Tested a bunch of Meshtastic antennas for 868MHz (EU) frequencies and only two of them are actually usable. That's very frustrating for users because they will never know the reality without testing.

Responded to @kasparsd:

Learn more at: https://formcontrols.com

Just release version 0.10.0 of Controls for Contact Form 7 which enables native WordPress shortcodes in the form content.

Responded to @mattwiebe:

@mattwiebe Got it, thank you! Upgrade routines like that are a pain.

Responded to @mattwiebe:

@mattwiebe @jeremy @wilhelm @photomatt @pfefferle What was the issue? Do you have a link to the offending change?

To catch the hardest bugs, your WordPress development environment should be:

1. a sub-directory multisite,
2. with WP core in a sub-directory,
3. with wp-contents at the root (outside of core)

What am I missing?

Fonts create an immediate emotion. Some are classy and expensive while others are playful and fun. Good fonts are the ones you don't notice — they just add clarity to the message and brand.

I feel like Drupal could significantly improve the perception of their brand and value by updating the front stack.

How to add Live Preview (blueprint.json) to plugins on WP.org? And how to test it locally before deploying?

After adding this to one of my plugins, I decided to record a video with general instructions and some tricks for local testing.

https://www.youtube.com/watch?v=tMObI8oXnds

Responded to @kasparsd:

Learn more about the feature: https://formcontrols.com/docs/contact-form-7-to-tablepress

The Controls for Contact Form 7 plugin can now store the form submissions 📬 in TablePress!

Responded to @kasparsd:

Here is my guide to WordPress package signing — the current state and the proposed distributed workflow https://wpelevator.com/guides/wordpress-package-signing

I just realized that with distributed WordPress packages and signing, all vendor code must be isolated to avoid one trusted vendor from publishing an update with another vendor's package content which would overwrite it.

Responded to @kasparsd:

5. While this proposal addresses signing and trust, it does not solve directory name isolation for plugins and themes — that would require a separate solution entirely.

What do you think? Is this simple enough to encourage adoption? What could be improved?

Responded to @kasparsd:

3. For the first install of any plugin or theme, users would need to explicitly specify the trusted key for the vendor. Each download page would prominently display the public key for users to specify.

4. Key rotation could be automated via custom HTTP headers with signed payloads. A single valid public key would ensure that revoked or invalid keys stop working immediately.

Here is a proposal for distributed WordPress package signing:

1. The system relies on users adding the public keys of trusted vendors to their site settings. The update API then includes Ed25519 signatures of SHA256 ZIP hashes in the HTTP headers of the updates.

2. This approach could work seamlessly with a Composer for automated CI/CD installs through a custom plugin.

Does anyone know the history behind the choice of SHA384 hash and X-Content-Signature HTTP header for WP core update signatures? Why not SHA256?

Responded to @kasparsd:

Here is where it's used: https://github.com/WordPress/wordpress-develop/blob/88796678fd838ab0e790d22558f258c906262400/tests/phpunit/includes/bootstrap.php#L288-L299

Did you know that the WordPress PHPUnit testing library supports a magic global $wp_tests_options variable to pre-configure any option values such as the enabled plugins or custom plugin options?

If you're using the Dell P2723QE monitor, there is a new firmware version M3F102 that fixed the terrible flickering and memory issue for macOS users. https://www.dell.com/support/home/en-lv/drivers/driversdetails?driverid=8xnm7

Version 0.11.0 of the Two-Factor plugin for WordPress has been released with a fix to an issue introduced in the previous version related to filtering the available methods, along with some other usability improvements.

Here is the changelog: https://github.com/WordPress/two-factor/releases/tag/0.11.0