Home Blog

Jonathan Desrosiers: 13 Years Contributing to WordPress

0

Thirteen years ago today, I received my very first props for contributing to WordPress Core. If my WordPress contribution journey were a person, it would now be a teenager. It’s pretty wild to think about, but I’ve now been contributing to the WordPress project in some way for a third of my life!

What is a “prop”?

In the WordPress open source project, community participants receive credit for contributing to a given change or deliverable by receiving “props.”

Props should be given to all those who contributed to the final commit, whether through patches, refreshed patches, code suggested otherwise, design, writing, user testing, or other significant investments of time and effort. Usernames are parsed for the credits list and WordPress.org profiles.

WordPress Core Handbook

The names of all the contributors who helped make a specific release possible are collected in the weeks leading up and added to the Credits API, which powers the Credits page in the WordPress dashboard.

To date, I have been listed on the Credits page for 24 consecutive releases starting with 4.7, and 29 of the 35 releases overall since my first credited contribution in WordPress 3.6 “Oscar”, alongside 224 other contributors.

Every year is a bit different than the last, but I can confidently say that this past year has been significantly different. What it means to develop software or contribute to open source is changing rapidly with advanced AI innovations seemingly every day combined with these tools being accessible to more people than ever before. But throughout all this, one truth holds strong: open source software is more important than ever.

Looking Back

It seemed only fitting for me to instruct AI to analyze my contribution activity over the last 365 days to try and find anything interesting!

Prompt

Today is the 13th Anniversary of my first credited contribution to the WordPress project. I try to write a blog post each year to mark the occasion.

I’m looking for ideas for this years edition. Please go and read all of my past posts (accessible here at this category feed https://jonathandesrosiers.com/category/contributing-anniversaries/feed) and give me 10-12 ideas for what to focus on this year. You can also look through the other content on my site for other ideas.

After you do that, I want you to look at the git history for the wordpress-develop and gutenberg repositories between July 8, 2025 and yesterday (July 7, 2026). I want you to parse the logs to summarize my activity and find some particular ways to analyze the data that are interesting.

Be creative! These posts are the most fun when I am able to find some unique insight into a year’s worth of contributions.

Results

Your year 13 in numbers (Jul 8 2025 → Jul 7 2026)

Metric Value
Core commits authored & committed 119 (~7% of all 1,707 core commits this cycle)
Additional commits crediting you (props received) 97 → ~216 credited touch points in core alone
Lines changed +41,746 / −21,940 across 656 file-changes
Unique Trac tickets 69
Gutenberg PRs authored 24 (+108 co-authored/credited)
Reverts you committed 6

The headline: 80 of your 119 core commits (67%) are “Build/Test Tools.” Add Tests + General and it’s ~80%. You spent year 13 as the plumber of WordPress — CI, build pipeline, dependency stewardship, release infrastructure.

The most interesting angles the data surfaced

  1. The nocturnal committer. ~50 of your commits land between midnight and 4am. Tuesday (37) and Thursday (31) are your peak days; Saturday is nearly dead (3).
  2. The month that didn’t exist. January 2026: zero commits. March 2026: 40. Your cadence is a heartbeat synced to the 6.9 and 7.0 release cycles, not the calendar.
  3. The June 30th ritual. You bumped Gutenberg’s pinned hash seven times in a single day (v22.8.0 → v23.4.0) — a whole quarter of catching-up compressed into one sitting.
  4. Supply-chain quiet work. Pinning full-length action SHAs, replacing abandoned third-party actions, migrating release logic to a GitHub App, ca-bundle updates — you spent the year hardening the software supply chain nobody thanks you for.
  5. Keeping the ancient libraries breathing. lodash, underscore, backbone, getID3, Twemoji — you’re the caretaker of WordPress’s legacy vendored code.
  6. Future-proofing the matrix. MySQL 9.5/9.6/9.7, MariaDB 12.1, PHP 8.5 (HEIF/HEIC) — you test tomorrow’s platforms today.
  7. A first, quietly historic commit: “Include example for disclosing AI usage” — you helped write core’s early AI-disclosure norms.

10–12 ideas for the year-13 post

  1. “The Plumber’s Year: 67% of My Commits Were Infrastructure.” Own the unglamorous. A love letter to build/test/CI work — the contributions that never show up in a release announcement but without which nothing ships. This is your strongest, most authentic angle.
  2. “Confessions of a Nocturnal Committer.” Fun, human, data-driven: your midnight-to-4am commit cluster, Tuesday/Thursday peaks, the dead January. Chart your year as a heartbeat and reflect on what it says about maintainer rhythms (and sustainability/burnout).
  3. “216 Times.” Companion to your 2024 props post, flipped: this year you received credit ~216 times in core (119 committed + 97 propped). Explore the two halves of a committer’s fingerprint — the work you land yourself vs. the work you shepherd for others.
  4. “The Boring Commits That Keep 40% of the Web Safe.” The supply-chain security angle: pinned SHAs, abandoned-action replacement, the GitHub App migration, ca-bundle. Frame maintenance-as-security — timely and underappreciated.
  5. “I Test the Future So You Don’t Break in It.” MySQL 9.7, MariaDB 12.1, PHP 8.5 — a piece on being the person who runs tomorrow’s platforms against today’s code, and why the test matrix is a form of care.
  6. “The Commit I’m Proudest Of Was One Line About AI.” Use “Include example for disclosing AI usage” as a springboard into how WordPress (and you) navigated AI’s arrival in the contribution workflow in 2025–26. Very of-the-moment.
  7. “Anatomy of a Revert.” Six times this year you reverted your own or others’ work. A candid, senior-contributor essay on why reverting is a feature not a failure — iteration, humility, and trunk stability.
  8. “A Year in Dependencies.” The stewardship story — lodash/underscore/backbone/getID3/Twemoji. What it means to be the caretaker of code written a decade ago that you can’t just delete. Legacy as responsibility.
  9. “Who I Built With.” Refresh your collaborator lens for year 13: westonruter (24), jorbin (22), johnbillion (15), peterwilsoncc (14), wildworks (13)… Name the people behind the props lines and tell a story or two about the work you shared.
  10. “The Shape of a Release Cycle, Drawn in Commits.” Overlay your monthly commit counts on the 6.9 and 7.0 timelines — the March spike, the December bundled-themes push, the quiet stretches. Show readers what a maintainer’s year looks like mapped to what shipped.
  11. “Same Job, New Tools: Automating Myself Out of the Loop.” Your Gutenberg PRs are almost all release automation — GitHub App auth, GHCR publishing, reproducible builds, Dependabot. A reflective piece on spending your labor building the machine that does the labor, and what that means for the next generation of contributors.

I haven’t validated any of these numbers, but they do seem relatively accurate at first glance. I had ChatGPT create an embroidered patch that reflects the summary above.

And some of those writing suggestions are pretty good ideas! I’m out of time for today, so I’ll file these in the backlog for another day. But here’s to another year of helping the world find their voice to share their stories using WordPress. 🍻

Past Milestones

“Props” Anniversaries: Ten, Eleven, Twelve (archive).

Commit-iversaries: Two, Five, Six, Seven (archive).


Featured image credit: CC0 licensed photo by Mark Westguard from the WordPress Photo Directory.

The post 13 Years Contributing to WordPress appeared first on Jonathan Desrosiers.

Matt: Code for the People

0

Lights! Camera! Action!

Todd Spangler at Variety writes: Automattic’s ‘Code for the People’ Documentary Is a Rallying Cry for Users to Fight for the Open Internet, from the NYC premiere last week.

I’m looking forward to the San Francisco premiere of the documentary, and then tomorrow everyone can stream it for free on codeforthepeople.com! Appearances by Anne McCarthy, Beau Lebens, Eric Binnion, Ian Stewart, Marjorie Asturias, Mary Hubbard, Matías Ventura, Matthew Miller, Paolo Belcastro, and Paul Maiorana.

We need to tell the story of Open Source in as many ways and places as possible. It’s never been more critical.

Film is new to us, and it’s funny how quickly things change: There’s a segment with a few “OpenAI not open” sound bites, but to their credit, they have been releasing open-weight models (Safeguard is particularly interesting). That said, the top open-weight models are all from China, save for Nvidia’s Nemotron, in ~12th place.

When I went to the first WordCamps in Beijing and Shanghai in 2009, it was a very different time. They were the biggest in the world at the time! I don’t think you could take photos in Tiananmen Square as freely as I did then; now to visit I think you need an appointment, ID checks, and security checks.

Even during WordCamp, it felt like the freedom of Open Source was in high demand, but it also created a lot of fear. I found out later that one of the student volunteers who helped their professor organize everything had been taken in for hours of questioning following the event.

