WordPress Planet

October 18, 2019

WPTavern: Product Reviews in the WordPress Ecosystem: Honesty and Genuine Experiences

I don’t write fluff pieces. I call ’em like I see ’em. If your project is a dumpster fire, I’m going to say it’s a dumpster fire.

Whenever someone comes to me in hopes that I review their product, I give them some form of the preceding paragraph. It doesn’t matter if it is a plugin, theme, web host, or some other product. What matters is that I write my review with honesty and offer my genuine opinion about the thing they built.

I rarely read most product reviews in the WordPress community anymore. Far too often the reviewers are not offering their genuine experience with a product. You get something like “XYZ is a multi-purpose theme that is built for…yadda, yadda, yadda…” Yawn. It reads as if publishers are trying to sell a product. If you dig deep enough, you realize that is what many are doing (hello, affiliate links).

I also have it on good authority (I’ve seen some of the email exchanges) that a lot of money exchanges hands behinds the scenes for reviews. Most of the time, publishers are not writing a review of the product. They are selling you their dreams of a continued working relationship with the product maker.

There’s nothing wrong with affiliate links if a publisher loves a product. There’s no issue with paid reviews if such reviews are honest experiences with the product. There’s also no problem with writing a love letter to your favorite plugin and theme with no financial incentive.

However, what I generally see are shallow reviews at best. Many, dare I say most, reviews are not genuine. They are certainly not real journalism.

The best place to find genuine reviews are from the user ratings on WordPress.org, assuming the plugin or theme is available there. Users tend to not hold back, particularly if their review is negative.

It is tough as an artist (yes, I consider all programmers artists). I’ve been on the receiving end of negative reviews of things I’ve built. You learn to grow thick skin after a decade of putting your art out into the world.

When I was younger, I tended to be a bit hot-headed whenever I got a bad review for something I had built. After pouring my heart and soul into a project, it cut deep to read a negative review. I wasn’t always the most gracious receiver of such reviews. There are responses I wish I could take back. Looking at those times now, I wish I would have been more open to hearing what the reviewer was saying. Even if I disagreed with every word, it did not mean that the person wasn’t providing me something of value with their review.

With age and I hope a little more wisdom, I usually give myself time to think about what someone is saying before I respond. I allow my thoughts time to develop and mature. Often, it turns out, critical reviews are far more helpful in making better art than all the five-star ratings in the world.

When I took the writing position at WP Tavern, I wanted to bring a review format to the website that is missing within our community. I wanted to do reviews based on my experience as both a user and a developer. I admit that I was not prepared for a negative reaction to what was in part a negative review. As always, I gave myself time to read and think over what some commenters were saying. This article is my response.

Reviews Are About Personal Experience

One of the things I learned early on as a writer is to not second guess myself, especially when writing an opinion piece. It is not good for one’s mental health.

An opinion piece is about the moment. It is raw. It is passionate.

Writers’ opinions may change over time. They are human and have the freedom to change their minds later. However, an opinion-based story should reflect that single moment in time and what the author’s feelings are at that moment.

There’s a common (and wholly incorrect) notion that journalism should be nothing more than facts, that subjectivity is not allowed. Throughout the several hundred years that some form of journalism has existed, there has never existed a point where the whole of the field was objective. Even in the early days of U.S. journalism, my country’s founders published articles in newspapers to sway public opinion on ratifying the U.S. Constitution.

Reporting, which is one form of journalism, does not represent the whole. It is the most objective form of journalism in which the reporter simply tells the news to readers. We certainly do plenty of that at the Tavern. However, other forms like editorials, features, and reviews are as important. These forms take a different approach.

Reviews are the unwieldy beasts of journalism. They are hard to tame. They’re not always pretty. However, they should always be true to their nature. They can bring out angry hoards of fanboys down on the critic (ever read the comments of a critical review of an Apple product?).

Honest reviews are about personal experience. If a film critic dislikes the latest movie in the Marvel Cinematic Universe, it is that critic’s duty to write about their experience watching it. The reviewer has an obligation to not huddle in fear of Iron Man fanatics who will inevitably send ad hominem attacks his way. Holding back one’s opinion within a review is the ultimate sin of a critic.

Like with any products or forms of art, WordPress plugins and themes are not immune to this same criticism. Such criticism is even more important when the software costs money and potential buyers may be looking for genuine reviews.

Disagreement with a review is OK. Disagreements are more interesting than everyone nodding their heads in unison. What a boring world it would be if we were all in agreement.

However, I did want to address comments on my previous review about it being unfair, specifically the unfairness of my personal experience. It’s that personal experience that makes a review genuine. Not everyone’s experience will be the same. One person’s one-star rating does not discount another’s five stars. They are equally valid because they represent different experiences.

Developers Are Users Too

There’s a common idea in the WordPress community that developers are not users, that our experiences don’t count because our knowledge and skillsets are more advanced than the average. At first glance, the argument makes some sense. However, after giving it some serious thought, I reject the notion.

Martin Scorsese can’t criticize films because he makes films. There’s no way he can feel what the average person does at the cinema.

Beyoncé can’t judge a music competition because she’s a singer. She’s not listening with the ears of a normal human.

Wait; that’s not right, is it?

Why is it that developers’ opinions are so easily discounted when they are critical of user experience? I use WordPress, different themes, and various plugins every day. I use those that make me happy or serve essential functions. I don’t necessarily pick plugins out because I like their code. I use them because I too am a user in every way that a non-developer is a user. Having the ability to articulate the problems from a different viewpoint doesn’t change that.

In many ways, developers can provide more useful software reviews than “average” users because we have some past experience solving the same problems.

Offering a Genuine Review

One thing you will always get from me is honesty. When I review a WordPress-related product, you will always read about my personal experience.

I was fully prepared to say that the gloves are coming off, but the gloves have always been off. I will never hold back criticism. I’m always ready to pile on the praise too.

But, I won’t lie to you.

Who’s ready to have their theme or plugin reviewed next?

by Justin Tadlock at October 18, 2019 04:42 PM under Opinion

October 17, 2019

WPTavern: Chilean News Publication El Soberano First to Launch on Newspack

El Soberano homepage on the Newspack platform.

Nine months after the announcement of Newspack by WordPress.com, the Chilean news site El Soberano became the first publication to launch on the new platform. On October 16, the small news team relaunched with a fresh design powered by the Newspack theme and its newsroom-focused plugins.

Newspack is a project of Automattic, the parent company of WordPress.com. Its goal is to work with leaders in the news industry to create a platform that brings WordPress to more newsrooms. This year, the team behind Newspack has worked with several publications to address obstacles in journalism on the web.

The Newspack team was primarily advised by 12 publications during their first phase. Most of those publications are based in the U.S., but a few, such as El Soberano, are from other countries. The Daily Maverick from Johannesburg, South Africa, and Reveal from the Center for Investigative Reporting from California came on as advisers from the outset. However, they may also launch on Newspack sometime in the coming months.

“We had 10 sites that we’re going to launch as soon as possible,” said Steve Beatty, head of Newspack Communications. “Of the 10, one dropped out as they changed publishers. So that leaves El Soberano and eight others, and those eight should launch in the coming weeks — certainly by year’s end. We’ve got the next few queued up.”

During the initial phase, Beatty said the team was looking for small to medium-sized newsrooms that were covering local news or niche publications. The development hurdles would likely have been much higher starting with large organizations.

“We wanted newsroom leaders who were willing to experiment and try something bold and different, knowing that there was a very real chance of growing pains,” said Beatty. “The partners in our pilot newsrooms have been incredibly helpful, patient, understanding and cheerful. I’m not sure we screened for all that in the application process, but it’s worked out quite well.”

El Soberano is a Fitting Launch Partner

Content Director Roberto Bruna (left) and Executive Director Ana Arriagada (right).

WordPress.com claims its “mission is to democratize publishing one website at a time.” El Soberano, based in Santiago, is a smaller news publication with three people on the current full-time staff. Their goal is to connect citizens with organizations that will help defend their rights. The publication covers social movements within the country and to be an outlet for independent journalism.

“In our news outlet we believe that only the organized people are sovereign of their destiny,” said Roberto Bruna, Content Director at El Soberano. “Our name ‘El Soberano’ is all about el pueblo soberano, the ‘sovereign people’ in English. For us, individual rights and freedoms are crucial. Then, things like a secular state and civil rights, such as the legalization of cannabis, homoparental adoption or the right to a safe abortion, are things we report about.”

Bruna further defined the publication’s goals.

In El Soberano we defend an environment free of contamination; equal opportunities for women, ending the precariousness of their lives; a real pension system for citizens; sexual dissidence, to guarantee their equal rights and inclusion; a new development model based on innovation and knowledge; a secular state and freedom with critical thinking; urban planning and good housing solutions; consumers and a healthy and sustainable market and, finally, mechanisms that aim to create truly democratic constitutions for our countries.

El Soberano does not give space for other interest groups because such groups have the means to make their opinions publicly available. Instead, its mission is to report on social issues directly from citizens. “In them lies the power of decision regarding the direction that our democracies must take,” said Bruna.

Launching El Soberano with Newspack

As one of the first publications to launch with a new system, it’s tough to be a pioneer when a lot is riding on success. Ana Arriagada, Executive Director of El Soberano, was ready to take the news website to the next level after three years.

“When we decided to take the next step and transform El Soberano into a sustainable environment, it was a great achievement for us to be chosen for the Newspack pilot with other eleven news outlets,” said Arriagada. “We were the only news site in Spanish and from Latin America, so we felt very proud.”

Arriagada has worked with the Newspack development team over the past six months to help guide them on what tools are needed to run a newsroom.

The decision to apply for the Newspack pilot program was in part due to avoiding pitfalls they had seen with other digital media websites. “Friends with their websites hijacked by a former ‘friend’ developer when they try to move to a new platform, custom developments that only the author understood, huge invoices for maintenance hours, or even spending months working on a design that was not possible at the end,” said Arriagada. They wanted to avoid other problems such as taking too long to apply changes to the homepage in the fast-paced world of journalism where new stories should be front and center.

Arriagada said such problems were resolved with Newspack and their team can concentrate on editorial and revenue generation.

El Soberano originally launched on WordPress.com in January 2016. Arriagada said it was nearly impossible to find a good selection of templates that were built specifically to solve the problems of the news industry. “In Newspack we have the chance to combine different content blocks adapted to our needs, showing content in flexible ways,” said Arriagada. “Now we have tools designed to generate revenue with the experience and best practices from world-class digital media.”

Arriagada called working with the Newspack team a “journey of discovery.” In the beginning, it wasn’t clear how the team would use the information they were collecting from El Soberano and other publications or how the team would resolve issues based on the information provided. Eventually, they received design proposals, which allowed them to get a feel for what they wanted and to further provide feedback to the Newspack team.

“Later, we received the access to the platform where we were able to play around, putting things in order, creating and implementing what we were looking for,” said Arriagada. “More feedback, corrections, hopes, and dreams.”

