About Jonny Vaughan

Jonny is the founder of 10° - a specialist WordPress development company. Jonny has 10 years experience in the web industry developing sites using WordPress.

WordPress 3.9 – Image Editing Improvements

WordPress 3.9 heralds a new easier way of managing your image uploads – instead of having to upload them into the media library (or clicking ‘Add Media’), you can simply drag and drop them right into the editor window.

Although a relatively small change, it reduces the number of clicks required to get your image into a post or page, making your editing process more efficient.

3.9 will be released on April 16th and once we’ve tested the upgrade process we’ll be applying it to all our hosted clients.

Another new feature is being able to view galleries within your posts/pages. If you’re using WordPress’s native ‘insert gallery’ functionality then instead of seeing a placeholder image, you’ll see the actual images now.

wordpress-3.9-galleries

Here are the release notes that give you an insight in what to expect when 3.9 is released:

  • We updated TinyMCE, the software powering the visual editor, to the latest version. Be on the lookout for cleaner markup. Also try the new paste handling — if you paste in a block of text from Microsoft Word, for example, it will no longer come out terrible. (The “Paste from Word” button you probably never noticed has been removed.) It’s possible some plugins that added stuff to the visual editor (like a new toolbar button) no longer work, so we’d like to hear about them (#24067). (And be sure to open a support thread for the plugin author.)
  • We’ve added widget management to live previews (the customizer). Please test editing, adding, and rearranging widgets! (#27112) We’ve also added the ability to upload, crop, and manage header images, without needing to leave the preview. (#21785)
  • We brought 3.8′s beautiful new theme browsing experience to the theme installer. Check it out! (#27055)
  • Galleries now receive a live preview in the editor. Upload some photos and insert a gallery to see this in action. (#26959)
  • You can now drag-and-drop images directly onto the editor to upload them. It can be a bit finicky, so try it and help us work out the kinks. (#19845)
  • Some things got improved around editing images. It’s a lot easier to make changes to an image after you insert it into a post (#24409) and you no longer get kicked to a new window when you need to crop or rotate an image (#21811).
  • New audio/video playlists. Upload a few audio or video files to test these. (#26631)

Heartbleed SSL Bug

At 10° we take your website security very seriously. We were alerted to the Heartbleed bug on Wednesday 10th April 2014 and proceeded to update all our servers to the latest version of OpenSSL to close this vulnerability. Any SSL certificates that we manage have since been reissued as per the recommendations.

This bug has been widely reported by the general media such as the BBC, Indendepent and Guardian.

If your site uses an SSL certificate (most likely for ecommerce) then it’s likely your website has been open to this problem for the last two years. 66% of websites that use SSL have been affected globally so it’s a massive problem that has affected high profile social media, banks & online retailer sites globally.

Due to the nature of the bug, anyone exploiting it leaves very little evidence behind as to their activity – so it’s impossible to know at this time how much of the internet has been compromised, and who knew about the bug in the last two years.

The relative good news is that service providers were quick to react and the issue is alerting the public to the security of the internet. As a precaution we recommend changing any login passwords you have to any website, as these may have been compromised.

For a simple explanation of how the Heartbleed bug works:

WordPress 3.8 “Parker” – What To Expect

WordPress 3.8 will be imminently released and if you’re hosted with us then you’ll be upgraded once the update is available.

3.8′s biggest change is the redesign of the admin interface which is also now responsive. The higher contrast design will help those with visual impairment but also gives WordPress a much-needed polished look and feel.

This cheesy video sums up the changes:


If you’ve been updating your website via mobile or tablet then you’ll know it’s not been a great experience having to pinch & zoom around the screen. 3.8 fixes all of this with its new responsive admin screens using a similar interface to how Facebook works with it’s left-hand drawer menu. WordPress is now a joy to use on tablets & mobiles!

The cleaner ‘flat’ interface design is more than just a facelift – there are improvements in the Themes section and Widgets selection area.

Welcome to WordPress 3.8

The dashboard has been given some love too so you can organise your dashboard widgets into four columns – there’s also a couple of new widgets in there to help make the most of your website.

Twenty Fourteen WordPress Theme

If you’re new to WordPress then you’ll love the new TwentyFourteen WordPress theme that comes with 3.8. It’s worth checking out this theme if you’re just starting a blog as it makes for a great magazine-style design:

TwentyFourteen Theme

This release is named in honour of Charlie Parker:

WordCamp London

Tomorrow sees the start of a two day WordCamp conference in London which I’ll be attending – aptly named WordCamp London.

Unlike other WordPress events, WordCamps have the official seal of approval from WordPress and actively support the open source movement.

The event is open to bloggers, developers & those interested in WordPress so it’ll be great to spend the day with 350 other like-minded individuals whilst learning lots more about WordPress. Continue reading

WordPress 3.7 “Basie”

WordPress 3.7 has been released to the public. This version (named after Count Basie) heralds a major new feature: automatic updates.

What does this mean for you? If you have a WordPress site running 3.7 and your hosting is set up correctly then you’ll never need to worry about keeping WordPress up to date again – it does it automatically.

Each time a new version is released, WordPress will update itself. This means you’ll receive critical security updates as they’re released, keeping your site safe & secure.

