WordPress Planet

August 19, 2017

WPTavern: Facebook Isn’t Budging on React’s BSD + Patents License

Last month React users petitioned Facebook to relicense the project (and its other open source projects) after the Apache Software Foundation (ASF) added Facebook’s BSD+Patents license to its Category X list of disallowed licenses for Apache PMC members. Participants and subscribers to the GitHub thread waited weeks for a decision on re-licensing while Facebook’s engineering directors discussed the matter internally. The request has now formally been denied.

“I’d like to apologize for the amount of thrash, confusion, and uncertainty this has caused the React and open source communities,” Facebook engineer Adam Wolff said. “We know this is painful, especially for teams that feel like they’re going to need to rewrite large parts of their project to remove React or other dependencies. We’ve been looking for ways around this and have reached out to ASF to see if we could try to work with them, but have come up empty.”

The request for re-licensing had received 851 “thumbs-up” reactions on GitHub and many developers commented to say that the ASF’s policy disallowing the BSD+Patents license affects their organizations’ ability to continue using React and other open source projects from Facebook. Others said they would like to use React but the licensing makes it impossible for their companies.

Facebook Cites “Meritless Patent Litigation” as the Reason Behind Adopting the BSD + Patents License

Wolff’s post announcing Facebook’s decision said that the team has not done a good job of communicating the reasons behind its BSD + Patents license and offered a more in-depth explanation:

As our business has become successful, we’ve become a larger target for meritless patent litigation. This type of litigation can be extremely costly in terms of both resources and attention. It would have been easy for us to stop contributing to open source, or to do what some other large companies do and only release software that isn’t used in our most successful products, but we decided to take a different approach. We decided to add a clear patent grant when we release software under the 3-clause BSD license, creating what has come to be known as the BSD + Patents license. The patent grant says that if you’re going to use the software we’ve released under it, you lose the patent license from us if you sue us for patent infringement. We believe that if this license were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.

The ASF’s decision to disallow the BSD+Patents license was for policy reasons, not a legal decision based on incompatibility. Greg Stein, commenting on behalf of ASF on a separate GitHub issue, said that the ASF didn’t want downstream users of Apache code to be surprised by the PATENTS grant that was previously in RocksDB and is still in React. The organization wanted users to have no further constraints other than following the ALv2.

“While we respect this decision, it hurts to see so many great ASF projects get churned for policy reasons after using this license for years,” Wolff said in Facebook’s announcement. The company made it clear that they will not be re-licensing React or any other projects simply to satisfy ASF’s policy requirements.

“We have considered possible changes carefully, but we won’t be changing our default license or React’s license at this time,” Wolff said. “We recognize that we may lose some React community members because of this decision. We are sorry for that, but we need to balance our desire to participate in open source with our desire to protect ourselves from costly litigation. We think changing our approach would inhibit our ability to continue releasing meaningful open source software and increase the amount of time and money we have to spend fighting meritless lawsuits.”

Many from the OSS community expressed disappointment and frustration in their initial reactions on Twitter:

The issue requesting re-licensing has been closed on GitHub and is now locked and limited to collaborators.

It’s not clear how this decision will affect WordPress, as the project has yet to announce which JS framework it will be adopting for core. Automattic is heavily invested in React, having built Calypso and Jetpack’s admin interface with it. WordPress’ new Gutenberg editor is also built using React, as the project’s chief contributors are employed by Automattic. The company’s legal counsel has said in the past that they are comfortable using React for its products under the current license, but other companies in the WordPress ecosystem may not be as amenable to having the framework included in core.

by Sarah Gooding at August 19, 2017 03:52 AM under react

August 18, 2017

WPTavern: WordPress.org to Add New Page Educating Users on Benefits of Upgrading PHP

WordPress’ Core PHP team has created a new GitHub organization for initiatives focused on improving the use of PHP in the project. The first one they are tackling is a new page on WordPress.org dedicated to educating users about the benefits of upgrading PHP. Contributors are collecting third-party articles and tutorials on PHP upgrades to find inspiration for the project, which is temporarily codenamed “servehappy.”

WordPress’ stats page shows that 14.2% of the all the sites it is tracking are running on PHP 7.0+. 40.6% of sites are on PHP 5.6, which is no longer actively supported but will receive security fixes until January 2019. This leaves 45.2% of all WordPress sites running on older, insecure PHP versions that have already reached end of life and are no longer receiving security updates.

WordPress PHP Versions – 8.18.2017

Contributors are using the issues queue of the servehappy repository to collect benefits and statistical data they can use to sell the “update PHP” proposition to users. The project is currently in the brainstorming phase, but the team will eventually whittle the ideas down to present the most effective benefits.

“The primary task for the ‘servehappy’ repository will be to open issues for the benefits we’ve come up with over the past few weeks, and discuss them one by one, whether they qualify for the page and how they can be framed in the most convincing way,” Felix Arntz said.

In addition to proposing the benefits of upgrading PHP, the page will also include a call to action and information about how to upgrade or how to approach your host for an upgrade. Contributors are discussing the page’s outline and are aiming to tackle the project in a friendly and sensitive way that doesn’t put stress on users.

“The section ‘What should you need to know before doing an update?‘ must not unnecessarily make the user worry,” Arntz said, recapping the thoughts contributors expressed during the team’s most recent meeting. “Let’s highlight possible issues, but not overestimate them. People should see upgrading as a good thing, and we should point them to how they can determine whether their sites are ready.”

The Core PHP Team will be getting in touch with WordPress’ marketing team to request their expertise on refining the page’s approach. Anyone is welcome to contribute third-party resources or ideas to the servehappy project on GitHub. Check out the most recent meeting notes for a full summary of the project and its needs.

by Sarah Gooding at August 18, 2017 08:37 PM under php

WPTavern: Chrome Version 62 to Show Security Warnings on HTTP Pages Starting in October 2017

Google Search Console has started sending out notices to sites that have not yet migrated to HTTPS. Chrome 61 is now in beta and version 62 is on track to begin marking HTTP pages as “NOT SECURE” beginning in October. It will show the warning if it detects any forms on the page that transmit passwords, credit cards, or any text input fields that the browser deems are in need of HTTPS protection. All HTTP pages in incognito mode will trigger the warning.

In January 2017, Chrome version 56 began marking sites that transmit passwords or credit cards as non-secure as part of its long-term plan to mark all HTTP sites as non-secure. The warning will become more prominent as time goes on.

“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” Chrome Security Team Emily Schechter said.

The email sent out from the Google Search Console urges site owners to fix the problem by migrating to HTTPS. Hosting companies that specialize in WordPress are making it easier than ever to make the switch. Many of them have added Let’s Encrypt integration to offer free certificates to customers. As of 2017, WordPress now only recommends hosting partners that provide SSL certificates by default.

Thanks to the push towards HTTPS from Google, web browsers, hosting companies, and the 100+ million certificates issued by Let’s Encrypt, the percentage of pageloads over HTTPS is now approaching 60%, according to Firefox Telemetry.

by Sarah Gooding at August 18, 2017 05:14 PM under ssl

Lorelle on WP: WordPress School: Shortcodes

WordPress shortcodes are abbreviated code placed into the WordPress Visual or Text Editors that expands into a larger code structure. As we continue with Lorelle’s WordPress School free online course, it’s time to explore the basics of WordPress shortcodes.

The following is the embed code for a Google Map, pointing to one of my favorite local museums, The Rice Northwest Rocks and Minerals Museum in Hillsboro, Oregon:

<a href="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2792.809130780463!2d-122.94987648443889!3d45.57427677910247!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x54950456e76e254b%3A0xdfad5d11bde5b6cc!2s26385+NW+Groveland+Dr%2C+Hillsboro%2C+OR+97124!5e0!3m2!1sen!2sus!4v1502560000052">https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2792.809130780463!2d-122.94987648443889!3d45.57427677910247!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x54950456e76e254b%3A0xdfad5d11bde5b6cc!2s26385+NW+Groveland+Dr%2C+Hillsboro%2C+OR+97124!5e0!3m2!1sen!2sus!4v1502560000052</a>

When the post or Page is saved, WordPress.com automatically converts it to the embed code for Google Maps like this:

[googlemaps https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2792.809130780463!2d-122.94987648443889!3d45.57427677910247!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x54950456e76e254b%3A0xdfad5d11bde5b6cc!2s26385+NW+Groveland+Dr%2C+Hillsboro%2C+OR+97124!5e0!3m2!1sen!2sus!4v1502560000052&w=600&h=450]

This is what you see in your Visual or Text/HTML editors. Doesn’t look like a map, yet, does it?

When the post is previewed or published, you will see the map like this:

The map is not a screenshot. It is interactive. Zoom in and out and move around on the map. The Google Maps shortcode taps into the Google Maps API allowing a live section of the map to be embedded on your site to help people find locations and directions.

Google Maps are a great way of providing instructions to the location of a store or company on a Contact web page. They are also fun to embed in a post about a favorite park, hike, fishing hole, vacation spot, or even create a custom map that charts your travels, hikes, or a specific route for shopping or exploring.

NOTE: Google Map embeds are tricky. You need to search for the exact address and use that embed code. If you search for a business name, you may get an invalid server request from Google Maps. Also note that WordPress.com has made it easier to use shortcodes by skipping the extra code and converting links and embed codes automatically to shortcodes. This may require saving your post as a draft twice before you can see the results on the front end preview of the post or Page.

Shortcodes allow the user to add content and functionality to a WordPress site without knowing extensive code or digging into the programming of a WordPress Theme or Plugin. With the shortcut of a shortcode, WordPress users may add all sorts of customization features to their site.

There are a variety of shortcodes in the core of WordPress. WordPress Themes have the ability to enable or disable these, and add more, as do WordPress Plugins.

Let’s experiment with the Archives Shortcode.

  1. Add a New Page to your site. Title it “Site Map” or “Archives.”
  2. Type in [archives].
  3. Preview, then publish the post when ready to see a listing of all of the published posts on your site in a list.

Check out my site map as an example of what’s possible.

What You Need to Know About WordPress Shortcodes

Shortcodes come with WordPress out of the box, and also with WordPress Themes and Plugins. These snippets of code allow the user to add functionality to their site without touching the code.

The PHP code that enables the functionality, and adds the ability to use the abbreviated code to generate that functionality on the site, is called a function.

At its core, this is the function found to generate all WordPress Shortcodes:

function foobar_func( $atts ){
	return "foo and bar";
add_shortcode( 'foobar', 'foobar_func' );

The attributes, represented in this abbreviated version by $atts, are the instructions as to what the shortcode is to do.

In the expanded form with functionality, I’ve called the shortcode “elephant” and set up two attribute values, “trumpet loudly” and “stomp.”

// [elephant foo="foo-value"]
function elephant_func( $atts ) {
    $a = shortcode_atts( array(
        'foo' => 'trumpet loudly',
        'bar' => 'stomp',
    ), $atts );

    return "foo = {$a['foo']}";
add_shortcode( 'elephant', 'elephant_func' );

Depending upon what “foo” and “bar” represent, the results would be “trumpet loudly” and “stomp.” What these represent are HTML code, modifications to HTML code, and initiates the programming such as generating a list of all the posts you’ve published as an archive list.

Right now, you aren’t at the stage where you can program shortcodes and add them to WordPress Themes or create WordPress Plugins, so I’m not going to dive into these much deeper. You need to learn how these work and how to use them on your site, and the more you use them, the better feel you will have for what a shortcode can do on your site.

WordPress.com offers a wide range of shortcodes to add functionality to your site. To learn about how to use these, see Shortcodes — Support.

Here are some examples of shortcodes to experiment with on WordPress.com.

More Information on WordPress Shortcodes


Your assignment in these WordPress School exercises is to experiment with WordPress shortcodes, specifically the ones available on WordPress.com.

I’ve listed some examples of shortcodes on WordPress.com above, and you may find more in the WordPress.com list of Shortcodes.

Your assignment is to use shortcodes to add features to your site.

  • Create a Page called “Site Map” or “Archives” and add an archive list shortcode.
  • Add a Google Map to a post or Page using the Google Maps shortcode.
  • Add a gallery to a post or Page with the gallery shortcode, testing the various options (parameters) to get the look and feel you like best.
  • Add a recipe to a post using the recipe shortcode.
  • Find another shortcode with a variety of features to experiment with. See how many ways you can change the look and feel of the content. If you wish, blog about your discoveries with screenshots or examples in the post. Let us know about it in the comments below so we can come inspect your work.

