Hot Off The Presses: What\u2019s New?<\/h2>\nWe\u2019ve Been Watching You\u2026<\/h3>\n
This is the 10th edition of DEV, and if you\u2019re still here reading our silly nonsense, we must be doing something right. Thanks for sticking around! <\/p>\n
But of course, we can\u2019t win em\u2019 all. We noticed that while you\u2019ve been gobbling up the news stories, you\u2019ve been breezing right past the educational stuff in the middle to the juicy little \u201cCoffee Break\u201d section at the end. <\/p>\n
This is according to our click-through metrics, of course. Don\u2019t worry, we\u2019ve not been lurking behind your computer chair. (Or have we? \ud83d\udc40)<\/p>\n
So, you\u2019d rather read a bunch of bite-sized funnies, news and links, huh? Who can blame you? We get it!<\/p>\n
Even though my therapist said I should stop trying so hard to please others, we\u2019ll be mixing things up with DEV in the hopes that you\u2019ll like it even better.<\/p>\n
This edition\u2019s Deep Dive is a round-up of links to other helpful how-to articles around the web. Let us know what you think and if that format is more fun for you to explore. <\/p>\n
And if you have any other feedback on DEV, please hit us with it in the comments!<\/p>\n
Got Your Glowsticks? We\u2019re Heading to the RAVE<\/h3>\n\n![\"Post](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/12\/dance-kid.gif\")
<\/div>\n<\/div>\n
\nJohn Blackbourn, the creator behind the Query Monitor<\/em> plugin, has created a smart new tool called RAVE<\/a>. <\/p>\nRAVE stands for \u201cReproduce and Verify\u201d and the automated tool does just that. It allows you to reproduce WordPress builds, so you can make sure the official and unofficial packages haven\u2019t been tampered with. <\/p>\n
RAVE compares the contents of the published packages with the canonical source code, immediately identifying any anomalies. <\/p>\n
Why test the official package? Well, there are plenty of opportunities for the official WordPress package to be tampered with, such as an attack on the build server, on wordpress.org or anyone else who gains access. <\/p>\n
RAVE will spot right away if the official package differs from the actual source code in the source control repos – no neon beaded bracelets or JNCO jeans necessary. <\/p>\n
Using the Jobify Theme? Watch Out! \ud83d\udea8<\/h3>\n
If you\u2019re currently rocking the Jobify theme, your site is wide open to a serious security risk. <\/p>\n
Patchstack recently<\/a> issued a warning to Jobify theme users due to an unauthenticated arbitrary file read vulnerability. <\/p>\nThis bug means hackers could poke around in your server and access sensitive files, without even needing to log in. Any malicious actor could download a file from your website by using the download_image_via_ai function. If your WordPress site is running on cloud like AWS or Azure, it can lead to the access of secret keys leading to full server compromise. Eeeek. \ud83d\ude2c<\/p>\n
The vulnerability is so far still unpatched in the latest version 4.2.3. If you\u2019re a Jobify user, you should delete or deactivate the theme<\/strong> until it can be fixed. <\/p>\nPatchstack has issued a virtual patch<\/a> to mitigate the issue by blocking attacks until an official fix becomes available. <\/p>\nAnd while you\u2019re at it, let this be your regular reminder to always keep backups of your sites and stay on top of vulnerability updates. Hackers never sleep, ya\u2019ll.<\/p>\n
Mind Bloggling Facts & Stats<\/h2>\n\n- WordCamp Granada 2024, held October 26-27 was the first industry-specific<\/em> WordCamp ever. It was dedicated entirely to tourism and the travel industry. (Source<\/a>) <\/li>\n
- According to Jamie Marsland\u2019s official polls on the WordPress YouTube account, 49% of respondents use Gutenberg to build their websites, with only 1% using Divi. (Source<\/a>)<\/li>\n
- Karol Krol asked bloggers (not developers) what they think of the Block Editor. A whopping 40% are not big fans. (Source<\/a>)<\/li>\n
- Marcus Burnette from Bluehost has also been polling folks. He asked his followers what their most important consideration was when choosing a hosting company. 44.9% said \u201csupport\u201d and only 4.1% chose \u201cprice.\u201d (Source<\/a>)<\/li>\n<\/ul>\n
