This Week in WordPress: Banking Security and Smushing Done Right

This Week in WordPress: Banking Security and Smushing Done Right

This week’s round-up of WordPress news, views and reviews summarized in our daily email newsletter, The WhiP.

Subscribe to The Whip for daily lashings of WordPress goodness.

Monday, April 13

Let’s Encrypt

(WordPress News)

Automattic has joined Mozilla, Cisco, EF and several other organizations as a major sponsor of Let’s Encrypt, a new free and open certificate authority aimed at transitioning as many domains as possible from HTTP to HTTPS. BuddyPress 2.2.2 is out. The security and maintenance release fixes two potential vulnerabilities and improves filtering of the title tag.

The WP REST API development team has released a critical security update. It fixes a serious information disclosure vulnerability, which allowed for unpublished content and post revisions to be retrieved via the REST API in versions 1.2.0 and earlier.

WooCommerce has surpassed seven million downloads. To celebrate the occasion, WooThemes has published some interesting stats about the e-Commerce plugin’s growth.

On the latest episode of the KitchensinkWP podcast, Adam Silver gives an overview on GIT.

And on WPwatercooler, the usual folks discuss creating a WordPress starter theme with Underscores and Zurb Foundation.

Dead On Arrival


ManageWP’s Vladimir Prelovac has conducted a “scientific” search for the biggest WordPress brand and the results aren’t all that surprising.

The selection process for speakers in WordCamps is anything but open, according to Nelio co-founder Jordi Cabot, who has called for a more open and peer-reviewed WordCamp speaker selection process.

Easy Digital Downloads, Cart 66, and WP eCommerce are just some of the popular WooCommerce alternatives covered in our latest post.

Democratize Generosity

(Themes and Plugins)

Disk Usage Sunburst lets you visualize the disk spaced used by your WordPress site.

The WhatsApp Sharing Button for Jetpack plugin adds a WhatsApp button to Jetpack’s sharing module.

The Easy Featured Images plugin lets you add, modify and delete featured images without having to manually edit each post.

Plugin Vulnerabilities is a new plugin that automatically detects known security vulnerabilities in any of your installed plugins and alerts you via the admin and email alerts.

Give is a new donations plugin that aims to “democratize generosity.”

AffiliateWP, Pippins Plugins’ commercial plugin for managing affiliate programs in WordPress, has turned one.

Hide and Seek

(Tutorials, Tips, and Tricks)

How to Hide Specific Pages in the WordPress Admin (WPMU DEV).

Moving WordPress: Moving Your Site Manually (tuts+).

How To Secure Your WordPress Site: WordPress Security 101 (WP Kube).

A Walk Through Some Vital Variables in WordPress (WP Daily Themes).

How LinkedIn Marketing Can Get You More Customers (Elegant Themes).

How To Find A Good Domain Name For Your New Website (Elegant Themes).

The Fundamentals of Writing Clean Code (WebDevStudios).

The Horror

(Off-Topic, Random Stuff)

If you think the existence of a $17k Apple Watch is scary, check out this horror story constructed entirely from actual sentences in reviews of the product.

You’ve Got Gmail is a Chrome extension that plays AOL’s old “you’ve got mail” sound whenever you get a new Gmail message.

All the best for a thoughtful and productive Monday.

Tuesday, April 14

Behind the Scenes

(WordPress News)

“By far the biggest advantage and the best reason to use Jetpack is the fact that we have 20 active developers… and an active crew of about 10 support folks that are daily focused on enriching the experience, fixing any issues that come up. That, by far, to me is the biggest selling point, the biggest advantage over using 30 different plugins where the code quality may be more questionable.” Earlier this year, Matt Mullenweg highlighted Jetpack as one of the most important tools in helping WordPress remain competitive and preventing the decline of its market share. WP Tavern goes behind the scenes with the Jetpack team.

“I think the direction WordPress is heading is the most optimal one. The introduction of the REST API finally puts WordPress on the API map. Most modern internet services already ‘speak JSON,’ and this will make it easier for developers to think outside the box. In my personal opinion, it still has some problems to deal with, primarily with its legacy of being a blogging platform; forcing every entity to become a post type.” Tomaž Zaman shares the journey behind Codeable.Io in the latest Cloudways Q&A.

Santa Maria


Do you know who designed the WordPress logo? Here are nine interesting facts you might not know about WordPress.

CodeInWP is making a lot of money off of one premium theme, Zerif Pro. The company has released it’s second transparency report.

Do You Want to Build a Weeebsiiite?

(Themes and Plugins)

On our blog, we take a look at how to create a limited time offer on your site and draw new customers with our Social Marketing and Schedule Content plugins.

Pagely explains how to sell files with WordPress and Easy Digital Downloads.

Developer Tom MacFarlin wants to teach you how to do what he does with his premium course, Introduction To WordPress Development.

Hide and Seek

(Tutorials, Tips, and Tricks)

Tips for Hosting WordPress on Pantheon (Mark Jaquith).

Add Delete Confirmation Modal To Form With jQuery (Paul Underwood).

Mastering WP_Query: An Introduction (tuts+).

WordPress for the Adventurous: Rewrite API (Carl Alexander).

Jump? How High?

(Off-Topic, Random Stuff)

Dads in Japan prove they are cool, if somewhat dorky. Lifehacker’s Patrick Allan took a week off from tech distractions and discovered he didn’t really need his phone after all.

