Brian Krogsgard

WordPress 4.1, “Dinah”

wordpress-4-1
WordPress 4.1, “Dinah”, has just been released. WordPress 4.1 is the result of months of work and includes a number of excellent new features.

WordPress 4.1 was led by John Blackbourn, who did an outstanding job. Two hundred and eighty three contributors were part of WordPress 4.1, which Matt Mullenweg states is a new high.

Here are some of the new features.

Persistent Distraction-free Writing

I must begin with the new persistent Distraction-free Writing feature, as I’m using it to write this very post. We’ve had Distraction-free Writing since 2011, with the release of WordPress 3.2. However, it’s always been a single-experience decision. You hit the button to enter distraction free mode, and you utilize it for a single writing session.

Read more

Postmatic wants to revitalize your WordPress email, starting with comments

postmatic

Postmatic is a new WordPress plugin that I think is quite promising. It’s aim is to eventually change the way you utilize WordPress email in many ways, but its comment functionality is what intrigued me immediately.

Postmatic currently allows users to subscribe to comments and posts by email; but what sets it apart is that it enables reply by email functionality as well. That’s something that has been high on my list of wants for a WordPress plugin for a long time, and I wanted it without switching to a third party system like Disqus.

All in all — aside from enabling replies by email — the current feature set is quite similar to Jetpack’s Subscriptions module. Postmatic has widgets for post subscriptions and will send subscribers new posts and allow them to get emailed comment notifications as well.

I asked Jason Lemieux, a co-founder of Postmatic, if they were considering a way to import from Jetpack or otherwise integrate with it, and they are. They’re working now to make it so that your old posts using Jetpack’s subscription module for comment notifications will still work, and your new posts will use Postmatic.

I had a pretty thorough conversation with Jason and got to see Postmatic in action. For a free plugin especially, the functionality is quite impressive. I tested subscribing to comments, replying by email, and opting into subscriptions, and it is all very smooth. Here’s a sample reply notification to my email.

Read more

5 years into business, Pagely is growing faster than ever

pagely

Pagely is celebrating their fifth year of business right now. They have just launched their newly designed website (note to early readers: it’s in process of launching at this moment, so some links may not work until later today) to reflect some of the ways they’ve changed over the years. They are also growing, rapidly.

The new website is a complete rebrand. They’ve tweaked their logo many times over the years, but they’ve completely changed it now. It’s much more modern and can be used in a variety of ways.

The new website is flat, geometric, modern, and as sassy as ever (like with their Investors page they are quite proud of). In all, the redesign attempts to showcase happy customers and what makes them different.

pagely-new-homepage

They are introducing brand ambassadors — a kind of super testimonial — that includes names you’ll surely recognize from the WordPress community.

Additionally, they are giving other managed hosts a bit of a sting with what they call #turnthepage, a dedicated page to highlight that they don’t charge for pageviews, something that most managed WordPress hosting companies do.

Read more

Contribution as culture

This post spends a lot of time analyzing and referencing two other blog posts. Excuse me for that, but also be sure to read both, as they are relevant for this post and also interesting in their own right.

Matt Mullenweg wrote a blog post called Five for the Future yesterday that advocates his belief that WordPress-centric companies should aim to utilize 5% of their company resources toward contributing back to the project.

He noted in the post that Automattic isn’t quite to this point, but that they are working on it, and describes why he believes it’s important. He closes with this:

It’s a big commitment, but I can’t think of a better long-term investment in the health of WordPress overall. I think it will look incredibly modest in hindsight. This ratio is probably the bare minimum for a sustainable ecosystem, avoiding the tragedy of the commons. I think the 5% rule is one that all open source projects and companies should follow, at least if they want to be vibrant a decade from now.

This was followed up by one of the co-founders of one of the very hosting companies Matt partially referenced in his post — WP Engine’s Ben Metcalfe — who responded with a blog post of his own: WordPress: What exactly do they get for their 5%?

I think I was immediately thrown off by Ben’s post title, but so many times throughout reading it I was shocked at how he made assumptions of Matt’s intentions or missed what I would call “the point”.

5% is not a decree

Obviously, Matt is not speaking from the mountaintop with a proclamation of law. This is his recommendation — one that he believes will reward the firms that strive for it.

I believe that the community has already shown us that those that invest into WordPress are rewarded from it. We improve our understanding of a foundational software of our careers, improve our skills, are more marketable, more attractive to employers, and create natural opportunities for developing industry relationships.

