WordPress galleries you have embedded in posts or pages will launch a gorgeous full-screen photo browsing experience with comments and EXIF metadata. Gallery Carousel Without JetPack provides similar functionality without needing to connect to WordPress.com.

Post By Email – Publish posts to your blog directly from your personal email account. Post By Email by Kat Hagan provides the same functionality without needing Jetpack.

Sharing – The most super duper sharing tool on the interwebs. Share content with Facebook, Twitter, and many more. Jetpack Sharing by Anas H. Sulaiman is almost an exact replica of the module found in Jetpack.

Spelling And Grammar – Improve your spelling, style, and grammar with the After the Deadline Proofreading service. After the Deadline was merged into Jetpack in favor of the stand alone plugin. TinyMCE Spellcheck is a nice alternative and is actually a fork of After the Deadline.

VaultPress – VaultPress provides real-time backup and security scanning for your WordPress site. This plugin ties into the VaultPress service, similar to how Akismet works. Sucuri provides similar services. It’s worth noting that VaultPress has a lite plan that is very affordable.

Gravatar Hovercards – Show a pop-up business card of your users’ gravatar profiles in comments. Jetpack Gravatar Hovercards is a replica of the module found within Jetpack without all of the extra stuff.

Omnisearch – A single search box, that lets you search many different things. Jetpack Omnisearch is an exact replica of the Jetpack module. Considering Omnisearch will at some point be added to the core of WordPress, this will eventually be removed from Jetpack.

Contact Form – Easily insert a contact form anywhere on your site. If all you’re looking for is a simple contact form, there is no shortage of plugins available on the repository. One of them is Real Simple Contact Form. Although a little more complicated, Contact Form 7 is also a good choice.

Widget Visibility – Control what pages your widgets appear on. If you want to use this feature without using Jetpack, try Jetpack Widget Visibility which is a direct replica of the original module.

Google+ Profile – Show a link to your Google+ account in the sharing area of your posts and add your blog URL to your Google+ profile. While I was not able to locate a plugin that offered similar functionality, I discovered a number of plugins that take advantage of Google+.

WP.me Shortlinks – Enable WP.me-powered shortlinks for all of your Posts and Pages for easier sharing. Jetpack Lite which is a fork of Jetpack only contains two modules. WP.com stats and WP.me shortlinks.

Tiled Galleries – Create elegant magazine-style mosaic layouts for your photos without using an external graphic editor. Tiled Galleries Carousel Without Jetpack does exactly what its name describes: Tile Galleries without any other Jetpack modules.

Shortcode Embeds – Easily embed videos and more from sites like YouTube, Vimeo, and SlideShare. Shortcodes allow you to easily and safely embed media from other places in your site. With just one simple code, you can tell WordPress to embed YouTube, Flickr, and other media. Viper’s Video Quicktags plugin is a substitute. In fact, this plugin was the catalyst that provided oEmbed support into the core of WordPress.

Mobile Theme – Automatically optimize your site for mobile devices. WPtouch by BraveNewCode is a free alternative. ManageWP.com has a review of wpTouch from a year ago.

Custom CSS – Customize the appearance of your site using CSS but without modifying your theme. Custom CSS Manager stores changes inside of the WordPress Options Database instead of editing the actual CSS file.

Beautiful Math – Mark up your posts with the LaTeX logo markup language, perfect for complex mathematical equations and other über-geekery. I only know of two people who have used this module but if you’d like to use LaTeX in WordPress without Jetpack, try LaTeX for WordPress, WP LaTeX, and Easy WP LaTeX.

Extra Sidebar Widgets – Easily add images, Twitter updates, and your site’s RSS links to your theme’s sidebar. I searched across the web and did not find a WordPress plugin that provided a similar group of widgets. To mimic the functionality of this module, you’ll need to install anywhere between 3-4 separate plugins with widgets.

Infinite Scroll – Automatically pull the next set of posts into view when the reader approaches the bottom of the page. Sometime this feature is built into the theme and can be controlled from within the theme options. However, if a theme doesn’t have infinite scroll support, you can add it via the Infinite-Scroll plugin.

Photon – Give your site a boost by loading images from the WordPress.com content delivery network. The alternative to Photon is any other content deliver network such as MaxCDN, CloudFlare, or jsDelivr.

WordPress.com Connect – Let users login with their WordPress.com Credentials, through WordPress.com Connect. Since this module is tied directly to WordPress.com, there are no alternatives.

