WordPress 4.3.1 was released six days ago and included three security fixes. If you haven’t done anything silly to disable auto-updates, you would have been automatically updated within an hour of the announcement (and in some cases even before the announcement). If you have disabled auto-updates, your site was publicly at risk until you manually updated, and if you still haven’t updated, you had better do so now.
Auto-updates are not only crucial, they are almost quite literally the least you can do to protect your site. When a security update is announced, along with the vulnerabilities being made public, you could trust your site to update itself quickly and efficiently with no effort on your part, or you could disable all of that and keep your site vulnerable until you got around to doing it yourself. Sure, there is a very slim possibility that a feature of a plugin on your site may momentarily break until its developer fixes it, but such a thing is insignificant compared to recovering a hacked site, or losing an unrecoverable hacked site, just because you decided to let it live with publicly known vulnerabilities.
This doesn’t just extend to WordPress core. Plugins and themes get occasional security updates too. While WordPress doesn’t automatically update those by default, you can make it do so by modifying wp-config.php, using a plugin, or a service like Jetpack Manage. Just like with WordPress core, the updates will be applied within an hour of the release. And, if you’re worried about losing theme modifications, make sure that you’re using a child theme or a plugin like Jetpack Custom CSS so that you can modify your theme in a way that still allows you to safely update the parent theme.
When it comes to securing WordPress, there’s a lot you can do, but allowing auto-updates to function is by far the best way to keep your site secure, and almost quite literally the least you can do. Enjoy the freedom and security that auto-updates afford to you and your site.
WordPress 4.3 has been released! This release introduces menu and site icon controls to the customizer, formatting shortcuts to the editor, stronger password enforcement, and more.
246 volunteers contributed to this release, lead by Konstantin Obenland. At the time of writing this, WordPress 4.3 has been out for a bit over 2 hours and has already been downloaded 373,399 times!
All users can now safely update from Dashboard -> Updates or download and update manually, though you should probably backup first just in case, unless you’re already using VaultPress, which you really should be.
If you have not done anything silly to disable automatic updates, you were already updated hours ago. If you did do something silly to disable automatic updates, then your site has been vulnerable to 6 now publicly known security vulnerabilities for at least the past 10 hours, so you should really update manually right now, and then turn your automatic updates back on.
As always, if you run into any trouble, please let us know!
While my tiny corner of the world is being loomed over by the type of room-shaking thunderstorms it rarely experiences, I did find a tiny ray of sunlight. MacManX on Twitter is finally mine, after spending the last five years trying to wrestle it from the clutches of a long-abandoned tech news account. I don’t know why it’s so important to me, but it always bothered my that it was just sitting there unused and unloved, while I had to use MacManXcom instead. Well, now it’s mine. Time to find some sort of tiny victory horn to blast, but probably no one will hear it over this thunder.
Changing usernames on Twitter is shockingly easy, it’s actually just another settings field. You type in a new username, it instantly displays if it’s available, and you save your settings. Your Tweets are transferred over, your Followers are transferred over, everything is transferred over. I was very impressed. The only negative point is that there is no way to redirect the old username. You have officially given it up for someone else to have, which I suppose is perfectly fair. One minute to change the username, one hour to find and change any links and integrations that are within my power to change, and another hour to take a black marker to my business cards (way too many business cards). A nearly five-year struggle was over in two hours.
Sarah and I, plus a few of our friends, had a great time last night catching good friend Lawrence Tamez (saxophones and percussion) with Doobies Inc., a Doobie Brothers tribute band, at House of Blues in Anaheim. I figured I might as well share a few photos here, because stage lights are cool. If there’s a Doobies Inc. show in your neighborhood, you absolutely must go!
My wife and I felt it was about time for a vacation, so we took a few days to drive up to Sequoia National Park. On the first day, we took the easy Crescent Meadow Trail and somehow wound up on the far-less-easy Trail of the Sequoias (lovingly referred to as the Trial of the Sequoias) and all the trails we then had to take to get back to where we started. On the second day, we planned to visit Moro Rock, but wound up on the much longer trail to Moro Rock instead.