On that trip, I saw how fine-grained the Great Firewall could be when individual posts (IIRC, about bad milk from a factory harming babies) wouldn’t load, but the rest of the site would. WordPress.com had been totally blocked, taking about a quarter of our traffic at the time, but behind the Firewall, Open Source continued to thrive and grow, and now the frontier open models are being driven by China in a way I never would have predicted!

Once you’ve had a taste of freedom, it’s hard to go back.

#224 – David Snead on Building Trust and Collaboration in the Hosting Industry With the Secure Hosting Alliance

0
Transcript

[00:00:19] Nathan Wrigley: Welcome to the Jukebox Podcast from WP Tavern. My name is Nathan Wrigley.

Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in this case, building trust and collaboration in the hosting industry with the Secure Hosting Alliance.

If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice, or by going to wptavern.com/feed/podcast, and you can copy that URL into most podcast players.

If you have a topic that you’d like us to feature on the podcast, I’m keen to hear from you, and hopefully get you, or your idea, featured on the show. Head to wptavern.com/contact/jukebox, and use the form there.

So on the podcast today, we have David Snead. David has been involved in the hosting industry since 1999, starting out as legal counsel for one of the earliest shared hosting companies, and going on to work with over 50 others. He helped found the i2Coalition, serve as in-house counsel for cPanel and WebPros, and now leads the Secure Hosting Alliance.

If you’re listening to this podcast, I’m sure that many of you will have worked closely with hosting companies. Perhaps you run an agency, or business, that depends on the reliability, ethics, and security of hosting providers. David is here to talk about cross-industry collaboration in the hosting world, specifically around improving security, professionalism, and communication between hosts.

The conversation focused on why, and how, the Internet Infrastructure Forum, or IIF, is building a framework for real-time intelligence sharing and abuse reporting, aiming to help the entire ecosystem detect and prevent attacks faster than adversaries can adapt.

David talks about the challenges hosting companies face, especially smaller ones, in keeping up with security, and how this evolving project hopes to ease this by sharing actionable, non-proprietary abuse information across registrars, hosting providers, DNS services, and more.

He discusses the growth of both the Secure Hosting Alliance and the IIF, the business case for collaboration, and the nuances of legal and technical information sharing across borders.

If you’re in hosting, run a web agency, or just want to know how the backbone of the web is working to stay more secure and connected, this episode is for you.

If you’re interested in finding out more, you can find all of the links in the show notes by heading to wptavern.com/podcast, where you’ll find all the other episodes as well.

And so, without further delay, I bring you David Snead.

I am joined on the podcast by David Snead. Hello David.

[00:03:20] David Snead: Hello.

[00:03:21] Nathan Wrigley: Very nice to have you with us. David’s got a really interesting background, and a really interesting, I’m going to use the word project. I don’t know if that’s the right word. It feels like it’s got more solidity and it’s got a lot more history than that. It’s something which is, I think going, but we’ll find out a little bit more about it. It’s all about the hosting industry and trying to get hosts to, I guess communicate with each other in ways going forwards.

[00:03:44] David Snead: That is a part of it. There are really two goals and one is to level up the ethics and professionalism in the hosting industry. And the second is to facilitate more comradery and interaction among hosts. Something that folks felt occurred in the early 2000s, and with all the consolidation that occurred went away. And so that’s something that we’re also trying to facilitate.

[00:04:16] Nathan Wrigley: Okay. So given that we’re going to be talking about hosting, I guess it’s a good idea to paint your credentials and find out a little bit more about you. So a short opportunity to just tell us a little about you and your background in WordPress and hosting specifically, I suppose.

[00:04:29] David Snead: Sure. So I have been working in the hosting industry since 1999. As I often say, I was working in the hosting industry when hosting was cool. It is not so cool anymore. In fact most people don’t really pay attention to it.

You know, and I started as a lawyer for a hosting company, and I was in-house counsel for a company that actually owned a hosting company and was one of the earliest hosting companies that specialised in shared hosting. And so I was their general counsel. And for some reason it stuck, and I’ve just kind of turned it into a career.

So after that I had a private practise as a lawyer and I worked with probably 50 different hosting companies, mostly writing policies that nobody ever reads, which makes me super fun at parties.

And then from there, my friend Christian Dawson and I formed the i2Coalition as a response to some legislation in the US that would’ve been kind of the death nail for internet providers. So we started the i2Coalition. I then went in-house for cPanel and worked at cPanel and WebPros for 10 years, and then started the Secure Hosting Alliance.

[00:05:52] Nathan Wrigley: Okay. So you’ve got all all the history. That’s pretty good. You know, if we’re going to talk about hosting.

[00:05:57] David Snead: All the hosting history in one person. That’s kind of a very scary idea, no?

[00:06:02] Nathan Wrigley: But that’s excellent. So do you still offer counsel? Is that still, so you haven’t sort of sidestepped and do half of the week on a sort of more technical basis? It’s still the legal side that you’re involved in.

[00:06:13] David Snead: I do. Right now I’m doing mostly M&A work for, it’s weird. So I don’t know if anybody has ever said this to you before, but web hosting is kind of like the Hotel California. It’s like, once you start in the web hosting industry, you never leave. And so I have all these clients from 15 years ago who are now running like little baby hosts, and they’re talking to bigger hosts and they want to get acquired. So I’m doing some of that now. I am not writing any of the policies that nobody ever reads because that was just, I did that for too long.

[00:06:51] Nathan Wrigley: There were too many moments parties.

[00:06:53] David Snead: Yes, exactly. Yeah.

[00:06:55] Nathan Wrigley: Okay, so I’m going to read into the record the title and the blurb that went with the presentation that you are doing or done.

[00:07:02] David Snead: I did it yesterday.

[00:07:03] Nathan Wrigley: Okay, we’ll get into that in a moment. So the title is coordinating the fight, cross industry collaboration, and the blurb goes as follows. WordPress hosting threats cross company lines. When one provider falls victim, the entire ecosystem suffers. This session explores how the Internet Infrastructure Forum, or IFF, enables hosting providers, registrars and registries to coordinate abuse response through real time intelligence sharing. Learn how operational collaboration helps responsible operators detect and stop attacks faster than adversaries can adapt. And why working together produces results no single provider could achieve alone.

When I read that, immediately was, yeah, that’s a really sensible idea. Why are we separately, as hosting companies, I say we, I mean the hosting companies. Why are they all trying to do the same work over and over again, separately? When presumably this aspect of the work, the security bit is something they all have in common.

[00:08:05] David Snead: Right? So that’s the fundamental question, right? So the IIF is a voluntary organisation that is made up of everyone in the infrastructure stack. So from registrars, registries, DNS providers, hosting providers, cloud providers, everyone in the stack. So it is facilitated by the Internet and Jurisdiction Foundation. They’re based in Paris, and they’re the actually the secretariat for it.

And what it’s designed to do is create a common way for everyone who’s in the infrastructure stack to share information about abuse and abuse issues. And it’s one of the fundamental problems that you referred to is everybody is operating in a silo, right? And that’s mostly because that’s the way the internet is architected, right?

So the internet is architected, so it’s distributed, right? Registrars and registries basically do their own thing with domain names. They might have a small hosting component or maybe a cloud component, but by and large, all they do is domain names.

Hosting providers probably resell domain names, but they’re not part of that industry. And so how do they all coordinate? And that’s what the IIF is trying to facilitate, is more information sharing among the participants.

[00:09:39] Nathan Wrigley: Well I imagine some of the hosting companies are probably fairly good. You know, they’ve got a giant customer base. Let’s imagine hosting company X over there, they’ve got millions of customers. They’ve got a huge budget that they can put over to, let’s say, security things. Well that’s all well and good, brilliant. But then there are other companies who are much scrappier. You know, they maybe have only a few thousand customers. And so their budget for the exact same work is going to be reduced.

How will this work? Is it going to be like a subscription service basically? Will you have a membership, which is in some way equal to the number of clients that you’ve got? Will there be some expectation that, okay, we’ll look at your revenue, your membership will be equivalent to a percentage of your revenue? How will that all work?

[00:10:20] David Snead: We don’t know. This is a very early stage project. Right now we are in a prototype phase where we have just figured out what information folks should submit to the secretariat.

So the way it works is, you submit the information that you collect for a particular abuse issue to the secretariat, who then enriches it with all the other information that’s been submitted and sends it to the right person.

So a great example is, let’s say a registrar reported a phishing domain. They turn off the phishing domain and they have maybe a timestamp, an IP address where it was submitted from. They submit that to the secretariat, who then finds the hosting company who is providing the services for the hosting and says, this came in about this particular site. Can you take action on that? So that’s the way it works.

