WordPress Planet

November 18, 2017

WPTavern: GitHub Launches Security Alerts for JavaScript and Ruby Projects, Python Support Coming in 2018

Last month GitHub launched its Dependency Graph feature that tracks a repository’s dependencies and sub-dependencies under the Insights tab. This week the company rolled out an expansion of the feature and will now identify known vulnerabilities and send notifications with suggested fixes from the GitHub community.

Dependency graphs and security alerts are automatically enabled for public repositories, provided the repository owner has defined the dependencies in one of the supported manifest file types, such as package.json or Gemfile. (Private repo owners have to opt in.) The vulnerability alerts are not public – they will only be shown to those who have been granted access to the vulnerability alerts.

GitHub uses data from the National Vulnerability Database to alert repository owners about publicly disclosed vulnerabilities that have CVE IDs. Vulnerability detection is currently limited to JavaScript and Ruby projects but Python support is next on the roadmap for 2018. PHP, which is a bet less widely used in projects on GitHub, is likely further down the list.

by Sarah Gooding at November 18, 2017 12:25 AM under security

November 17, 2017

WPTavern: WordCamp Europe 2018 Speaker Applications Now Open

WordCamp Europe 2018 has opened the call for speakers and will be accepting applications through January 15. The organizing team recommends that speakers already have some experience ahead of applying to speak at the largest WordPress event in Europe, but a dedicated Content Team will also be available with resources for helping speakers create a successful presentation.

The 2017 event received a total of 235 speaker applications and 43 were selected for the main event. Organizers plan to stick to the same format and are calling for 40-minute talks (30 min + 10 min Q&A) as well as 10-minute lightning talks. This year the event will experiment with hosting community workshops and organizers plan to open a separate call for workshop leaders next week.

The Content Team put out a specific call for more technical talks at the 2018 event after a community survey showed that more developer-oriented talks are what the audience is looking for. More than half of those surveyed identified themselves as developers (54%), with business owners (12%) the next largest demographic.

The survey also showed that 37% of respondents have been working with WordPress for more than 9 years and roughly 90% of attendees have been using WordPress for 4-9+ years. Advanced development was the most highly requested topic for presentations, selected by 53% of respondents, followed by design (45%).

The survey results offer some insight about which topics might fare well at WCEU in 2018. Organizers have also compiled an extensive list of ideas and topics to inspire speaker applicants.

A batch of 1,000 Early Bird tickets recently went on sale and there are still 680 available. Attendees who purchase a ticket before December 31, 2017, will receive a limited-edition swag item. The organizing team plans to release tickets in batches, as in previous years, but will not be setting specific expectations on sales this year, according to PR representative Letizia Barbi. The Sava Center venue, an international congress and cultural center, is the largest audience hall in Serbia and will accommodate all who want to attend WCEU 2018. Barbi said it should also scale down nicely in case of a smaller turn out.

by Sarah Gooding at November 17, 2017 07:19 PM under WordCamp Europe

WPTavern: WooCommerce Explores the Possibilities and Challenges for E-Commerce in the Gutenberg Era

The next release of WordPress (5.0) will introduce the new Gutenberg editor and contributors plan to keep it rolling towards the eventual goal of providing a full site building experience. Nearly every WordPress theme and plugin developer will be impacted by the change and many are starting to look ahead to how their products may interact with Gutenberg in the future.

What will e-commerce look like in the Gutenberg era? The WooCommerce design team has published a preview of some of their “Wootenberg” experiments, along with a gif demonstrating what a block-based editing experience may look like in the context of working with products. The team sees a lot of potential for putting the power of visual product editing into the hands of users.

The example shows a quick exploration of page layout with product blocks and the team also posted an idea of what basic product authoring may look like with a predefined product template that includes the featured image, product title, description, and price as new Gutenberg blocks. But will it be possible to have complex product creation fit into a block-based editor? The WooCommerce team admits in the post that they don’t yet know how this will work.

“One thing that isn’t yet 100% clear is how complex plugins like WooCommerce will work with Gutenberg,” Automattic designer/developer James Koster said. “A simple product with a description, a price, and a category is one thing. But a product with variations, for each of which you want to upload a different image, and need to manage/track stock is quite another. Imagining a WYSIWYG editing experience for that kind of data is a little fuzzier.”

Koster referenced Gutenberg’s newly merged support for meta boxes, the first step in making product authoring possible. However, the Gutenberg team is still experimenting and isn’t yet set on a solution for implementing meta boxes.

“How this works with WooCommerce in the long term is unclear,” Koster said. “But you can rest assured it’s something we’ll be dedicating more time to investigating as WordPress approaches the 5.0 release.” Koster concludes the post by asking readers if visual product editing, with the flexibility to rearrange product/shop layouts, is something that interests them.

“If there’s one thing that WooCommerce should perhaps learn from Shopify’s rapid growth, it’s that many ‘would-be’ shop owners don’t care to spend hours upon hours tweaking the layout of their shop, and that pre-built easy-to-use software that looks good and feels good, but can still be extended in complex ways, is what attracts many users,” Jesse Nickles commented on the post. “While this may be the underlying goal of Gutenberg, it perhaps doesn’t crossover clearly to the e-commerce world.”

Koster said he agrees that users don’t always need visual editing experiences and that simple things like price changes should be quick and painless.

“How we present data-driven editing alongside the Gutenberg experience will ultimately determine the success of the project from a WooCommerce perspective,” Koster said.

Support for meta boxes is one the most challenging aspects of the Gutenberg project that the team has yet to solve. Exploring the possibilities of flexible page layouts for products is exciting, but even the WooCommerce team is left wondering how this is all going to work with more complex CMS data. Smaller product teams without the collective knowledge and resources of WooCommerce may have a more difficult time finding the bandwidth to experiment and rebuild their products in time for WordPress 5.0.

The WooCommerce team invites any users interested in Gutenberg-related UX changes to join the plugin’s design feedback group, as they continue to explore how the new editor will work in the context of complex e-commerce product creation and display.

by Sarah Gooding at November 17, 2017 04:30 AM under woocommerce

November 16, 2017

WPTavern: GDPR for WordPress Project Gains Momentum, Proposal Receives Positive Response from Developer Community

Community feedback on the new GDPR for WordPress project, created by WordCamp Denmark organizer Kåre Mulvad Steffensen and WP Pusher creator Peter Suhm, has started rolling in after the two launched a survey for developers. The project aims to provide an industry standard for getting plugins compliant with EU General Data Protection Regulation (GDPR) legislation ahead of the May 2018 deadline.

Steffensen published some initial results of the survey after having it open for two weeks. So far, 90% of respondents have answered that they would consider implementing a GDPR “file” types solution for their plugins if a standard was available. Only 4.9% of the 40 developers who responded said they have a plan for making their plugins GDPR compliant and 43.9% said they do not currently have a plan. The remaining 24.4% were developers of plugins that do not handle personal data.

“Our talks with Paul Sieminski from Automattic and Dovy Paukstys from the Redux options framework have reassured us that we still do have a need for a GDPR structure which can help the community establish a basis for handling GDPR compliance,” Steffensen said.

Steffensen and Suhm created a GitHub repository where they have outlined their proposal for a PHP object interface that plugin developers could add to their codebases as a standard way of indicating how their plugins work with personal data.

“The nature of such an interface puts some responsibility in the hands of the developer to identify any place personal data is stored,” Steffensen said. “What kind of data it is, and for what purpose as well as how it should be handled upon deletion. The Interface approach will allow a community-wide adoption, without setting limitations on how plugin developers choose to work with their data – something we obviously can’t control.”

The idea is that plugin developers could then build other tools on top of this framework using specific functions that correspond to GDPR requirements, such as functions that allow users to access their data, implement the right to be forgotten, report data breaches, and delete and anonymize data. Developers could also build plugins that offer a plain language description of what personal data a plugin collects and how it is handled.

In speaking with Dovy Paukstys on how this could work with Redux, Steffensen said the options framework may be able to facilitate compliance for the 500,000+ sites where it is active and the developers who use it to build plugins.

“Dovy from Redux has a coder’s view on this,” Steffensen said. “Our object interface (PHP) would be something his framework could provide an easy way to utilize for the many developers using Redux. The redux users (developers) could essentially do this themselves also, but since Redux is a framework it makes sense to see if they can build something that will make it near instant for developers to provide compliance for the GDPR.”

Steffensen said the team is aware that the first version of the interface will not render plugins, and by extension their sites, instantly compliant. The interface they are proposing is not one that could be held legally accountable, but the goal is to make it possible for developers to build accountable systems on top of it.

GDPR for WordPress Project Founders Consider Accepting Sponsorships

With 189 days remaining before the GDPR goes into effect, the team will need to work quickly to make a solution available with enough time for interested developers to incorporate it into their plugins. They have not yet set up a way to accept donations but are considering it.

“We aren’t actively seeking funding, but would love any funds that would help us allocate the time needed to keep the momentum going,” Steffensen said. “We’re lucky that the WP Tavern article brought attention to our GDPR approach and have caught the eyes of some of the key players in the ecosystem. One such company is Mailpoet that was the first to raise the idea of sponsoring our work.”

Steffensen works at Peytz.dk, a Danish WordPress agency that wants to support the community and has allocated some of his time to work on the project. He said any funding/donations they receive would be spent on pushing the roadmap forward, investing time in coding, and possibly seeking further advice from people who they cannot expect to be in it for free.

In addition to looking at ways to receive donations, the team plans to keep the survey open for developers for awhile longer to try to make more connections in the community. Steffensen said they hope respondents will help them gain insight on the developer community’s readiness and also enable them to reach out to any plugin owners who could play a key role in a wider adoption.

by Sarah Gooding at November 16, 2017 08:58 PM under GDPR

WPTavern: Consultants Are WordPress’ Boots on the Ground

A business can’t survive without strong sales & customer service, two competencies that are arguably the lifeblood of a company.

Many of you reading this fill that exact gap for the open source WordPress project. I don’t mean this as a slight to the thousands of wonderful people who build the software, document it, and support it in the forums, but that consultants (doing it right or wrong) are also fueling this locomotive too.

There are no official sales or customer service channels at WordPress.org and us consultants bear the brunt of it — for better or worse — and that’s where our job comes in. Just as you trust a core contributor to spot-check her code and ensure that we’ve sanitized all the things!