How should 5% of “people” be defined? I’m pretty sure Matt would agree that 5% of people or 5% of revenue toward people doesn’t really matter to him; yet Ben makes a continuous sticking point about the cost of — and need for — engineers.

Additionally, while Matt utilizes full-time employees, the same (or better) effect could be had with shared time from more employees.

I’m not big into absolutes, so it’s important to remember that while I’m advocating that Matt’s recommendation of 5% time, I think it’s simply a good recommendation. This is a free economy and companies can do what they want. But I think in the current and long term, contribution will be key to greater corporate success for those that choose to do so.

What does 5% cost, and who does it require?

Read more

The anatomy of a security breach, and how to do good in a bad situation

ithemes-dark

On Tuesday, iThemes posted an announcement that they had suffered from a security breach of their website and servers. The attackers had reached the servers which stored customer information, including email addresses, IP addresses, full names, and yes, passwords.

iThemes was quick to notify customers via their blog, social media, and their full customer email list about the breach. Approximately 60,000 users were affected. They warned that passwords were vulnerable. In the second update, posted today, they gave more information about passwords, in response to many questions from users.

It turns out that passwords were stored in plaintext on iThemes’ server. That is, obviously, very bad practice.

Why Would You Store Passwords in Plain Text?

This is how the membership software we started using in 2009 did it. There are a number of factors for this, none that will make much of a difference at this point or make anyone feel any better about it, myself included.

Know that it’s not because we did not value your data. As an organization, we have been working on a very large migration process that has required us to interlink legacy systems with the latest technologies. Anyone that has ever gone through that process understands the complexities and challenges.

Frankly put, it’s been something we identified as a potential risk and are working rapidly now to rectify this issue as fast as humanly possible.

It’s also worth noting that their customer database and iThemes.com users were affected, but customers that use their Sync product to manage their own websites were not. So if you use iThemes Sync, and utilized your site passwords to connect, those accounts and passwords were not part of this breach.

aMember and legacy membership platforms

The membership platform that Cory highlights in the update is aMember, a membership management system that’s been around for many years. aMember only introduced encrypted passwords in version 4, which was released in November of 2011.

I discussed aMember and plaintext passwords with some other folks that have a significant history with the membership platform, and there are some significant problems that anyone using aMember have experienced.

First, most folks heavily using aMember aren’t using it out of the box. At the time, most membership sites were doing significant customizations to aMember to achieve desired functionality. So when the v.4 update came out, it was a very difficult update procedure for people to take advantage of the features.

iThemes would even tell you that their current version of membership software doesn’t look much like aMember at all.

iThemes is also not the first to be hacked and their aMember passwords leaked. Tuts+ Premium had the same issue in 2012.

I discussed aMember at length with Pippin Williamson. He has done a lot of work on his brother’s membership site, CGCookie, which also used aMember until 2012, when he did a huge migration of tens of thousands of members to a new platform.

At the time, Pippin notes that aMember did not disclose passwords were stored in plaintext, so CGCookie had no idea that their users were vulnerable until they learned of the Tuts+ hack, wherein they put a planned migration “into hyperdrive.”

The problem with iThemes’ situation is that they knew of the plaintext passwords and didn’t address the obvious security vulnerability.

All in all, the migration for CGCookie took months to perfect and significant juggling of priorities by their team.

Ticking time bomb

Speaking with Pippin, migrating from aMember was not an easy task. Paypal’s IPN handlers (a payment notification system) were tightly linked to aMember and preventing customer accounts from being disconnected from the membership site took weeks of engineering. Additionally, simply upgrading to the newer versions was also terrible.

Many other WordPress companies have used aMember in the past as well, storing plaintext passwords just like iThemes today.

So, aMember has definitely been a problem before now, but iThemes has absolutely slacked in their prioritization of the issue. Simply put, it’s inexcusable to put users into long term risk if you know their passwords are stored in plaintext.

Read more

The future of Post Status

I’m tired. Really, really tired. I’ve been tired for weeks. Those of you who follow this blog closely know that it’s been slow around here. I’ve only published ten blog posts since the beginning of August. For me, that’s three to four times less than normal.

I’m not burned out, but I’ve definitely been on a break from Post Status. I’ve gone days without visiting my own site or even looking at the stats (!!!).

This post is quite introspective; but I figured it was better to tell you what I’ve learned and what I’m thinking, versus act like everything is normal here.