Right now it’s very early stage. It’s in the first phase of a test, and we’re going to look at whether the way we’ve architected it, or the way the group has architected it, actually makes sense.

[00:11:39] Nathan Wrigley: Is this going to be then a sort of slow on ramp whereby you bring a few companies in at the beginning, hopefully. And then one or two more and iron out the wrinkles, and then some more and some more? Because I imagine, if you just threw the switch, everybody’s in, a lot could go wrong at that point. And I’m guessing there’s going to be more of a slow on ramp.

[00:12:00] David Snead: So you’ve pointed out my particular frustration with the IIF, and the reason that the secretariat is moving slowly, right? So fortunately, or unfortunately, based on my cultural background, I’m just sitting here going, this needs to move faster. We need to have everybody involved, we need to have all the hosts involved, we need to have all the registrars and registries. And other folks who are a little bit more skilled in this type of work say, no, we need to figure out what we’re doing and that requires a small number of people.

The phase that we’re in right now is looking for more folks who are interested in sitting at the table and being part of the discussion. Particularly in the hosting industry and in the web design and marketing industry. Those are folks who don’t generally participate in these kind of industry led collaboration exercises. And that’s the reason that I’m at WordCamp, is to talk to web designers, marketing agencies about why they should participate in something like this.

[00:13:13] Nathan Wrigley: So this really isn’t bound in any way to WordPress, is it? It just so happens that WordPress has a significant chunk of the internet, so this is a good place to start. But if you happen to be a, I don’t know, Drupal user, or you’re just into writing PHP code or whatever it may be, this is still applicable. There’s no real WordPress layer to this. This is just a good place for you to come because, well, there’s probably, what, 30 hosts, 100 yards away from us out there.

[00:13:37] David Snead: I know. And I haven’t seen all of them yet.

[00:13:39] Nathan Wrigley: Yeah, there’s work to do. But agnostic to any platform, basically.

[00:13:42] David Snead: It is completely platform agnostic, yeah.

[00:13:43] Nathan Wrigley: Okay. Okay, that’s interesting. But WordPress is a, is certainly a good place to start.

Now, I’m imagining, if I was a hosting company and I was the chief executive, I definitely have some questions for you in terms of, okay, we’re going to share our valuable intel with you, what are you going to do with that? How can we trust you? How do we know that the sharing is going to be done effectively and what have you?

So I guess really what I’m getting to is, what is the assurances or checks and balances that you, in the end, will hope to offer the host? That you can assure them that, look, if you hand us this body of work, you don’t need to think about it again. You can trust us to do it honourably, effectively, collaboratively. You get where going.

[00:14:26] David Snead: Yeah, yeah. And I suspect that you wanted to be a lawyer at some time, because that’s one of the issues that we’re facing. Information that can be shared freely, as an example, in the United States, might not be capable of being shared so freely in the European Union, or in Brazil, or in India or someplace like that.

So one of the things that’s being done, not by me, but by another group, another working group that’s part of this, is analysing the legal issues around information sharing.

The information that’s being shared, to answer the proprietary and confidentiality question, is not proprietary or confidential information. So it’s things like timestamps, domain names, IP addresses for the initial abuse submission. Things like that that really don’t indicate some sort of company confidential information. And it’s further abstracted into xarf, which is a language that’s used for abuse reporting, that we all can share. And so I think that the only thing that would be of concern is whether that information is personal information that’s subject to jurisdictional restrictions around the world.

[00:15:48] Nathan Wrigley: Would the idea be that this organisation would do the remedial work? So is there any notion that, let’s say for example, some sort of security problem was discovered by hosting company A over there, and they share that intel with you. Maybe the question is kind of asking, will you then appoint people to figure out what the patch is for that? Or is your idea just to, oh, red flag, we’ve got this problem, now you all know about it. Is it just information sharing as opposed to fixes?

[00:16:17] David Snead: Yeah, it’s the latter. So the thing that we’re solving for right now, so there’s just one issue that, one abuse issue, that we’re testing out and it’s issues related to fake shops. And so the fake shop issue is the test abuse issue for the project, and where folks are sharing information. It’s a particular problem right now with credentials harvesting. And so that’s what we’re trying to look at.

[00:16:43] Nathan Wrigley: And how has the conversations that you’ve had thus far, how have they gone? Has this been warmly received or are you facing a little bit of pushback?

[00:16:50] David Snead: So, look, I’ll be very direct with you. If something isn’t just an immediate threat to them, it’s very difficult to conceptualise why you should participate. And I am pretty used to answering that question simply based on the political work that I do with the i2Coalition. But once you talk about, so let’s use fake shops as an example. Fake shops, and you’re providing services to fake shops, actually has an impact on your bottom line.

So if you are providing, let’s say, payment processing to an entity that is running a fake shop, it very easily can make your credit card processing charges higher. It ends up eating bandwidth. It will tax your abuse resources.

One of the things that you referred to initially is, you know, larger hosts have a lot of money. I wouldn’t say they have a lot of money, but they have more bandwidth to handle a vast fire hose of abuse issues. Most smaller hosting companies might only get five or six abuse issues in a month. But if you have a fake shop, that’s going to generate a huge amount of abuse, and it’s taking away resources that you can use to actually grow your business. So that argument actually is relatively persuasive in getting folks to pay attention.

I find that the business argument around abuse is a much more compelling discussion than kind of moral persuasion. I don’t think moral persuasion works in the context of a community that is trying very hard just to keep their heads above water.

[00:18:42] Nathan Wrigley: It feels to me from what you’ve just said, and I could be reading too much between the lines, but it feels to me as if a good target audience would be smaller hosts to begin with, simply because they’re probably going to be more receptive because they have less bandwidth themselves. And so would welcome anything that can make the burden of sharing this information easier. So 10 of the small hosts combined is, well, it’s much bigger than each of them individually would be, whereas I suppose you’ll have to get a critical mass of them on board until maybe some of the bigger hosts start to look at you with favourable eyes, let’s say that.

[00:19:15] David Snead: Well, so we have some pretty large hosting companies who are participating. So as an example, both GoDaddy and Newfold are participating. But we also have smaller hosts. But I agree with you, the information that’s being provided, particularly since it is actionable, realistic information that can be adapted for bespoke systems, is invaluable, right?

So if you only get five or six abuse complaints and you get an abuse complaint, and you can go to the secretariat and say, we got a complaint about this domain, and the secretariat says, here’s what the registrar did. Here’s what Cloudflare did. Here’s the information they provided us. And you can use that to make a decision on how to address that problem. It saved you hours and hours and hours of research time.

[00:20:09] Nathan Wrigley: Technically speaking, what would the conduit of information both toward you and away from you look like? So if I’m hosting company X, how are you imagining that I will supply you with that information? But also, if I’m just looking for information from you on a daily, weekly basis, whatever it may be, how do I receive that? Is this like a, I don’t know, a website or an API or?

[00:20:33] David Snead: It’s an API. So it’s a file. It’s just a general file download.

[00:20:37] Nathan Wrigley: Right, okay. So it’s readily available 24/7?

[00:20:40] David Snead: Right. That’s the goal. Right now it’s not, but the goal is to kind of figure out a way to make something like that possible.

[00:20:47] Nathan Wrigley: Yeah, okay. I also suppose that the hosting companies, whilst this is good for their business if they can minimise costs and hand a lot of this work over to you, there’s a part of them which would also probably like to put some sort of badge on their website to say, this is what we’re doing. We’re part of this alliance, for want of a better word. Is that something that you are looking to develop as well, you know, some sort of credentialing system to demonstrate that you’re in this?

[00:21:12] David Snead: So that’s not something that the IIF is working on. It’s something that the Secure Hosting Alliance does. The Secure Hosting Alliance has a trust seal that we give to hosts who fulfil our Trust Seal Certification provisions. But that’s not something that the IIF does.

Talking about like why, other than business reasons, folks should participate in this, one of the things that is going on that I would suggest that most hosts know about, is there’s a little bit of a moral panic going on in the world about what contents you have. And regulation is actually a very real thing for the hosting industry, who has not ever been regulated. This is the time where you can say, hey, this is what we’re doing, right? We’re dealing with issues. This way a trust seal is the same thing, right? It’s something that you can say, we are actually taking steps to make the internet a better place.

[00:22:18] Nathan Wrigley: I think if you are a general agency owner or, I don’t know, just a freelancer, hosting is one of those things that you, once you’ve done it once, you’re in it for the long haul until something goes wrong. But you’re also browsing around for any tiny indication of why is this host slightly different? You know, what is it that they’re doing that, I don’t know, is faster? What is it that they’re doing that’s more secure? So it feels to me if you had a credentialing system and I began to hear about it and see it pop up again and again, it would be one of the metrics which I would weigh up when looking at hosting.