We certainly made a few mistakes along the way, but those mistakes lead us to some amazing views that we would otherwise have missed. We look forward to returning next year for everything we had actually planned to see this year.
Two weeks ago, Team Rads of Automattic met in Malta to focus our efforts on launching the inevitable WordAds 2.0 and to investigate unique marketing opportunities. We are an ever-growing distributed team, with three of us in California, one in Australia, one in Iceland, one in Portugal, and our newest team member in Italy, so we try to get together a few times each year to work out things that can’t be done over email, o2, and Slack.
Malta is an amazing country, and I really hope I can go back some time in the future to enjoy it as a vacation rather than just a business destination. We toured the island by bus and boat, and even visited the famous Blue Grotto. I also managed to take a few photos along the way.
Does any of this look interesting to you? Then I have some great news for you! If you want to work at Automattic, we’re hiring!
Last week, I mentioned that I was de-prioritizing email in my life. So far, it’s been great, and I’ve had some amazing success avoiding email in general by only using webmail. Webmail is harder to get to than launching an app, which means I don’t use it as often. Most importantly, webmail is simple and only offers essential features.
I spent the last four years changing email apps to find one that simplified email, rather than further complicating an already complex system. To be honest, Sparrow was the perfect email app, but it has mostly stopped working since Google acquired it two years ago. Airmail began life as its spiritual successor, but they keep adding features that are useless to me. It’s become the perfect example of software bloat. I’ve also tried Apple’s Mail app, Thunderbird, Postbox, Mail Pilot, and a few others I have generally forgotten, all resulting in similar feature exhaustion.
All I want to do is read and send email, but every app assumes that I want to do more, so much more. My ideal email app puts those two features up front and hides the rest unless I specifically enable them. Much to my surprise, my ideal email app is webmail. I have tried webmail from ProtonMail, iCloud, and Gmail. Their webmail does a great job of clearly presenting email’s core features. They hide the extra features behind settings, make them less visually prominent, and even omit some of the less-used extras.
Webmail’s simplicity allows me to focus on my email, and that’s exactly what I want from an email app. I’m sure a new Sparrow will show up some day, but until then, I’ll always have webmail.
Many years ago, when the internet only made this sound, I opened my first email account at Excite (and yes, it still works). Back then, I thought that email was both the most efficient and the most polite way to contact someone. Unlike sending a letter, you had the possibility of an immediate response. Unlike calling someone, you knew that they would only log in to it when they were ready to. Email was never an interruption.
That last bit has been lost to us. Email is now an interruption to our daily lives, even more so than phone calls, because it’s just so much more popular. We get email notifications on our computers, our phones, our watches, and even in front of our faces. No matter what you’re doing, something is going to let you know that someone wants you to read an email right now. I have spent the last several years under the oppressive rule of email notifications, but no longer.
Starting this week, I have de-prioritized email. Since I only check my physical mailbox for mail once a day, I’m only going to check my email twice a day. Emailed notifications are switched off everywhere, work communication is primarily via Slack, and anyone else who needs me immediately can call or send a text (preferably via Signal).
How am I going to avoid the addictive lure of my email applications? I got rid of them and have switched to webmail only (more on that later). In short, my email is now harder to get to, so it’s no longer a distraction. How will this turn out? So far, I feel more free than I ever have. There are less things clamoring for my attention throughout the day, and I only read my email when I’m ready to, which means I just have more time to do more important things throughout the day. Beyond that, only time will tell.
There has been an acquisition. Have you felt it? Automattic has acquired WooThemes, a leading developer of WordPress eCommerce solutions. The acquisition was announced just a few minutes ago, and I’m very excited that we’ll have a hand in continuing to grow this powerhouse of eCommerce tools alongside 55 new colleagues.
If you’re already a user of WooThemes products, don’t worry, it’s going to be business as usual. We’re joining forces to continue building this great eCommerce solution so we can grow WordPress to power more than just 23% of the web.
We’re moving onwards and upwards, and if you want to be a part of that journey too, we’re always hiring.