What’s New With Kernl – July 2018

I hope everyone in the northern hemisphere is enjoying their summer and for those of you in the southern hemisphere, stay warm! It was a nice month for Kernl with lots of good structural changes and a few new features rolled out.

  • SendOwl Integration – If you use SendOwl to distribute your plugin or theme you can now validate license keys with Kernl. This means that every time a customer checks to see if an update is available Kernl will first validate their SendOwl license.
  • Analytics Aggregate Data – Kernl Analytics now uses aggregate data to populate charts. This means that charts load instantly versus taking a few seconds as they did before. This was a big change and enables us to do neat things in the future like calculating changes over time.
  • Analytics Domains – In addition to using aggregate data to populate charts Kernl Analytics now has improved domain list support. Data is properly paginated, populated via aggregates for speed, and searchable.
  • Version Number Improvements – Kernl now supports version numbers such as 10.2.2-alpha or 9.2.1-beta. Previously the alpha|beta tags at the end were not supported.
  • Download Graph Bug Fix – A customer reported that the download chart in the plugin/theme detail pages weren’t quite right. This bug has been fixed.
  • License Management  – The license management page was occasionally showing duplicates. This bug has been fixed.

Thats it for this month!



What’s New With Kernl – June 2018

It’s been a great month for Kernl! Lots of new features, some bug fixes, and few updates to the license checking on the plugin and theme update checker files. Lets dive in!


  • Gumroad License Validation – You can now use Kernl to validate your Gumroad licenses! This can be enabled for plugins or themes by going to the product edit screen, clicking the “License Management” tab, and then selecting “Validate Gumroad License?” at the bottom.
  • Kernl Referral Program – Kernl has a referral program. For every 3 referrals you send us we’ll give you a free month. Customers signing up with your referral code get their first 3 months free.
  • Restrict Updates to a Maximum Version – If you use Kernl’s license management you can now restrict update availability to a maximum version. For example if the current version of your product was 1.5.0 and you gave the user a license for < 1.6.0, then they would receive updates all the way through 1.5.X. This is a great way to drive more sales of your product!
  • Plugin/Theme PHP Update Check Files – The license error display behavior of these files has been greatly improved. The error dismisses when it’s supposed to, only shows up on the updates and plugin|theme page, and the license error message can now be customized. It is highly recommended that you update. The file is also versioned now so knowing when to update in the future will be much easier.


  • Purchase Code Deprecation – Kernl’s old purchase code frontend interface has been hidden behind a feature flag. The goal is the have the old purchase code functionality completely removed by the end of July.
  • Copy Versions from Product to Product – To support special development styles, you can move versions of a product to another product. This is inherently dangerous and only toggled on for the person who requested it. If you think this might be useful please reach out to jack@kernl.us.
  • You can now easily click to a customer’s page from the License Management page.
  • A bug was fixed where the customer filter would stay set even after you had navigated away from that page.
  • Numerous copy changes were made on the License Management page and on the marketing site.
  • Some feature flags were removed from features that have proved to be stable.
  • The main route for plugin update checks (also the highest traffic route on Kernl) was refactored to use async/await instead of promise chains. This makes it much easier to maintain and improve.

Kernl Now Supports Gumroad License Validation

If you use Gumroad to sell your WordPress plugins or themes you can now use Kernl to validate those licenses before new updates are made available.

How does it work?

When you create a plugin/theme in Kernl you can select the “Validate Gumroad License?” checkbox and fill out the “Gumroad Product Permalink” field. With those two fields completed Kernl will validate the license code passed into the Kernl via the update checker against Gumroad’s public license API. If the license code passes validation Kernl will allow the update to proceed.

That’s all there is to it! If you need any help getting things set up reach out to jack@kernl.us.

License Management Update: Limit Updates to Specific Version

Kernl WordPress license management now allows you to limit updates up to a specific version.

How it Works

Assuming that you already use Kernl’s license management, go to the License Management area of Kernl. Once there add or edit a license.

Now you can fill in the “Max Update Version” field. This field can simply be described as “the version of your product which requires a customer to buy a new license”. For example:

  • Customer A bought a license with “Max Update Version” set to 2.0.0. The product was at version 1.7.0 at the time of purchase. Over the next few months you release 1.8.0, 1.9.0, 1.9.1, 2.0.0, 2.0.1. Customer A only receives product update versions 1.8.0, 1.9.0, and 1.9.1.

