Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
On April 7, 2026, the WordPress.org Plugins Team permanently closed every plugin from the Essential Plugin author. At least 30 plugins, all on the same day.
Complete Guide to WordPress Transients
The WordPress Transients API is a portion of the WordPress codebase that allows plugin and theme developers to store cached data. This data will eventually expire, after which it’s automatically deleted. Transients are often used to cache data from external API requests that might introduce latency, or from slow-running database queries in which running the query against the actual database on every page load would decrease the site’s performance.
When you save data into a transient, the data is saved into the wp_options table of the WordPress database. At first glance, this makes the Transients API seem similar to the Options API. The main difference is that each transient is given an expiration, after which it will automatically be removed from the database. This is not the case when saving an option in WordPress.
Translations in JS Files
You need to “tell” WP that your script has a translation, and specify which text domain (ID) should be used for this translation. This is done using the wp_set_script_translations() function.
So, the registration of your script with translation should look like this:
wp_register_script( ‘my-handle’, plugins_url( ‘/js/my-file.js’, __FILE__ ) );
wp_set_script_translations( ‘my-handle’, ‘my-domain’ );
The wp_set_script_translations() function adds a dependency on the main script for wp-i18n and includes the .json file.
How to Run Apache as different User with mpm-itk
Run Apache as different User is quite useful in WordPress development and WordPress hosting.
Apache runs as www-data in Debian/Ubuntu.
However, this is not convenient in a WordPress installation:
On the production server
- Many WordPress files must be owned by the SSH/SFTP user in order to apply changes
- Most WordPress must be owned by the Web Server user, so WordPress updates can be applied
Modify relationship select field labels
add_filter( 'pods_field_pick_data_ajax_items', 'custom_pods_labels_in_pick_field_ajax', 1, 6 );
add_filter( 'pods_field_pick_data', 'custom_pods_labels_in_pick_field_data', 1, 6 );
function custom_pods_labels_in_pick_field_ajax($items, $name, $value, $options, $pod, $id) {
if ( 'FIELDNAME' == $name ) {
foreach ( $items as $key => &$data ) {
if ( isset( $data['id'] ) ) {
$data['text'] = custom_pods_select_field_label( $data['id'] );
$data['name'] = $data['text'];
}
}
}
return $items;
}
function custom_pods_labels_in_pick_field_data($items, $name, $value, $options, $pod, $id) {
// pods_meta_ prefix for Pods backend, pods_field_ prefix for front-facing Pods form
if ( 'pods_meta_FIELDNAME' === $name || 'pods_field_FIELDNAME' === $name ) {
if ( ! empty( $items ) && is_array( $items ) ) {
foreach ( $items as $key => $item ) {
if ( isset( $item['id'] ) ) {
$data['text'] = custom_pods_select_field_label( $data['id'] );
$data['name'] = $data['text'];
} elseif ( is_numeric( $key ) && ! is_array( $item ) ) {
$items[ $key ] = custom_pods_select_field_label( $key );
}
}
}
}
return $items;
}
function custom_pods_select_field_label( $id ) {
// You can return anything you want here.
}
Linux Foundation Announces the FAIR Package Manager Project for Open Source Content Management System Stability
FAIR Package Manager Project
The FAIR Package Manager is an open-source initiative backed by the Linux Foundation. Our goal is to rethink how software is distributed and managed in the world of open web publishing. We focus on decentralization, transparency, and giving users more control. Our community brings together developers, infrastructure providers, and open web contributors and advocates who all share the same mission: to move away from centralized systems and empower site owners and hosting providers with greater independence.
Automattic Twenty
In 2005, being a remote-first company was anathema to investors and business leaders* at the time…
I can’t predict everything that will change over the coming decades, especially with AI making the next few years particularly hard to predict. Still, I do know a few things that won’t change: everything flows from our people, open source is still the most powerful idea of our generation, growth is the best feedback loop, and no matter how far away the goal is, the only way to get there is by putting one foot in front of another every day. People will always want fast, bug-free software; instant, omniscient customer service when they need it; and experiences so intuitive that they usually don’t. And once they’ve had a taste of freedom, it’s hard to return to their previous state. (For more, see our creed.)
