- \n
- FAIR play? The WordPress decentralized mirrorverse is here.<\/li>\n
- PayU plugin left the door wide open\u2026 oops.<\/li>\n
- SponsorMeWP: Because you can\u2019t pay your electricity bill in WordPress street cred.<\/li>\n<\/ul>\n
Hot Off The Presses: What\u2019s New?<\/h2>\n
\n![\"ChatGPT](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2025\/06\/chatgpt-vs-claude-programmer-meme-1050x785.png\")
<\/div>\n<\/div>\nIn the last DEV issue, we warned about AI-generated code flooding the repo with mediocrity.<\/p>\n
But just look at the screenshot above. Turns out, the robots aren\u2019t coming for your job just yet – they\u2019re too busy ghosting each other.<\/p>\n
Meanwhile, we\u2019ll keep busting our butts (and sometimes cleaning up after them).<\/p>\n
Welcome to the DEV. Let\u2019s roll up our sleeves and dive in.<\/p>\n
FAIR Enough? WordPress Gets Its Own Parallel Universe<\/h2>\n
FAIR<\/strong> = \u201cWhat if WordPress.org… but open, federated, and cryptographically signed?\u201d<\/p>\n
It\u2019s nerdy. It\u2019s promising. It\u2019s here. And it\u2019s sparking exactly the kind of spirited conversation open source was built for.<\/p>\n
Federated and Independent Repositories (FAIR) is the new Linux Foundation-backed project that\u2019s basically WordPress\u2019s rebel alliance, with heavy hitters like Carrie Dils, Mika Epstein, and Ryan McCue leading the charge and hundreds of contributors behind the project.<\/p>\n
It was launched at Alt Ctrl Org, a side event at the recent WordCamp Europe in Basel.<\/p>\n
So, what the heck is FAIR?<\/h3>\n
FAIR lets web-hosting companies and large organizations run their own mirrors of WordPress\u2019s core update, plugin, theme and translation servers.<\/p>\n
It\u2019s not a fork, and it\u2019s still all WordPress, it simply provides server components that anyone can run.<\/p>\n
Instead of relying on the WordPress.org mothership, you can reroute plugin and theme updates through a whole galaxy of independent repositories. Supporters say the new system will strengthen security, reduce costs and replace reliance on WordPress.org<\/a>.<\/p>\n
The Linux Foundation liked it so much, they\u2019re hosting the project. There\u2019s also a full governance model, a Technical Steering Committee, and a roadmap built in public. Joost de Valk and Karim Marucchi are among the early champions, pushing for a future where plugin delivery isn\u2019t bottlenecked by one central hub.<\/p>\n
But\u2026 not everyone\u2019s throwing confetti<\/h3>\n
Some see FAIR as a much-needed evolution. Others are asking, \u201cCool, but will it break my site?\u201d<\/p>\n
Matt Medeiros isn\u2019t exactly breaking out the party hats<\/a>. He warns FAIR might be \u201coverpromising\u201d and confusing regular folks who are just trying to ship a website before the weekend.<\/p>\n
And Matt Mullenweg himself gave the project a bit of a side-eye at WordCamp Europe, calling the launch \u201cunfortunate in some ways\u201d and wishing for more upfront collaboration<\/a>.<\/p>\n
What\u2019s next?<\/h3>\n
Will hosts adopt FAIR? Will plugin devs support this decentralized dream? The jury\u2019s out, but this is the kind of bold experiment open source was born for.<\/p>\n
Curious? Try it yourself: download the FAIR plugin from GitHub<\/a>. Then federate like it\u2019s 1999\u2026 or 2003.<\/p>\n
FAIR Play: Relevant Reading\/Listening:<\/strong><\/p>\n
- \n
- The Linux Foundation\u2019s official press release<\/a>.<\/li>\n
- The Repository\u2019s super-detailed breakdown<\/a>.<\/li>\n
- Joost de Valk & Karim Marucchi chat about the evolution of FAIR on the KrautPress Podcast<\/a>.<\/li>\n
- FastCompany covers the launch<\/a>.<\/li>\n
- A recording of the Fireside Chat<\/a> at WCEU where Mary Hubbard & Matt Mullenweg discuss FAIR.<\/li>\n<\/ul>\n
SponsorMeWP: Finally, a Way to Get Paid for Your WordPress Obsession<\/h2>\n
Contributing to WordPress is like being a superhero, if superheroes wore hoodies instead of capes and fixed bugs for free.<\/p>\n
But let\u2019s be real: saving the world with code doesn\u2019t really pay the bills.<\/p>\n
If you spend all the hours<\/em> tweaking core, building plugins, fixing issues and sharing wisdom (because who needs a social life, right?) then there\u2019s a new platform that wants to help you turn those unpaid hours into actual cash.<\/p>\n
SponsorMe WP<\/a> is basically a tip jar for the coders, designers and plugin wizards who keep WordPress humming.<\/p>\n