Deep Dive Special Edition: Your Favourite Deep Dive\u2019s Favourite Deep Dives<\/h2>\n
There\u2019s a lot of great expert advice from super smart developers and WordPress folks out there. <\/p>\n
In this special edition of the Deep Dive we wanted to highlight some super-useful guides and how-tos you\u2019ll want to add to your bookmarks list. <\/p>\n
Wanna become the best on the block at Block Development?<\/strong><\/p>\nDeryck O\u00f1ate wrote a complete tutorial<\/a> on creating multiple Gutenberg blocks and the Interactivity API. <\/p>\nWanna know how to build a \u201ccode sandbox\u201d so you can make live edits in-browser and see changes in real-time in an isolated iframe? <\/strong><\/p>\nGrab your plastic shovels and sandcastle moulds, because Chris Ferdinandi is here to walk you through it.<\/a> <\/p>\nWanna ditch project management apps and consolidate ALL your workflows in Slack?<\/strong><\/p>\nHere\u2019s a deep dive<\/a> into how the team at We Are AG<\/em> went all in.<\/p>\nWanna make your WooCommerce store more secure than Fort Knox?<\/strong><\/p>\nThe folks at Patchstack have put together this comprehensive checklist<\/a> for locking it down.<\/p>\nWanna make this meta Deep Dive even more meta?<\/strong><\/p>\nLearn the difficult skill of learning difficult skills, with Julia Evan\u2019s classic guide, How to Teach Yourself Hard Things<\/a>.<\/p>\nBlogs & Resources You Shouldn\u2019t Miss<\/h2>\n
Forget partridges and turtle doves! KrautPress has a plugin-a-day advent calendar instead.<\/a><\/p>\nAccording to Tom McFarlin, AI hasn\u2019t completely destroyed developer content<\/a> – but it has changed it.<\/p>\nReal IP addresses being stored in your WP comments? Yikes. That\u2019s a privacy nightmare. Try this plugin instead.<\/a><\/p>\nSearch Engine Journal ranked 20 website-building platforms by accessibility<\/a>, and WordPress is NOT at the top.<\/p>\nWe\u2019re loving this episode of the WP Tavern Jukebox<\/a>, where Stephen Dumba speaks about how WordPress is changing the lives of children and educators in Uganda.<\/p>\nThe WordPress Sustainability Team are looking for contributors<\/a> to help with projects like writing sustainability guidelines, eco-optimizing events, and creating a plugin that tells you how \u201cgreen\u201d your site is (spoiler: probably not green enough).<\/p>\n\n![\"Post](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2024\/12\/IMG_0365-2-1050x499.png\")
<\/div>\n<\/div>\nCoffee Break Distractions<\/h2>\n
Developer Daniel Mangum built a website inside of Bluesky. Crazy, right?<\/a><\/p>\nYou say Potato, I say Tomato. <\/a><\/p>\nTV writers recently discovered, to their horror, that 139,000 of their scripts were hoovered up to train AI.<\/a><\/p>\nSpeaking of AI: Don\u2019t listen to chatbots that give mushroom foraging advice – it just might kill you.<\/a><\/p>\nDid you hear about the guy who tried to buy Greenland to \u201cunlock it\u2019s potential\u201d as a \u201ccrypto-native\u201d country?<\/a><\/p>\nIf you remember Homestar Runner, it\u2019s probably time to take an Advil for your back.<\/a><\/p>\n
<\/div>\n<\/div>\n RAVE stands for \u201cReproduce and Verify\u201d and the automated tool does just that. It allows you to reproduce WordPress builds, so you can make sure the official and unofficial packages haven\u2019t been tampered with. <\/p>\n RAVE compares the contents of the published packages with the canonical source code, immediately identifying any anomalies. <\/p>\n Why test the official package? Well, there are plenty of opportunities for the official WordPress package to be tampered with, such as an attack on the build server, on wordpress.org or anyone else who gains access. <\/p>\n RAVE will spot right away if the official package differs from the actual source code in the source control repos – no neon beaded bracelets or JNCO jeans necessary. <\/p>\n If you\u2019re currently rocking the Jobify theme, your site is wide open to a serious security risk. <\/p>\n Patchstack recently<\/a> issued a warning to Jobify theme users due to an unauthenticated