Jetpack 2.9.3: Critical Security Update

Jetpack version 2.9.3 contains a critical security update, and you should update your site and any you help manage as soon as possible. You can update through your dashboard, or download Jetpack manually here.

During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.

Fortunately, we have no evidence of this being used in the wild. However, now that this update is public, it’s just a matter of time before exploits occur. To avoid a breach, you should update your site as soon as possible. (The vulnerability has been disclosed on the MITRE Common Vulnerabilities and Exposures system as CVE-2014-0173.)

This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world. We have been working closely with the WordPress security team, which has pushed updates to every version of the plugin since 1.9 through core’s auto-update system. We have also coordinated with a number of hosts and network providers to install network-wide blocks to mitigate the impact of this vulnerability, but the only sure fix is updating the plugin.

Over the next few hours, we will reach out to individuals whose sites are still running an insecure version. Sites that don’t update may be disconnected from the Jetpack service for their own security, and will be able to reconnect as soon as their version of Jetpack is updated.

If you host a large number of Jetpack-powered blogs, please leave your contact information in the comments so we can be in touch in the future. We have prepared and shipped point releases for all eleven vulnerable branches of the Jetpack codebase: 1.9.42.0.6, 2.1.4, 2.2.7, 2.3.7, 2.4.4, 2.5.2, 2.6.3, 2.7.2, 2.8.2, and 2.9.3. If you can force these upgrades for your hosted users, it will prevent their sites from being compromised.

Finding and fixing bugs is a key part of software development. I can’t promise there will never be another issue like this, but I can promise that when a problem is found we will do everything in our power to protect as many people as possible, as quickly as possible. We care deeply about each and every WordPress user.

Posted in Releases | 92 Comments

Jetpack 2.9

Jetpack 2.9 is out! We’ve got a few exciting new additions — Multisite support, a Related Posts module, and a more secure Single Sign On — along with many smaller improvements and bug fixes.

Manage all your Multisite connections with one login

Logging in to each blog on a Multisite network to connect and configure Jetpack can be time consuming. Now, you can administer them all from one master account. When network-activating Jetpack, you’ll see a new Jetpack > Settings tab in your Network Admin. From here, you can manage all your blogs’ connections, control whether individual blog admins can reconnect with their own account, and designate which Jetpack modules are activated by default.

Make your site stickier with Related Content

The Related Posts module encourages your visitors to stick around longer by displaying links to additional content on your site related to what they’re currently viewing. Usually, analyzing website content to suggest relations eats up precious server resources. By utilizing the power of WordPress.com, the Related Posts module gives visitors more of what they came for while keeping your server resources freed up.

Sample Related Posts

More security with Single Sign On

The Single Sign On module already gives you peace of mind against compromised user accounts because WordPress.com handles all the authentication for you — your site never touches the user’s private credentials. This release takes security a step further by giving site administrators the ability to require users to have Two-Step authentication enabled on their WordPress.com account before they can log in.

Posted in Releases | Tagged , , , , | 47 Comments

How to exclude a category from the Mobile Theme

If you’ve ever wanted to exclude a particular category of posts from being displayed by Jetpack’s Mobile Theme, you can use the following code in your theme’s functions.php or in a functionality plugin:

// Check if we are on mobile
function jetpackme_is_mobile() {
 
    // Are Jetpack Mobile functions available?
    if ( ! function_exists( 'jetpack_is_mobile' ) )
        return false;
 
    // Is Mobile theme showing?
    if ( isset( $_COOKIE['akm_mobile'] ) && $_COOKIE['akm_mobile'] == 'false' )
        return false;
 
    return jetpack_is_mobile();
}
 
// Modify the main query on the home page for the mobile theme.
function jetpackme_modify_main_query( $arg ) {
    if ( jetpackme_is_mobile() && is_home() ) {
         $arg -> set( 'cat', '-1' );
    }
}
add_action( 'pre_get_posts', 'jetpackme_modify_main_query' );

You would need to replace the 1 in

$arg -> set( 'cat', '-1' );

with the ID of the category you want to exclude.

Looking for more mobile tips? You’ll find them here! And if you more general need help with the Mobile Theme, take a look at our support doc.

Posted in Code snippets, Tips & Tricks | Tagged , , | Comments Off

Let Users Showcase their Posts with Featured Content

Featured Content Settings

The power of showcasing content

Featured Content is a great way to let users highlight their most important posts. Our Theme Wranglers use it often on WordPress.com, but this awesomeness is available to all theme developers.

The concept is simple: each theme can determine where and how Featured Content is displayed. Then, right from their blog’s dashboard, users can specify a tag to determine which posts to showcase in the Featured Content area. Users can even specify how many posts they want to show, and decide if they want to hide the tag from post meta and tag clouds.