She said that working with the Content Blocks system allowed her team to better create and assemble their homepage and articles. “But maybe the most interesting thing for us,” said Arriagada, “was that Newspack team and other news sites from the pilot program proposed things that we don’t consider for our site, such as an ultra-flexible donation system or workflow systems. We see a lot of power in that collaborative way to develop a product.”

The Future of Newspack

Newspack launched phase two of its program in July, which sought to bring 50 more newsrooms to the platform. The new publications should be announced shortly.

“Both the initial pilot group and this group of 50 (or so) are part of the one-year development period, which ends on February 29,” said Beatty. “We’re still determining what will happen on March 1. We’ll have a better sense of that when we start working with the 50 and see how quickly we can turn them around.”

Like much of Automattic’s work, it is open source and freely available to the public. Newspack is a collection of packages to create a platform for newsrooms. Of note are the following repositories.

Developers can find all eight plugins from the Automattic GitHub page if they want to give them a spin.

by Justin Tadlock at October 17, 2019 05:56 PM under Newspack

October 16, 2019

WordPress.org blog: Empowering Generations of Digital Natives

Technology is changing faster each year. Digital literacy can vary between ages but there are lots of ways different generations can work together and empower each as digital citizens.

No matter whether you’re a parent or caregiver, teacher or mentor, it’s hard to know the best way to teach younger generations the skills needed to be an excellent digital citizen. If you’re not confident about your own tech skills, you may wonder how you can help younger generations become savvy digital citizens. But using technology responsibly is about more than just technical skills. By collaborating across generations, you can also strengthen all your family members’ skills, and offer a shared understanding of what the internet can provide and how to use it to help your neighborhoods and wider society. 

Taking Gen Z Beyond Digital Savvy

Open up the dialogue

Even if you’re not fully confident in your own tech skills, you can help develop digital citizenship skills in others. If you feel comfortable during everyday conversation, you could describe a tech situation you have come across and ask family members if they have ever experienced something similar. You can give them a chance to share how they handled it or how it made them feel. This can help encourage them to think critically and to react with empathy. And being asked for advice can make them feel appreciated and empowered. But opening up the conversation can also be as simple as asking if they’ve seen anything online lately that they found interesting or wanted to talk about.

Share access to free and affordable training

Open source content management systems have made online publishing accessible to a more diverse group of people. Dozens of content platforms offer hands-on training at no or low cost. WordPress.tv, LinkedIn Learning, and others have low-cost video libraries with thousands of recorded talks and workshops and the WordPress Training team have excellent downloadable lesson plans and materials. These platforms not only feature content that helps develop tech and content creation skills but also content around ethics, diversity and community building.  

Find a sense of community and belonging

One of the disadvantages of increased digitalization is that younger generations and us all may spend less time hanging out in-person. Digital time spent with others is no replacement for in-person interactions. The awareness and mutual understanding which comes from back and forth interaction is needed for positive interpersonal skills. This is hard to replace in digital communities and those skills can only be learned with lots of hands-on practice. 

Learn the many benefits of volunteering 

There are WordPress events across the world that provide a great place to learn new skills to share with your families and friends. Some work with schools and colleges to offer special events which are open to all ages. There are also plenty of small ways to volunteer with the WordPress project that can be done at home to practice new skills.

In addition to attending events where you can learn skills and hang out with others with similar interests, the WordPress ecosystem offers countless opportunities to be actively involved. Professionals, hobbyists, and learners all make a difference by contributing to the ongoing creation of the WordPress platform. Together these people, who are known as contributors, form the WordPress open source community. 

WordPress is created by volunteer contributors

Not only are these contributors creating an amazingly flexible platform for all to use, it is an environment where you can continue to improve your skills, both technical and interpersonal. Open-source software projects can introduce you to people you would otherwise not get the chance to meet, locally and internationally. If you have a zest for learning, and for finding others to connect with, WordPress has many ways to meet contributors in person!

WordPress events are organized by volunteers

WordPress community events are volunteer-run. This can be a great way to give back to the project and practice all sorts of skills. Talk to your local event about how you could get involved and if you would like to bring older teenagers and young adults with you. You will not need any pre-existing tech skills to attend these events but they are a great way to discover areas you might want to learn more about. 

Contributor days offer a great opportunity to get involved

These events are specially designed to help you get involved in building the open-source WordPress platform. You can collaborate with other members of its community and find areas that are right for you to use and grow your skills. All of the tasks you will discover at an event can be continued at home and some are easy to get other family members involved in learning and adding in ideas. 

Contributors come from all sorts of backgrounds and locations, some may live near you and others thousands of miles away. Working alongside lots of different cultures and countries can open up new ideas for young people letting them learn new ways of doing things and discover different perspectives. All those different perspectives can cause misunderstandings. But being involved in a global learning community is a great way to practice communicating across cultural boundaries. 

Getting involved can be rewarding in many (unexpected) ways

The most rewarding part of actively taking part in WordPress events is making budding friendships. New connections often turn into long-lasting friendships that are likely to continue for years to come, both online and offline. With a global community, these friendships can potentially lead to lots of international adventures too!

Make our digital world safer and more inclusive

Befriending people from a wide variety of cultures and backgrounds can be an enriching experience in itself. It can also help you make us make more informed decisions. The more we interact with a diverse range of people, the more empathic we become. Some of the most valuable learning that can be offered to Gen Z (and probably to all of us at times) is that what we come across in fast-moving digital communities isn’t always the entire view. 

All things considered….

Anyone who is a digital native may not need encouragement to obtain tech skills. But they may not be aware that digital communities are still communities and we need to use the same sorts of people skills for both offline and online locations. Opening up conversations about situations they may experience online that may require them to (re)act responsibly, can encourage them to think critically and act with empathy. Compared to previous generations, digital natives spend substantially more time by themselves while using devices, so encouraging them to join real-life communities, such as WordPress, could be the first step to learning what it means to be a good digital citizen! 


@webcommsat, @chanthaboune, @yvettesonneveld & Annemarie de Haan

by Yvette Sonneveld at October 16, 2019 08:03 PM under digital citizenship week

WPTavern: Mark Davies Joins Automattic as Chief Financial Officer

Automattic, the company behind WordPress.com, WooCommerce, and various other products, announced earlier today that Mark Davies has joined the team as its Chief Financial Officer (CFO). This news comes fresh off the heels of Automattic’s acquisition of Tumblr in August and a $300 million Series D investment from Salesforce Ventures in September. The investment round gave the company a $3 billion valuation after the funding.

Davies graduated from Western Washington University with a bachelor’s degree in accounting and earned his MBA in finance at Arizona State University. He has since worked for large companies in key roles. Prior to taking the position with Automattic, Davies served as the CFO at Vivint, a North American smart home technology company.

Vivint was founded in 1999 and claims over $1 billion in annual revenue. In 2012, The Blackstone Group purchased the company for over $2 billion. Davies came on board in 2013 and would have played a large role in growing the company’s annual revenue.

Vivint announced on October 15 that Davies was leaving the company. “Mark has created a talented and experienced finance team with a solid track record of growth and financial discipline,” said Todd Pedersen, co-founder and CEO of Vivint Smart Home. “We thank him for his six years with the company and wish him the best in his next role.”

Before joining Vivint, Davies served as president of global business services with Alcoa. He was also a member of the Alcoa Executive Council. Prior to that position, he spent 12 years at Dell Inc. in various roles. His most recent position was as the managing vice president of strategic programs. He earlier served as the CFO of Dell’s Global Consumer Group, which is a $14 billion enterprise with operations across the world. He held positions with Applied Materials and HP earlier in his career.

Davies should play a key role in helping Automattic grow beyond its current levels of revenue. He has the credentials and experience to do so.

“Automattic is creating the operating system for the web, from websites to ecommerce to social networks,” said Matt Mullenweg, founder and CEO of Automattic and co-founder of WordPress. “As we zoom past 1,100 employees in over 70 countries, we wanted a financial leader with experience taking businesses from hundreds of millions in revenue to billions and even tens of billions, as Mark has. I’m excited about working alongside such an experienced leader day-to-day to build one of the defining technology companies of this era.”

Mullenweg if often cited saying that he would like to see WordPress have an 85% share of the web. Currently, WordPress runs over 34% of the top 10 million websites. Automattic would certainly play a role in pushing the platform toward that lofty goal. He and David Heinemeier Hansson discussed the dynamics of power in open source communities and whether such a goal was healthy for the web earlier this month. In the discussion, Mullenweg clarified that 85% was a “trailing indicator” rather than a goal.

Stuart West served as Automattic’s CFO for the last seven years. He will continue working within the company, but there is no word on what that new role is. “I want to thank Stu for his significant contributions to Automattic during his seven and a half years as CFO,” said Mullenweg. “He built a talented finance team during a period of 10x growth in staff and revenue and played an essential role in the success of our company.”

by Justin Tadlock at October 16, 2019 03:49 PM under automattic

Matt: New Automattic CFO

As Venturebeat has picked up, Mark Davies will be leaving Vivint and joining the merry band. Automattic is creating the operating system for the web, from websites to ecommerce to social networks. As we zoom past 1,100 employees in over 70 countries, we wanted a financial leader with experience taking businesses from hundreds of millions in revenue to billions (Vivint) and even tens of billions (Alcoa and Dell), as Mark has. I’m excited about working alongside such an experienced leader day-to-day to build what I hope will become one of the defining technology companies of the open web era.

by Matt at October 16, 2019 03:28 PM under Asides

October 15, 2019

WordPress.org blog: WordPress 5.3 Release Candidate

The first release candidate for WordPress 5.3 is now available!

This is an important milestone as we progress toward the WordPress 5.3 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.3 is currently scheduled to be released on November 12, 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time!

There are two ways to test the WordPress 5.3 release candidate:

What’s in WordPress 5.3?

WordPress 5.3 expands and refines the Block Editor introduced in WordPress 5.0 with new blocks, more intuitive interactions, and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers complete control over the look of a site.

This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the Block Editor.

In addition, WordPress 5.3 allows developers to work with dates and timezones in a more reliable way and prepares the software to work with PHP 7.4 to be release later this year.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.3 and update the Tested up to version in the readme file to 5.3. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.

The WordPress 5.3 Field Guide will be published within the next 24 hours with a more detailed dive into the major changes.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! This release also marks the hard string freeze point of the 5.3 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

by Francesca Marano at October 15, 2019 09:18 PM under Releases

WordPress.org blog: Responsible Participation In Online Communities

In our first article in this series, we highlighted the WordPress mission to democratize publishing. WordPress introduced a tool to independent and small publishers who did not have the resources of the larger publishing platforms. Access to a free content management system to create websites has empowered thousands of people to find their voice online. People have been able to share their enthusiasm for hobbies, causes, products and much more. Through these different voices, we can encourage understanding, spark creativity, and create environments where collaboration can happen. But as we build more digital communities, it’s easy to forget that online safety is a group effort.