[00:22:51] David Snead: I would think so. One of the things that a trust seal does is it indicates that there’s been some vetting of the host. That someone has determined the things that are important to the hosting industry and are important to the web design industry. The agency industry are also important to the host.

Great example of that is one of the provisions of the Secure Hosting Alliances’ Trust Seal Certification is that a contract is presented to the customer before they sign up, which is super customer friendly.

One of the things as a lawyer that you hear about all the time when people are dissatisfied with their services is, yeah, well, I never saw that contract. Or it was just a hyperlink in an email that I got. That’s one of the differentiators for a Trust Seal certified host is that the contract is actually presented to them, to the customer beforehand.

[00:23:57] Nathan Wrigley: So in terms of the WordPress crowd, is this a thing that you are pitching only to hosts? Like when you step out of here, are you trying to have conversations only with hosts? Or is there some bit of the WordPress community, the freelance, the agency owners? Are you trying to communicate with them just to scope out what they need?

[00:24:15] David Snead: So for both the Secure Hosting Alliance and for the IIF, it is that. I really enjoy talking to agencies and developers about whether this is important to them, or why it might be important to them.

[00:24:31] Nathan Wrigley: In terms of how long this project’s been going, I’ve only heard of it because of your participation here, but I don’t know if you’ve been banging this gong for a decade or, I mean you’ve been in the industry for long enough to have been banging it for decades. Is this a new initiative or is this something which has a long and storied history?

[00:24:49] David Snead: So the Secure Hosting Alliance has only been active for a year, a little bit over a year. I’ve been talking about abuse for a long time, but the Secure Hosting Alliance has only been around for a year.

[00:25:01] Nathan Wrigley: And have you, in that year, got any intuitions that you’ll be here for another year? Is it basically going in the right direction?

[00:25:09] David Snead: It is going in the right direction. So we started out with two or three charter members. We now have 25 hosting members. We have three security vendors who are members as well. We have, I think, 17 Trust Seal Certified members, and we’re launching in 2027 a trust seal for security vendors who provide services to hosting companies.

[00:25:40] Nathan Wrigley: I know that several owners of hosting companies listen to this podcast. They may very well be the people that you’ve spoken to already, but if they are not, and they are people who would like to investigate this further, I suppose the thing that’s going to be in their head is, okay, Nathan and David, you’ve explained what I’ll get out of it, what do I need to put into it? So is this an annual financial commitment? How does it all work from that point of view?

[00:26:02] David Snead: Yeah, so you become a member of the i2Coalition. And so the Secure Hosting Alliance is a working group of the i2Coalition. So you would be a general member and you would participate in the Secure Hosting Alliances’ working groups. You also have the ability to participate in the i2Coalition as a whole, which is a much larger trade association that represents almost everyone in the internet infrastructure vertical. Mostly doing policy work, primarily in the US and the EU. Although there’s, we’re doing some work in India right now as well.

[00:26:40] Nathan Wrigley: And does membership allow you to steer the future of the project? I know that lots of chefs in the kitchen results in terrible food, but that, I fear, is something that could happen. You’ve got 87 members, 260 members. And then the 260 members all start to bicker and, you know, we want this, no. You see how it goes.

[00:26:59] David Snead: I do.

[00:26:59] Nathan Wrigley: What’s the position there? You know, is there sort of gated levels of membership? How are you organising all of that?

[00:27:04] David Snead: There are not. The membership is based on self-reported revenue. The membership is not horrifically expensive from my perspective. And I think that that, most of our members would say that it is, it’s actually relatively affordable, particularly for the small to medium sized hosts. And registrars or design agencies, anyone who’s participating.

The question about, who’s running the show, comes up quite a bit. We haven’t really faced that issue, particularly in the Secure Hosting Alliance. Folks seem to get along. But the organisation runs on the idea of rough consensus. And so decisions end up not being controlled by one member or not. Some of the i2Coalition has some very large companies who everybody knows about, who get along with startups, and folks against whom they compete directly. And policies still get made. The organisation still moves forward.

[00:28:11] Nathan Wrigley: Yeah, I guess you’re in a space where, obviously all of these hosting companies commercially are vying for everybody else’s business. But in this particular situation, that is not the case. Nobody’s vying for their websites to be less secure. They all want the same level of security. So at least in that sense, you would hope that consensus could be maintained even if, commercially, the two companies that are in the room, the 10 companies that are in the room might be commercially at loggerheads with each other. At least on this they could agree. That would be the hope, I suppose, anyway.

[00:28:47] David Snead: It seems to be, not only the hope, but the actual way that things work. You ask about how compromise is reached. What comes to mind is I have a much different concept of privacy than, particularly when I was at WebPros, than other folks in the i2Coalition had. And another company just called me up and we worked through our disagreements about how privacy should be handled within the i2Coalition and were able to move forward.

The industry I’ve found to be hugely collaborative, particularly the hosting industry. Everybody knows what their competitor is doing. But when it comes to addressing an issue like, how are we going to deal with abuse as a community? Folks come together. CEOs of hosting companies while they compete tend to be relatively good friends.

As I said at the very beginning, it really is like the Hotel California, right? You come in as a CEO of a hosting company, you grow it and you sell it to another company. All of a sudden you’re at the bottom again with a server in your grandma’s basement, you know, trying to start again.

[00:30:08] Nathan Wrigley: It’s a really curious effort. I suppose really at the bottom of this entire podcast is your endeavour to be heard and to reach out and get some conversations going. So with that in mind, where do people find the information about this? So maybe there’s a website that we could mention. But also, is there a specific place where you hang out? Is there a place where you would like to be contacted most?

[00:30:33] David Snead: Sure. So our website is hostingsecurity.net. I’m not too afraid of getting too much spam. So folks can email me at snead@i2coalition.com And the two is the numeral two. So it’s snead@i2coalition.com. And I’m happy to answer questions.

In terms of hanging out, I am at most industry conferences in the hosting industry. In the WordPress industry, I’ll be at WordCamp US. We also participate very heavily in ICANN. So there is an i2Coalition member at every single ICANN meeting.

[00:31:12] Nathan Wrigley: So if you go to wptavern.com and you search for the episode with David Snead, S-N-E-A-D, you’ll be able to find those details. I’ll put everything into the show notes. So anything that I missed? Was there a particular focus that we didn’t touch?

[00:31:26] David Snead: No, this is actually one of the most thorough podcasts I’ve been on recently.

[00:31:31] Nathan Wrigley: That’s love to hear it. Well, David Snead, thank you very much for joining me today.

[00:31:35] David Snead: Glad to be here. Thanks for having me.

On the podcast today we have David Snead.

David has been involved in the hosting industry since 1999, starting out as legal counsel for one of the earliest shared hosting companies and going on to work with over 50 others. He helped found the i2Coalition, serve as in-house counsel for cPanel and WebPros, and now leads the Secure Hosting Alliance.

If you’re listening to this podcast, I’m sure that many of you will have worked closely with hosting companies. Perhaps you run an agency or business that depends on the reliability, ethics, and security of hosting providers. David is here to talk about cross-industry collaboration in the hosting world, specifically around improving security, professionalism, and communication between hosts.

The conversation focused on why and how the Internet Infrastructure Forum (IIF) is building a framework for real-time intelligence sharing and abuse reporting, aiming to help the entire ecosystem detect and prevent attacks faster than adversaries can adapt.

David talks about the challenges hosting companies face, especially smaller ones, in keeping up with security, and how this evolving project hopes to ease this by sharing actionable, non-proprietary abuse information across registrars, hosting providers, DNS services, and more. He discusses the growth of both the Secure Hosting Alliance and the IIF, the business case for collaboration, and the nuances of legal and technical information sharing across borders.

If you’re in hosting, run a web agency, or just want to know how the backbone of the web is working to stay more secure and connected, this episode is for you.

Useful links

i2coalition website

Secure Hosting Alliance website

HeroPress: “Listen… the birds are already singing” – “Послухай… пташки заспівали”

0

Pull Quote: WordCamp Europe has become one of the few places where [Ukranians] can reassemble in person. WordCamp Europe став одним із небагатьох місць, де [українці] можуть знову зібратися разом наживо.

Це есе також доступно українською.

Listen to Volodymyr read his own story aloud.

“Listen… the birds are already singing,” said Danylo — a Ukrainian I’d met at a previous WordCamp — as we were wrapping up the last hour of the WCEU afterparty in Krakow. “It’s time for us to go.” He started singing “Hei! Hei! Hei, sokoly! Omynaite hory, lisy, doly.” I started singing with him. The Polish guys next to us continued singing in Polish “Dzwoń, dzwoń, dzwoń dzwoneczku, Mój stepowy skowroneczku.” Some people behind us joined the choir. That was “Hey Sokoly” — a Ukrainian-Polish folk song — carrying us out of Bastion III, a 19th-century Austrian fortress on the edge of Krakow’s Old Town, as the night turned to morning.

