Read to the end to see a dad who named his “kids” Stop and No.
In today’s edition:
- We’re changing things up. Please like us. 🥺
- You’ll be RAVEing about this new security tool. *Cue “Sandstorm” by Darude*
- ⚠️ If you use the Jobify theme – there’s a nasty bug you should know about. ⚠️
Hot Off The Presses: What’s New?
We’ve Been Watching You…
This is the 10th edition of DEV, and if you’re still here reading our silly nonsense, we must be doing something right. Thanks for sticking around!
But of course, we can’t win em’ all. We noticed that while you’ve been gobbling up the news stories, you’ve been breezing right past the educational stuff in the middle to the juicy little “Coffee Break” section at the end.
This is according to our click-through metrics, of course. Don’t worry, we’ve not been lurking behind your computer chair. (Or have we? 👀)
So, you’d rather read a bunch of bite-sized funnies, news and links, huh? Who can blame you? We get it!
Even though my therapist said I should stop trying so hard to please others, we’ll be mixing things up with DEV in the hopes that you’ll like it even better.
This edition’s Deep Dive is a round-up of links to other helpful how-to articles around the web. Let us know what you think and if that format is more fun for you to explore.
And if you have any other feedback on DEV, please hit us with it in the comments!
Got Your Glowsticks? We’re Heading to the RAVE
John Blackbourn, the creator behind the Query Monitor plugin, has created a smart new tool called RAVE.
RAVE stands for “Reproduce and Verify” and the automated tool does just that. It allows you to reproduce WordPress builds, so you can make sure the official and unofficial packages haven’t been tampered with.
RAVE compares the contents of the published packages with the canonical source code, immediately identifying any anomalies.
Why test the official package? Well, there are plenty of opportunities for the official WordPress package to be tampered with, such as an attack on the build server, on wordpress.org or anyone else who gains access.
RAVE will spot right away if the official package differs from the actual source code in the source control repos – no neon beaded bracelets or JNCO jeans necessary.
Using the Jobify Theme? Watch Out! 🚨
If you’re currently rocking the Jobify theme, your site is wide open to a serious security risk.
Patchstack recently issued a warning to Jobify theme users due to an unauthenticated arbitrary file read vulnerability.
This bug means hackers could poke around in your server and access sensitive files, without even needing to log in. Any malicious actor could download a file from your website by using the download_image_via_ai function. If your WordPress site is running on cloud like AWS or Azure, it can lead to the access of secret keys leading to full server compromise. Eeeek. 😬
The vulnerability is so far still unpatched in the latest version 4.2.3. If you’re a Jobify user, you should delete or deactivate the theme until it can be fixed.
Patchstack has issued a virtual patch to mitigate the issue by blocking attacks until an official fix becomes available.
And while you’re at it, let this be your regular reminder to always keep backups of your sites and stay on top of vulnerability updates. Hackers never sleep, ya’ll.
Mind Bloggling Facts & Stats
- WordCamp Granada 2024, held October 26-27 was the first industry-specific WordCamp ever. It was dedicated entirely to tourism and the travel industry. (Source)
- According to Jamie Marsland’s official polls on the WordPress YouTube account, 49% of respondents use Gutenberg to build their websites, with only 1% using Divi. (Source)
- Karol Krol asked bloggers (not developers) what they think of the Block Editor. A whopping 40% are not big fans. (Source)
- Marcus Burnette from Bluehost has also been polling folks. He asked his followers what their most important consideration was when choosing a hosting company. 44.9% said “support” and only 4.1% chose “price.” (Source)
- Weglot raised €70k this year in charity donations with their annual Black Friday campaign. Nice one! (Source)
Deep Dive Special Edition: Your Favourite Deep Dive’s Favourite Deep Dives
There’s a lot of great expert advice from super smart developers and WordPress folks out there.
In this special edition of the Deep Dive we wanted to highlight some super-useful guides and how-tos you’ll want to add to your bookmarks list.
Wanna become the best on the block at Block Development?
Deryck Oñate wrote a complete tutorial on creating multiple Gutenberg blocks and the Interactivity API.
Wanna know how to build a “code sandbox” so you can make live edits in-browser and see changes in real-time in an isolated iframe?
Grab your plastic shovels and sandcastle moulds, because Chris Ferdinandi is here to walk you through it.
Wanna ditch project management apps and consolidate ALL your workflows in Slack?
Here’s a deep dive into how the team at We Are AG went all in.
Wanna make your WooCommerce store more secure than Fort Knox?
The folks at Patchstack have put together this comprehensive checklist for locking it down.
Wanna make this meta Deep Dive even more meta?
Learn the difficult skill of learning difficult skills, with Julia Evan’s classic guide, How to Teach Yourself Hard Things.
Blogs & Resources You Shouldn’t Miss
Forget partridges and turtle doves! KrautPress has a plugin-a-day advent calendar instead.
According to Tom McFarlin, AI hasn’t completely destroyed developer content – but it has changed it.
Real IP addresses being stored in your WP comments? Yikes. That’s a privacy nightmare. Try this plugin instead.
Search Engine Journal ranked 20 website-building platforms by accessibility, and WordPress is NOT at the top.
We’re loving this episode of the WP Tavern Jukebox, where Stephen Dumba speaks about how WordPress is changing the lives of children and educators in Uganda.
The WordPress Sustainability Team are looking for contributors to help with projects like writing sustainability guidelines, eco-optimizing events, and creating a plugin that tells you how “green” your site is (spoiler: probably not green enough).
Coffee Break Distractions
Developer Daniel Mangum built a website inside of Bluesky. Crazy, right?
If you remember Homestar Runner, it’s probably time to take an Advil for your back.
And finally, meet Stop and No’s Dad. (Wait for the hoop skirt…)