Consultants are the boots on the ground, and as you’ll see below in my feedback section, represent a disproportionate ratio of launching many more websites than an individual website owner. – Matt Medeiros

From The blue-collar WordPress worker and the 2,500+ websites built to grow the CMS.

by Jeff Chandler at November 16, 2017 08:07 PM under platform

WPTavern: WPWeekly Episode 294 – HeroPress, Community, and WinningWP With Topher DeRosia

In this episode, John James Jacoby and I are joined by Topher DeRosia, founder of HeroPress. DeRosia provides an update on HeroPress and explains his new role creating WordPress training videos for WinningWP. Jacoby and I discussed the news of the week including, Press This removed in WordPress 4.9, Meta box support in Gutenberg, and WP-SpamShield removed from the directory.

Near the end of the show, we discuss whether or not consultants, agencies, and site builders have been left out of the discussion and not factored into WordPress’ growth over the years.

Stories Discussed:

Press This Removed from WordPress 4.9 in Favor of a Plugin
Bianca Welds Awarded Kim Parsell Travel Scholarship
WordCamp Europe 2018 Early Bird Tickets Now on Sale
Gutenberg Contributors Explore Alternative to Using iframes for Meta Boxes
WP-SpamShield Plugin Removed from WordPress.org, Author Plans to Pull All Plugins from the Directory
The blue-collar WordPress worker and the 2,500+ websites built to grow the CMS

Picks of the Week:

How to Whitelist Comments in WordPress

Dark Mode is an experimental feature plugin that darkens the colors of the WordPress backend.

WPWeekly Meta:

Next Episode: Wednesday, November 22nd 3:00 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #294:

by Jeff Chandler at November 16, 2017 03:13 AM under winningwp

WPTavern: WordPress 4.9 Released with Major Improvements to Customizer Workflow, Updated Code Editors, and New Core Gallery Widget

WordPress 4.9 “Tipton” was released today, named for Oklahoma-born jazz musician William Lee Tipton, a gifted pianist and saxophonist. This update introduces major improvements to the design and collaboration workflow in the Customizer, improves WordPress’ built-in code editor, and enhances core text and media widgets.

Draft, Schedule, and Preview Changes in the Customizer

Prior to 4.9, users could get a live preview of their sites in the Customizer but any changes they made would need to be saved immediately or discarded. This update makes it possible to draft and schedule changes in the Customizer, and even share a preview link to collaborate on changes before making them live. Users can now stage content, such as new pages, a new set of widgets, a different combination of menu items, and schedule it all to publish at a future date.

This release also brings the ability to search, browse, and preview themes directly in the Customizer. The search interface includes filters for subject, features, and layout, just like the ones on the “Add Themes” screen in wp-admin. It does not yet include the featured, popular, latest, or favorites tabs, so users will need to navigate back to the admin if they want to browse those categories.

The menu creation process has also been updated in the Customizer to be less confusing with a rethink of the UI and revised copy.

Syntax Highlighting and Error Checking Added to the Code Editors

WordPress 4.9 brings syntax highlighting, linting, and auto-completion to the built-in code editors by incorporating the CodeMirror library. These long-awaited improvements are now available in the theme and plugin editors as well as the custom HTML widget and additional CSS box in the Customizer. The feature comes with prominent warnings about directly editing themes and plugins and protection against saving code that would cause a fatal error.

New Core Gallery Widget and Support for Shortcodes and Embedded Media in the Text Widget

WordPress 4.9 adds a new gallery widget to the collection of core media widgets (audio, image, and video) that were introduced in 4.8. It brings the same gallery-creation features to widgets that have long been available in the post and page editors.

These incremental changes will help users get ready for Gutenberg’s block-based interface. The plan is to eventually transition widgets over to blocks after Gutenberg is in core and the plugin already has support for a gallery block, as well as a Custom HTML block.

As of 4.9, users can now embed media in the Text widget, including images, video, and audio by clicking the “Add Media” button. In order to make this possible, WordPress contributors also needed to add shortcode support to widgets, a feature that users have requested for nearly a decade. With this now built into core, hundreds of thousands of WordPress sites will no longer need additional code from plugins and themes to use shortcodes in widgets.

Widgets have also been improved to offer a better migration experience with updated logic for mapping widgets between two themes’ widget areas.

On Towards Gutenberg

WordPress 4.9 also includes a notice in the about.php page of the admin, inviting users to help test or contribute to Gutenberg. It is the first time a feature plugin has been highlighted so prominently on the page users see after they update to the latest version.

The Gutenberg project has been getting a lot of attention over the past few months as the WordPress community looks ahead to the 5.0 release that will introduce the new editor to the world. Meanwhile, contributors to 4.9 have been working in tandem to make significant improvements to existing features, enabling users to do more with widgets and overall site design than ever before. This release was led by Weston Ruter and Mel Choyce with help from 443 contributors, 42% (185) of them contributing to WordPress for the first time.

by Sarah Gooding at November 16, 2017 01:24 AM under WordPress 4.9

Dev Blog: WordPress 4.9 “Tipton”

Major Customizer Improvements, Code Error Checking, and More! 🎉

Version 4.9 of WordPress, named “Tipton” in honor of jazz musician and band leader Billy Tipton, is available for download or update in your WordPress dashboard. New features in 4.9 will smooth your design workflow and keep you safe from coding errors.

Featuring design drafts, scheduling, and locking, along with preview links, the Customizer workflow improves collaboration for content creators. What’s more, code syntax highlighting and error checking will make for a clean and smooth site building experience. Finally, if all that wasn’t pretty great, we’ve got an awesome new Gallery widget and improvements to theme browsing and switching.

Customizer Workflow Improved 

Draft and Schedule Site Design Customizations

Yes, you read that right. Just like you can draft and revise posts and schedule them to go live on the date and time you choose, you can now tinker with your site’s design and schedule those design changes to go live as you please.

Collaborate with Design Preview Links

Need to get some feedback on proposed site design changes? WordPress 4.9 gives you a preview link you can send to colleagues and customers so that you can collect and integrate feedback before you schedule the changes to go live. Can we say collaboration++?

Design Locking Guards Your Changes

Ever encounter a scenario where two designers walk into a project and designer A overrides designer B’s beautiful changes? WordPress 4.9’s design lock feature (similar to post locking) secures your draft design so that no one can make changes to it or erase all your hard work.

A Prompt to Protect Your Work

Were you lured away from your desk before you saved your new draft design? Fear not, when you return, WordPress 4.9 will politely ask whether or not you’d like to save your unsaved changes.

Coding Enhancements

Syntax Highlighting and Error Checking? Yes, Please!

You’ve got a display problem but can’t quite figure out exactly what went wrong in the CSS you lovingly wrote. With syntax highlighting and error checking for CSS editing and the Custom HTML widget introduced in WordPress 4.8.1, you’ll pinpoint coding errors quickly. Practically guaranteed to help you scan code more easily, and suss out & fix code errors quickly.

Sandbox for Safety

The dreaded white screen. You’ll avoid it when working on themes and plugin code because WordPress 4.9 will warn you about saving an error. You’ll sleep better at night.

Warning: Potential Danger Ahead!

When you edit themes and plugins directly, WordPress 4.9 will politely warn you that this is a dangerous practice and will recommend that you draft and test changes before updating your file. Take the safe route: You’ll thank you. Your team and customers will thank you.

Even More Widget Updates 

The New Gallery Widget

An incremental improvement to the media changes hatched in WordPress 4.8, you can now add a gallery via this new widget. Yes!

Press a Button, Add Media

Want to add media to your text widget? Embed images, video, and audio directly into the widget along with your text, with our simple but useful Add Media button. Woo!

Site Building Improvements 

More Reliable Theme Switching

When you switch themes, widgets sometimes think they can just move location. Improvements in WordPress 4.9 offer more persistent menu and widget placement when you decide it’s time for a new theme. 

Find and Preview the Perfect Theme

Looking for a new theme for your site? Now, from within the Customizer, you can search, browse, and preview over 2600 themes before deploying changes to your site. What’s more, you can speed your search with filters for subject, features, and layout.

Better Menu Instructions = Less Confusion

Were you confused by the steps to create a new menu? Perhaps no longer! We’ve ironed out the UX for a smoother menu creation process. Newly updated copy will guide you.

Lend a Hand with Gutenberg 🤝

WordPress is working on a new way to create and control your content and we’d love to have your help. Interested in being an early tester or getting involved with the Gutenberg project? Contribute on GitHub.

(PS: this post was written in Gutenberg!)

Developer Happiness 😊

Customizer JS API Improvements

We’ve made numerous improvements to the Customizer JS API in WordPress 4.9, eliminating many pain points. (Hello, default parameters for constructs! Goodbye repeated ID for constructs!) There are also new base control templates, a date/time control, and section/panel/global notifications to name a few. Check out the full list.

CodeMirror available for use in your themes and plugins

We’ve introduced a new code editing library, CodeMirror, for use within core. CodeMirror allows for syntax highlighting, error checking, and validation when creating code writing or editing experiences within your plugins, like CSS or JavaScript include fields.

MediaElement.js upgraded to 4.2.6

WordPress 4.9 includes an upgraded version of MediaElement.js, which removes dependencies on jQuery, improves accessibility, modernizes the UI, and fixes many bugs.

Roles and Capabilities Improvements

New capabilities have been introduced that allow granular management of plugins and translation files. In addition, the site switching process in multisite has been fine-tuned to update the available roles and capabilities in a more reliable and coherent way.