But to explain how I ended up there, I need to go back to where it all began.

Krakow Castle in morning light
The view of the Krakow castle, taken on the morning after the after-party, around the time when birds were singing. Photo by Volodymyr Melnychenko.

Mykolaiv

It all started in Mykolaiv, the city of shipbuilders and brides, where I spent my childhood. I graduated from two universities I had been attending simultaneously and started looking for a job during a gap year. I planned to find work to earn some money for further education while preparing for the entrance exams to one of the Finnish universities. Mykolaiv didn’t provide good opportunities for graduates unless you had very good connections, but I managed to find a job at an “IT” company. In 2011, the term “IT” didn’t mean much to me, but they required English, which was my major, so I thought — why not. The work wasn’t particularly difficult: I had to pretend to be “Bob” from the United States, helping customers who had purchased physical products by tracking their orders and walking them through setup instructions. I was fired after a month and a half. Maybe I underperformed, or maybe somebody just didn’t like me — either way, it’s water under the bridge.

The first job I’d gotten entirely on my own, the first paycheck that proved I could be independent, and the first time being fired — all of it hit me at once. The last part was devastating, made worse by comments like “it was too good to be true,” “we told you they’d trick you,” and “look at so-and-so, doing such-and-such and earning properly.” It was hard to sit with feeling like a failure. But somewhere in that difficulty, I got tougher — and more determined to prove everyone wrong.

TemplateMonster

The first job was a failure, but it gave me one clear answer: I needed to stay in IT. The next job was TemplateMonster.com — well known in certain circles. It was the complete opposite of what I’d experienced before. In 2012 they were selling templates for the most popular CMS platforms of the time: WordPress, Joomla, Drupal, and various e-commerce solutions. The onboarding alone took two months, which tells you something about how seriously they took their people — staff rarely left, and when they did, it was for personal reasons, not because they were pushed out.

My job was to help customers with their templates: installation, editing, customization. Difficult, but genuinely interesting — I liked it. This was the first time I encountered WordPress. I worked six nights a week, and Sundays were the strangest — your day off, but your body had adjusted to night shifts and refused to cooperate. None of that bothered me much. Being able to build sites and make things look exactly right was addictive. I overworked, learned constantly, pestered developers with questions, all just to quench my thirst for knowledge. It ended quickly: I got accepted into three master’s programs in Finland, chose one, and left for Central Finland.

Helsinki

Closeup of a glass of orange juice with croissants next to it, and a projection screen in the background.
Morning “Weekly” at booncon PIXELS, my first workplace in Helsinki. Photo by Volodymyr Melnychenko.

Studying in Finland was genuinely different from anything I’d known in Ukraine — in the best possible way. Once the mandatory courses were done, I started looking for work. It was harder than I expected: a year of passive searching, then six months of applying every day. Eventually, I landed at a Helsinki-based agency building WordPress websites — which is still what I do today. A friendly team, around ten people — I’m still close with many of them. We built sites of varying complexity during the day and spent evenings playing board games, swapping stories, and throwing the occasional party.

That’s also where I attended my first WordPress event: WordCamp Helsinki 2017, a two-day conference. It didn’t blow me away, but it opened something. When you work in a small agency, you live inside your own bubble — and then suddenly a whole other world appears. You see the other side of WordPress: the community, the people pushing it forward, the people wrestling with the same problems you are and finding creative ways through.

That first local WordCamp was enough to make us want to go further. In 2019 the team went to Berlin for WCEU — my first trip abroad outside of the Finland-Ukraine route I knew well. We spent a few days exploring the city and attending the event. WordCamp Europe is a different scale entirely: thousands of attendees, hundreds of volunteers making it happen. Standing in that crowd, I knew I wanted to be part of it — not just as a visitor. And then corona happened.

Porto

Volodymyr leaning on a handrail with Krakow in the background.
Me, standing on the roof the Super Bock Arena, where the WCEU 2022 took place. Photo by Oleksandr Misyats.

WCEU 2020 and 2021 were online, and I felt they were missing the whole point — thousands of people in one place, feeding off each other’s energy. So when Porto was announced for 2022, I started packing. This time, I joined as a volunteer, to see WordCamp from the inside. It was the right call. It was also a difficult time for Ukrainians — the full-scale invasion was by then well into its second year, and everyone was finding their own way to cope. For me, this event became a source of strength. I connected with the Ukrainian community, had real conversations with speakers, and came away feeling like I’d experienced what WCEU is actually for.

That trip also clarified something I’d been circling around for a while. I’ve always loved traveling, but there was a barrier that had nothing to do with visas or money — though those were factors too. It was a justification problem. Coming from a culture where time should be spent purposefully, traveling for its own sake felt hard to defend. A work conference, though? Completely justifiable. Nobody asks how much fun you had. I’ve been to Germany, Portugal, Italy, Switzerland, and Poland this way. Spain is next.

Attending WordCamps is one thing. Building a similar event is another.

WP Suomi

In 2025 I became the lead organizer of WP Suomi — the first independent Finnish WordPress event, held in Helsinki. The months before October 10th were intensive in ways I hadn’t anticipated: budgets, logistics, gifts, merch, catering, venue coordination, a hundred small details that needed to be right simultaneously. I remember waking up at midnight worrying that I hadn’t ordered something in time and it wouldn’t arrive before the event. Most of the work that goes into an event like this is invisible to the people attending. They see the schedule, the food, the afterparty. They don’t see the half a year of pieces being polished before the puzzle comes together.

Banner for WP Suomi
WP Suomi hall screen graphics. Graphics by Sergei Shchegrinets.

On the day of the event, there was nothing left to worry about. Whatever needed doing had been done — if something had been missed in the preparation, it would show up now and there would be little we could do about it. So why worry? The time for that was the preparation, not the day itself. The team — experienced, reliable, no hand-holding required — knew exactly what they were there for.

Around 300 people attended WP Suomi. Forty filled out our feedback form afterward, giving an overall score of 4.47 out of 5. But the number mattered less than what people wrote: networking, atmosphere, meeting old friends and new ones, a community that welcomes everyone openly. Reading that, I recognized the same feeling I’d had at WordCamp Helsinki 2017 — something new, interesting, and full of possibility.

Organizing WP Suomi gave me a clearer understanding of what goes into making these events happen. Having been a volunteer at WCEU and then a lead organizer at WP Suomi, I arrived in Krakow with a slightly different perspective — a better sense of what the people around me were going through. This year I’m back on the WP Suomi organizing team as speakers coordinator — a different role, another angle.

Milania Cap near a presentation podium.
Milana Cap is ready to show some magic with HTML API. She is one of two people who convinced Vladimir to become the lead organizer of WP Suomi ‘25. Photo by Asanka Hettiarachchi.

Krakow

WordCamps have changed for me over the years — less about the sessions on stage, more about what happens between them. As an organizer, you miss most of the talks anyway, pulled in ten directions at once. But real life happens in the corridors, and at the parties in the evenings.

This matters especially for the Ukrainian community. The war has scattered us across Europe — different countries, different companies, different lives. WordCamp Europe has become one of the few places where we reassemble in person: to share what the year brought, to meet people we only knew online, to see the community still growing despite everything. Many couldn’t make it to Krakow, some would not be able to visit these events anymore. For those of us who could, the room carried extra weight.

That’s what Danylo and I were singing about at dawn outside Bastion III, even if neither of us said it out loud. I hope to do that someday in the afterparties in Helsinki and Kyiv — whenever that becomes possible again.

Ukrainian team at WordCamp Torino 2024.
Ukrainian team at WordCamp Torino 2024. More and more Ukrainians visit this event every year despite the war. Photo by Maksym Kaharlytskyi.

Volodymyr’s Work Environment

We asked Volodymyr for a view into his development life and this is what he sent!

Volodymyr’s Desk

HeroPress would like to thank Draw Attention for their donation of the plugin to make this interactive image!

“Послухай… пташки заспівали”

Слухайте власну історію Володимира вголос.

«Послухай… пташки заспівали», — сказав Данило, українець, з яким я познайомився на попередньому WordCamp — ми якраз протеревенили останню годину afterparty WCEU у Кракові. «Значить нам теж час іти». І тут він від душі почав співати «Гей, гей, гей, соколи, оминайте гори, ліси, доли». Я підхопив пісню разом із ним. Поляки, що ішли поруч продовжили польською: «Dzwoń, dzwoń, dzwoń dzwoneczku, mój stepowy skowroneczku». Хтось позаду теж приєднався до хору. Це була «Гей, соколи» — українсько-польська народна пісня — під акомпанемент якої нас виносив натовп із Бастіону III, австрійської фортеці XIX століття на околиці краківського Старого міста, саме тоді, коли вже ніч переходила у ранок.

