Stephane Daury (stephdau) 6:23 pm on January 29, 2026  

Hey all. I was wondering…

Hey all. I was wondering if you knew why Claude Code might be getting 403s on core.tracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. and core.svn?

⏺ Fetch(https://core.trac.wordpress.org/ticket/54488)
  ⎿  Error: Request failed with status code 403

⏺ Fetch(https://core.svn.wordpress.org/trunk/wp-load.php)
  ⎿  Error: Request failed with status code 403

⏺ Fetch(https://core.trac.wordpress.org/browser/trunk/CONTRIBUTING.md)
  ⎿  Error: Request failed with status code 403

Doesn’t sound super useful to blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience., since the same code can be accessed on GH:

 ⏺ Fetch(https://github.com/WordPress/wordpress-develop/blob/trunk/CONTRIBUTING.md)                                      
  ⎿  Received 189.1KB (200 OK)

On the other hand, there is no equiv of https://core.trac.wordpress.org/ticket/54488 on GH, so we’re at a loss here.

Erica Varlese 1:26 pm on January 21, 2026
Tags:   

Proxy access follow-up: @evarlese

Hi there! A follow-up to this request: Would it be possible to add the following SSHSSH Secure SHell - a protocol for securely connecting to a remote system in addition to or in place of a password. key as well/instead?

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ/Ji17t0dx9xWFMmvitXfNfyh/Rkocg5ZJe8cu8ZhiKBKG9OLd925oESLBwM5ZxKmY5Czu7OSU0j1+rJxXXY20= AutoProxxy/H3XYCJCF2K

For context, the tools I was previously using to manage proxy stopped working for me. Let me know if there’s anything else you might need or if there’s any trouble. Thank you!

Profile: https://profiles.wordpress.org/evarlese/

#proxy

Dion Hulse 1:45 am on November 21, 2025
Tags: ,   

Proxy Access: @evarlese

Can @evarlese please be granted WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ proxy access, this is for her sponsored work on WordCamps / Campus Connect.

SSHSSH Secure SHell - a protocol for securely connecting to a remote system in addition to or in place of a password. Key:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+F2x+cK6e+98TMRRp7A7QXLJUbD/UfdpxKGkllkUIw evarlese@chat.wordpress.org

Profile: https://profiles.wordpress.org/evarlese/

#prio1 #proxy

Jonathan Desrosiers 3:24 pm on November 12, 2025
Tags:   

Flawed 6.9 branch history for wordpress-develop Git mirrors

After the 6.9 RC1 release was successfully published, the 6.9 branch was created. However, there were a few missteps.

The first attempt to branch in [61215] copied trunk to the top level of the repository. This was reverted in [61218].

The second attempt to branch in [61219] copied the branches folder into branches/6.9. This was reverted in [61220] with a branch deletion.

The third attempt to branch in [61221] appeared to work successfully from an SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. perspective. On GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ however, the wordpress-develop mirror shows that the branch is “8697 commits ahead of and 4 commits behind trunk“.

This seems to be caused by the fact that the scripts responsible for syncing the SVN repository to the GitGit Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. Most modern plugin and theme development is being done with this version control system. https://git-scm.com/. mirrors did not perform a proper deletion of the branch in Git for the develop.git.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ mirror. I’ve confirmed this by running the following on a develop.git.wordpress.org checkout: git rev-list --count HEAD..6.9 (prints 8697).

    Is it possible to correct this, perhaps by properly deleting the branch in Git and re-syncing the mirrors so that the 6.9 branch is created cleanly starting with [61221]? Another possible option could be to perform two manual commits to the Git mirror that takes the same steps that [61219-61220] did for SVN (deletes the branch, properly creates the branch).

    While this will likely result in changes to the commit hashes, this seems like a fair trade off considering it just happened for the sake of an accurate history in version control. Any actions taken should not impact the RC1 release in any way because that was published from [61213] in trunk, and the post release version bump commit ([61214]) occurred before the first branching attempt in [61215].

    Possibly relevant: The post-receive hook on develop.git.wordpress.org is as follows: git push --mirror github-wp-develop:WordPress/wordpress-develop.git (note the absence of a --force flag).

    If necessary, guidance can be published to the Make WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. blog for anyone who has synced their fork in the last 24 hours.

    #prio1
    Dion Hulse 4:03 am on October 31, 2025
    Tags: , ,   

    WordCamp IPv6 not using LE SSL certs.

    This is causing old links to WordCamps to be inaccessible.

    Looks like it needs the IPv6 listeners added in dehydrated-wc-certs.sh.

