AMP: Now on WordPress.com

Your sites are about to get even faster on mobile devices: starting today, WordPress.com sites support Accelerated Mobile Pages (AMP) – a new initiative spearheaded by Google to dramatically improve the speed of your pages loading on phones and tablets.

The best part? WordPress.com users don’t need to do a thing. AMP works automatically, loading a lightning-fast version of your posts. This means readers will get your content even faster on mobile when they come to your site from Google search, or news apps like Nuzzel.

You can read more about AMP in the WordPress.com launch announcement.

For VIP customers, the AMP plugin will be automatically enabled for your site. It ships with a minimal default template, and we’ve built in a number of filters so your developers can customize the experience to better match your site—read more in our documentation.

If you’d prefer not to support AMP on your site, you can proactively opt-out by adding the following to your code:

add_filter( 'amp_is_enabled', '__return_false', 100 );

As always, if you have any feedback or bug reports, please open a ticket—or feel free to log them as issues on Github.

Clarification: This is enabled for all non-VIP sites on WordPress.com as of today. We’ll be enabling it for VIPs at the end of next week to give you time to add the filter if needed.

AMP: Ready for Testing

Update: we’ve adjusted our timing and are now planning to enable AMP on WordPress.com near the end of February, to coincide with Google’s release.

A few months ago we announced our participation in the Accelerated Mobile Pages (AMP) project, an exciting new open-source initiative which aims to provide mobile-optimized content that loads instantly, everywhere.

Since then, many of you have been testing the plugin in your local environments (thank you!), and today we’re ready for you to test AMP on your production sites as well, ahead of its official launch on WordPress.com next week near the end of February.

To enable AMP on your WordPress.com VIP site, simply add the following to your functions.php file (customers on our VIP Go platform should add the plugin to their plugins directory):

add_filter( 'amp_is_enabled', '__return_true', 100 );

The plugin ships with a minimal default template, and we’ve built in a number of filters so your developers can customize the experience to better match your site—read more in our documentation.

We’ll be enabling AMP by default for everyone on WordPress.com at the end of February (this does not affect sites on VIP Go); if you’d prefer not to support AMP on your site, you can proactively opt-out by adding the following to your functions.php file:

add_filter( 'amp_is_enabled', '__return_false', 100 );

As always, if you have any feedback or bug reports, please open a ticket—or feel free to log them as issues on Github.

Faster-Loading Images with WebP

As announced today, all WordPress.com VIP sites now support the WebP image format, serving high-quality images with shorter loading times.

We always strive to make your sites run as quickly and smoothly as possible, both on the front end and under the hood. So we’re happy to announce that the WordPress.com image service, which delivers the beautiful images you use in your posts to your site’s visitors, now offers seamless support for the WebP image format.

What does this mean for you and your audience? This new feature provides size reductions of up to 34 percent for served images compared to a JPEG image of an equivalent visual quality level. Your viewers will save a lot of time loading your pages — time they can better spend enjoying the content you publish.

Read more at WordPress.com.

WordPress 4.2.4 Security and Maintenance Release

WordPress 4.2.4 is now available.

For customers hosting on WordPress.com VIP, no action is required. Our team has already updated your sites to the latest version of WordPress.

For our self-hosted customers, this is a security release for all previous versions and we strongly encourage you to update your sites immediately:

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

If you have any questions, please get in touch.

Available for Testing: CSS Minification

Today we’re enabling a new feature for testing which will automatically minify CSS files hosted on your WordPress.com VIP sites. If you’re unfamiliar with the concept, minification helps improve performance on your site by removing unnecessary whitespace and formatting from your code, so your users only download what’s absolutely necessary.

If you’re using our Quickstart development environment, we’ve already enabled CSS minification for you by default.

You can also test it on your production sites by appending ?cssminify=yes to any page. For example, https://lobby.vip.wordpress.com/?cssminify=yes.

We’re planning to enable the feature for all VIP sites in the next couple of weeks, depending on feedback from you—we’ll announce the specific date here once we have that scheduled.

Please test, and if you spot any issues, get in touch!

Lossy Image Compression Now Available

Today we’re introducing a new feature enabling you to optionally compress images on your sites with greater control over quality and file size.

On WordPress.com VIP, we’ve always losslessly compressed your uploaded images—we do some simple processing to trim file sizes and remove bloat while still maintaining the original images’ quality.

However, as we continue to see traffic across the VIP network shift to mobile devices, in an interest to help our publishers reduce page load times we’ve now added options to further optimize file sizes through lossy compression.

Implementation is really straightforward, using this function in your theme (make sure to refer to the canonical documentation, as this may change over time):

wpcom_vip_set_image_quality( $quality, $strip )

$quality can be a value between 0 and 100, where 100 is the original image quality.

$strip refers to meta data embedded in the file, and has the following options:

info: will remove all Exif, IPTC and comment data from the image.
color: will remove any ICC color profiles present in the image.
all: will remove all of the above.

For example, our annual WordPress-themed holiday wallpaper:

At full size, this image is 649k; with strip=all it’s reduced down to 600k, and with quality=80 it shrinks even further to 125k—with only a marginal impact to image quality:

Special thanks to our friends at TechCrunch for helping test this new feature!

Bash Vulnerability Patched

As you may have read, a security vulnerability has been discovered in Bash shell and was disclosed yesterday.

The exploit allows remote code execution in some cases — however, exposure on WordPress.com VIP’s servers was far more limited. Nevertheless, upon learning of the vulnerability, our security team immediately updated any impacted servers to patched versions of the software.

Thank You, Raanan

As a VIP partner, you’ve no doubt interacted at some point with our amazing colleague, Raanan Bar-Cohen — who seven years ago spearheaded the VIP program here at Automattic, and has largely been the “face” of our team over the years.

In case you missed the news, we wanted to share Raanan’s recent announcement that he’s moving on from Automattic, and joining our friends at Resolute Ventures as a General Partner.

In terms of day-to-day operations here at WordPress.com VIP, you won’t notice any changes (in fact, Raanan transitioned to another role at Automattic some time ago) — except maybe some new faces! We’re also excited that Raanan will be staying on as an advisor to Automattic, so he’s not going too far (and will happily take your 3am phone calls if you need help with anything urgent 🙂 ).

If you have any ideas/questions/thoughts about your account or anything else, I lead our VIP team and would be happy to chat — please feel free to get in touch!

Best wishes, Raanan!

Alert: Service Interruption on WordPress.com

Update: this issue affecting image replication on WordPress.com is now resolved. Please get in touch if you continue to see any issues with images loading on your sites.

WordPress.com is currently experiencing a service interruption specific to recently uploaded images — in some cases, these images may not be loading on your site.

We are working on the issue, and will follow up with an update to this post once this issue is resolved.

If you have any questions, please email vip-support@wordpress.com.

WordPress 3.6.1 Maintenance and Security Release

WordPress 3.6.1 was released yesterday and is a maintenance and security update.

For VIPs running on WordPress.com, no action is required. WordPress.com has already been upgraded to the latest and greatest code.

For self-hosted VIPs, this is a security release for all previous versions and you should update your sites immediately, as it addresses 3 issues fixed by the WordPress security team.

You can see the full release notes here. If you have any questions, please get in touch.