Digital literacy is also part of being a good digital citizen, but it’s more than just being able to do basic actions with your mobile device. Digital literacy refers to the range of skills needed to do online research, set up web accounts, and find solutions for fixing devices among other things. But to be able to enjoy more of the digital world safely and responsibly – to be a good digital citizen – we need to be able to: 

  • navigate vast amounts of information without getting overwhelmed;
  • evaluate a variety of perspectives;
  • connect with people with respect and empathy;
  • create, curate and share information.

We will need our offline analytical and social skills to make that happen. 

Here’s some best practices our community members have shared!

Online or offline, let empathy be your compass

The hardest part about all of this is the anonymity of online interactions. Without that face-to-face feedback of saying something mean to another person’s face, it’s easy to upset the people you’re trying to communicate with.

In our daily lives in the offline world, comments may be more tempered and slow to anger  in disagreements. Visual cues will help us determine how a remark is perceived. That, in turn, helps us adjust our behaviour Action, reaction, it’s how we learn best.

Online, however, the experience is different. A keyboard does not protest if we type angry, hate-filled messages. A screen does not show any signs of being hurt. The lack of physical human presence combined with the anonymity of online alter-egos can be a formula for disrespectful and unfriendly behavior. It is good to remind ourselves that behind the avatars, nicknames and handles are real people. The same empathy we display in our in-person interactions should apply online as well.

Critically evaluate your sources 

We all have times when we consume information with limited research and fact-checking. For some of us, it feels like there’s no time to research and compare sources when faced by a sea of online information. For others, there may be uncertainty about where to start and what to consider. But, without a bit of skepticism and analytical thinking, we run the risk of creating narrow or incorrect understanding of the world. With a little effort we can curb the sharing of fake news and biased information, particularly on topics that are new to us or that we’re not familiar with.

Misinformation can spread like wildfire. Ask these simple questions to evaluate information online: 

  • who is the source of the information?
  • is it plausible?
  • is the information fact or just an opinion?

Own our content

In this day and age, it’s never been easier to just copy, paste and publish somebody else’s content. That doesn’t mean that we should! Publishing content that is not truly ‘yours’ in wording and tone of voice is unlikely to build a connection with the right audience. But, just as important, using someone else’s content may breach copyright and potentially intellectual property rights. 

For more information about intellectual property, visit the World Intellectual Property Organization website.

Don’t breeze past terms and conditions

Have you ever signed up for an online service (to help you distribute published content or accept payments) that was offered at no cost? In our fast-paced digital lives, we tend to want to breeze past terms and conditions or warning information and often miss important information about what will happen with our data. 

When we are given a contract on paper, we tend to read and re-read it, giving it a greater priority of our time. We may send it to other people for a second opinion or seek further review before signing. Remarkably, we rarely do that with online agreements. As a result, we may be putting our online privacy and security at risk. (WordPress uses a GPL license, and only collects usage data that we never share ever.).

Keep your website safe and healthy

If you would like to own your voice online, you also need to protect your reputation by securing your publishing platform. Websites can face security attacks. Hackers may seek to obtain access through insecure settings, outdated plugins and old software versions, and in extreme cases can try to scam your visitors. And leaking customer data, may even lead to legal consequences.

On top of that, websites ‘flagged’ for security issues, can lead to high bounce rates and eventual loss of search rankings. This can all affect how search engines rate or even block your site. 

Good practices to keep your website safe include changing your safe password regularly, installing security software, an SSL certificate and keeping the core software, plugins and themes up to date. This will not guarantee that you will keep hackers out, so always keep several backups of your site, ideally both offline and online.

That is just website security in a tiny nutshell. If you would like to learn more about keeping websites safe, you may want to check out some of these resources and many more videos at WordPress.tv.

Join in and help make the web a better place!

As part of Digital Citizenship Week, we would like to encourage you to learn and share skills with your colleagues, friends and family members. That way, we all become more informed of potential issues and how to reduce the risks. Together we can make it easier to navigate the web more effectively and securely!

Additional resources

Site health check

WordPress 5.2 introduced pages in the admin interface to help users run health checks on their sites. They can be found under the Tools menu.

Security and SSL 


@chanthaboune, @yvettesonneveld, @webcommsat, @muzhdekad @alexdenning@natashadrewnicki, @oglekler, and Daria Gogoleva.

by Yvette Sonneveld at October 15, 2019 07:41 PM under open source

WPTavern: Kioken Blocks Partners with Gutenslider Plugin

Kioken Blocks creator Onur Oztaskiran is teaming up with Niklas Jurij Plessing, a Berlin-based developer and author of the Gutenslider plugin, to improve both products under the same roof. Oztaskiran said the partnership is not an acquisition but rather a unification of efforts that may eventually result in combining under the same name.

“Our short term plan is to work on each other’s plugins to improve them according to our individual areas of expertise (me in design, marketing and user happiness, him in development and more technical stuff where I fall short), and then fully collaborate on plugins and themes,” Oztaskiran said.

Gutenslider will remain a standalone plugin and will not be merged into Kioken Blocks. Both products will share similar resources in terms of functionality and support. The team plans to work on porting their products to be ready for WordPress.org’s upcoming Block Directory. Pro users of Kioken Blocks will be able to use the pro functionalities of Gutenslider and the team plans to make Gutenslider work like an extension to Kioken Blocks.

“Gutenslider is pretty extensive at it is, and we thought it deserves to keep going as a standalone block and plugin, since it will be also available in the upcoming Block Directory for Gutenberg,” Oztaskiran said. “We will handle it as another product even though it is under the same roof as Kioken Blocks. We will continue adding new features to that block and improve the experience and Kioken Blocks will gain new blocks as well, but not as extensive as Gutenslider. There’s a possibility we could rename the block but that’s not the case at the moment.”

Oztaskiran said he sees a lot of possibilities in Gutenslider, because it is not just an image and video slider but capable of adding different types of block content on top of the slides, such as paragraphs, headings, images, galleries, products, and more.

“Since the future of Gutenberg, as we see it, is going to be shaped around the Block Directory in the editor, our plan is focusing more blocks on that directory, with the Kioken Blocks as a builder on top of them as a plugin,” Oztaskiran said. “The final goal is building an ecosystem for WordPress users who have adopted the new editor – products, plugins and themes with a streamlined interface and experience. Dev partnerships are the first step of it.”

Oztaskiran could not confirm if the product catalog will be combining under one company name. The final decision has not yet been made but he said it is likely that they will combine under the Kioken branding sometime in the future for marketing their WordPress products.

by Sarah Gooding at October 15, 2019 07:03 PM under slider

WPTavern: WordPress 5.2.4 Release Addresses Several Security Issues

The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure.

Like any security release, users should update immediately to the latest version to keep their sites secure.

For those with automatic updates enabled, the new version is already rolling out to sites. All major branches of WordPress from version 3.7 to 5.2 received the new security fixes. If automatic updates are not enabled, users should update from the “Updates” screen under “Dashboard” in the WordPress admin. Otherwise, users can download WordPress from the release archive and manually run an update to make sure their site is not at risk to what are now publicly-known vulnerabilities.

In the release announcement, the following security issues were noted. They were corrected in all updated versions.

  • Stored cross-site scripting (XSS) could be added from the Customizer screen.
  • An issue that allowed stored XSS to inject JavaScript into <style> tags.
  • A bug that allowed unauthenticated posts to be viewed.
  • A method to use the Vary: Origin header to poison the cache of JSON GET requests (REST API).
  • A server-side request forgery (SSRF) with how URLs are validated.
  • Issues with referrer validation in the WordPress admin.

For developers who want to dive more into the code changes, the changeset is available on GitHub. Most changes should not affect plugins or themes. However, it is worth noting that the static query property was removed in this release. This removal affects both the WP and WP_Query classes. Developers should test their plugins against this version to make sure nothing is broken if their projects rely on this property. It is unlikely that many plugins rely on this query variable.

WordPress 5.2.4 also includes a couple of other bug fixes. One removes a line of code that makes an extra call to the wp-sanitize.js script in the script loader. The second fix addresses an issue where the directory path wasn’t normalized on Windows systems, which led to the wp_validate_redirect() function removing the domain. This fixes a bug created in WordPress 5.2.3.

by Justin Tadlock at October 15, 2019 03:52 PM under security

WPTavern: Meetup.com Introduces RSVP Fees for Members, WordPress Meetup Groups Unaffected by Pricing Changes

Meetup, a subsidiary of WeWork, has announced a significant change to its pricing structure that will require members to pay a $2 fee in order to RSVP to events. The change will go into effect in October, ostensibly to distribute meetup costs more evenly between organizers and members. Some meetup organizers have received the following message:

Meetup is always looking for ways to improve the experience for everyone in our community. One of the options we are currently exploring is whether we reduce cost for organizers and introduce a small fee for members.

Beginning in October, members of select groups will be charged a small fee to reserve their spot at events. The event fee can be paid by members or organizers can cover the cost of events to make it free for members.

Organizers have the option to subsidize the $2 fee for members who RSVP so that it is entirely free for those who attend, but for popular groups this can become cost prohibitive. If 1,000 members RSVP for an event, the organizer would owe $2,000 to host it.

The new pricing does not apply to non-profit groups or Pro Networks. WordPress community organizer Andrea Middleton has confirmed that Meetup’s pricing changes will not affect groups that are part of the official WordPress chapter. In 2018, WordPress had 691 meetup groups in 99 countries with more than 106,000 members. According to Meetup.com, groups in the official chapter now number 780 in 2019. Middleton encouraged any outlying WordPress meetup groups to join the official chapter by submitting an application.

Meetup organizers and members who are affected by the pricing hike are unhappy about the changes. If the angry responses on Twitter are any indication, people are leaving the platform in droves. Many organizers have announced that they are cancelling their subscriptions and looking to migrate to other platforms, such as Kommunity or gettogether.community, an open source alternative for managing local events.

No competitor has the reach or brand recognition that Meetup has. Some groups will inevitably resort to using Eventbrite or Facebook to manage local meetups but neither of these are focused on promoting or growing these types of local events. Discovery and new meetup marketing are Meetup.com’s forte, but the platform has been fairly stagnant when it comes to improving the user experience.

“This new move is quite onerous on users, and WP is lending support to the platform, which is proprietary and for-profit,” Morten Rand-Hendriksen said. “The optics and messaging are not great. When tools we use start to act in problematic ways, and we keep using them, we are tacitly agreeing to and even promoting that behavior even if it is not directly affecting us.”

Andrea Middleton responded, acknowledging that WordPress’ use of certain platforms will sometimes involve compromise.

“It’s true that WordPress contributors use various proprietary and for-profit tools to help us achieve various outreach and coordination goals,” Middleton said. “I think we strive for a balance between expediency and idealism, but of course any compromise results in a loss of one or the other.”

Given the immediate backlash following Meetup.com’s announcement of the pricing changes, it would not be surprising to see the decision reversed. The company characterized the move as an “exploration” and plans to roll it out gradually to more meetups. For organizers who are looking to charge more on top of the fee to cover event costs, Meetup said this feature is coming soon.

by Sarah Gooding at October 15, 2019 04:12 AM under meetups

October 14, 2019

WordPress.org blog: WordPress 5.2.4 Security Release

WordPress 5.2.4 is now available! This security release fixes 6 security issues.

WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

Security Updates

  • Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
  • Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
  • Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

For more info, browse the full list of changes on Trac or check out the Version 5.2.4 documentation page.

WordPress 5.2.4 is a short-cycle security release. The next major release will be version 5.3.

You can download WordPress 5.2.4 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.2.4:

Aaron D. Campbell, darthhexx, David Binovec, Jonathan Desrosiers, Ian Dunn, Jeff Paul, Nick Daugherty, Konstantin Obenland, Peter Wilson, Sergey Biryukov, Stanimir Stoyanov, Garth Mortensen, vortfu, Weston Ruter, Jake Spurlock, and Alex Concha.

by Jake Spurlock at October 14, 2019 09:54 PM under Security

WPTavern: AMP Project Joins OpenJS Foundation Incubation Program

Last week at the AMP Contributor Summit 2019 in New York City, the AMP project announced that it will be joining the OpenJS Foundation incubation program. OpenJS was formed by a recent merger between the JS Foundation and the Node.js Foundation. AMP will join webpack, jQuery, Mocha, Node.js, ESLint, Grunt, and other open source projects that have OpenJS as their legal entity.

Over the past year, AMP has been evolving its governance, moving to an open, consensus-seeking governance model in 2018, similar to the one adopted by the Node.js project. One of the primary objectives of changing AMP’s governance and moving to a foundation was to foster a wider variety of contributions to the project and its technical and product roadmap. The incubation process will address AMP’s lack of contributor diversity and inclusion, as only past or current Google employees have commit rights on the code base.

In recognition of how the project’s connection to Google has been problematic for adoption, the company is transferring AMP’s domains and trademarks to OpenJS, which is a vender-neutral organization, as outlined in the FAQs of OpenJS’ announcement:

The OpenJS Foundation prides itself on vendor neutrality. Our vested interest resides solely in the ecosystem and the projects that contribute to that ecosystem. The OpenJS Foundation’s Cross Project Council is committed to supporting AMP in addressing these issues and ensure continued progress. During onboarding, AMP will also go through a multi-step process including adopting the OpenJS Foundation Code of Conduct, transferring domains and trademarks and more to graduation from incubation. AMP has made incredible strides by adopting a new governance model and by joining the OpenJS Foundation, they’ve made their intentions clear-AMP is committed to its vision of “A strong, user-first open web forever.”

Google is, however, a Platinum member of the OpenJS Foundation with annual dues of more than $250K per year. This membership guarantees the company direct participation in running the Foundation, a guaranteed board seat, and have a direct voice in budget and policy decisions. Google plans to maintain its team of employees who contribute full time to the AMP project.

According to Tobie Langel, a member AMP’s advisory committee, one of the changes in moving to the OpenJS Foundation is AMP’s governance model will no longer be under the purview of Google and the ultimate goal is that Google will cease funding AMP directly. Instead, the company will direct funds through the foundation and work to remove the project’s Google dependencies for its infrastructure and tooling.

OpenJS Aims to Disentangle AMP Runtime from Google Cache

Gaining full infrastructural independence from Google will be no small feat for AMP contributors. The OpenJS Foundation’s announcement states that one of the long term goals in moving the project over is to disentangle the AMP runtime from the Google AMP Cache:

The end goal is to separate the AMP runtime from the Google AMP Cache. The Project is currently in the incubating stage and Project leaders are still determining the next steps. Ideally, hosting and deployment of the AMP runtime to the CDN would fall under the purview of the OpenJS Foundation, much like the foundation is handling other projects CDNs, such as the jQuery CDN.

Untangling the runtime from the cache is a complex endeavor requiring significant investments of time and effort which would be planned and implemented in collaboration with the foundation and industry stakeholders during and after incubation.

The OpenJS Foundation CPC is committed to having a long-term strategy in place to address this issue by the end of AMP’s incubation.

AMP is used on more than 30 million domains. While many see this news as a positive move towards AMP’s eventual independence from Google, it doesn’t remove Google’s power to compel publishers to support the AMP standard by prioritizing AMP pages in search results. The news was received with skepticism by commenters on Hacker News and Reddit, who deemed it “mostly meaningless window-dressing,” given how aggressively Google is pushing AMP in its search engine. AMP remains deeply controversial and moving it to a foundation that is heavily financially backed by Google is not enough to win over those who see it as Google’s attempt to shape the web for its own interests.

by Sarah Gooding at October 14, 2019 08:52 PM under OpenJS

WPTavern: Inside Look at GoDaddy’s Onboarding Process for Managed WordPress Hosting

The Tavern was provided access to test GoDaddy’s onboarding process, which is a part of its managed WordPress hosting service. The company has revamped its system since we covered it in 2016. The web host has had time to garner feedback since then and build an easy-to-use, headache-free way to launch WordPress sites.

GoDaddy has been making waves in the WordPress community over the past few years and is quickly becoming one of the most dominant businesses in the ecosystem. Several of the company’s free WordPress themes consistently rank in the theme directory’s popular list. Most of them are child themes of their popular Primer theme, which boasts 40,000+ active installs when not counting child theme installs. The real count should be north of 200,000.

GoDaddy provided access to its Pro 5+ tier, which is its highest level of managed WordPress hosting. They have three lower tiers, each at different price points and with fewer features. Regular pricing for the tiers range between $9.99 and $34.99 per month. All levels include automatic backups, security scans, caching, and a slew of other features that are not always easy to figure out for new users.

Aaron Campbell , GoDaddy’s head of WordPress Ecosystem & Community, said that their hosting service is growing quickly. “We were among the largest WordPress hosts when we launched our Managed WordPress Hosting in 2014,” he said. “Within 2 years our offering became the largest Managed WordPress platform in the world and remains so to this day.”

GoDaddy launched its basic onboarding process later in 2014. They iterated on that version through 2018. “When Gutenberg went into core in WordPress 5.0 we saw an opportunity to redefine the WordPress onboarding and imagine what a ‘Gutenberg native’ experience would look like,” said Campbell. “Meaning, do what Gutenberg uniquely enables us to do over what was possible before–things that couldn’t be done by making existing themes Gutenberg ‘compatible’ we had to build from the ground up.”

Based on my experience with the product, I would have no qualms about recommending it to new or even more experienced users. Even those with no experience running WordPress can create a new site without trouble in far less time than it’d take to go through the normal, more complex process.

How the Onboarding Process Works

One of the hardest things to know prior to signing up for a service and handing over your credit card number is how the service works. For this reason, I snagged a few screenshots and will do a quick walk-through of the process.

Once you are ready to build your new website, the service provides a “Set up” link that sends you to GoDaddy’s onboarding screen. There are three paths to choose from. The first and most prominent is to view the available templates, which is the path that new users would choose. You can also manually set up WordPress or migrate an existing site.

When selecting to view templates, the service presents over 50 options to choose from. The templates are further grouped by category based on the type of site a user might want to create. I chose the “Beckah J.” option because it worked for my idea of creating a life-wellness site.

Each of the templates are created from GoDaddy’s new Go WordPress theme, which is currently available via GitHub and awaiting review for placement in the official WordPress theme directory.

After selecting a template, the process moves to a preview screen, which has buttons to switch between desktop, tablet, and mobile views. From that point, you can choose to use the template or go back and select another.

This was the first point of the process that felt like it needed polishing. The preview frame was too small to get a feel for what the site would look like on desktop or tablet. This is a fixable problem. There’s plenty of screen real estate GoDaddy could use to make the preview nicer.

The next screen allows users to enter information about what type of site they want to run. Depending on which of the following checkboxes are ticked, GoDaddy will set up the site differently.

  • Provide information
  • Write blog posts
  • Display my portfolio
  • Sell physical goods to my customers
  • Sell digital goods to my customers to download

After completing the final form, GoDaddy begins creating the site. The host sets up the site with one or more of several plugins based on the choices made in the previous form.

The site installation process was slower than I had expected. We live in a fast-paced world where users expect things to happen nearly instantly. I admit I was antsy while waiting for the process to complete, in part because everything else happened so quickly. I wondered if I had time to grab a sandwich. In reality, it was much faster than manually setting up a WordPress install, but the setup did take a few minutes of waiting. My experience may have been an anomaly too. Sometimes these things take time.

A Website Ready to Go

Out of the box, my newly-created site had five custom pages ready based on my choices during the onboarding process.

  • Blog
  • Get in Touch
  • Home
  • My Account
  • My Cart

It was nice to see WooCommerce ready and a contact form set up with my email (handled by the CoBlocks plugin). I would rather have seen contact, account, and cart page slugs for their respective pages, but that’s a personal preference.

The site came with seven plugins installed, five of which were activated.

  • Akismet (deactivated)
  • CoBlocks
  • Gravity Forms (deactivated)
  • Sucuri Security
  • WooCommerce
  • WP101 Video Tutorials
  • Yoast SEO

CoBlocks along with theme integration for the block editor is what made the process of working with the website a breeze. GoDaddy acquired the CoBlocks plugin in April. At the time, the plugin had 30,000+ active installs. It has since grown to 80,000+ in the few months since GoDaddy has taken over.

The Onboarding Process Provides a Nice User Experience

I’ve been critical of GoDaddy over the years. I am a customer of one of their other hosting products that launched years ago. That particular site is stuck on PHP 5.6, which has given me the feeling that the company is not focused on its older projects. However, Campbell said they are in the process of moving users on legacy hosting products to a newer platform.

I’ve been cautiously optimistic about the work GoDaddy has been doing within the WordPress community. They’ve more than shown their commitment to the WordPress platform over the past few years.

Despite a couple of minor hiccups, the onboarding process the hosting giant has built is one of the best experiences I have ever had launching a WordPress site. Even as an old pro, I’d consider using it for future projects, particularly when setting up sites for less tech-savvy family and friends.

by Justin Tadlock at October 14, 2019 08:30 PM under hosting

WordPress.org blog: Becoming Better Digital Citizens Through Open Source

The WordPress Project is on a mission to democratize publishing. As WordPress empowers more people to participate in the digital space, we have the opportunity to make sure that everyone can participate safely and responsibly. Today marks the start of Digital Citizenship Week. We are going to share how open source can be used as a tool for learners (regardless of age) to practice and model the essential parts of being a good digital citizen.

What is digital citizenship?

The digital landscape constantly changes and this affects the way we use the internet. New platforms emerge, people find different ways to spread information, communities form, grow and fade away every day. The concepts and practice of promoting civil discourse, critical thinking and safe use of the internet still remain central. And that is exactly what digital citizenship is about.

“Put simply, digital citizenship is a lot like citizenship in any other community — the knowledge of how to engage with digital communities you’re part of in a way that is thoughtful, safe, and makes appropriate use of the technology.”

Josepha Haden, Executive Director WordPress Project

Who is a digital citizen?

