Issue #198
The Repository logo.
Happy Sunday! It's December 10 and we're covering the PHP_CodeSniffer project, phishing scams, the WordPress 6.5 roadmap, Spencer Forman's chat with Syed Balkhi, and much more.

This week's issue is two days late. Thank you for your patience. Personal and work commitments collided in a beautiful mess. We hope you enjoy this edition.

First time reading? Sign up here. Got an opinion? Send your thoughts, feelings and news tips to [email protected].

This week in WordPress

1. Major PHP library PHPCS in dire need of financial support

"There are posts I like to write and there are post you need to write. This is one in the latter category. Please read it and spread the word, this is crucially important for almost all PHP based open source projects out there," posted investor Joost de Valk this week, linking to PHPCS, a major PHP library, needs support at Post Status.

Here's the gist of it: PHP_CodeSniffer (aka PHPCS) a library used by almost every major PHP project, including WordPress, Drupal and Joomla, was recently abandoned by its long-time sponsor, Greg Sherwood from Squiz Labs, and needs financial help.

As Human Made CEO Tom Willmot explains, PHPCS is "Crucial for maintaining consistency, readability, and quality in codebases, especially in collaborative environments, it checks PHP, JavaScript, and CSS code against a set of defined coding standards, helping ensure that the code adheres to specific formatting and stylistic conventions."

After Sherwood refused to transfer ownership of the PHPCS repository to developer Juliette Reinders Folmer, who has contributed the majority of code to the project in recent years, she forked it. She's now working to release version 3.8.0 before asking developers to switch to a new PHPCS repository. She provides the backstory in The Future of PHP_CodeSniffer on GitHub.

As de Valk highlights in his post, Reinders Folmer has been working effectively for free on projects like PHPCS and WordPressCS for years. He says it's time for companies and individuals to support her projects: "This is a crisis time for thousands of companies and developers depending on PHPCS for their projects, their development flows, and even products and hosting directly benefit from those contributions. Tens of millions of websites rely on these projects as they are used directly and indirectly by and related projects."

Following de Valk's appeal last weekend, Human Made and GoDaddy Pro have committed $1,000 per month and have called on other corporate sponsors to step up. Automattic has quietly committed $5,000 per month to PHPCS.

Reinders Folmer is also seeking financial support to fund her full-time work on open source projects. She now has 34 sponsors, including several WordPress core committers.

2. Phishing scams target WordPress admins with fake security advisory

The WordPress Security Team and security companies are tracking multiple phishing scams impersonating both the "WordPress team" and the "WordPress Security Team" in an attempt to convince site admins to install malware on their websites.

Bill Toulas has the story at Bleeping Computer: Fake WordPress security advisory pushes backdoor plugin.

As Toulas explains, bad actors are sending fake emails to site admins, warning that a fictitious vulnerability tracked as CVE-2023-45124 has been detected on their site, and they should download and install a plugin to address the security issue.

Patchstack's security advisory includes screenshots of fake emails, a fake plugin listing, and fake five-star reviews created as part of the elaborate scam.

"Got to give it to the people behind this... it was very clever😂," posted developer Darren Griffin. But as developer and consultant Carrie Dils posted, "tl;dr: 'The WordPress team' would never refer to themselves as 'The Wordpress team' in a phishing email. 🤪 #capital_p_dangit.”

3. WordPress 6.5 roadmap prioritizes font library, support for Classic themes and redesign

The new font library, support for appearance tools in Classic themes, and the first taste of the WordPress admin redesign are among the top priorities on the WordPress 6.5 roadmap, published this week on the Make WordPress Core blog.

According to Automattic-sponsored contributor Anne McCarthy, the next major release of WordPress, scheduled for March 26, 2024, will bring "greater design control and optionality, more robust block capabilities with new APIs, access to current block theme functionality to classic themes, and the start of the new admin redesign," which will deliver new data views for templates, template parts, and patterns in the Site Editor.

Other priorities include improvements to revisions, a mobile-friendly navigation block, new APIs (the Interactivity API, Custom Fields API, and Block binding API), improved PHP compatibility, plugin and theme rollbacks after automatic updates, improved dependency management, and overall performance enhancements.

McCarthy notes, "As always, what's shared here is being actively pursued, but doesn't necessarily mean each will make it into the final release of WordPress 6.5."

The roadmap has been well-received by the community, including Mike McAlister, the designer and developer behind the Ollie theme, who posted, "The great modernization of WordPress is happening before our eyes. I've been telling ya's for years to put aside your preconceived notions about this platform and start paying attention to these releases… these big releases lately are solidifying [WordPress's inevitable long term success."