Enhanced Distribution – Share your public posts and comments to search engines and other services in real-time. The simplest alternative to using enhanced distribution is to navigate to the Writing Settings page in the back-end of WordPress and make sure http://rpc.pingomatic.com/ is in place where it says Update Services. When a post is published, Pingomatic automatically contacts a number of services letting them know your site has published new content.

JSON API – Allow applications to securely access your content through the cloud. JSON API is a plugin with a similar goal. There is also JSON REST API by Ryan McCue.

VideoPress – Quite possibly the easiest way to upload beautiful videos to your blog. VideoPress still has a stand alone plugin available.

Mobile Push Notifications – Receive notifications on your mobile device. Pushover Notifications for WordPress allows your WordPress site to send push notifications straight to your iOS/Android device.

Conclusion

As I’ve illustrated above, there are a ton of features that come with Jetpack. For some modules, there are plugins that replicate the same exact functionality. For others, it requires two or more plugins. All of the modules that interface with WordPress.com and its network can not be replicated because their network is off limits to plugin developers.

What I’ve learned from this challenge is that it’s possible to obtain most of the features inside of Jetpack from alternative plugins but for the most part, it’s much more convenient to have them packaged into one plugin in which I can simply turn modules on or off.

I encourage you to comment with links to additional plugins that mimic specific Jetpack modules.

WordPress development company 10up announced today that it will be sponsoring a full-time contributor to the WordPress core. The company will be contributing the efforts of Helen Hou-Sandi, a 10up employee and guest committer to WordPress. Hou-Sandi is a leader in the community and has contributed heavily to the UI improvements in the past several versions of WordPress, as well as the upcoming 3.8 release.

Helen described how a conversation with 10up President Jake Goldman sparked the company’s move towards giving employees the opportunity to contribute to WordPress. Both attended WordCamp Philly 2011 where they discussed the idea over dinner. “We talked about our shared values in the community and the conversation led to an intriguing proposition: time each week to spend contributing to WordPress – a donation to the community by way of hours and effort. It began with 5 hours a week, and as 10up grew, it increased to become 8, then 15, then 20 hours each week.”

It’s rather unique for a commercial WordPress development company to be so fiercely passionate about giving back to the project. 10up’s surprising news should give you an indication of how important the WordPress platform is for companies that build enterprise-class web solutions for clients. Giving back is a value that 10up has adopted as part of the company’s culture, and the proof is in the pudding. 10up employees include two core committers to WordPress as well as another 20 credited core contributors.

The folks at 10up are in possession of some of the most talented WordPress engineers and designers on the planet. They’ve collected employees who are passionate about WordPress and have given them the freedom to spend time contributing back to the project. It’s a smart move. Sharing Helen Hou-Sandi’s time to work on WordPress core development is a huge gift and it demonstrates the company’s solid commitment to this open source platform. Will more companies follow in the future?

Tamper-evident seals are common in the marketplace for physical goods. They instantly boost consumer confidence, because nobody wants to buy the peanut butter that has already been sniffed and tasted by a total stranger.

Wouldn’t it be nice if there was an equally easy way to tell if WordPress files had been tampered with or hacked? For the average user or developer, it’s not easy to assess core files and plugins for tampering.

Over the past few days I’ve been following a discussion on wp-hackers regarding tools that can detect file tampering. WordPress developers shared a few of their favorite methods of detection and repair.

Quick Diagnostic Tools

If you suspect that your site has been compromised, there are a few free tools that will perform a cursory diagnostic for you. First, you might consider visiting Google’s Safe Browsing diagnostic tool. Enter your URL at the end of this link:

http://www.google.com/safebrowsing/diagnostic?site=wptavern.com

Although it doesn’t let you know if WordPress core file have changed, you can get a general idea if your site has been distributing malware. This tool will let you know the following

• If your site’s current listing status is suspicious
• If Google found that malicious software being downloaded and installed without user consent when visiting your site
• If the site has acted as an intermediary resulting in further distribution of malware
• If your site has hosted malicious software over the past 90 days

The Sucuri SiteCheck remote scanner is another free diagnostic tool that can quickly check blacklisting, malware, malicious javascript, malicious iFrames, drive-by downloads, anomalies, IE-only attacks, suspicious redirections and spam.

Of course, there are plenty of things that Sucuri and Google cannot detect, so don’t stop there. If you want to get into the nitty gritty of tracking down WordPress files that have been hacked, you’ll want to employ a WordPress-specific tool.

