Stuart Duff

Super excited about this developer.wordpress.org/news/2026/04/w…

It's here! Responsive controls for the WordPress block editor have arrived in Ollie. 📲 We found an intuitive and unobtrusive way to bring responsive controls to your typography, margin, padding, and alignment styles. Check out the quick demo video. 👉 olliewp.com

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Check out this concept where we're bringing WordPress block editor styles right to your cursor and cutting down on context switching and settings hunting. What do you think? Is this something we should release?

PSA: I just survived the best phishing attempt I've ever seen. A "reporter" at TechCrunch with a 10-year-old account and 9k followers DMed me asking if I'd be interested in giving input to an article that sounded relevant. When I said yes, they sent me to a real cal.com link to book with the name of an actual TC reporter. After booking, I got redirected to another page saying I had to verify myself to complete the booking. The auth request looks somewhat legit, except for a small red note that it's not approved. My spidey sense had been tripped and I realized the domain was sketchy, but if I wasn't on autopilot (or if I was an OpenClaw) I might have easily given them full access to my account. Stay safe out there.

@KatieKeithBarn2 Very cool and I’m so happy to see you’re now getting some great looking results and working projects building with AI with this and your EDD reporting system ❤️

Inspired by yesterday's new sales reports, today I used Claude Code to build a custom reporting dashboard for Google Analytics 4. I can't stand the GA4 interface so this will make things much easier 🚀

It's embarrassing, but I wanted to share how I almost got phished so others can be protected. It was very slick. Thank you to @eastdakota for taking down the phishing site as well. ma.tt/2026/03/gone-a…

@photomatt @MetaPrinxss @eastdakota That's seriously sophisticated, and it's awesome that you caught it just in time. I could see this completely fooling a lot of people due to it being so convincing. Thanks for sharing!

One of my favorite additions in WordPress 7.0 is PHP-only blocks. I put together a quick tutorial to show how they work. 👉 ryanwelcher.com/2026/03/04/php…

PHP-only block registration make.wordpress.org/core/2026/03/0… via @WordPress

Smart Sync saves you tons of times and hundreds of clicks per day by auto applying style changes to dozens of items at once. Get Smart Sync today by becoming an Ollie Pro member! olliewp.com/pro

WordPress.com adds an AI Assistant that can edit, adjust styles, create images, and more | TechCrunch techcrunch.com/2026/02/17/wor…

@automattic's wordpress-agent-skills repo lets you create full WordPress block themes using Claude Cowork, MCP, and WordPress Studio. Here's what happened when I tried it earlier this morning... elliottrichmond.co.uk/wordpress-ai-t…

github.com/WordPress/agen… Agent Skills now have been unified under this WordPress Repo. Feel free to contribute, update and improve! These are some of the most noticeable ways to deeply improve the accuracy of coding agents.

Ready to elevate your plugin game? Discover how to create settings pages that align with WordPress's new admin redesign using DataForm! This article provides a step-by-step guide to leveraging WordPress React components for a seamless user experience. Dive in now: developer.wordpress.org/news/2026/01/h…

Someone rebuilt MTV the way it used to be 😁 wantmymtv.vercel.app/player.html?fb…

Ever wondered how to add interactivity to your WordPress blocks? 🤔 Check out our latest guide on creating a word switcher effect using core WordPress APIs! It's all about enhancing both the editor and visitor experiences without relying on external libraries. Dive in here: developer.wordpress.org/news/2025/12/w…