Damon Cook, Developer Advocate at WP Engine, points out that "The Roadmap for WordPress 6.5 looks like a hefty list of items to work on. We'll need all the hands we can get," and asks, "Who is in?"

4. Syed Balkhi defends marketing tactics and cancellation processes

Awesome Motive founder and CEO Syed Balkhi says his company has implemented best practice cancellation processes that other WordPress businesses should learn from and implement, and his critics are competitors or envious of his success.

During a friendly but combative one-hour discussion with WordPress strategist Spencer Forman published on YouTube this week, Balkhi addressed questions on everything from Awesome Motive's "dialed up to 11" marketing practices to WordPress governance, his business ethics and personal legacy and the corporate sponsorship of WordPress contributors and infrastructure.

Kicking off the call, Forman asked Balkhi why he has so many critics—including a new parody account, @evilmotive, on X/Twitter—noting that his company's aggressive marketing practices don't reconcile with his personal ethos. Balkhi dismissed his critics, saying "I would challenge you, there are over 25 million websites using our software and the impact that we're making in our custome's businesses, their lives and indirectly in their communities is a far bigger part of my legacy than the opinion of a select few, maybe 100 or 200, that are envious or are competitiors, and that is where we differ."

Watch the full discussion on YouTube: Syed Balkhi & Spencer Forman Discuss The Future Of WordPress.

Barn2 co-founder and CEO Katie Keith, who has been critical of Awesome Motive's marketing practices, including their cancellation processes, posted, "I enjoyed @SpencerForman's fascinating interview with @syedbalkhi. Spencer did a great job interviewing him and disagreeing where appropriate. Syed gave some excellent answers and it's fantastic that AM are starting to contribute to the community more." But also: "I would have liked Syed to answer some of the specific criticisms more directly instead of escaping into generalisations and suggesting that people are jealous."

Meanwhile, Bertha.AI co-founder Andrew Palmer posted, "I reckon @syedbalkhi proved why he as good at this as he is."
🗞️ Enjoying today's email? Share with your friends.

Business Spotlight: Do the Woo


Do the Woo, a podcast by the community for the community →
Our shows are filled with stories, insights, tips and even some good laughs as guests and guest hosts across the globe take to the Do the Woo stage. Listen and connect with the community you are part of.

In other news

WordPress project

> This year's State of the Word will be live-streamed on the YouTube channel from Madrid, Spain, tomorrow at 3pm UTC (State of the Word)

> WordPress 6.4.2 was released this week and patches a remote code execution vulnerability that has the potential for high severity when combined with some plugins, especially in multisite installs (WordPress News)

> Gutenberg 17.2 was released this week and brings improvements to the site editing experience—including the ability to drag and drop to the top and bottom of the document and sticky table headers—sticky table headers and pagination, and a toolbar for the distraction-free mode (Make WordPress Core)

> The WordPress Plugin Review Team has reopened applications for new contributors to help reduce the plugin review queue (it's currently at 794 plugins, and the wait is at least 60 days) and create a diverse and inclusive team (Make WordPress Plugins)

> Bluehost-sponsored core committer Jonathan Desrosiers has proposed creating a theme task force to triage tickets and update WordPress default themes, independent of core releases (Make WordPress Core)

> The minimum required version of MySQL will be raised from 5.0 to 5.5.5 in WordPress 6.5. MySQL 5.0 reached its end of life in 2012 and has been unsupported and insecure for over 12 years (Make WordPress Core)

WordPress community

> WordPress Sustainability Team rep Nahuai Badiola has launched Sustain WP, an eight-episode podcast about digital sustainability in WordPress that he created during his Green Web Foundation fellowship (Sustain WP)

> Human Made has updated the LGBTQIA section in its publicly accessible employee handbook and is encouraging other companies to adopt their practices as part of an initiative to be louder and prouder about their support for the LGBTQIA+ community (Human Made)

> Dustin Hartzler joined Matt Mederios on The WP Minute+ for a conversation about the early days of WordPress media, the high-stakes game of balancing life, work, and passion, and how podcasts have changed over the past 10 years (The WP Minute)

Business, enterprise & acquisitions

> At "peak Swift," the WordPress VIP-powered website served over 100,000 requests per second following the announcement that Taylor Swift is TIME's 2023 Person of the Year. "Head to their site to see Gutenberg in action!" posted Automattic (X/Twitter) | "What a testament to Headless WordPress and @WordPressVIP. Amazing!" posted WebDevStudios CEO Brad Williams (X/Twitter)