Free WordPress Plugins to Detect File Tampering

Several free plugins stand out as excellent options for performing quick scans on WordPress installations. Beyond those there are also some great options for continually monitoring your WordPress site for file tampering.

Exploit Scanner

The Exploit Scanner plugin was created by developer Donncha O Caoimh to search both the files and the database of your website for signs of suspicious activity. It can also detect unusual file names among your list of active plugins.

Results will indicate helpful notes, more serious warnings or severe threats. The plugin is, however, simply a diagnostic tool. Once you discover something, you’ll need to remove the threat manually.

Sucuri Security – SiteCheck Malware Scanner

The folks at Sucuri have created a free plugin for WordPress sites that performs a wide range of security checks. Sucuri SiteCheck Malware Scanner should provide you with a decent indication of whether or not your site has been compromised. The plugin is able to detect various types of malware, SPAM injections, website errors, disabled sites, database connection issues, code anomalies and much more.

In addition to its detection features, the Sucuri scanner is also able to automatically perform a number of measures to harden your WordPress install, including:

• Verify WordPress Version
• Protect Uploads Directory
• Restrict wp-content Access
• Restrict wp-includes Access
• Verify PHP Version
• Disable the theme and plugin editors
• Scan all WordPress core files for changes

Lastly, the Sucuri Scanner’s “Post Hack” feature is very useful for a site that may have been compromised. It allows you to automatically reset all passwords and secret keys for all users on the installation.

Free WordPress Plugins For Actively Monitoring File Tampering

If you want to actively monitor your WordPress site for file tampering, there are a couple of excellent plugins that will help you.

Wordfence Security

Wordfence Security is a plugin that scans core files, themes and plugins against WordPress.org repository versions to check their integrity. The plugin continuously scans for malware and phishing URLs, including all URLs on the Google Safe Browsing List. It checks all your comments, posts and files to find security threats. Wordfence is also multisite-compatible and you can run the security scan for every blog on your network with one click. You can also elect to repair tampered files automatically.

In addition to scanning files for integrity, the plugin also provides a host of other security features to help keep your site safe from compromise. Some of the highlights include:

• Monitors disk space (Many DDoS attacks attempt to consume all disk space to create denial of service)
• Ability to implement Two Factor Authentication
• Option to enforce strong passwords for your administrators, publishers and users
• Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets
• Scans for old versions of timthumb script

Wordfence has dozens of configurable options but if you need more you can purchase a Premium API key that gives you Cellphone Sign-in via SMS, lets you block countries and schedule scans for specific times.

WordPress File Monitor Plus

Another excellent plugin to detect file tampering is WordPress File Monitor Plus. This plugin continuously monitors your WordPress site for added/deleted/changed files. When a change is detected, it will send you an email alert. In case you didn’t receive the email, you’ll also receive alerts within the WordPress admin area.

WordPress File Monitor Plus is also multisite-compatible. Its main features include:

• Ability to monitor files for changes based on file hash, time stamp and/or file size
• Ability to exclude files and directories from scan (for instance if you use a caching system that stores its files within the monitored zone)
• Site URL included in notification email in case plugin is in use on multiple sites
• Ability to run the file checking via an external cron so not to slow down visits to your website and to give greater flexibility over scheduling
• Ability to set file extension to be ignored or only scanned

The huge advantage of having a plugin like this in place is that you don’t have to remember to perform regular scans. It’s like having an extra set of eyes on your site at all times. You’ll receive alerts in your inbox if anything suspicious is detected.

What to Do if You’ve Been Hacked

It’s important to find out whether you have plugin, theme or core files hacked. If you’re not using a plugin that automatically performs repairs, then you’ll need to figure out which files need to be replaced. If the threat ends up being within core files, there’s not much use in tracking down the exact file. You might as well replace them all. A manual re-installation of WordPress is in order. Make backups before starting any repairs for hacked files. Also, remember to check your .htaccess file for changes that may have been added without your knowledge.

WordPress has long been a special target of hackers and spammers alike. The codex has a lengthy resource for how to clean up a site that has been hacked and tips for Hardening WordPress. Old, unprotected WordPress sites are especially vulnerable. One of the best things you can do to help keep your site secure is to make sure it’s updated to WordPress 3.7, which offers background updates for security and minor releases.

BuddyPress 1.9 Beta 1 was released over the weekend. You know what that means: some very exciting improvements to BuddyPress are right around the corner after a short period of testing. BuddyPress users are encouraged to fire up their development environments to start testing the beta.

