Connect with us

WORDPRESS

WP Lookout Lets WordPress Users Track and Receive Notifications for Their Preferred Plugins and …

Published

on

wp-lookout-lets-wordpress-users-track-and-receive-notifications-for-their-preferred-plugins-and-…

Should WordPress notify users of plugin ownership changes? That was the question that Ian Atkins asked two months ago. WP Tavern readers seemed to think it was a good idea, at least those who commented on our coverage of it. However, the original Trac ticket has not seen any movement since.

There are real technical issues with automating the process. A change of ownership does not necessarily equate to a change of the plugin author. This is often the case when someone acquires a company and maintains the brand.

Tracking such changes does not necessarily need to go through WordPress. Chris Hardie built a service called WP Lookout that notifies users of such changes and much more. It has also been available since August of 2020.

“WP Lookout watches for interesting changes to the WordPress themes and plugins that someone cares about,” said Hardie. “I created WP Lookout for professional WordPress developers, consultants, and site managers who want to stay more informed about the plugins and themes that they (and their clients) depend on.”

While WP Lookout faces the same challenges with plugin ownership changes, it does have an advantage. It also tracks WordPress news organizations, including WP Tavern and Post Status. Even if the ownership change is not reflected on the plugin’s WordPress.org page, the story may be picked up in the news.

Advertisement

Hardie launched the news-tracking feature in early December 2020. It includes the Wordfence vulnerabilities blog and iThemes vulnerabilities roundup blog as a part of the service’s security notification system. The service also scans change logs for keywords related to security.

Notifications do not stop there. The WP Lookout tracks plugin, theme, and core WordPress updates. It also supports several commercial plugins such as Advanced Custom Fields Pro, Gravity Forms, and WP Rocket.

“When we first decide to use a theme or plugin on a WordPress site, we hopefully research it thoroughly — code quality, ratings, support responsiveness, new release history, speed of security fixes, and so on — but once it’s installed it’s easy to neglect those important bits of ‘health’ information over time,” said Hardie. “Auto-updates are great from many perspectives, but I think anyone who has had to manage and troubleshoot a non-trivial WordPress site over time knows that it’s also important to stay aware of, for example, what’s happening in the change log or whether ownership of a plugin has changed hands. But nobody wants to log in to wp-admin on a bunch of sites every week to gather that info.”

Hardie said WP Lookout will always have a robust free option for people who just want a daily email notification for a handful of plugins and themes. However, there are paid tiers for customers to access more features. They allow users to track more plugins and themes and get immediate alerts through email, RSS, Slack, or custom webhooks.

“The middle tier supports up to 50 themes/plugins, immediate email notifications, and a personalized RSS feed,” he said. “The Builder tier supports up to 200 themes/plugins and adds in Slack and custom webhook support along with the option to just get security-related notifications. With more real-world user feedback, we may adjust what’s in each tier over time.”

All users get access to the Builder tier for a few weeks after signing up. After that, they must subscribe or stick with the free tier features.

Advertisement

How the Service Works

Single plugin tracking history via the WP Lookout website.
Single plugin tracking history.

WP Lookout allows users to search for and add a tracker for individual plugins. The service primarily relies on the public WordPress.org API for getting plugin and theme data. This is the same system that WordPress uses to check to see if updates are available.

“But it also goes beyond what the API offers,” said Hardie. “For example, there’s no standard yet for theme authors to provide .ORG theme change logs, and so that information doesn’t show up when you go to update a theme in wp-admin; you’d have to go poking around in Trac or source files to find it. So WP Lookout follows the trail to the change log details and puts that right in front of you.”

Multiple plugins being tracked via the WP Lookout service.
Active plugin trackers.

There is also a WP Lookout plugin available in the plugin directory. It uses an API key, which users can get from the WP Lookout website. The plugin then lets the WP Lookout service know what plugins and themes are installed and adds them as trackers. Using the plugin is far more efficient than manually adding individual plugins and themes.

For plugins and themes that are not on WordPress.org, the service uses custom update APIs provided by the third-party developers. If that is not sufficient, it uses webpage scraping. For news sources, it parses RSS feeds.

“It’s been interesting to see the wide variety of ways that WordPress theme and plugin authors do or don’t manage and present data publicly about their products,” said Hardie. “Some have API endpoints that return the same level of detail as the .ORG API, others have change log/version documents generated by some internal tools, and still others don’t bother doing much at all. I think an argument could be made to standardize on something here for the long-run to help boost the culture of keeping software updated, even/especially if it eventually makes the need for a tool like WP Lookout obsolete.”

