Category: Development

Is the disclosure of user names and email addresses a weakness?

On the same day that a security searcher released details of a vulnerability in the way WordPress deals with password resets, I too reported a security issue. Well, more of a concern.

For a while I’ve noticed that more and more sites are not telling you, when you do a password reset, if the email you’ve entered is valid or not. They’ll, instead, give you a message along the lines of “if that email is valid, we will send you details on how to reset your password”. That way you can’t use the password reset feature to fish for people’s emails.

But WordPress doesn’t do that. Enter a user name or password and it will tell you if it was valid or not.
(more…)

5th May 2017
WordPress ‘Swag Store’ Gets a New Look

WordPress has recently re-launched their ‘Swag store‘ with a great new look, new features and new products to boot. Here you can pick up everything from a branded baby-grow to a phone charger and they’ve promised there’s more to come.
(more…)

27th April 2017
Why my denied WordPress Core contribution was the right thing

Yesterday, the following Tweet, copying in myself, appeared on my Timeline.

This sums up what’s wrong with @WordPress.
Someone has done it wrong in the past, now everyone has to.
@DavidArtiss https://t.co/FmgpZwVM8x pic.twitter.com/2VPIJx89YN
— Alex Goller (@alpipego) April 20, 2017

The image is a quote from the README of one of my plugins. Except it’s being used to make a point – a point I don’t agree with (which I’m guessing the Tweet author wasn’t expecting to be the case).
(more…)

21st April 2017
James Altucher Interview with Matt Mullenweg

James Altucher, a “investor, writer and entrepreneur” publishes regular podcasts and, for this latest, he interviewed Matt Mullenweg, CEO of Automattic.

You can listen to it below, or head to James’ website.
(more…)

11th April 2017
WordPress, PHP 7 and Yoast – Why we should’t be forcing users to upgrade

Right now, WordPress recommends being hosted on PHP 7 but it’s not an absolute requirement. However, since adding this as a recommendation more and more people have switched over. Having said that, according to stats provided by W3Techs, usage of PHP 7 currently stands at 3.7% across PHP users and is 8% for WordPress.

So should be be doing more to push WordPress users? Yoast thinks so and is currently forcing a non-dismissible, ‘big, ugly’ admin message to all users who haven’t upgraded.
(more…)

9th April 2017