Щоб пояснити, як я там опинився, доведеться повернутися до самого початку цієї історії.

Вид на Краківський замок, фото зроблене зранку після вечірки, приблизно в той час коли “вже заспівали пташки”. Фото зроблене Володимиром Мельниченко.

Миколаїв

Ця історія бере свій початок у Миколаєві – місті суднобудівельників і наречених, де я виріс. Здобув освіту у двох університетах, де навчався одночасно і почав шукати роботу під час року перерви перед продовженням навчання. Я планував знайти собі роботу, щоб заробити грошенят для продовження навчання, готуючись до вступу в один із фінських університетів. У Миколаєві було важко знайти якісь серйозні перспективи для випускника, хіба що в тебе є зв’язки, але я примудрився знайти роботу в “IT” компанії. У 2011 термін “АйТі” нічого мені не говорив, але там потрібна була англійська, яка була моїм основним предметом в університеті, тому я подумав, а чом би й ні? Робота не була важкою: треба було казати, що я “Боб” із США і допомагати клієнтам, які купували фізичні продукти, відслідковувати їх замовлення і давати інструкції, як використовувати оте, що вони поназамовляли. Мене звільнили через півтора місяці. Можливо, я щось не так робив, можливо, просто не вдався обличчям — у будь-якому випадку, що було, то загуло.

На цю роботу я влаштувався самостійно, без будь-якої підтримки, перша заробітна плата була символом моєї незалежності, і перше звільнення — це був бурхливий вир емоцій. Але остання частина просто вибила землю з-під моїх ніг, гірше тільки зробили коментарі на кшталт: “це було занадто добре, щоб бути правдою”, “та ми тобі казали, що там надурять”, і “подивись на нього — він робить те та й се, ще й добре заробляє”. Дуже важко було бути вдома і відчувати себе невдахою. Але це відчуття зробило набагато більше ніж будь-яка ефемерна підтримка — воно мене загартувало і пробудило палке бажання довести, що всі помилялися щодо мене.

TemplateMonster

Хоч перша робота виявилась провалом, вона дала мені чітке розуміння, що треба продовжувати шукати роботу в IT. Наступну роботу я знайшов у TemplateMonster.com — добре відому у певних колах. Вона була повною протилежністю моєму минулому досвіду. У 2012 році вони продавали шаблони для більшості популярних CMS-ок того часу: WordPress, Joomla, Drupal, і для різних рішень електронної комерції. Лише ознайомлення з роботою і навчання зайняло два місяці, що промовисто свідчить про те, наскільки серйозно компанія сприймала своїх людей — майже ніколи не звільняли, а якщо люди й ішли з роботи, то з власних причин.

Моїм завданням було допомагати клієнтам із шаблонами, які вони придбали: встановлення, налаштування, редагування. Було доволі складно, але дуже цікаво — мені подобалося. Тоді я вперше познайомився із WordPress. Я працював шість ночей на тиждень, а неділі були найважчими, бо тіло звикало до активності вночі і відмовлялося спати. Хоча такий графік мене не дуже турбував. Можливість створювати будь-які сайти і кастомізувати їх саме під себе — оце було до дідька захопливо. Я багато перепрацьовував, вивчав щось нове, заколупував розробників питаннями, щоб хоч трохи вгамувати жагу до знань. Але усе закінчилося несподівано швидко: я отримав три листи про зарахування на магістратуру у Фінляндії, вибрав один університет і поїхав до Центральної Фінляндії.

Гельсінкі

Система навчання у Фінляндії побудована зовсім по-іншому — і, на мою думку, на краще. Коли я закінчив основні курси моєї спеціальності, я почав шукати роботу. Завдання було не з легких: рік я шукав пасивно, де-не-де подаючи заявки на роботу, і ще пів року я зайнявся цим активно, відгукуючись на декілька вакансій щодня. Зрештою, доля занесла мене у Гельсінське агентство, що розробляло сайти на WordPress — цим я займаюся і сьогодні. У нас була дуже дружня команда, приблизно з десяти людей, з більшістю з них я досі дружу. Ми будували сайти дуже різного рівня складності, удень, вечорами грали в настолки, ділились історіями зі свого життя і влаштовували грандіозні вечірки.

Вранішній “Weekly” у booncon PIXELS, моєму першому агентстві у Гельсінкі. Фото зроблене Володимиром Мельниченко.

З цією командою я вперше відвідав подію WordPress: WordCamp Helsinki 2017 — дводенну конференцію. Я не був вражений наповал, але вона відкрила мої очі на дещо. Коли ти працюєш у маленькому агентстві, і живеш у своїй бульбашці, а тут неочікувано відкривається цілий всесвіт. Ти бачиш іншу сторону WordPress — спільноту, людей, які рухають увесь проект вперед, людей, які стикаються з тими самими проблемами, які знаходять творчі способи ці проблеми вирішити.

Того першого місцевого WordCamp’у було достатньо, щоб нам захотілося рухатися далі. У 2019 році наша команда поїхала до Берліна на WordCamp Europe — це була моя перша закордонна поїздка за межі звичного для мене маршруту між Фінляндією та Україною. Ми провели кілька днів, досліджуючи місто й відвідуючи конференцію. Масштаб відчувався зовсім по-іншому: тисячі учасників і сотні волонтерів, які усе організовують. Стоячи серед цього натовпу, я зрозумів, що хочу бути частиною цього, і не просто як відвідувач.

А потім почалася пандемія коронавірусу.

Порто

Я, стою на даху Super Bock Arena, де проводився WCEU 2022. Фото зроблене Олександром Місяц

WordCamp Europe 2020 і 2021 років проходили онлайн, і мені здавалося, що вони втратили найголовніше — тисячі людей, зібраних в одному місці, які заряджають одне одного своєю енергією. Тож коли оголосили, що WCEU 2022 відбудеться в Порту, я почав збирати валізу. Цього разу я приєднався до команди волонтерів, щоб побачити WordCamp зсередини. І це було правильне рішення. Для українців це був непростий час — повномасштабне вторгнення вже тривало, і кожен шукав свій спосіб впоратися з новою реальністю. Для мене цей захід став джерелом сили. Я ближче познайомився з українською спільнотою, жваво дискутував зі спікерами й повернувся з відчуттям, що нарешті зрозумів, нашо той WordCamp.

Та поїздка також допомогла мені усвідомити дещо, над чим я давно розмірковував. Я завжди любив подорожувати, але існував бар’єр, який не мав стосунку ні до віз, ні до грошей — хоча й вони теж відігравали свою роль. Проблема була в тому, як виправдати саму подорож. Я виріс у культурі, де час потрібно витрачати з користю, тому подорожувати просто заради подорожі здавалося чимось, що важко пояснити. А ось робоча конференція — зовсім інша справа. Це цілком виправдана причина. Ніхто не питає, скільки задоволення ти на ній отримав. Саме так я побував у Німеччині, Португалії, Італії, Швейцарії та Польщі. Наступна — Іспанія.

Відвідувати WordCamp — це одне. Створювати подібний захід — зовсім інше.

WP Suomi

У 2025 році я став головним організатором WP Suomi — першого незалежного фінського заходу, присвяченого WordPress, що відбувся в Гельсінкі. Місяці, які передували 10 жовтня, виявилися набагато напруженішими, ніж я очікував. Бюджет, логістика, подарунки, мерч, кейтеринг, координація локації — і сотні дрібниць, які мали зійтися в потрібний момент. Пам’ятаю, як прокидався посеред ночі з думкою, що не встиг замовити щось вчасно і воно не приїде до початку події. Більшість роботи, яка стоїть за такими заходами, залишається непомітною для учасників. Вони бачать програму, їжу, афтепаті. Але не бачать тих пів року, протягом яких окремі деталі поступово складаються в єдину картину.

Графіка WP Suomi на великому екрані у холі місця проведення. Графіка створена Сергієм Шенгрінцем

WP Suomi відвідали близько 300 людей. Після заходу сорок учасників заповнили форму зворотного зв’язку, оцінивши його в середньому на 4,47 із 5. Але для мене важливішою була не сама оцінка, а те, що люди писали: нетворкінг, атмосфера, зустрічі зі старими друзями й нові знайомства, спільнота, яка відкрито приймає кожного. Читаючи ці відгуки, я згадав себе і те саме відчуття, яке пережив на WordCamp Helsinki 2017, — це щось нове, захопливе й сповнене можливостей.