The Future of WP Lookout

Hardie has no plans of sitting on what he has already built. One of the next goals is regularly adding new themes and plugins that are not on WordPress.org. This will mean connecting with development teams and figuring out how users can get notifications of things that often have no public APIs. The lack of standardization in the space could be a tough hurdle to jump.

“I have a long list of features I’m planning to add, including things like integrating tracking GitHub repo releases, bringing some helpful data points from WP Lookout into the wp-admin interface, WordPress Packagist integration, allowing per-tracker Slack channel configurations, better internationalization, and better handling of change logs that theme/plugin authors chose to maintain outside of their .org code repositories,” he said.

Hardie does not want to get too far ahead of himself with feature ideas. He said he is excited to get more feedback from users about what they find useful. Currently, there are 80 users, which is publicly available data. WP Lookout maintains an open data and financial transparency page.

Advertisement

“Despite having paid options for more advanced users, I mostly think of this as a service I want to operate for the WordPress community, and I’ll always have a robust set of free functionality,” he said. “I’m also committed to participation in Five for the Future, bringing what I’ve learned here back into improvements that might benefit all WordPress users, whether they take advantage of WP Lookout or not.”

Read More

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

WORDPRESS

New WordPress.com Themes for March 2024 – WordPress.com News

Published

on

By

New WordPress.com Themes for March 2024 – WordPress.com News

Five of our favorite new themes.

The WordPress.com team is always working on new design ideas to bring your website to life. Check out the latest themes in our library, including great options for small businesses, sports fan, nostalgic bloggers, and more.


Feelin’ Good is a vibrant (to say the least!) blog theme with a bold vaporwave aesthetic. Its nostalgic atmosphere pays homage to the daring, over-the-top visual art and advertisements of the ’80s and early ’90s. We’ve combined a lot of elements that shouldn’t work together, but do. If you’re looking for a dynamic, attention-grabbing, eye-popping visual feast of a theme, try Feelin’ Good.

Advertisement

Click here to view a demo of this theme.


1711610762 938 New WordPresscom Themes for March 2024 – WordPresscom News

Low Fi is a simple blog theme featuring a narrow column layout that’s optimized for seamless browsing on mobile devices. With six style variations, you’re sure to find a palette you’re drawn to. Taking inspiration from the lo-fi beats music scene, the theme’s design cues, such as the square header image, offer a nod to album artwork.

The overall aesthetic is deliberately understated, with each element—from the muted color schemes to the textured background—crafted to evoke a sense of nostalgia and warmth.

Click here to view a demo of this theme.


1711610763 567 New WordPresscom Themes for March 2024 – WordPresscom News

Cakely is the ultimate WordPress theme designed specifically for passionate bakers, cake enthusiasts, and dessert lovers. Tailored for small businesses aiming to shine in the world of sweets, Cakely effortlessly combines style and functionality to showcase mouthwatering creations. Its vibrant pink color scheme exudes joy while maintaining a classy, clean layout with easy navigation. This theme ultimately strikes the perfect balance between professionalism and playfulness, making it an ideal choice for showcasing your delicious masterpieces.

Click here to view a demo of this theme.


New WordPresscom Themes for March 2024 – WordPresscom News

Treehouse is a carefree, fun, and friendly theme ideal for Woo stores selling children’s products. With its unlimited customization options, Treehouse enables you to set up an online shop with just a few clicks. Utilizing a soft color palette, playful design details, and simplified layouts, your site will attract a wide range of customers, from young parents to over-the-moon grandparents. This theme is fully responsive and cross-browser compatible.

Click here to view a demo of this theme.


New WordPresscom Themes for March 2024 – WordPresscom News

Major League Baseball’s 2024 season kicks off on Thursday, March 28. What better way to show your home team the love it deserves than with a baseball-themed fan site! With a somewhat old-school layout, this theme evokes some of the classic sports sites of the ’90s, back before fantasy leagues took over. The header and accent colors are customizable, ensuring that your favorite crew is properly saluted.

Click here to view a demo of this theme.

Advertisement

To install any of the above themes, click the name of the theme you like, which brings you right to the installation page. Then click the “Activate this design” button. You can also click “Open live demo,” which brings up a clickable, scrollable version of the theme for you to preview.

