Hello everyone, some of you…

Hello everyone, some of you will have the following email in your inbox:

Your password on WordPress.org has been deactivated, and you need to reset it to log in again.

We recently discovered your login credentials in a list of compromised emails and passwords published by a group of security researchers. This list was not generated as the result of any exploit on WordPress.org, but rather someone gaining access to the email & password combination you also used on another service.

To reset your password and get access to your account, please follow these steps:
1. Go to login.wordpress.org
2. Click on the link “Lost your password?”
3. Enter your WordPress.org username:
4. Click the “Get New Password” button

It is very important that your password be unique. Using the same password on different web sites increases the risk of your account being hacked.

If you have any further questions or trouble resetting your password, please reply to this message to get help from our support team. We will never ask you to supply your account password via email.

At this point we don’t have a reason to believe any accounts have been compromised, but out of an abundance of caution passwords are proactively disabled just to make sure.

If you have any questions don’t hesitate to post them in the comments.

[EDIT]: Updated the list typo to now go in order.

[EDIT]: Comments are closed. Reply to the email folks.

Minimum PHP version requirement

Not all plugins can work on PHP 5.2, like WordPress core currently does. Not all plugin developers want to support PHP 5.2, like core does. As a project, WordPress would like to move forward and encourage people to use more recent PHP versions.

As one of the first steps to reach that goal, plugin authors can now specify a minimum required PHP version for their plugin in readme.txt file with a new Requires PHP header:


=== Plugin Name ===
Contributors: (this should be a list of wordpress.org userid's)
Donate link: http://example.com/
Tags: comments, spam
Requires at least: 4.6
Tested up to: 4.8
Requires PHP: 5.6
Stable tag: 4.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Users will see this displayed in the plugin directory, like this:

As a next step, the WordPress core team is going look into showing users a notice that they cannot install a certain plugin or theme because their install does not meet the required criteria, with some user-oriented and host-specific instructions on how to switch their site to a newer PHP version.

If you have any feedback on the subject, please leave a comment or join the next PHP meeting in #core-php channel on Slack.

x-post: Community Conduct Project Kick-off Meeting

Community Conduct Project – Kick off meeting scheduled for 17:00 UTC on the 5th September 2017

#announcement

2017 Community Summit Notes

The Plugin team is small but mighty. We had a very productive summit and contributor day this year, pushing forward some of the changes we’ve been working on for a while. The following notes are the product of the sessions as well as some hallway chats over red wine, gin, and cheese.

Notes:

  • Security issues in the new directory have to be corrected before new users can be added
  • We intend to open reviews by everyone (yes, everyone) with a .org account
  • Plugin Closures will be documented and then reported on
  • Plugin Check code revisited – What can we catch as a ‘before a human reviews’
  • Similar but not identical plugins will continue to be accepted
  • We need to allow frameworks in, but we have to do so safely to protect developers from hate-reviews when someone deletes a required framework

To Do:

  • Design a ‘dashboard’ for people to check the status of their plugins (and themes)
  • Add more stats to the plugin page (or possibly move to the future dashboard…)
  • Replace SupportPress (our email client) with something that works (possibly Support Flow?)
  • Code out a way to publicly track why a plugin was closed (see Meta 2860 and 2627)
  • Determine if we want to backfill why 6500-ish plugins are currently closed (owwwww)
  • Determine the best way to track ‘dependancies’ (in lieu of 22316 ever getting traction …) so frameworks and add-on plugins can be clearly indicated and reduce errors
  • Incorporate theme review features such as a11y and i18n ready flags
  • Make sure the VVV repo for the meta environment is sufficient for more people to contribute (see Meta Env)
  • Hold ‘open office’ hours to discuss topics like developer tools, what stats are needed, frameworks etc

Most of that to-do is on me to at least get the tickets started, but if these are things you’re interested in, then I encourage you to come to the open office hours! I’m hoping to have the first in August, as I have July Vacations 🙂 Sorry, family first!

I’ll post more about what I plan to do with the open office hours soon, including topics and schedules.

#community-summit, #contributor-day

Test With Gutenberg Please!

Call for testing: Gutenberg

This is especially important if your plugin adds meta boxes or otherwise makes changes to the editor. PLEASE test early and often.

Search Issues

UPDATE (@dd32): All issues should be resolved as of 2:15AM UTC. The root cause was a change in the behaviour of Jetpack Search which we rely upon causing queries to fail. A network outage had caused issues for some queries earlier in the day, but was completely unrelated.

You may have noticed that search is acting up. Per @dd32:

w.org is experiencing a few network issues at present in the datacenter, it’s likely that connectivity between the API and wp.com’s elastic search is up-and-down, and when it’s down, search will be offline.

Yes, that means search for plugins too.

There’s nothing to do but wait at this point. It may be up and down while the connectivity is being sorted.

X-posting Proposal: WordPress Community Conduct Project

Please read + comment on the original post.

Proposal: WordPress Community Conduct Project

New Directory Status

As everyone knows, the first phase of opening up the directory to more reviewers was getting on the new system. We’re not quite there yet, however a great deal of progress has been made!

So far, we’ve run into a few weird flow issues that are blocking us from being able to invite new people. The biggest issue is that if you know the old system, it’s easy to move tickets through the new one. But it’s set up in a way that is very very easy to make mistakes and put tickets in unrecoverable states. So we need to mitigate that as much as possible before we let new people in. Basically we don’t want to break things for users because we didn’t think about use-cases.

Okay, fine, you say. What can you do to help?

I’m glad you asked!

We have 100 tickets open in Meta Trac. You can install the meta-environment in VVV and help us out with patches. Sadly, the meta env isn’t complete. It’s missing data, so you’ll end up having to add in plugins in order to mess with the state flow.

But if you can’t patch, and I do understand that, remember to come to the Plugin Directory revamp meetings on Wednesday at 2200 UTC in #meta on Slack. And please, test test test everything! The more we break the directory, the better it is 🙂

SVN Status: Seems to be Okay

I know Dion mentioned it in a comment, but here’s the official… We think it’s okay now post (I delayed to be more sure).

The SVN sync stuff SEEMS to be okay. The main issues appear to be sorted out, so 🤞🏾

We’re keeping a close eye on it, but please do remember to be nice to our poor system 🙂

#announcement

SVN Syncing Issues Continued

tl;dr – Yes we know, yes we’re working on it, no you don’t need to email.

I’m really sorry about this issue, but right now literally all I know is that the tool we use to automagically schedule everything that happens after you use SVN to bump your plugins is acting like a truculent child. It’s slow, it’s dragging it’s feet, and it’s taking WAY more than six hours (which is usually the outside norm for this stuff) to finish, if it does at all. It took 36 hours for one plugin, and even then some people got weird results.

And no, we don’t really know why yet.

It’s possible this is related to the new directory. It’s possible it’s from the entire .org slowdown last week or maybe it’s because we released the Beta and everything is slow from that. We literally don’t know.

I apologize for a series of very curt emails, but with the volume of people complaining, we had to resort to an auto-reply of, basically, we know, please be patient. If I have anything else to tell you, I will post, but right now we don’t know why and we can’t magically tell you what we don’t know, so please be patient with us.

Also no, there’s not a ticket because this is actually outside the meta repository. That means it’s not open source, the part that’s busted. The people with the access are aware and yes, I’ve pushed to escalate this. But it’s the weekend and it’s Mothers’ Day in the US, so you’re just going to have to be a little extra patient.