The Squad

This release was led by Mel Choyce and Weston Ruter, with the help of the following fabulous folks. There are 443 contributors with props in this release, with 185 of them contributing for the first time. Pull up some Billy Tipton on your music service of choice, and check out some of their profiles:

Aaron D. Campbell, Aaron Jorbin, Aaron Rutley, Achal Jain, Adam Harley (Kawauso), Adam Silverstein, AdamWills, Adhun Anand, aegis123, Afzal Multani, Ahmad Awais, Ajay Ghaghretiya, ajoah, Akash Soni, akbarhusen, Alain Schlesser, Alex Dimitrov, Alex Goller, Alexandru Vornicescu, alibasheer, alxndr, Andrea Fercia, andreagobetti, Andrew Duthie, Andrew Nacin, Andrew Norcross, Andrew Ozz, Andrew Taylor, Andy Fragen, Andy Meerwaldt, Andy Mercer, Angelika Reisiger, anhskohbo, Ankit K Gupta, Anthony Hortin, Anton Timmermans, antonrinas, appchecker, arena94, Arnaud Coolsaet, ArnaudBan, Arun, Ashar Irfan, atachibana, Atanas Angelov, audrasjb, Avina Patel, Ayesh Karunaratne, Barry Ceelen, bduclos, Bego Mario Garde, Behzod Saidov, Ben Cole, Ben Dunkle, benoitchantre, Bharat Parsiya, bhavesh khadodara, Biplav, Biranit, Birgir Erlendsson (birgire), biskobe, BjornW, Blackbam, Blobfolio, bobbingwide, bonger, Boone B. Gorges, Boro Sitnikovski, Brad Parbs, Brady Vercher, Brandon Kraft, Brent Jett, Brian Layman, Brian Meyer, Bruno Borges, bseddon, Bunty, Carl Danley, Carolina Nymark, Caroline Moore, carolinegeven, Charlie Merland, Chetan Chauhan, chetansatasiya, choong, Chouby, Chris Hardie, Chris Runnells, Christian Chung, Christoph Herr, chsxf, cjhaas, Cliff Seal, code-monkey, Collins Agbonghama, corvidism, csloisel, Daedalon, Daniel Bachhuber , Daniel James, Daniele Scasciafratte, dany2217, Dave Pullig, DaveFX, David A. Kennedy, David Aguilera, David Anderson, David Binovec, David Chandra Purnama, David Herrera, David Shanske, David Strauss, David Trower, Davide 'Folletto' Casali, daymobrew, Derek Herman, designsimply, DiedeExterkate, dingo-d, Dion Hulse, dipeshkakadiya, Divyesh Ladani, Dixita Dusara, dixitadusara, Dominik Schilling, Dominik Schwind, Drew Jaynes, dsawardekar, Dzikri Aziz, Eaton, eclev91, Edd Hurst, EGregor, Ella Iseulde Van Dorpe, elvishp2006, enrico.sorcinelli, Eric Andrew Lewis, euthelup, Evan Mullins, eventualo, Fabien Quatravaux, FancyThought, Felipe Elia, Felix Arntz, fergbrain, Florian TIAR, Gabriel Mariani, Garth Mortensen, Gary Pendergast, Gennady Kovshenin, George Stephanis, Girish Lohar, Govind Kumar, Graham Armfield, Greg Ross, Gregory Cornelius, grosbouff, Guido Scialfa, Gustave F. Gerhardt, guzzilar, Hardeep Asrani, Hazem Noor, hazimayesh, Helen Hou-Sandí, Henry, Henry Wright, herregroen, Hinaloe, Howdy_McGee, Hugh Lashbrooke, Hugo Baeta, Iacopo C, imath, Ippei Sumida, Ipstenu (Mika Epstein), Irene Strikkers, Ivan Kristianto, ixmati, J.D. Grimes, j.hoffmann, James Nylen, Janki Moradiya, Jason Stallings, Jeff Paul, Jennifer M. Dodd, Jeremy Felt, Jeremy Pry, Jip Moors, jjcomack, jkhongusc, Joe Dolson, Joe Hoyle, Joe McGill, John Blackbourn, John Eckman, John James Jacoby, John Regan, johnpgreen, johnroper100, Jonathan Bardo, Jonathan Desrosiers, Jonny Harris, Joost de Valk, Josepha, Josh Pollock, Joy, jrf, jsepia, jsonfry, Juhi Saxena, Julien, Justin Kopepasah, Justin Sternberg, K.Adam White, Karthik Thayyil, keesiemeijer, Kelly Dwan, Kevin Newman, Kim Parsell, Kiran Potphode, Kite, Konstantin Kovshenin, Konstantin Obenland, Konstantinos Galanakis, koopersmith, Kristin Kokkersvold, lalitpendhare, Lance Willett, Laurel Fulford, lemacarl, lessbloat, llemurya, Luke Cavanagh, Mário Valney, m1tk00, Maedah Batool, Mahesh Prajapati, Mahvash Fatima, Maja Benke, Mako, manolis09, manuelaugustin, Marcel Bootsman, Marius L. J., Marius Vetrici, Mark Jaquith, Mark Root-Wiley, markcallen, Marko Heijnen, MatheusGimenez, Matt Gibbs, Matt Mullenweg, matthias.thiel, mattyrob, Maxime Culea, mdifelice, megane9988, Mel Choyce, Menaka S., Michael Arestad, Michele Mizejewski, Miina Sikk, Mike Crantea, Mike Hansen, Mike Schinkel, Mike Schroder, Milan Dinić, Milana Cap, Milind More, Mirucon, Mitch Canter, Mithun Raval, mkomar, monikarao, Morgan Estes, moto hachi ( mt8.biz ), msebel, munyagu, MyThemeShop, N'DoubleH, Nathan Johnson, nenad, nic.bertino, Nick Diego, Nick Halsey , Nicolas GUILLAUME, nicollle, Nidhi Jain, Nikhil Chavan, Nilambar Sharma, Nileshdudakiya94, Nishit Langaliya, Norris, obradovic, Ov3rfly, Paal Joachim Romdahl, palmiak, Parth Sanghvi, Pascal Birchler, Pat O'Brien, patel, Paul Bearne, Paul Biron, Paul Dechov, Paul Wilde, Payton Swick, pcarvalho, Pedro Mendonça, Pete Nelson, Peter "Pessoft" Kolínek, Peter J. Herrel, Peter Toi, Peter Westwood, Peter Wilson, Philip John, Piotr Delawski, Pippin Williamson, Plastikschnitzer, powerzilly, Pratik Gandhi, Presslabs, Punit Patel, Purnendu Dash, r-a-y, Rachel Baker, rafa8626, Rahmohn, Rami Yushuvaev, ramon fincken, Ravi Vaghela, RC Lations, redrambles, RENAUT, Reuben Gunday, rfair404, Riad Benguella, Rian Rietveld, Riddhi Mehta, Rinku Y, Rob Cutmore, Rodrigo Primo, Ronak Ganatra, rugved, Rushabh Shah, Ryan Boren, Ryan Duff, Ryan Holmes, Ryan Marks, Ryan McCue, Ryan Neudorf, Ryan Plas, Ryan Welcher, ryanrolds, ryotsun, Sabuj Kundu, Sagar Prajapati, sagarladani, Said El Bakkali, Sami Keijonen, Sampat Viral, Samuel Sidler, Samuel Wood (Otto), sarah semark, sathyapulse, sboisvert, Scott DeLuzio, Scott Kingsley Clark, Scott Lee, Scott Reilly, Scott Taylor, scribu, Sebastian Pisula, SeBsZ, Sergey Biryukov, Sergio De Falco, Shamim Hasan, Shawn Hooper, shital, shramee, Siddharth Thevaril, Simon Prosser, skostadinov, Slava Abakumov, someecards, Soren Wrede, spencerfinnell, spocke, Stanko Metodiev, Stephane Daury (stephdau), Stephen Edgar, Stephen Harris, Steve Grunwell, Steve Puddick, stevenlinx, Subrata Mal, Subrata Sarkar, Sudar Muthu, Susumu Seino, svrooij, Takahashi Fumiki, Takayuki Miyauchi, Tammie Lister, Taylor, tejas5989, terwdan, tharsheblows, thingsym, Thoriq Firdaus, Thorsten Frommen, Timothy Jacobs, tmatsuur, tobi823, Todd Nestor, Tor-Bjorn Fjellner, Torsten Landsiedel, Toru Miki, toscho, transl8or, truongwp, tuanmh, TV productions, uicestone, Ulrich, Umang Vaghela, Umesh Nevase, upadalavipul, Utkarsh, vhauri, williampatton, withinboredom, Wojtek Szkutnik, Xenos (xkon) Konstantinos, Yahil Madakiya, yonivh, yrpwayne, zachwtx, and Zane Matthew.

Finally, thanks to all the community translators who worked on WordPress 4.9. Their efforts bring WordPress 4.9 fully translated to 43 languages at release time, with more on the way.

Do you want to report on WordPress 4.9? We've compiled a press kit featuring information about the release features, and some media assets to help you along.

If you want to follow along or help out, check out Make WordPress and our core development blog.

Thanks for choosing WordPress!

by Mel Choyce at November 16, 2017 01:16 AM under Releases

November 15, 2017

WPTavern: Gutenberg 1.7 Adds Multi-Block Transform Functionality, Drops iframes Implementation of Meta Boxes

Gutenberg 1.7 was released today, two weeks after version 1.6, with a fresh round of new features, design updates, and the groundwork for nested blocks and block extensibility.

Last week contributors began exploring an alternative to using iframes for meta boxes. This experiment has landed in 1.7 so that the plugin now renders meta boxes inline. Gutenberg engineer Riad Benguella, who wrote and merged the code, said that it doesn’t fix all the meta box issues and might create some new ones, but it “gets us closer to where we want to go.” Pre-rendering meta boxes and creating a migration path for existing ones is next on the agenda.

One of the most exciting new features in 1.7 is the multi-block transform functionality that allows users to select multiple blocks and instantly transform them into other block types. It works like a little bit of Gutenberg magic. By default, users can select multiple paragraphs and transform them into a list or select multiple images and transform them into a gallery.

After selecting two or more blocks, the user can click on the block’s settings in the toolbar to transform them. They can also be easily changed back to single blocks. The multi-block transform functionality has been added to the Blocks API so that developers can set isMultiBlock to true to specify blocks that can be transformed.

Version 1.7 introduces a new toggle that the team is testing for switching between the top fixed toolbar and the contextual toolbars attached to each block. It provides an easy way for users to test both types of toolbar styles, but may be temporary as the pull request was submitted as a suggestion for an A/B test.

Gutenberg 1.7 paves the way for nested blocks in the data structure. It also adds hooks for block extensibility and contributors are currently testing how these work internally.

A few other notable features in this release include the following:

Gutenberg’s documentation has also been moved to https://wordpress.org/gutenberg/handbook/, signaling the project is getting closer to becoming part of WordPress. The new editor will be included in WordPress 5.0, which will ship when Gutenberg is ready. A notice in the 4.9 about.php page invites users to start testing the feature plugin ahead of its inclusion in core.

by Sarah Gooding at November 15, 2017 11:57 PM under gutenberg

Matt: Post Status Interview

In the lead-up to WordCamp US we're in right now I chatted with Brian Krogsgard at Post Status in an hour podcast and we spoke about the core releases this year, Gutenberg, React, WooCommerce, and WordPress.org. On the 29th I'll be talking to WP Tavern, so tune in then as well. For something completely different, I was on the new OFF RCRD podcast with Cory Levy about the earliest days at Automattic and entrepreneurship.

by Matt at November 15, 2017 05:06 PM under Asides

HeroPress: My journey to WordPress taught me that my talents are best used elsewhere.

Pull Quote: Together we'll create the future of WordPress.

My first website was built using Frontpage. Then I discovered Geocities, which at the time made it easy to break and fix code and have it instantly live for others to find on the world wide web. It was an optimal learning environment for me. I learned HTML and CSS by copying, pasting, and then tweaking every which way until it was doing something absurd like flashing hot pink text. It was the Wild West and there were no real rules yet except for those in this new language.