This is a tutorial from Lorelle’s WordPress School. For more information, and to join this free, year-long, online WordPress School, see:

Filed under: WordPress, WordPress School Tagged: learn wordpress, shortcodes, wordpress, wordpress guide, wordpress help, WordPress News, wordpress school, wordpress shortcodes, WordPress Tips, wordpress tutorials

by Lorelle VanFossen at August 18, 2017 11:02 AM under wordpress shortcodes

WPTavern: New Merlin WP Onboarding Wizard Makes WordPress Theme Installation and Setup Effortless

ThemeBeans founder Rich Tabor released Merlin WP on GitHub in public beta this week. The project provides a beautiful experience for installing and setting up WordPress themes with all of their plugin dependencies, Customizer settings, widgets, demo content, and more.

“I was inspired by David Baker’s Envato Theme Setup Wizard and was working to add it to my own themes but pivoted after realizing I was just putting a band-aid on the onboarding issues surrounding themes in particular,” Tabor said. “It wasn’t a particularly grand experience and didn’t take care of the essentials the way I was looking for.”

Tabor said he wanted to make the onboarding experience much friendlier than what WordPress products are typically known for and needed a way to get his customers started on the right foot.

“Over the years I’ve had countless ‘how do I get this page like your demo’ and ‘where do I even start’ questions — and my themes aren’t even particularly confusing/difficult to use.” Tabor said.

Ordinarily, users have to hop from screen to screen to install a theme, recommended plugins, and apply Customizer settings. Even an experienced WordPress user often has to refer to documentation to get a theme set up with the right customizations to match the demo. The video below shows an example of Merlin WP in action as it guides a user through setting up York Pro, a fork of one of ThemeBeans’ commercial themes that is included in Merlin WP’s GitHub repo.

Merlin WP makes the process of setting up a theme nearly effortless for users. It also leaves less room for error or confusion.

Developers can add Merlin WP directly to their theme files. It includes a configuration file that allows for customization of any text string in the wizard. Theme developers add the Merlin class (merlin/merlin.php) and the merlin-config.php file, along with any demo content (included in the demo directory location specified in the merlin-config.php file):

  • content.xml — Exported demo content using the WordPress Exporter
  • widgets.wie — Exported widgets using Widget Importer and Exporter
  • customizer.dat — Exported Customizer settings using Customizer Export/Import

Merlin WP was also developed to work seamlessly with TGMPA, a PHP library that many WordPress developers use to require or recommend plugins for their themes and plugins. It will automatically pull the recommended plugins into the wizard.

Tabor said his targeted distribution channel is commercial themes, though he believes Merlin WP could also be useful for themes hosted on WordPress.org.

“I’m honestly not sure if it would be allowed,” Tabor said. “I guess that’s where getting more eyes on the project and more input from the Theme Review team comes in handy. I have had a lot of feedback from authors who are eventually considering adding Merlin WP as an ‘up-sell feature’ for their lite offerings currently on .org.”

Tabor estimates that Merlin WP will be in beta for another two weeks. There are a few issues he wants to resolve before bringing it out of beta. He is testing the wizard in his own products at ThemeBeans, which is what he built it for originally. The shop has more than 40,000 customers and Tabor plans to push the wizard live across his entire theme collection once the last few issues are resolved.

Merlin WP is GPL-licensed and available on GitHub for any developer to use in open source projects. Tabor said he is considering creating a pro version but is not currently interested in pursuing an add-on model.

“I’m considering having an advanced version, with different developer-level capabilities, such as EDD Software Licensing support (where theme users can enter their license key issued from the developer in the onboarding process),” Tabor said.

Tabor anticipates one of the main benefits for theme shops using Merlin WP will be a decreased support load where questions about initial setup and “how do I do this like the demo” become less common.

“Customers will have what they’ve purchased right off the bat (instead of installing plugins, installing a child theme, importing content, setting menus, widgets, etc),” Tabor said. “They will likely appreciate the ease-of-use and share that experience with others.”

by Sarah Gooding at August 18, 2017 01:19 AM under wordpress themes

Post Status: Building a healthy remote company, with Tom Willmot — Draft podcast

Welcome to the Post Status Draft podcast, which you can find on iTunes, Google Play, Stitcher, and via RSS for your favorite podcatcher. Post Status Draft is hosted by Brian Krogsgard.

In this episode, Brian is joined by Tom Willmot, the CEO of Human Made. Human Made recently released an employee handbook as an open source document for anyone to use, copy, or learn from. Tom and Brian discuss several elements of the handbook, and how they approach these things at Human Made:

  • Employee onboarding
  • Remote work processes
  • Communication
  • Employee feedback and mentorship
  • HR policies
  • And more!

This was a fun episode. Human Made has some of the lowest turnover in our industry and it was educational to hear from Tom.


Direct Download

Sponsor: OptinMonster

OptinMonster allows you to convert visitors into subscribers. You can easily create & A/B test beautiful lead capture forms without a developer. Be sure to check out their new Inactivity Sensor technology.

by Katie Richards at August 18, 2017 01:19 AM under Everyone

August 17, 2017

WPTavern: User Experience Tests Show Gutenberg’s UI Elements Can Benefit From Better Timing

Over the past few months, reviews for Gutenberg have trended towards a love/hate relationship without much in between. To figure out why this is, Millie Macdonald and Anna Harrison of Ephox, the company behind TinyMCE, analyzed the feedback and concluded that many of the issues likely stem from timing.

“In short, the nuances in the micro-interactions and timing of UI elements in Gutenberg are a little out of sync with what the user is doing at a point in time,” Harrison said. “For example, a user typing in a new paragraph is distracted when the decoration of the previous paragraph turns on.”

A common piece of feedback is that Gutenberg’s UI is clean but also cluttered. Harrison recorded a video of users copying and pasting paragraphs into Gutenberg and Medium.

In the video, toolbars and UI elements are displayed in Gutenberg during the writing process creating a cluttered look and disrupting the writing flow. In Medium, the formatting toolbar doesn’t display until text is highlighted and the + symbol disappears if it’s not interacted with.

Based on user testing, Harrison suggests refining the timing of when visual elements pop up in Gutenberg. “Right now, menus pop up when we are trying to type,” Harrison said. “They ought to pop up when we are trying to do something to words that have already been typed.”

Harrison presented their findings and suggestions to Gutenberg’s development team. Tammie Lister, design lead for Gutenberg, agreed that getting micro-transactions right is important. “I see this as the type of refinement post version 0.9/1 can bring,” Lister said.

“A few things I am slightly obsessed with is having an animation pace, story and consistency to interactions. Just something to throw in when looking at micro-interactions. I’ve also been doing some self thinking about what the ‘feel’ of emotion of Gutenberg should be. The one I keep coming back to is ‘calm’ and ‘supporting’. Just another thing to throw in when looking at these smaller details.”

Developers thanked Harrison and Macdonald for collecting, analyzing, and sharing data with the team. Does Gutenberg feel heavy to you? Let us know what your experience is like writing content in Gutenberg.

by Jeff Chandler at August 17, 2017 11:06 PM under tinymce

WPTavern: WordPress Support Team to Host Free Workshop August 23 on Supporting Themes

Over the past few months the WordPress Support Team has been brainstorming ways to improve support across various aspects of the community. One new idea they are pursuing is hosting workshops where WordPress.org theme and plugin authors can present how they approach supporting their free, open source products that have been released to the community.

Some users approach WordPress.org plugins and themes with realistic expectations regarding the support they might receive on tickets. Others approach these free products as if they were all built with large teams of professional support behind them, which is rarely the case. This often results in frustration, one-star reviews, and ultimately a bad reputation for products hosted in the official directories. It is also one of the primary reasons developers forgo putting products on WordPress.org and simply opt to host them on GitHub.

The new workshops will offer concrete strategies for bridging the chasm of expectation regarding support that exists between developers and users. WordPress.org theme and plugin authors will share the tools and ideas they have implemented to offer support while creating a positive experience for everyone involved.

Kathryn Presner, who supports hundreds of themes at Automattic, will be leading the first workshop titled “The Developers Guide to Supporting Your Themes:”

Providing support for your themes offers tremendous opportunities to educate WordPress users, from explaining how to make a child theme to offering simple CSS customisations. It also presents challenges, like figuring out how to help people who aren’t tech-savvy or need support beyond the scope of what you can provide. While many developers dread doing support, with some concrete strategies and techniques in hand, helping users doesn’t have to be a chore – and can even be fun! This session looks at how to make your themes’ users happy while feeling a sense of satisfaction from your own support efforts – a winning combination in the world of theme development.

WordPress.org theme authors will want to mark their calendars for Wednesday, August 23 at 11 AM CDT. The workshop will be broadcast live as a Zoom teleconference and will last for an hour, including time for a Q&A at the end. Zoom can run on desktop and also offers apps for mobile devices. The session will be recorded and available on WordPress.tv at a later date.

by Sarah Gooding at August 17, 2017 07:19 PM under wordpress.org themes

August 16, 2017

WPTavern: WPWeekly Episode 285 – Not Every WordPress Is the Same

In this episode, John James Jacoby and I open the show by discussing our observations of social media lately. Our feeds are filled with anger and for me personally, Twitter is becoming less useful.

We discussed the news of the week, including a lengthy conversation about Automattic opening up the WordPress.org ecosystem of plugins and themes to Business plan customers. Near the end of the episode, we share the features we’d like to see in a syntax highlighter for the built-in plugin and theme editors.

Stories Discussed:

WordPress Foundation to Sponsor Open Source Educational Events

WooCommerce Forks select2, Releases selectWoo as a Drop-In Replacement with Improved Accessibility

Gutenberg 0.8.0 Introduces 5 New Blocks: Categories, Text Columns, Shortcode, Audio, and Video

WordPress.com’s Business Plan Gives Subscribers a Way to Tap into WordPress.org’s Third-party Ecosystem

WordPress 4.9 to Focus on Code Editing and Customization Improvements, Targeted for November 14

Picks of the Week:

WPisNotWP by Caspar Hübinger, is a tiny progressive web app that outlines the differences between WordPress the open-source project and WordPress.com. Contributions to the app can be made on the project’s GitHub page.

A deep dive into the WordPress user roles and capabilities API by John Blackbourn.

WPWeekly Meta:

Next Episode: Wednesday, August 23rd 3:00 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #285:

by Jeff Chandler at August 16, 2017 11:55 PM under wordpress.com

WPTavern: Gravity Forms Stop Entries Plugin Aims to Help Sites Comply with the EU’s GDPR

photo credit: AJ Montpetit

Wider Gravity Forms Stop Entries is a new plugin that helps website owners protect the privacy of form submissions by preventing entries from being stored in the database. The plugin was created by UK-based web developer Jonny Allbut for internal use at Wider, a company he set up for handling WordPress clients’ needs.

One aspect of complying with the EU’s General Data Protection Regulation (GDPR) is ensuring that contact forms do not store any personally identifiable data on the server. The regulation becomes enforceable in May 2018 and sites that serve EU citizens are preparing for the deadline with audits and changes to how they handle privacy.

Gravity Forms doesn’t offer a built-in option to stop entries from being stored on the server but GF co-founder Carl Hancock says there are a variety of ways to accomplish this.

“If all you want to do is simply email the contents of the form and not store the data in the database as part of the route you’d like to take for GDPR compliance, this plugin would be one method of doing so,” Hancock said. He also referenced Gravity Wiz’s commercial Disable Entry Creation plugin. Developers can also delete entry data after submission via a hook.

“However, the GDPR doesn’t preclude storing form entries in a database and is entirely dependent on the type of data you are storing and the other safeguards and functionality you have put in place,” Hancock said. “It’s a complex issue and I’m not entirely sure the EU fully understands the burden and implications that may come with it.”

Ultimately, the requirement of compliance falls upon website administrators who are the ones collecting the data. It is their responsibility to select tools that will protect their users’ privacy.

“While it won’t provide GDPR compliance on its own, Jonny’s extension is a much-needed step in the right direction,” digital law specialist Heather Burns said. Burns consults with companies that need assistance in getting their sites GDPR compliant. “GDPR requires adherence to the principles of privacy by design and part of that is data minimization and deletion.”