Other slightly less interesting updates in this version include:

  • Stronger passwords. The password indicator when creating new users now detects common keyboard patterns (e.g. 123456) and other common password malpractices.
  • Better globalisation support. If you’re running WordPress in a language other than English then you’ll receive automated translation updates as & when they are released.

Whilst you’re marvelling at the WordPress greatness (just me?), have a listen to Jumpin’ at the Woodside by Count Basie:

WordPress 3.6 “Oscar” Update

WordPress 3.6 was officially released today and comes with a host of new features and exciting developments. Of particular note to us is the revision functionality and built-in media player for video and audio.

All our hosted clients have been automatically updated to 3.6.

  • Revamped Revisions save every change and the new interface allows you to scroll easily through changes to see line-by-line who changed what and when.
  • Post Locking and Augmented Autosave will especially be a boon to sites where more than a single author is working on a post. Each author now has their own autosave stream, which stores things locally as well as on the server (so much harder to lose something) and there’s an interface for taking over editing of a post, as demonstrated beautifully by our bearded buddies in the video above.
  • Built-in HTML5 media player for native audio and video embeds with no reliance on external services.
  • The Menu Editor is now much easier to understand and use.
  • The new Twenty Thirteen theme inspired by modern art puts focus on your content with a colorful, single-column design made for media-rich blogging.

Post Revisions

Post revisions now let you compare previous drafts of a post to the current one. Perhaps you overwrote some text or another editor overwrote something? Now you can review past post revisions using a handy slider with difference highlighting, e.g.:

wordpress-revisions

Video & Audio Embedding

WordPress now includes an HTML5 player which lets you embed audio and video on your blog without having to rely on external services such as YouTube or Vimeo. For video, just upload an MP4 or OGV file and insert it like you would an image and WordPress handles the rest. For audio, just upload an MP3 file.

As an example I’ve embedded the WordPress release video here:

Oscar Peterson

I’m a big fan of jazz, as are the WordPress team so this release is named to honour Oscar Peterson. Have a listen if you’ve got Spotify:

Protect Your WordPress Site From Plugin Attack

According to Checkmarx WordPress plugin review, 20% of the top 50 most downloaded plugins are at risk of security vulnerabilities. Checkmarx is an Israeli application security firm who have published the results of a six month review of popular plugins available for WordPress.

See the full report here: The Security State of WordPress Plugins.

As WordPress gets more popular, it’s increasingly targeted by hackers to find vulnerabilities in code to exploit websites for nefarious purposes. This generally only affects those using self-hosted WordPress, not those with sites at WordPress.com. If you set up WordPress yourself or got a developer to do it, you’re using the self-hosted version and you should read on to educate yourself about plugin security. Continue reading

Designing Websites for Web Developers

I’m often contracted to develop a website that’s been designed by another agency. The more experienced agencies usually know how to produce top notch PSD files and a specification that I can use to produce the website.

However I come across too many designers that struggle when it comes to producing artwork suitable for development. This is becoming a greater problem now that responsive design is becoming popular as there are systems that need to be put in place to ensure what’s designed can actually be built properly.

The following tips will help you become a better designer and make web developers love you. Continue reading

Website Security Bulletin 26th April 2013

Over the last few weeks there have been some mainstream media reports of website security issues – some surrounding WordPress and some around website security in general.

A number of our clients have asked us for more information on these reports.

As a website hosting company we take security issues very seriously and continue to do everything we can to minimise the risk of websites being compromised. As part of our hosting service, this includes:

  • Keeping abreast of new threats on a daily basis.
  • Ensuring core website software is kept up to date.
  • Maximising the security of our servers to reduce the risk of hacking.
  • Updating website plugins as & when risks are identified.
  • Working with our providers when network issues are identified (such as ‘denial of service’ attacks).

One example in the news recently is the report of a network of 100,000 hacked computers being used to target WordPress sites in an attempt to guess passwords to gain access to websites.

We blogged about this issue when it happened and quickly implemented the recommendation of changing admin usernames and passwords.

More recently two website performance plugins were found to be vulnerable to a particular type of attack. We immediately updated all affected clients.

Whilst we can’t blog about every issue that we identify, we continue to work in the background supporting our clients websites.

Questions about website security or our hosting service? Leave a comment below or get in touch.

What we’re doing to protect our clients against the global WordPress attack

You may have read in the news that WordPress websites are being targeted by a huge network of hackers (think 100,000 computers all aimed at hacking your site). The news of this has been spreading over the weekend as more & more sites fall victim to this unprecedented attack.

“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” security and website performance firm CloudFlare said in a post Friday.

The primary method of attack is trying to use brute force to guess the password of the default ‘admin’ user that is set up on the majority of WordPress sites. To mitigate this issue we’re checked all our clients’ sites and removed the default admin user. Our firewall will also be providing a high level of security against these attacks through IP filtering.

Not hosted with us? Here’s what you can do

If you’re not hosted with us then please check your own WordPress users screen and remove the ‘admin’ user if it exists:

wordpress-users

If you want added protection for your site you can also install a login limiting plugin that will block brute-force attempts at guessing passwords.

This global attack is aimed at creating a larger network of compromised servers which could be used at a future date to target government or financial institutions. An attack similar in size was reported by many network providers last month.

We’ll be closely monitoring all our hosting clients to ensure their sites do not get compromised.