Security: 2-Step Authentication Required for SVN Access

In an effort to improve security across VIP sites, we are now requiring any VIP users requesting SVN access to enable 2-Step Authentication for their account. Users who already have SVN access will soon be required to turn on 2-Step for better security as well.

enterverificationcode

The update to our existing SVN tool to require 2-Step was completed during our 2013 VIP Developer Meetup by Paul Gibbs, Alison Barrett and Prasath Nadarajah. Also during the meetup, Mo Jangda and Josh Betz worked on fixing 2-Step Authentication bugs to make sure your login experience is as seamless as possible.

Update to SVN Access Widget: My Themes

SVN Access Widget

We’ve pushed an update to the “SVN Access” widget in the VIP Dashboard for each site to include a list of all the SVN repositories that you currently have access to, including a handy link to each repo.

If you’ve never seen the SVN Access widget before, check it out! It’s a great way to keep an eye on who currently has access to your code. We highly recommend doing a routine audit (at least once a month) of this list. Find someone who shouldn’t have access? Just send in a request and we can help you remove them.

Automatic Deploys For CSS and Images

For all themes running on WordPress.com VIP, we review changes for performance, security, and best practices to make sure your sites are the best they can be. We have an internal goal to deploy all commits within two hours and our track record is pretty good. Roughly 90% of commits are deployed within that two-hour time frame and we think we can do even better.

Last Wednesday, as one of our meetup projects, we enabled auto-deploy for commits that consist entirely of static CSS or image files. If there are no other pending deploys for your theme, your CSS design changes and image commits will now be deployed almost immediately.   No more waiting for us to review and deploy for you.

We hope that you and your designers enjoy these speedier deploys.  We are looking into ways of expanding this “auto-deploy” functionality to other file types in the future without compromising security, performance, or functionality of your site. Let us know what you think about this feature by leaving a comment on this post.