WordPress & Security
Daisuke Takahashi is a Systems Information Science freshman student of Future University Hakodate.
He’s the lead organizer of Google Developer Group Hokkaido (Android & Polymer) and WordPress core contributor.
Daisuke is an Information Security specialist and he’s done a lot of developments with SELinux and YubiKey (FIDO U2F). He talked about WordPress 4.4 and security.
What’s new in 4.4?
He demonstrated 2FA using YubiKey.
By default, a 5-digit code is sent via email or phone call. And this 5 digits code may be extended.
According to Daisuke, “if you’re using Chrome, YubiKey is easier than time-based authentication.”
WordPress + Docker – Reusable WordPress Development Environments
Q & A Session
Mika Epstein has been using WordPress for 9 years. She writes and reviews plugins and helps in the WordPress forums.
“The WordPress forum is the easiest way to learn WordPress, especially for those who cannot code.”
Understanding who to write the code for makes your code better.
There are 6 people reviewing plugins where each one of them review about 10 plugins a day.
Plugin review takes about 5 – 10 minutes. Security is the top priority, so the review team read all the codes and make sure there are no errors.
With 30 plugins submitted per day, only half are approved.
Q: What are the key points in creating a plugin?
- Make sure not to spam
- Protect users
- Take a plugin and learn from it
Q: When’s the least plugin submission?
Q: Why are plugins rejected?
The plugin includes its own jQuery.
Q: To submit a WordPress plugin, what do developers have to prepare?
- Test installing your own plugin
- Create a .zip file and upload to WordPress
- Test with WP_DEBUG turned on
- Write readme.txt that meets the WordPress plugin readme file standards
You can also check it in the readme validator.
Q: What skills does a developer need to have?
“Patience, logical thinking and knows how basic code works.”
Q: Do you use any tools for scriptwriting?
“You cannot automate to find out what’s wrong,” she continued. If she sees something that is not GPL compatible, she will ask the author(s) to change it, or ask them to change the license because all codes on WordPress should be readable and can be edited by others.
Q: As a curator plugins, what areas (good for development) are lacking at the moment?
There are plugins still lacking in eCommerce to connect with multiple stores.
“Stores and many physical locations want WordPress to control that; there are no plugins to do your “inventory”, but this is not a good way to start writing a plugin.”