Premium themes are available to use at no extra charge for customers on the Explorer plan or above. Partner themes are third-party products that can be purchased for $79/year each.

You can explore all of our themes by navigating to the “Themes” page, which is found under “Appearance” in the left-side menu of your WordPress.com dashboard. Or you can click below:


Join 4.7M other subscribers

Advertisement

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

WORDPRESS

How to Get Started: Investigating Payment Gateways Online

Published

on

By

How to Get Started: Investigating Payment Gateways Online

When investigating a website, app, or online shop, one of the key questions you may need to answer is ‘How are they making money?’ 

Investigating the financial transactions of an organisation can reveal details about its connections and funding. Furthermore, if the website or app is engaged in illicit transactions, tracing the payment gateway can help achieve accountability by identifying what sites they are using to earn money.   Bellingcat has looked into the payment processors in previous investigations on far-right merchandise, Britain’s far-right influencers, and non-consensual deepfake pornography.

Credit: Nicolas Guyonnet / Hans Lucas via Reuters Connect

Payment gateways are a technology that takes a customer’s payment information, checks it with their financial institution, verifies that the transaction is legitimate, and then completes the transaction. As explained by Forbes, online stores need a payment gateway to be able to facilitate payments. Companies including PayPal, Stripe, and Square are commonly used as a payment gateway for online purchases.

Most mainstream payment gateways (like Stripe and PayPal) prohibit their services from being used in illegal transactions including the sale of illegal drugs, the promotion of hate or racial intolerance, and non-consensual adult content. Finding evidence that someone is violating the Terms of Services of these companies – and how they are doing so- can lead to the closure of loopholes and accounts. It can also provide additional information about an organisation’s revenue streams. 

It is nearly impossible to conduct online transactions without a payment gateway. So it should be possible to find the payment gateway of an organisation earning money, even if it is not obvious at first. One resource that is extremely useful is Chrome’s built- in developer tools (other browsers also have similar tools). Below we’ll provide an overview of the tools to use and questions to ask when scrutinising payment systems. 

How are they Taking Payment?

For online transactions, you’ll typically see websites accept traditional forms of payment including credit cards, debit cards and, more recently, cryptocurrency. Since cryptocurrency is not subject to the same regulations as traditional financial systems, cryptocurrency is often used to process payments for illegal services. Since this does not need to be ‘hidden’, websites will usually disclose which currency they accept and how to transfer funds into a crypto wallet. There are other ways you can track funding through cryptocurrency, as discussed in this guide.

Advertisement

If none of the above apply?  Other sites that use a payment gateway will accept money directly via credit card payment,  bank transfer, or through peer-to-peer payment apps (i.e., PayPal, Cash App, Zelle). If this is the case, you should be able to identify the payment gateway being used. In the case of the peer-to-peer apps, these services may be used by businesses and not just individuals’ transactions. They also require a bank account or credit card to use them. It is helpful to view transaction options on both the mobile app and web browser, in case the options differ.  It is also worth checking the currency that payments are being taken in – if it is a US website taking payment in a foreign currency, that can also provide clues. Further, if a website is using different payment gateways depending on the currency, this can lead to additional leads in your investigation. Payment options may also change depending on what IP address you are using. In other words, setting your IP address in the UK and then changing it to the US may result in different payment gateway options.

Where are they Soliciting for Payment?

Organisations may solicit for payment via a website or a messaging app like Telegram. It is important to investigate all avenues where  payment is being requested as each method may provide different clues for your investigation. For example, for some of the AI deep fake services we investigated here we found that companies would accept different payment methods depending on how you tried to pay – via their website, via a web browser or via Telegram. Sellers may want to direct their users away from their website to more private forums such as Telegram to facilitate transactions and avoid detection.

Is the Organisation Trying to Hide How Payment is Taken?

For some sellers, using a mainstream payment gateway may  violate the terms of service of that company. To be able to use their services, these sellers may  try to hide the nature of their goods from the payment gateway company. 

A Walk Through Example

Some sites may not show their payment options without signing up first. 

This was the case with the Nudify.VIP site which offers non-consensual AI Deep Fake pornography.  

Initially, the website states that their services are free. 

Advertisement

“With our service you can undress any person in a photo absolutely FREE!” 