WordPress – Poedit: Translation Secrets
The complete functions list that it needs to know about are these (as of WordPress v.3.4.2):
__()
_e()
__ngettext()
_n()
__ngettext_noop()
_n_noop()
_x()
_nx()
_nx_noop()
_ex()
esc_attr__()
esc_attr_e()
esc_attr_x()
esc_html__()
esc_html_e()
esc_html_x()
_c()
_nc()
PerfOps One. A suite of free and open source WordPress plugins dedicated to observability and operations performance
Forking is Beautiful
We’re very proud to announce that Vinny Green, a former WordPress community member, has started his fork, FreeWP. We strongly encourage anyone who disagrees with the direction WordPress is headed in to join up with Vinny and create an amazing fork of WordPress. Viva FreeWP!
Joost/Karim Fork
In open source, one thing that makes it even harder to ship great software is bringing together disparate groups of contributors who may have entirely different incentives or missions or philosophies about how to make great work. Working together on a team is such a delicate balance, and even one person rowing in the wrong direction can throw everyone else off.
That’s why periodically I think it is very healthy for open source projects to fork, it allows for people to try out and experiment with different forms of governance, leadership, decision-making, and technical approaches.
The beauty of open source is they can take all of the GPL code in WordPress and ship their vision. You don’t need permission, you can just do things. If they create something that’s awesome, we may even merge it back into WordPress, that ability for code and ideas to freely flow between projects is part of what makes open source such an engine for innovation. I propose that in a year we do a WordPress + JKPress summit, look at what we’ve shipped and learned in the process, which I’d be happy to host and sponsor in NYC next January 2026. The broader community will benefit greatly from this effort, as it’s giving us a true chance to try something different and see how it goes.
How to make Gutenberg block editor work, when WordPress Address & Site Address are different domains
Here is the snippet code is given below, which uses ‘rest_url‘ filter to replace the HOME URL in REST API URL to SITE URL.
// change WordPress API URL to HOME URL
add_filter('rest_url', 'wptips_home_url_as_api_url');
function wptips_home_url_as_api_url($url) {
$url = str_replace(home_url(),site_url() , $url);
return $url;
}
Leaving WordPress.org: Here’s Why and What It Means for Paid Memberships Pro Users
WordPress.org is Matt Mullenweg’s personal website (source: the Automattic account on X.com). Matt is also the owner of our largest competitor, WooCommerce. The conflict of interest was always there, but in the weeks following WordCamp US 2024, Matt crossed several lines that make it crystal clear that he has no intentions of running WordPress.org as an open and fair platform.
Today, those same values have driven us to leave the WordPress.org plugin repository.
- We would not be supporting open source if we were to distribute our plugin from a site where Matt will lock out users for any reason or even take over complete plugins if it suits him.
- It would not be purposeful work to continue using the .org site or contribute to a WordPress project that could lock us out at any time or take over our plugins if it suits the one person in control of it all.
List all image sizes including custom (WordPress)
Since WP 5.3 it is enough to use this function:
wp_get_registered_image_subsizes();
WordPress Rest API extensions for going headless WP
I love the WordPress Rest API and switching more and more from theme development to a headless WP approach, with an nice front-end framework. Right now I’m favoring Nuxt.js, which is build on Vue.js (check out wuxt, my very own dockerized nuxt/wp development environment).
For using WPs full strength with the Rest API I’ve collected/build a useful snippet library with WordPress Rest API extensions. I’ll try to maintain the following list as development goes on. All of the following extensions can be embedded in the functions.php file. If you wondering about the wuxt_ prefix, I’ve got the code from my Wuxt project and the prefix is as good as anyone.
WordPress REST API post orderby custom value
Ordering posts by menu_order doesn’t work out of the box with the WP REST API. To enable this you need to add a filter to rest_{post_type}_collection_params for each post type you want to order by menu_order.
Traducción con Pods de WordPress y WPML
en el caso de que se estén empleando plugins para el desarrollo de una solución WordPress que no sean compatibles con WPML, por ejemplo PODS, una solución interesante, es duplicar el mismo post o tipo de contenido, que ha sido creado con elementos del plugin incompatible y aprovechar cada versión para cada uno de los idiomas que hemos configurado para nuestro sitio, diferenciando cada post con una nomenclatura, por ejemplo con el diminutivo (_en, _es, _fr) del idioma en el slug o (-EN, -ES, -FR) en el nombre del mismo.
