Iain Poulson has an introduction to WordPress penetration testing. (Pentesting is the practice of simulating an attack on a site or app.) Iain covers some recommended tools like WPScan, Kali, sqlmap, and PHPStan, a PHP static analysis tool.
Also in PHP 7 land, WordPress core committer Joe McGill documented his process of upgrading a Digital Ocean droplet on WordPress to PHP 7, and from HTTP to HTTPS. I think his definition of easy is different than mine, but he brings up a couple of good ideas for how WordPress can do a better…
Should code comments switch to
// ? Meetup.com stops using an accessibility overlay. Final releases for WordPress 3.7 – 4.0 are now available. Tune in soon for State of the Word 2023, happening December 15 via livestream from New York City.
Andrey Savchenko, known as Rarst in the WordPress community, has built a great guide to using Composer in WordPress. Composer is a dependency management tool for PHP projects. It brings a ton of power to the table, and this resource is great for any of us getting started with using Composer in our WordPress projects….
John James Jacoby explains the addon “took almost an entire year to invent, test, and deploy… We ported the RRULE spec directly to PHP from the iCalendar RFC, because nothing existed to do what we needed.”
John James Jacoby has been the main source of (unofficial) information about the removal of active install statistical tracking for plugins in the WordPress.org repository. On Friday, he provided more technical details on the WPwatercooler podcast.
Omar Reiss announced on make.wordpress.org that it’s now possible to run WordPress from /src again. For developers working with core PHP, “The biggest advantage of running WordPress from src is that changes in the PHP are immediately reflected on the server again, without an extra build step.”