Why should I use this?

Drive. More. Sales. This new feature allows you to be extremely granular about what updates a specific customer receives. We also made updates to plugin_update_check.php and theme_update_check.php that allow you to customize the invalid/expired license message. We strongly believe that this combination of better license expiration messages and limiting through specific update version can be instrumental in helping you drive more sales.

Introducing the Kernl Referral Program

For most of Kernl’s life our best channel for adding new customers has been word-of-mouth referrals and now you can be rewarded for referring new customers!

How It Works

When you go to your Kernl profile you’ll see a new section called “Referrals”.

It briefly explains how the Kernl referral program works, gives you your referral link, tells you how many referrals you’ve made, and how many free months you’ve earned.


The rewards for the Kernl referral program are as follows:

  • For the referrer: Every 3 customers you refer to Kernl earn you one free month. No restrictions on plan or usage. There is a max of 24 referrals. If you somehow manage to bump in to this restriction, shoot us an email and we’ll work with you. 🙂
  • For the new customer: By using your referral code they earn 3 free months of Kernl (instead of the usual 30 day free trial).

That’s it! Kernl’s referral program is intentionally simple. Thanks to everyone who spreads the word about Kernl. The more customers we have the better we become.

What’s New With Kernl – May 2018

Welcome to May! Lets go ahead and dive right in.

  • Data Export – You can now export (most) of your Kernl data. To export your data, log in to Kernl, go to your profile, and scroll down to the “Export My Data” button.
  • Node.js Upgraded – Kernl has been updated to use the latest LTS version of Node.js. We are now on 8.11.1.
  • Kernl Analytics Hardware Upgraded – Kernl analytics sees a lot of traffic on a daily basis. As that number continued to grow we were seeing some resource contention issues during peak periods. We were able to mitigate all resource issues by upgrading our hardware from a single vCPU setup to a three vCPU setup.
  • https://kernl.us/wordpress-installation-statistics – Check out our new public WordPress installation statistics page! Most of this information is readily available on WordPress.org, but Kernl’s data is interesting because it only includes data points from websites that purchase plugins or themes. The data is also available via our API for public consumption.

Thats it for this month! I hope everyone in the northern hemisphere is enjoying the start of summer.

Tips to Keep a WordPress Site Safe

If you want to get a website developed for your business you should definitely take a look at WordPress. It can be considered one of the most convenient methods available for getting a website up and running. But when you are building your website with WordPress, you should never overlook security.

When you are done with creating your website you are open to a whole world. If you have not integrated the necessary security precautions your website might face some serious security issues. Your website might contain sensitive data like; customers credit card details and personal details. Therefore, if you have not taken precautions, you and your customers may be exposed to a considerable risk of being hacked.

Once a hacker gets into your website they can not only steal your information but also destroy all the information of your website. The most dangerous part of such destruction is you can never undo such disastrous act. Therefore it is your duty to take the necessary precautions to discourage hackers and keep your data safe and let the business continue to run smoothly.

Below are some security precautions you can think consider for your website. By taking these steps you can help seriously reduce the chance that you’ll get hacked.

1.  Stay Updated

Be aware of the latest threats in the digital world. You should at least know the basic information of the possible threats and which will help you decide what  precautions you should take. There are few websites which can assist you to get up to date information. You can take a look at those websites and then you will be able to stay updated with ease.

2.  Lock Down Your Access Control

Make sure that your basic precautions are tough enough to discourage a hacker. Never use easy-to-guess passwords and usernames. It is much better if you change the default database prefix from wp to a harder and more random prefix. You can even limit login attempts. If there is more than one user on your WordPress website, you need to introduce strong security policies for all of those users. Following these precautions can give you the peace of mind of knowing that your website cannot be hacked by guessing the password.

3.  Software updates are crucial

It is important to update your software regularly. Do not neglect the updates. What if the most recent update is about security vulnerability and you have neglected it? Hackers are quick to become familiar with security issues in WordPress, so take advantage of the security updates that WordPress provides. Ideally you should automatically install all core WordPress updates.