Para que luego WordPress distnga cual de esos bloques o contenidos pertenece al idioma concreto, utilizamos la constante ICL_LANGUAGE_CODE, definida por WPML, que se pueden emplear como parte del nuestro tema, para poder invocar el contenido de un post u otro en dependencia del idioma actual con el que se está navegando en nuestro sitio, idioma almacenado en la constante antes mencionada.
De esta manera un ejemplo podría ser:
if (ICL_LANGUAGE_CODE == 'en')
Gatherpress. Event Scheduling community driven plugin
This project is for the collaborative effort to build a compelling event management application using open source tools such as WordPress and BuddyPress and the grit sweat and love of the community, for the community.
We’re creating the very network features we need to host events and gather well.
Post Type Switcher
This plugin adds a simple post-type drop-down to the post editor interface, allowing you to reassign any post to a new post type. It allows you to switch post’s type while editing your post.
Increase per_page limit in REST API
The rest_{$this->post_type}_collection_params does indeed describe the available params.
You should be able to set the per_page max at $params['per_page']['maximum'].
WordPress: how to add a default title to your posts
This came up on the Fediverse: @kev@log.kevquirk.com wanted to automatically add titles to the posts on his microblog.
This automation would have to be compatible with all the editors, including the mobile app.
I think may be a fairly common request when one uses their WordPress site as microblogging platform. When you share quick updates with your friends, be it a picture, a video, a sentence or two, you don’t really want to have to think of a title for that update. The editor should enable you to share, not get in the way.
How to Create a WordPress Custom Dashboard for Yourself or Clients
The free White Label CMS plugin is a good all-in-one CMS solution that will let you quickly customize most aspects of the WordPress dashboard.
In total, it can help you:
- Replace the generic WordPress branding with your own
- Customize the WordPress login page
- Add your own custom dashboard widget welcome panel
- Include your own RSS feed as a dashboard widget
- Hide menu items from the sidebar or top toolbar
- Disable the WordPress toolbar
Customize the WordPress Admin Toolbar: Why and How to Do It
// add a parent item to the WordPress admin toolbar
function add_link_to_admin_bar($admin_bar) {
$args = array(
'id' => 'my-custom-link',
'title' => 'My Custom Link',
'href' => 'https://www.mydomain.com'
);
$admin_bar->add_node($args);
}
add_action('admin_bar_menu', 'add_link_to_admin_bar', 999);
pods_api_post_save_pod_item or save_post not working on frontend
//////
// This is a logging function for any debugging task
// NOTES: Youy must have the following lines in the wp-config.php file in the root folder, which
// puts a debug.log text file under the wp-content folder under root
//
//
// define( 'WP_DEBUG', true );
// define( 'WP_DEBUG_DISPLAY', false );
// define( 'WP_DEBUG_LOG', true );
//
// NOTES: install Error Log Viewer Plugin by bestwebsoft to view log from admin menu
// for error logging
if (!function_exists('write_log')) {
function write_log ( $log ) {
if ( true === WP_DEBUG ) {
if ( is_array( $log ) || is_object( $log )) {
error_log( print_r( $log, true ));
} else {
error_log( $log );
}
}
}
}
//
//////
Quick Tip: Block OpenAI from Using Content From Your WordPress Site
Whatever your thoughts on AI bots, you may want to take action on your own website to block ChatGPT from crawling, indexing, and using your website content and data.
Navigating the New Era of AI-Assisted Code Generation in WordPress
WordPress plugin developers are adopting AI-powered tech and building it into their products, such as RankMath’s AI-generated suggestions for creating SEO-friendly content, WordPress.com’s experimental blocks for AI-generated images and content, and a Setary’s plugin that uses AI to write and bulk edit WooCommerce product descriptions. The wpfrontpage site is tracking these plugins but WordPress.org also lists dozens of plugins with AI, many of them created to write content or generate images.
How To Build A ChatGPT Chatbot For Your Website In Minutes
Although the plugin is free, getting access to OpenAI’s server is not. It’s very reasonably priced – most basic questions and answers will cost a fraction of a cent – but if you’ve got a heavily trafficked site or visitors making excessive use of the chatbot, costs can quickly ramp up.
How to Highlight the Search Terms in Results in WordPress
In an attempt to make your WordPress search even more user friendly, you can highlight the search terms in the results. We did this for one of our clients, so we thought it would be useful for other users. In this article we will show you how you can highlight search terms in the results in WordPress.