Since 2010 I’ve regularly blogged about WordPress. I’ve had breaks before and this is probably my longest. Since launching Post Status a year and eight months ago, I’ve thought about it every single day of my life. I’ve probably not missed a single week until this last month, even when I took vacation.

This summer I’ve been gearing up for a lot of changes for Post Status, and honestly this break is at the worst time. I’m about 70% done with a complete redesign of the website, and I’ve spent months agonizing on how to direct the future of the blog and planning for a whole new revenue model. I want Post Status to be around for years, and for my own sanity and the long term relevance of Post Status, this break has been mandatory.

Range (the agency I’m part of) is growing and we are very busy. My personal life has been full of travel, obligations, and some changes (for the good!). Things have been nuts.

I knew that I could either slow down or burn out. I slowed down, and I looked at my priorities.

This blog is important. But not as important as job or family.

I love Post Status. I love blogging. I love WordPress. But not as much as I love my family, nor even my job. Post Status is not my primary revenue generator. In its current form it pays for itself but doesn’t really pay me.

While I’ve been focusing on my job and delivering quality projects to our clients, and handling outside obligations, I decided that Post Status needed to take a back seat for just a little bit.

This has pained me. Every time I see news, I want to write it. I still haven’t published my WordPress 4.0 post, something I’ve done every major release since WordPress 3.1 came out. Trust me, I hate this. Fortunately, kind people give me great reminders.

Don’t stress too much, there’ll be plenty of us waiting whenever you’re back

Statements like that one from Ryan McCue remind me why I love this community. You’re forgiving, and kind with your words, sharing, and encouragement.

Part of the future I’m planning is to make Post Status more capable for paying me for my time, and even paying for contributors to help make it great and to sustain the site while allowing me to take breaks like this past month.

When I make this shift to a new model, I’m going to ask you for help. This post should explain why I’ll be asking. I want to keep writing great content, and I want it to be sustainable for the long term. And I want to offer you, readers, great value for your investment.

I’ve said many times that Post Status has far greater value than just monetary. It’s how I’m plugged into the community, follow industry trends, build relationships, and so much more. I’ve even given WordCamp talks about this.

But I also want to make money. I only have so many hours in the day, and I’ve spent four years not making money, preparing to ask for it with your trust ensured.

The future of Post Status is recurring yearly memberships

Read more

Post formats are slowly dying, and that’s okay

pretty-post-format-iconsPost formats were introduced in WordPress 3.1. They were, and still are, little more than an organizational feature that allows themes to support ten custom content formats such as asides, links, quotes, video, and audio. They are just a taxonomy — similar to categories and tags — and are restricted to whatever the active theme supports.

The concept for post formats made sense at the time, though even then it was a topic of intense debate. Post formats in 3.1 were supposed to be an introduction of the feature, to be iterated on once themes began to show how they would use them. In WordPress 3.6 there was an effort to establish a consistent UI, which failed to land in core. I believe they’ve been dying a slow death ever since.

Were we just chasing a competitor?

When post formats were discussed and launched, they felt like an attempt to mimic what Tumblr was doing so well — to make it easy for end users and bloggers to create nicely formatted content for specific content structures.

post-format-meta-boxThe problem with post formats is that they have no standard user interface and there is no intuitive standard for how themes should implement storage for post format data, beyond a general recommendation that everything should be stored in the post_content. Additionally, support for post formats is primarily reliant on the active theme, and keeping post format consistency when switching themes is difficult.

With these struggles combined, post formats have faced issues on nearly all fronts: users hardly understand how to utilize them, theme authors can offer very little consistency for supporting them, and without mass adoption core developers have a hard time investing their efforts to improve the features.

There have been some impressive efforts to standardize post formats

Read more

our sponsors

Hosting.com logo
Omnisend
Kinsta
Progress Planner
Elementor
WP Munich
Atarim
Patchstack
Post Status

The Community for Professionals in the WordPress space

Post Status

About

Jobs

Contact Us

Code of Conduct

Opportunities

Sponsor Post Status

Partner Directory

Digital Agencies

Products

plugins

Hosts

Resources

Podcasts

Higher Ed Agencies

Newsletter Archive

Black Friday Deals

WP Speakers

JOIN POST STATUS

[email protected]

Join Today

https://bsky.app/profile/poststatus.com

© 2026 Post Status. All rights reserved

Privacy Policy | Terms of Use

Looking for our logo?

You're in the right spot!

Check out our Logo & Style page.