> MOJO Marketplace recently emailed members of its community to announce it is shutting down on December 31, 2023. Devin Walker covered the story on his weekly news podcast, highlighting that the 10-year-old marketplace is still active and accepting payments for WordPress products: "If you visit the MOJO Marketplace website, there is no notice or any indication of the upcoming shutdown." (YouTube)

> Kinsta launched a new look this week. The rebrand comes less than a month after the hosting company cut a third of its workforce as part of voluntary layoffs (Kinsta)

> Robert Abela joined WooBiz Chat this week to discuss the company's recent rebranding from WP White Security to MelaPress following the company's shift to offering website administration in addition to security (Do the Woo)

Products, platforms & plugins

> Developer Jacob Martella has launched Crosswinds, a premium framework designed to supercharge the site building experience via a multipurpose base theme with over 50 patterns and a plugin that offers more than 20 blocks (X/Twitter)

> Google-sponsored core committer Pascal Birchler is urging plugin authors to consider adding the WordPress Plugin Review Team's Plugin Check plugin to their development workflow (Pascal Birchler)

Conferences, awards & events

> The winners of The WP Awards were announced this week. Nearly 6,000 people voted across 27 categories, crowning ACF Pro the most popular plugin and the winner of the Dynamic Data Plugins category (The WP Weekly)

> Visual Composer has launched its annual #WPGivesAHand initiative, inviting WordPress businesses to donate a percentage of their sales from December 25 to 31 to charities (

WordPress security

> Wordfence is urging users of the MW WP Form plugin to update to the latest version after disclosing a critical unauthenticated arbitrary file upload vulnerability. The free plugin has 200,000 active installations (Wordfence)

> Wordfence is running a Holiday Bug Extravaganza. Until December 20, the security company is promising to pay out at least $100,000 to vulnerability researchers (Wordfence)

#WPCommunityFeels: Lawrence Ladomery

A photo of Lawrence Ladomery.
This week, what's inspiring Lawrence Ladomery a marketing specialist and founder of WP BizDev.

Want to nominate someone (or yourself!) for #WPCommunityFeels? Reply to this email and let us know.
A podcast worth listening to: This Old Marketing by Joe Pulizzi and Robert Rose. It's a must for anyone doing content marketing (and everyone should!).

A concept worth understanding: Marketing fundamentals. Marketers tend to focus too much on tactics and tech and too little on strategy. A tip: invest more in your brand if you want to be able to cut through the noise.

An X/Twitter account worth following: Jason Cohen (@asmartbear). His posts (and blog posts) are always very insightful and refreshingly original as opposed to regurgitated platitudes (that make up 90% of Twitter).

An article worth reading: Most articles published by The Economist or by an economist. They are based on facts, data, and stories often stem from their unexpected correlations.

A habit worth forming: Finding time to slow down and think things through without distractions. Go for a walk and leave your phone behind.

Together with GoDaddy Pro

The future of work: A GoDaddy survey of Gen Z entrepreneurs and side-hustlers

In the latest GoDaddy article by Geoffrey Brown, a groundbreaking survey reveals a substantial trend among Gen Z Americans towards entrepreneurship. A notable 32% are already business owners or side hustlers, with another 21% planning to start their ventures.

This piece delves into the motivations and challenges faced by these young entrepreneurs, highlighting their unique approach to financial security and technology.

For a detailed exploration of how Gen Z is reshaping the entrepreneurial landscape, check out the full article.

Learn more: The future of work: A GoDaddy survey of Gen Z entrepreneurs and side-hustlers.


🤔 Matt Mederios wonders how many Automattic products is too many?

🤦🏼‍♀️ Mika Epstein recalls how a developer got himself banned from after serving himself with a DMCA notice.

🕺🏼 BobWP asked ChatGPT how to do the Woo.

😵‍💫 Richard Best explains the perils for businesses with no or minimal terms of use.

🏃🏼‍♀️ Marieke van de Rakt advocates for an agile all the way approach.

🎯 Maarten Belmans from Studio Wombat publicly analyzed his Black Friday campaign.

💰 Katie Keith from Barn2 also did a port mortem on her Black Friday sales.

The Repository is a weekly email for the WordPress community by Rae Morey. Also on our team: proofreader Laura Nelson and columnist Jonathan Wold (who'll be returning soon, stay tuned!). Thank you to Kinsta, our web hosting sponsor, and MailPoet, our email sponsor.

Send your feedback to [email protected] and help us provide high-quality news written entirely by humans that matters to the WordPress community.

Interested in reaching WordPress people like you? Become a Repository sponsor.