Digital Citizenship is for all age groups. Anyone who uses the internet on a computer, mobile device or a TV is a digital citizen. You don’t have to be tech-savvy already, maybe you are taking your first steps with technology. Digital Citizenship Week is a chance to reflect together on our impact on the digital world. It can help us to make our consumption more considered and our interaction friendlier. It enables us to make a positive difference to those around us.

All of us can strive (or learn) to become better digital citizens. It can be affected by the access those teaching have had to digital skills and good practice. Adult education classes and community tech hubs play a part in basic tech skill development. Unfortunately, these are not always accessible to those in less populated geographic locations. 

Open source communities like WordPress already make a difference in encouraging the principles of digital citizenship, from sharing tech skills to improving security knowledge. They give people an opportunity to learn alongside their peers and many of the resources are available regardless of location, resources, or skills.

  • WordPress Meetups — locally-based, informal learning sessions — typically take place monthly on weekday evenings.
  • WordCamps are city-based conferences that take place in cities worldwide. These events usually last 1-3 days and are organized and run by volunteers.
  • The talks are also recorded and made available on the free, online library WordPress.tv. These can be watched from the comfort of your own home, office or during informal get-togethers.

What can we do as part of the WordPress community?

Digital citizenship skills, like many other skills needed in this tech-focused world, should be kept up-to-date. Open source communities offer unparalleled opportunities to do this and are available in countries across the world. As part of our role as members of WordPress and other communities, we can pass on such skills to others. For instance by working alongside people who have had limited experience of digital skills. Or by finding new ways of making this knowledge sharing fun and accessible. 

Here are just a few of the ways we do and can make an even greater difference:

  • as bloggers and writers, we can be more aware of how to write content responsibly.
  • as designers, we can think more about how different people will view, understand and respond to the designs and visuals we create or use.
  • as developers, we can build systems that make it easier for all users to find information and accomplish their goals, to be secure while visiting our sites, and to model good security and practice.
  • as community members, through organizing events like WordPress Meetups and WordCamps, we are helping equip those who may not have had access to digital literacy or who lack the confidence to put it into place or share with their family and colleagues. Through these events, the online videos and other resources on WordPress.tv and through the Make WordPress teams, we are already making a difference every day.
  • as individuals, the way we communicate in the community and listen to each other is equally important. This is a vital part of how we grow and model positive digital citizens. Through growing our positive digital skills and a better understanding of online etiquette and challenges, we can make our immediate and wider digital world a more positive and useful environment.
  • making it easier to document and share knowledge.
  • emphasizing how skills learned within the community can be used in other parts of our digital lives.
  • creating and becoming ambassadors for Digital Citizenship.

You can also get involved with specific events that have grown out of the wider WordPress project, championed by enthusiasts and those wanting to improve specific digital skills and bring wider benefits to society.

Community-driven Events

For example, WordPress Translation Day in 2019 had 81 local events worldwide. Running for 24-hours, individuals with language skills translated aspects of the platform into multiple languages with a total of 1181 projects modified. An amazing 221 new translators joined on the day. In addition, there was a live stream with talks, panel discussions, interviews, and sharing of tips and skills to help others learn how to translate. Volunteers are now planning the event for 2020!

Stories of how people came together for WordPress Translation Day

Interviews with some of the participants from a previous WordPress Translation Day giving a flavour of how volunteers developed this event.

Do_action days are WordPress events organized in local communities to help give charities their own online presence. Each event involves members of the local WordPress community, planning and building new websites for selected local organizations in one day. Some take place in a working day, others on weekends. 

Volunteer Tess Coughlan-Allen talking about how people came together for the first do_action in Europe to help local charities.

Find the next do_action hackaton nearby your home town.

Improving digital skills through WordPress

In this video clip, Josepha talks about the Digital Divide and what current technological trends mean for it in the future. She explores what it takes to be literate in the digital landscape and how WordPress can be used to build and perfect those skills.


Thanks to @webcommsat for researching and writing this article and @yvettesonneveld for her supporting work in this series.

by Yvette Sonneveld at October 14, 2019 07:31 AM under Community

October 11, 2019

WPTavern: Edit Flow Future in Flux: Here Are 5 Alternative Plugins

After years of unpredictable development and support, it seemed the Edit Flow plugin had finally given up the ghost last week when an Automattic support representative confirmed that it is no longer being actively developed and recommended users switch to an alternative. Nick Gernert, head of WordPress.com VIP, has since commented on our post to clarify the company’s intentions. He said Automattic is “in no way dropping support for Edit Flow:”

I’ll start by saying we are in no way dropping support for Edit Flow.

We do see a difference between active feature development and maintenance updates to a plugin and this post tends to use these things interchangeably. It is correct that we are not currently pushing new features for Edit Flow. However, we are committed to maintaining this and other plugins so that those who depend on them are able to continue to do so.

We face the same challenge that many in software face when it comes to supporting existing work while looking to the future and where to invest energy. I hope folks can understand the delicate balance here. We accept that we have fallen short at times when it comes to maintaining our existing work and appreciate the community holding us accountable.

Gernert also said the company’s VIP service is “seeing demand for WordPress in the enterprise market like never before.” The team is doubling down on its commitment to product development for this market and Gernert said outlook for Edit Flow and other Automattic plugins should improve:

VIP is more committed than ever to product development for the unique needs of this space. We have recently brought on a new Head of Product and Engineering. With the addition of this role, there is a commitment to focused product development and that includes ensuring key plugins like Edit Flow are maintained. Presently, that maintenance includes security updates, critical bugs, ensuring compatibility with new versions of WordPress, and directly supporting VIP customer use. Going forward the VIP Product and Engineering teams are committed to allocating time to regularly review and address issues and provide regular updates to the plugins. As we stabilize on maintenance, new feature development will pick up in areas where we see unique opportunity.

Users and developers seemed wary of this response, given the plugin’s history and more recent experiences of trying to contribute to its upkeep. James Miller, a developer who was using Edit Flow on a client project, shared his experience trying to submit a PR for a bug fix.

“It doesn’t seem like it’s even being given a level of attention at the most basic level of what could be considered ‘maintained,'” Miller said. “This plugin was breaking functionality of other plugins on a client site.

“I forked the repo, fixed the issue, and submitted a PR on January 26. After several months of periodic commenting and asking if anybody was even maintaining the repo, it finally got merged just last month. This doesn’t seem to me like a commitment to maintaining the plugin.”

What Does this Mean for Edit Flow Users?

If you’re not currently experiencing any critical bugs and you don’t require additional features beyond what it offers, Edit Flow may be still be a good option if Automattic is able to improve its maintenance. As previously predicted, any new features coming to this plugin will be those that “directly support VIP customer use.”

Support for the plugin has not improved over the last week, so users may still be waiting for updates and fixes for awhile. The support forums indicate that multiple users continue to report issues with both the block editor and the classic editor, as well as conflicts with other plugins. This is likely why Automattic support representatives recommend users fork Edit Flow or switch to another solution.

In support of smaller WordPress-powered publications that have an immediate need for editorial tools, we have compiled a list of alternatives that offer more frequent maintenance and support. Edit Flow’s primary features include a calendar, custom statuses, editorial comments, editorial metadata, notifications, story budget, and user groups. One of the alternatives below may be a suitable replacement, depending on which features are most important to your editorial workflow.


PublishPress is the plugin that Automattic recommended as an alternative, and it is the closest one to matching Edit Flow’s features. It has 7,000 active installs and is used by companies, non-profits, educational institutions, magazines, newspapers, and blogs.

In the free plugin, PublishPress provides an editorial calendar, notifications, editorial comments, custom statuses, content overview, and the ability to create custom metadata for posts. Its creators also offer commercial add-ons for things like a content checklist, Slack notifications, multiple authors, WooCommerce checklist, and more.

Since PublishPress is actually a fork of the Edit Flow plugin, users can migrate seamlessly from Edit Flow without losing any data or settings using the plugin’s built-in migration utility.

The PublishPress team has also created several other publishing plugins that may also be useful for different editorial needs, including PublishPress Revisions, PressPermit, and Capability Manager Enhanced.

Oasis Workflow

Oasis Workflow is a plugin that allows site admins to create custom workflows for content review. It includes three process/task templates for assignment, review, and publishing actions with role-based routing. Workflows can be configured using a drag-and-drop interface. The plugin supports custom statuses, process history, task reassignment, due dates, and email reminders.

Oasis Workflow is often used in healthcare, law and financial firms, universities, CPA firms, non-profits, news outlets, and other organizations that require a formal review process for publishing. A commercial version of the plugin includes features like multiple workflows, auto submit, revisions for published content, with add-ons for editorial contextual comments, teams, groups, and more.

Nelio Content

Nelio Content is a plugin with 6,000 active installs that includes an editorial calendar, editorial comments, tasks, and a content assistant. It also helps users schedule and automatically promote content on social networks. The plugin integrates relevant metrics from Google Analytics and social media accounts to assist users in promoting content.

Editorial Calendar

If the editorial calendar feature of Edit Flow is the only one you need, then the Editorial Calendar plugin might be a good alternative. It is used on more than 40,000 WordPress sites. The plugin provides an overview of when each post will be published, supports multiple authors, the ability to rearrange the schedule with drag-and-drop capabilities, and edit posts directly in the calendar.

WP Scheduled Posts

WP Scheduled Posts is another editorial calendar plugin that makes it easy to manage multiple authors from one place. It includes a visual calendar that can be manipulated via drag-and-drop, allowing users to easily add posts in the queue or create new posts inside the calendar. The plugin has a dashboard widget that displays post statuses for single or multiple authors.

The commercial version of WP Scheduled Posts is targeted at the scheduling aspects of publishing. It offers an auto-scheduler where users can create rules to publish content automatically, as well as a missed schedule handler for automatically publishing posts that didn’t go out on schedule.

by Sarah Gooding at October 11, 2019 09:21 PM under publishing

WPTavern: Meta Box Settings Page Extension Adds Support for Customizer, Network-Wide Settings

The team behind the Meta Box plugin updated their MB Settings Page add-on to include support for the customizer and multisite. The customizer feature allows theme authors to integrate their custom settings into the customizer using framework-specific code. The multisite integration allows plugin authors to create a network settings page.

The new features come on the heels of an update to the core Meta Box plugin that improves performance for users who have thousands of objects such as posts, terms, or users.

The primary Meta Box plugin originated as a custom fields framework for plugin and theme authors to create meta boxes. It has since grown to handle settings across taxonomies, user profiles, options pages, comment forms, and other areas that have form fields. The plugin offers a unifying API for developers to code over 40 field types without the need to learn each of the internal, field-related APIs in WordPress. At the moment, the plugin has over 400,000 active installations.

Framework-style plugins such as Meta Box, Advanced Custom Fields, and others have filled a gap left open by core WordPress, which does not have a single API for handling fields. Over the years, developers have been left to code against dissimilar APIs and in different languages (PHP and JavaScript). This new feature from the Meta Box team will further extend its usefulness to a large number of developers who need to build out options for their users quickly and without learning additional APIs.

