Podcast: Play in new window | Download | Embed
Subscribe to WPPlugins A to Z on Apple Podcasts | Podcast Index | Email | RSS
Good morning, good afternoon, good evening, wherever you happen to be hiding out there on the globe today! Coming to you LIVE from . . .
Welcome to Episode 656 – WP Plugins A to Z Serves Up WordPress Wow Factor!
We’ve got a couple of great in-depth plugins to cover for you with ClickTock helping us keep on time and track our time while we work on any and every site we fix and build for our clients, a plugin that helps to securely connect various WordPress sites together, and some recent news in both the WordPress World and the Tech World in general with additional WordPress Tips!
Usually I throw in something awesome here, but all I got today is to make sure you get outside and enjoy the sun, and make sure you make some time to spend with family and friends this summer before the warm time is over!
A few reminders before we start the show today….
Reminders:
- Join us here in person every Monday at 12:00pm Pacific Time to enjoy our show!
- Show notes are added to wppluginsatoz.com within 24 hours of the show airing; you can find them either on the home page, or in the Podcast Vaults!
- This is a value for value show dear listeners, help us get some loven’ by hitting some like buttons, sharing an episode or two, or just turn our show on really loudly. We will catch somebodies attention!
If you stick around until the end, you will have a chance to hear some good questions – sometimes meant for the greenies, sometimes meant for the very experienced – and sometimes the questions are just completely random. Stick around and have a listen, might help! Or at least entertain!
(Don’t feel shy about sending in a message just to say hi! Send along suggestions, questions, recommendations, news, art – we always love to hear from our listeners!)
Let’s start the show with this weeks Featured Artist:
Artist:
Who is our artist today?!?
Today is…. Grok pulled it off
Grok! And he gave us our title too. He’s just such a useful little AI fella!
We would love some new art from our Producers out there! If you are so inclined, you can send it into us at amber@wppro.ca or john@wppro.ca. If you need some inspiration, you can always go to our site wppluginsatoz.com and check out our Art Vaults – you will find the link for it on the left hand side.
We can NEVER have too much art!
Breaking News in the WordPress World at large!!
If you have anything you think should be added please send it into me at amber@wppro.ca!
News this week:
WordPress Vulnerability Report
(https://solidwp.com/blog/wordpress-vulnerability-report-august-13-2025) – In this report there are 83 vulnerabilities. 77 are plugins this week, with 6 Themes.
Plugins: 46 patched, 31 left to go!
Themes: 5 patched, 1 left to go!
WordPress Vulnerability Report from PatchStack
(https://patchstack.com/database/) – These guys always have the latest information on what is going on regarding the latest in vulnerabilities.
Phased plugin releases land on wordpress.org with 24-hour delay option
(https://www.therepository.email/phased-plugin-releases-land-on-wordpress-org-with-24-hour-delay-option) – We had mentioned this coming our way in a previous show, and now it is here! What this does is make it so that when there is an update, developers can roll it out to a smaller group first, fix issues, roll it out to a larger group, fix those issues, etc. This will make it easier and faster to resolve issues with major updates especially. In theory it seems awesome, and I am actually excited to see how it works in practice!
WordPress coding standards 3.2.0 adds sniff for meta functions, updates for PHP 8.4
(https://www.therepository.email/wordpress-coding-standards-3-2-0-adds-sniff-for-meta-functions-updates-for-php-8-4) – WordPressCS 3.2.0 was recently released, helping to keep the tool aligned with the latest versions of WordPress and PHP. Biggest thing is a new sniff to catch a common pitfall: using functions like get__*_meta() and get_metadata*() without $single parameter, which can cause bugs due to inconsistent return types. To learn more on what this brings follow the link in the show notes!
Hackers hijacked Goggle’s Gemini AI with a poisoned calendar invite to take over a smart home
(https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home) – I thought this was a rather important one to bring to your attention – we have heard about the issues of sites being taken over, this is the first time that I personally have heard of this, other then in movies, and I think it is something to pay attention to.