4.  Install Security Ninja

If you’re wondering how to keep your WordPress site safe, you must take a look at the security plugins available as well. That’s where Security Ninja comes into play. It is one of the best and most popular security plugins available WordPress users. Security Ninja makes it easy to secure your WordPress site.

Security Ninja only takes a minute to scan your whole site for security issues and then helps you deal with them one by one. Easy and efficient!

WP Security Ninja

5.  Maintain a strong network security system

You should pay a good attention to the security your network. You never know if users in your office inadvertently provide easy access to your servers. Therefore, make sure that you have taken action to:

  • Expire user logins after a short idle period
  • Frequently change the passwords
  • Use strong passwords and never write them down.
  • Scan all the peripherals whenever you use them with the computer

6.  Try a Web Application Firewall (WAF)

WAF can be software, hardware or can be a combination of both. It stands between your web server and the data connection to read each and every bit of data transmitted. WAFs have the ability of blocking malicious accesses and hacking attempts to provide you the peace in mind. There are some built-in firewall options available in WordPress for you to try out. You can take a look at them as well. 

Again, we advise checking the Security Ninja PRO plugins which now feature a Cloud Firewall that will protect you.

7.  Install security applications

Although not affective as WAF’s, security applications can make hacking attempts difficult to a certain extent. There are free and paid applications available to download. These are good in preventing automated hacking attempts

8.  Use SSL

You have the option of using an encrypted SSL protocol when transferring your users’ sensitive data. In fact, this can protect your information from being read by unauthorized persons. Setting up SSL with WordPress is pretty easy and should be considered an important step in securing any WordPress installation.

9.  Backing up

Last but not least, you should back up your website’s data both online and offline very often. This will be useful if any damage is caused to your website. Use an automated backup system to backup the website multiple times a day.

Introducing the Kernl WordPress Statistics Page

On an average day Kernl handles around 2 million requests from 135,000 unique domains. Our analytics offering lets you use this data to make better product development decisions, but there is also a more holistic view of the Kernl and WordPress ecosystem to be had. I’d like to introduce to you the Kernl WordPress Statistics page!

What is it?

The statistics page gives you a high level overview of Kernl ecosystem. This is a subset of the overall WordPress ecosystem with the important distinction that every domain represented has paid for a plugin or theme. It includes information around WordPress versions, PHP versions, and the language that the site is in.

Kernl WordPress Statistic Image



There are a lot of neat visualizations that you could make with this data over time, so the API is exposed and can be used by anyone. Check out the Kernl API documentation to get started. No authentication required.

Awesome! Where do I go to see this in action?

Check out https://kernl.us/wordpress-installation-statistics , or go to the Kernl homepage and scroll all the way to the bottom.

What’s New With Kernl – April 2018

Welcome to April! It was fairly light month for Kernl feature-wise as we’ve been spending more of our efforts on marketing and advertising. We did manage to get a few things done, so lets get in to it!

Features & Bug Fixes

Plugin Update Icons – You can now set the icon that shows up in the WordPress update dashboard! No more gray power outlet icon! To set it, go to your plugin -> edit -> meta and then upload an image.

Multi-Subscription Bug – It was possible (although hard) to get your account into a state where you had multiple Kernl subscriptions assigned to it. This has been resolved. If you notice this happening to you on your invoice, please reach out to jack@kernl.us.

Upgrade to Node.js 8.10.0 – Kernl is now run on the latest LTS version of Node.js. Performance and security updates were part of the upgrade.

Envato License Check Bug – There were certain situations where the Envato license check functionality wasn’t working. This has been resolved.

Blog Post – A new blog post about how I develop features for Kernl.us

How I Develop Features for Kernl.us

A little over 2 years ago I started a tiny side project called Kernl to scratch an itch, solve a problem, and learn some new technologies. It has been successful beyond anything I could have imagined and I’ve learned a ton of new things along the way. One of those things is how to ship new features to customers quickly, safely, and with the commitment to stability and performance that my customers have come to expect.

The full process for developing features on Kernl touches a lot of different areas: Customer Support, Product Management, Software Development, and Marketing. It’s taken me some time to figure out a good process for all of these things, so I’m sharing my learnings in hope that it helps someone out.


Kernl isn’t that big. Honestly, it isn’t big at all compared to the likes of Facebook, Instagram, Google, etc. But Kernl isn’t small either. It’s just big enough that I have to worry about scale, availability, and consequences to the WordPress sites that it interacts with on a daily basis should it go down.

