TBH, AI’d Rather Not…
DEV
Stick around ‘til the end for a guy whose sense of humor speaks louder than words.
In today’s edition:
- FAIR play? The WordPress decentralized mirrorverse is here.
- PayU plugin left the door wide open… oops.
- SponsorMeWP: Because you can’t pay your electricity bill in WordPress street cred.
Hot Off The Presses: What’s New?

In the last DEV issue, we warned about AI-generated code flooding the repo with mediocrity.
But just look at the screenshot above. Turns out, the robots aren’t coming for your job just yet – they’re too busy ghosting each other.
Meanwhile, we’ll keep busting our butts (and sometimes cleaning up after them).
Welcome to the DEV. Let’s roll up our sleeves and dive in.
FAIR Enough? WordPress Gets Its Own Parallel Universe
FAIR = “What if WordPress.org… but open, federated, and cryptographically signed?”
It’s nerdy. It’s promising. It’s here. And it’s sparking exactly the kind of spirited conversation open source was built for.
Federated and Independent Repositories (FAIR) is the new Linux Foundation-backed project that’s basically WordPress’s rebel alliance, with heavy hitters like Carrie Dils, Mika Epstein, and Ryan McCue leading the charge and hundreds of contributors behind the project.
It was launched at Alt Ctrl Org, a side event at the recent WordCamp Europe in Basel.
So, what the heck is FAIR?
FAIR lets web-hosting companies and large organizations run their own mirrors of WordPress’s core update, plugin, theme and translation servers.
It’s not a fork, and it’s still all WordPress, it simply provides server components that anyone can run.
Instead of relying on the WordPress.org mothership, you can reroute plugin and theme updates through a whole galaxy of independent repositories. Supporters say the new system will strengthen security, reduce costs and replace reliance on WordPress.org.
The Linux Foundation liked it so much, they’re hosting the project. There’s also a full governance model, a Technical Steering Committee, and a roadmap built in public. Joost de Valk and Karim Marucchi are among the early champions, pushing for a future where plugin delivery isn’t bottlenecked by one central hub.
But… not everyone’s throwing confetti
Some see FAIR as a much-needed evolution. Others are asking, “Cool, but will it break my site?”
Matt Medeiros isn’t exactly breaking out the party hats. He warns FAIR might be “overpromising” and confusing regular folks who are just trying to ship a website before the weekend.
And Matt Mullenweg himself gave the project a bit of a side-eye at WordCamp Europe, calling the launch “unfortunate in some ways” and wishing for more upfront collaboration.
What’s next?
Will hosts adopt FAIR? Will plugin devs support this decentralized dream? The jury’s out, but this is the kind of bold experiment open source was born for.
Curious? Try it yourself: download the FAIR plugin from GitHub. Then federate like it’s 1999… or 2003.
FAIR Play: Relevant Reading/Listening:
- The Linux Foundation’s official press release.
- The Repository’s super-detailed breakdown.
- Joost de Valk & Karim Marucchi chat about the evolution of FAIR on the KrautPress Podcast.
- FastCompany covers the launch.
- A recording of the Fireside Chat at WCEU where Mary Hubbard & Matt Mullenweg discuss FAIR.
SponsorMeWP: Finally, a Way to Get Paid for Your WordPress Obsession
Contributing to WordPress is like being a superhero, if superheroes wore hoodies instead of capes and fixed bugs for free.
But let’s be real: saving the world with code doesn’t really pay the bills.
If you spend all the hours tweaking core, building plugins, fixing issues and sharing wisdom (because who needs a social life, right?) then there’s a new platform that wants to help you turn those unpaid hours into actual cash.
SponsorMe WP is basically a tip jar for the coders, designers and plugin wizards who keep WordPress humming.
This new project, created by WordPress legends Michelle Frechette and Marcus Burnette, is a free directory where contributors can list their skills, interests and availability for sponsorship.
Then, companies can browse the directory, find talented devs and toss a few coins their way. Whether it’s one-time sponsorship or recurring support, it’s pretty flexible. Whatever floats your boat (or pays your rent).
It’s a brilliant way to close the gap between folks with time and talent and companies with plenty of dough and the desire to give back.
Unauthorized? Unbothered. Unpatched PayU Plugin Hands Over the Keys
Heads up: A critical vulnerability in the PayU CommercePro plugin is letting unauthenticated attackers create admin accounts out of thin air.
Yep, anyone can just hijack the site via two REST endpoints that didn’t check who was calling. Thousands (5,000+ installs) are exposed, according to Patchstack.
How the attack works:
Attackers hit /wp-json/payu/v1/generate-user-token, snag a token for a hardcoded email, then the /get-shipping-cost endpoint sets the stolen token as an authenticated cookie. This makes it possible for unauthenticated attackers to create new administrative user accounts and voilà: admin access without credentials.
Severity level: CRITICAL
What should you do?
Sorry hun, there’s no patch. You’ve gotta pull the plug(in). Like, deactivate that sucker, immediately. Switching payment methods sucks. But a hijacked site sucks more.
Mind Bloggling Facts & Stats
- WordCamp Europe 2025 Recap: The biggest WordPress event in Europe, just wrapped up in Basel, Switzerland. Over 2000 folks attended, and nearly 250 volunteers and organisers made it happen. (Source)
- Image Optimization Win: In the latest TidBits, Brian Jackson from Perfmatters revealed they chopped image sizes by 29% swapping WebP for AVIF. Translation: your site just got way faster without breaking a sweat! (Psst… Smush Pro’s got AVIF support, ready when you are!)(Source)
- Networking IRL Still Reigns: According to The Admin Bar’s 2025 WordPress Professionals Survey, “in-person networking” is still king, with 57% admitting they actually talked to real humans last year instead of just sliding into DMs or stalking LinkedIn. Shocking, we know! (Source)
Blogs & Resources You Shouldn’t Miss
Your content? Chef’s kiss. AI: “Never heard of her.” Here’s how to fix that.
Bartosz just made site security easier with WP Password Policy, free, fierce and free of any “admin123” nonsense.
Your alias limit on Pro Email is now so high, even your side projects’ side projects can have inboxes.
Jason Crist’s Pattern Builder lets you build WordPress patterns that are a whole lot less frustrating, for both you AND your clients.
All of the dev talks, none of the jet lag. Stream everything you missed from WordCamp EU.
Talk WordPress to me: Bud interviews top WCEU speakers in his latest series. Get the good stuff here.
Speaking of WordCamp, the event just got a whole lot easier to navigate with a shiny new app.
Mike King’s masterclass breakdown on AI mode: what search engines see (and what they don’t).
Coffee Break Distractions
New podcast drop: Community + Code debuts with a WP powerhouse guest.
An accurate tweet on Millennial punctuation.
Embrace the chaos: Why when it comes to coding, messiness is not a bug, it’s a feature.
Pick a card, any card! (Unless you’re lactose intolerant…)
Grammarly is trulyn’t right all the time.
And finally…
Found this interesting? Forward it to someone who you think might also love it! 💗
 
						
Create your free account to post your comment
Login to post your comment