WordPress has dozens of popular contact form plugins, both free and commercial. Many of them store entries in the database in case the recipient’s email has problems, preventing the communication from becoming lost. Site administrators who are concerned about GDPR compliance will want to examine the solution they have selected for forms. Burns advised that contact form plugins need to do the following three things:

  • Ensure that personal and sensitive personal data from form entries is not stored in the database;
  • Provide configuration options to allow contact form entries to be automatically deleted after a certain period of time;
  • Ensure that all contact form data is deleted when the plugin is deactivated or deleted.

“Unfortunately the direction of travel has been the exact opposite: contact form entries tend to be stored in perpetuity on the database regardless of content or necessity,” Burns said. “Contact form plugins with options to automatically delete form submissions after a certain period of time are rare. I’ve even seen contact form extensions which duplicate entries to a separate table, which, all things considered, is madness. We need to be developing towards data minimization and deletion, not retention and duplication.”

Last month JJ Jay published an analysis of how and where popular WordPress contact forms plugins store data. This is a useful reference for site administrators who are not sure how their chosen solution handles data collection and storage. She suggested a few questions for users to ask when examining contact forms:

  • Can the option to store data be turned on and off?
  • At what granularity?
  • Can the data be deleted when the plugin is deleted?
  • What personally identifiable data, other than the data from each form, is stored? (i.e. a user’s IP address)
  • Is it possible to delete the submissions on an ad-hoc or scheduled basis?

If you’re not sure what could be leftover in your database from other plugins, Jay has also created a “What’s in my database?” plugin that administrators can install and access under the Tools menu. It is read-only and lists every table and its columns, so users can see if there are any surprises.

British Pregnancy Advice Service (BPAS) Hack Highlights the Danger of Storing Contact Form Entries in the Database

In educating website owners about the dangers of storing sensitive personal data, Heather Burns often cites the 2012 British Pregnancy Advice Service (BPAS) hack as one of the worst examples of the consequences of storing contact form entries in databases. The hacker, who was later jailed, stole thousands of records from the charity, which was running on an unknown outdated CMS with weak passwords. The site had not undergone a privacy impact assessment on its personal data collection and storage methods.

“One of the services BPAS offers is access to abortions,” Burns said. “Many of their service users come over from Ireland, where abortion is banned under nearly all circumstances. The site had a contact form where women could enquire about abortions. BPAS thought that messages were merely passing through the site; no one within the organization had any clue that a copy of each contact form submission was stored on the database. Somewhat inevitably, the site was easily hacked by an anti-abortion activist who downloaded the database. He found himself in possession over 5,000 contact form submissions going back over five years containing women’s names, email addresses, phone numbers, and the fact that they were enquiring about abortions. He then announced his intention to publish the womens’ data on an anti-abortion forum.”

The hacker was caught and arrested before he had the opportunity to publish the list. He received 32 months of jail time and BPAS was fined £200k for the data protection breaches.

“As well as criticizing the charity for their technical failures, the regulator called attention to the fact that no one on the staff had thought to ask the proper questions about the tools they were using; they were also angry that the site had a legalistic privacy policy which was clearly not worth the pixels it was printed on,” Burns said. “All of these failures were deemed inadmissible and inexcusable by the data protection regulator. It is no exaggeration to say that women could have been killed because of a contact form.”

Auditing contact forms is just one piece of the puzzle for those working towards GDPR compliance. Burns recommends that site administrators conduct a privacy impact assessment of personal and sensitive data that is submitted through forms. Privacy notices should also be clear about how this data is handled and how long it is retained before it is deleted.

The GDPR was written to be extraterritorial and states that the regulations apply to any site or service that has European users. These sites are expected to protect EU users’ data according to European regulations. Many American company owners are not yet convinced that this is enforceable outside of EU borders and have not invested in getting their online entities to be compliant.

“GDPR provides a very useful framework for user protection, which is now more important than ever,” Burns said. “I’m encouraging Americans to work to GDPR because it’s a constructive accountable framework that’s a hell of a lot better than nothing.”

Wider Gravity Forms Stop Entries is currently the only plugin in the official WordPress directory that addresses GDPR concerns for a specific contact form plugin. Others may become available as the May 2018 deadline approaches. Jonny Allbut warns users in the FAQ to test the plugin with third-party GF extensions before adding it to a live site, as some extensions may rely on referencing data entries stored in form submissions.

I asked Carl Hancock if Gravity Forms might make storing form entries in the database an optional feature and he confirmed they are considering it.

“Yes, this is certainly possible,” Hancock said. “We try to avoid conflicts with available 3rd party add-ons for Gravity Forms to encourage their development,” Hancock said. “But unfortunately it is not always avoidable. It is a feature that has been requested numerous times in the past and I suspect with the GDPR it will be a feature that will be requested even more going forward.”

by Sarah Gooding at August 16, 2017 11:03 PM under gravity forms

Post Status: Free speech, privacy, and the web

Politics and the web are intersecting more and more. In recent news, at least three WordPress related companies have been getting broad media attention.

In just a few days, we’ve seen GoDaddy shut down a site for violating terms and conditions, as well as Automattic. DreamHost received significant attention for refusing to release site visitor information to the US Department of Justice.

I think the most relevant angle for this website is to note that it’s important for web-based services to be prepared for the unexpected news cycles that revolve around web-based properties.

How well does your PR team know your terms and conditions? What’s your stance on free speech, and when can that cross a line into speech or content that your service is ready to limit? The definitions can be narrow; let’s look at Automattic’s decision to shut down a site called Blood and Soil.

It’s a despicable site, and it has been for a while. Automattic is aware of the sites that exist on WordPress.com, and this isn’t their first rodeo with objectionable sites receiving lots of backlash from advocacy groups. For instance, the Guccifer 2.0 person or group that hacked the Democratic National Committee was on WordPress.com, and they still are. There are countless others, some hacking related, some simply vile or hate-filled.

So what makes a site cross the line for a particular service? GoDaddy’s Ben Butler described to Fast Company that they draw the line between speech and violence:

GoDaddy’s Ben Butler described to Fast Company that they draw the line between speech and violence:

“We strongly support the First Amendment and are very much against censorship on the internet,” writes Ben Butler, director of the Digital Crimes Unit for GoDaddy, in an email. He adds that, “if a site promotes, encourages, or engages in violence against people, we will take action.”

The GoDaddy decision (which Google followed up with as well) was especially interesting because they made the decision as the domain registrar, not a content host. In that case they weren’t actually providing the hosting service.

Automattic has similar policies. Specifically, they link to user guidelines within their ToS, which has a clause for “directly threatening material.”

Do not post direct and realistic threats of violence. That is, you cannot post a genuine call for violence—or death—against an individual person, or groups of persons. This doesn’t mean that we’ll remove all hyperbole or offensive language.

They also have a specific policy (not directly linked from their ToS) for terrorist activity, and a provision to allow them to remove content or users for any reason.

The terrorist in Charlottesville aligned himself with Blood And Soil, prompting Automattic to pull the plug —  as the line was crossed.

DreamHost’s pushback to the government was about First Amendment concerns as well, primarily with visitors:

The request from the DOJ demands that DreamHost hand over 1.3 million visitor IP addresses — in addition to contact information, email content, and photos of thousands of people — in an effort to determine who simply visited the website. (Our customer has also been notified of the pending warrant on the account.)

That information could be used to identify any individuals who used this site to exercise and express political speech protected under the Constitution’s First Amendment. That should be enough to set alarm bells off in anyone’s mind.

Every host deals with requests that may not require visitor information but definitely do require account information. Automattic’s Paul Sieminski provided a helpful post on the types of requests they get, and how they handle them.

The US has broad protections built into the First Amendment covering free speech. Platforms are not required to meet those protections; however, many are strident supporters of the First Amendment. Those protections are often for some of the most unpopular types of content. The Supreme Court has ruled there’s no hate speech exception in the First Amendment, and this ruling has been cited recently in a trademark case.

I think the author of the above-cited op-ed makes a good point:

We can and should speak up against hate. As the Supreme Court makes clear, there’s no hate speech exception to the First Amendment. With that freedom comes a heavy burden for government officials like Baker and Walsh, who must try to keep protected speech from turning into acts of violence.

The burden is also heavy for platforms who are dedicated to providing a place for unpopular opinions. There are many times when the unpopular opinion, or anti-government opinion, is incredibly important to protect. But when speech stems over into violence, then I believe platforms have not only a right, but also a responsibility to take a stand.

It’s important for organizations to be educated about and consistent with their own terms of service, company-wide. I’m afraid these hard questions about speech, rights, and responsibility will be pretty common for a while to come. And as fast as information spreads — for instance, the calls for GoDaddy to shut down a hate site this week came in a fury, part of a quickly viral Twitter post — acting quickly and consistently will be incredibly important.

I’ve talked about platforms and services with some control over their user base. The obvious other side of this is that there is a whole segment of our community with no control over their users. Your theme, plugin, and WordPress itself can be used without permission by absolutely anyone, and of course that’s by design. WordPress or a WordPress-related product could be identified and criticized virally for enabling objectionable users and content

As a community, are we prepared to respond to that?

PS: If you’re a journalist writing about WordPress.com and issues like these, please understand the difference between WordPress.com, owned by Automattic, and WordPress the software. I wrote a handy guide for you.

by Brian Krogsgard at August 16, 2017 06:38 PM under Everyone

HeroPress: The Greatest Screenplay Writer

Pull Quote: WordPress is not like any other open source communityI saw before.

My upbringing was not quite usual Serbian upbringing. I was almost forbidden to do things I didn’t really love. My parents insisted on trying things and finding that deep passion. But I didn’t have to search and try. I always knew what I’d be when I grow up. As long as I remember, there was no doubt.

A classical musician

When I was 8 my mom took me to local music school for entrance examination. I was in! Oh, joy! Finally I was learning to play and sing, to read and write this new language. Italian. Oh, music scores too! There was a whole new world that my parents, or anyone in my family, didn’t know anything about and I was stepping into it. I was doing just fine in it.. and I couldn’t live outside of it.

As time passed, I finished elementary and high music school, went to music Academy, almost finished it and then my mother died. It was 2003. Two weeks later I found out I was pregnant. There was no time for grief and I couldn’t feel the joy. I just switched off and turned to the facts: I became a mom and a wife and I needed a job.

And what a job did I found. An opera prompter. Opera Prompter! God, I love that job. Every second of it for ten years. I was yelling at singers, singing, conducting, traveling, laughing and crying. My Italian was significantly improved. Working time was great – so much free time to be a mom, study for Academy, get a hobby…

Opera prompter’s hobby

In 2007 I was administrator in one English speaking forum with focus on software and hardware topics. It helped me to significantly improve my English. And my tech knowledge. Which was close to none when I registered. As one of administrators, occasionally I had to tweak site here and there. It was great! There was this code and when I would change something in code it would show on the site. Neat! I loved reading those files, finding patterns and parts written in humanly understandable forms. Later I learned those were called loops and conditionals. Also later I learned that this language is called PHP and that many other languages for building websites exist. Forum script was phpBB3.

I was never a gamer. Never understood the point of game, besides finishing it. I guess PHP was to me what games are to passionate gamers. Like a puzzle or sudoku.

At the same time my marriage was turning from bad into worse and in the beginning of 2008 I finally decided it was enough. We were working on Mozart’s “Don Giovanni” in Theater. I remember this so clearly because my divorce was just turning from bad into worse. Those few months lasted for centuries after which I still needed a lot of time to recover what’s left of my self-esteem. My complete mental and emotional health was destroyed after years of domestic violence.

2009 was important year for me. The cognition of possibility to have local server on my own machine and test everything before executing it on live site turned out to be very helpful.

In October I needed a blog script and friend recommended WordPress. It was 2.9 version. It didn’t really work well but everyone was writing about it. There were at least 5 new tutorials on various blogs every day. I was digesting them every morning with my first coffee. The ones I really liked I even reproduced in my shiny new localhost. Soon enough I developed a local monster with different widgets on each page, future posts archive, post series done with custom fields and God knows whatnot. This WordPress was slowly taking over my free time. Every second of it.

So, the WordPress it is

One day a friend of mine asked me to build him a website for his ensemble. And for money. Money? I never thought of getting money for this. This was too good of a hobby. But he’s a friend so I did it. Then another friend showed up with the same request. And another.. I became freelance WordPress developer before I could even understand what was happening. It wasn’t really a favor to friends any more. I was a single mom with mortgage. My daughter was in primary school, life costs became serious while the art-and-culture salary was silently and regularly reduced.