Microsoft sued for killing Windows 10 – all users must act now
(https://www.forbes.com/sites/zakdoffman/2025/08/10/microsoft-sued-for-killing-windows-10-all-users-must-act-now/) – This is something we will for sure be keeping an eye on! The whole ‘Microsoft killing windows 10’ has been a major issue – most of us have fantastic computers that work really well still, better then average and better then a lot of new computers -but we are supposed to scrap this and throw ourselves into debt to get a whole new system before this one dies? It’s like eating half a sandwich, then tossing it so you can grab a new one that won’t really taste any better at all. Makes no sense! We will follow this and keep you as updated as possible!
(Go visit WP Shout Comics OR Word Chronicles OR MonkeyUser.com for a fantastic brain break – my favourite today is this one!)
Some Extras – check out our Facebook or Twitter!
Microsoft is shutting down its document scanning app
(https://timesofindia.indiatimes.com/technology/tech-news/microsoft-is-shutting-down-its-document-scanning-app/articleshow/123201960.cms)
Microsoft announces plans to kill off another operating system, one year after windows 10
(https://www.gbnews.com/tech/microsoft-kill-off-another-operating-system)
Proposal to expand WordPress Core Block Library draws support and caution among contributors
(https://www.therepository.email/proposal-to-expand-wordpress-core-block-library-sparks-debate-among-contributors)
Automattic pushes WP Engine to hand over evidence of customer confusion
(https://www.therepository.email/automattic-pushes-wp-engine-to-hand-over-evidence-of-customer-confusion)
From Groundhogg to guideline violations: How the WordPress Plugins Team enforces trademarks
(https://www.therepository.email/from-groundhogg-to-guideline-violations-how-the-wordpress-plugins-team-enforces-trademarks)
Judge denies Willman’s bid to join WP Engine v. Automattic case
(https://www.therepository.email/judge-denies-willmans-bid-to-join-wp-engine-v-automattic-case)
WordCamp Canada 2025 is all about generational change, open web energy, and tinkering with what’s next
(https://www.therepository.email/wordcamp-canada-2025-is-all-about-generational-change-open-web-energy-and-tinkering-with-whats-next)
First FAIR TSC election keeps Dils, Epstein, and McCue at the helm
(https://www.therepository.email/first-fair-tsc-election-keeps-dils-epstein-and-mccue-at-the-helm)
WP Engine and Automattic clash over scope of discovery in ongoing legal battle
(https://www.therepository.email/wp-engine-and-automattic-clash-over-scope-of-discovery-in-ongoing-legal-battle)
WordCamp US 2025 schedule now live, with new career corner and student initiatives
(https://www.therepository.email/wordcamp-us-2025-schedule-now-live-with-new-career-corner-and-student-initiatives)
GoDaddy bringing agentic AI to its platform with Ask Airo
(https://www.therepository.email/godaddy-bringing-agentic-ai-to-its-platform-with-ask-airo)
WP includes in helping women level up their careers in WordPress – and applications are now open
(https://www.therepository.email/wp-includes-is-helping-women-level-up-their-careers-in-wordpress-and-applications-are-now-open)
WordPress Campus connect quickly growing with Global Events, student clubs and scholarships
(https://www.therepository.email/wordpress-campus-connect-quickly-growing-with-global-events-student-clubs-and-scholarships)
AOL will end dial-up internet service in September, 34 years after its debut – AOL Shield Browser and AOL Dialer software will be shuttered on the same day
(https://www.tomshardware.com/service-providers/network-providers/aol-will-end-dial-up-internet-service-in-september-34-years-after-its-debut-aol-shield-browser-and-aol-dialer-software-will-be-shuttered-on-the-same-day)
New study sheds light on ChatGPT’s alarming interactions with teens
(https://www.ctvnews.ca/sci-tech/article/new-study-sheds-light-on-chatgpts-alarming-interactions-with-teens)
One file, size formats: just change the extension
(https://hackaday.com/2025/08/08/one-file-six-formats-just-change-the-extension)
‘The best solutions is to murder him in his sleep’: AI models can send subliminal messages that teach other AIs to be ‘evil’ study claims
(https://www.livescience.com/technology/artificial-intelligence/the-best-solution-is-to-murder-him-in-his-sleep-ai-models-can-send-subliminal-messages-that-teach-other-ais-to-be-evil-study-claims)
Popular hard drive vendor on Amazon caught selling 10-year-old used but repackaged hard drive – but would you buy one if it was keenly priced?