The MB Settings Page add-on is a premium extension that allows theme and plugin authors to create custom settings pages.

The purpose of its customizer integration is for theme authors to map settings pages to customizer panels. However, the feature also allows for sections instead. All of the Meta Box’s field types carry over to the customizer except for its file and image field types due to limitations with how the customizer works. However, other file and image-related fields will handle most needs.

Customizer integration isn’t an all-or-nothing thing. Developers can choose to keep both a custom settings page and panels in the customizer. They may also opt for one screen over the other based on their needs.

The Meta Box team released a video showcasing the new customizer support with some mood music. To be honest, I’m just chilling out and listening as I write this article. I’ve got a little head bob going too.

There is currently no word on whether the customizer fields support live preview. Based on the video, when a user updates an option, the preview panel performs a full page refresh. If live preview is not currently a feature, it would be a welcome one in a future update.

Along with customizer integration, the MB Settings Page update provides the ability for developers to create network-wide settings for multisite.

For some developers, network-wide settings are a bit of an afterthought or something they don’t consider at all for their plugins. Not all plugins need options on the network level. For those that do, authors can start using their custom Meta Box fields directly in the WordPress network admin with a single line of code.

by Justin Tadlock at October 11, 2019 05:58 PM under News

October 10, 2019

WPTavern: WordPress 5.3 Improves Large Image Handling

WordPress 5.3 Beta 3 was released this week and RC 1 is right around the corner, expected October 15. Core contributors have been publishing developer notes on new features landing in this release. One exciting enhancement that hasn’t received much attention yet is WordPress’ updated handling of large images.

Many WordPress users don’t consider the size of the images they are uploading to their sites, and modern smartphones are capable of producing very high quality images at very large file sizes. WordPress 5.3 will automatically detect large images (with a default threshold of 2560px) and generate a “web-optimized maximum size.” The threshold is used as the max-height and max-width value to scale down the image for use as the largest available size. A new big_image_size_threshold filter is available for developers who want to change the threshold size or disable the new feature altogether.

WordPress will store the original image size so that it is still accessible and a new function is available for fetching its path: wp_get_original_image_path(). It is also used to generate all the image sub-sizes.

More than two million WordPress users rely on plugins like Imsanity, Smushit, and EWWW Image Optimizer to optimize images. They often include additional features for bulk resizing previously uploaded images. WordPress’ new large image handling should not interfere with image optimization plugins, because it doesn’t affect the default settings that they often hook into and use to perform additional optimizations. The new core enhancement may be suitable to replace these plugins for some users who only require the bare minimum optimization on upload.

by Sarah Gooding at October 10, 2019 07:46 PM under image optimization

WPTavern: MachoThemes, Modula Parent Company, Acquires Three Gallery Plugins

MachoThemes, the WordPress development company behind the Modula Gallery plugin, has acquired three gallery plugins. The company is currently rolling the first two of the plugins, Final Tiles Grid Gallery Lite and PhotoBlocks Grid Gallery, into Modula. The third plugin, EverLightbox, will remain as a standalone project.

The three plugins were purchased from Diego Imbriani of GreenTreeLabs. This was not MachoThemes’ first acquisition from Imbriani. They acquired the original Modula plugin from him over two years ago. From there, they grew the user base and continued developing the plugin.

At this time, the exact details of the financial terms are not available to the public, but the transaction was in the range of low-to-mid 5-figures.

The acquisition is a part of MachoThemes’ growth strategy for building a larger audience for their Modula plugin, which currently has over 60,000 active installations. “We liked their feature set, their quirkiness, and overall what they stand for,” said MachoThemes owner Christian Raiber of the reasons behind the acquisition.

The merge of Final Tiles and PhotoBlocks affects over 34,000 plugin users. MachoThemes does not plan to continue supporting or developing them as individual plugins.

The team is in the process of building a migration script to allow users to bring their existing galleries over to the Modula plugin. It is important that users migrate to Modula or another option because unsupported versions of their current plugins may not work in the future.

Both plugins are similar to Modula by allowing users to create a gallery separately from the primary post content screen. However, the user interface and experience between all three plugins are nothing alike. Merging the plugins into Modula means that MachoThemes can work on a single interface and experience for users.

Users may be worried about losing features when migrating to a new plugin. “Most of these options already exist in Modula, under a different name, setting or otherwise paid extension,” said Raiber. “There are a few interesting options in these plugins indeed, and they’ve already sparked new ideas for the team to experiment with.”

Raiber said his company would reach out to users. “We’ll have videos, doc entries, and a dedicated page on wp-modula.com,” he said of the transition. The company plans to keep the plugins available for the next six months but may extend that period depending on how the transition for users is going.

The EverLightbox plugin will remain separate for those who want a lightbox feature for the standard WordPress galleries but not a full gallery-editing plugin. “We will continue to support the plugin and work hard to ensure that all users have a smooth-sailing experience with the plugin just as we have been for all of the plugins we’ve been building,” said Raiber.

The company plans to continue developing and supporting EverLightbox for the long term.

by Justin Tadlock at October 10, 2019 07:21 PM under News

October 09, 2019

WPTavern: ExpressionEngine Under New Ownership, Will Remain Open Source for Now

EllisLab founder Rick Ellis announced yesterday that ExpressionEngine has been acquired by Packet Tide, the parent company of EEHarbor, one of the most successful EE add-on providers and development agencies in the community. A year ago EllisLab, the developers of EE core, was acquired by Digital Locations but Ellis said the company ended up not being a good fit for the future of the CMS:

A year ago, EllisLab was acquired by Digital Locations in order to facilitate the transition of ExpressionEngine from a commercial software application to an open source one. That transition was successful, but it became apparent in recent months that ExpressionEngine didn’t fit perfectly within the goals of Digital Locations, as it seeks to build a business in Artificial Intelligence.

We decided that what was best for ExpressionEngine was to seek a new owner, one that could devote all the resources necessary for ExpressionEngine to flourish.

In November 2018, EE went open source, adopting the Apache License Version 2.0, after 16 years of being locked down under restrictive licensing. EE’s dwindling community of product developers and site builders were hopeful that the new open source licensing would expand EE’s reach and bring back developers who had migrated to alternatives like Craft.

After the acquisition announcement, the EE community was concerned whether or not it will remain free and open source. Although the software’s homepage sports the tagline “The Open-Source CMS that supports YOU all the way,” EE’s new owners have left the option open for reconsidering its licensing further down the road. They plan to stick with the open source license for the time being. When asked directly in the EE Slack, EE Harbor developer Tom Jaeger said, “That is our plan for now, although at this stage we’re looking at everything with a fresh eye towards what’s best.” The company has published a list of FAQs with the same information.

Brian Litzinger, a developer at BoldMinded, who has created more than 36 add-ons for EE, and is also on the EECA (ExpressionEngine Community Association) board that organizes EEConf, said he has confirmed that EEHarbor plans to keep the CMS open source.

“The board spoke to new ownership just today actually, and they have every intention of keeping it open source,” Litzinger said. “I can’t speak for the whole community, but since going open source my add-on sales have not significantly increased or decreased.

“As with any open source project there has been feedback and pull requests from the community, but nothing significant (e.g. large features). The community as a whole is pretty excited about the new ownership and ExpressionEngine’s future though.”

Shawn Maida, founder of Foster Made, a company that also sells ExpressionEngine add-ons, said he has not seen a significant direct change in the economics of EE since the project went open source.

“I think the real question here is what business model best enables the growth and continued support of the CMS itself, and how is that balanced against the growth of the community,” Maida said. “As a business that offers some add-ons for ExpressionEngine, we need to see both continued growth in ExpressionEngine as a platform and growth in the community, so I think the license model that best enables that matters.”

Travis Smith, president of Hop Studios, has been working with EE since its early days. As someone who is deeply invested in the EE community, he said that he doesn’t think a prospective licensing change would impact the broader community as much as having a clear vision for the CMS’s future.

“I think a licensing change per se wouldn’t be good or bad, but a well-articulated and communicated vision for the CMS’s future would be really helpful for a community that feels unsure at the moment,” Smith said.

“I do think that the exposure that going open source gave into the development process overall at EllisLab was an improvement, and that new features and bug fixes were getting added at a decent pace.”

EE may have changed its licensing to be open source but it is not a community-led project where major decisions happen by a consensus of a diverse representation of community leadership.

“I didn’t observe the community gaining (or applying?) much input or influence over the future of ExpressionEngine in the past year,” Smith said. “I think there was still a feeling of ‘EE is EllisLab’s project’ — and that this change of ownership might shake the community’s devs out of that default assumption, which would be a good thing.”

In the FAQs EEHarbor published today, the company confirmed that it will be developing new features and that it will consider feedback submitted from the community:

While we are in the early stages of long-term strategic planning, we already have a lot of thoughts and ideas around where to take ExpressionEngine based on our own experience. However, it’s not just about us. We are also very interested in collaborating with the ExpressionEngine community. Everyone is more than welcome to submit feedback for us to review as we consider the future of ExpressionEngine

After 16 years under a restrictive license, EE is an interesting example of a newly open source, corporate-led project with a community that is rediscovering its place while ownership of the software is transferred from one company to another. Responses to the acquisition are mostly positive, and users seem excited about Packet Tide’s first planned initiative – finishing development on ExpressionEngine 6.0. Ellis described this upcoming release as “an exciting new version we’ve been quietly working on behind the scenes.” It will include a new control panel with a dark theme, along with add-on and service integrations inside the app.

EEHarbor does not plan to merge its add-ons with ExpressionEngine core at this time, and the statement published today reiterates the company’s commitment to “keep the add-on marketplace fair and open to all developers.”

by Sarah Gooding at October 09, 2019 11:11 PM under ExpressionEngine

WPTavern: Rosa 2 Restaurant Theme Provides a Frustrating and Satisfying Experience

Rosa 2 is the sequel to Pixelgrade’s best-selling theme, Rosa. The new theme re-imagines its previous incarnation in the context of the block editor (Gutenberg). I was provided a copy of the theme for free to test and provide my thoughts.

The theme sells for $75/year, or you can pay a one-time fee of $95 for lifetime access. The product launch post could make anyone excited about this theme, but is it worth it?

TLDR; Rosa 2 made for a satisfying experience when building restaurant-style pages. However, the early learning curve and basic setup were frustrating. It also lacks some of the polish I’d expect at a premium price.

A Rundown of the Issues

Before I dive into the good things about Rosa 2 (and there are some nice things about this theme), let me dive into the frustrating aspects. There were so many pain points that I nearly gave up on the theme several times. However, I soldiered on in the hopes of understanding why this theme might be worth using.

Install the Required Plugins First

Let me save you some time right now. When the theme says that it requires the Customify and Nova Blocks plugins, it truly requires them. Otherwise, the theme looks and behaves nothing like the demo or screenshots. It may as well not be the same theme.

When first activating the theme, the front page of your website will become a completely white screen. It is not the dreaded White Screen of Death caused by an error. Instead, the theme is forcibly hiding the content with custom styles.