I was freelancing every single minute I could. Sleeping was luxury I could afford on weekends.

My dad was helping me tremendously. He was babysitting during theater’s rehearsals and performances in the evenings. When I’d get home, my daughter was sleeping, tomorrow’s meals cooked, dishes done and shining. I could go on like this but it was uncertain for how long.

In the summer of 2013 I was recovering from what was supposed to be routine gallbladder surgery and what nearly cost me life. Almost fully operational, I was getting ready for next roller coaster known as a mix of school year, freelancing and theater’s season. Then my father died. Suddenly. In an accident.

Oh, this screaming silence..

I couldn’t think. Or breathe. For months. I needed someone to put the roller coaster on pause. Just.. Just a short one. To take a breathe. But there was no one. I was all alone with a 9 years old child who had to grow up fast. I had to grow up fast.

All of a sudden I realized that I can not afford a single mistake any more. I can not be ill, get in debts, lose job. Or mind. I was the only one I could count on.

In 2014 my theater salary got reduced once again. And again in following year. 30% in total. For ten years it never covered all of my monthly expenses but this was ridiculous. It was a time for me to stop playing it safe and see what I’m made of. That was probably the most difficult decision I have ever made. A heart breaking one. Stop being musician. So I quit being Opera Prompter and started working as a full time WordPress developer.

Well, hello, World!

I didn’t really know for which wage level my knowledge was. For years I was the only WordPress developer I knew in person. The rest were all online superstars I was learning from. So I started as a shy medior and the only WordPress developer in agency. It turns out that, for this agency needs, I was senior and soon enough I was organizing and leading development processes for new projects.

From the business point of view repeating similar projects makes you “niche expert”. I do understand that. But, as many other developers out there, I don’t like repeating the same tasks or projects. Not even once. I missed variety which led me to become more active contributor on wordpress.org.

For years I was just contributing to codex here and there and never really thought about all the people behind WordPress.

In my vague image, they were a bunch of really great developers and they were doing just fine. I was learning from them so I could not possibly help them. I would just be on their way.

However, in my attempt to find something interesting to keep my mind amused with, I came upon Slack url for communication between contributors on WordPress project. What a crowd! And not just developers – everyone! Doing all kinds of different bits, and all important. How odd. WordPress is not like any other open source community I saw before. So much more open and inviting! I remember reading through channels and thinking: “I could do this”, “Oh, I’d love to learn that”, “This person is funny”.. I’m gonna stick.

Antisocial extrovert in a more open open source community

No matter how I tried, and I did try, I’m just not a people person. Among other antisocial treats, over the years I have developed a heavy dark humor which, more often than not, due to lack of social interactions I reveal in a completely wrong way. But these people seem not to mind so I thought to give it a try with them. Don’t get me wrong, Code of Conduct is extremely important in WordPress community. No community wants bullies. But rare communities accept social weirdos and misfits. And this one doesn’t just accept them, it makes them feel like fits. That was a nice change.

I started attending local Meetups, even gave a talk on contributing to Theme Review team after which I was invited to join Toptal platform as a freelance developer. My social adventure got me volunteering on WordCamp Belgrade and WordCamp Europe in Paris. I must admit there were “too many people at the same time” moments but there were lots of ways to stay involved with controlled dose of human interactions. I chose volunteering at Experts bar and it worked out just great. I really loved all the hugs though.

Today I try to keep my focus on just a few channels in make WordPress slack and my contribution wish list regularly updated. One can have only so many hours in a day. Most often you’ll find me in #docs and #core-docs channels, doing various stuff with Documentation team.

Milana, on a rooftop baclony with some other people looking at her phone

The Questions

Among all the questions I get about my professional path, the most commons are “How come you made such a huge change from music to web development?“, “Did you go to school to become a developer?” and “Do you miss being musician?“. Answer to the first question is quite easy:

“Being musician and writing code are pretty much the same. They both require the same parts of your mental struggle and make you go through the same emotional tortures and enlightenments.”

The second question, however, is a bit more difficult to answer. In the light of the first answer, I could say that I was exposed to the required way of thinking. Practicing an instrument 6 hours per day for over a decade does teach you a couple of things about commitment. World of classical music is a world of magnificent talents and varieties which touches you all the way to the humble self where you find appreciation for being able to feel this way. Personally, I believe this is extremely important for developer – to be humble and grateful to person who helped them find this humbleness.

No, I don’t have a formal developer’s education. It doesn’t seem to prevent me from being developer. And no, I don’t miss being musician. Because I never stopped being one. I listen to classical music while I code and play piano when I have a difficult programming problem to solve. Feels so natural.

I’d like to say that everything turned out pretty good at the end but, as my father used to say: “Life is the greatest screenplay writer” and my life seems to be the witty one too. In expectation of future turns I’d recommend Beethoven’s Symphony No.7, II movement, some very loud laughs and lots of WordPress loops.

The post The Greatest Screenplay Writer appeared first on HeroPress.

by Milana Cap at August 16, 2017 12:00 PM

WPTavern: WordPress Mobile Apps Updated with a New Login Experience

The WordPress mobile apps are sporting a new login experience that Automattic’s mobile designers and developers released in the latest versions. The login flow has been completely redesigned to provide a more unified experience for connecting both self-hosted and WordPress.com-hosted sites. These flows were completely separate in the past and users were often confused about which one to select. The new design provides fewer opportunities for friction when logging in, an experience that likely determines many users’ first impressions of the app.

Self-hosted login on mobile apps

“As we reimagined the login experience, there were a few key principles guiding us: keep it simple, minimize the distinction between a site hosted at WordPress.com versus somewhere else, and avoid anything that might be too clever,” Automattic mobile lead Eric Johnson said.

Users can now connect new sites by entering the URL and the mobile apps will automatically detect if the site is hosted on WordPress.com or not. The new login flow ferries users on to the next step based on what kind of site is being connected. This is available in version 8.0 of WordPress for Android and version 8.2 of WordPress for iOS.

The new login experience emphasizes the ease of using magic links for logging into WordPress.com. If the user enters and email address, the app will generate an authentication link and send it via email. This allows users to login without having to remember or enter a password.

If a user is entering the world of WordPress for the first time through the mobile apps, the new login experience also offers a short tour of the some of the features included in the app. These include WordPress.com features such as notifications, Stats, and the Reader. The apps, despite being marketed as the official WordPress mobile apps, are a product of Automattic and include a commercial upgrade path for WordPress.com services.

The idea of the apps functioning as a gateway to help the greater WordPress ecosystem gain more users (and eventually see some graduate to self-hosted sites), no longer seems credible now that WordPress.com has entered the hosting space by allowing its customers to tap into third-party plugins and themes.

The updated login experience, while more convenient for users, continues to blur the line between self-hosted and WordPress.com-hosted sites. WordPress for Android and iOS used to have their own separate blogs but all of the news is now funneled through WordPress.com’s news blog and the @WordPressiOS and @WPAndroid Twitter accounts seemed to have been abandoned in favor of marketing updates through WordPress.com.

In the past, many in the WordPress community have asked why the apps are not called the WordPress.com mobile apps, since they include features that are not central to the core publishing experience for self-hosted users. Last year when I interviewed Maxime Biais, one of Automattic’s mobile engineers, he said the team had considered splitting the product into two apps.

“We considered having both WordPress and WordPress.com apps, but we rejected this because it doesn’t make it more clear,” Bias said. “It’s probably even more ambiguous when someone searches the Play Store for ‘WordPress’ or ‘Blog’ and finds both WordPress and WordPress.com apps.”

Now that that mobile apps have become a direct pipeline for new WordPress.com hosting customers, it may be time to re-visit the consideration of splitting the apps into two distinct products: one for WordPress.com’s commercial interests and one that officially represents the open source WordPress project for self-hosted users without any corporate interests. If the project’s official mobile apps are a key part of new users’ onboarding experience, they should accurately represent the software as an independent platform that can be hosted with and extended by any number of free and commercial products in the WordPress ecosystem.

by Sarah Gooding at August 16, 2017 06:33 AM under WordPress for iOS

WPTavern: WordCamp US to Experiment With A Community Bazaar

In addition to taking place in a new location this year, WordCamp US will have a Community Bazaar. An area will be set aside in the venue allowing those chosen to showcase their WordPress communities. Raquel Landefeld, Randy Hicks, and Dustin Meza are organizing the Bazaar.

Landefeld says the idea was inspired by the people who make up the WordPress Community. “We recognize that some local WordPress communities are thriving and some are just getting started,” she said.

“What better way to help build community then by showcasing our local communities to the world. The thought is that smaller, newer, and communities just in their infancy, will be inspired with fresh ideas and or how-tos from the bigger and more established WordPress communities.”

The idea is similar to that of a science fair where each community chosen will have a space to highlight why theirs is awesome.

The purpose of the event is to inspire growth while providing an opportunity for communities to learn from each other. There will also be metrics shared such as, number of meetup and WordCamp attendees, meetups per month, and unique qualities pertaining to the local groups.

The organizing team is looking for the inside scoop on local communities. “This is all about you and your local WordPress community,” Landefeld said.

“This is your time to shine. Why is your community different, special, or amazing? Be showy! Forget modesty. Let your community’s awesomeness be a tool to inspire other WP communities just getting started or striving.”

Last year saw record growth for WordPress community events. In 2016, more than 62,566 people attended a local meetup in 58 countries and about one-third of those were new members. A total of 115 WordCamps were hosted in 41 different countries.

Those interested in participating in the Bazaar are encouraged to fill out the following submission form and provide as many details as possible.

by Jeff Chandler at August 16, 2017 12:45 AM under wordcamp us

August 15, 2017

WPTavern: maekit Acquires WP Remote, Plans to Add Cloud-Based Backup Services

maekit, a cloud-based platform that handles the business aspect of web design, has acquired WP Remote from Human Made. Two years after Human Made began searching for a buyer, maekit purchased WP Remote to integrate it with the company’s existing platform that caters to designers managing multiple clients.

“WP Remote had remained a much-loved product with its users and despite receiving no ongoing development it had remained an iconic plugin in the WordPress community,” Human Made CEO Tom Willmot said.

maekit took over WP Remote operations in March after closing the deal. According to maekit CEO Matt Holme, the company inherited 20,000 users with 120,000 WordPress websites. His team has maintained WP Remote in its original platform for the past few months before integrating it into maekit last week.

WP Remote has offered unlimited, free WordPress site management (updating core, plugins, and themes with a single click) since 2010. It hasn’t received ongoing development for several years, but maekit plans to add backup features that will make bring it more up to speed with competitors like MangeWP, MainWP, and InfiniteWP.

“We definitely plan to keep WP Remote free and expand its features,” Holme said. “Specifically we are looking at offering easy-to-manage cloud-based backup services. For example, hook up your Dropbox (or any other popular cloud based storage system) and schedule regular backups of your WP websites.”

maekit’s acquisition of WP Remote gives the company’s customers the ability to deploy WordPress sites with one click and manage client sites and domains through a unified, white-labeled invoicing and payment system. The company has rolled out a few long-overdue bug fixes to WP Remote and Holme says the rest of maekit is functional but still technically in a closed beta mode.

“Our revenue model revolves around direct sale hosting plans and also reselling integrated hosting plans for other leading global hosting providers,” Holme said. “We are refining the free invoicing and payment processing system built into maekit so that a maekit / WP Remote user can deploy a new hosted WP and charge their client a recurring monthly fee and retain the mark up they add on top of our base hosting prices as profit. This means literally no out of pocket expense for maekit / WP Remote users.”

Although maekit’s one-click deployment service supports many popular CMS’s and e-commmerce platforms, including WordPress, Opencart, Drupal, Magento, and Joomla, Holme said the vast majority of the company’s customers are running on WordPress. Acquiring WP Remote brings a host of valuable new features to maekit’s customer base. maekit’s built-in client billing features, customized for freelancers and agencies, are what Holme says will differentiate the company from its competitors in the WordPress space.