(https://www.techradar.com/pro/popular-hard-drive-vendor-on-amazon-caught-selling-10-year-old-used-but-repackaged-hard-drive-but-would-you-buy-one-if-it-was-keenly-priced)
Newly discovered WinRAR exploit linked to Russian hacking group, can plant backdoor malware – zero day hack requires manual update to fix
(https://www.tomshardware.com/tech-industry/cyber-security/newly-discovered-winrar-exploit-linked-to-russian-hacking-group-can-plant-backdoor-malware-zero-day-hack-requires-manual-update-to-fix)
Hackers found a way around Microsoft Defender to install ransomware on PCs, report says
(https://mashable.com/article/microsoft-defender-hack-akira-ransomware-pc-windows?test_uuid=003aGE6xTMbhuvdzpnH5X4Q&test_variant=b)
Cyber Apocalypse Now: Black Hat 2025’s most terrifying hacks and security breaches
(https://www.pcmag.com/news/cyber-apocalypse-now-black-hat-2025s-most-terrifying-hacks-and-breaches)
Hackers weaponizing SVG files with malicious embedded JavaScript to execute malware on Windows Systems
(https://cybersecuritynews.com/hackers-weaponizing-svg-files-with-malicious-embedded-javascript)
Build a compact WiFi UPS at easy
(https://www.instructables.com/Build-a-Compact-WiFi-UPS-at-Easy)
In first, Israeli cybersecurity firm exposes chatGPT vulnerability
(https://www.ynetnews.com/business/article/sy9xmgfuxe)
Hackers uses social engineering attack to gain remote access in 300 seconds
(https://cybersecuritynews.com/hacked-in-300-seconds)
Detailed logs show ChatGPT leading a vulnerable man directly into severe delusions
(https://futurism.com/chatgpt-chabot-severe-delusions)
Microsoft 365 direct send weaponized to bypass email security defenses
(https://cybersecuritynews.com/microsoft-365-direct-send-weaponized)
Hackers can manipulate BitLocker registry keys via WMI to execute malicious code as interactive user
(https://cybersecuritynews.com/bitlocker-com-hijacking)
Meta descriptions are dead – focus on Alt and title Tags instead
(https://presswizards.com/meta-descriptions-are-dead-focus-on-alt-and-title-tags-instead)
Rogue’s Corner News and Extras
Be sure to go and check out the new and unique plugins now available from WPProAtoz.com!
Tip of the day
Talk about https://influencewp.com/ and the benefits of it for WP devs
Check out The Repo at https://therepo.org/ an alternative to the regular plugin repo.
Dragon Rating Time with John!
John’s Plugin
ClickTock
https://friendlywebguy.co.uk/clicktock-time-tracker/
by Dave Grey — The Friendly web guy https://x.com/FriendlyWebGuy
Online review of the plugin walkthough https://youtu.be/m0ps8enm1bw
Wishlist for plugin https://friendlywebguy.co.uk/clicktock-wish-list/
The Lowdown:
Simple time tracking built into your WordPress admin.
Stop guessing how long tasks took. ClickTock tracks your time directly in WordPress, so you always know exactly what to bill clients.
- One-click tracking – Timer runs right in your WordPress admin bar
- Organized by category – Development, Design, Meetings, Admin work
- Visual reports – Charts and CSV exports for billing
A side note I was going to write my own plugin but happier to have paid someone else for a great one. Here is what I was thinking about.
Stop watch create a new plugin
Using best WordPress practices for creating a plugin
I want to create a WordPress plugin that does the following:
Once installed it places a prominent button in the admin menu bar in red or adjustable colour
This button will start and stop a timer when you are working on the site
The time will automatically stop if you close the browser window
When you start it, it will popup a window to ask what work is going to be done and when you stop it the window opens again to add additional info of what was done.