Why? Yeah, good question.

I see no reason to do so. Outside of changing some code (which I did), users must activate the plugins to make their content appear. There is no technical reason this should be the case when using this theme.

There should be no path in which a user installs a theme only to have their content disappear.

I get it. I was told these were required plugins. The theme even provides easy installation and activation links via the TGM Plugin Activation script. I also get that WordPress lacks any sort of real dependency system for handling this feature. That doesn’t make it any less of a poor user experience.

As a developer, I thought I’d trick the system and test the theme without those plugins installed. I wanted to see what the theme looked like out of the box, which you can see in the following screenshot.

Oh, and that big block of category links in the above screenshot, it never goes away. It just sits there on your blog posts page. It is hard-coded in the posts page template (home.php). Rosa 2 is billed as a restaurant theme, so it might be acceptable if you don’t plan on running a blog.

Header and Nav Problems

The default header looks nothing like the screenshots, demo, or video for the theme. After nearly two hours of using the theme, I was ready to throw in the towel and rule this theme out as a lost cause. Not being able to get the basic nav menu set up for the theme was an exercise in self-punishment that I wouldn’t wish on anyone.

It turns out that the Nova Blocks plugin really is required. Did I mention that you should install the required plugins first?

Stretched images

On blog and archive pages, expect stretched featured images that attempt to fill out the box next to the excerpt for existing posts. There doesn’t seem to be any remedy to this outside of uploading new images.

The theme uses the standard post-thumbnail size but does not define this size in the code. For those unfamiliar with the technical aspects when using this specific size, the theme should ideally define it via the set_post_thumbnail_size() function.

Sticky header

The large sticky header gave me a gut-wrenching feeling that walls were closing in on me. I became light-headed and dizzy. I found it tough to breathe. This is not hyperbole. I’m dead serious.

On a personal note, I’ve had some issues with claustrophobia for the last couple of years. I first had this feeling after being stuck indoors for two weeks while watching over one of my cats who had surgery. I typically work from the porch where I can get fresh air, but that was one of the worst periods of my life.

Since then, I often get this same feeling when sites have large sticky headers. It feels like the walls are closing down. I wonder if others have similar issues.

This feeling could be alleviated if the theme minimized the sticky-header height while scrolling down the page. Fortunately, the theme allows users to choose a static header, which I strongly suggest using. There are some other spacing and sizing options for the header area, which can help shrink some of this down.

Where the Theme Shines

If there is one thing this theme does well, it is making it simple to create pages for a restaurant via the Nova Blocks plugin. Within minutes of creating a custom page, I had a restaurant-style page set up and ready to go.

When coupled with Nova Blocks, the theme beautifully handles the process of creating custom pages with numerous unique outcomes. The integration with the plugin is brilliant. Each block has custom demo content that you can easily modify.

Some of the names of the blocks and block options were cutesy and fun, such as “Hero of the Galaxy,” but they became a slight nuisance when wanting to quickly figure out the purpose of a block. I could see some users becoming annoyed at the names, and they might not be ideal for some professional settings. They were kind of fun though. I have mixed feelings about them.

How Does the Theme Handle Gutenberg?

Rosa 2 is a theme primarily built for the block editor. It wonderfully handled core block output in my tests.

When using Gutenberg-ready themes, I view the pullquote block as sort of the theme designer’s signature. It is one of those blocks where designers can have a lot of fun and put a unique spin on the display. I’m a fan of the pullquote style in this theme (pictured above).

On the whole, it works well. When coupled with Nova Blocks, you have a lot of power at your disposal.

How Does the Code Stack Up?

Rosa 2 is lightweight in terms of custom code. Nearly all of the functionality is within the accompanying plugins. Because this is a theme review, I didn’t dive into the plugin code.

From a purely technical standpoint, the theme does most things according to standards.

There are some things I’d change from an architectural standpoint. For example, the file for its Customify plugin integration is over 1,100 lines of code. I would break that down to more digestible bits, which would help with long-term maintenance and bug hunting.

Some of the editor-related JavaScript code could be more efficient. Repeated patterns should be grouped together to make the code smaller. The editor JavaScript file is not large, but every byte counts in a world where developers assume everyone is running on Gigabit internet connections.

The primary stylesheet is 173 kb, which is OMGBBQ large, especially when you top it off with 100s of kb coming from the stylesheets and scripts loaded by Nova Blocks plugin. Unless you’re a user who is heavily optimizing your site, you can count on some slow page loads.

The Final Verdict

I’d only recommend this theme to people who have more patience than me. While I didn’t follow instructions right off the bat (as a reviewer, I’m trying to push limits and break things), the theme did have some pain points that simply made for a frustrating process.

I’m in the camp of people who believes themes should work out of the box. This theme doesn’t work without some setup. You’ll need to put in some legwork to get it going. However, once you make it over the initial hump, you can build some beautiful page layouts.

I suggest using it strictly for its defined purpose of building a restaurant website. The typography is designed well enough for blogging, but the overall theme isn’t well-suited to it.

by Justin Tadlock at October 09, 2019 07:47 PM under Themes

October 08, 2019

WordPress.org blog: WordPress 5.3 Beta 3

WordPress 5.3 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

You can test the WordPress 5.3 beta in two ways:

WordPress 5.3 is slated for release on November 12, 2019, and we need your help to get there.

Thanks to the testing and feedback from everyone who tested beta 2 (and beta 1) over 60 tickets have been closed in the past week.

Some highlights

  • Fixes and enhancements in the admin interface changes introduced in previous 5.3 beta releases.
  • Wording changes in login screen (#43037).
  • Improved accessibility in media upload modal (#47149).
  • Changes in the way the new error handling with images works (#48200).
  • MediaElement.js has been updated from 4.2.6 to 4.2.13 (#46681). The script is now also being loaded in the footer again. This fixes a regression that happened two years ago, so might be worth noting (#44484).
  • Update to the REST API media endpoint to allow resuming of uploads (#47987).

In addition to these, Beta 3 landed a number of small consistency and polish changes to the REST API, including an improvement to the permissions check used when editing comments, a fix for post type controller caching edge cases, and most importantly, the ability to use the _embed parameter to access the full data for a post using the /wp/v2/search endpoint.

Developer notes

WordPress 5.3 has lots of refinements to polish the developer experience. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developer notes tag for updates on those and other changes that could affect your products.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac where you can also find a list of known bugs.

by Francesca Marano at October 08, 2019 08:58 PM under Releases

WPTavern: The Evolution of Anonymity in the Internet Age

As a child of the ’90s, I was growing up in one of the largest transitional periods in human history. The Internet Age was upon us.

I was born and raised in a small community in rural Alabama. The country. The backwoods. To give you an idea of how small the place was, my entire school (grades K-12) had around 800 students. While I was fortunate enough that my family could afford to travel for vacation almost every year, I mostly lived a sheltered life.

I rode bikes down the dirt road and explored neighbors’ hunting lands with my best friend in the summer. We’d get up at dawn, grab some provisions, and cycle out for the day’s adventure. We’d race old lawnmowers, build unstable treehouses, and swim in what were likely snake-infested creeks. We’d camp out under the stars. Our parents never asked where we were. As long as we showed up for supper and took a bath a few times each week to scrub the dirt off, we were generally left up to our own imaginations.

There was another aspect of growing up in the ’90s, and that was video games. At 16, I spent most of the summer in the fields picking watermelons or throwing bales of hay onto a trailer. It was hard work, but it kept me supplied with whatever video games I wanted. When not out in the wild, my best friend and I would be glued to a 19-inch television playing the Nintendo 64 (and later the Sega Dreamcast).

I lived in this somewhat country-bumpkin bubble with no idea of the outside world.

Then came the explosion of the internet. My family never had a computer at home. That left me to access this wonderful new thing during school hours or at a friend’s house.

Like pretty much every teen boy I knew at the time, the best use of the internet was logging into adult chatrooms and hoping to chat with a woman. Yeah, the average teenage boy wasn’t doing anything productive with the internet, even in the ’90s. Big surprise there. This isn’t groundbreaking news, folks. Move along.

There were other uses of chatrooms, such as finding other gamers. That’s where my original love of the internet began. I could talk to people across the world about Nintendo and Sega games. I even started getting pen-pals where we would exchange weekly emails.

At the time, there was this common saying among adults, “You don’t know who you’re talking to on that thing. It could be a fat, 40-year-old man living in his parents’ basement.” Hey, why you throwin’ shade at heavyset men? Just tell me it could be a psycho.

My parents drilled this lesson into my brain. School teachers did the same. Like my peers at the time, I was required to use a pseudonym when going online. The thought of using a real name was almost unheard of. As teens, we’d joke about the basement-dwelling bogeyman who our parents and teachers warned us against. It was all a game to us despite there being legitimate fears, particularly now that I have 20 years of hindsight at my disposal.

That’s where I came up with my username of greenshady, by the way. One day I may even tell what it means. One day. For now, I’ll keep all of you who have asked about it over the years guessing.

I used that username for years because there was always this little voice in the back of my mind telling me to remain anonymous.

Anonymity in the Age of Transparency

I’m not exactly sure at what point attitudes toward anonymity changed. Social networks likely played a huge role transitioning us from silly screen names to using our real-life names on the internet. Otherwise, it’d be harder for our real-life friends to find us on Facebook, Twitter, and elsewhere.

This prevailing attitude toward anonymity didn’t limit itself to social networks. More and more, people shunned the idea of anonymous posts or comments on blogs and elsewhere.

There’s likely some form of stardom attached to using real names as well. Everyone is just one video, one blog post, or one tweetstorm away from their 15 minutes in the spotlight.

Even within the WordPress community over the years, I’ve witnessed a shift toward automatically disliking anonymous comments. The prevailing idea is that a person’s contribution to a discussion has less worth if it’s hidden behind the veil of anonymity, that one’s opinions are invalid if they cannot be backed up by a real name.

It opens the person to attack not based on their ideas but on how they choose to present themselves online. This is a part of the culture that is unhealthy.

In a time when you can effectively be shut out from the modern-day public square for making one wrong statement, anonymity is more important than ever for some. Often, there’s no recourse for missteps after you’ve been taken down by the angry horde over a lapse in judgment. Once your name has been hauled through the mud and back again, there’s little you can do about it.

That little voice in the back of my mind, the one carefully crafted by my parents and teachers, is a reminder that a simpler period during the Internet Age once existed.

There are other pockets of the internet where the pseudonym has persisted. One area is in gaming. You’d be the oddball if using a real name in an online multiplayer match. I suppose “Brett” or “Molly” doesn’t strike fear in the heart’s of enemies. The entire culture of online gaming is built upon anonymity, which is at odds with much of the internet world today. Frankly, I find it oddly satisfying.

I do wonder whether a real name online is important for civil discourse. Quite often, online personas are much different than their real-life counterparts. I mean, have you seen the numerous alpha-male groups on social networks made up of men who all think they’re the leaders of the pack? Hmmm…maybe there was some truth to that basement-dweller theory, after all. Thanks for the heads up, Mom and Dad.