    $ curl -Isv https://2019.atlanta.wordcamp.org/ -6 2>&1 | grep -E '(Connected|subject)'
* Connected to 2019.atlanta.wordcamp.org (2607:f978:5:8002::c68f:a46a) port 443 (#0)
*  subject: CN=wordcamp.org
*  subjectAltName does not match 2019.atlanta.wordcamp.org
* SSL: no alternative certificate subject name matches target host name '2019.atlanta.wordcamp.org'

    verses:

    $ curl -Isv https://2019.atlanta.wordcamp.org/ -4 2>&1 | grep -E '(Connected|subject)'
* Connected to 2019.atlanta.wordcamp.org (198.143.164.106) port 443 (#0)
*  subject: CN=atlanta.wordcamp.org
*  subjectAltName: host "2019.atlanta.wordcamp.org" matched cert's "2019.atlanta.wordcamp.org"

    Props @desrosj for the notification

    #prio1 #wordcamp #ipv6

    Dion Hulse 11:41 pm on October 27, 2025
    Tags: , mercantile,   

    SMTP access for Mercantile.

    Mercantile.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ is hosted on WordPress.comWordPress.com An online implementation of WordPress code that lets you immediately access a new WordPress environment to publish your content. WordPress.com is a private company owned by Automattic that hosts the largest multisite in the world. This is arguably the best place to start blogging if you have never touched WordPress before. https://wordpress.com/ VIP. Currently it’s configured to use mercantile@wordpress.org as the sender email address.

    That’s failing the SPF/DMARC rules, as WordPress.org doesn’t have WP.com VIP setup as valid sender. Additionally, WP.com VIP is not attempting to sign the emails either.

    Previously, it looks like mercantile used xxx@mercantile.wordpress.org as the sender via sendgrid, which is no longer configured.

    Outgoing emails from Mercantile are being rejected by anything that verifies DMARC rules, which includes emails to Automattic and WordPress.org (The notifications from WooCommerce to mercantile@ are rejected, and then the undeliverable email notification is delivered to mercantile@…).

    The simplest method forward appears to be to re-enable a SMTP pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, and have it send via mail.wordpress.org

    • Can I get a SMTP account setup for mercantile?
    • If so; We can remove the unused TXT on mercantile.wordpress.org. and _dmarc.mercantile.wordpress.org
    • If not; We’ll need to look at getting sendgrid setup again, which requires a manual human account approval on their side as they need to verify identity and domain access.

    #prio1 #mercantile #email

    Dion Hulse 11:51 pm on September 10, 2025
    Tags: ,   

    Domain forwarding: `wordpress.{ong,ngo}` => foundation donations

    Can we please set up these two domains to redirect to https://wordpressfoundation.org/donate/?

    These are both on WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ nameservers (The .ngo isn’t configured there, but it is upstream), and currently have no A records.

    Per MarkMonitor, this is required to be compliant with the domain registration rules.

    #prio1 #domains

    Dion Hulse 12:14 am on August 5, 2025
    Tags: ,   

    Download Counters broken after caching change.

    Per notification on slack: https://wordpress.slack.com/archives/G02QCEMRY/p1753941908647599 (Private dotorg channel)

    The fix for https://make.wordpress.org/systems/?p=2673 has caused the download counters to not count, as X-Accel-Redirect locations are now being followed/stored in the same cache keys. Causing future requests to a ZIP to be cached.

    See above slackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. message for more context from myself as to why I blamed that change.

    This has caused the Download Counters for CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress./Plugins/Themes/Translations to cease counting when a ZIP is being heavily downloaded (ie. During updates).

    This also has caused any custom headers from PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. to be dropped on requests with X-Accel-Redirect, which may be causing some issues for Playground.

    $ curl -Is ‘https://downloads.wordpress.org/plugin/ai-services.0.7.0.zip’ | grep -E ‘^(HTTP|X-|Content-Disposition)’
    HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands./1.1 200 OK
    Content-Disposition: attachment; filename=ai-services.0.7.0.zip
    X-nc: MISS ord 8

    $ curl -Is ‘https://downloads.wordpress.org/plugin/ai-services.0.7.0.zip’ | grep -E ‘^(HTTP|X-|Content-Disposition)’
    HTTP/1.1 200 OK
    X-nc: HIT ord 8

    (Note the lack of Content-Disposition on the second request that hit a cache)

    Realised through slack ping about downloads chart not updating: https://wordpress.slack.com/archives/C1LBM36LC/p1753939138451079

    #prio1 #downloads

    Dion Hulse 4:11 am on July 17, 2025
    Tags: munin,   

    Hosts missing from Munin

    Multiple hosts are not reporting to munin: https://munin-ord.wordpress.org/regex/#/(cpu(?!s)|load)

    • lb{4,5,6,7}.ord
    • db4.api.ord
    • db4.ord
    • web6.api (missing)
    • web{7,8,10}.api (not reporting)

    Additionally, some DB hosts are not reporting mysqlMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/. activity https://munin-ord.wordpress.org/regex/#/db.+(mysql|cpu(?!s)|load)

    • db3.api.ord
    • db2.stats.ord – Appears to maybe be monitoring the :3306 instance, :3307 is the heavier loaded instance.. this has been an issue forever.

    cc @aidvu since It appears the missing nodes may from the the host reloads you did

    (Reported on slackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/.; creating post here for tracking purposes)

    #prio2 #munin