This varying info is to be stored in a new table in the database
I want it to also allow for a spot to enter text for what was done for this time
Need to also have it email any time collected in a 24hr period.
Rating 5 Dragons
WordPress Tips
We would love to hear some tid bit tips from some of our producers out there – what did you figure out by breaking something? Or what did you need to learn in order to help someone? You can send these tid bits into me at amber@wppro.ca
My tip to you today…
I am sure we have all experienced at least once in our career, at least one time when an enthusiastic client decides to go edit something… and then calls you or emails you in a bit of a panic ’cause they broke it. Or at least managed to rearrange it fully.
Well, my tip to you today is to let me explain to you what happened – of course you already know what happened. Of course you already tried what they are going to tell you to try.
But really, allowing them to do this and being patient enough to let them explain, allows them to feel like they are part of the solution, that they are helping.
So don’t look down on them, or tell them off or get all snooty at them – tell them something along the lines of ‘yes, you are absolutely correct! I did give that a go already, and it didn’t work because of A, B, and C though.’
Explain the basics to them, they are not children and will likely understand. Encourage them to ask questions, and actually answer them in laymans terms.
This I have found allows them to be part of the solution, but then when you just go off and fix the issue within seconds, you are now an internet god to them, and they are proud to have been part of the solution but also totally get that they didn’t actually fix the issue – it allows them to keep their pride, and for you to be appreciated for your skill and knowledge.
It creates a fantastic symbiotic based on respect relationship that will get you more clients, and help them to make more money.
Dragon Rating Time with Amber!
Amber’s Plugin
Peace Protocol
https://wordpress.org/plugins/peace-protocol
The Lowdown:
I found the idea of this intriguing – the plugin is meant to enable WordPress site administrators to authenticate as their website and send cryptographically signed “peace” messages to other WordPress sites running the same protocol and/or indie authentication.
Once you have downloaded and activated it, you will find the dashboard for this plugin under ‘Settings’>’Peace Protocol’.
Going to the Dashboard for this plugin, you will see that there is only the one page with the following information:
‘Your Tokens’ – this has a button below it saying ‘Generate New Token’. Clicking there will generate a new token for you, and you will see it arrive in your ‘Your Tokens’ section below where it lists out your token, that token’s status, and ‘Actions’ – although you are only able to delete the tokens down to the last one. There will always be one token you cannot delete.
‘Debug Information’ – Here you will see the active token database information – which tells you how long the token is, where it is stored- you can see the file path – and you can see the token written out for you.
‘Subscribed Peace Feeds’ – This is where you see the various sites you have allowed ‘Peace Protocol’ with, those who you have connected with through this. Having this allows this decentralized authentication system to setup WordPress admins a secure way to authenticate across different websites without sharing passwords or personal info, and this area is where you see your connections.
Now, when i was testing this out, I learned that both sites MUST have this plugin installed which makes sense. The way you send the ‘peace token’, is you have to go to your home page, and click on the little hand giving the peace sign, and enter the site you want to have token to be from, although if you are actually the admin for both sites you will find yourself locked out as you are creating a ‘federated user’ token… an example below:
creating a token for johntitor.ca sent by merssandbox.ca.
In order to have the peace token sent, you need to input the site info for site B onto site A – on the merssanbox site you enter in the full address including the https:// bit through the the peace hand on the johntitor site.
I decided to do both. I added in the johntitor info on the merssandbox site first. that went over perfect! My ‘Subscribed Peace Feeds’ showed up with the johntitor site information on the dashboard and everything!
Then I went over to the johntitor site and entered in the merssandbox information – and found myself locked out of the johntitor site as I had made myself a ‘federated user’ and therefore had no access to the dashboard anymore.
