- \n
- Patchstack study: Hosting \u201csecurity\u201d might look tough, but 87.8% of the time it folds faster than a $5 lawn chair. <\/li>\n
- WP Wiki launches: Finally, a single place to catalog all of your nerdy knowledge.<\/li>\n
- RIP dial-up: the sound of the 90s is finally being silenced this September.<\/li>\n<\/ul>\n
Hot Off The Presses: What\u2019s New?<\/h2>\n
\n![\"Funny](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2025\/08\/developer-back-pain-meme.jpg\")
<\/div>\n<\/div>\n<\/br>
\nYes, yes, we all know we should sit up straight, stretch every hour, and maybe even invest in a chair that doesn\u2019t double as a medieval torture device. And yes, spine health is important, especially as we age and bending over to put our shoes on becomes something we have to psyche ourselves up for.<\/p>\nBut let\u2019s be honest\u2026 I\u2019m typing this newsletter in exactly the position shown in the meme. One foot on the desk, contorting like a JavaScript callback gone rogue. Ergonomics? Never met her. Posture? Optional. Productivity? Somehow intact.<\/p>\n
So go ahead, laugh\u2026 but maybe\u2026 just maybe\u2026 consider touching your toes before your next sprint.<\/p>\n
Or don\u2019t. We\u2019ll still ship code either way. \ud83e\udd37\u200d\u2640\ufe0f<\/p>\n
One Wiki To Rule Them All: New Community-Driven WordPress-opedia Launches<\/h2>\n
WordPress now officially has a wiki. Michelle Frechette and Corey Mass have launched the WP Wiki Project, a shiny new community-driven encyclopedia for all things WordPress.<\/p>\n
Anyone can jump in, whether you\u2019re a fresh-faced blogger still fighting with your first theme, or a battle-hardened core contributor who remembers when widgets were a big deal. There are even vanity listings, which are personal or business profile pages where you can flex your WordPress cred and pay to \u201csponsor\u201d your listing, locking the article from being edited by others.<\/p>\n
The goal? To create a living, breathing reference guide that captures WordPress history, plugins, features, and those obscure rabbit holes you only hear about after three beers at WordCamp.<\/p>\n
So, whether you\u2019re a WordPress veteran itching to weigh in on the nitty-gritty of when to use categories vs tags<\/a>, or a newbie just trying to dip a curious toe into the world of this multi-faceted CMS, the WP Wiki Project is worth a bookmark.<\/p>\n
\u2192 Jump down the wiki-hole.<\/a> <\/p>\n
\u2192 Flex your WordPress cred and add an article here.<\/a><\/p>\n
Hosting Defenses? More Like Swiss Cheese<\/h2>\n
A new study by Patchstack revealed that relying on standard \u201csecure WordPress hosting\u201d these days is about as effective as trying to fend off armed robbers with a pool noodle.<\/p>\n
They uncovered that a whopping 87.8% of plugin exploits<\/strong> breezed past hosting defenses and virtual patching tools before being stopped at the application layer.<\/p>\n
Here\u2019s the tea: Patchstack spun up identical WordPress sites with 11 known plugin vulnerabilities, ranging from arbitrary file upload to SQL injection to privilege escalation. They tested five hosts, to see if their advertised defenses actually worked. Spoiler alert: they didn\u2019t.<\/p>\n
Only one hosting team (using Cloudflare\u2019s WAF) managed to stop four out of eleven exploits.<\/p>\n
Everyone else? Barely raised a firewall.<\/p>\n
- \n
- One host blocked two exploits.<\/li>\n
- Another stopped only one.<\/li>\n
- Embarrassingly, two hosts failed to block any<\/em>. (oooof\u2026)<\/li>\n<\/ul>\n
In Patchstack CEO Oliver Sild\u2019s words to The Repository<\/em><\/a>: \u201cNetwork-level WAFs are too generic with their protection, missing WordPress-specific vulnerabilities almost completely, and server-level security solutions mostly focus on post-exploitation.\u201d<\/p>\n
\u201cThere\u2019s a huge blind spot on application security,\u201d he explains, \u201cand WordPress is a hard platform to protect when vulnerabilities can surface from any plugin.\u201d<\/p>\n
In other words, WordPress is a plugin-riddled maze, and we need a security layer that actually understands that.<\/p>\n
Bottom line? If your host brags about \u201cvirtual patching,\u201d maybe ask what exactly they\u2019re patching. After all, you can\u2019t protect against what you don\u2019t recognize.<\/p>\n
\u2192 See the full case study breakdown<\/a> <\/p>\n
\u2192 Get the deets from Patchstack\u2019s 2025 State of WordPress Security report<\/a><\/p>\n
Smush Levels Up: Now Resizing Your Oversized Images<\/h2>\n
