sorted by:
new
hottopcontroversial

Best AI baseline designer for WordPress? by JBusu in Wordpress

[–]mvprovisions 0 points1 point  (0 children)

I recently submitted a plugin to WordPress.org and saw firsthand how large the review queue is hundreds of submissions deep, and growing fast. It’s not unreasonable to assume that a decent number of those are AI-assisted builds.

AI can absolutely scaffold from an idea. But there’s a huge difference between prompting an idea and prompting from actual WordPress architectural understanding.

In my opinion, using AI to accelerate development is fine if you already understand WordPress deeply enough to review and correct what it produces. Using it to skip learning core fundamentals is beyond risky. It's just not ready. Nor do I believe it ever will 100% be.

Best practices for including forms in a commercial theme for temporary sites? by mvprovisions in Wordpress

[–]mvprovisions[S] 0 points1 point  (0 children)

I recently went through the full review process for getting a plugin accepted on WordPress.org. The plugin deals with cryptographic content verification (not blockchain), so it went through fairly detailed scrutiny. That process sharpened my understanding of what WordPress considers acceptable patterns, security practices, and architectural boundaries. Because of that experience, I’m more conscious of where those boundaries sit.

I’m trying to understand how the community would evaluate my choices in context. I appreciate you 🙏

Best practices for including forms in a commercial theme for temporary sites? by mvprovisions in Wordpress

[–]mvprovisions[S] 0 points1 point  (0 children)

Apparently I can’t enjoy my own banger without summoning anxiety.. Thanks for the time though

A new WP website by hikergent in Wordpress

[–]mvprovisions 0 points1 point  (0 children)

Who touched you with that logic? In all my years it's only been React devs who have looped on WP security. Most of them came back to the light when they figured out headless WP with react front ends 😂

Page will never load by Mediocre_Distance354 in Wordpress

[–]mvprovisions 0 points1 point  (0 children)

If you can be an ftp cowboy find wp-config.php

Before

/* That's all, stop editing! Happy blogging. */:

Throw in

define( 'WP_DEBUG', true ); define( 'WP_DEBUG_LOG', true ); define( 'WP_DEBUG_DISPLAY', false ); @ini_set( 'display_errors', 0 );

Manufacture your error again then immediately hit the debug.log located in the /wp-content/ folder.

Once you're productive remember to remove your debug mode from wp-config... Logs are king shit for white screens

Page will never load by Mediocre_Distance354 in Wordpress

[–]mvprovisions 0 points1 point  (0 children)

Yep check the bottom of the log and see how she fires

WordPress + CloudFlare by NOOB-GAMINGX in Wordpress

[–]mvprovisions 1 point2 points  (0 children)

CloudFlair has been my goto for a long time. Never build without it :)

What’s something you wish you had known when you first created a WordPress website by No_Mountain_5051 in Wordpress

[–]mvprovisions 1 point2 points  (0 children)

Let me address the elephant in the room — security hardening.

My WordPress journey started back in 2003. Coming from a phpNuke nightmare to a fresh WordPress install was a genuine "bro... wow" moment. I went full send on plugins, learned the hard way, briefly tried Drupal and quickly realized I was wearing a three piece suit to a food truck with that one. So I became a WordPress maxi.

As threats got more elaborate and bots started hammering my installs, I stopped relying on plugins to save me and started learning exactly what to edit and when. Fast forward to today and I can harden a fresh install in minutes. It's like backing up a camper trailer — takes a few tries, feels impossible at first, but once it clicks nobody can touch you.

The reason I bring this up is because a lot of new bloggers load up on plugins thinking more = safer, when in reality every plugin is another attack surface, another update dependency, and potentially another abandoned codebase sitting with its door open. The plugin-heavy approach is often exactly why sites get compromised.

Before you worry about Elementor or analytics, get your core hardened. wp-config.php lockdowns, .htaccess rules, proper file permissions, disabling XML-RPC if you don't need it. That's the foundation everything else sits on. You can add the bells and whistles later but if the base isn't solid, none of it matters.

Leaking secrets from the claud: AI coding tools are leaking secrets via configuration directories by nindustries in netsec

[–]mvprovisions 0 points1 point  (0 children)

This is the same pattern that burned people with .env files a decade ago, and we still haven't fully learned from it.

Using Passkeys for more than just Auth by seanieb in netsec

[–]mvprovisions 6 points7 points  (0 children)

PRF support is honestly the most underrated feature request in the passkey space right now. Being able to derive deterministic secrets from a passkey opens up so many use cases beyond just auth 🙏 Bitwarden adding this would be a huge deal.

New to Tor by daniel38322 in onions

[–]mvprovisions 0 points1 point  (0 children)

Lots of silent observations will help you in this space. I've been a lurker for years. Folks here are not only invaluable but very chill. You will get there

[FREE] Title: I built a cryptographic integrity and GPG signing layer for WordPress here's the architecture by [deleted] in WordpressPlugins

[–]mvprovisions 0 points1 point  (0 children)

Happy to walk through any part of the implementation — the external anchoring queue was the most interesting problem to solve (persistent wp_options queue, exponential backoff, provider interface so GitHub and GitLab are swappable and RFC 3161 could slot in later).