So far there are 84 closed tickets for the 1.9 milestone. BuddyPress developer Boone Gorges highlighted new features and changes in the upcoming release that need testing:

• The new Notifications component, which adds a Notifications menu to user profiles
• New widgets: Friends and Log In
• Dynamic BuddyPress links for nav menus created at Dashboard > Appearance > Menus
• Improvements in the performance of BP_ENABLE_USERNAME_COMPATIBILITY_MODE
• Improvements to the way that scheduled posts are handled in the Activity stream

How to Test BuddyPress 1.9 Beta 1

You don’t have to be an expert developer to help test this beta. There are no special skills required, just a willingness to poke around and try the new features. The beta is not recommended for use in production, so you’ll need to put it on your test environment. Download the 1.9 beta 1 zip file or get it via SVN. If you find anything broken while trying out new features, venture over to the BuddyPress trac and see if there’s already a ticket for it. If not, feel free to create one.

You can expect the official BuddyPress 1.9 release within the next couple of weeks. We’ll take you on a grand tour once it hits the shelves.

The first beta of BuddyPress 1.9 is ready for testing!

Whether you are a BuddyPress developer, or a tinkerer with a development/testing environment, or simply an intrepid soul, we’d love for you to put this latest and greatest version of BuddyPress through its paces before its general release in a few weeks. Major changes and features that could use attention:

• The new Notifications component, which adds a Notifications menu to user profiles
• New widgets: Friends and Log In
• Dynamic BuddyPress links for nav menus created at Dashboard > Appearance > Menus
• Improvements in the performance of BP_ENABLE_USERNAME_COMPATIBILITY_MODE
• Improvements to the way that scheduled posts are handled in the Activity stream

For a complete list of closed tickets in the milestone, check out http://buddypress.trac.wordpress.org/query?status=closed&group=resolution&milestone=1.9.

Find a problem or have a suggestion? Our development home is buddypress.trac.wordpress.org, and our support/discussion forums can be found at buddypress.org/support.

A reminder that BP 1.9-beta1 is beta software. We don’t recommend that you run it on a production server. Get your copy today via Subversion, or via zip: buddypress.1.9-beta1.zip. Thanks for helping us move toward 1.9!

PostStat.us is reporting that Crowd Favorite, the WordPress consultancy company created by Alex King has been acquired by VeloMedia. VeloMedia much like Crowd Favorite does most of its business within the enterprise sector. According to the report, Alex King will be the CTO of the company while Karim Marucchi will remain the CEO. In response to the acquisition, Alex King had this to say:

I’m really excited to be joining forces with VeloMedia. I feel the culture and focus on craftsmanship at Crowd Favorite is special, and was thrilled to find that VeloMedia shares our values. We look forward to a continued focus on development excellence, employee culture and, most importantly, top notch service for our clients.

Congratulations to Alex King and Crowd Favorite on being acquired. I hope this move allows Alex to continue doing what he loves with WordPress. This is one of the first major WordPress consultancy acquisitions in the WordPress community and it certainly won’t be the last.

In this edition of WordPress Weekly, we covered the headlines of the week such as what features will be in WordPress 3.8, the default BuddyPress theme being retired in 1.9, and when to expect 3.8 to be released. During the second half of the show, we were joined by Lorelle VanFossen. We found out what she’s been up to during the past few years and learned about her new endeavor teaching WordPress at Clark College in Vancouver, WA. This episode is long in length and not edited but I encourage you to listen to the complete show or at least the interview with Lorelle as I believe what she is doing at Clark College to be very important.

Stories Discussed:

WordPress 3.8 Is On Schedule
WordPress 3.8 Merge Window Closed: New Features Now Locked In
Themify Announces Security Vulnerability With Fix
WordPress For Android Gets a Major Update
RIP BuddyPress Default Theme: Finally Laid to Rest in 1.9

WPWeekly Meta:

Next Episode: Friday, November 22nd 3 P.M. Eastern – Special Guest Tom McFarlin

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #128:

Did you know that BuddyPress changes the URL for comment authors to point to the user’s BuddyPress profile? It does this by filtering the ‘comments_array’ in the bp-core-filters.php file to insert BuddyPress URLs for blog post comments:

add_filter( 'comments_array', 'bp_core_filter_comments', 10, 2 );

For most BuddyPress sites this is a good thing, since it emphasizes users’ profiles and interaction on the site, helping members connect to each other on the social network. However, there are some WordPress sites that take a different approach to comments. People don’t always leave comments purely to join a conversation. Unfortunately, many users are motivated, at least partially, by having a link back to their own sites.

