2013 WordPress.com VIP Intensive Developer Workshop

The WordPress.com VIP Workshop is currently in wait list. Click here to add yourself to the wait list.

The 2013 WordPress.com VIP Intensive Developer Workshop is approaching and filling up fast! 

We’re gathering more than a dozen Automattic engineers to teach at the WordPress.com VIP Intensive Developer Workshop in May 2013, and many members of the VIP team will be there as well. If you’re a VIP client or partner, you want your developers to be there so they can learn from our extended team here at WordPress.com VIP and Automattic, exchange ideas with other VIP developers, and share what your team is working on, too.

Similar to last year’s event, participants can expect the same great networking lunches and dinners, in-depth WordPress curriculum and conversations, and some surprises, too. We’re also planning some collaborative sessions where WordPress.com VIPs can share their own experiences with building VIP-scale websites using WordPress, their workflows, shortcuts, and best practices, too.

Just a reminder, of those who provided feedback about last year’s event:

  • 100% would recommend the conference to a colleague
  • 96% plan on attending again & 4% will send someone else from their company

The event is almost filled up, and soon we’ll open up the waiting list, so be sure to sign up now! The WordPress.com VIP Workshop is currently in wait list. Click here to add yourself to the wait listPlease note: this event is open to select VIP clients and partners, and to the general public as space permits.

Here are more details about the event and below are some pictures from last year’s event.

  • May 13: Arrival in the afternoon with a special welcome from some special guests, followed by a reception dinner.
  • May 14 & 15: Full days of training with VIP instructors, with special networking dinners for all participants.
  • May 16: Farewell breakfast and morning departures.

Pricing: $3600 per person, excluding airfare. Airport transfers from SFO, meals and lodging (3 nights) included. Here’s more information on the event.

If you have any questions, feel free to leave a comment below!

 

Update: What’s Coming Up With WordPress 3.6

The updated target date for WordPress 3.6 Beta 1 is March 27.

By the time Beta 1 rolls around, the core team will have the feature set complete, which means the time for bug testing 3.6 against your themes and plugins will have arrived. According to the 3.6 project schedule, the target date for 3.6 launch is April 29.

Here’s a quick update on where the 3.6 features currently stand. If you aren’t caught up on the features, please take a peek at this introduction post.

Post Formats UI: The UI for post formats is getting a refresh (featuring a drop down selector for formats and better previewing) to make it easier to use and faster to publish. You can take a peek at the wireframes here, and follow along the conversation here.

Autosave and Post Locking: The main goal of this update is so that users never lose a post. This is done by leveraging browser-level storage in modern browsers for situations where users lose their internet connections or their browsers crash. With this enhancement, edits are stored locally and synced back to WordPress at the next possible opportunity. If you are logged out while on an admin page, you will be notified and allowed to log in straight on the page so that you won’t lose your work. As for post locking, if you arrive on a page that is currently being edited, you will be given the option to “take over” or go back.

Revisions: The UI for comparing previous revisions of a post has been significantly updated, including a scrubber bar that allows the user to move forward or back in revisions, and colored text to indicate content that has been added or removed. Take a look at a rough mockup here.

Editorial Flow: This feature has been removed from the 3.6 cycle, but the team is planning to tackle it in future releases.

Menus: The UI for creating custom menus has been significantly cleaned up, with new checkboxes to select where the menu will be displayed in the theme, accordion styling to menu items (being tested), new help text and keyboard accessibility for rearranging menu items.

Twenty Thirteen: As Mark Jaquith writes: “With Twenty Thirteen we’re taking a bold stance: this theme was meant for blogging, and it’s not a blank canvas. It comes pre-marinated with playfulness and warmth and opinions.” Take a peek at a demo of the new Twenty Thirteen theme here.

Where can I find more information?

If you’re not familiar with Make WordPress Core, it’s a good blog to visit. It tracks the open-source development of WordPress, and is the homebase of much of the development discussion.

How do I get involved?

Want to help make WordPress better? Take a peek at the Core Contributor Handbook, or sit in on the weekly developer chat. They will need a lot of help with bug testing and squashing in the coming weeks. Lots of members of the VIP community contribute to core, so you’ll see familiar faces.

When is 3.6 coming to WordPress.com VIP?

Shortly prior to the release of 3.6 on WordPress.org, the 3.6 features will be merged into WordPress.com VIP. This will most likely happen in April, and we will be posting updates here in the weeks before to notify you. If you aren’t already, at that point you’ll need to be testing against trunk, getting the latest nightly build or even better, using an SVN checkout of trunk to test how your sites work on 3.6. You can also use the Beta Tester plugin to easily update beta releases and test.

What’s Coming Up With WordPress 3.6

Some really neat features are going to be included in WordPress 3.6, which is rolling out this spring.

Here’s a quick peek at the road ahead (but know that everything listed here is tentative, as it is still under development):

Overview: The focus of WordPress 3.6 is “Content Editing,” paying special attention to editorial workflows, revisions, autosave, editing, and post formats.

