Telemetry in WordPress

The recent discussions about telemetry and data in WordPress are not surprising. While anyone who has spend time with the API code knows that a great amount of data is transmitted to the WordPress repository, seeing it weaponized is something that is shocking to many in the community. We’re also shocked at this abuse of the data, and we are sad to see that it’s being used in this way. Telemetry is a vital part… continue reading.

If WordPress.org is not for the community, then we will be

This post, written by our founder Sarah Savage, is her speaking on her feelings about the vision she has for WordPress, the AspirePress future, and the ways in which we can serve the community. It reflects her views, and her commitments to the community. When I saw the news that lawyers for Matt Mullenweg and Automattic were filing a brief that stated plainly, “wordpress.org is not WordPress”, I was shocked. Like many of the members… continue reading.

A vision of a distributed package repository in WordPress

Many if not most WordPress users are aware now of the challenge that having a single-point-of-failure in the package ecosystem provides. Even though WordPress users are (currently) able to upload plugins directly through the user interface, distributing a plugin outside the repository that .org offers is incredibly challenging. AspirePress exists entirely to solve this problem. Our focus is on building a sustainable, distributed, federated model of managing and distributing packages for WordPress. The advantage of… continue reading.

Publishing and distributing first-party packages for WordPress

Yesterday, the WordPress.org team started a long-term supply chain attack against Advanced Custom Fields. This involved effectively forking the project, repackaging it as Secure Custom Fields, and deploying it under the original slug which led to thousands of users updating to SCF without notification or the ability to select whether they wanted SCF. This is an unfortunate abuse of authority and only continues to highlight the significant vulnerability that the community faces with WordPress.org being… continue reading.

Forking, branching and flavoring WordPress

There’s been a lot of discussion in the community – on Twitter, Reddit, in the Slack community for AspirePress – about forking the WordPress project and taking it away from the Powers That Be(tm) and making it truly community oriented. I wanted to share some thoughts that have come up around this in our community with the broader WordPress community. Forking Forking is an act that says “thank you for what you’ve done; we’re going… continue reading.

AspirePress releases AspireSync for downloading themes and plugins from the WordPress repository

I’m pleased to announce that AspirePress has released our first tool in the fight for distributed, federated mirroring of WordPress.org. It’s called AspireSync, and it’s designed to let you download plugins and themes in bulk from the .org repository. The tool is currently released as version 1.0-alpha-4. AspireSync is designed to be run as a fully containerized tool, meaning that you can download the container and go. It’s backed by a Postgres database, and it… continue reading.

A vision for AspirePress and a community-run .org mirror

The problem In the last few weeks, we’ve seen that every WordPress instance in the world has a single point of failure. That single point of failure creates a risk for security, reliability, and credibility for the entire ecosystem. Further, that single point of failure could be leveraged to distribute malware or damage the community as a whole. This post is about laying out a vision for the future of WordPress, the future of distributing… continue reading.

Update on the “single-point-of-failure” problem

tl;dr: Review the tl;dr on this post and then read this: the plugin and themes repos are downloaded, scripts written to keep them up to date, plans in place for replicating the APIs, and also for allowing plugin authors to distribute directly to AspirePress CDN. Also, we have a major CDN backer for data transfer. Community matters, and you all are important. Recap For those of you just joining the conversation, here’s a short recap:  … continue reading.

Work continues on a WordPress.org mirror

Recent days have seen lots of work on the WordPress.org mirror. From the API and the plugins to the downloading of the WordPress plugin library, we’re making progress. AspirePress Updater Plugin The AspirePress Updater plugin has been completed in its initial phase. We still need to add an admin section that allows for greater configuration, but all told the plugin is designed and implemented. Configuration remains an issue. In order to use the plugin you… continue reading.

It’s time to solve the “single-point-of-failure” problem with WordPress updates

tl;dr: We are working to solve the infrastructure challenges of distributing plugins, themes and core for WordPress users. Matt has highlighted a vulnerability, which we should all care about, regardless of who we think is right. But the effort needs help. Edited lightly from post on r/WordPress. Hello. This may be my first post on AspirePress but it’s not my first engagement with the WordPress or PHP communities. In fact, I’ve been a PHP and WordPress… continue reading.