If you want to stop BuddyPress from changing the comment author URL to the profile link, it’s as simple as removing the filter:

remove_filter( 'comments_array', 'bp_core_filter_comments', 10, 2 );

Add that to your bp-custom.php file or create your own little functionality plugin for it.

As noted by @modemlooper in the comments, if you go the custom plugin route, you’ll need to make sure that BuddyPress is active before removing the filter:

function remove_url() {
remove_filter( 'comments_array', 'bp_core_filter_comments', 10, 2 );
}
add_action('bp_include', 'remove_url');

Once activated you should see that the comments now pull the url from the admin area profile.php page or the URL the user has entered in the comment form.

Chip Bennett announced on the Make.WordPress.org website that the theme review guidelines have been updated. Specifically, the theme unit tests have been reduced from required, to recommended. This change was inspired by a passionate conversation, started by Lance Willett. In that conversation they debated whether or not guidelines were hard and fast rules.

I asked Chip Bennett to explain in plain English what these changes mean for both theme reviewers and authors. This is what he had to say.

No changes have been made to the overall Guidelines, except that the Theme Unit Tests have been reduced in criticality from “Required” to “Recommended”. Developers should still test their Themes against the TUT before submission, and Reviewers will still test Themes against the TUT during reviews. The only difference is that, now, any observed issues will be noted as recommended fixes, rather than as issues required to address before Theme approval.

These changes come on the heels of a recent blog post published by Mario Peshev where he explained his experience participating in the theme review process for the past two and half years. According to Mario, some of the guidelines still contain too much subjectivity, especially when it comes to credit links located within themes. A side effect of the theme review guidelines is the large amount of themes in the directory that cater to blogging. The argument is that the guidelines do not provide enough leeway to embrace variety. However, Chip noted in the comments:

There’s nothing in the Guidelines that prohibit “business” Themes, or one-page Themes, or WooCommerce/EDD Themes, etc. If there are minor things that need exceptions (such as allowing the screenshot to display a static front page), developers can always ask for such exceptions.

Between the recent change with the theme unit tests and the engaging discussions taking place amongst the theme review community, steps are being taken in the right direction to make the theme review process easier for everyone involved. It’s worthy to note that all of the WordPress theme reviewers are volunteers helping to make the directory a better place.

The official BuddyPress Test Drive site, located at testbp.org, had been around since the early days of BuddyPress before it was taken down. Testbp.org was always running the latest version of BuddyPress and served as a place where users could try out the plugin in a live environment.

Three years ago, when BuddyPress 1.2 was released, the site had accumulated more than 15,000 members. A good chunk of these users were probably spam or test signups. When I asked BuddyPress lead developer John James Jacoby why they took the site down, he replied, “TestBP.org was popular for spammers, an echo chamber for misplaced support, and less moderated.“

Taking TestBP.org down was probably for the best, as the site was becoming a bit unruly, but that left a need for a generic example site running the latest version of BP.

BPTestDrive.org is Born

David Bisset, BuddyPress developer and creator of WP Armchair, decided to jump in and recreate the site on a new domain: BPTestDrive.org. Part of the reason was because he is giving a presentation at WordCamp Orlando and needed something people could test drive.

BPTestDrive.org currently runs the Twenty Twelve default theme and a very minimal set of plugins. The goal is to provide an example of what BuddyPress looks like “right out of the box.” Bisset plans to wipe the site regularly in order to keep the spam under control. If spam registration gets out of control, he is considering replacing the default registration with a Gravity Form. Although this is not ideal, since it’s not default BuddyPress, Bisset said, “So far I’ve gotten almost zero BP register spam when I’ve done that.”

In light of the BP Default theme being retired in BuddyPress 1.9, the new BP Test Drive site is a valuable reference for people who just want to check out how the plugin works. All the components are in place and users who are new to BuddyPress can easily test out the registration and login process. The Test Drive site is a much easier option for casual exploration than having to install BuddyPress and set all the pages up for components. Many thanks to David Bisset for taking this on. Here’s hoping he can maintain BPTestDrive.org as a long term resource.