Like any language, I was learning little by little in search of ways to bend the rules and “speak” like a native.

I only coded for fun, but many years later, I made a website for a job. I used Dreamweaver because I was told all professionals used Dreamweaver. I found it easy to use, much easier than Frontpage, especially for building a larger more complex website. I started learning how to read PHP and doing a lot of what was needed in the metadata and the code for basic SEO.

Finding WordPress

Fast forward another few years. I set up several free sites for nonprofits using Webs, Weebly, other page builders whose names I can’t recall, Joomla, and then, one day I stumbled upon WordPress. I wasn’t sure if I liked it at first because the out of the box theme was ugly and I couldn’t figure out how to manipulate it. Then, I found a theme on Themeforest that installed the styles and the demo content. This was worth the $30. This gave me the ability to tweak the theme because I knew enough HTML and CSS to change things in the file editor. I was still coding like I did in my Geocities days, only my aesthetics had improved.

I cringe relaying that experience now. I knew enough to be really dangerous. I didn’t do any form of version control, I didn’t do any backups, I didn’t vet my plugins, or even know how to properly vet my plugins.

I am so lucky nothing went terribly wrong.

On one hand, WordPress gave me an easy way to dive right in and do everything on my own. On the other hand, it made it too easy for me to download bad plugins, edit things I probably should not have been touching, and in the end, I guess that’s okay because when I was serious about maintaining a website, I did take the time to learn more about what I needed to know.

Finding What I Needed

What I know today is that I am not a developer. I’m not even a designer. I have fun with the creation process, but there are other people who are much more talented and efficient in those processes and I’m happy to pay them for their expertise. I have learned what I need to know about the framework and can talk to designers and developers about what I’m looking for and ensure they know what they’re doing. I can pick out reliable themes and plugins. I can advise our clients, who are mostly nonprofits and social enterprises, on the best path for a sustainable website. I understand the need for disaster recovery, backups, and security. I understand the value of paid premium licenses and ongoing support.

These are all things that in my days of starting out I didn’t know I needed. Even if someone tried to explain it to me, I probably wouldn’t have felt that I needed them. Sometimes I can be stubborn and I need to experience the pain points myself before I buy into what everyone else is saying. I used to learn best from failure.

I still learn from failure, but when it comes to WordPress, I have also surrounded myself with a community who help me grow and learn.

In 2013, I started attending the Fort Worth WordPress meetup. The group was still pretty small at the time, but they were very inviting. I picked up some new tips and tricks that I used right away. While my eyes glazed over at some of the more advanced details, I understood the possibilities and that the work was beyond my capabilities. I learned how to ask for help with those things. Remember, I’m not a designer or a developer, so this meant hiring for those skills from the network of people I met in the WordPress community.

Over the last 4 ½ years I’ve been able to sell numerous WordPress projects and some of them are incredibly custom and complex. In return, I’ve been able to provide freelance work for members of my community; I’ve been able to give back via WordCamps sharing my experience with project scoping, sales, and negotiations. We all have something of value to share. No matter your area of expertise, you can give something back to the community.

The Real Value

The best thing about WordPress is not the tool itself. It’s the people who use it or are wanting to try it. The WordPress community is what makes WordPress and WordCamps really great. My hope is that as a community we can help WordPress evolve and adapt and that we can leverage technology, including WordPress, for the greater good.

We’ve already done this and that’s why WordPress powers almost 30% of the web. We’ve been doing it for years, but the technology landscape is changing rapidly. Are we keeping up?

A few weeks ago, Chris Lema asked me and a group of other WordPressers, “What could destroy WordPress, and how would you fix it?” We answered this a number of ways and you’ve probably come up with your own answer. My answer? I think that the evolution of technology could destroy WordPress.

To fix that we would need to evolve, dream big, and create the innovative changes that would keep WordPress alive. We can’t wait until the changes are already in place. It would take far too long for such a large ecosystem to catch up, and in the meantime, it would start to disappear. Look at Kodak; my kids don’t even know what a Kodak moment is. That’s just sad.

What is our dream as a community?

Will people talk about WordPress in the past tense or will we find ways to help it thrive?

Even as we work towards the same dream, there are still complex challenges to overcome. We’ll likely fail many times as we try to innovate. This is actually good; we’ll learn from those mistakes, but we might become jaded. We’ll certainly have moments of frustration. We might even try another framework, and the grass might actually be greener on the other side. Yet, the fact that we are such a close knit community sets us apart.

Imagine what could happen if a community this large banded together towards one dream.

We could pave a path towards something really great. It feels like a huge undertaking. It’s something that could paralyze us if we tried to get it “right” before we started. The key is to set common goals, but to individually start working and living on purpose. Then, we can come together in a more meaningful way.

In my recent keynote at WordCamp DFW I shared a bit of my heritage and my life story so that people could understand my passion for social impact. Everyone has a story that makes them a unique fit to tackle different challenges. When we put our collective skills together, we can make a difference.

John F. Kennedy said, “One person can make difference, and everyone should try,” and Nelson Mandela said, “It is in our hands to make a difference.”

Many paths have been paved so that we could live in a different world. Now, our dreams pave the way for future. Together we’ll create the future of WordPress.

The post My journey to WordPress taught me that my talents are best used elsewhere. appeared first on HeroPress.

by Sheryle Gillihan at November 15, 2017 12:10 PM

November 14, 2017

Dev Blog: WordPress 4.9 Release Candidate 3

The third release candidate for WordPress 4.9 is now available.

A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. In fact, we did miss some things in RC1 and RC2. This third release candidate was not originally scheduled, but due a number of defects uncovered through your testing of RC2 (thank you!), we are putting out another 4.9 release candidate.

We hope to ship WordPress 4.9 on Tuesday, November 14 (that’s tomorrow) at 23:00 UTC, but we still need your help to get there. If you haven’t tested 4.9 yet, now is the time! If there are additional defects uncovered through testing between now and the release time, we may delay the 4.9 release to the following day.

To test WordPress 4.9, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

We’ve made just over 20 changes since releasing RC2 last week (as we did between RC1 and RC2). For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3Beta 4RC1, and RC2 blog posts. A few specific areas to test in RC3:

  • Switching between the Visual and Text tabs of the editor, and the syncing of the cursor between those two tabs.
  • Overriding linting errors in the Customizer’s Additional CSS editor.
  • Adding nav menu items for Custom Links in the Customizer.
  • Scheduling customization drafts (stubbed posts/pages) for publishing in the Customizer.
  • Autosave revisions for changes in the Customizer.
  • About page styling.

Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. Please see the summative field guide to the 4.9 developer notes on the core development blog.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Didn’t squash them all 🐛
We want to release Tuesday
New features not bugs ✨

Thanks for your continued help testing out the latest versions of WordPress.

by Weston Ruter at November 14, 2017 06:53 AM under Releases

November 13, 2017

WPTavern: iA Writer 5 for iOS Released, Web Collaboration Version Coming Soon

iA Writer 5 for iOS was released last week, nearly a year after version 4. This update is free for those who purchased version 4 from the iOS App Store. iA Writer 5 for Mac is still in the works. The free Android version of the app is receiving incremental improvements that will bring it to parity with version 5 in the near future.

iA Writer is a plain text writing and editing app that is popular with authors, academics, and long-form writers. It’s also a favorite among WordPress users who look to third-party apps for to provide a more focused, distraction-free writing environment. In April 2016, version 3.1.4 for Mac and iOS introduced publishing drafts to WordPress.com and Jetpack-powered sites.

Version 5 focuses on making everything accessible through the keyboard by bringing the Open Quickly feature in iA Writer for Mac to iOS. The app’s creators said the goal of the design process was to “allow the writer to do everything without leaving the keyboard, including file handling, export, and all commands.” The new Quick Search feature is now built into the keyboard bar along with with a fully configurable keyboard. This allows users to quickly do things like create new files, switch to night mode, and export to PDF without leaving the keyboard.

This release adds new organization features that allow users to select multiple files and folders and move, rename, or delete them from the Library. It also introduces Smart Folders which can be created based on a set of rules. Version 5 adds support for iOS11’s Files system, allowing users to open and edit text files from any storage provider that works with Files. Support for Dropbox, Google Drive, and Box is already available with more providers coming soon.

The makers of iA Writer are interested in exploring other platforms if there is sufficient interest, including the possibility of creating a Windows version. Demand doesn’t seem to be very high, as the writing app’s fans are primarily Apple-only users.

However, users across multiple platforms have requested a web version of iA Writer, and the company confirmed in September that they are already working on it. After releasing a big Material Design update to the iA for Android app in October, the creators said Android users will be the first to have access to the web version:

The biggest request from you was collaboration, in other words, iA Writer for Web. iA Writer for Android will stay free and you will be able to connect and subscribe to the Web version via the app, if you wish to. If you could tell us what you’d expect to pay for it, that would be very helpful…As part of our commitment to continually improve iA Writer on all platforms, Android will likely be the first to gain access to the upcoming Web collaboration.

The upcoming web version should provide a sort of bridge for users on other desktop platforms without an iA Writer app.

There’s no target release date for iA Writer 5 for Mac but iA Inc has confirmed that it will also be a free update for those who have purchased the previous version.

by Sarah Gooding at November 13, 2017 10:00 PM under ia Writer

WPTavern: Watch the State of the Woo! After You Give WooCommerce Your Name and Email Address

If you didn’t watch the live stream or attend WooConf in-person, you’re in luck as videos from the event are starting to come online. The first talk highlights is the State of the Woo by Todd Wilkens, Head of WooCommerce. Wilkens shares stats, provides an overview of projects the team is working on, what to expect in new versions, and explains the relationship between WooCommerce and Jetpack.

The video is available to watch for free, but viewers must provide their first and last name as well as an email address. Clicking the play button without entering this information displays a message that says Please enter your full name. This is a classic technique used by many internet marketers.

Although you can provide fake information in order to watch the video for free, I feel it’s an unnecessary burden. The WooCommerce team could obtain the same information with a form in the post. An alternative to watching the video is reading the company’s great overview of Wilkens’ session. The team plans to publish other talks from WooConf in the coming weeks.

Updated November 14th: An Automattic employee has removed the email form and made it skippable.

by Jeff Chandler at November 13, 2017 09:25 PM under woocommerce

November 11, 2017

Matt: Product and Process

When I look back over the last 25 years, in some ways what seems most precious is not what we have made but how we have made it and what we have learned as a consequence of that. I always think that there are two products at the end of a programme; there is the physical product or the service, the thing that you have managed to make, and then there is all that you have learned. The power of what you have learned enables you to do the next thing and it enables you to do the next thing better. — Jony Ive

From the Wallpaper article on the new Apple campus.

by Matt at November 11, 2017 05:01 AM under Asides

WPTavern: WP-SpamShield Plugin Removed from WordPress.org, Author Plans to Pull All Plugins from the Directory

The WP-SpamShield plugin was removed from the WordPress.org directory this week due to what the Plugin Review Team has deemed a violation of the guidelines and a possible miscommunication.

