Stick around ‘til the end to see baby trash bandits that are adorably bad at climbing.
In today’s edition:
- Patchstack study: Hosting “security” might look tough, but 87.8% of the time it folds faster than a $5 lawn chair.
- WP Wiki launches: Finally, a single place to catalog all of your nerdy knowledge.
- RIP dial-up: the sound of the 90s is finally being silenced this September.
Hot Off The Presses: What’s New?
Yes, yes, we all know we should sit up straight, stretch every hour, and maybe even invest in a chair that doesn’t double as a medieval torture device. And yes, spine health is important, especially as we age and bending over to put our shoes on becomes something we have to psyche ourselves up for.
But let’s be honest… I’m typing this newsletter in exactly the position shown in the meme. One foot on the desk, contorting like a JavaScript callback gone rogue. Ergonomics? Never met her. Posture? Optional. Productivity? Somehow intact.
So go ahead, laugh… but maybe… just maybe… consider touching your toes before your next sprint.
Or don’t. We’ll still ship code either way. 
One Wiki To Rule Them All: New Community-Driven WordPress-opedia Launches
WordPress now officially has a wiki. Michelle Frechette and Corey Mass have launched the WP Wiki Project, a shiny new community-driven encyclopedia for all things WordPress.
Anyone can jump in, whether you’re a fresh-faced blogger still fighting with your first theme, or a battle-hardened core contributor who remembers when widgets were a big deal. There are even vanity listings, which are personal or business profile pages where you can flex your WordPress cred and pay to “sponsor” your listing, locking the article from being edited by others.
The goal? To create a living, breathing reference guide that captures WordPress history, plugins, features, and those obscure rabbit holes you only hear about after three beers at WordCamp.
So, whether you’re a WordPress veteran itching to weigh in on the nitty-gritty of when to use categories vs tags, or a newbie just trying to dip a curious toe into the world of this multi-faceted CMS, the WP Wiki Project is worth a bookmark.
→ Flex your WordPress cred and add an article here.
Hosting Defenses? More Like Swiss Cheese
A new study by Patchstack revealed that relying on standard “secure WordPress hosting” these days is about as effective as trying to fend off armed robbers with a pool noodle.
They uncovered that a whopping 87.8% of plugin exploits breezed past hosting defenses and virtual patching tools before being stopped at the application layer.
Here’s the tea: Patchstack spun up identical WordPress sites with 11 known plugin vulnerabilities, ranging from arbitrary file upload to SQL injection to privilege escalation. They tested five hosts, to see if their advertised defenses actually worked. Spoiler alert: they didn’t.
Only one hosting team (using Cloudflare’s WAF) managed to stop four out of eleven exploits.
Everyone else? Barely raised a firewall.
- One host blocked two exploits.
- Another stopped only one.
- Embarrassingly, two hosts failed to block any. (oooof…)
In Patchstack CEO Oliver Sild’s words to The Repository: “Network-level WAFs are too generic with their protection, missing WordPress-specific vulnerabilities almost completely, and server-level security solutions mostly focus on post-exploitation.”
“There’s a huge blind spot on application security,” he explains, “and WordPress is a hard platform to protect when vulnerabilities can surface from any plugin.”
In other words, WordPress is a plugin-riddled maze, and we need a security layer that actually understands that.
Bottom line? If your host brags about “virtual patching,” maybe ask what exactly they’re patching. After all, you can’t protect against what you don’t recognize.
→ See the full case study breakdown
→ Get the deets from Patchstack’s 2025 State of WordPress Security report
Smush Levels Up: Now Resizing Your Oversized Images
Good news for anyone who’s ever uploaded a 5MB stock photo called “IMG_final_FINAL_reallyFINAL.jpg” and wondered why their PageSpeed score tanked: Smush just got smarter.
We’ve just introduced two shiny new features that you’re gonna love:
- Automatic Image Resizing: Smush now firmly squishes images to fit their containers, which means fewer “Properly size images” warnings in PageSpeed and no more serving billboard-sized PNGs to someone browsing on a Nokia.
- Add Missing Dimensions: Remember that awkward layout shift where your text jumps around like it’s doing the Macarena while images load? Smush fixes that by automatically adding width/height attributes. Stability restored, dignity preserved.
Between these and the already stacked Smush toolkit (lazy loading, compression, CDN) you’re basically out of excuses for slow, janky sites. Unless, of course, you just like watching your CLS score plummet?
→ Want to nerd out more? Check the full Smush docs.
→ While you’re in optimization mode, Topher rounded up three more plugins that’ll make your website faster.
Mind Bloggling Facts & Stats
-
Speaking of security risks… Patchstack’s 2025 vulnerability report identified 6,700 new vulnerabilities in the WordPress ecosystem in just six months, and what’s really spooky is that 41% of them are exploitable in real-life attacks.
(Source)
- According to a Harvard Business School study, if Open Source suddenly disappeared, it would cost the world $8.8 trillion. (Source)
- An impressive milestone: Ganga Kafle celebrates 7,000 WordPress themes reviewed! (Source)
Blogs & Resources You Shouldn’t Miss
Finally, a way to stop your WP admin menu from looking like Times Square at night.
Think you know the difference between .com and .org? Michelle Frechette and Jonathan Desrosiers set the record straight.
Did you know you can auto-archive your old posts with low visits? Perfect for content that’s aged like milk rather than wine.
If you ever wanted a helpful writing coach to give your blog posts gentle nudges towards improvement, Slim SEO’s got you.
“I just wish to God one person in LLMworld could work on a bad Salesforce deploy, or maintain and enhance a plugin-laden but business-critical WordPress install. I want them to see the gap between the software world most people experience—including most developers—and the infinitely funded world of pine floors and plant walls where they thrive.” – Paul Ford on what ChatGPT 5 is missing.
Is it really free and open source, or just pretending? This site reveals who’s walking the walk, and who’s just “open washing.”
A lively debate about expanding the core block library. As Amber Hinds asks, “Who is WordPress for? Are we building blogging software, or software for creating websites?”
Coffee Break Distractions
This collection of retro video game skies is a nostalgic phone wallpaper goldmine.
An interactive game of impressively obnoxious UX. Just try to get through it without throwing your laptop at a wall.
A genuinely wholesome developer meme. 
On vibe coding: “If you’re actually an impostor, it’s not a syndrome.”
This labradoodle hard at work solving a very important mystery.
Florida scientists are using solar-powered robotic rabbits to capture invasive pythons.
This vital service supplies your website with exactly what it needs: random daily photos of Keanu Reeves.
Wait… dial-up internet has been still around all this time?! Apparently it’ll be discontinued in September.
And finally…
Awww… they’re trying their best! 
Love this mix of nerdery and nonsense? Forward it to your favorite WordPress weirdo. 