Організація WP Suomi допомогла мені значно краще зрозуміти, що стоїть за проведенням таких заходів. Після досвіду волонтера на WCEU, а згодом і головного організатора WP Suomi, я приїхав до Кракова вже з іншим поглядом — набагато краще розуміючи, через що проходять люди, які працюють поруч. Цього року я знову в команді організаторів WP Suomi, але вже в ролі координатора спікерів. Інша відповідальність, інший погляд.

Milana Cap готова показати магію з HTML API. Вона одна із двох людей, винних у тому, що я став головним організатором WP Suomi ‘25. Фото зроблене Asanka Hettiarachchi.

Краків

За ці роки WordCamp для мене змінився. Тепер він менше про доповіді на сцені й більше про те, що відбувається між ними. Як організатор, ти все одно пропускаєш більшість виступів, адже тебе одночасно тягнуть у десять різних боків. Але справжнє життя вирує в коридорах і на вечірках після завершення основних сесій.

Особливо важливо це для української спільноти. Війна розкидала нас по всій Європі — різні країни, різні компанії, різні життя. WordCamp Europe став одним із небагатьох місць, де ми можемо знову зустрітися наживо: поділитися тим, що приніс цей рік, побачитися з людьми, яких досі знали лише онлайн, і переконатися, що наша спільнота продовжує зростати попри все. Багато хто не зміг приїхати до Кракова, на жаль дехто вже ніколи не зможе побувати на цих заходах. Для тих із нас, кому це вдалося, ці зустрічі мають особливе значення.

Саме про це ми з Данилом співали на світанку біля Bastion III, хоча ніхто з нас не сказав цього вголос. Сподіваюся, колись мені ще доведеться робити це на афтепаті в Гельсінкі та Києві — щойно це знову стане можливим.

Українська команда на WordCamp Europe Torino 2024. Все більше і більше українців приїжджає на цей захід незважаючи на війну. Фото зроблене Максимом Кагарлицьким.

The post “Listen… the birds are already singing” – “Послухай… пташки заспівали” appeared first on HeroPress.

BuddyPress: BuddyPress 14.5, 12.7, 11.6

0

BuddyPress 14.5.0, 12.7.0, and 11.6.0 are now available.

These are security and maintenance releases that include two security fixes, along with a number of compatibility improvements, bug fixes, and code modernization updates. We strongly recommend updating your sites as soon as possible.

Highlights

  • Two security issues:
    • Prevent user ID spoofing in the Messages REST API endpoint via improved validation.
    • Restrict Component management to Users with the appropriate Capabilities.
  • Improves compatibility with WordPress 6.9, including support for block style loading optimizations and replacement of deprecated WordPress APIs where appropriate.
  • Includes numerous bug fixes across BuddyPress, including BP Nouveau, Groups, Friends, Activity, Administration, and several PHP 8.x compatibility improvements.

Download

You can update automatically from your WordPress Dashboard, or download BuddyPress 14.5.0 directly:

For the complete list of changes included in this release, see the changelog:

Many thanks to our 14.5.0 contributors 

Thanks to everyone who contributed patches, testing, reviews, bug reports, and responsible security disclosures that helped make this release possible.

Contributors include: emaralive, vapvarun, westonruter, joelkarunungan, nikunj8866, shawfactor, r-a-y, t.schwarz, dcavins, noruzzaman, rollybueno, potcus, pratiklondhe, yatesa01, bhargavbhandari90, amitraj2203, GaryJ., espellcaste, needle, and johnjamesjacoby.

Security issues were responsibly disclosed via the WordPress Bounty Program over at HackerOne and through the WordPress Plugins Team. If you were not properly attributed for your contribution here, leave a comment and we’ll get you added.

Open Channels FM: BackTalk on DevRel, APIs, Digital Freedom

0

Insights into the DevRel role’s importance, explore endless API possibilities, and consider the balance of digital freedom, cost, and usability in today’s tech landscape.

Introducing HelpJet: The AI Chatbot That Answers Your Customers’ Questions in Seconds

0

Ever wanted to build an AI support agent for your WordPress website or WooCommerce store?

Imagine customers asking a question at 2 a.m. and getting an instant, accurate answer, pulled straight from your own help docs, website content, and custom private SOPs. Plus, it can cut the repetitive 80% of support questions, so your team can focus on the questions that actually need a human.

Sadly, most AI support tools on the market are either crazy expensive or very complicated to set up.

It simply shouldn’t be this hard to give your customers fast, helpful answers.

That’s why today, I’m excited to announce HelpJet, an AI-powered support chatbot that learns your documentation and answers customer questions automatically, 24/7, built by our team at HeroThemes, a WPBeginner Growth Fund company.

introducing helpjet

What Is HelpJet?

HelpJet is a standalone AI support chatbot that trains on your own content and resolves the bulk of your repetitive tickets automatically.

Hero banner for HelpJet AI showing a purple background, floating chat windows, and the headline: 'Give your support team the teammate they've always wanted.' including a Get Started Free CTA in the lower area.

It can read between the lines, understand what customers actually mean and respond with genuine empathy, especially when the customers are frustrated. In other words, it offers the human touch you’d expect from your best support person, combined with capabilities no human could ever match.

Aside from WordPress, it seamlessly integrates with BigCommerce, Shopify, Webflow, and more.

Here’s why every small business needs HelpJet:

  • Create a custom GPT trained on your own website content. 
  • Add an AI support agent for your business that works 24/7.
  • Speed up WooCommerce store support and boost sales.

Train Your AI Chatbot in Five Minutes

Train your AI chatbot by dropping your content like private SOPs, URLs, help articles, and more.

If you drop a URL from your WordPress site, then HelpJet asks you which post types to fetch. Select the post types, and it trains from your content.

Screenshot of a bot-training UI: enter a training URL, choose content types (Posts/Pages), and start training.

HelpJet also automatically re-scans your site weekly to stay up-to-date. You can also trigger a manual refresh anytime from your dashboard.

Easily Embed the Chatbot on Your Site

The easiest way to embed HelpJet’s chatbot on your website is by installing its WordPress plugin.

As soon as the plugin is activated, a floating chat widget will appear on your site. 

Cafe interior with a glowing 'CAFE' sign and hanging green pendant lights; on the right, a chat assistant panel with a small Bean & Brew photo and intro text.

You can choose which corner of the screen the widget should appear in, right or left.

Additionally, you can embed the chatbot in any articles with the ‘HelpJet Chatbot’ block or with a shortcode.

Built to Understand WooCommerce Stores

If you run a WooCommerce store, then HelpJet can help you with pre-sales and post-sales questions. The best part is that it can read product variations, stock levels, shipping classes, and tax rules.

So when a shopper asks, “Is this available in blue?” or “Do you offer shipping to Texas?”, it answers with real information instead of providing a generic answer.

For store owners, that’s the difference between a lost sale and a closed one.

Route Complex Questions to Your Team

Here’s the objection I always hear: “What happens when the bot can’t answer?”

When a question is too complex, or the customer simply wants a human, HelpJet routes the conversation to your team smoothly.

And here’s the clever part: when your support agent answers, HelpJet learns from that resolution. Next time, it can handle the question on its own.

That means your bot gets smarter every single day.

Clean Analytics Dashboard to See Exactly What’s Working

HelpJet includes a clean analytics dashboard so you’re never guessing.

Dashboard of chatbots with stats: Satisfaction 100%, Resolution 100%, Interactions 2, Messages received 2, Messages answered 2; AI Support Assistant active

You can track conversation volume, satisfaction rate, and resolution rate at a glance. You’ll see the questions customers ask most, which quietly reveal the gaps in your documentation.

Every answer gets a thumbs up or down, and the whole activity log is tagged by sentiment.

Test Your Chatbot Before You Go Live

You’d never want an under-trained bot talking to real customers. HelpJet includes a built-in preview environment for exactly this reason.

helpjet ready to test

You can ask the bot real questions, check its answers, and fine-tune its tone and behavior… all before a single customer ever sees it.

Built by the Team Behind Heroic Themes

HelpJet comes from HeroThemes, a team that’s been building WordPress support software for roughly 15 years. They’re the folks behind Heroic KB, the popular knowledge-base plugin, and Heroic Inbox, their shared-inbox ticketing tool.

Over those years, HeroThemes kept running into the same frustration with Heroic KB customers: businesses had genuinely great documentation, but most visitors never read it. Customers would rather ask or just leave. HelpJet is their answer to that, turning the docs you’ve already written into instant answers your customers actually get.

If you’re already using Heroic KB or other knowledge base plugins on your site, then HelpJet works alongside them. 