Two weeks ago, the author of WP-SPamShield and the author of the Plugin Organizer plugin exchanged contentious remarks in a support forum thread where each accused the other of targeting each others’ plugins. This resulted in both parties adding code that disabled the others’ plugins, and both were asked by the Plugin Team to remove the code.

WP-SpamShield’s author, Scott Allen, has published an account of his interactions with the Plugin Team with updates for users who are monitoring the status of the plugin. Although the team rarely discloses why a plugin was removed, representative Mika Epstein responded to Allen when he said he had not received an answer about what guideline the plugin had violated:

Sorry, I thought it was clear that it’s issues regarding the forum guidelines and rule #9:
Intentionally attempting to exploit loopholes in the guidelines.

To whit, you were asked to make a change and did so incompletely. If this was not intentional, then I apologize.

I’ve sent you a followup email, trying to clarify what we would accept as solutions to the issue (I came up with 3 options, but I’m open to hearing more).

I understand why you’re angry and we will respect any decision you make regarding this. Nothing that has happened thus far is insurmountable or permanent.

In the post Allen published, he said his experiences with the Plugin Team over the past 10 years have caused him to decide to move his plugins off of WordPress.org. When I contacted him to see if he plans to update his code according to the Plugin Team’s suggestions, he said he doesn’t agree with the solutions the team is offering, nor their assessment of the situation.

“They really were not solutions,” Allen said. “It was just rehashing the same issues we’d already discussed. Unfortunately, neither Otto nor Mika have the security expertise to be making the dictates they were making, so there were no realistic solutions.”

Allen also claimed that Epstein’s report about him making a change and it being incomplete was not accurate and that the Plugin Team did not seem to be on the same page:

We literally did exactly what they asked and made the changes. Two weeks ago Mika had emailed me and indicated things were good. (No code updates since then.) Then two weeks of silence, and then angry email from Otto out of the blue yesterday telling us it was booted. The issue he brought up was different code.

The two of them cannot make up their minds on what is acceptable, and what is not. The arbitrary removal was the last straw though. WordPress.org is the only venue that would do that. We repeatedly asked them what rule we broke, to no answer. Only after I called Mika out on the forum did she come up with something – Rule 9 – exploiting a loophole in the rules. Seriously? It’s impossible for developers to comply with rules that are constantly changing.

Allen confirmed that his team at Red Sand Media Group plans to pull all seven of its plugins from WordPress.org as the result of the incident but will continue maintaining and hosting them elsewhere.

“Developers cannot operate like that,” Allen said. “People depend on us. While it might hurt a bit in the short term, in the long term, we have to do it. There really need to be some major reforms to the way plugins are handled.”

WP-SpamShield was installed on more than 100,000 WordPress sites before it was removed. There is currently no standard way to notify users why a plugin was removed from the directory, but the original dispute between the WP-SpamShield and Plugin Organizer authors is public, as well as a few exchanges between Allen and the Plugin Team. Allen said he is still working out the details of how to notify users that his plugins will be hosted elsewhere from now on.

“We’ll come up with a good plan in the next few days,” he said. “Some people have been notified already because WordFence let them know yesterday that WPSS was removed. (They knew before I did.)”

Samuel “Otto” Wood said the Plugin Team is still willing to put Allen’s plugins back up if he removes the code in question and that the team is not offended by a plugin developer being angry over a decision. At this time Allen appears to be unwilling to comply with the team’s most recent requests.

In the meantime, users who know that WP-SpamShield was been removed are waiting to hear if they need to begin looking for a replacement. Allen said that users shouldn’t need to replace the plugin, since the it will continue to work as before. However, some users are not comfortable installing free plugins hosted outside of WordPress.org. Allen’s team is figuring out a plan for how they will deliver updates to the plugin and will post more information for users on the Red Sand Marketing blog.

by Sarah Gooding at November 11, 2017 04:19 AM under Plugins

November 10, 2017

WPTavern: Weglot Passes €44K in Monthly Revenue, Plans to Expand into More CMS and E-commerce Markets

Weglot, a SaaS-based multilingual plugin that entered the WordPress market last year, has passed €44,000 in monthly revenue. The company received €450K in seed funding in May 2017 and has nearly doubled its user base in the past six months. Co-founder Rémy Berda reports that the plugin is approaching 20,000 users and that more than 20,000 websites are connected to the Weglot API, if you include the company’s Shopify product and those using the JS script directly.

WordPress customers currently represent 75% of Weglot’s revenue with Shopify at 25%, but Berda says the two markets are growing at the same rate. In May, the company’s customer distribution was primarily in the US and France, which made sense as the product’s founders are French and Weglot was first marketed to the French WordPress community. Weglot’s customer distribution has become more global over the past six months and the US has now overtaken France as the strongest market for the multilingual plugin. Canada has also passed Germany, and Berda said he thinks the distribution will eventually align progressively with global WordPress usage.

Weglot customer distribution as of November 2017

Despite having only recently entered the WordPress community in a niche with well-established competitors, Weglot’s cofounders are confident their SaaS approach is the road to success for becoming the best multilingual solution for WordPress. The team is aiming for its product to become the highest rated multilingual plugin in the WordPress directory within the next six months.

WPML, a purely commercial product and the most widely used, has been in business since 2009 and is active on more than 500K sites. Polylang, a popular free plugin with a commercial option, is installed on more than 300,000 sites and has a 4.7-star rating on WordPress.org. qTranslate X is also a formidable competitor with more than 100,000 active installs and a 4.7-star rating.

“For now the two biggest plugins in terms of active installs are WPML and Polylang,” Berda said. “Both don’t have a SaaS approach. Polylang recently released the PRO version (it was only free previously) but it is still sold as a piece of software, not a SaaS. We are convinced that SaaS is the right approach as it allows us to be in constant relation with users and make the product evolve faster. It’s also healthier in terms of business.”

Although he has no precise statistics on how many, Berda said he sees a lot of former WPML and Polylang users (freelancers and agencies) in their support center who have opted to use Weglot on their new projects. This indicates that Weglot may not so much be whittling away at the existing customer base of other plugins but is finding success at attracting customers who are starting new projects.

In their efforts to stake a claim in the WordPress ecosystem, the Weglot team has found that being active in the community is important to having a successful product.

“WordPress is really huge so there is no magical formula for marketing,” Berda said. “I think what is important is to accept that it takes time. You must keep improving your product forever while being active in the community and do it not only with high intensity but for a long time.”

The €450K in seed funding Weglot received earlier this year has helped the team to expand its support and development team, but it has also made it possible for the company to invest more in the community. They have now sponsored a dozen WordCamps across the world, including WordCamp Europe in Paris.

Berda’s advice to other WordPress entrepreneurs who are looking for funding is to consider the option carefully and understand how it will impact the company’s future and ability to act independently.

“My recommendation would be to think twice about raising money as it takes time,” Berda said. “It changes your governance and it temporarily distracts you from your number one focus – your users. Raise only if you are sure you will have a return with the money invested. Not every business need to raise money.”

Fueled by their success in the WordPress market, Weglot plans to expand into other CMS and e-commerce markets, including BigCommerce and Jimdo, followed by Drupal, Magento, and Joomla. Berda said the company also plans to release an open version of the API for developers to integrate their non-CMS websites built on technologies like Symfony and Laravel.

“In 2018, we will be adding many things: We will start using machine learning to improve the quality of automatic translations,” Berda said. “We will also leverage the fact that we are SaaS to add some insights about language usage for the users so they can see what languages are performing better. Finally, we will add extra features to manage multilingual SEO. In terms of monthly recurring revenue, we aim to reach €70,000 in 6 months.”

by Sarah Gooding at November 10, 2017 08:04 PM under weglot

November 08, 2017

WPTavern: Jetpack 5.5 Removes Syntax Highlighting and Gallery Widget for Compatibility with Upcoming WordPress 4.9 Release

Jetpack 5.5 was released yesterday with several important changes that ensure the plugin is compatible with the upcoming WordPress 4.9 release scheduled for November 14. The plugin will be able to shed some weight, as core improvements will make Jetpack’s syntax highlighting and gallery widget obsolete.

WordPress 4.9 incorporates CodeMirror, which brings syntax highlighting, linting, and auto-completion to the built-in code editors. Jetpack 5.5+ will rely on WordPress to handle syntax highlighting and the Custom CSS module has been updated to be fully compatible with core’s new code editing improvements.

image credit: make.wordpress.org

Jetpack 5.5 also adds compatibility for WordPress 4.9’s new core gallery widget. When users update to 4.9, Jetpack will automatically migrate its own gallery widgets to use the widget included in core.

The release also includes several other changes for compatibility with WordPress 4.9:

Jetpack 5.5 also improves the connection process between the plugin and WordPress.com, which should reduce recent issue users have experienced when migrating their sites from HTTP to HTTPS. A full list of the changes in this release is available in the plugin’s changelog.

by Sarah Gooding at November 08, 2017 08:13 PM under jetpack

HeroPress: From the Outskirts to an Insider

Pull Quote: WordPress has changed lives. It has given people a voice. It has brought people together.

WordPress wasn’t the first blogging platform I tried. My very first blog was set up using Blogspot (now Blogger). I didn’t even know I wanted a blog to tell you the truth. But let me take a step back.

I am a techie. A very “untechie” techie, but a techie nonetheless. I actually went to university with a plan to study mathematics and become an actuarial scientist (math and money made for a perfect career, I thought). After one year of university-level mathematics, I decided that I was done with the subject and I stuck with the computer science courses I had also taken. It turned out I had a knack for programming and was often found in the computer lab, debugging my friends’ assignments.

Following my graduation, I worked for several years as a programmer before deciding that I had no interest in coding for the rest of my life. I moved on and up, studying management and information systems, which led me into more managerial positions. On my way there, I decided that I needed to have a personal website. I bought a domain (not my real name though) and starting looking into building my website.

My very first job out of university had been with a web development company as web administrator, where I had picked up quite a bit of HTML, so I figured it would be easy to just build my own website. While researching the latest and best, it struck me that being able to easily add content would be cool, as I had seen early content management systems used back in that job (Tango, anyone?).

Blogging Begins

Suddenly my search results were showing me something called blogging. This was 2005, and blogs were still pretty new. I was excited by the concept, that I could have an easy way to put my thoughts out into cyberspace. I signed up for Blogspot and dove in. For all of 2 days. I wanted to change the design and the layout of my new blog, but I couldn’t. I was stuck in the box that Blogspot provided. A little more searching and I found WordPress.