Autosave: The goal of 3.6 is that users should never lose posts because of “expired cookies, loss of connection, inadvertent navigation, plugin or core errors on save, browser crashes, OS crashes, cats walking on keyboards, children drooling in keyboards, etc.” This may include autosaving to the browser’s local storage, and log-in expiration warnings. They are also looking at a post locking functionality to prevent people from overwriting each other’s changes.

Editorial Flow: The features to be added to 3.6 are custom post statuses, which is the ability to add custom statuses like pitch, assigned, in-progress, etc., and draft revisions, which allow edits to already published posts be saved as drafts before taking place of the original post. They are currently seeking use cases for both features to better understand how they will be used.

Revisions: The revisions tool will get a little TLC — bug fixes, better user interface, and adding visual representation of what was added/removed in each revision.

Post Formats: The big update to Post Formats for 3.6 is the admin user interface. They are currently seeking wireframe ideas for the user interface for each post format (i.e. chat, quote, link, image, video). Folks from our Featured Partners are contributing to this feature: Helen Hou-Sandi from 10up is lead, and Pete Mall from Range is backup.

Custom Menus: The main focus for 3.6 will be improving the user interface for custom menus, which users have found confusing. You can follow developments on this ticket.

Where can I find out more information?

If you’re not familiar with Make WordPress Core, it’s a good blog to visit. It tracks the open-source development of WordPress, and is the homebase of much of the development discussion.

How do I get involved?

Want to help make WordPress better? Take a peek at the Core Contributor Handbook, or sit in on the weekly developer chat. Lots of members of the VIP community contribute to core, so you’ll see familiar faces.

VIP Intensive Developer Workshop Recap

A little more than a week ago, the VIP Services team hosted the 1st VIP Intensive Developer Workshop in Napa, California.

We wanted a small, intimate event, and it sold out quickly with a healthy waiting list of hopeful attendees! The intensive workshop mixed in-depth developer topics & discussion with lively onsite and offsite dinners in the beautiful setting of Napa, California.

We’ve gotten some great feedback from the attendees, but what was absolutely encouraging was this:

  • 100% would recommend the conference to a colleague
  • 96% plan on attending again & 4% will send someone else from their company

If you’d like to be notified when the next VIP Event (partner meetups, networking events, training, and conferences) is announced, insert your email address below – we’ll send out event announcements and give you the first opportunity to sign up for the next one!

If instead you’d like the VIP Services team to do private training for your developer or editorial teams, get in touch by filling out our Contact form.

For occasional announcements about upcoming VIP Events, insert your email address below.
Below are some photos from the event – we hope you’ll be there next time!

Open-sourcing the Code Comments Trac plugin

At Automattic we love open-source software and try to make more of it. That’s why today we are open-sourcing the Code Comments Trac plugin. We developed it to help us do better and quicker code reviews. Every month the VIP Services team reviews tens of WordPress themes and plugins making sure the code is secure, scalable, and follows the best practices before deploying them on WordPress.com.

In order to get the feedback to our clients faster and track when a theme or plugin is ready to go, we developed the Code Comments Trac plugin. The plugin allows us to leave line-by-line comments on the code, so that all feedback is in context. After that, we create tickets out of the comments and assign them to the theme or plugin developers.

In the end, when all issues are cleared, the code goes live on the client’s WordPress.com VIP website.

If you use Trac and if you do a lot of code reviews, or you just want to leave comments on code, changesets, or attachments, check out the Code Comments Trac plugin on github:

Ready to become a VIP Services Client? Some of the world’s biggest brands rely on WordPress.com VIP Services.

Scott Taylor on WordPress + Memcached

Scott Taylor, Software Engineer III at eMusic, recently posted a comprehensive article on using WordPress + Memcached.

eMusic relaunched on WordPress a couple of months ago, and it’s great to get Scott’s perspective on a key component of their setup.

Here is a quick blurb, and be sure to go read the full post for all the details:

One of the most bizarre critiques of WordPress that I often hear is “it doesn’t come with caching” – which makes no sense because Cache is one of the best features of WordPress out of the box. That’s kind of like saying: “my iPod sucks because it doesn’t have any songs in it” – when you first buy it. Your iPod can’t predict the future and come pre-loaded with songs you love, and your WordPress environment can’t come already-installed without knowing a minimal number of things. You have to pick a username / password, you have to point at a database, and if you want to cache, you have to pick how you want to cache (you don’t HAVE to cache – but really, you HAVE to cache).

Memcached (pronounced: Mem-cash-dee), or Memcache-daemon, is a process that listens by default on port 11211. Like httpd (H-T-T-P-daemon), it runs in the background, often started automatically on server load. A lot of huge websites use Memcached – at least: Facebook, YouTube, and Twitter.

[Read the full post]

Key Differences Between Validation and Sanitization

VIP Services developer Daniel Bachhuber shares some tips on writing better code for your WordPress site:

Your code works, but is it safe? When writing code for a high-profile environment, you’ll need to be extra cautious of how you handle data coming into WordPress and how it’s presented to the end user. This commonly comes up when building a settings page for your theme, creating and manipulating shortcodes, or saving and rendering extra data associated with a post.