Nearly a year ago, Chris Wallace proposed that the WordPress core adopt a CSS Preprocessor to help move admin UI CSS into the future. Including a CSS preprocessor allows developers to speed up tasks with the use of variables in stylesheets. Variables will make tasks like reskinning the WordPress admin a breeze. Wallace argued strongly for Sass in his ticket because of its relatively low barrier for entry, due to the fact that it follows the conventions of CSS at its core.

With the inclusion of MP6 finally a lock for WordPress 3.8, Helen Hou-Sandi reignited the discussion on CSS preprocessors by highlighting Wallace’s original ticket on the make.wordpress.org core development blog. After an epic debate of Sass vs. LESS, it seems that Sass has won out and will be adopted as WordPress’ CSS preprocessor moving forward.

Why Sass?

Proponents of Sass cited many reasons why it would be a better fit for WordPress than other CSS preprocessors. To quickly summarize the discussion, I’ve outlined just a few of the important arguments for a CSS preprocessor in general and for Sass in particular:

• Allows for the use of variables to calculate layout widths, generate color schemes, font sizes, etc.
• Reduces HTTP requests when stylesheets are combined into one
• Easily minify generated CSS files in bundled versions of WordPress to speed up load times
• Sass is GPL-compatible, licensed under the MIT license
• Sass is backwards compatible with all versions of CSS
• Sass supports more advanced logic – ability to include if/then/else and for/while/each statements

The main challenge with Sass is that it is dependent upon Ruby and the Sass Ruby gem. Efforts to sort out the Ruby dependency have landed on the use of grunt-sass, which allows for compiling .scss files without Ruby.

The inclusion of Sass capabilities in WordPress 3.8 will bring a bright new day for front-end developers. Are you excited about Sass use in WordPress? Or were you on the other side of the debate?

The BuddyPress Default Theme passed away at his home in the BuddyPress trunk on November 13, 2013, surrounded by family. BP Default is predeceased by his parents and relatives, the 1.1 themes, the wire, and the status components. Born on February 16th, 2010, during the golden era of BuddyPress 1.2, the BP Default theme was three years old.

In his day, BP Default was considered “clean and stylish”. He could build a social network straight out of the box like nobody’s business. BP Default was a dapper fellow, often seen about town sporting a fashion-forward blue gradient, fancy widgets and featured images.

The BuddyPress default theme is survived by hundreds of child themes that will go on living without him. A service was held on the BuddyPress development blog earlier this week. In lieu of flowers, the family has asked that you send pizza, beer or donations to any one of their Amazon wishlists.

Choking back tears, BuddyPress developer Boone Gorges spoke at BP Default’s funeral, saying:

I think I speak for everyone who has worked extensively with bp-default and its derivatives when I say that this is something of a bittersweet moment. bp-default was often a bear to work with, but it also proved to be a remarkably flexible and powerful foundation for building BuddyPress sites. And oh, that beautiful blue header gradient!

Also in attendance was Hugo Ashmore, who thanked BP Default for his service and spoke of the future:

bp-default served with honour and deserves a well earned rest :) This is the right way to go to keep core code and attention focused on theme compat and not offer too many alternatives to have to consider and support. Moving to WP theme repo would be optimum scenario and short of a few hurdles shouldn’t be too hard to achieve.

It is with fond remembrance that we lay BP Default to rest this week. While the theme will continue to be packaged with the BuddyPress download, it is no longer supported by the core development team.

BP Default will still receive critical fixes and security updates but will not get any bug fixes or new features. New installations and sites where bp-default is not already in use will no longer see BP Default in the Dashboard > Appearance screen. It’s possible that the theme will be laid to rest on wordpress.org, but that has not yet been decided. We’ll keep you updated about its final resting place. In the meantime, raise a glass to BP Default. Thanks for all the good times.

Good news for WordCamp organizers! There is now an official forum where WordCamp organizers can share tips, advice, and work together. Announced on the Make.WordPress.community website by Andrea Middleton, new organizers are encouraged to ask questions while past organizers are asked to share their knowledge.

In order to participate on the forum, you’ll need to log in using your WordPress.org account credentials. The forum is using a fresh install of bbPress. When I asked Andrea who is moderating the discussions, she told me that she’s hoping they will be largely community-moderated. However, if things get backed up, she’ll make a call for moderators. I also asked if WordCamp attendees would be able to participate on the forum.

Well, anyone with a wordpress.org account can participate, but the intention is for these forums to be a place for WordCamp organizers to share knowledge and experiences. If attendees are interested in the nitty-gritty of WordCamp organizing, I hope the forums will inspire them to join their local meetup group and get involved in organizing an upcoming event.