“I have a great deal of respect for these other WP management platforms and feel the size of the WP market means there is opportunity for all to succeed,” Holme said. “With the features of maekit also including new website deployment, invoicing, payment processing and client management, our platform is unique from the others.”

by Sarah Gooding at August 15, 2017 03:50 AM under wpremote

August 14, 2017

WPTavern: Gutenberg 0.8.0 Introduces 5 New Blocks: Categories, Text Columns, Shortcode, Audio, and Video

Gutenberg 0.8.0 was released over the weekend with five new blocks, major improvements to existing blocks, and support for more publishing features that have been missing from the new editor’s sidebar. The release also carries out the controversial decision to remove the opt-in usage tracking code from the plugin.

The new Categories block can be found under the Widgets section, as it’s output is based on the existing categories widget. The default display is an alphabetized list of categories, but the block settings include options to display as a dropdown, show post counts, and show hierarchy.

A new Text Columns block allows users to split text content into multiple columns. The settings include a sliding scale for selecting 2-4 columns.

Contributors are calling the Text Block “an initial exploration” of multiple columns for text-only content. Depending on testing, it may not be the implementation that ends up landing in the plugin permanently.

“We’ve been over how difficult it is to get columns right, and also how already today third parties can build this,” Joen Asmussen said. “We may very well want an entirely different implementation than this one. But perhaps it’s good to get this in now and test it. Perhaps this can help inform how a better column implementation can work down the road. In fact we might want to merge this block in now, only to take it back out later again, same as the Cover Text block. For that reason, I think it’d be good to test this.”

The new Video and Audio blocks are geared towards inserting files that have already been uploaded to the media library. However, I found the text on the video block to be confusing. If I was new to WordPress and didn’t understand how oEmbed works, I would be clicking inside the video block to figure out where to paste the URL.

The new Audio and Video blocks mirror the same kind of functionality that users have experienced when adding images to their sites. In the future, contributors may introduce more features to the audio block, such as additional playback types and looping, but the first iteration includes just the basics.

Gutenberg 0.8.0 adds resizing handlers to the existing Image Block, making it easy for users to insert and quickly resize an image. If you review the GitHub ticket for this feature, it’s clear that it was not easy to implement. Image resizing has gone through several changes and may have more down the road, especially as it pertains to the behavior of the caption. Ultimately, the caption field should not be wider than the image so that the two are placed together.

This release introduces a post formats selector to the post settings sidebar. It includes a suggestion based on what blocks are in use in the post. One participant on the ticket noted that the suggestion gives too much importance to the post formats selection and might be confusing to users. The suggestion persists, despite a user switching the format to the one suggested. This is because Gutenberg cannot detect if it was explicitly set by the user or if the user selected the suggestion.

“I happen to agree with you: post formats should go away,” Joen Asmussen said. “In fact part of the genesis of blocks as a concept is to provide a better interface than what post formats did. So the post format selector here is strictly a back-compat thing.”

Gutenberg contributors have also updated the design document for the project, offering more clarity on their goals and concepts they are using to build the editor:

Ultimately, the vision for Gutenberg is to make it much easier to author rich content. Through ensuring good defaults, wrapping and bundling advanced layout options blocks, and making the most important actions immediately available, authoring content with WordPress should be accessible to anyone.

The idea is to simplify content creation for users so that they only have to learn one interface – the block interface. The design document adds several new sections that elaborate on the concept of “everything is a block” and includes best practices that developers can reference when designing their own blocks.

by Sarah Gooding at August 14, 2017 10:18 PM under gutenberg

August 12, 2017

WPTavern: Early Results from NRKbeta’s Comment Quiz Plugin Show Readers Enjoy the Quiz but Rarely Leave a Comment

Earlier this year, NRKbeta, the Norwegian Broadcasting Corporation’s media and technology site, open sourced its comment quiz plugin for WordPress. The site’s publishers have been experimenting with requiring their readers to complete a short, three-question quiz before giving access to the comment form on certain articles. The goal of the plugin was to prevent rants and off-topic responses by ensuring that commenters have read the article.

NRKbeta has published some preliminary results after six months of experimenting with a mandatory quiz before commenting.

“On average, there are a lot more attempts – both correct and wrong – than actual comments,” NRKbeta journalist Ståle Grut said. “It seems many take the quiz to check how much they remember from the story – and not necessarily to leave a comment. Almost as a fun little game after reading.”

Grut reported that on average the quiz has an error rate of 72%. His team suspects that the bulk of the wrong answers are coming site’s international readership, as most of the articles are posted in Norwegian, which can be difficult to translate.

The sample is still relatively small, because the team hasn’t yet created any set rules for when authors should enable the quiz.

“The idea was to test it on stories that had potential for a gloomy comments section,” Grut said. “It is something we are proud to rarely have here at NRKbeta.”

On one story, NRKbeta staff made an error where it was impossible to submit the correct answer to the quiz, because it wasn’t listed. As a result, this article’s quiz received more than 1,000 wrong answers.

One unexpected benefit of the plugin is that it makes it more of a hurdle for readers to leave short comments, such as “nice post” that don’t add much to the conversation.

“This favors the most eager with the most time on their hands,” Grut said. “From time to time this has led to a decline in quality and tone, causing him to often abandon the quiz module.”

These initial conclusions are in line with what we predicted when the plugin was released: the most motivated ranters are not significantly inconvenienced by a short quiz. Keeping comment sections free of trolls is not yet something that is easy to automate. It still requires time spent in the moderation queue.

After the comment quiz plugin was enabled on the site, NRKbeta counted more than 300 articles around the web that had been published about the experiment. Quizzing commenters was hailed as one of the best new ideas for warding off trolls. However, the NRKbeta team cannot yet conclude whether the plugin is a success or not.

“The numbers seem to show that the quiz has worked like a little game for many readers,” Grut said. “They like to take the quiz, but not to leave a comment. Being tested on how much they remember from the article seems to be the most popular use of our quiz.”

by Sarah Gooding at August 12, 2017 02:54 AM under comments

WPTavern: In Case You Missed It – Issue 23

photo credit: Night Moves(license)

There’s a lot of great WordPress content published in the community but not all of it is featured on the Tavern. This post is an assortment of items related to WordPress that caught my eye but didn’t make it into a full post.

Using WordPress to Publish Law Reviews

Kevin O’Keefe of Above the Law, explains why WordPress should be used to publish law reviews instead of printing them.

Ten years ago it would not have been as easy to set up, or license, a WordPress publishing platform by each law school. Most law professors were, and still are, publishing blogs on TypePad, an outdated and little used publishing software, originally produced by Six Apart.

Today, WordPress is running almost 70 percent of the content management systems in the world. WordPress is regularly updated and enables a multi-user platform with multiple individual sites, all of which would be needed by a law school’s ‘printing press’.

Glutenberg Free

Gluternberg Free is a WordPress plugin developed by Adam Silverstein that restores and maintains the post editing experience from WordPress 4.8.

Open Source Candy Bar Labels for WordCamps

If you’re organizing a WordCamp and want to give out Happiness bars, check out this custom label design used at WordCamp Miami 2016. The assets are open sourced and available for free for other WordCamp organizers to use.

Instead of Threading Tweets, Consider Blogging Instead

Amanda Rush explains the drawbacks of threading messages on Twitter and why blogging is a better option. Blog posts are easier to archive and link to, are not lost in the noise as quickly, and are a better user experience for consuming content.

By the way, if you’ve already threaded a message on Twitter, Rush shares links to tools that can help capture a thread and turn it into a blog post.

The Next Time You’re Thinking About Threading On Twitter, Write A Blog Post Instead

The Story of HelloSales

iThemes published a detailed article on how their newest product, HelloSales, came to be. Cory Miller explains the product’s logo, name, and who the people are that are building it.

The rooster is essentially the symbol or emblem of Portugal. You’ll see it everywhere there when you go there (and I strongly encourage you to do so, even if I want to keep the place all to myself).

It became obvious we wanted to include a rooster in the logo of HelloSales as a hat tip to Portugal and our team there. We also think it’s a great symbol for what we hope to help our customers do — make more money through their WooCommerce stores.

Through several iterations of a name, we landed on HelloSales as a name, as yet another hat tip to the story — their company’s name, HelloDev — that led us here.

It’s a cool story and one I’d like to see more CEO and founders share when they acquire a product or business.

WordPress Telemetry Part Two

Morten Rand-Hendriksen updated his article on the case for WordPress telemetry after a lengthy conversation on Twitter.

What WordPress needs is an open debate on this topic. What are the arguments for and against? What can be gained and what is lost? Should we do this? And if so, how do we do it in an open, transparent, and responsible way that helps inform and elevate the conversation while looking after the interests of all WordPress users?

These are interesting questions and although the ticket is closed on Trac, users are encouraged to continue the discussion. In the future, I’d like to see data and other research published that explains why a major User Interface changing feature is necessary in core before so much energy is devoted to it.

Cowboy Wapuu!

In what is a traditional part of this series, I end each issue by featuring a Wapuu design. For those who don’t know, Wapuu is the unofficial mascot of the WordPress project. Cowboy Wappu is the official mascot of WordCamp Dallas/Fort Worth 2017 that takes place on November 11-12. Tickets are still available and include admission to the event and after-party, lunch on Saturday, and swag. Yee-Haw!

Cowboy Wapuu for WordCamp Dallas/Fort Worth 2017

That’s it for issue twenty-three. If you recently discovered a cool resource or post related to WordPress, please share it with us in the comments.

by Jeff Chandler at August 12, 2017 01:47 AM under twitter

August 11, 2017

WPTavern: WordPress 4.9 to Focus on Code Editing and Customization Improvements, Targeted for November 14

photo credit: Sophie Ollis

WordPress core contributors have set a tentative schedule for the upcoming 4.9 release, which will be co-led by Mel Choyce and Weston Ruter. The development cycle kicked off in early August with Beta 1 scheduled for early October and the official release targeted for November 14.

Choyce published a list of goals today that outlines what they will be aiming for in 4.9. WordPress users can expect to see some existing features polished up to be more user-friendly, including some long-awaited updates to the experience of editing theme and plugin files in the admin.

Contributors are looking at adding a nested folder structure that will offer access to files deeper than two levels. They are also aiming to add better warnings for users who are editing themes and plugins, an improvement which Choyce described as “graduating from cowboy coding school.” This could help prevent users from unknowingly making small errors that could have a negative impact on their sites.

Another goal for 4.9 is to improve the code editing experience by adding syntax highlighting. Contributors are examining the possibility of incorporating CodeMirror functionality into the Customizer’s custom CSS box as well as the plugin and theme file editors. An experimental Syntax Highlighting Code Editor for WordPress Core plugin is currently being developed on GitHub as a potential solution for a seven-year-old trac ticket for code editor improvements.

Customizer improvements are also one of the main focuses for 4.9. Contributors to the Customize Snapshots feature plugin have been steadily refining the ability to draft and schedule changesets in the Customizer. They are also looking at providing a better experience for widget and menu mapping when switching between themes, improving homepage settings (“Page on Front“), and displaying responsive images in the Customizer sidebar.

This list of goals for 4.9 includes many more items and the release leads are approaching it with the understanding that some features and improvements may not be ready in time. One item on the list is getting in API endpoints that Gutenberg requires.

Looking ahead to WordPress 5.0, new Gutenberg design lead Tammie Lister has proposed a revised, tentative roadmap that anticipates having the new editor ready for a merge proposal in December 2017. Lister said the outline is not set in stone and Gutenberg’s path to 5.0 would be dependent on the success of the merge proposal.

by Sarah Gooding at August 11, 2017 07:19 PM under syntax highlighting

WPTavern: WordPress.com’s Business Plan Gives Subscribers a Way to Tap into WordPress.org’s Third-party Ecosystem

Earlier this year, WordPress.com launched an experiment giving Business plan subscribers the ability to install third-party plugins and themes. Automattic concluded the experiment earlier this week and officially made the features part of the subscription plan.

“With support for plugins and third-party themes, WordPress.com Business users will be able to connect their sites to great email and social media tools, e-commerce solutions, publishing and subscription services, and more,” Mark Armstrong said.

This change is twelve years in the making. With the exception of WordPress VIP, customers have not had the ability to install third-party themes and plugins on WordPress.com.

Customers Can Only Install Custom Plugins Through The WP-Admin Interface

Customers can install plugins or themes from the WordPress.org directories or they can upload custom themes and plugins. WordPress.com has two user interfaces, one that resembles Calypso and the other is WP-Admin.

Here is what adding plugins looks like using the Calypso interface. Plugins are displayed from the WordPress.org plugin directory with no way to upload a custom plugin.