WordPress meant I could install it myself on my own hosting and play around to my heart’s content. It was a techie’s dream. In April 2005, WordPress was at version 1.5 and I was in heaven. I spent days and nights tweaking and customizing my brand new website and blog. I was a WordPresser.

I was an avid blogger, sharing posts everyday — longer thought-pieces and short asides (who remembers that concept?). The blogging community in Jamaica was small but we were an enthusiastic bunch. Many of my friends were still using other platforms, but I was a diehard WordPress lover. They took comfort in the ease of use of their hosted platforms, while I reveled in being able to completely mess my site up myself (and fix it!).

I played with themes, and experimented with plugins. Two years later, I was helping other people set up and customize their WordPress blogs, and doing migrations from Blogspot.

I was a WordPress freelancer. I didn’t even know this was a thing people did.

It took me several years before I officially created my freelance consultancy, L’Attitude Studios and actually looked to bring in clients.

Despite the fact that WordPress is the most popular blogging platform in Jamaica, and is used by many web developers to built CMS-based websites, there is not much of a WordPress community. And despite my reading all about WordCamps and community meetups, I didn’t really think of myself as part of an actual community. WordCamps started back in 2006 and there have been hundreds since, but I only went to my first WordCamp in 2016, in Miami.

Finding a Place

The organizers of WordCamp Miami made me feel so welcome. They were excited to have me come from Jamaica “just” to attend their event. For the first time, I understood that I have a place in the community, not just as a user. I signed up with the WordPress Community team as an organizer of the WordPress Kingston meetups. Full of enthusiasm I came home, ran a survey to find out how people were using WordPress and declared I was starting local meetups. The sound of crickets followed as the interest was low.

I started a new job and didn’t have time to focus on WordPress, so the meetups fell by the wayside. But I still wanted to contribute. So In 2017, I made the leap to speaking. I decided that there were things I could offer the WordPress community based on my own experiences. WordCamp Ottawa became the first WordCamp I spoke at.

Again, the WordCamp organizers (one of which I had met at WordCamp Miami) were thrilled to have me travel from Jamaica to participate. Funnily, I had to point out to several people that it took less time to get from Jamaica to Ottawa than it did for those traveling from San Francisco.

Everyone I met at WordCamp Ottawa made me feel like a part of the WordPress family, like I belonged.

I still hadn’t got my local meetups going, but I had started making connections in the WordPress space locally. And there seemed to be more interest. I proposed a series of workshops to the organizer of Caribbean Bloggers’ Week. It wouldn’t quite be a WordCamp, which we wouldn’t get permission for, but we could try to do an educational community event to spur interest and raise awareness. WP in the City was born! Sadly, it had to be postponed, but it will still take shape for 2018.

WordCamp US

Now bitten by the bug, I set my speaking sights even higher and made a submission to WordCamp US. A month later, I was notified that one of my two proposals was accepted. I was to be a WordCamp US speaker! Now an even bigger part of the WordPress community would be open to me. I set about making plans for Nashville in December.

By the time you read this, I will be able to announce that I was selected as the recipient of the Kim Parsell Memorial Scholarship. When they notified me, I didn’t even remember I had applied. Kim Parsell was an active member of the WordPress community until her passing in 2015. She was nicknamed “WPMom” because of the care she took in making sure any member of the WordPress community she met felt welcomed and valued.

Kim was already gone before I actively started taking part in the wider WordPress community. But the community I encountered definitely made me feel welcomed and valued, and now I want to help others feel that way. Going to WordCamp US is going to be an amazing opportunity, in part because of the size and breadth of the community I will get to interact with.

Bringing it Home

Jamaica is a small country, an island in the middle of the Caribbean sea. Most people know about our biggest stars (like Bob Marley and Usain Bolt), our culture (reggae music and jerk cooking) or our beaches. The people who go usually remember the people. Our community is what makes us a powerhouse. And I want to tap into that for WordPress.

I want to bring Jamaica into the WordPress community, and bring the WordPress community to Jamaica. I want to get more Jamaicans to WordCamps and actively participating in the WordPress community in other ways (through contributing and meetups).

I want to bring more WordPressers to Jamaica to share and exchange knowledge, not just enjoy the beach.

When I started out, WordPress was just a tool to get me to my goal. For a long time, I didn’t think much about the people behind WordPress, much less considering getting involved myself. Despite my own technical background, I am a newbie where it comes to WordPress development, having remained a tinkerer for much of the last decade. But WordPress is so much more than just code.

Through WordPress, I have been able to express myself through blogging and poetry. I have been able to help others achieve their own success. I have found people willing to share their knowledge for others (like me) to learn. I have found people willing to hear about my WordPress experiences. I have built a network of contacts always willing to help out.

Reading through the other essays on HeroPress, it is also clear that WordPress has changed lives. It has given people a voice. It has brought people together.

WordPress is community. WordPress is my community.

The post From the Outskirts to an Insider appeared first on HeroPress.

by Bianca Welds at November 08, 2017 12:00 PM

WPTavern: How to Whitelist Comments in WordPress

Out-of-the-box, WordPress provides the ability to blacklist comments or configure a set of options to send comments to moderation. If all comments are moderated, there are no options to whitelist comments.

Searching the plugin directory for comment whitelisting provides few, if any, solutions. However, a cursory search of Google led me to the Comment Whitelist plugin by Alejandro Carravedo.

Comment Whitelist Box

Comment Whitelist adds a ‘Put in Whitelist’ quick moderation link to comments that makes adding email addresses to the list an easy task. One thing to keep in mind is that the whitelist uses email addresses and it’s possible comments from people impersonating whitelisted users may get published.

Despite not being updated in more than nine years, the plugin works as advertised. You’ll need to download the zip file and manually install it as you won’t be able to find it by searching the plugin directory from the WordPress backend.

by Jeff Chandler at November 08, 2017 02:50 AM under whitelisting

November 07, 2017

WPTavern: Gutenberg Contributors Explore Alternative to Using iframes for Meta Boxes

The discussion surrounding the use of iframes for meta boxes in Gutenberg became more heated over the weekend, as concerned developers implored the team to consider the detriments of the current approach. Responses from Gutenberg’s leadership initially deflected concerns, presenting the iframe implementation as an experiment that “works ‘for now'” but isn’t what the team would ship.

Instead of getting a response to the specific concerns about performance and accessibility of the iframes approach, Kevin Hoffman was urged to think about the future of meta boxes and “the cases (if any) that would not be converted to blocks.” When the developer community is repeatedly asked to test and offer feedback but is met with deflection on issues that are critical to sites using WordPress as a CMS, the GitHub discussions begin to get more heated.

“People are worried, and getting frustrated and it seems to me that they have every right to do so because the perception is that the team working on Gutenberg has little understanding of how meta boxes are being used, little concern for what the impact will be, and is going to move forward with their vision no matter what,” Jimmy Smutek, lead developer at the office of external affairs at Johns Hopkins, said in response to a Gutenberg collaborators’ admission to having been dismissive of feedback.

After several rounds of developers joining the thread to debunk the notion that iframes for meta boxes “work for now,” Gutenberg lead developer Matias Ventura joined the discussion yesterday and confirmed that the experiment is likely to be dropped fairly soon.

“I’m glad the conversation refocused in the end to the topic’s issue: is the current approach to meta-boxes in an iframe viable? With the answer being no,” Ventura said. “The iframes are an implementation detail I think we can drop relatively easy. So let’s focus on that.”

He also addressed the popular opinion that WordPress should make iterative enhancements to the editor itself (and not the full page) before proceeding with overhauling meta boxes.

“What some people have called as the pragmatic approach is not concomitant with the design direction this project has had from the start — heading towards full site customization — and what has dictated our decisions so far,” Ventura said. “Nothing here has to be a final solution, we are exploring what is possible within the design premises and putting it out there for testing.”

Ventura said that not making changes to the other aspects of the edit screen would certainly be the simplest path for Gutenberg to take but that it “would not be fair to the goals of the project and the long term users of WordPress.”

WordPress developer Gary Jones contended that pursuing a more iterative approach would not change the goals of the project but would make it possible for more sites to come along during the process.

“Going one step at a time does not, in any way, compromise the goals of the project,” Jones said. “You can still head to full-size customization if that’s the goal, but by doing it in a stepped way, you’ll bring the rest of the developer community along with you.” Jones cited the Customizer as an example of a feature within WordPress with a concept that is being realized over time with many iterations.

Ventura responded with clarification on the Gutenberg team’s approach to iterating on the project, a paradigm shift that supports block-based content creation from the outset.

“We have proposed a staged approach, from Matt’s original new focuses post, it just considers the steps differently,” Ventura said. “There are generally three stages for the Gutenberg project: from the post editor, to page templates, to site building. What is primordial is that the paradigm is one where the content is a single area, with the block as the primary concept, and where the outcome can be visually represented with clarity and without excessive abstractions.”

Ventura also assured those following along on the discussion that the project will not be dropping support for meta boxes but needs more time to experiment with different interface options.

“WordPress always moves with the user, and we take the burden of figuring out development paths to ease transitions for our existing code,” he said. “As a project, we have said before that we were not dropping support for meta-boxes from WordPress, but also that we had to explore what interface decisions we would have to make within the new paradigm, including the possibility of loading the classic editor when we detect meta-boxes we cannot handle or that directly conflict with an editor that seeks to more clearly delineate what is content and what is meta-data.”

He also said the team plans to create more mechanisms to handle incompatibilities as well as “allowing more things to be opt-in (say if you are comfortable with your meta-boxes showing in Gutenberg you could declare support for it, or vice versa.”

A new approach to rendering meta boxes without using iframes is currently underway. Riad Benguella has created a pull request that attempts to undo the iframes and implement a suggestion that Tom Nowell offered during the discussion:

Instead of loading Gutenberg on a settings page, lets load it into the main classic editors page, load metaboxes in their native environment, then hoist their container DOM node into a component via JS.

We then use a different kind of toggle to make sure the classic editor can still be used. This way:

– we avoid the iframe nonsense
– metaboxes work as they always have done as far as registration is concerned
– the existing JS works as expected, and no hacks are necessary to make things work on the PHP end

The new approach has the advantage of no problems with links, modals, duplicate stylesheets, and the other drawbacks to using iframes.

The Gutenberg Team Needs a New Communication Strategy

The discussion regarding the long-term viability of using iframes for meta boxes has highlighted a lack of a unified message or communication strategy among Gutenberg leads. Collaborators on the project have grown impatient with the community for not grasping the vision, but communication is scattered across various blogs, comments, Slack channels, and GitHub discussions.