Featured Content in Action

If you’ve been following the development of the Twenty Fourteen theme, you’ve seen the prominent featured posts section on the front page. This area was created with Featured Content! The user specifies which posts they want to feature, and the theme does the rest of the work. Check it out here.

Twenty Fourteen

Another great example of Featured Content is the rotating header on the Superhero theme. In Superhero, Featured Content was coupled with Flexslider to create the beautiful post slider that you see at the top of the front page.

Superhero Theme

The possibilities really are endless. Photography themes can use Featured Content to display beautiful photos, and business sites can highlight their most important news and alerts. Best of all, users don’t have to worry about Custom Post Types or theme-specific categories or tags. They simply set a tag, and the theme handles the rest.

Add Featured Content in a snap

Adding Featured Content to your theme is a piece of cake. You can find all of the information you need to get started on the Featured Content support page.

Keep in mind that Featured Content is designed to spotlight content right on your theme’s homepage. If your theme includes a front-page.php file, that’s the only template file to which you’ll need to add the Featured Content area.

Do you have a great idea for Featured Content? Or have you done something cool with it on your own site? Let us know! We’d love to see how Featured Content is being used in the wild!

Posted in Features, Tips & Tricks | Tagged | 4 Comments

Jetpack 2.8: Introducing Markdown and Improving Monitor

We’re thrilled to announce that our latest update is out the door! Jetpack 2.8 includes improvements to Jetpack Monitor and also introduces a brand new Markdown module.

Jetpack Monitor Module Card

Improved Jetpack Monitor notifications

Multiple users can now receive Jetpack Monitor email notifications. As an admin user linked to WordPress.com, you can opt in to receive these notifications right from your dashboard. Just navigate to the Jetpack page, find the Monitor module card, and click on Configure. Then, check the “Receive Monitor Email Notifications” setting and save your changes. Now if your site ever goes down you will receive notifications to your WordPress.com linked account email!

Write more efficiently with Markdown

Since introducing Markdown on WordPress.com, we’ve had a lot of requests to bring it over to Jetpack. Well, queue the trumpets, start the drumroll, Markdown is here!

For those who don’t know, Markdown is a quick way to add formatted text without writing out any HTML. Markdown lets you compose links, lists, and other styles using regular characters and punctuation marks. If you want a quick, easy way to write and edit rich text without having to take your hands off the keyboard or learn a lot of complicated codes and shortcuts, then Markdown might be right for you. We do strongly suggest sticking with the “Text” tab in the Editor when using Markdown.

Here is an example of Markdown in the text editor:

Markdown in text editor

And here is that same Markdown converted to HTML in the Reddle theme:

Markdown converted to HTML in Reddle

Isn’t that pretty awesome? You can check out the announcement post over at WordPress.com for more information about Markdown and see our Markdown support page.

Publicize Support for Custom Post Types

For our developer friends out there, we’ve added Publicize support for custom post types, allowing you and your clients to automatically post new entries from any CPT to your social media networks. You’d need to make one small tweak in the code defining the CPT—just add 'publicize' to the CPT’s 'supports' array.

For example, to enable the title, editor, Publicize, and Jetpack’s new support for Markdown: 'supports' => array( 'title', 'editor', 'publicize', 'wpcom-markdown' ),

As always, if you notice any issues with this release, just give us a shout over at the forums or send us a message through our contact form. Thank you for flying with Jetpack!

Posted in Releases | Tagged , , , , , | 29 Comments

Publicize Crash Course: LinkedIn, Tumblr, and Path

Carolyn Sonnek:

The second part of the Publicize Crash Course series. Learn how to connect LinkedIn, Tumblr, and Path in your Publicize settings!

Originally posted on WordPress.com News:

Yesterday, we learned the ins and outs of pushing your new posts to Facebook, Twitter, and Google+ . Today, we continue our tour of the Publicize universe with the three other social networks you can connect to from your WordPress.com account: LinkedIn , Tumblr , and Path .

The ability to share your content with different audiences quickly and easily will help you cultivate a healthy readership. Just as important, with Publicize you can tweak your sharing preferences so that each post reaches its intended destination: you can always choose which services to publish to, and what custom message to include (if any).

You can connect to these three services in exactly the same way, and from the exact same page, as the ones discussed yesterday. Simply visit Settings → Sharing in your dashboard, click “Connect” on the desired one, and authenticate your account in the window that opens. Once you’re done…

View original 491 more words

Posted in Tips & Tricks | Comments Off

Publicize Crash Course: Facebook, Google+, and Twitter

Carolyn Sonnek:

Great explanation of the Publicize feature found in Jetpack. Also instructions on how to connect Facebook, Google+, and Twitter accounts.

