- \n
- A plugin that reminds me of my ex: acts like it\u2019s protecting you, but really just secretly sabotages everything while you\u2019re not looking.<\/li>\n
- Bring your best ketchup-chip-fueled hot takes: Canadian WordCamp is coming.<\/li>\n
- The EAA is getting serious, and pretending your site is compliant won\u2019t cut it (just ask AccessiBe\u2019s wallet.)<\/li>\n<\/ul>\n
Hot Off The Presses: What\u2019s New?<\/h2>\n
\n![\"Funny](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2025\/05\/funny-it-support-tweet-1050x600.jpg\")
<\/div>\n<\/div>\nMost of the time, it\u2019s a simple \u201cturn it off and on again\u201d type fix. Easy peasy.<\/p>\n
But every now and then, you accidently become the final boss in someone else\u2019s support ticket queue. Now that\u2019s<\/em> impressive.<\/p>\n
Here\u2019s to all of the times you\u2019ve broken things so spectacularly, the dev team needed therapy afterwards. \ud83c\udf7b<\/p>\n
Keep reading for your fortnightly hit of WordPress news, you code-slinging rascal, you.<\/p>\n
Poutine the Spotlight on You at WordCamp Canada \ud83c\udf41<\/h2>\n
WordCamp Canada is happening in Ottawa from October 16-17th, and it\u2019s a good thing it isn\u2019t happening any later in the year\u2026 because by November you\u2019d need finger-warmers, thermal socks, and sheer willpower just to type your password.<\/p>\n
If you\u2019ve ever wanted to speak at a WordCamp, this is your moment. The call for speakers is open until June 15, which gives you plenty of time to pick a topic, write a pitch, panic about it, scrap everything, rewrite it, and finally hit submit with trembling hands (from nerves, not frostbite, yet).<\/p>\n
You can apply to give a Lightning Talk (a fast, 10-minute knowledge bomb) or go big with a 30, 60, or even 90-minute presentation on whatever WordPress rabbit hole you\u2019ve fallen down lately. And don\u2019t worry. Ottawa audiences are famously polite. If you mention anything even mildly exciting, non-governmental, or temperature-related, you\u2019ll probably get a standing ovation.<\/p>\n
If your talk is accepted, you\u2019ll score a free conference ticket and a team of actual humans who will help you prep and deliver your talk like the web wizard you are. Then you can all belt out Bryan Adams together at karaoke afterwards to celebrate.<\/p>\n
So go ahead, throw your toque<\/a> in the ring by filling out the form at the bottom of this page<\/a>. Because the only thing colder than an Ottawa winter is the regret of not applying.<\/p>\n
The Ultimate Irony: Hackers Hide Malware in Fake Security Plugin<\/h2>\n
In a twist that would make Alanis Morissette proud (speaking of Canadians), cybercriminals have introduced a malicious WordPress plugin masquerading as a security tool<\/a>. Dubbed “WP-antymalwary-bot.php” (because nothing says trustworthy like a typo, right?) it offers attackers administrator access, hides itself from the dashboard, and even injects malicious JavaScript to serve spammy ads.<\/p>\n
First spotted during a site cleanup in January 2025, this digital Trojan horse has since evolved, adopting aliases like “addons.php” and “wp-performance-booster.php.” Once activated, it leverages the REST API to execute remote code, modifies theme headers, and clears caches of popular plugins. Just when you think you\u2019ve yeeted it into oblivion, wp-chron.php says, \u2018Surprise, loser!\u2019 and drags it back from the malware grave.<\/p>\n
The origin of this campaign remains unclear, though Russian language comments suggest a possible link to Russian-speaking threat actors. This incident underscores the importance of vigilance: always vet plugins, keep your site updated, and remember that sometimes, the biggest threats come disguised as protectors.<\/p>\n