Kernl Scale Google Analytics Image

Remember how I said Kernl was a tiny side project when it started? Well it was developed that way too originally: A full-stack monolith on a single $5 DigitalOcean droplet. As time went on and Kernl grew I eventually split everything up and landed at a highly available setup that can scale horizontally, but I got some scars along the way. Those scars taught me two things:

  1. Your customers don’t care why you went down.
  2. Don’t take unnecessary risks.

With those two things in mind, I organically grew into a process that helps release features slowly, gather feedback from targeted customers, and then release it into the wild.

Customer First Development

Kernl has a backlog of about 200 items that should probably get developed in the future. There is a constant stream of new ideas that get added to backlog, sorted, and filed for later. But the one thing that always makes it to the very top of the backlog is a customer feature request.

Kernl Trello Board with Backlog

When a customer feature request comes in, the first thing I do is try to figure out what exactly it is they are requesting. Once I have an OK handle on that, I respond to the customer and explain what I think they are asking for. This helps me clarify the requirements and solidify my understanding of the feature.

Once I’ve got a handle on what they’re asking for I take a few moments and decide not only if I can implement this feature, but also if I should implement the feature. As I don’t yet work on Kernl full-time, the hour (or less!) that I spend working on it every night is precious. If I don’t think that the return on a feature is going to be high enough I often have to turn it down. Most of the time though feature requests are reasonable 4-5 hour projects and I’m happy to implement them.

Developing for Safety

I have an extremely low risk tolerance when it comes to Kernl. One of the things I like about Kernl is that I can leave it alone for a few days and be confident that it won’t have exploded while I’m gone. Every feature I develop for Kernl has the potential to ruin my confidence in it, so I’m very careful about how I do things.

The first step I take is to always create a feature branch. This may seem like a no-brainer to most software developers, but I have very unpleasant memories from 10 years ago before I realized how stupid it was to always develop directly on master. Once I have a branch created I get to work. If the code I’m writing is in one of the critical high traffic paths I’ll do proper TDD because it helps give me confidence that I’m not going to get woken up at 2am because of a coding mistake. If the code is not in the critical path I’ll generally write the tests afterwards or as I go along. The coverage is still good and meaningful, but development tends to be a bit quicker for me this way.

Once the feature is mostly complete, I wrap it in a feature flag so that I can easily toggle it on and off when I need to. If you aren’t familiar with feature flagging, its a process that allows you to decouple feature releases from code releases. For Kernl, I dogfood and use Kernl’s feature flag infrastructure to toggle features on specifically for the customer who requested it.

Kernl Feature Flag Overview

The Slow Release

As I mentioned above, using Kernl’s feature flagging I can be extremely choosey about who sees a new feature. The first thing that I do once I deploy a new feature is toggle it on for myself. After I’ve taken some time to test it out and verify the functionality I’ll toggle the feature on for the customer who requested it.

One of the great things about having developers as your main customer base is that they’re often very happy to help shake out features (especially when they requested it!). If the customer doesn’t find any bugs over the course of a few days and I’m satisfied that feature won’t cause any trouble, I change the feature toggle to a simple on/off toggle and leave it on for everyone.

The best part about this approach to development is that it gives me peace of mind. If I start getting notified in the middle of the night that the new feature I just released is acting up, I can just log in to Kernl, disable the feature flag, and go back to bed. Obviously this doesn’t work if the offending code is in the feature flag area, but most of the time its a non-issue.

Basic Marketing

As a developer it took me awhile to realize something about releasing new features: People won’t notice them unless you market them. After learning that hard lesson, every new feature that Kernl gets also receives a simple blog post, Twitter message, and marketing email. I personally believe that every new feature should be celebrated and I’ve found that generally customers are happy to see active development happening on a product that they’re paying for.

Sendgrid Marketing Campaigns

Kernl customers don’t log in to the product every day. Ideally they have WordPress continuous deployment set up so they only need log in to setup a new product, so chances of them noticing a new feature just by usage are small. Because of this usage pattern basic marketing is essential for existing Kernl customers so they know what’s new.

While this full process can seem a little bit heavy for a side-project, when you have a bunch of paying customers who rely on you for a critical piece of their product you have to be careful.