How to unpack .wpress archive files created by the All-in-one-Wp-Migration WordPress plugin
Recently I needed to download some files from a WordPress installation where the client only gave me access to the admin dashboard. Fortunately the All-in-One WP Migration plugin was already installed, so I could take a quick backup of the whole site by downloading the installed plugins, theme and database.
To my surprise downloading the backup from the All-in-One WP Migration plugin only gave me a single compressed migration.wpress file that any unpack tool refused to extract. A little web search brought me to a five year old tool called Wpress-Extractor but the provided binaries for MacOS refused to work because the package was already too old.
So I decided to rewrite this little helpful tool in Node.js to make it cross-platform compatible for Windows, MacOS and Linux.
The Importance of WP Localize Script
The importance of wp_localize_script is when you can pass data directly from PHP to JavaScript.
Functions is very easy to handle there are only 3 parameters required :
$handle
(string) (Required) Script handle the data will be attached to.
$object_name
(string) (Required) Name for the JavaScript object. Passed directly, so it should be qualified JS variable. Example: ‘/[a-zA-Z0-9_]+/’.
$l10n
(array) (Required) The data itself. The data can be either a single or multi-dimensional array.
Custom Post Type Templates from Plugin Folder?
You can use single_template filter hook.
function load_movie_template( $template ) {
global $post;
if ( 'movie' === $post->post_type && locate_template( array( 'single-movie.php' ) ) !== $template ) {
/*
* This is a 'movie' post
* AND a 'single movie template' is not found on
* theme or child theme directories, so load it
* from our plugin directory.
*/
return plugin_dir_path( __FILE__ ) . 'single-movie.php';
}
return $template;
}
add_filter( 'single_template', 'load_movie_template' );
How to add a custom field to quick edit
There are a few steps to create the custom quick edit box and custom column
- create a custom meta key (assumed that you have 1 already)
- add custom admin column title and data (assumed that you want to shows the custom meta key in the column, if not, you may also modify a bit of the logic to accomplish the same effect because the principal is the same)
- add custom quick edit box
- add save logic
- load script to modify original inline-edit-post function in order to support custom meta value
- prepare the script file
Modernizing JavaScript Code in WordPress
I’ve just had a nice experience improving and modernizing a large JavaScript codebase in a WordPress plugin. The original code was written in an old-fashioned way with jQuery in a single large file. Using modern EcmaScript and tools like Webpack, I was able to split it into modules and improve the code structure. The new code is much more readable and maintainable, and of course, fewer bugs. In this tutorial, I’ll show you how I did that.
How to Modify or Add Custom Columns to Post List in WordPress Admin
The filter for modifying, removing or adding columns to post list in WordPress admin panel is manage_{$post_type}_posts_columns.
Which hook you need to use for controlling the output of the column content depends on whether or not your post type is set to be hierarchical or not.
Any non-hierarchical post types, including WordPress’ built-in post type ‘post‘, use the hook name manage_{$post_type}_custom_column. Any hierarchical post types, including WordPress’ built-in post type ‘page‘, use the hook name manage_pages_custom_column (note: no injection of post type name in the hook name).
How to Use Sequential Order Numbers for Member Invoices in Paid Memberships Pro
Generate custom order codes / order numbers that increment for Paid Memberships Pro Orders [Custom order sequence]
WordPress.org Strongly Urges Theme Authors to Switch to Locally Hosted Webfonts
In light of a recent German court case, which fined a website owner for violating the GDPR by using Google-hosted webfonts, WordPress.org’s themes team is updating its recommendations for hosting webfonts. Most theme authors have been enqueuing Google Fonts from the Google CDN for better performance, but this method exposes visitors’ IP addresses.
“The themes team strongly encourages the theme authors to update their themes,” Themes Team representative @benachi said in a recent announcement. “We recommend updating by switching to locally hosted webfonts. Luckily Google Fonts can be downloaded and bundled in a theme. Bundled font files allow users to host webfonts locally and comply with GDPR.”
Making Autocomplete Search in WordPress With Code
The autocomplete is generated with help from jQuery UI Autocomplete, a script that is included in WordPress as default.
Keep Varying Vagrant Vagrants (VVV) in Sync across multiple computers
It turns out this was the easy part. All you need to do is symlink your VVV directory to whatever syncing program you happen to be using (Dropbox, Google Drive, etc.). You can also move your entire VVV directory into Dropbox, but I prefer a symlink to keep the separation.