Works very well though! I had to go in through the backend to disable the plugin before I could get back in! Only had the issue on one site though. I am not certain how come that is the way it wound up being as I have completely different logins for both, so not sure what happened there…
Conclusion, this works very well for people to sign in and read posts, comment on posts, etc. They put in their website information, and in the backend you can choose whether you block the token, leave the token, delete the token. You have to have enough tokens for people, so say you had 3 people coming to sign up, you need to have 3 tokens. If you only have 2 tokens, I do not think that this would work, although I was not able to test this.
I think this could come in very handy! A little confusing to get at first, but once sorted it is good.
Totally free to use, i rate this at…
Rating: 4 Dragon
**Quick update – when I first disabled this plugin from the backend and logged into the johntitor site, I only saw the basic dashboard with little to no information available, my profile, and the logout button. I had to fully delete the plugin in the backend, logout and then back in to get everything back. Plugin works very well indeed security wise!**
Miscellaneous Announcements from all:
Have an announcement like a meetup, or to announce you’ll be on stage at a WordCamp? Let us know and we will add it here and help get your news out to the world!
WP Build Tour Bhopal, M.P. – June 6 – August 31
WordPress Campus Connect Cartago – August 4-13
Summer Photo Contest 2025 – August 1 – 31
WordPress Campus Connect Ajmer – August 23 – October 11
WordPress Campus Connect Jaipur 2025 – August 23 – October 5
To see the entire list you can follow the link here in the show notes, then click on ‘More WordCamps’ right below the list of the next 5. https://central.wordcamp.org/
If you are interested in finding a WordPress Meetup somewhere around the world you can go check out the places here: https://www.meetup.com/pro/wordpress/
Keep checking back every week to find out what else is going on!
Donations from across the galaxy!
Producership Credits are a thing that do actually exist – we offer them up to those who donate through Time, Talent or Treasure. You can use these credits to boost up your resume, add to your LinkedIn file, so on and so forth!
Even if you are not interested in receiving a Producership Credit, check out how you can use us as your own stepping ladder in the world of the internets – get yourself an interview, get us to make your announcement for you, let the world know you have something to say or a company worth checking out!
Have a look through our site wppluginsatoz.com. Check out the Time, Talent and Treasure pages.
Today’s Plugins we covered were:
John’s Plugin:
ClickTock by Dave Grey
- Timer runs right in your WordPress admin bar
- Visual reports offering charts and CSV exports for billing
- Organized by category – development, design, meetings, admin work
Rating: 5 Dragons
Amber’s Plugin:
Peace Protocol By Billy Wilcosky
- Decentralized way to connect exclusively WordPress sites
- Authenticate with website, not yourself
- Only federated users created after secure handshakes generated through tokens
Rating: 4 Dragon
How to reach us:
Feel like sending us something through the snail mail system? You can do that thanks to our brick and mortar address that we provide for you!
You can also reach us the more common way of the internets – have both of our internets available down below for ya!
WP Plugins A to Z
C/O John Overall
20-754 E Fairview Rd.
Victoria, BC V9A 5T9
Canada
John:
- My website:http://www.johnoverall.com/
- WordPress Emergency Support:http://wppro.ca/wpemergency
- email:john@wppro.ca
Amber:
- email: amber@wppro.ca
Q & A Time with Amber – Catch this info on our YouTube Channel
If you have questions you would like to have asked on the show, send them in to me atAmber@WPPro.ca – we may never stump my dad, but we can get some good conversation out of him at least!
- For the article ‘One file, size formats: just change the extension’ it talked about changing extension to manipulate files. Was it more effective “back in the day” than it is now? What issues did you run into then back them?
- Would this work to upgrade old files, like Word or Excel from Windows ’98?
- We have talked about this before but what are your thoughts on charging clients by the minute verses 5 or 15 or 30 minute time chunks? Especially now with the time keeper plugin you spoke about.
Questions asked after closing credits:
- When I was growing up, there were all kinds of chat rooms. Those chat rooms were generally a single page with about 8-12 different chat boxes and people just talking – do you think that is something we could do today?
- What would go into making that, what kind of restrictions would one be facing over that?
- What is something that you remember from when you were younger, something (not including games) that you spent a lot of time online with or doing?
- What would go into recreating that in todays world online?