WordPress is a complex piece of software comprising many thousands of lines of code — a mixture of PHP, HTML, CSS, and JavaScript. It’s under constant development, which means that all those files are subject to change. Often, those changes will address security issues; that is, they are edits to code that caused a vulnerability. […]

One of the major motivations for the creation of the WordPress REST API is that it allows developers to easily — or more easily — build WordPress client applications. With the API, developers can build applications that can control most aspects of a WordPress site. However, great though the API is, authentication has been a […]

A website is a network of interconnected pages. Links within the content bind the pages together into a single entity, but they aren’t the only — or the best — way to organize pages according to the content they contain. To do that, we need a taxonomy, a way of grouping pages according to their […]

Versions of All In One SEO Pack older than 2.3.7 are vulnerable to a serious cross-site scripting vulnerability that could allow an attacker to take over a WordPress site. All In One SEO Pack users should immediately update the plugin to the most recent version, which contains a patch to remove the vulnerability. All In […]

The popularity of WordPress nourishes a thriving ecosystem of plugin and theme developers and designers, as well as thousands of businesses that offer WordPress-related services. The WordPress economy is worth many millions of dollars. And, it’s largely an open playing field. With a little knowledge and hard-work, it’s relatively easy to get started as a […]

Recently, we’ve been looking at how WordPress users can contribute back to the WordPress community. We discussed the ways that non-programmers can contribute, including aiding in translation efforts. Today I’d like to take a look at how you can help make WordPress more accessible. Accessibility testing is an important part of the WordPress development process. […]

My client’s website was hacked via an outdated WordPress plugin. In “Steps to Fix and Prevent a Hacked WordPress Site”, you learned how to fix a client site after a hack. The steps in that blog came from two real-life scenarios, and today we will look more closely at one of them: an outdated plugin […]

Your client has a hacked WordPress site. It’s finally happened. You’ve read about it happening to other businesses, but thought, “It won’t happen to my clients.” Their websites don’t get enough traffic; they are kept up-to-date enough, etc. Somehow, it still happened. It’s OK! The first thing you need to do is not panic. Usually, […]

In preparation for the imminent opening up of Instant Articles to all publishers, Facebook and Automattic have teamed up to develop an Instant Articles plugin for WordPress. Instant Articles is Facebook’s answer to slow websites — compatible web pages will load much more quickly within the Facebook app than on the web (assuming that the […]

One of WordPress’s great strengths is the plugin ecosystem. Developers have created thousands of plugins — most of which are free — that add any functionality you can imagine. Many businesses are built on WordPress, and some of those businesses depend on the plugins they use. What happens if those plugins go away? What do […]