Originally posted on WordPress.com News:

“I’m publishing posts every day, but where are my readers?”

While there’s no exact science to successfully building a readership, you have a number of built-in tools on WordPress.com to share your work with the world. Our advice? Hook up your various social accounts to WordPress.com and let us do the rest. We want to emphasize, especially to our newest users, that no blog is an island. Clicking Publish is just the first step, and sharing your work across the internet is key to expanding your audience.

What is Publicize?

With Publicize, you can automatically push out your new posts to social networks: Facebook, Google+, Twitter, LinkedIn, Tumblr, and Path.

Publicize

Connecting to your accounts is easy, and you can select which ones to link to your WordPress.com account. To get started, head over to Settings → Sharing. At the top of the page, you’ll see the options pictured…

View original 823 more words

Posted in Tips & Tricks | Comments Off

Jetpack 2.7: Share your content on Google+

We recently released a slew of Google+ integrations for WordPress, and mentioned that Google+ Publicize support would be coming soon to Jetpack users. Publicize makes it easy to share your new posts on other social networks (like Facebook and Twitter). Using it is a great way to build your readership and expose your content to new audiences.

Well, the wait is over — we’re excited to announce that you can now share your latest content on your Google+ Profiles and Pages!

Improved overall performance

Jetpack 2.7, which has just been released, adds Publicize to your site. In order to connect your account(s), head to your dashboard, then go to Settings → Sharing. Clicking on the “Connect” button next to the Google+ logo will prompt you to authenticate your account. Once you have, you can start enjoying the benefits of publishing your content to Google+ — just make sure that you’ve enabled the Publicize module.

Jetpack 2.7 also contains multiple bugfixes and other little features. You can view a full changelog of these updates by visiting this page.

We hope you enjoy Jetpack 2.7!

Posted in Features, Releases | Tagged , , | 44 Comments

New Release: Jetpack 2.6

After two months of silence, here comes Jetpack 2.6! Chock-full of enhancements and goodness, we can’t wait for you to try it out.

New Modules: Single Sign On and Jetpack Monitor

Single Sign On replaces the previous WordPress.com Connect module, added in 2.4. Improving on the WPCC module’s setup process, Single Sign On takes one click to activate, then you’re off to the races! It will also streamline subsequent log ins, as you’ll no longer need a manual approval at sites where you’ve previously been authenticated.

Our other new module, Jetpack Monitor, is an uptime monitor that will check your site every five minutes. If it ever looks like your site is down, we’ll fire off an email to give you a heads-up. Easy, right?

We’ve also included a pile of other enhancements. We’ve switched the code editor in our Custom CSS module, and bundled new filters, new custom post types, and new widgets. We’ve added performance improvements across many modules, as well as support for WP-CLI. We now also make sure that your Publicize connections haven’t expired in the background as you write.

We’re tremendously proud of our latest release, and hope you’ll give it a shot.

- The Jetpack Team

Eight automatticians swimming in the carribean

The Jetpack Team recently spent a week collaborating on the awesomeness of this release down in Puerto Rico! Interested in joining us? You should apply!

Posted in Releases | 25 Comments

How to add a default fallback image if no image can be found in a post

When you publish a new post on your site, Jetpack crawls it and looks for images that can be used when sharing that post on Facebook, on Twitter, or if that post appears in the Top Posts and Pages widget in your sidebar.

Jetpack starts by looking for a Featured Image. If you didn’t define any, we will look for slideshows and galleries, and then for single images you may have inserted in your posts. If you’ve inserted an image that is hosted on another site, we can use it too.

However, sometimes you may not have added any image to your post. In such cases, you can add this code snippet to your theme’s functions.php file, or in a functionality plugin. This way, your readers will see a default image when sharing that post on Facebook, for example:

function jeherve_custom_image( $media, $post_id, $args ) {
	if ( $media ) {
		return $media;
	} else {
		$permalink = get_permalink( $post_id );
		$url = apply_filters( 'jetpack_photon_url', 'YOUR_LOGO_IMG_URL' );
	
		return array( array(
			'type'	=> 'image',
			'from'	=> 'custom_fallback',
			'src'	=> esc_url( $url ),
			'href'	=> $permalink,
		) );
	}
}
add_filter( 'jetpack_images_get_images', 'jeherve_custom_image', 10, 3 );

It’s worth noting that the fallback image has to be larger than 200 x 200px, as per Facebook requirements. If your image is smaller, Facebook will ignore it.

Reference

Posted in Code snippets, Tips & Tricks | Tagged , , , , | Comments Off
Follow

Get every new post delivered to your Inbox.

Join 58,182 other followers