Good news for anyone who\u2019s ever uploaded a 5MB stock photo called \u201cIMG_final_FINAL_reallyFINAL.jpg\u201d and wondered why their PageSpeed score tanked: Smush just got smarter.<\/strong><\/p>\n
We\u2019ve just introduced two shiny new features that you\u2019re gonna love:<\/p>\n
- \n
- Automatic Image Resizing<\/strong>: Smush now firmly squishes images to fit their containers, which means fewer \u201cProperly size images\u201d warnings in PageSpeed and no more serving billboard-sized PNGs to someone browsing on a Nokia.<\/li>\n
- Add Missing Dimensions<\/strong>: Remember that awkward layout shift where your text jumps around like it\u2019s doing the Macarena while images load? Smush fixes that by automatically adding width\/height attributes. Stability restored, dignity preserved.<\/li>\n<\/ul>\n
Between these and the already stacked Smush toolkit (lazy loading, compression, CDN) you\u2019re basically out of excuses for slow, janky sites. Unless, of course, you just like<\/em> watching your CLS score plummet?<\/p>\n
\u2192 Want to nerd out more? Check the full Smush docs<\/a>. <\/p>\n
\u2192 While you\u2019re in optimization mode, Topher rounded up three more plugins that\u2019ll make your website faster<\/a>.<\/p>\n
Mind Bloggling Facts & Stats<\/h2>\n
- \n
- \n Speaking of security risks\u2026 Patchstack\u2019s 2025 vulnerability report identified 6,700 new vulnerabilities in the WordPress ecosystem in just six months, and what\u2019s really spooky is that 41% of them are exploitable in real-life attacks. \ud83d\ude2c (Source<\/a>)\n <\/li>\n
- \n According to a Harvard Business School study, if Open Source suddenly disappeared, it would cost the world $8.8 trillion<\/em>. (Source<\/a>)\n <\/li>\n
- \n An impressive milestone: Ganga Kafle celebrates 7,000 WordPress themes reviewed! (Source<\/a>)\n <\/li>\n<\/ul>\n
Blogs & Resources You Shouldn\u2019t Miss<\/h2>\n
Finally, a way to stop your WP admin menu from looking like Times Square at night.<\/a><\/p>\n
Think you know the difference between .com and .org? Michelle Frechette and Jonathan Desrosiers set the record straight.<\/a><\/p>\n
Did you know you can auto-archive your old posts with low visits<\/a>? Perfect for content that\u2019s aged like milk rather than wine.<\/p>\n
If you ever wanted a helpful writing coach to give your blog posts gentle nudges towards improvement, Slim SEO\u2019s got you.<\/a><\/p>\n
\u201cI just wish to God one person in LLMworld could work on a bad Salesforce deploy, or maintain and enhance a plugin-laden but business-critical WordPress install. I want them to see the gap between the software world most people experience\u2014including most developers\u2014and the infinitely funded world of pine floors and plant walls where they thrive.<\/em>\u201d – Paul Ford on what ChatGPT 5 is missing<\/a>.<\/p>\n
Is it really<\/em> free and open source, or just pretending? This site reveals who\u2019s walking the walk<\/a>, and who\u2019s just \u201copen washing.\u201d<\/p>\n
A lively debate about expanding the core block library<\/a>. As Amber Hinds asks, \u201cWho is WordPress for? Are we building blogging software, or software for creating websites?\u201d<\/p>\n
Coffee Break Distractions<\/h2>\n
This collection of retro video game skies<\/a> is a nostalgic phone wallpaper goldmine.<\/p>\n
An interactive game of impressively obnoxious UX<\/a>. Just try to get through it without throwing your laptop at a wall.<\/p>\n
A genuinely wholesome developer meme<\/a>. \ud83e\udd70<\/p>\n
On vibe coding: \u201cIf you\u2019re actually an impostor, it\u2019s not a syndrome<\/a>.\u201d<\/p>\n
This labradoodle hard at work solving a very important mystery<\/a>.<\/p>\n
Florida scientists are using solar-powered robotic rabbits<\/a> to capture invasive pythons.<\/p>\n
This vital service<\/a> supplies your website with exactly what it needs: random daily photos of Keanu Reeves.<\/p>\n
Wait\u2026 dial-up internet has been still around all this time?! Apparently it\u2019ll be discontinued in September<\/a>.<\/p>\n
And finally\u2026<\/p>\n
- \n According to a Harvard Business School study, if Open Source suddenly disappeared, it would cost the world $8.8 trillion<\/em>. (Source<\/a>)\n <\/li>\n
- Add Missing Dimensions<\/strong>: Remember that awkward layout shift where your text jumps around like it\u2019s doing the Macarena while images load? Smush fixes that by automatically adding width\/height attributes. Stability restored, dignity preserved.<\/li>\n<\/ul>\n
- Automatic Image Resizing<\/strong>: Smush now firmly squishes images to fit their containers, which means fewer \u201cProperly size images\u201d warnings in PageSpeed and no more serving billboard-sized PNGs to someone browsing on a Nokia.<\/li>\n