Stuck for a new password? Edward Snowden suggests picking a passphrase, like “margaretthatcheris110%SEXY”.

All the best for an awesome Tuesday.

Wednesday, April 15

Tricky Timezones

(WordPress News)

WordPress 4.2 is out next week. Here’s a look at what to expect from the upcoming release.WordPress for Android 3.9 is out and adds two-factor authentication and improvements to the media library.

Tricky timezone scheduling has prompted WPSessions founder Brian Richards to announce a huge shift in his pricing structure, with live sessions now free.

iThemes Security users are being urged to update to the latest version. The company behind the popular security plugin has fixed a stored XSS issue that allowed potentially dangerous JavaScript to run when viewing 404 logs.

Power Users


WPCurve, WP Maintainer, WP Site Care, Maintainn… there are a lot of WordPress maintenance services out there. WP LIft compares the top companies and ranks its favorite.

In case you get WordPress and Automattic confused, Post Status explains the differences between the two.

Do you use WordPress frameworks? A bunch of developers talk to WP Mayor about why they love – or in some cases avoid – frameworks.

Have you checked out It’s described as the “WordPress Hook/API Index.”

WP Engine writes about helping sites survive the Shark Tank effect. Fresh Patch, a company that appeared on the popular reality show in February, is a WP Engine customer.

“… The bottom line is there are such things are WordPress developers and they are not the kind of people who can install WordPress, a theme, and a plugin then claim they’ve “developed” a project. These are power users.”Tom McFarlin clears up any confusion about what a WordPress developer actually is.

Smushing Goodness

(Themes and Plugins)

Introducing the all new WP Smush! Yahoo silently ditched its smushing service recently so we’ve taken over where they left off, created a brand new API, and the smushing experience is now better than ever.

Updated: 12/20/2018 – Smush Pro now includes WebP compression, automatic image scaling and 10GB of CDN storage on our 40 Tbps servers with 45 share points around the world.

Plugin Groups is a free new plugin by CalderaWP that adds the ability to organize plugins by groups for easy filtering.

Wordfence Premium has recently added the ability to audit user passwords in WordPress.

Hooks, Filters, Action!

(Tutorials, Tips, and Tricks)

WordPress Hooks, Actions, and Filters: What They Do and How They Work (WP Shout).

SEO In-Depth: Understanding and Optimizing the WordPress Robots.txt (Torque).

Create a Simple CRM in WordPress: Extending WordPress Search to Include Custom Fields (tuts+).

How To Create Custom Post Types In WordPress (WPMU DEV).

5 Tips For More Effective Email Marketing Campaigns (Elegant Themes).


(Off-Topic, Random Stuff)

“Every day I receive requests for password reset for this blog and I am tired of seeing them. I am not sure why these people are trying to reset the password, probably they do not understand how the “password reset” works.” is for sale if you have a spare $80,000 lying around… or want to pay a $3000 annual fee.

Have you pushed the button? The Reddit button explained.

All the best for an awesome Wednesday.

Thursday, April 16

Refresh Prince of Bel-Air

(WordPress News)

Have you ever wondered what powers banking websites? Matt Mullenweg says there’s no reason why you shouldn’t use WordPress. After all, all you need is to keep WordPress up-to-date and use strong passwords. Easy, right?

The release candidate for WordPress 4.2 is out. More than 140 changes have been made since beta 4 was released a week and a half ago.

The Translate WordPress team needs help translating the WordPress 4.2 release video. If you think you can help, get in touch.

The latest interview in Pagely’s 8 Questions series features Shawn Hesketh from WP101, a resource helping hundreds of thousands of WordPress users find their feet.

And WP Engine’s Finely Tuned Consultant series features developer Carrie Dils, who specializes in the Genesis framework.

Since taking over Maintainn, WebDevStudios has hit refresh on the maintenance service’s website.

In case you ever doubted WordPress’ dominance as a CMS, here are W3Techs’ up-to-date stats proving once and for all that WordPress isn’t going anywhere anytime soon.

Game Changer


Has there been enough excitement about the WP-API? Maybe not, at least according to Fusion Media, who believe it will be a “foundational, game-changing technology” for the media company.

“Perhaps this is a cultural thing but I think that we spend a lot of time trying to find the proper titles to apply to ourselves in order to indicate our level of experience.” Developer Tom McFarlin follows up his popular post What is a WordPress Developer? and clarifies that he doesn’t believe he’s an expert.

Woo Me

(Themes and Plugins)

Easy Digital Downloads has turned three years old. Since releasing “a small eCommerce plugin to the world,” developer Pippin Williamson takes a look at some of the hardships and a few of the peaks he encountered along the way.

Did you know WooCommerce accounts for 85% of all sales at WooThemes?And the plugin recently surpassed seven million downloads. Give your eBay site the edge over your competition with these essential plugins for WordPress.

Hearts a Mess

(Tutorials, Tips, and Tricks)

How To Add Featured Image Support In WordPress Websites (Cloudways).

Ultimate Guide to Link Types for Hyperlinks (Six Revisions).

The Hills are Alive

(Off-Topic, Random Stuff)

There’s been a lot of hating on Hillary Clinton’s campaign logo. So why not create your own with the Hillvetica typeface! A Craigslister has made the most ridiculous used car ad with a drone. And it’s actually really cool.

All the best for an awesome Thursday.