Andrea also had this to say:

I’m excited to have a place where organizers’ frustrations can be shared and hopefully, halved. I hope this forum becomes a great repository of tips, hacks, and lessons learned. Together we are stronger.

I think it’s important that attendees participate in the forum alongside organizers. After all, attendees are the real judges behind what worked and what didn’t. With both sides taking an active role in discussions, WordCamps will likely become better events for everyone involved.

WordPress hosting company ZippyKid has announced that it will be operating under the name of Pressable. Accompanying this major shift in rebranding will be a newly designed website. ZippyKid was started in 2010 by Vid Luther, who at the time just wanted to help out a few friends who were spending too much time configuring servers.

While the mission of WordPress is to democratize publishing, Pressable wants to simplify the publishing process on the web.

Pressable’s mission is to simplify the publishing processes on the Internet, effectively changing the way publishers use WordPress and what they expect from a hosting provider. “We’re working on a number of new features to help us achieve this mission,” says Vid. “The new name and branding helps set the stage for these projects, which we will be unveiling in 2014.

Pressable has some recognizable names investing in their company such as: Rackspace co­founders, Pat Condon and Dirk Elmendorf, Automattic, the company behind WordPress.com, DuckDuckGo founder Gabriel Weinberg, Slicehost founder Jason Seats, and 500Startups.

I asked Vid Luther why he decided to use Pressable as the new name for the company. He responded “picking the new name wasn’t easy. When we were down to our last four, I knew Pressable was the one because it appealed to the geek in me. It’s a tongue-in-cheek tip of the hat to “Scalable” and WordPress”.

What are your thoughts on the new name? Is it better or worse than ZippyKid?

It’s kind of a sobering thought that mobile communications, the cornerstone of the modern world in both developed and developing regions, pivots around software that is of dubious quality, poorly understood, entirely proprietary, and wholly insecure by design.

Thom Holwerda writes about the second operating system hiding in every mobile phone.

Today was an important day for moving forward on the WordPress 3.8 project schedule. The merge window is now closed for new features, which means that all the main features included in this release are set.

There were no surprises during the regularly scheduled WordPress development chat. All of the expected plugin candidates made it in on time, including the new dashboard design, MP6, and the THX (Theme Experience) project. Twenty Fourteen was also merged into the trunk, so the theme will officially be making its debut in WordPress 3.8 before the end of the year.

All of these features-as-plugins candidates will soon be shedding their quirky names and assimilated into core. The plugins will no longer be needed but will always have a special place in WordPress history as the features formerly known as MP6, THX and DASH.

Beta 1 is just around the corner and is scheduled to be out November 20th. At that point in time, no more commits for any new enhancements or feature requests will be included in 3.8. Contributors will focus on bug fixes and inline documentation.

Getting Ready for WordPress 3.9

Matt closed the development meeting by encouraging everyone to start getting fired up about new features for the 3.9 release.

One final thing, everyone should start thinking about plugin projects, and renewed energy on ones that didn’t make 3.8, starting after beta 1. For 3.9 to go smoothly we need the head start, just like we had for 3.8.

He suggested that developers start periodic chats to talk about new plugin projects outside of the timeline of releases. During next week’s development meeting there will be time carved out for folks to mention the projects and invite others to join for longer scheduled chats. “The obvious first ones on deck are ones that missed 3.8,” Matt said. “But we can kick off entirely new things as well, just needs folks who want to work on it.”

Now is a great time to get involved in WordPress core development. If you have feature that you’d like to work on as a plugin, you’re invited to throw your hat into the ring next Wednesday.

On October 31st, Opera announced that it is shutting down My Opera on March 1, 2014. My Opera is a social network of sorts made up of blogs, email, and a place to discuss Opera with friends. While the initial concept was launched in 2001 and then expanded upon in 2006, Opera states there are successful businesses that specifically cater to those wanting a social network or a place to share photos. “Over the years, we’ve seen social media and blogging sites pop up, which offer more and better features than we could possibly maintain. These offerings are their sole business. You all know their names and you probably use their services already.” Thus, the decision to close My Opera and to concentrate their development resources elsewhere.

Two Different Ways To Export My Opera Content

My Opera is providing two different methods to export content from the site. You can either export your blog or download all of your content. If you choose to export your content, you can take that file and import it into WordPress, Squarespace, Typepad, Movable Type, Drupal or any other system that supports XML files.