Adding Plugins on WordPress.com Through The Calypso Interface

This is what adding plugins looks like using the WP-Admin interface. This interface has a button that allows customers to upload a custom plugin. Automattic is aware of the discrepancy and says they’re working on streamlining both interfaces.

Adding Plugins Through WP-Admin on WordPress.com

Customers Can Upload Non 100% GPL Licensed Code to WordPress.com

The ability to upload a custom theme or plugin truly opens the door for subscribers to customize their sites. But it also allows customers to use themes and plugins that are not 100% GPL licensed. Matt Mullenweg, CEO of Automattic, has made it clear in the past that he will only support plugins and themes that are 100% GPL.

Even though graphics and CSS aren’t required to be GPL legally, the lack thereof is pretty limiting. Can you imagine WordPress without any CSS or JavaScript? So as before, we will only promote and host things on WordPress.org that are 100% GPL or compatible.

Mullenweg has used his influence in the past to provoke marketplaces such as Envato to provide a 100% GPL license option to its authors. Authors who choose not to sell their items with the 100% GPL license are excluded from being able to sponsor or speak at WordCamps.

Although the above quote references WordPress.org, WordPress.com is a platform that Mullenweg controls. It’s odd that the ability to upload a theme or plugin that is not 100% GPL exists on WordPress.com. I believe the feature is an oversight and will be removed in the immediate future ensuring that only themes and plugins from the official directories are allowed to be used.

Managed WordPress Hosts Have Reasons to Be Concerned

Responses to the news from members of the WordPress community are mixed. Phil Crumm, Director of Strategic Opportunities at 10up, published a great article that examines the potential impacts this move will have on the managed WordPress hosting ecosystem and its community:

Within the WordPress community, there’s long been a notion that ‘more users on WordPress’ is universally good. Until now, that’s been difficult to argue: an expansive ecosystem has developed over the last decade, and many now make their living off of WordPress.

Despite that, WordPress.com’s Business Plan now feels like it’s oriented towards cannibalizing users from elsewhere within that ecosystem — from sites that may have ‘grown up’ and moved to another hosting provider to those that now may not know that the broader ecosystem even exists — which is objectively a step backwards for the WordPress community.

Tony Perez, co-founder and CEO of Sucuri, says the implications are gravest to managed WordPress hosts. “The biggest impacts however are likely to be towards those hosting companies that have invested resources (both people and dollars) into creating a vibrant Managed WordPress hosting business ecosystem,” Perez said.

“Long are the days when the market was defined by Page.ly and WPEngine. Today I would consider the space to be saturated, with more flavors of Managed WordPress than ice cream at a Baskin-Robbins.”

Chris Lema, a member of Liquid Web’s Leadership team, responded to the article saying it’s rare for manufactures to enter the same market as their distributors or partners.

“While not impossible, we rarely see manufacturers get into the same business as their distributors or retail partners,” Lema said.

“That’s because it can create a lot of unwanted, unplanned for, unintended secondary consequences. But to inexpensive hosts, this is one of those head-turners, because they were assured, for oh so long, that this wasn’t the game Automattic was getting into.

“But Automattic is not just a nice community player. They’re a business. With investors. And they have to think about their own bottom line. So while it’s not surprising, I think you’re right that hosts have the most to be thinking about.”

Others like Scott Bolinger, have expressed cautious optimism regarding the change.

Some theme and plugin authors see it as a growth opportunity. Josh Pollock, founder of CalderaWP, is excited to see WordPress.com become a quality hosting option for his users.

“As a plugin author, I like not just more places for my plug-in to be used, but more quality hosting options,” Pollock said. “Dealing with sub-optimal environments is the hardest part of being a plug-in author. I’m excited about more users and having those users be on a quality platform.”

How Much Pie Does Automattic Want?

WordPress.com offering a subset of customers the ability to access the incredible third-party WordPress plugin and theme ecosystem is a huge development, but it leaves me with a few questions. First, why is WordPress.com only now offering this feature? Why wasn’t it available years ago?

WordPress.com is now competing head-to-head with managed hosts. As initiatives are established to grow the WordPress pie for all, how much of that pie does Automattic want for itself? Considering Automattic is a business backed by investors, does it matter how much they want or get?

How do you feel about WordPress.com allowing subscribers to tap into the WordPress.org ecosystem?

by Jeff Chandler at August 11, 2017 07:12 AM under wordpress.com

WPTavern: User Tracking to be Removed from Gutenberg in Upcoming 0.8.0 Release

photo credit: Saving Chicago CPR

The opt-in user tracking that was added to Gutenberg 0.7.0 will be pulled from the plugin in the upcoming 0.8.0 release. The data collection included in last week’s release reignited the discussion regarding adding telemetry to WordPress.

James Nylen and an Automattic engineers involved in Gutenberg added the feature with the goal of improving the editor based on usage patterns. Nylen said the approach they used was very similar to Calypso’s event tracking code and that it would provide “a very useful technique to collect user experience data.” They had planned to use the data to inform various decisions, such as default order for blocks and whether some blocks are less suitable for core. Gutenberg contributors were looking into making the tracking its own module so it could be useful for other WP feature plugins and core.

Shortly after the feature was added to Gutenberg, contributors began to revisit the Telemetry discussion on WordPress Trac. The topic of telemetry for core had been tabled earlier this year, as it did not fall within the three core focus areas for WordPress development in 2017. Participants requested the ticket be reopened for discussion looking toward 2018 in light of Gutenberg adding opt-in tracking.

“I think it’s a terrible idea for Gutenberg, too,” Matt Mullenweg commented on the ticket. “I doubt that anything actionable or useful will come of it that couldn’t be obtained by non-data-collecting means.”

Twelve hours later, James Nylen commented on his original announcement to notify the community that tracking will be removed from Gutenberg in the 0.8.0 release:

There’s been quite a lot of discussion on this topic across the community, much of which stems from earlier discussions like #38418, which I wasn’t aware of.

Usage tracking in Core and feature projects is a much bigger topic than fits into the scope of Gutenberg right now, so I’ve removed it from the GitHub repo, and it will be removed in the 0.8 Gutenberg release.

The data that it was tracking, while interesting, probably wouldn’t have been a significant factor in the long-term growth and development of Gutenberg. The discussion surrounding the data collection, however, would take up a disproportionate amount of the team’s time.

Nylen said the data collected by the plugin thus far will be deleted after 0.8 rolls out and that since it’s so early in Gutenberg’s development there was “not enough data collected to provide any sort of picture of usage.”

WordPress Telemetry Advocates Continue Lobbying for Opt-In Data Collection

The discussion about whether or not WordPress needs telemetry has continued in the form of tweetstorms, as data collection advocates make the case for data-driven decision making.

“The decision not to capture metrics (telemetry) from WordPress is one that continues to have a large impact on what we (don’t) know,” Liquid Web VP of Product Chris Lema said. “As we’re trying to make decisions about Gutenberg and metaboxes, we might ask, how big a problem is this, by number of plugins or sites. But we don’t know because we decided that we can always iterate WordPress, like we’ve always done. It’s true that we’ve done that before, but that doesn’t mean it’s either the wisest approach, nor the least risky. With so many options today, will people necessarily return? The more logical approach, in my mind, is to capture as much data as possible and to make it as public as possible, so we can all review.”

WordPress Telemetry proposal author Morten Rand-Hendriksen joined in the discussion with another tweetstorm:

WordPress needs a core method for collecting quantitative user data through telemetry (metrics). One of the biggest challenges WordPress faces is the lack of reliable data about global day-to-day use. Like most Open Source projects, WordPress has relied on community feedback as its primary data source, which is fine for a small project. The problem is WordPress is a Very Big Project with global reach and the majority of its users never interface with the community.

I like to say we, the people who talk about, provide feedback for, and design/develop WordPress are the 1%. It might be more like 0.1%. Making decisions based on the traditional community feedback model is making decisions without knowing anything about the majority of users. Some will argue this is fine, that WordPress is developed by those who show up. That’s not a workable or responsible model for a project. We, the people who build WordPress, have a duty of care to the people we build it for. And those people are not us. ‘We can just do user testing,’ you say? Sure. Let’s do proper qualitative user testing. That requires staffing, funding, and infrastructure. User testing for a project like WordPress is non-trivial. It requires professional analysis.

Rand-Hendriksen’s tweetstorm continued with a summary of his telemetry proposal which would be opt-in based on a plugin prompted from core. The plugin would anonymize all collected data and allow for targeted data collection based on research needs. He proposes that the data be stored on servers owned by the community, separate from corporate interests, so the data can be shared openly to ensure transparency. The ticket for this feature request is currently closed.

“There’s a ton going on, and it’s far more important than built-in big brother centralized tracking,” Mullenweg said in response to Rand-Hendriksen’s tweetstorm. “Do it as a plugin or with a host and show it informs a decision that we wouldn’t have taken otherwise. And remember that past usage is not a good predictor of future success, or what the world needs. We need to build iPhones not Blackberries.”

During the 2016 State of the Word address, Mullenweg proposed a new structure for core releases in 2017 where he would be putting on the ‘product lead’ hat and have design and user testing lead the way. As feature requests have popped up outside of the three core focus areas, Mullenweg has had to systematically shut them down or put them on hold for later in order to keep Gutenberg on track.

However, it’s not surprising that the engineers leading the Gutenberg project, most of whom are employed by Automattic, wouldn’t think twice about adding user tracking. The company has a blog entirely devoted to data where its data scientists write about the data pipelines they have built to help the company create a sustainable business. Historically, Automattic has strongly embraced using data in making decisions, which is why Calypso has event tracking built into it. Mullenweg is taking a different product leadership approach with the open source WordPress project.

“For people unhappy with our direction, no amount of data will change their minds,” Mullenweg said in response to critics on Twitter. “The results will tell. I’m happy to stand by them the past 14 years, and believe the next 14 will validate our approach.”

by Sarah Gooding at August 11, 2017 02:08 AM under telemetry

August 10, 2017

WPTavern: WooCommerce Forks select2, Releases selectWoo as a Drop-In Replacement with Improved Accessibility

The WooCommerce development team has forked select2 to create a more accessible, drop-in replacement library called selectWoo. select2 is a widely used jQuery-based library for making custom drop down menus. Many users are wondering if the project has been abandoned, because the repository hasn’t seen any activity since February and 115 pull requests have piled up.

In the interest of fixing some long-standing accessibility issues with the library, WooCommerce opted to fork it and has merged in some of the PRs that were submitted to the original project. SelectWoo is backwards-compatible and can be used the same way as select2 by simply replacing the select2.js file. It has been optimized for WordPress plugin development and can optionally be initialized with .selectWoo() in order to run alongside other versions of select2 that may be used by other plugins on the site.

SelectWoo makes many improvements for those who are using screen readers, but it needs more accessibility testing. Beta 1 is availabe on GitHub. The WooCommerce team has even created a testing page with different example pages so those using screen-reading software can easily test for bugs.

Forking is usually a last resort scenario for extending popular open source libraries, but the WooCommerce team wanted the flexibility of improving the project on their own timeline. One concerned developer asked the team what will happen in the future if select2 gets back on track and why they didn’t just submit pull requests to the select2 repository.

“With a fork we can at least get things merged in to meet our own schedule, rather than waiting/relying on others or running custom versions,” WooCommerce lead developer Mike Jolley said. “There are other benefits, too, such as allowing our version to be namespaced to avoid conflicts in WP admin. The fork is public. Our changes can be merged back, when/if the project picks up again.”

Both WordPress and Drupal core contributors have been working to address accessibility issues in select2 since 2015 when the WP Accessibility Team performed extensive testing on the library to see if it was fit for use in core. Some initial planning work happened but work on these issues stalled out as select2’s maintainers became unavailable.

“I’d do it with PRs if I thought they would get merged in, but I doubt they will,” WooCommerce developer Claudiu Lodromanean said. “There’s been no action in this repo in about six months and the fork contains some PRs that have been waiting to get merged here for a very long time.”

Forking a project can needlessly fragment its contributors by causing them to have to choose one or the other, especially as the projects diverge down the line. Motivated contributors may submit multiple PRs across both projects for improvements but most will simply contribute back to the project they use. Select2’s maintainers have not published any news about why the project has gone dormant.

