Was Gravatar hacked or not? It depends on what you have read or what your definition of “hacked” is I suppose. The password breach monitoring service HaveIBeenPwned alerted users to a large-scale data leak by Gravatar, an add-on service for user profiles owned by Automattic.
In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing “globally unique avatars,” HaveIBeenPwned warned. This technique allowed the details of just under 114 million users to get into hackers’ hands.
Sarah Gooding over at WPTavern wrote that Automattic said they were not hacked. The Gravatar service gives you control over what you want to share online through their API. So this information can be made public and somebody can scrape that data and use it nefariously.
Jeff Chandler pointed out that this has been an issue since 2009 and shared the information from developer.it. Security researchers and privacy advocates have warned about privacy attacks on Gravatar for years.
Gravatar did not send out notices about the breach and left it to the user to accept the risk or use something other than Gravatar.
WordPress updates
There is a new directory for FSE block themes. Over on make.WordPress.org during the run-up to the release of 5.9 developers should note that the directory names for templates and template parts are being changed. With the release of 5.9 these will instead be:
templates
parts
It’s pretty straightforward.
Events
Ellen Bauer will be sharing a twitter space with Justin Mahinyala discussing #Freelance opportunities for developers, designers, writers, and marketers in the #WordPress ecosystem. They will share advice and tips on how to get started. DM any questions you want them to talk about. 📆 Friday, Dec 10th, 9pm EAT (6pm UTC).
From Our Contributors and Producers
Would you like to see where WordPress is headed in 2022? Brian Francoeur shared his insights on the Convesio website. WordPress has grown to be the leading CMS with 76% of the market share.
Over on SpeckyBoy, Eric Karkovack covers the Predictions for 2022 for Web Designers. You can get a great chuckle out of the AMP and Meta predictions. Eric does not expect a slowdown in WordPress for 2022 – thank goodness!
Nigel Bahadur shared that Cloudflare is developing an example feature-complete SaaS application that will be built entirely on the Cloudflare stack. It is and will continue to be completely free, open-sourced on GitHub, and developed in public. Today, you can find the project on GitHub and inspect the work that’s already been completed.
Want to join the WordPress wide movement of giving this holiday season?
#WPGivesAHand is a charity fundraiser that makes donations on special events from all over the world. This movement was proudly created by friends from all across the #WordPress community and from the team behind Visual Composer.
Not WordPress related but still very interesting….over at NPR there is a new tool called Dex (after “Rolodex”). The tool is attached to NPR’s content management system and will allow journalists to produce stories and shows that more accurately reflect its audience — the public. Journalists can track the demographics of their sources in real-time.
Today’s episode includes bonus clips from
- Sam Munoz on the Simplified Business Minute
- Hauwa Abashiya providing a 1 minute on learning WordPress
Hauwa Abashiya Learning WordPress Minute Transcript
Hello, it’s Hauwa Abashiya from the Make Training team, and here is your first Learn WordPress minute.
Learn WordPress is a learning resource for anyone who wants to learn how to use, build for and contribute to WordPress. It is an open-source platform built by the community that offers a range of materials and opportunities for you to use at your own pace and time.
On Learn WordPress, you will find workshops, social learning spaces, lesson plans, and courses. Workshops are practical on-demand videos that show viewers what they can do with WordPress. Social learning spaces are for workshop viewers and offer the opportunity to meet with other participants to discuss the workshop content.
Lesson plans are guides for facilitators to use while presenting at events or within educational environments. Courses and series of courses focus on defined learning outcomes.
The Make Training team wrangles all the content on learn. We connect WordPress Make teams, business owners, professionals, and individual users with ways to navigate their journey through WordPress, the software, and WordPress the open-source project.
Visit learn.wordpress.org for more information and come join the Make Training team if you want to help shape learn.
Thanks to all of the members who shared these links today:
- Jeff Chandler
- Birget Pauli-Haack
- Eric Karkovack
- Michelle Frechette
- Nigel Bahadur
Join The Newsletter
Get your favorite 5 minutes of WordPress news for busy professionals every week — 100% Free! Join the WP Minute Newsletter below 👇