There’s a distinction between how input and output are managed, however.

Validation: Checking User Input

To validate is to ensure the data you’ve requested of the user matches what they’ve submitted. There are several core methods you can use for input validation; usage obviously depends on the type of fields you’d like to validate. Let’s take a look at an example.

Say we have an input area in our form like this:

<input type="text" id="my-zipcode" name="my-zipcode" maxlength="5" />

Just like that, we’ve limited my user to five characters of input, but there’s no limitation on what they can input. They could enter “11221″ or “eval(“. If we’re saving to the database, there’s no way we want to give the user unrestricted write access.

This is where validation plays a role. When processing the form, we’ll write code to check each field for its proper data type. If it’s not of the proper data type, we’ll discard it. For instance, to check “my-zipcode” field, we might do something like this:

$safe_zipcode = intval( $_POST['my-zipcode'] );
if ( ! $safe_zipcode )
$safe_zipcode = '';
update_post_meta( $post->ID, 'my_zipcode', $safe_zipcode );

The intval() function casts user input as an integer, and defaults to zero if the input was a non-numeric value. We then check to see if the value ended up as zero. If it did, we’ll save an empty value to the database. Otherwise, we’ll save the properly validated zipcode.

This style of validation most closely follows WordPress’ whitelist philosophy: only allow the user to input what you’re expecting. Luckily, there’s a number of handy helper functions you can use for most every data type.

Sanitization: Escaping Output

For security on the other end of the spectrum, we have sanitization. To sanitize is to take the data you may already have and help secure it prior to rendering it for the end user. WordPress thankfully has a few helper functions we can use for most of what we’ll commonly need to do:

esc_html() we should use anytime our HTML element encloses a section of data we’re outputting.

<h4><?php echo esc_html( $title ); ?></h4>

esc_url() should be used on all URLs, including those in the ‘src’ and ‘href’ attributes of an HTML element.

<img src="<?php echo esc_url( $great_user_picture_url ); ?>" />

esc_js() is intended for inline Javascript.

<a href="#" onclick="<?php echo esc_js( $custom_js ); ?>">Click me</a>

esc_attr() can be used on everything else that’s printed into an HTML element’s attribute.

<ul class="<?php echo esc_attr( $stored_class ); ?>">

It’s important to note that most WordPress functions properly prepare the data for output, and you don’t need to escape again.

<h4><?php the_title(); ?></h4>

Also, as there are always exceptions to the rule, there are a selection of user-submitted data that needs to be validated and sanitized. Freeform text areas would fall into this category. For this, you can run user data through sanitize_text_field() or any of the wp_kses_*() functions.

To recap: follow the whitelist philosophy with data validation, and only allow the user to input data of your expected type. If it’s not the proper type, discard it. Sanitize data as much as possible on output, and a selection needs to be sanitized on input too.

Hit us with your questions or tips in the comments.

Primer: WordPress photo gallery without a plugin

Otto has created a very thorough primer to create a WordPress photo gallery without a plugin. He walks you through understanding pictures and galleries, creating and modifying an image template, and tweaking image and thumbnail sizes.

He reminds us:

You don’t really need plugins to create photo galleries. WordPress has a huge amount of gallery functionality built right in. You just need to make your theme smarter in order to take advantage of it.

Click through to read Photo gallery primer on Otto on WordPress.

Want WordPress for your site? Get.WordPress.com

Cheezburger Network Open Sources Their WordPress Administration Panel

WordPress.com VIP Cheezburger Network, where you get your daily LOLz from one of their 50 popular sites like I Can Haz Cheezburger? and FAIL Blog, have shared the code of their WordPress theme administration panels.

Called CheezCap, it’s a simple library for easily creating custom admin panels.

Screenshot of CheezCap

Cheezburger Network uses a single shared theme across all their sites. In order to avoid having to create conditionals and other per-blog modifications in their theme, they developed CheezCap. Any of the administrators can update the options controlling the layout, design, colors, etc, without having to dig into the theme code.

When asked what motivates his engineering team to participate in the WordPress community, CTO Scott Porad replied:

I can say without hesitation that WordPress has had a hand in the success of Cheezburger. So, to the extent that we can help other people be successful with WordPress, we’re on board!

What I meant to say is… All aboard the WordPress Express! Choo Choo!

WordPress Top Demanded Skill on Elance

Since last year when we wrote about “WordPress in Demand on Elance“, WordPress has surged into the top ten, and now is the sixth most in demand skill on Elance!

Elance Top Overall Skills in Demand Q2 2010

Online publishing dominates this list. It’s exciting that the ever evolving WordPress, built on it’s PHP, MySQL, and CSS stack, continues to be the web development platform in demand.

Elance’s 2010 Q2 Online Employment Report also includes a single profile, that of Ron Z Zvagelsky, highlighting his success as a WordPress Expert on Elance.  Represent!