Contributing to WordPress

wordpress-logo-stacked-rgbMatt Mullenweg, co-founder of WordPress, recently mentioned that it would be awesome if everyone profiting from WordPress could give back 5% of their time to the free and open source blogging platform. There are many ways to contribute to WordPress, and not all of them require coding skills. Sure, the WordPress community is always looking for more developers to bring their ideas to WordPress, WordPress 4.0 was brought to us by 275 volunteers after all, but the community is also looking for more folks to help in support and documentation too.

The documentation is editable by anyone with an account, so please feel free to edit or add information wherever you feel it’s necessary. There’s even a handbook if you’re just getting started. The support forums are also open to anyone with an account. Topics without replies are easy to find, and no matter your experience level, you’ll find that there’s always someone you can help. Ten years ago, I got involved in the WordPress Support Forums while waiting for a reply to my own support thread. I figured that I might as well see if I could help out in the Installation section since I had just successfully installed WordPress a few hours earlier, and after helping a few people, I was hooked.

We recently completed the first phase of a Support Handbook for anyone eager to dive into WordPress support. Within the handbook, you’ll find some recommendations on how to support WordPress users, ways to troubleshoot common problems, philosophical bits, code examples, and even some replies to frequent issues which you are more than welcome to copy and paste as your own. Though the content is mostly complete, the Support Handbook is still a work in progress and we have some great things planned for it in the future. If you see any problems there, please do let us know in the comments on the specific page with the problem.

WordPress is open source, which means that it’s grown by the strength of its community, not the power and wealth of a single company. If you rely on WordPress, you can give back by joining the community. Whether it’s in a development role or helping out in support and documentation, every contribution will help WordPress grow into a better platform for us all.

Video

Net Neutrality

The internet today is a battleground between the internet service providers who want to charge more for faster access to certain sites and the lawmakers who want to make sure everyone has equal access. I could spend several paragraphs describing to you how your internet service provider (who already charges you for fast internet access) wants to charge more for guaranteed fast access to certain sites, like YouTube and Wikipedia, or how lawmakers against Net Neutrality are being financially backed by the internet service providers themselves, but no explanation will even come close to this from John Oliver.

If you watch any video today, make this 13-minute video it, and then join the battle for Net Neutrality.

WordPress 4.0 Released

wp4mediaWordPress 4.0 has been released! This release brings with it a stunning new gallery-like grid view for your media library, more streamlined ways of interacting with your media, a new editor which displays embeds inline and expands as you write with a toolbar which follows as you scroll down, a much more visual plugin directory, and hundreds of other behind the scenes fixes and improvements.

If you aren’t a fan of the new Media Library grid view, don’t worry, you can switch back to the old list view via a toggle near the top-left of the Media Library.

275 volunteers contributed to this release, led by Helen Hou-Sandí. At the time of writing this, WordPress 4.0 has been out for only 2 hours and has already been downloaded 104,571 times!

All users can now safely update from Dashboard -> Updates or download and update manually, though you should probably backup first just in case, unless you’re already using VaultPress, which you really should be.

If you’re a WordPress.com blogger, you have nothing to worry about, as you’ve technically been running WordPress 4.0 for a while now.

Security, Privacy, and Resetting the Net

Accusations of online surveillance by government entities are rampant. By now, you have all seen or heard of at least one clandestine government program, like PRISM, designed to spy on citizens by circumventing what was once considered to be fundamental security.

The validity of these accusations and programs are in question, as would be expected. Is there really a threat? If so, is it really as bad as described? Are those spreading the accusations seeking only to undermine the stability of their governments? Are those defending their governments simply working for their governments or living in fear of them? I doubt we’ll ever know the truth, but why should we let that stop us from protecting ourselves regardless?

Today, over 12 thousand people joined together to reach over 12 million followers to Reset the Net by promoting security and privacy. Companies like WordPress.com are already promising better security by the end of the year, and you can protect yourself now by adopting the use of many security-focused apps and privacy-focused alternatives to popular web services, like using DuckDuckGo instead of Google. By making ourselves more secure users, we promote a more secure and private internet. Whether online surveillance by government entities truly exists or not, how could you say that a more secure and private internet is a bad thing?

Now, get out there and promote a more secure and private internet! Don’t underestimate the power of your voice online. Be the change you want to see in the world.

Custom Fonts Without Plugins for WordPress Themes

After moving back, I realized that I missed my custom fonts. They didn’t add anything functional of course, it’s just an aesthetic thing. Adding custom fonts was super-simple on WordPress.com, and if you want to add custom fonts to your self-hosted WordPress blog, there are plenty of plugins like Easy Google Fonts and Typekit Fonts for WordPress, but I don’t like to use plugins if I don’t have to. I kind of missed out on the technical aspect of the web font revitalization during my three years away, and was glad to find out that adding custom fonts without plugins was a lot simpler than I had thought.

