Can be upgraded to use http/2?

Alternatively, can we get gzip enabled?


Hello, can someone please change…

Hello, can someone please change the redirect for * from to Thanks!

Meta ticket: #2029-meta

#prio3 #trac

Caching Tagregator requests on

I’d like to get some form of network-layer caching of GET requests to **. Cached responses would need to expire after 30 seconds.

This is part of the solution to the problem we ran into at WCUS last year. Is that possible?

I’d also like to run a stress test to make sure we can handle the expected traffic for this year. Are you able to assist with that?


Visibility into mail failures

Right now I’m blind to any errors that occur with messages sent from the web server. This week there was a Core bug that resulted in many (most?) messages being rejected by the receiving MTA, but I didn’t know for several days, until the reports started coming in from users and the Core bug was discovered.

I think two things would help resolve this, but I’m open to whatever suggestions you have.

1) Set the Envelope-FROM to instead of I’ve already setup the address.
2) Grant read access to mail.* in the logs directory

Thanks! #email #logs #prio2

Low prio request: Can we…

Low prio request: Can we prevent direct access to PHP files in the wp-content directory?

I originally noticed this for @dd32 suggested to return “a 403 for ^$ but the rest of could benefit of the same restriction.


Please create a sandbox for…

Please create a sandbox for @gibrown and give him commit to the meta repository. He will be assisting with Elasticsearch in the plugin directory. You can re-use his Automattic SSH key.


There’s a virus message on…

There’s a virus message on the wp-testers mailing list archive.


Low priority It looks like https security wordpress…

(Low-priority) It looks like doesn’t act the same as

http: (note: p2 automatically https’s the below urls, edit post to see raw)
$ curl -IL | grep Location


  • invalid cert (multipattern)
  • redirect to default cpanel URL

The URL is used as a shorthand in some documentation AFAIK, mentioned to me by @netweb who uses HTTPS Everywhere which triggered this.


#1641meta has pointed out that plugins trac wordpress…

#1641meta has pointed out that is missing ~8400 changesets.

Can we do something to import those missing changesets? As we’re running Trac with explicit synchronization, I think it might just be a case of running trac-admin changeset added for each of the missing revisions.

#plugins-trac, #trac

I have an nginx fix for a fun…

I have an nginx fix for a fun issue that’s breaking Jetpack integration. isn’t being rewritten to /xmlrpc.php because /support/xmlrpc.php exists (it’s a bbPress file). /support/ is a physical directory that is bypassed for all subdomains, which means we end up rewriting it to index.php and thus a 404 results.

The simple fix appears to be this:

	# needs to hit /xmlrpc.php.
	# Without this, it targets /support/xmlrpc.php (a bbPress file)
	# which is then denied and we end up with a 404.
	location ~ /xmlrpc\.php(?:/|$) {
		include conf.d/php-config;
		rewrite ^ /xmlrpc.php break;

This should go into conf.d/ around line 60. I’m happy to commit this but I wanted review first.