Getting Started With HelpJet

Getting up and running takes just a few minutes:

✅ Sign up for a free HelpJet account (no credit card required).

✅ Point it at your help docs, URLs, or PDFs to train your first bot.

✅ Preview and fine-tune the answers in the testing environment.

✅ Install the WordPress plugin to embed the chatbot on your site.

The free plan is genuinely free forever. You get one bot and 100 interactions per month, which is a great way to see the value before you commit to anything.

When you’re ready to scale, the Pro plan runs $29/month (or about $23/month billed annually) with three bots and 1,000 monthly interactions. It also comes with a 14-day free trial, again with no credit card.

I’d love to hear how you’d use HelpJet on your own site. If there’s a feature you’d like to see, let the team know… this is exactly the kind of feedback that shapes a young product.

Thanks, as always, for being part of our community. I truly believe HelpJet levels the playing field, giving small businesses the kind of live support that used to be reserved for the giants.

Talk soon,

Syed Balkhi
Founder of WPBeginner

P.S. Want me to invest in your business? Learn more about the WPBeginner Growth Fund.

The post Introducing HelpJet: The AI Chatbot That Answers Your Customers’ Questions in Seconds first appeared on WPBeginner.

Hostinger Review: Job Title Says Web Host, Resume Says a Lot More

0

Hostinger review featured imageHostinger has gone from standard web host to web host with the works. In this Hostinger review, I’ll take an in-depth look at its traditional web hosting plans alongside its increasingly growing portfolio of business and developer tools.

Matt: USA 250

0

This auspicious 250th Independence Day, I find myself thinking of what Om wrote in iAMerican when he became a US citizen in 2013.

On a globe, America is a landmass, a country. In an immigrant’s heart it is a belief that future is almost always better. It may not be perfect and it is certainly not equal, but it still is one of a kind — the only place where an absolute stranger with a funny name and a funny accent with no friends or contacts can show up, work hard and actually get to do what he was destined to do. […]

In most places in the world, outsiders like me don’t have that chance. That simple truth is what makes America so special. A chance – to be somebody even if you are nobody. America is a state of mind and I have opted-in!

I feel lucky to have been born here, and if I hadn’t been, I think I would have gotten here as fast as I could. I’m grateful to the public schools that educated me, the teachers who pushed me, the internet that freed my mind, and the culture of risk and innovation in technology that invested a million dollars in a 21-year-old dropout kid trying to build a company around (but not replacing) an Open Source project.

It’s not unimaginable that these things could have happened someplace else, but it would have been a long shot.

On the lighter side, SNL’s Washington’s Dream skit is one of their best ever, Google has a pretty funny commercial reimagining the Declaration being written, and another famous Matthew (McConaughey) gives a great 2-minute speech. “We need skeptics. Yes, we do. We do not need cynics. One cares enough to question, which we should, and the other one’s already quit.”

WPBeginner Turns 17 Years Old – We’re Doing a Giveaway ($10,000 in Prizes)

0

It’s quite surreal to type that WPBeginner turns 17 years old today!

I’m incredibly grateful to have the support of such an amazing community of website owners, small businesses, and web professionals. YOU are the best part of WPBeginner!

Like every year, I will take a few minutes to share all the major things that are happening in the business as well as my personal life.

But more importantly, to celebrate this big milestone, we’re doing a HUGE birthday giveaway with over $10,000+ in prizes!

Since this is a long article, you can easily skip to the section you’re most interested in:

17th-birthday-giveway-wpbeginner

My Personal Updates

If you’re new here, you might not know that I have been using WordPress since I was 16 years old, and I started WPBeginner in 2009 when I was in college at age 19.

Ever since then, WordPress community has played a huge role both in my life as well as my family’s life.

My son, Solomon is now 9 years old, and our baby girl, Aliyah, was born 6 months ago. Parenting is one of the wonderful gifts of life. We recently restarted our travels and took a trip to Mexico as well as Italy. I’ll be sharing more about these trips later in the year when I do my annual year end reviews.

If you didn’t get a chance to read my 2025 recap, I highly recommend checking it because I shared lessons learned from last year.

Balkhi Family 2026 - WPBeginner Birthday

WPBeginner Updates

This year, Google’s algorithm updates and the rapidly changing A.I. landscape continued to impact our traffic.

The good news is that we’re fortunate to have an incredible community of readers and subscribers, and that’s what matters MOST.

Since starting WPBeginner, my focus has always been on creating helpful tutorials and resources for WordPress beginners, and that will never change. We’re already adapting how we create and share content for this new era, and we’re excited about what’s ahead.

I’m truly grateful for everything we’ve accomplished together this year.

As always, none of this would be possible without your continued support and trust. THANK YOU for being part of our journey!

Here are some of the big updates that happened on WPBeginner in the last 12 months:

1. New Product Launches

This past year, our team put their energy into building. Here are the new products we launched to help you get more done on WordPress:

  • We launched WPVibe, a WordPress MCP server that lets your favorite AI tool, like Claude, ChatGPT, and Cursor, manage your WordPress site directly. Our announcement video went viral on X and got over 440k views.
  • We released ActiveLayer, an AI-powered spam protection tool that stops form, comment, and registration spam server-side in milliseconds without CAPTCHAs or puzzles. Here’s the full background story.
  • We launched Universally, an AI website translation tool that automatically translates your site into 110+ languages in minutes without hiring professional translators. Here’s the full background story.
  • My team at Uncanny Automator released Uncanny Agent, the first true AI assistant built natively for WordPress. You can ask any questions about your site or tell it what you need done…and it takes care of it for you. Here’s the full background story.
  • We launched WPChat, a live-chat widget that lets you convert your visitors into paying customers by connecting them on WhatsApp, Messenger, Instagram, and Telegram. Here’s the full background story.
  • MemberPress, one of my Growth Fund brands, launched the MemberPress AppKit addon. It transforms your membership site into a fully branded iOS and Android app. Here’s the full background story.
  • My team at WPForms released the Quiz Addon. It lets you build interactive quizzes and graded assessments right inside the form builder you’re already familiar with. Here’s the full background story.
  • My team at Duplicator released WP Media Cleanup, which enables you to reclaim disk space by identifying unused media files and removing them quickly and easily. Here’s the full background story.
  • We released WPFilters, which helps you easily add Amazon-style search filters to your site and make your content easily discoverable. Here’s the full background story.

I’m really proud of what our team has built this year, and it’s amazing to see the impact these products are making across the WordPress ecosystem and the larger open web.

Want me to invest in your business? Learn more about the WPBeginner Growth Fund.

2. WPBeginner Workshop: Free Live Training

Our WPBeginner Workshop is going strong, and this year, we hosted workshops every month covering WordPress fundamentals, AI tips, privacy compliance, and much more.

Every workshop is led by our own team at WPBeginner, sharing the real-world lessons we learn every day. At the end of each session, we also hold a live Q&A where attendees get their WordPress questions answered in real time.

Best of all, it’s totally free to attend!

All you need to do is join our newsletter to stay up to date.

3. Broader Company Updates

WPBeginner is funded 100% through the support of our readers like you.

My various companies develop premium WordPress plugins to help you grow your website. These plugins are built with the same beginner-friendly approach you know and love from WPBeginner, and a large number of our product & feature ideas come from your feedback & suggestions.

When you buy a license for any of my premium plugins, you’re not only helping make your website better, but you’re also helping support WPBeginner and our mission.

My company, Awesome Motive, has over 300+ team members across the world, and all of us are committed to help you build a better website!

Here’s a list of our plugins that you should check out. Collectively, they’re being used on over 30 million websites. Your support means a lot to us whether you use the free version or purchase a premium license – we are here to serve.

WPBeginner 17th Birthday Giveaway

To celebrate the 17th birthday of WPBeginner, we’re running a HUGE giveaway!

We are giving away premium plugin licenses worth over $10,000 to 39 lucky winners.

So, what kind of goodies are we giving away? Here’s the complete list:

10 licenses of Universally, 5 licenses of Uncanny Agent, and 3 licenses each of the following products: WPConsent, ActiveLayer, AIOSEOWPVibe, SeedProd, Duplicator, WPChat, and Sydney theme.

Thank You, Everyone

I want to say thank you to everyone who has supported us in this journey. I really do appreciate all of your retweets, personal emails, content suggestions, and the interactions at the events.

I also want to say special thank you to everyone who’s using our plugins because that enables us to keep bringing more free tutorials to WPBeginner.

You all are AMAZING and without you, there is no WPBeginner.

I look forward to another solid year ahead of us.

Syed Balkhi
Founder of WPBeginner

The post WPBeginner Turns 17 Years Old – We’re Doing a Giveaway ($10,000 in Prizes) first appeared on WPBeginner.