Did you know there used to be a GitHub mirror of all WP-org hosted plugins maintained by Bluehost, but the project was archived earlier in March of this year https://github.com/bluehost/pluginmirror

Access to WP-org Slack now requires a WP-org login and therefore the checkbox.

Built this bench for a local cold plunge spot as a weekend project with the kids. Really happy with the wider top — it makes the seating more comfortable and provides more space for the gear.

Responded to @kasparsd:

Here is the full log from the Mikrotik side. Notice all the handshake failures before the eventual DHCP NAK.

Responded to @kasparsd:

Posted about it on Reddit but haven't received any feedback, yet https://www.reddit.com/r/mikrotik/comments/17wk54k/wireguard_peer_behind_hap_ac2_with_wap_lte/

I have this #homelab mystery with an Ubuntu Wireguard client behind a #mikrotik LTE internet which disconnects and never re-connects whenever the Mikrotik router looses its ISP DHCP lease. The PersistentKeepalive is configured everywhere. Worth noting that the Mikrotik is a member of the same Wireguard network and that connection is not impacted.

It’s not exactly clear to me why the WordPress Foundation donated 100k of its own donations to a non-WP organization like Internet Archive? If people wanted to donate to IA, they would do it directly. Why not to any kind of WP initiative? https://wordpressfoundation.org/news/2024/meeting-minutes/

During my research for the @wpelevator domain name I created list of various WP brand ideas. Here are two more domains that are still available — UncoverWP-com and UnwrapWP-com. Feel free to use them for your project!

Responded to @kasparsd:

Here is where it happens https://github.com/actions/checkout/blob/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871/src/git-auth-helper.ts#L294 and you can use the "persist-credentials: false" setting to disable this behaviour.

Today I learned that the GitHub Checkout actions sets the http.[..].extraheader config flag which silently applies to all git commands and prevents the use of any other tokens. Even with all my effort to isolate the CI tasks from the runner environment, this one config leaked through…

What do you use for time tracking? The UX of some of these apps (like https://timemator.com) is incredible.

Just finished writing an email summary of all the content I've been posting on socials over the past few days. Go to https://wpelevator.com to subscribe!

The change restricting the use of custom Git updater plugin headers (that I wrote about yesterday https://x.com/konstruktors/status/1845777730933064000) has been reverted, see https://github.com/WordPress/plugin-check/pull/720

My post from yesterday:

Tried Windows for gaming — Xbox controllers randomly stop connecting, windows update in the background makes everything slow. Launch Steam which launches EA launcher which maybe self updates and asks to login again. Whaaaat?

Let’s all recognize the value of https://WPackagist.org giving us WP-org zips via Composer. Most enterprise projects either use it directly or through a private packagist middleware.

Can we all help them reach the $150/m funding goal? https://github.com/sponsors/outlandishideas?o=esb

The new WP-org plugin submission checker now restricts headers that allow updates from GitHub and other third-party sources! Here is the pull request introducing the change: https://github.com/WordPress/plugin-check/issues/669

Responded to @kasparsd:

The patch applied to SCF simply clears out the $_REQUEST global variable that would be available to any such callback function like it already did with $_POST variable before the change.

The ACF vulnerability that is "fixed" by the Secure Custom Fields plugin is not an actual vulnerability. The updated code path gets executed only if:

1. You're using ACF to define custom post types or taxonomies,
2. AND an administrator-level user has specified a custom metabox callback function that (a) already exist in your codebase and (b) is somehow malicious.

Responded to @kasparsd:

There are tools like https://github.com/humbug/php-scoper or https://github.com/coenjacobs/mozart but they don't solve the problem of rewriting the composer.json to exclude the scoped dependencies, for example.

For utility binaries there are now "shim" packages like https://github.com/wp-cli/wp-cli-shim or tools like https://github.com/bamarni/composer-bin-plugin to pull them in into isolated directories.

The complexity of isolating or scoping PHP dependencies is the main reason why WordPress developers don't rely on re-usable packages. Ideally, this would be solved at the Composer level like NPM does it for Node.js. Like PHAR but for libraries.