export default "data:image/svg+xml;base64,PHN2ZyBhcmlhLWhpZGRlbj0idHJ1ZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2aWV3Qm94PSIwIDAgNjAgNzUiPjxkZWZzPjxzdHlsZT4uYXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjx0aXRsZT5UUlEtTEdPLVEtUkdCPC90aXRsZT48cGF0aCBjbGFzcz0iYSIgZD0iTTkuNzEsOS41NGEyOC44LDI4LjgsMCwwLDAsMCw0MC42NGwuMTMuMTJoMEwzMy43NCw3My44NlY1OC4yNWExOS43LDE5LjcsMCwwLDAsMi4zOS0uMzUsMjguMjksMjguMjksMCwwLDAsMTQuMTYtNy43MkEyOC43MiwyOC43MiwwLDAsMCw5LjcxLDkuNTRaTTQyLjQ0LDQyLjMyYTE3LjQ2LDE3LjQ2LDAsMCwxLTguNzcsNC43NVY1OFMxOC4wNSw0Mi44LDE3LjU2LDQyLjMxYTE3LjYsMTcuNiwwLDEsMSwyNC44OCwwWiIvPjwvc3ZnPg=="
Torque
Since
September 11, 2013

Jay Hoffmann

Small Security Vulnerability in Disqus WordPress Plugin

Filed Under

Community

Published

August 19, 2014

5 Comments

As some of you may have heard, a number of CSRF (Cross-site Request Forgery) vulnerabilities were discovered in the Disqus plugin for WordPress by Nik Cubrilovic not too long ago. The biggest of these issues was unfiltered, potentially harmful data being passed straight to the database without proper sanitization. Though this was being filtered on output, Disqus’s debug mode could potentially be used to extract this raw data and inject harmful code. There were also some issues with nonce checks on various POST requests and a vulnerability in the plugin’s upgrade script. Luckily, the Disqus team moved very quickly to […]

A Few Tips for Testing Plugins in a Live Environment

Filed Under

Featured

Published

August 12, 2014

2 Comments

Last week, I wrote up a lengthy guide to finding the right plugin for Tidy Repo. The large majority of this has to do with testing plugins once you’ve found them, and I thought I might expand on this idea a bit. So here’s a couple of tips for anyone who feels like testing their plugins before installing it on their production site. Getting started For those looking to get a test site up quickly, there are a number of steps to take. The first is to boot up a fresh WordPress install like you would any other. The only difference […]

TechCrunch Open Sources Library for Asynchronous Tasks

Filed Under

News

Published

August 5, 2014

No Comments

TechCrunch recently underwent a pretty massive redesign, running on WordPress VIP. One of the biggest priorities for the development team was increasing performance. And not just a little, a lot. One of the tools that was integral to their giant leap in performance was the ability to run non-essential tasks to load asynchronously, meaning time consuming processes can run in the background while a page loads quickly for users. Now, the TechCrunch team has open sourced this asynchronous library so you can start using it on your own site. What’s A Non-Essential Task So what kind of things should run […]

3 Ways to Manage Your Plugins

Filed Under

Featured

Published

July 29, 2014

No Comments

Plugins are my bread and butter. I spend a great deal of time using them, organizing them, and evaluating them. Many WordPress users out there probably have a few groups of plugins they like to start sites off with. One set for client sites, another for blogs, another for test sites, etc. But keeping track of these various groups and manually installing them to every fresh WordPress install can be a bit of a hassle. Luckily, there are a few ways to approach the task. The Simple Way Fortunately, there are tools out there that allow you to group plugins together, and […]

On the WordPress Content Modeling Problem

Filed Under

Featured

Published

July 22, 2014

15 Comments

Last week, there was a bit of a stir regarding WordPress’s upcoming 4.0 release. Raelene Wilson started it off with a post about the “underwhelming” nature of the newest release, especially when looked at from the point of view of an average user. Pippin Williamson rebutted with a post on the importance of refinement in WordPress development, getting features 100% of the way there. Then came a sort of response from Chris Knowles outlining a roadmap of potentially more ambitious features. Many oft-cited questions came up again. Should WordPress remain backwards compatible? Does WordPress need a more refined vision? Is WordPress moving […]

How WordPress Could Power The New York Times

Filed Under

Featured

Published

June 24, 2014

8 Comments

Last week, the New York Times gave us an inside look at their custom CMS, Scoop. Though a few NYTimes blogs run on WordPress, the main site is managed by a fairly massive custom effort. It got me thinking about how far WordPress has come in terms of managing complex websites and applications, and all of the work that still needs to be done. Data Management One of the major advantages of Scoop was its ability to store content and data in meaningful ways. This includes the basics like a robust tagging hierarchy but also the ability to store all […]

VersionPress: Git Version Control Comes to WordPress

Filed Under

Featured

Published

June 17, 2014

3 Comments

As much as version control has been an integral part of the core development of WordPress for quite some time, it has never been easy to integrate proper version control into the platform. As the complexities of web development have increased, version control has become ubiquitous on both the front end and the back. But managing databases, theme files and plugin settings across distributed teams is still a challenge. That’s why developers Borek Bernard and Jan Voráček began work on VersionPress, a version control system for WordPress. VersionPress approaches the problem by storing both your database and files in a […]

6 Simple Plugins That Solve Common WordPress Problems

Filed Under

Featured

Published

June 10, 2014

1 Comment

I’ve often been a champion of the “do one thing and do it well” approach to WordPress plugin development. Today, I’d like to celebrate some plugins that truly do a great job at fixing the most common WordPress problems with a simple and easy to use solution. Disable Comments Disabling comments in WordPress, site-wide, is actually pretty hard to do. And removing comments from your site’s front-end requires a bit of coding and template modification, and is an all or none proposition. Disable Comments allows you to switch off comments in WordPress, either for your entire site, or post type […]

An Insider’s Look at Ninja Demo

Filed Under

Community

Published

June 3, 2014

2 Comments

The problem is fairly common. You’re a WordPress developer that builds themes or plugins and you want to offer users visiting your site a simple demo so they can explore your product a bit. You can set up a dummy account somewhere, install your product, create a user with limited capabilities and add some dummy content. But what if you want users to each have their own sandbox so they can add and delete content without permanently effecting the site? What if you want to give instructions only to these users? How on earth can you prevent spambots from polluting […]

5 Great Plugins You’ve Probably Never Heard Of

Filed Under

Featured

Published

May 20, 2014

2 Comments

I come across a lot of plugins in my day to day. Some are very well known. Others are not. But that doesn’t mean they don’t deserve your attention. So allow me to shine the spotlight on a few lesser known plugins you may just find useful. Fourteen Extended The Twenty Fourteen theme released by the WordPress team showed a real departure from previous efforts. It has a more administrative, and less blog-like look to it. It also takes full advantage of WordPress’s theme customizer and options. Fourteen extended takes this one step further. The plugin adds a list of […]

How do you stay on top of your WordPress game?

A good way to start is to sign up for our weekly newsletter. We keep you up to date by bringing you the freshest WordPress content from the brightest minds in the industry.