From across Automattic.
Updates from all of Automattic’s business units.
-
Security Issues Patched in Smash Balloon Social Post Feed Plugin
During an internal audit of the Smash Balloon Social Post Feed plugin (also known as Custom Facebook Feed), we discovered several sensitive AJAX endpoints were accessible to any users with an account on the vulnerable site, like subscribers. Some of these endpoints could enable Stored Cross-Site Scripting (XSS) attacks to occur.
-
30 posts in 30 days. Are you up for the challenge?
Did you know? November is National Blog Posting Month and it’s the perfect time for a blog writing challenge. NaBloPoMo invites experts and novices alike to commit to creating more content. The rules are simple and easy to follow. 30 days to create 30 new posts.
-
Announcing Jetpack Licensing for Agencies and Professionals
We are excited to announce a new way to distribute Jetpack products to your clients. We designed an all-new licensing portal to address the needs of agencies, implementers, and other web professionals. If you manage multiple WordPress websites you're going to want to try the all-new Jetpack licensing platform.
-
OAuth 2 on the Tumblr API
Ten years ago HTTPS wasn’t as nearly as widespread as today. It is hard to believe that HTTPS was essentially opt-in, if available at all! Back then, people also had to get creative when inventing means to delegate access to someone else. One solution was OAuth 1, conceived by the IETF, later adopted by Tumblr…
-
Ecommerce Website Maintenance: How to Maintain Your Store
Keep your site in good shape to grow sales and secure your future. Don’t leave it to chance — twelve tasks to keep you on track without breaking the bank.
-
.blog Featured Site: leica-camera.blog
This week we’re featuring a blog you’re going to want to see. The leica-camera.blog from Leica, the camera manufacturer beloved by photographers everywhere, showcases photography using different Leica camera models. This blog is a treasure trove of captivating photography.
-
Requiring HTTPS on the Tumblr API
The time has come folks! We’re officially dropping support for insecure (http://) requests to the Tumblr API after October 31st, 2021. Instead, please use https:// for all requests. The following day we’ll start failing all insecure requests and invalidating any credentials sent in plain text. You can expect the API to respond with a 403…
-
Transparency Report Update: January – June 2021
Today we’re rolling out Automattic’s most recent transparency report which covers January 1, 2021 – June 30, 2021. As in past reports, we’re sharing data about national security requests, government requests for user information, government demands for content removal, as well as notices of copyright and trademark infringement. We’re committed to transparency and we’ve continued…
-
GitLab and a Pioneering IPO
Congratulations to GitLab on its IPO earlier this week. You can read coverage of GitLab’s public offering at TechCrunch (GitLab’s mega IPO), Bloomberg, and plenty of other places. In May, we interviewed CEO and Co-Founder Sid Sijbrandij on the Distributed Podcast. The conversation didn’t specifically cover a potential public offering beyond Sid acknowledging GitLab’s well-known…
-
Meet Jetpack Backup: Now as a Standalone Plugin
Great news for fans of Jetpack Backup — It’s now available as a standalone plugin! Get top-tier backups for WordPress without the full suite of Jetpack tools.
-
Breaking down large pull requests
When working in a software development team, reviewing pull requests (PRs) is part of our everyday work. It is best practice to keep PRs small and concise, just so we can avoid missing potential issues and spending too much time understanding code changes – thus ensuring productivity. At WooCommerce Mobile, we have several teams working…
-
Automattic Featured on TechCrunch TC-1
“Part of my life’s work is trying to make WordPress something that looks more like a city. Companies always die. Cities never die. There’s networks of things that can be created, and once they reach a certain scale, they’re somewhat invulnerable.” -Automattic CEO Matt Mullenweg This week, TechCrunch published a four-part series of articles that…
-
13 Things Every Medical Practice Website Should Include
From HIPAA compliance to accessibility — medical websites have special considerations you can’t miss. Thirteen things to help patients & grow your practice.
-
Self-Care when you work remotely
Working remotely can seem ideal for many people. What could be better than working from home, not having to worry about commuting, or even sticking to your pajamas the whole day? When I started working for Automattic almost five years ago, I was quite new to the concept of working remotely. I thought that bringing…
-
How to Secure a WordPress Site From Hackers (11-Step Guide)
Don’t be confused by jargon or overwhelmed by endless checklists — Keep your WordPress site secure with these simple tips and basics for beginners.
-
Multiple vulnerabilities in WP Fastest Cache plugin
We uncovered multiple vulnerabilities during an internal audit of the WP Fastest Cache plugin. We strongly recommend that you update to the latest version of the plugin and have an established security solution on your site, such as Jetpack Security.
-
.blog Featured Site: github.blog
Next up in our featured dotblogger series is github.blog. Github, "the largest and most advanced development platform”, is designed around collaboration and sharing. Github.blog plays a key role in how the company communicates with their vast community.
-
Automattic Women: Michelle Langston
Welcome to Automattic Women—conversations with some of the remarkable women working all over the world to design and develop Automattic software and make the web a better place. Today’s interviewee is designer Michelle Langston.
-
VideoPress Remake
Introducing the new VideoPress. Still the finest video service for WordPress—now even better. Video is one of the most powerful tools on the web. It can spark ideas, emotions, conversations, sales, and much more. VideoPress already offers people the ability to upload and serve hours of high-quality video flawlessly around the globe, ad-free. But VideoPress…
-
Announcing Jetpack VideoPress: Ad-free, HD video for WordPress
Jetpack VideoPress offers stunning‑quality video with none of the hassle. Drag and drop videos into the WordPress editor and keep the focus on your content, not the ads.
-
-
Behind the Scenes: The Tech Stack of the WordPress.com Growth Summit
If you enjoy building sites with WordPress, tinkering around with design and functionality, check out a behind-the-scenes look at how we built our Growth Summit site!
-
WordPress Breadcrumbs: How to Display Them on Your Site
Want to improve user experience by implementing breadcrumb navigation links on your site? We show you how.
-
Universal Themes
Since our last post about Universal Themes we have fleshed out this idea and are using it to build all our themes. The Problem WordPress is introducing the Full Site Editor and with it new ways to build themes. These themes are called “Block” themes and integrate deeply with Gutenberg Blocks. These types of themes…
-
Jetpack 10.2: Get More Widget Visibility Controls
Jetpack 10.2 is now available for download. We have some cool new features for you along with several bug fixes and performance enhancements.
-
Widgets on iOS
Prepare for your life to get easier: Simplenote widgets are coming to iOS. As of v4.45, anyone with Simplenote on their iPhone or iPad will be able to add our widgets directly to their device’s home screen. There are three widgets to choose from, in a range of sizes. New Note A big, blue shortcut—that’s…
-
Top Email Platforms to Keep Blog Readers Coming Back
If you are looking to build an online community of like-minded people who are loyal to your blog, you need to do more than just write inspiring and engaging content. How do you build a relationship with casual visitors to your blog and keep them coming back for more?
-
Celebrating UK Black History Month: Learning Resources, a Read & Watch List, and Content Creation Tools
October is Black History Month in the UK. We asked colleagues across WordPress.com for their recommendations for deeper learning and participation this month — and the rest of the year.
-
Tumblr Hack Week, September 2021 Edition
It was HACK WEEK at Tumblr and Automattic earlier this month! Just like back in June, we stopped our normal work to focus on some great possible new features, some bug fixing, and more. Here’s a taste of some of the projects that got hacked together. Some of these will hopefully make it to be…
Automattic 