Morten Rand-Hendriksen has opened a new issue requesting a centralized resource that can serve as a plain language outline of Gutenberg’s scope, direction, and goals.

“My observation is the community is struggling to see the wider scope of the Gutenberg project due to lack of a single authoritative plain language resource containing this information,” Rand-Hendriksen said. “This creates a high degree of speculation, miscommunication, and frustration from all parties and the project suffers as a consequence.”

Gutenberg does have a documentation hub, but so far those documents are more technical and lack a practical roadmap for how the team is aiming to accomplish its goals. The FAQ section of the current docs is the closest thing to the plain language resource that Rand-Hendriksen is requesting in his ticket. The readme.txt files for both Gutenberg’s GitHub repository and the WordPress.org plugin give the impression that the project is simply updating the current editor to be block-based, not overhauling the entire editor screen.

“Due to the fractured nature of this information it is challenging for anyone to get a clear picture of the entire project, and though Matias and Matt’s posts do a good job at explaining the grand vision of the project, they lack concrete plain language breakdowns of the essentials the community need to get a firm understanding of what this project is and where it’s headed,” Rand-Hendriksen said. “They also exist as independent satellites of information circling the project rather than core parts of the project itself.”

The community is chiming in on the GitHub issue with questions they would like to see answered in a more transparent plain language product roadmap. A document like this might help the Gutenberg team to better communicate the goals of the project and avoid sending mixed messages that cause unnecessary confusion.

by Sarah Gooding at November 07, 2017 10:58 PM under gutenberg

WPTavern: Harare and Nairobi Host 2nd Round of Successful WordCamps

photo credit: WordCamp Nairobi

Six WordCamps were held over the weekend in cities across the globe, including two in Africa where WordPress events are just starting to take off. Harare and Nairobi hosted their second WordCamps in areas where the WordPress community was virtually non-existent two years ago.

Harare’s first camp was part of the WordCamp Incubator program the first year it launched. Nairobi was one of a handful of cities on the short list for the same program but ended up organizing its first camp independently in December 2016. Both communities have continued to flourish, as local leadership and meetup groups have grown.

Topics at both Harare and Nairobi WordCamps included freelancing, blogging, marketing, and community, with a sprinkling of more technical sessions. Blogging is a popular activity in Africa and those in the local WordPress community are eager to share what they have learned in maintaining and marketing their blogs.

“This year the WordCamp was bigger and better than last year, the tickets sold out, and a local company ZOL Fibroniks was a gold sponsor,” WordCamp Harare speaker Beaton Mabaso said. “The future looks bright. Hello, 2018 is looking promising.”

Mabaso is an admin on Afrobloggers, a blogging community that connects creatives across the continent. He brought his storytelling skills to his WordCamp session titled “A website is a conversation.”

“One of the best things about a WordCamp is meeting the community, networking, and making new friends,” Mabaso said. “It’s inspiring seeing people representing their grind, opportunities everywhere.”

WordCamp Nairobi was originally scheduled for October 14-15 but was postponed to November 4-5 for the safety of attendees during the repeat Presidential elections that took place October 17. Even with the change of dates, the camp was still a success.

“We made it despite the challenges that came with the political climate in the country that affected much of the planning,” WordCamp Nairobi organizer Chekumbe Emmanuel said. “I am so proud of our local WordPress community for showing up in full force.”

Only a handful of attendees have published wrap up posts so far, but browsing the #wchre and #WordCampNairobi hashtags on Twitter show how successful the camps were at connecting and inspiring the local communities. The WordCamp Incubator Program was instrumental in helping put Harare on the WordCamp map in 2016, along with Denpasar and Medellín. Incubator volunteers are currently gearing up for a second year of jump starting new WordPress communities and a call for 2018 candidates is anticipated soon.

by Sarah Gooding at November 07, 2017 06:09 AM under wordcamp

Dev Blog: WordPress 4.9 Release Candidate 2

The second release candidate for WordPress 4.9 is now available.

A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.9 on Tuesday, November 14 (just over one week from now), but we need your help to get there. If you haven’t tested 4.9 yet, now is the time!

To test WordPress 4.9, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

We’ve made just over 20 changes since releasing RC 1 last week. For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3Beta 4, and RC1 blog posts. Specific areas to test in RC2:

  • Theme installation in the Customizer.
  • Scheduling changes for publishing in the Customizer.
  • Switching themes with live preview in the Customizer.

Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. Please see the summative field guide to the 4.9 developer notes on the core development blog.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

This week’s haiku is courtesy of @melchoyce:

We squashed all the bugs 🐛
But uh, if not, let us know
Also, test your stuff

Thanks for your continued help testing out the latest versions of WordPress.

by Weston Ruter at November 07, 2017 05:33 AM under Releases

November 06, 2017

Akismet: Version 4.0.1 of the Akismet WordPress Plugin Is Now Available

Version 4.0.1 of the Akismet plugin for WordPress is now available.

4.0.1 contains a few helpful changes:

  • We fixed a bug that could prevent some sites from connecting Akismet using an existing Jetpack connection.
  • We added some code to ensure that any pending Akismet-related events are unscheduled if (heaven forbid) the plugin is deactivated.
  • Some of the Akismet JavaScript is now run asynchronously in order to increase the speed with which your pages will appear to load.

Pretty good, right?  To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.

by Christopher Finke at November 06, 2017 08:29 PM under WordPress

WPTavern: WordCamp Europe 2018 Early Bird Tickets Now on Sale

WordCamp Europe 2018 has begun early bird ticket sales for its sixth edition in Belgrade, Serbia, June 14-16. Attendees who purchase a ticket before December 31, 2017, will receive a limited-edition swag item.

WordCamp Europe has sold out in many previous years and organizers of the 2017 event in Paris anticipated that it would be the largest event in WordPress history. They expected to host more than 3,000 attendees but the actual number on the ground was 1,900 – 5% fewer than the 2,000 who attended in Vienna the previous year. WCEU 2017 posted a 24% no-show rate, which was more than double that of previous years.

Putting tickets on sale too early was one of the factors that contributed to the Paris event’s high no-show rate, in addition to higher local sales, an expensive location, and attendees’ problems obtaining visas. This year ticket sales are starting a little later and batches will be staged out into 2018.

The WCEU organizing team for Belgrade includes 54 people leading 10 teams to manage sponsors, PR, volunteers, design, and on-site responsibilities. The event has also added a new Attendee Services team that will assist with things like ticket invoices, visa letters, and other services on the ground.

A batch of 1,000 early bird tickets were released today and more than 10% have already been purchased on the first day of sales. Tickets are €40.00 and include two days of presentations, lunch, coffee and snacks, a t-shirt, and a ticket to the After Party. The ticket also gives the attendee access to Contributor Day, which will take place the day before the conference and requires a separate sign up. Tickets are non-refundable but can easily be resold or gifted in the event that the purchaser cannot attend.

by Sarah Gooding at November 06, 2017 07:54 PM under WordCamp Europe

November 03, 2017

WPTavern: Gutenberg Contributors Discuss the Drawbacks of Using iframes for Meta Boxes

photo credit: Closed square box, variation(license)

A lively and productive discussion regarding Gutenberg’s use of iframes for meta boxes is happening on GitHub. Yesterday, WordPress developer Kevin Hoffman created an issue titled “Are iframes a viable long-term solution for meta boxes?

Gutenberg 1.5 introduced initial support for meta boxes. Hoffman identified several issues with iframes that have been popping up as developers have begun testing the current meta box implementation. He did some performance testing that revealed Gutenberg’s use of iframes triples the number of asset requests, as it enqueues all of the CSS and JS assets in the parent window as well as in all the iframes.

image credit: Kevin Hoffman

“Generally speaking, iframes have been discouraged in web development for many years for reasons that are well-documented,” Hoffman said, before citing a litany of issues that plugin developers have already discovered in testing Gutenberg’s meta box support. “Can these issues be addressed without requiring modification of the theme or plugin that generates the meta box? We have to consider that third-party code that has powered meta boxes for years may not have the luxury of being updated in order to be compatible within an iframe.”

Gutenberg design lead Tammie Lister responded to Hoffman’s concerns, indicating that the current implementation of meta boxes is simply an experiment and not necessarily what would land in WordPress 5.0:

It’s good to think a little that what we have today for meta boxes in Gutenberg is an experiment, in many respects it’s a holding pattern as the project works out the direction to take. In saying that it’s one that works ‘for now’ but isn’t what we would ship with.

All the above said, I think it’s important to look at what in the future metaboxes will be used for. What are the cases (if any) that would not be converted to blocks? Do all metaboxes have to work on mobile? Is there even an alternative interface that we haven’t explored? I bet there is. Right now, it’s about looking at those possibilities and getting on a road that works for the state right now and the future state.

The presentation of this implementation as an experiment that “works for now” (but would not be shipped) comes as a surprise after Gutenberg 1.5 arrived with the announcement that “this release includes long awaited meta-boxes support (needs testing!)”

Hoffman contends that the iframe approach doesn’t even work ‘for now,’ as the issue was opened in order to cite several major ways where it is broken. If Gutenberg moves forward with the current approach, it would require many plugins to be modified in order to be compatible with WordPress 5.0, which Hoffman said would defeat the whole purpose of supporting legacy meta boxes.

“I have not seen any evidence to date that suggests meta boxes will continue working with Gutenberg,” Hoffman said. “If the answer is no, then we ought to stop pretending that 5.0 will be just another WordPress release and start being honest about breaking backwards compatibility.”

Edwin Cromley, a collaborator on the project, said that the team anticipates that certain themes and plugins will be broken and that it is not possible to accommodate every possible use case. He admitted that the iframe solution may not meet the project’s goals. Instead, he advocates creating the best experience for the vast majority of users.

However, the current approach would adversely affect many sites out there that use WordPress primarily as a CMS with meta boxes. WordPress core committer Scott Taylor expressed concerns about custom post types, many of which do not make use of the traditional “content” section in favor of meta boxes only.

“In this current iteration, meta box support is an add-on, when in many people’s reality, meta boxes ARE the UI, the API, the mechanism they use to compose their CMS,” Taylor said. “iframes are the gulag.

“And we are forgetting the values WP has been built on forever: I should be able to update to the latest version of WP, and have to rewrite nothing. I have so many projects in the wild on WP that I will never touch again. Can I be confident that some of them won’t break wildly with this change?”

Hoffman advocated scaling back the scope of the project to focus on the editor component, a popular opinion that many plugin developers share and one that was illustrated in detail in Yoast’s post proposing an alternative approach to Gutenberg. This approach stages out the changes to the edit screen, giving developers more time to update their plugins, as well as allowing the Gutenberg team to find an adequate solution for meta boxes.

