WordPress and related ecosystem
View All Tags
WordPress offers two distinct preview systems: the Customizer's device preview and the Block Editor's "Preview in new tab" dropdown. Both are extensible, but they require completely different approaches. I dug into both.
Drupal 11 ships with jQuery 4. jQuery 4 removes $.type(). Slick Carousel uses $.type(). The result is a fatal JavaScript error that kills every carousel on the page. I tracked down the exact failure chain and the fix.
PHP 8.4 introduces stricter type and error handling, converting many E_WARNING messages into hard-throwing TypeError and ArgumentCountError exceptions. I built this playbook for identifying potential issues and mitigating them before upgrading.
I built a WordPress 7.0 compatibility scanner CLI that detects deprecated editor integrations and iframe-unsafe code patterns in plugins/themes. It gives rule IDs, migration replacements, and CI exit codes so teams can block risky code before release windows.
I built a WordPress plugin that adds wp wordfence-audit plugins and flags installed plugins that match vulnerability signals from the current Wordfence blog RSS feed. The goal is quick triage from existing RSS workflows, not replacing full vulnerability databases.
I shipped an OpenAI o3-mini planner for my Drupal CMS 2 AI agent and kept a local rule-based fallback, because Drupal's 2026 AI direction is clear: intelligent automation is coming fast, but production teams still need predictable behavior when external AI calls fail.
If you want your WordPress content to appear in AI-generated answers, prioritize this sequence: answer-first writing, schema accuracy, clean crawl controls, maintained plugins, and weekly validation in Search Console/Bing Webmaster Tools. As of February 17, 2026, this is practical on WordPress 6.9.1 and should be treated as an operational SEO workflow, not a one-time checklist.
Drupal 11.1 does not break public APIs, but custom entity code can still break during upgrades because entity type definitions moved to attributes, some entity-related routes are deprecated for Drupal 12, and entity reference formatter output changed in access-sensitive contexts. If you maintain custom entities, treat Drupal 11.1 as a migration checkpoint, not just a patch-level bump.
If your team is still on Drupal 10.4.x, treat Drupal 11 migration as active incident prevention, not roadmap hygiene: Drupal.org now flags 10.4.x security support as ended, and current supported lines are newer. The fastest safe path is to clear the high-impact change records first, then move to supported 10.5/10.6 and 11.x targets in one controlled sequence.
WowRevenue versions up to 2.1.3 can expose a high-risk path when authenticated low-privilege users can reach plugin installation or activation logic through AJAX handlers without strict capability checks. The practical fix is to enforce current_user_can('install_plugins') or current_user_can('activate_plugins') at handler entry and keep nonce checks as anti-CSRF only.
Pantheon reporting "All Systems Operational" is a good signal, but it is not a deploy approval by itself. I treat platform status as one input in a release gate that also checks app health, migration safety, and rollback readiness.
I shipped a release-audit tool for security_advisories_nl because release news, vulnerability records, and platform status pages are noisy unless you convert them into a clear adopt-or-wait decision.
I shipped a Drupal 10/11-safe Pathauto delete action because alias cleanup is exactly the kind of workflow that quietly breaks during major-version transitions.
I built Project Context Connector, a Drupal module that makes site configuration programmatically accessible to AI agents, automation scripts, and monitoring tools through multiple interfaces including native Model Context Protocol support.
Every AI coding tool has its own config format for MCP servers. Claude uses JSON, Codex uses TOML, Gemini uses a different JSON schema. Setting up the same 18 servers across all three means editing three files, remembering three formats, and hoping you didn't typo a credential. I built mcp-web-setup to do it once.
LLM prompts are full of repeated English grammar. Every "If a module exists, then recommend it. Do NOT reinvent the wheel." burns tokens on words the model already understands. I built CPF (Compact Prompt Format) to replace that grammar with operators and abbreviations that LLMs decode natively — cutting token costs by 30-50% with zero runtime dependencies.
Drupal is finally moving project issue management from the custom-built Drupal.org queue to GitLab issues. This is one of the biggest infrastructure shifts the project has made in years, and it was overdue.
Upgrading Drupal Commerce from 3.2 to 3.3 can take a healthy site straight to WSOD, and that is exactly the kind of release risk you need to pre-plan for.
The biggest takeaway: serving Sa11y CSS/JS locally in Drupal gives you more predictable accessibility checks, especially when external asset delivery is unreliable or restricted.
Dries Buytaert, the founder of Drupal, recently addressed a growing problem: AI-generated contributions are flooding open-source projects with low-value reports and patches that lack expertise. The human bottleneck — the reviewer — becomes the point of failure for the entire ecosystem.