First, you’ll need to decide if you’re just going to use Jetpack’s Custom CSS module or make a child theme. If you’re unfamiliar with child themes, I recommend just using Jetpack, though a bonus step at the end of this will require the use of a child theme. It is import that you use one of these two methods, because if you modify the parent theme files, you will lose your changes whenever the theme is updated.

Once you’re all set, you’ll need to select the fonts that you want via Google Fonts (because it’s simpler than the other web font directories) by finding them and choosing “Add to Collection.” Once you’re done, hit the “Use” button, and if you know what font styles and character sets you need, choose them, otherwise leave it as-is. Now, choose the “@import” tab under the “Add this code to your website” section, copy the code there, and paste it into your Jetpack Custom CSS Module or child theme’s style.css file. This blog uses Ubuntu and Open Sans, so my import line looks like this:

@import url(https://fonts.googleapis.com/css?family=Ubuntu|Open+Sans);

Simple, right? Now for the slightly more time-consuming part. You’ll need to open your parent theme’s style.css file, find every font-family declaration you want to change, add the selectors to your Jetpack Custom CSS Module or child theme’s style.css file, and add your new font as the font-family. It’s really not as difficult as it sounds. For example, I’m using Open Sans for the body-like text and Ubuntu for the heading-like text here, and it looks like this:

body, button, input, select, textarea, .site-description, #cancel-comment-reply-link {
font-family: "Open Sans", Helvetica, Arial, sans-serif;
}

h1, h2, h3, h4, h5, h6, blockquote, .comment-author {
font-family: "Ubuntu", Georgia, Times, serif;
}

That’s all you need to do, just use either your Jetpack Custom CSS Module or child theme’s style.css file to import the custom fonts and replace them. You don’t really need an extra plugin for that.

As a bonus step, if your theme imports its own custom fonts via its functions.php file, you can dequeue them so that they no longer load (since you aren’t using them). To do that, create a functions.php file for your child theme (you will need a child theme to do this), and add a new function to remove the fonts. It varies depending on the theme, but this guide should help, and here’s what I did for Sorbet:

function sorbetchild_replace_scripts() {
wp_dequeue_style( 'sorbet-source-sans-pro' );
wp_dequeue_style( 'sorbet-pt-serif' );
}
add_action( 'wp_enqueue_scripts', 'sorbetchild_replace_scripts', 20 );

So, that’s all you need to do. Like I mentioned, it’s quite simple and the bonus step to remove existing web fonts isn’t entirely necessary. With that said, I’d like to give a big thanks to Kathryn Presner for pointing me in the right direction on this. Now, get out there and give your site some personality with a few new fonts!

Back on WordPress.org (again)

It wasn’t too long ago that I moved to WordPress.org after an almost three-year absence, and then quickly moved back to WordPress.com. I had a lot going on and just wasn’t ready to take the plunge. Now, I am ready to take the plunge, and here I am, again.

I could re-hash all of the reason for why I want to be self-hosted on WordPress.org vs. staying on WordPress.com, but you should really just read the original post linked to above. Nothing has really changed except for the plugins used and how I’m hosted.

Rather than being hosted on DreamHost’s standard shared hosting service, I’m now on DreamPress, their managed WordPress hosting service. Think of it as a special server which only hosts WordPress and is therefore designed to serve every aspect of it as quickly and perfectly as possible. That is a severely watered down explanation of it, but I figured you could get all of the juicy details from the link. :)

Plugin-wise, I’m starting out with Jetpack for tons of features, Akismet for anti-spam, VaultPress for backups, Google XML Sitemaps for sitemaps, and a few different plugins for security which I won’t be disclosing this time around. ;)

Big thanks to Mike Schroder and Mika Epstein for both occasionally encouraging me to go back to being self-hosted and for essentially creating DreamPress, Zandy Ring for making sure that everything was moved properly, and Kathryn Presner, Caroline Moore, Lance Willett, and Ian Stewart for being totally cool with me occasionally ambushing them with theme questions.

Here’s to many more years self-hosted on WordPress.org, filled with the usual combination of fun, mistakes, and self-education.

Disclosing a Security Vulnerability

Some of you are coming here from a site where this blog was apparently featured as an example of how to exploit a security vulnerability. I won’t link to it, because what that individual did was irresponsible, but it gives me the opportunity to hopefully educate some people.

There are many ways to disclose a security vulnerability, but the only right way and the only responsible way is to do it privately. If you publicly disclose a security vulnerability, you have made the world aware of both its existence and how to exploit it, endangering thousands (perhaps millions) of unsuspecting users. You are not the hero when you publicly disclose a security vulnerability, you’re the villain.

Many developers and companies have multiple ways to contact them privately. If you have found a security vulnerability, contact the developer or company privately via their official security report system or any private contact method you can find. If you can’t find one, contact them publicly and ask them to get in touch with you because you have found a security vulnerability. Any good developer or company will reply immediately via a private channel. Once you have privately disclosed the vulnerability, give them a few days to resolve the issue while it’s still known only to you, and feel free to publicly disclose it once the security vulnerability has been removed.

Be responsible by disclosing security vulnerabilities privately, not publicly.