Sage 9 Beta 1

Development on Sage 9 started back in December of 2015 and we’ve finally shipped the first beta after four alpha releases. Follow the installation instructions to get started with Sage 9. Sage 9 has several improvements, and here’s the list of some of the important changes: Laravel’s Blade as a templating engine. Check out the … Continued

Using and Customizing WordPress Starter Content

Starter content allows themes to define suggested settings, pages, widgets, and menus on new WordPress installations. You can customize the starter content in order to best suit your theme. Introduced with the release of WordPress 4.7, the best example that exists right now is in Twenty Seventeen’s codebase. From a new WordPress 4.7+ installation, enter … Continued

WordPress Local Development on OS X with Valet and Bedrock

Laravel’s Valet tool makes spinning up a local development environment quick and painless for OS X users. Valet uses Nginx, PHP 7, along with MariaDB. It can be installed in just a few minutes with Homebrew and Composer. Valet or Trellis We recommend using Trellis to have dev/prod parity, but sometimes you need something quick … Continued

We’ve Migrated from Yoast SEO

We’re no longer running the Yoast SEO WordPress plugin on this site. We’d kept our Yoast SEO installation version at v2.3.5 and held off on updating the plugin after v3.0 was released at the end of November 2015. The large amount of bug reports and complaints since v3.0 were a big concern. Even with the … Continued

Simplifying Trellis

It’s easy to get comfortable using a project. Especially one that you’ve worked on and helped to create. Which is why it’s even easier to lose the perspective of a new user. Here’s what the default config looked like for a WordPress site in Trellis as of ~3 days ago: # Documentation: wordpress_sites: … Continued

Trellis Adds Let’s Encrypt Integration

Trellis now comes with automated Let’s Encrypt integration for free SSL certificates and the best HTTPS setup. HTTPS is now more important than ever. Strong encryption through HTTPS creates a safer and more secure web while protecting your site’s users. Google even started using HTTPS as a positive ranking for SEO purposes. Roots believes in … Continued

WordPress Password Security Follow-up

I wrote a blog post about on improving password security in WordPress and the Roots team created a plugin called wp-password-bcrypt to improve it a few weeks ago. Late Friday night, a few people (including myself) got into a Twitter argument about these security issues. Andrew Nacin, a Lead Developer of WordPress, ended up tweeting … Continued

Improving WordPress Password Security

We’ve released the wp-password-bcrypt plugin to improve WordPress password security by using bcrypt instead of insecure MD5 password hashing. March 21st update: see the follow-up post on password security for more information and corrections on some errors made in this post. WordPress, and its community, love to parrot that it powers 25% of the web. … Continued

Life of a Front-end WordPress Request

Have you ever asked yourself what happens when you hit a URL on a WordPress website? Here’s the very simplified version of the story: WordPress environment is loaded (core, plugins, theme) WordPress looks at URL and builds some query arguments based on it Obtained query arguments are used to run a \WP_Query (known as "main … Continued