(BTW\u2026 for a plugin that is the absolute opposite<\/em> of this one and will actually<\/em> keep your site safe, may we recommend Defender<\/a>? It\u2019s guaranteed 100% free of creepy hackers)<\/p>\n
Get Ready for the European Accessibility Act (Unless You Love Fines, I Guess)<\/h2>\n
Accessibility isn\u2019t optional anymore. Here\u2019s what you need to know.<\/a><\/p>\n
The European Accessibility Act (EAA) is coming into full effect in June 2025, so it\u2019s time to make your website truly accessible – none of that AccessiBe \u201cpretend-it\u2019s-accessible\u201d nonsense.<\/p>\n
If you haven\u2019t heard – AccessiBe learned the hard way, claiming their plugin could make any website compliant with Web Content Accessibility Guidelines (WAG) and then getting hit with a $1 million fine for fake accessibility<\/a>. So, unless you want to join them in the \u201cwe should\u2019ve done better\u201d club, now\u2019s the time to get your act together!<\/p>\n
The EAA applies to all businesses with consumer-facing digital presence in the EU, and it isn\u2019t about just checking boxes; it\u2019s about actually making sure your site works for everyone. If you\u2019ve been hoping to skate by with a flashy widget and a prayer, think again.<\/p>\n
Don\u2019t sweat it too much though, WP Umbrella\u2019s got your back with a super helpful post on how to prepare your WordPress site for compliance.<\/p>\n
\ud83d\udc49 See exactly what changes you need to make before June 2025, the WP Umbrella guide breaks it down.<\/a><\/p>\n
Mind Bloggling Facts & Stats<\/h2>\n
- \n
- Another 15 bugs have been squished throughout Core in the new release of WordPress 6.8.1 that just dropped April 30th. (Source<\/a>)<\/li>\n
- Can you guess the highest number of plugins found on a WordPress site running on Kinsta? (It\u2019s more than you think) (Source<\/a>)<\/li>\n
- PressConf 2025 only gathered around 140 WordPress professionals compared to the thousands at other conferences, but Rich Tabor says that\u2019s what made it special. (Source<\/a>)<\/li>\n<\/ul>\n
Blogs & Resources You Shouldn\u2019t Miss<\/h2>\n
Think your login form\u2019s secure? This sneaky little \u201choneypot\u201d trick<\/a> might just outwit the bots for good.<\/p>\n
Who knew that turning SEO into a checklist would lead to a world filled with perfectly optimized drivel<\/a>?<\/p>\n
Being authentic and helpful: an underrated strategy<\/a> for making clients trust and refer you.<\/p>\n
ThemeSwitcherPro<\/a> lets chaos reign, so you can run multiple themes on one site.<\/p>\n
Space selfies, celebrity astronauts, and women in STEM, are we really making progress<\/a>, or just making headlines?<\/p>\n
Turn your agency\u2019s leftovers into $$$. Why let your \u201csawdust\u201d go to waste<\/a> when it could fund your next big thing?<\/p>\n
Matt Medeiros says there are \u201c3 C\u2019s\u201d of becoming a WordPress professional<\/a>. Surprisingly \u201ccoffee\u201d isn\u2019t one of them.<\/p>\n
Coffee Break Distractions<\/h2>\n
An oddly terrifying(?) cookie fortune.<\/a><\/p>\n
Why do all the AI company logos look like buttholes?<\/a><\/p>\n
Karol Krol asked GPT-4.1 to vibe code a WordPress plugin. 2 hours later, this is the result.<\/a><\/p>\n
Remember Homestar Runner? From when the internet \u201cwasn\u2019t just 4 websites on people\u2019s phones?\u201d<\/a><\/p>\n
This clever tool helps you turn 15 PTO days into 53.<\/a><\/p>\n
The feeling of switching back to WordPress after working on a janky CMS.<\/a><\/p>\n
A funny post about plugins.<\/a><\/p>\n
- Can you guess the highest number of plugins found on a WordPress site running on Kinsta? (It\u2019s more than you think) (Source<\/a>)<\/li>\n
- Another 15 bugs have been squished throughout Core in the new release of WordPress 6.8.1 that just dropped April 30th. (Source<\/a>)<\/li>\n