“There are over 100 PRs in the select2 repo unmerged,” Jolley said in response to commenters asking about the necessity of the fork. “Some of these we actually need, so with the fork we’re free to merge these as needed. The accessibility issues are hurting users today, so we cannot really afford to wait.”

by Sarah Gooding at August 10, 2017 03:54 AM under woocommerce

WPTavern: WPWeekly Episode 284 – Catching Up with David Peralty

In this episode, John James Jacoby and I are joined by David Peralty. Peralty is a prolific writer with more than 30K articles published online for various media outlets. He also co-hosted WordPress Weekly episodes 41-75 in 2009.

We discuss the rise and evolution of blog networks over the years, the current state of WordPress development, and what he thinks of Gutenberg.

We have a great conversation about working remotely and how working in an office with great people focused on the same goal can be an energizing experience. Later in the show, Jacoby and I discuss the news of the week, including the idea of opt-in usage data tracking in WordPress.

Stories Discussed:

Publishers Are Moving Back to WordPress After Short Experiments with Medium
Trademark Trial and Appeal Board Dismisses Automattic’s Trademark Dispute Against Chris Pearson
Gutenberg 0.7.0 Adds Opt-In Usage Tracking
Gutenberg Development Team Confirms Meta Box API Will Not be Formally Deprecated
WordPress Core Fields API Project Sees Renewed Interest

Picks of the Week:

Comment moderation is not the same as censorship, or is it?

Censorship in Moderation

Not Trac by Ryan McCue, connects to WordPress.org’s Trac instance via XML-RPC. Before using, please read McCue’s warnings about usernames and passwords.

WPWeekly Meta:

Next Episode: Wednesday, August 16th 3:00 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #284:

by Jeff Chandler at August 10, 2017 12:43 AM under trademarks

August 09, 2017

WPTavern: WordPress Foundation to Sponsor Open Source Educational Events

photo credit: 16th st(license)

The WordPress Foundation is sponsoring a new series of workshops and training events that will introduce people to WordPress and related open source software. The program targets communities in Latin and South America, Africa, Oceania, and Asia.

“Specifically, we want to shine more light on the potential of open source software in countries where there is less participation in OSS projects,” WordPress Community Team leader Andrea Middleton said. “To help spread the word about the potential that open source has to offer, we’d like to provide financial support for two educational events this year, to be organized in parts of the world with less participation in open source.”

After the success of the WordCamp Incubator Program, which brought three new camps to Indonesia, Zimbabwe, and Colombia, there is some evidence that initiatives to bring WordPress to other parts of the world can have valuable returns. Harare is hosting its second WordCamp in November and the local meetup group has nearly doubled over the past year. The other camps had similarly successful events and growth in meetup numbers.

WordCamp Harare organizer Thabo Tswana said that one of the biggest impacts that the first WordCamp had was to introduce local attendees to the WordPress community. WordPress software is well-known across the world but many do not know that there is a strong community behind the project that they can connect with.

The WordPress Foundation is looking for organizers to host “Introduction to Open Source” events that will be structured as two-hour workshops using training materials available in the WordPress handbook. The goal is to introduce attendees to the world of open source software, the GPL license, and how it is important for WordPress as an open source project.

The Foundation is subsidizing the events (up to $500) so they will be free for anyone to attend. A 10-question application is open for those who want to organize an event in 2017. The call for organizers says that preference will be given to organizers who are already members of a group that is part of WordPress’ meetup chapter program and areas where no WordCamp has previously been organized. Applications close August 21 and successful applicants will be notified by September 8.

by Sarah Gooding at August 09, 2017 07:19 PM under wordpress foundation

Post Status: Publish Conference, in pictures

Pictures from Post Status Publish were almost all taken by Brian Richards, unless they are pictures of Brian Richards. I took those.

We had a great time learning and networking in Atlanta, and here’s a snippet of our time together. The event consisted of two full days of talks from some pretty amazing speakers.

Special thanks to Liquid Web for being our platinum sponsor, and to Jetpack, Pantheon, and SiteGround for being gold sponsors. Without them, and our wonderful attendees of course, none of this would be possible.

Video is being processed and will be available to all attendees, and we’re working out how exactly to make them available for other folks who may want to see the sessions.

by Brian Krogsgard at August 09, 2017 06:39 PM under Everyone

HeroPress: WordPress Ate My Life—In a Good Way

Pull Quote: Thanks to the WordPress meetup, I found focus, fun, friends, and what passes for fame.

I did not spend my childhood wanting to grow up to be a WordPress consultant. Given that I was born in 1967, long before the World Wide Web even existed, I would have had to be clairvoyant to aspire to any kind of web development. I was intrigued by computers when I first encountered the TRS-80 at the age of 12, but other than learning a few lines of BASIC, I didn’t pursue programming.

Parenthetically, I don’t think it was because girls weren’t encouraged to become programmers. This was even before the days of the Control Data Institute commercials on TV. Programming as a career for anyone at all was not in the minds of the general public, at least not in Ohio. And although I thought computers were cool (being a science fiction fan and all), I didn’t have any clear sense of what you could do with them. I never made the mental connection between writing a 10-line program in BASIC and eventually creating something like a video game or a word-processing program.

During my freshman year in college, I fell into the Classics Vortex, and ended up going to graduate school to study Greek and Latin drama. I expected to get my degree and a university teaching job.

I spoke at a few conferences and published a few papers. And I discovered the World Wide Web.

I’d gotten online in 1985, also in my freshman year at Brown. We were on BITNET and someone in the computer center showed me how to get onto Relay when I was down their using the mainframe to write essays with. (Fly, sledgehammer, boom.) The Internet came into being about the time I got to graduate school in 1989, and someone showed me the Web in 1994. It blew me away, because a visual medium of communication is vastly superior to a text-based medium when you’re talking about theatrical productions.

By the end of 1994 I’d moved to England and created my first web page. (We didn’t have websites in those days, just ‘pages.’ Even if there were lots of pages. And wow, I just wrote that in inverted commas rather than quotation marks, as if my brain shifted itself back to Britain just thinking about it.)

Sallie’s first website, Didaskalia, as it was in 1998Sallie’s first website, Didaskalia, as it was in 1998

So you’d think that maybe, from there, I would have gotten into a career in web development whether or not WordPress had ever existed, but that wasn’t what actually happened.

When Your Body Isn’t Your Friend

While I was still in graduate school, I developed a debilitating chronic illness that prevented me from finishing my PhD due to a combination of physical and cognitive problems, and although I started to get better at first, by the end of 1998, when I had to return to the US, my condition had worsened to the point where I wasn’t sure I’d ever be able to work. I spent about 18 months just going to doctors and therapists and support groups. When I did start working, it was as a caregiver, doing extremely simple tasks, because my confidence in my ability to do knowledge work of any kind was so badly damaged.

I eventually started doing more kinds of things to earn money: clerical work, basic tech support, writing. Somewhere in there, I helped a couple of people with their websites, even though I’d missed a whole lot of the evolution of the Web. (I’m not at all sorry to have skipped Flash.) I was feeling considerably better thanks to new medication, and easing my way toward being self-supporting, but at the time I discovered WordPress in 2005, I was suffering from a bad case of Multiple Business Personality Disorder. I had a number of useful skills, but no clear focus or unifying principle.

I had started my first blog on Blogger in January 2005, but within a few months I found myself hanging out with a lot of podcasters, and almost all of them used WordPress because the PodPress plugin (RIP) made it so easy to publish feeds with enclosures. I started to explore WordPress further, and within a few years had migrated my blog from Blogger because they stopped allowing you to self-host your blog. WordPress had meanwhile introduced pages, making it possible to build an entire website rather than having an HTML website and a WordPress blog.

Finding Community

But WordPress would probably have remained a sideline if I hadn’t started going to WordPress meetups. I was at a podcasting meetup in San Francisco in late 2008 when someone mentioned a WordPress meetup in SF. I went to a meeting (I think in January 2009) and someone THERE mentioned that there was a WordPress meetup starting in the East Bay, closer to where I lived. I went to that meeting in February 2009…and the rest is history.

It wasn’t that the first meetup was such an amazing experience. The organizer was new at running a meetup and we were all strangers to each other. But somehow talking about our shared interest in WordPress just made us more interested.

I’ve always been a service junkie, and I’d been involved with other networking groups for years, so it wasn’t long before I found myself co-organizer, helping to plan and run the meetup and welcoming new members as they joined. Through the meetup, I started to learn more about the WordPress community and open source software. A group of us went to WordCamp SF 2009.

East Bay WordPress Meetup members at WCSF 2010East Bay WordPress Meetup members at WCSF 2010

Because of the meetup, I made more and more connections in the wider WordPress community. Because of the meetup, I learned a lot more about WordPress than I would have on my own, in part because I often had to teach it. Because of the meetup, more WordPress-related work came to me. I started to learn more code, little bits and fragments at a time. WordPress drew me in deeper and deeper as time progressed. In 2012, I officially registered WP Fangirl, and since that time, almost all my income has come from WordPress work.

All the WordCamps

I went to all the San Francisco WordCamps between 2009 and 2014, after which WordCamp US was instituted. By the time the first WordCamp Sacramento was announced in 2015, all the meetup presentations I’d done gave me the confidence to submit a talk. It was accepted. I’ve since spoken at WCLAX 2016 and WCSAC 2016. I’m working on my presentation for WCSAC 2017. (I’d love to travel for more meetups, but it’s not in the budget.)

Speaking at WordCamp LAX 2016Speaking at WordCamp LAX 2016

The experience I had with the Meetup made me want to connect more and more with other WordPress people, and to help out where I could. As I said, I’m a service junkie, so I readily embraced the idea of giving back to the community. I’m not a good enough developer (yet, anyway) to be a core contributor, but there are lots of ways to contribute. The main one, in my case, is organizing the meetup, though it took me until 2016 to join the official WordPress Community meetup program.

I was also very active in the main WordPress LinkedIn group for several years, which led to O’Reilly hiring me as the technical reviewer for WordPress: The Missing Manual. (It may also have contributed to the gig I had in 2011 making WordPress videos for Peachpit Press and the one in 2012 and 2013 teaching WordPress for Mediabistro.)

I started listening to WordPress podcasts in about 2006, though WP Weekly is the only one of those early shows that’s still around. There are tons of new WP podcasts now, more than I can keep up with. I got invited to participate in one, the WP-Tonic panel, starting in 2015. You can hear me being mouthy and opinionated there almost every week. I follow WordPress people on Twitter, belong to WordPress Slack teams, and have been known to dream about WordPress.

Thanks to the WordPress meetup, I found focus, fun, friends, and what passes for fame. I’m still working on fortune, but I can tell you that the secret to the many great referrals I’ve gotten from my extensive network of WordPress connections is this: don’t go into it looking for what you can get. Just concentrate on what you can give, and never stop learning.

The post WordPress Ate My Life—In a Good Way appeared first on HeroPress.

by Sallie Goetsch at August 09, 2017 12:00 PM

Post Status: Live from Publish: Challenges facing the WordPress Economy — Draft podcast

Welcome to the Post Status Draft podcast, which you can find on iTunes, Google Play, Stitcher, and via RSS for your favorite podcatcher. Post Status Draft is hosted by Joe Hoyle — the CTO of Human Made — and Brian Krogsgard.

In this episode, Brian and Joe are live at Post Status Publish and answer questions from the conference audience. They are asked about mistakes they think the WordPress product ecosystem is making, the challenges of working remotely, and many more existential questions.


Direct Download

Publish was a lot of fun, and we’ll have more audio, video, and pictures available over the coming weeks.

Sponsor: Liquid Web

Liquid Web was the platinum sponsor of the Publish podcast, and therefore this episode of the podcast as well. If you haven’t tried Liquid Web’s Managed WordPress product, it’s time. They are doing awesome work in this space for mission critical sites.

by Katie Richards at August 09, 2017 12:29 AM under Everyone

August 08, 2017

WPTavern: WordPress Core Fields API Project Sees Renewed Interest

As work continues at a feverish pace on Gutenberg, many developers throughout the community are engaging in discussions on how meta boxes will be handled in the new editor. The team is considering various solutions and some have suggested that a Fields API in core would have made the future of meta boxes less of an issue.

I reached out to Scott Kingsley Clark, lead developer of the Pods Framework and one of the main contributors to the Fields API project. Clark explains what the Fields API is, its current status, its relationship to the meta box discussions, and how to contribute.