However, this is misdirection, as you are then prompted to log in or sign up. Only once you create an account do you discover that you need to pay to access the service and how much it costs.

After creating an account, we were presented with two options to pay, by card or crypto. 

You are then presented with an option to pay via crypto or via credit card, but it does not yet say what cards they accept or what payment gateway they use. 

Clicking through to ‘Go To Payment’ gives us a new screen that lets the user pay via credit card (ie MasterCard, Visa), a US Bank account (ie Wells Fargo, USAA), or through Cash App. 

There is no indication of the payment gateway they are using, but if we look at the URL on the checkout page, we can see that it no longer says that we are on a Nudify.VIP domain. This is a clue that users are being directed to the checkout page through another website. This method is used to hide the true source of purchases from payment gateway providers. There’s another clue  that the domain has changed- in the fine print at the bottom of the checkout page. Via the Checkout Page using either Cash App or credit card options, it discloses:

“By providing your card information, you allow aiphotos.art to charge your card for future payments in accordance with their terms.”

Advertisement

This is another clue that the payment gateway does not know this belongs to an AI Deep fake service Nudify.VIP.

Three checkout options for Nudify.VIP: credit card, US bank account, and Cash App.

Use Browser Developer Tools to Investigate Further

All modern browsers have some form of built-in developer tools. You can search online for your specific browser (e.g. Firefox, Chrome, Safari). If you are in Chrome, you can right-click anywhere on the screen to get a menu and an option to ‘Inspect.’ You can also use keyboard shortcuts which can vary between MacOS or Windows. For Windows, you can click CTRL + SHIFT + I and on MacOS you can click Option + Command + I on your keyboard. Any of these actions will open the developer tools which allows you to  view the code of a webpage (such as HTML, CSS, and Javascript). This should appear on the right-hand side of your screen. While developer tools are designed to check for bugs or errors in a website, you can use them in your investigation.

There should be a list of tabbed options for you to view on the top menu bar. Clicking on ‘Sources’ shows you all the resources that the website is using. 

This is a good place to start to look for any clues about what piece of code is being used in the checkout process.  In the example below, one of the listed sources on the page is titled ‘js.stripe.com.’



Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

WORDPRESS

15 WordPress Pro Developers You Should Follow in 2024 – WordPress.com News

Published

on

By

15 WordPress Pro Developers You Should Follow in 2024 – WordPress.com News

The WordPress community can sometimes seem like a vast ocean of people, information, and resources. Here are 15 folks to follow to stay on top of everything you need to know.

WordPress is so powerful and versatile that the WP community can sometimes seem like a vast ocean of people, information, and resources. In today’s Build and Beyond video, Jamie Marsland shares 15 of the most influential developers he follows to keep on top of new features, learn cool new tips, and, ultimately, get the most out of WordPress. 

Of course, we couldn’t feature all the great people in this space, so be sure to comment below with your favorite WordPress-related follows.  

Ready to build on WordPress.com? Start a free trial today:

Here are the folks mentioned, as well as where to find them on the web: 

Nick Diego

Advertisement

nickdiego.com
twitter.com/nickmdiego

Sarah Norris

twitter.com/mikachan_

Brian Coords

youtube.com/@BrianCoords
twitter.com/briancoords

Carolina Nymark

Advertisement

fullsiteediting.com
twitter.com/carolinapoena

James Kemp

jameskemp.blog
twitter.com/jamesckemp

Anne Bovelett

annebovelett.de/en
twitter.com/bovelett

Justin Tadlock

Advertisement

justintadlock.com
twitter.com/justintadlock

Ryan Welcher

ryanwelcher.com
youtube.com/@ryanwelchercodes

Aki Hamano

twitter.com/tetsuaki_hamano

Aurooba Ahmed

Advertisement

twitter.com/aurooba
youtube.com/@AuroobaMakes

Eric Karkovack

twitter.com/karks88
twitter.com/speckyboy

Keith Devon  and Mark Wilkinson

youtube.com/@HighriseDigital

Joost de Valk

Advertisement

joost.blog
twitter.com/jdevalk

Elliot Richmond

youtube.com/@elliottrichmondwp

Rich Tabor

rich.blog
twitter.com/richard_tabor

Jessica Lyschik

Advertisement

twitter.com/jessicalyschik
youtube.com/@jessicalyschik


Join 109.6M other subscribers



Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

Trending

Follow by Email
RSS