This new project, created by WordPress legends Michelle Frechette and Marcus Burnette, is a free directory where contributors can list their skills, interests and availability for sponsorship.<\/p>\n
Then, companies can browse the directory, find talented devs and toss a few coins their way. Whether it\u2019s one-time sponsorship or recurring support, it\u2019s pretty flexible. Whatever floats your boat (or pays your rent).<\/p>\n
It\u2019s a brilliant way to close the gap between folks with time and talent and companies with plenty of dough and the desire to give back.<\/p>\n
Unauthorized? Unbothered. Unpatched PayU Plugin Hands Over the Keys<\/h2>\n
Heads up:<\/strong> A critical vulnerability in the PayU CommercePro plugin is letting unauthenticated attackers create admin accounts out of thin air.<\/p>\n
Yep, anyone can just hijack the site via two REST endpoints that didn\u2019t check who was calling. Thousands (5,000+ installs) are exposed, according to Patchstack<\/a>.<\/p>\n
How the attack works:<\/strong>
\nAttackers hit\/wp-json\/payu\/v1\/generate-user-token<\/code>, snag a token for a hardcoded email, then the\/get-shipping-cost<\/code> endpoint sets the stolen token as an authenticated cookie. This makes it possible for unauthenticated attackers to create new administrative user accounts and voil\u00e0: admin access without credentials.<\/p>\nSeverity level:<\/strong> CRITICAL<\/a><\/p>\n
What should you do?<\/strong>
\nSorry hun, there\u2019s no patch. You\u2019ve gotta pull the plug(in). Like, deactivate that sucker, immediately. Switching payment methods sucks. But a hijacked site sucks more.<\/p>\nMind Bloggling Facts & Stats<\/h2>\n
- \n
- WordCamp Europe 2025 Recap<\/strong>: The biggest WordPress event in Europe, just wrapped up in Basel, Switzerland. Over 2000 folks attended, and nearly 250 volunteers and organisers made it happen. (Source<\/a>)<\/li>\n
- Image Optimization Win<\/strong>: In the latest TidBits, Brian Jackson from Perfmatters revealed they chopped image sizes by 29% swapping WebP for AVIF. Translation: your site just got way faster without breaking a sweat! (Psst\u2026 Smush Pro<\/a>\u2019s got AVIF support, ready when you are!)(Source<\/a>)<\/li>\n
- Networking IRL Still Reigns<\/strong>: According to The Admin Bar\u2019s 2025 WordPress Professionals Survey, \u201cin-person networking\u201d is still king, with 57% admitting they actually talked to real humans<\/em> last year instead of just sliding into DMs or stalking LinkedIn. Shocking, we know! (Source<\/a>)<\/li>\n<\/ul>\n
Blogs & Resources You Shouldn\u2019t Miss<\/h2>\n
Your content? Chef\u2019s kiss. AI: \u201cNever heard of her.\u201d Here\u2019s how to fix that<\/a>.<\/p>\n
Bartosz just made site security easier with WP Password Policy<\/a>, free, fierce and free of any \u201cadmin123\u201d nonsense.<\/p>\n
Your alias limit on Pro Email<\/a> is now so high, even your side projects\u2019 side projects can have inboxes.<\/p>\n
Jason Crist\u2019s Pattern Builder lets you build WordPress patterns that are a whole lot less frustrating<\/a>, for both you AND your clients.<\/p>\n
All of the dev talks, none of the jet lag. Stream everything you missed from WordCamp EU<\/a>.<\/p>\n
Talk WordPress to me: Bud interviews top WCEU speakers in his latest series. Get the good stuff here<\/a>.<\/p>\n
Speaking of WordCamp, the event just got a whole lot easier to navigate with a shiny new app<\/a>.<\/p>\n
Mike King\u2019s masterclass breakdown on AI mode<\/a>: what search engines see (and what they don\u2019t).<\/p>\n
Coffee Break Distractions<\/h2>\n
New podcast drop: Community + Code<\/em> debuts with a WP powerhouse guest.<\/a><\/p>\n
An accurate tweet on Millennial punctuation.<\/a><\/p>\n
If your great-great-great-great-grandma knew what a computer was, she\u2019d be all over these WordPress family tree plugins.<\/a><\/p>\n
Embrace the chaos: Why when it comes to coding, messiness is not a bug, it\u2019s a feature.<\/a><\/p>\n
Go home Gemini, you\u2019re drunk.<\/a><\/p>\n
Pick a card, any card! (Unless you\u2019re lactose intolerant\u2026)<\/a><\/p>\n
Grammarly is trulyn\u2019t right all the time.<\/a><\/p>\n
And finally\u2026<\/p>\n
- Image Optimization Win<\/strong>: In the latest TidBits, Brian Jackson from Perfmatters revealed they chopped image sizes by 29% swapping WebP for AVIF. Translation: your site just got way faster without breaking a sweat! (Psst\u2026 Smush Pro<\/a>\u2019s got AVIF support, ready when you are!)(Source<\/a>)<\/li>\n
- The Repository\u2019s super-detailed breakdown<\/a>.<\/li>\n
- The Linux Foundation\u2019s official press release<\/a>.<\/li>\n