arbitrary file read vulnerability. <\/p>\n This bug means hackers could poke around in your server and access sensitive files, without even needing to log in. Any malicious actor could download a file from your website by using the download_image_via_ai function. If your WordPress site is running on cloud like AWS or Azure, it can lead to the access of secret keys leading to full server compromise. Eeeek. \ud83d\ude2c<\/p>\n The vulnerability is so far still unpatched in the latest version 4.2.3. If you\u2019re a Jobify user, you should delete or deactivate the theme<\/strong> until it can be fixed. <\/p>\n Patchstack has issued a virtual patch<\/a> to mitigate the issue by blocking attacks until an official fix becomes available. <\/p>\n And while you\u2019re at it, let this be your regular reminder to always keep backups of your sites and stay on top of vulnerability updates. Hackers never sleep, ya\u2019ll.<\/p>\n There\u2019s a lot of great expert advice from super smart developers and WordPress folks out there. <\/p>\n In this special edition of the Deep Dive we wanted to highlight some super-useful guides and how-tos you\u2019ll want to add to your bookmarks list. <\/p>\n Wanna become the best on the block at Block Development?<\/strong><\/p>\n Deryck O\u00f1ate wrote a complete tutorial<\/a> on creating multiple Gutenberg blocks and the Interactivity API. <\/p>\n Wanna know how to build a \u201ccode sandbox\u201d so you can make live edits in-browser and see changes in real-time in an isolated iframe? <\/strong><\/p>\n Grab your plastic shovels and sandcastle moulds, because Chris Ferdinandi is here to walk you through it.<\/a> <\/p>\n Wanna ditch project management apps and consolidate ALL your workflows in Slack?<\/strong><\/p>\n Here\u2019s a deep dive<\/a> into how the team at We Are AG<\/em> went all in.<\/p>\n Wanna make your WooCommerce store more secure than Fort Knox?<\/strong><\/p>\n The folks at Patchstack have put together this comprehensive checklist<\/a> for locking it down.<\/p>\n Wanna make this meta Deep Dive even more meta?<\/strong><\/p>\n Learn the difficult skill of learning difficult skills, with Julia Evan\u2019s classic guide, How to Teach Yourself Hard Things<\/a>.<\/p>\n Forget partridges and turtle doves! KrautPress has a plugin-a-day advent calendar instead.<\/a><\/p>\n According to Tom McFarlin, AI hasn\u2019t completely destroyed developer content<\/a> – but it has changed it.<\/p>\n Real IP addresses being stored in your WP comments? Yikes. That\u2019s a privacy nightmare. Try this plugin instead.<\/a><\/p>\n Search Engine Journal ranked 20 website-building platforms by accessibility<\/a>, and WordPress is NOT at the top.<\/p>\n We\u2019re loving this episode of the WP Tavern Jukebox<\/a>, where Stephen Dumba speaks about how WordPress is changing the lives of children and educators in Uganda.<\/p>\n The WordPress Sustainability Team are looking for contributors<\/a> to help with projects like writing sustainability guidelines, eco-optimizing events, and creating a plugin that tells you how \u201cgreen\u201d your site is (spoiler: probably not green enough).<\/p>\n Developer Daniel Mangum built a website inside of Bluesky. Crazy, right?<\/a><\/p>\n You say Potato, I say Tomato. <\/a><\/p>\n TV writers recently discovered, to their horror, that 139,000 of their scripts were hoovered up to train AI.<\/a><\/p>\n Speaking of AI: Don\u2019t listen to chatbots that give mushroom foraging advice – it just might kill you.<\/a><\/p>\n Did you hear about the guy who tried to buy Greenland to \u201cunlock it\u2019s potential\u201d as a \u201ccrypto-native\u201d country?<\/a><\/p>\n If you remember Homestar Runner, it\u2019s probably time to take an Advil for your back.<\/a><\/p>\n
\nJohn Blackbourn, the creator behind the Query Monitor<\/em> plugin, has created a smart new tool called RAVE<\/a>. <\/p>\nUsing the Jobify Theme? Watch Out! \ud83d\udea8<\/h3>\n
Mind Bloggling Facts & Stats<\/h2>\n
\n
Deep Dive Special Edition: Your Favourite Deep Dive\u2019s Favourite Deep Dives<\/h2>\n
Blogs & Resources You Shouldn\u2019t Miss<\/h2>\n
<\/div>\n<\/div>\nCoffee Break Distractions<\/h2>\n