For those who don’t know, what is the Fields API project? How would it impact users?

It’s a feature proposal for WordPress core to allow registering fields to different screens in the admin area through a single API. For posts, this would add new meta boxes and fields within them. For users, it would add new sections and fields to the profile screen. The goal is to integrate with all of the different admin screens including, Posts, Terms, Users, Media, and Comments.

Typical users would notice that the fields added by plugins they are using all have a similar look and feel. That’s really an oversimplification of what’s going on behind the scenes, but it’s one of the big benefits as well, since it shouldn’t really affect end-users beyond improving consistency of different screens and potential redesigns.

What has caused progress on the project to slow down?

I was out-of-town for a all-hands company meetup, lead organized WordCamp Dallas-Fort Worth 2016, and ran PodsCamp 2016 in Austin, TX, all in the span of about a month and a half. It was intense, but somehow last summer I thought I could manage moving too.

We were in the process of showing our house, almost all of the time, so that we could sell it. The buying process was full of thorns, with a move that was pretty fun. I also started a new job at Modern Tribe in February, 2017.

In retrospect, yes that was way too much but the challenge was met and the only thing that suffered was the Fields API project, which was no easy feat. It’s unfortunate, but I’m glad to be getting back into things again this month.

Are new contributors showing a renewed interest in the project?

Yes. We recently had a few people become interested in helping. When I’ve got help, I’m 300% more productive. It’s much easier to bounce ideas off of others with shared experience than it is going alone.

How does the API relate to how meta boxes could be handled in Gutenberg? If the API were in core, how would it influence the discussion?

Here’s where the irony sets in. If we were successful in getting a Fields API into WordPress before Gutenberg was a thing, the ability for Gutenberg to revamp as much as it has planned to revamp in the post editor, would not be as hindered as it is now.

The biggest problem I see facing Gutenberg is reining in the scope that covers meta boxes. They need to get things working for meta boxes that are already being registered and used by plugin developers.

If Fields API were a part of WordPress, they would still need to keep backwards compatibility but I could easily add a meta box with my fields into the proposed Gutenberg meta boxes (still in discussion) with just a few lines of code. Plus, my fields and meta boxes registered using the Fields API would work just fine on pre-Gutenberg sites.

Another parallel here would be the User edit screen, which has had much discussion about revamping the way it looks. It’s very difficult to revamp it and give it consistency without a Fields API already in place. It’s not impossible, but many problems come to the surface during any approach to ‘React-ify’ it, utilize meta boxes, or whatever it would use.

How can people get involved/contribute to the Fields API project?

I’m very excited to have others interested in moving the project along. I’m eager to gain more interest. They can join us in #core-fields on WordPress Slack if anyone is interested. They can also follow the project on GitHub where pull requests are welcomed.

Clark also says that the GitHub repository will be revamped soon to provide more focus on making the project a feature-plugin first instead of a core proposal.

by Jeff Chandler at August 08, 2017 09:47 PM under meta boxes

WPTavern: Gutenberg Development Team Confirms Meta Box API Will Not be Formally Deprecated

photo credit: Doors Open Toronto 2008 – Toronto Archives(license)

The discussion surrounding how Gutenberg will handle meta boxes heated up over the weekend after a participant commented on the GitHub issue with concern regarding meta box support being removed from the most recent milestone.

“I see this vital issue has been removed from any milestone,” @steveangstrom said. “It has been de-prioritized again while bells and whistles for blog editing get lots of work and are added to betas. This is very worrying for the future of WordPress as a CMS.”

James Nylen, one of the lead developers on the project, reassured followers of the topic that the Gutenberg team has not forgotten about the issue but rather that it is “an extremely complicated issue that we are only beginning to look into, along with many, many other priorities for getting the editor working well.” He also asked for help from the community in planning and testing implementations for supporting meta boxes.

This response left many things unclear. Participants in the discussion, many of whom are developers concerned about about the prospect of having to rewrite all of their meta boxes as React components, are wondering why meta boxes cannot work alongside the new Gutenberg editor and why the team chose to include meta boxes in the scope of the project.

“Is it possible to replace the existing TinyMCE post editor with Gutenberg while leaving the rest of the interface, including meta boxes and existing hooks, unchanged?” Kevin Hoffman asked. When Nylen clarified that Gutenberg, as written today, is intended to be a post_content editor, Hoffman summarized the concerns that many developers have expressed:

If Gutenberg is truly intended to be a post_content editor, then meta boxes should be left alone as they are not concerned with post_content.

Furthermore the need for an API to translate PHP meta boxes into React meta boxes is a manufactured problem. It does not have to be a problem, but it has become a problem because somewhere along the line it was decided that rewriting the post_content editor should also completely change how meta boxes work.

You’ve outlined the tremendous challenge of writing such an API in #2251. Translating PHP meta boxes into React for a popular custom fields solution like ACF is challenging enough, let alone trying to do so for every meta box implementation that exists today, popular or not. It does not scale.

As the Gutenberg contributors shared that they have only just begun to look into the meta box issue, it’s now clear why there is no roadmap for how the project will handle “legacy” PHP meta boxes. In July, Nylen said, “If I had to guess where we will end up here: current metaboxes will be moved to a “legacy” area and we will provide APIs, documentation, and examples for registering ‘new-style’ metabox-block-thingies.”

Plugin developers who manage meta box libraries, agencies, and other concerned parties are following the ticket to find out how to plan for the WordPress 5.0, which has been targeted as the Gutenberg release. Andrey Savchenko asked if WordPress plans to formally deprecate the meta box API, which finally drew a clear answer from the team. Matias Ventura responded:

“Does WordPress intend to formally deprecate Metabox API?”

The question that is not fully answered yet is how do meta-boxes work in the context of the Gutenberg editor. Should they remain the same or evolve? How can we move towards the design goals with the least amount of disruption possible?

This issue has been lingering not due to a lack of desire, but lack of resources. The primary focus for this project is to offer a rich content editing interface that optimizes for direct manipulation of user content through the notion of blocks. (Having used meta-boxes extensively for various projects, I believe blocks can offer a better step forwards for many of those needs while providing a better user experience.)”

Ventura listed several options the team has considered for handling meta boxes and requested help from the community to build the best solution:

  • If we detect a meta-box is registered we can fallback to the old interface, nothing changes.
  • We could split editing the content and modifying meta information into two screens or stages.
  • We can try to see how feasible it is to render these as they are (PHP) below the content: #2251.
  • A theme/plugin/CPT could unregister the new interface as needed.
  • Various items that relied on meta boxes could be converted to blocks for UI (still storing data separately).
  • We could implement API based meta boxes extensibility like the Fields API.

When pressed to answer the question of why meta boxes are being included in the context of the new editor, Gutenberg design lead Joen Asmussen clarified how the team decided to include meta boxes in the scope of the project:

Gutenberg did start just with the editor box. The kickoff goal was to unify multiple disparate interfaces under a single unified block interface. It quickly become apparent that in order for us to create a compelling experience revolving around this unified block interface, we had to consider the full writing flow, including settings and publishing.

If the key strength of WordPress is to make it easy for anyone to create rich posts, then we can’t just design for those of us who already know how to use the editor. We have to consider users who’ve never used WordPress before, and what they expect in a modern publishing interface. Otherwise we’d just be adding cognitive load to an already heavy interface.

The question of how meta boxes will fit into the context of the Gutenberg editor is still open. Participants in the discussion are eager to have this question answered for the sake of backwards compatibility and also because it affects ongoing decisions regarding Gutenberg development and screen design.

“I completely get how much work has been done towards the ‘screen’ replacement approach,” Xavi Ivars commented on the issue. “But shouldn’t a project that started with the goal of a ‘post content editor’ replacement, have gone back to the community before deciding unilaterally that it would replace the whole editor screen?”

The meta box API isn’t being deprecated but there’s also no clear path forward for how Gutenberg will support “legacy” PHP meta boxes. The Gutenberg team said the issue has not been solved due to lack of resources. The project needs community input and better communication if the team is going to land on a solution that will seamlessly usher the majority of WordPress sites into the Gutenberg era with the least amount of breakage.

Currently, the feasibility of rendering legacy PHP meta boxes below the content is fraught with challenges and still up for debate. If there isn’t enough time or client resources for developers to rewrite their work into JS-driven meta boxes, then a clear path for opting out of the Gutenberg interface may be necessary for sites that need to preserve the legacy “PHP” meta boxes.

by Sarah Gooding at August 08, 2017 07:54 PM under meta boxes

August 07, 2017

WPTavern: Gutenberg 0.7.0 Adds Opt-In Usage Tracking

Gutenberg 0.7.0 was released just before the weekend with improvements to the writing flow and greater flexibility for theme authors to add their own customizations. Last week’s version 0.6.0 release made significant changes to the way paragraphs are created within text blocks, allowing for blocks to split when pressing enter. However, it inserted a “New Paragraph” placeholder that was distracting for users trying to stay in the flow of writing.

Version 0.7.0 hides placeholders on focus, providing a cleaner experience of starting a new paragraph. After a user has already intuitively initiated a new paragraph by pressing enter, the “New Paragraph” placeholder holds little value. Removing the placeholder is a minor improvement that brings Gutenberg closer to providing a better experience for long-form writing.

This release also introduces theme support for customized color palettes and a shared component, such as cover text and button blocks. The sample code below shows how easy it would be for theme authors to implement their own color palettes.

Gutenberg contributors have also added theme support for wide images. According to the inline docs, this allows for some blocks, such as the image block, to define a “wide” or “full” alignment by adding the corresponding classname to the block’s wrapper ( alignwide or alignfull ).

These additions offer theme developers a better picture of where Gutenberg is headed in regards to themes. The plugin’s contributors are slowly building in more points of customization so that theme authors can add or override Gutenberg’s styles and provide additional opt-in features to their users.

Theme support for wide images has already been committed to Tammie Lister’s experimental Gutenberg Theme. The project was created to showcase how Gutenberg will interact with WordPress themes and is still a work in progress.

Gutenberg Adds Opt-In Data Collection

After updating the Gutenberg plugin to 0.7.0 and navigating to the editor, users are presented with the option to opt into data collection about their usage of the editor. The usage data, which is anonymous and does not include post content, is sent to WordPress.com for future analysis. Gutenberg contributor James Nylen explained how the data tracking works in a post on Make.WordPress.org.

“The Gutenberg plugin contains a mechanism to count how often specific actions occur over time,” Nylen said. “If the user has previously clicked ‘Yes’ on this screen, and an event occurs that has an associated bumpStat call in the Gutenberg code, then this event is sent to WordPress.com servers by loading a special ‘pixel’ image.”

Gutenberg’s tracking code stores the “group” and “name” sent with the bumpStat call (short strings of text), along with the time the event was recorded. Nylen said the team will use the data to improve the editor based on usage patterns. This data collection information is currently only available to those with access to WordPress.com servers.

“As Gutenberg is an open-source community project, we view this data as belonging to the WordPress community, so we also plan to make this data available via a public dashboard,” Nylen said.

He shared an example of the data that has been collected from the plugin over the past few days since 0.7.0 was released. This chart is a preview of the number and types of blocks that users have added to posts while testing the editor.

“The approach taken here is very similar to Calypso’s event tracking code,” Nylen said in the pull request for adding the data collection. “We can use the data added in this PR to inform various decisions such as default order for blocks and whether some blocks are less suitable for core, and more generally this is a very useful technique to collect user experience data.”

The majority of Gutenberg’s chief contributors are Automattic employees, so it makes sense that they would use the options and infrastructure available to them to quickly get data collection going in Gutenberg. However, the data from these tests needs to be shared with the greater WordPress community as soon as possible, since it is being collected in the name of the WordPress project. Ideally, it would have been set up to be displayed publicly before asking users to opt into the collection.

Gutenberg contributors are also considering making the data collection more modular so that it could be used with other WordPress feature plugins or existing features in the future.

“Maybe the tracking could be its own module, it could be useful outside of the editor (and other WP feature plugins later),” Riad Benguella said. “Longer term (or not), WP.org needs its own tracking infrastructure and this could be very useful to enhance WordPress.”

by Sarah Gooding at August 07, 2017 08:05 PM under gutenberg

Follow our RSS feed: 

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this site, send an email to Matt.

Official Blog

For official WordPress development news, check out the WordPress Core Blog.


Last updated:

August 19, 2017 04:30 PM
All times are UTC.