If you’d like to migrate to WordPress.com, they have an excellent guide that walks you through the process, complete with screenshots.

Tis the season for open source projects to work together and learn from one another. The Joomla community gave a warm welcome to Matt Mullenweg and Andrew Nacin at the Joomla World Conference, where Matt delivered a keynote address. This event opened up some interesting cross-platform discussions on development. The folks at WordCamp Miami are welcoming Joomla users and developers to attend their event next year in order to foster more shared experiences.

Leaders of the Drupal project are also looking to learn from other projects’ approach to development. Dries Buytaert, Drupal founder and project lead, announced today that the project will be moving towards a more agile development approach in order to deliver small changes faster.

Buytaert sites several issues with Drupal core development: “not innovating fast enough, insufficient commercial incentive to contribute, contributor burnout, and unpredictable release cycles.” Any living, breathing open source project will always have its own unique obstacles to overcome. While analyzing how Drupal’s current development approach can be improved, they compared and contrasted release strategies employed by other similar projects, including WordPress, Joomla, Typo3, Firefox, Ubuntu, Symfony and PHP.

The data collected shows that WordPress tends to iterate more quickly than others, putting out more major releases, but only offering security support for the current release. The difference here is that WordPress tries hard to never break backwards compatibility, even for major releases. Other projects surveyed may have longer waits between major releases with less emphasis on backwards compatibility but still maintain security support, or what they term LTS (Long Term Support), for older releases.

All have a substantive release anywhere from every 6 weeks (for Firefox) to 1 year (for PHP), with most at around 6 months. The projects differ in whether or how they provide LTS releases: Ubuntu does so once every two years and supports them for 5 years, while WordPress only provides security support for their latest release, but tries hard to always preserve BC, even in major releases.

Buytaert’s proposal to manage the Drupal 8 release cycle takes the best ideas from these projects and applies them in a way that will work for the Drupal community. They will be adopting a new strategy of mostly preserving backwards compatibility while aiming for an innovative release every six months, which is similar to most of the projects surveyed. At the same time, Drupal will be providing a single LTS release as the final minor release, similar to Joomla, and will support that LTS release until two additional ones have been released, in the style of Ubuntu.

The WordPress approach to release cycles is not the only way and it’s not the best way, either. It’s just the way that works for us so far. The tandem release cycle of WordPress 3.7 and 3.8 was a new approach for us, but it seems to be paying off big time. It’s exciting to see the Drupal community putting together a new strategy that will work for them, based on the strengths they see in other similar projects. The proposed changes seem to be well-received and it will be interesting to watch how this next release cycle changes things for Drupal folks.

The WordPress Android app received some significant updates this week, making it easier than ever to post on the go. As a long time Android user, I’ve seen the app go through many different stages. This update brings the most beautiful mobile experience to Android users so far.

More Robust Support for Media Handling

One of the most exciting updates included in this release is improved support for media. You can now access any of the files in your media library and edit title, description and caption for any item. When blogging on the go, chances are high that you’ll be including images and/or video. The app now provides a much smoother experience for uploading photos and videos from your device to the media library.

The gallery support in this release blows me away. Creating tiled galleries is as simple as using a long-press to select multiple media items and then tapping the gallery button to create a new gallery. The app now lets you choose a gallery style and even reorder images with drag and drop.

Stats Revamped with Faster, Native Support

WordPress for Android now includes native support for viewing stats. Users obsessed with their stats will be delighted to find that they load up faster than every before. Status support includes all the vital information:

• Visitors and Views
• Totals, Followers & Shares
• Clicks
• Referrers
• Search Engine Terms

Full stats are still available by tapping “View full site” in the overflow menu.

Protect Content With the New PIN Lock Feature

The app now includes a new item in the settings menu where users can enable a PIN lock. This helps you to protect your content from any random Joe who might get access to your phone. If you enable this feature, you’ll be prompted for your PIN to unlock the app.

Another very cool thing about PIN lock is that Automattic has made the code open source and available on github. Developers can drop this same functionality into another app if desired.

Coming Soon: A Native WordPress Reader

Another big update is in the works. The team hinted at what you can expect in the future from WordPress for Android:

Expect another big update soon that adds a native WordPress.com Reader, as well as a revamped welcome and blog setup experience.

Android users, go check out those updates if your app hasn’t already prompted you for it. More robust support for media has me feeling more inclined to blog via mobile. How are other android users liking this update? What’s on your wishlist for the WordPress for Android app?