“I think that goal would be a lot more achievable if Gutenberg stuck to overhauling the editor rather than taking over the entire page,” Hoffman said. “Then we could leave the existing hooks in place and meta boxes could continue to communicate with each other as they do now. Also, asset enqueuing would be a non-issue since it would work as it does today.

“I’m in strong agreement with this concept put forth by Yoast, which seems to me like it would maintain much of the work already done while scaling back the scope of the project to focus on the editor component.”

Gutenberg engineer Riad Benguella indicated the team is not too keen on working towards this concept.

“Reusing Gutenberg pieces to build this concept is relatively doable, but this is not the UX we want to optimize for, we want to build the best possible editor first and make it available for people without backwards compatibility concerns (fresh installs, no metaboxes…),” Benguella said.

“When we think the ideal vision of Gutenberg is ready to ship, we’ll have time to discuss upgrade path strategies, a concept like this one is an option for an upgrade path, but definitely not as the final product. Other upgrade paths are also possible.”

The WordPress developer community is not, however, in favor of delaying this discussion once again. Many are eager to finally answer the question of how meta boxes will fit into the context of the Gutenberg editor so they know how to prepare. Given the numerous issues with the iframes approach, rendering legacy PHP meta boxes under the new editor will require more experimentation and possibly an alternative solution.

“Why devote thousands of hours into developing the ideal editor if it cannot be made compatible with existing sites?” Hoffman said. “If the first impression is that it breaks the UI they depend on, users will never experience the ideal editor in the first place.”

“I think it may be a mistake to put this off too far,” WordPress core committer Aaron Jorbin said. “Especially since many organizations are going to need at least 1-2 quarters to prepare.”

Mark Kaplun suggests the Gutenberg team use a popular plugin as a gauge for the success of current and future meta box support experiments.

“My productive suggestion, is to not declare meta boxes ready, as long as Yoast SEO does not properly work in it,” Kaplun said. “It is both slightly complex in terms of interactions and it is installed on shit loads of sites. If Gutenberg cannot work with it, probably no one is going to use it.”

Greg Schoppe, who has tested and written extensively on Gutenberg’s ongoing development, joined the conversation to advocate for Yoast’s alternative approach to the project as well.

“I highly support Yoast’s view of Gutenberg,” Schoppe said. “It is unclear to me how ‘upgrade the visual editor’ was reinterpreted to be ‘replace the entire post edit interface’ by the Gutenberg team, but it seems directly at odds with the so-called ‘Ship of Theseus.’

“In this case, the lack of clear direction and support for the existing standard workflows is actively hurting developers now. How can I move forward building a project, without a trusted set of hooks and tools that I can rely on? It is unconscionable to think that such a large software project would entirely upend the standard workflow for developers in a single update. and it is insane that these conversations are just happening now, in November, when the plan is to have a merge approved at the beginning of the year.”

The discussion regarding the iframes approach to meta boxes was opened yesterday is still relatively new, but so far the Gutenberg team’s responses have failed to adequately address the concerns of the developer community in this thread. Finding an approach to meta boxes that preserves WordPress’ powerful CMS capabilities, without alienating users and developers, is one of the Gutenberg team’s greatest challenges. They are still aiming at producing a merge proposal early next year, but with meta boxes still in the experimentation stage, the team’s anticipated timetable continues to put the project at odds with the WordPress developer community.

by Sarah Gooding at November 03, 2017 11:44 PM under meta boxes

WPTavern: Bianca Welds Awarded Kim Parsell Travel Scholarship

The WordPress Foundation has awarded Bianca Welds with the Kim Parsell travel scholarship to attend WordCamp US 2017. Welds lives in Jamaica and has been using WordPress since 2005. We featured her on the Tavern in 2015 when she provided insight into the Jamaican WordPress community.

Welds will be presenting at WordCamp US on how a couple is using WordPress to try to increase understanding and participation of the Deaf community in Jamaica.

“Besides the fact that I am really excited and honored to have been selected, and humbled by the outpouring of support since the announcement,” Welds said. “I’m looking forward to WordCamp US and meeting even more amazing people from the WordPress community.”

Welds has identified a few members of the WordPress community in her area and is attempting to create a nucleus to build on, “We will be starting meetups in December/January,” she said. “We also have a workshop series (a bit of an unWordCamp) being planned to help stir up more interest in WordPress and the community.”

If you see Welds at WCUS, be sure to say hi and congratulate her.

HeroPress Publishes Essay Dedicated to Kim Parsell

Coinciding with the scholarship announcement, HeroPress has published an essay that members of the community  contributed too, including myself, in memory of Kim Parsell. The theme of the essay is ‘What did the WordPress Community Mean to Kim?’.

It has been nearly three years since Kim passed away but in my conversations with her online and in the physical world, I understood what the community meant to her. It meant family, a responsibility she took very seriously. I highly encourage you to read the essay and the beautiful things people had to say about Kim. She is missed by many but her spirit lives on.

by Jeff Chandler at November 03, 2017 08:07 AM under wordpress foundation

November 02, 2017

WPTavern: Press This Removed from WordPress 4.9 in Favor of a Plugin

photo credit: matt-artz Tools. 2015(license)

Press This, a tool that allowed users to quickly clip and publish content from web pages, is set to be removed from WordPress’ upcoming 4.9 release. The feature is being retired and will live out its remaining days as a canonical plugin.

WordPress contributors opted to make a clean break by completely removing Press This and its supporting functions from core. After 4.9 is released, users visiting wp-admin/press-this.php will be prompted to install the plugin from WordPress.org.

A revamped version of Press This landed in WordPress 4.2, released two years ago. Contributors had been talking about switching it to use the REST API instead of admin-ajax since the 2014 redesign of the bookmarklet. This update is still on the plugin’s roadmap for anyone interested in contributing to its development.

“Following the importers and the link manager, it’s about time to say goodbye to Press This,” WordPress lead developer Andrew Ozz said in a ticket proposing the feature’s retirement. “Bookmarklets were popular seven – eight years ago, and now are considered mostly ‘old tech.’ The Press This usage was dwindling for the last several years. Currently it is at under 0.2% of the wp-admin requests (as far as I can tell). It seems best to extract it from core to a plugin, similarly to the importers.”

What Use is Press This without the Bookmarklet?

Development on Press This’ accompanying bookmarklet feature has also been discontinued. Older bookmarklets will not work with the new canonical plugin.

“Usage of bookmarklets across the web has decreased significantly and bad actors attempting to trick users to preform unsavory actions increased over the years,” Brandon Kraft said in a post announcing Press This’ retirement. “Coupled with advancing toward a new editing in experience in core, we decided it was a suitable time to make these changes in one swift move.”

Heavy users of Press This might wonder what the feature is worth without the bookmarklet. Posting through the interface will now require more copying and pasting. The URL scanning remains, but it’s not as efficient as highlighting a portion of text on a page and clicking on the bookmarklet to auto-populate a new post in WordPress. This change makes the plugin simpler to maintain but removes the time-saving feature that made Press This feel like magic.

“With the rise of bad actors attempting to trick folks to entering their credentials via phishing attempts, I removed the functionality in an effort to not promote requesting credentials after firing off JavaScript on a random site,” Kraft said. “To set expectations, I am not foreseeing a change in this decision; however, I support continued conversation and dialogue.”

Kraft opened a GitHub issue on the plugin’s new repository to centralize any discussion regarding restoring the bookmarklet functionality.

Any plugin authors who have extended Press This will need to update their plugins with a check for plugin availability as demonstrated in wp-admin/press-this.php.

by Sarah Gooding at November 02, 2017 10:18 PM under WordPress 4.9

WPTavern: GitHub Launches Community Forums to Connect Developers

GitHub launched its new community forums this week as another way for the platform’s 24 million developers to stay connected. The company built them on top of the Lithium SaaS community platform, a popular choice for enterprise customers, including Sony, Cisco, HP, Skype, Barclaycard, Symantec, Google, and PayPal.

The first iteration of the forums includes a gamification aspect that rewards participants for interaction and contribution. Users can “rank up” by receiving “Kudos” and providing solutions to questions on the forums. GitHub plans to expand on these features in the future.

Naturally, this style of ranking and participation led users to be curious whether GitHub is aiming to have its forums become a StackOverflow Q&A platform alternative. When asked what the company had in mind when designing this feature, GitHub Community Manager Nadia Padzensky said the forums provide another avenue for open discussion on ideas and general questions unrelated to specific projects.

“Issues don’t always lend themselves well to these kinds of discussions; however, a forum presents a place designed specifically for these types of conversations,” Padzensky said. “In the past, we’ve not had a GitHub-owned space for users to engage with each other in this way.”

GitHub has also launched an educational section called GitHub Original Series with articles from staff on workflows and features, written on topics that users often ask about in private support emails. The team plans to build out this section of the site while adding more features to the forums.

“We are looking to add contests, polls, and better processes and tooling for taking user feature requests,” Padzensky said. “Additionally, the Community Forum will adapt to its members needs; Community Forum member activity and feedback will directly help inform what the Community Forum evolves into.”

The ability to keep in touch with its user base is perhaps the most important function the forums will provide to GitHub. It offers a space where users can discussion problems they are having with GitHub’s products and have those concerns heard by staff. This could potentially help the company avoid public relations disasters like last year’s when a group of open source project maintainers confronted GitHub with an open letter of complaints regarding issue management. The company admitted to having become disconnected from the needs of its open source community and promised to launch new features that would better serve community-led projects, as well as make it easer for developers to offer feedback on the products it is building.

by Sarah Gooding at November 02, 2017 07:00 PM under github

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

The 2.9.2 release addresses five security issues:

  • A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported by J.D. Grimes.
  • Some uses of serialized data were judged to need hardening. Reported by John James Jacoby of the BuddyPress security team.
  • An open redirect was fixed on the user edit screens. Reported by Yasin Soliman (ysx).
  • An unauthorized information disclosure vulnerability was fixed in an AJAX handler. Reported by J.D. Grimes.
  • A Cross Site Scripting (XSS) vulnerability was fixed in the avatar upload interface. Reported by Ronnie Skansing.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to all reporters for practicing coordinated disclosure.

In addition, 2.9.2 includes a change that improves compatibility with the upcoming WordPress 4.9 release, by removing the call to a newly deprecated hook.

by Boone Gorges at November 02, 2017 04:30 PM under security

Follow our RSS feed: 

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this site, send an email to Matt.

Official Blog

For official WordPress development news, check out the WordPress Core Blog.


Last updated:

November 20, 2017 07:15 AM
All times are UTC.