The point is that an online persona, even attached to a real name, is still a persona. It’s not much different than a fake user handle.

I’d wager that the need to see a person’s real name has more to do with knowing exactly who to shun for controversial ideas rather than attaching some sort of validity to it. Usernames can be altered. You’re pretty much stuck with your real name, and mishaps follow your real name around.

As we were reviewing the Tavern’s comment policy last week, one point I brought up is that I believe we should allow anonymous comments. A large reason for this is that people should feel safe to communicate their thoughts within the community. While I won’t get into the specifics of internal discussions, I do hope that it’s something we officially remove from the policy.

Being in favor of anonymity does not mean being in favor of personal attacks or handing over a license to use a vulgar term as a username. It’s about protecting people’s ability to speak freely without fear of becoming an outcast within the community for an unpopular opinion.

Sometimes anonymity provides people the freedom they need to effectively discuss ideas. More importantly, it allows them to be a part of the community in a way that they choose.

Are We Moving back?

With the European Union, Japan, Australia, and other countries passing stricter privacy laws, there’s a growing movement to protect privacy across the world. While this movement has focused more on large corporations and what they do with personal data, there’s an underlying fear that’s likely been there from the beginning.

People are coming to the realization that we gave up too much.

We handed over our names. And, once we handed over our names, it was a slippery slope to handing over everything else about ourselves. If you dig deep enough you can find the names of all my cats and when they were all born.

I’m not sure how I feel about that. I’m in too deep at this point.

My parents from 20 years ago would not have liked the idea too much. My dad just uses YouTube to watch videos on building stuff for the most part today (it took years to stop him sending me email chains), but my stepmom is right there along with everyone else on social networks.

It’s odd to look back on the past 20 years to see how some of our initial fears surrounding anonymity have transformed. In another 20 years, we’ll all be back to using pseudonyms again. Call me out on it if I’m wrong. I do wonder if we’ll look back at this time and think everyone was crazy for using their real names.

I welcome your anonymous comments on this post. Just don’t use “wanker” for your handle.

by Justin Tadlock at October 08, 2019 07:20 PM under Opinion

WPTavern: GNU Project Maintainers Move to Oust Richard Stallman from Leadership

GNU Project maintainers are working to oust Richard Stallman from his position as head of the organization. In a joint statement published yesterday morning, a collection of 22 GNU maintainers and developers thanked Stallman for his work and declared that he can no longer represent the project:

We, the undersigned GNU maintainers and developers, owe a debt of gratitude to Richard Stallman for his decades of important work in the free software movement. Stallman tirelessly emphasized the importance of computer user freedom and laid the foundation for his vision to become a reality by starting the development of the GNU operating system. For that we are truly grateful.

Yet, we must also acknowledge that Stallman’s behavior over the years has undermined a core value of the GNU project: the empowerment of all computer users. GNU is not fulfilling its mission when the behavior of its leader alienates a large part of those we want to reach out to.

We believe that Richard Stallman cannot represent all of GNU.

Stallman’s personal website continues to prominently display his intentions to remain in the leadership role. He added the header to his site, following the publication of remarks he made regarding a 17-year old victim of sex trafficker Jeffrey Epstein, which precipitated his resignation from both MIT and the Free Software Foundation:

The Stallman saga has continued to grow stranger in the aftermath of his resignations, as many were concerned that he would be homeless after his website featured a notice that he was “Seeking Housing,” accompanied by a link leading to his specific requirements for a temporary residence. His personal site was also reportedly vandalized nine days ago with a message that he was stepping down from the GNU.

The defacement with the false GNU resignation message was reverted shortly thereafter on September 30, and replaced with the header saying he continues to be “Chief GNUisance of the GNU Project” with no intention of stopping soon. Stallman has not yet publicly acknowledged the statement from the GNU maintainers. He has also not yet responded to our request for comment.

Yesterday the Free Software Foundation (FSF) published a statement indicating it was re-evaluating its working relationship with the GNU project, which has provided some of its technical infrastructure, fiscal sponsorship, and copyright assignment:

GNU decision-making has largely been in the hands of GNU leadership. Since RMS resigned as president of the FSF, but not as head of GNU (“Chief GNUisance”), the FSF is now working with GNU leadership on a shared understanding of the relationship for the future. As part of that, we invite comments from free software community members.

Stallman responded the next day, indicating he wanted to work with FSF on restructuring the relationship between the two organizations:

I recently resigned as president of the FSF, but the FSF continues to provide several forms of crucial support for the GNU Project. As head of the GNU Project, I will be working with the FSF on how to structure
the GNU Project’s relationship with the FSF in the future.

The FSF maintains some critical responsibilities in that it currently holds the copyrights to enforce the GPL. Stallman has recently called on people to continue supporting the FSF’s work, despite his resignation from the organization.

The small contingency of GNU project maintainers who penned the statement published yesterday seem to be on the same page with FSF in its rejection of Stallman’s leadership. Their message concludes with their intention to overhaul the leadership of the free software movement to be more inclusive of the people who have been alienated by Stallman’s behavior over the years:

“We think it is now time for GNU maintainers to collectively decide about the organization of the project. The GNU Project we want to build is one that everyone can trust to defend their freedom.”

by Sarah Gooding at October 08, 2019 04:33 AM under gpl

October 07, 2019

WPTavern: Google Chrome Announces Rollout Plan for Blocking Mixed Content Beginning January 2020

The Google Security Team has announced a timeline for when Chrome will begin blocking mixed content by default in order to ensure that HTTPS browsing is more secure. Mixed content refers to HTTPS pages that load resources, such as images, videos, stylesheets, and scripts, over HTTP.

The gradual rollout will begin with Chrome 79, which is scheduled for release in December 2019. The browser already blocks mixed scripts and iframes, but this release will add a new setting (that can be toggled on or off) for users to unblock it on a per-site basis.

The next phase of the rollout will progress with Chrome 80, due in January 2020, where mixed audio and video resources will get auto-upgraded to HTTPS. If they fail to load over HTTPS, Chrome will automatically block them. Mixed images will still load but Chrome will display a “Not Secure” warning in the omnibox next to the URL.

The last phase of the rollout is planned for February 2020. Along with the release of Chrome 81, mixed content images will bet auto-upgraded to HTTPS and Chrome will block them if they fail to load.

The Google Security Team reports that Chrome users now spend more than 90% of their browsing time on HTTPS on both desktop and mobile. The plan to begin blocking mixed content is targeted at addressing insecure holes in SSL implementations of sites that have already made the switch to HTTPS.

WordPress site owners have plenty of time to ensure all their resources load over HTTPS. The official plugin directory has several popular plugins that can assist with fixing problems with mixed content. Really Simple SSL, a plugin that is active on more than 3 million sites, has a built-in mixed content scan that shows users what they need to do if they aren’t seeing the green lock in the omnibar yet. It also includes a “mixed content fixer” for the back-end.

Other popular plugins, such as SSL Mixed Content Fix (20k active installs) and SSL Insecure Content Fixer (300k active installs) are focused specifically on fixing these issues and may assist in making other installed plugins compatible with HTTPS. They include tools that will diagnose insecure content and automatically perform basic fixes. The SSL Insecure Content Fixer plugin is also compatible with WordPress multisite and includes a network settings page to set defaults for the entire network.

by Sarah Gooding at October 07, 2019 07:09 PM under ssl

WPTavern: U.S. Supreme Court Denies Domino’s Appeal to Determine Whether Websites Must Be Accessible

In what is seen as a win for accessibility advocates, the U.S. Supreme Court denied Domino’s petition to appeal a lower-court decision on whether the pizza chain’s website and mobile app must be accessible to those with disabilities. The earlier U.S. 9th Circuit court ruled that websites fall under Title III of the American with Disabilities Act (ADA).

The original case was brought forth by Guillermo Robles, a blind man, who claimed the Domino’s website and app did not allow him to place an order in 2016. Robles, like many other people with disabilities, relies on screen-reader software to use the web. Despite using such software, he was not able to make an order.

The primary issue of the case was whether the ADA applied to websites or apps in the same way that they applied to brick-and-mortar locations. Title III specifically points out public places of accommodation but not websites.

The specific section of the ADA related to the case reads as follows:

Section 36.201(a) contains the general rule that prohibits discrimination on the basis of disability in the full and equal enjoyment of goods, services, facilities, privileges, advantages, and accommodations of any place of public accommodation.

Full and equal enjoyment means the right to participate and to have an equal opportunity to obtain the same results as others to the extent possible with such accommodations as may be required by the Act and these regulations. It does not mean that an individual with a disability must achieve an identical result or level of achievement as persons without a disability.

The 9th Circuit decided the ADA also applied to businesses on the internet.

There were three key issues in the case: whether the ADA applied to the website and app, whether Domino’s had fair notice to comply, and whether the court or the Department of Justice (DOJ) should decide the case.

The DOJ is the body that regulates the ADA. Since it was signed into law in 1990, the DOJ has not created specific guidelines for how businesses can ensure their websites are within the law.

One argument is that it would have been cheaper and easier for Domino’s to follow accessibility standards such as the Web Content Accessibility Guidelines (WCAG). Such arguments don’t address the need for meaningful regulations from a governing body. The WCAG are not legal guidelines in the U.S. However, the 9th Circuit ruled that the lack of guidelines does not remove Domino’s responsibility.

Circuit Judge John B. Owens wrote in the 9th Circuit decision, “While we understand why Domino’s wants DOJ to issue specific guidelines for website and app accessibility, the Constitution only requires that Domino’s receive fair notice of its legal duties, not a blueprint for compliance with its statutory obligations.”

The lack of such regulations is why this case was important from Domino’s standpoint. While they lost the case, it may further push the need for more specific guidelines for businesses, both large and small, to follow.

The lack of specific regulations could also be seen as a feature rather than a bug, to use a developer phrase. Government-specific rules are often slow to keep up with the changing nature of the web. Guidelines that apply one day may need to change soon thereafter. It also leaves businesses the ability to make their websites accessible via a method of their choice rather than limiting what they can do to potentially bureaucratic rules that are out of touch with the modern web.

At the same time, it could leave smaller business owners without large legal and website development budgets wondering if they could be looking at lawsuits in the future. Courts were flooded with 2,285 accessibility lawsuits in 2018, which was nearly triple the 814 cases in 2017.

What Does This Mean for Website owners in the U.S.?

In terms of the case, the Supreme Court didn’t make a ruling. They denied Domino’s petition and left the decision of the 9th Circuit in place, which covers much of the western U.S. In the coming years, more cases will make their way through the courts. More than likely, case law will continue becoming stronger in favor of making websites compliant with the ADA.

If you run an online business, it’s past time to make sure your website is accessible. It could be years before the current law is amended or new ones are written on the legislative level. The winds of change will likely not favor those with inaccessible websites as more court decisions come down.

In a nutshell, businesses with websites, apps, or other online presences need to make sure all people have access to their goods or services. While there are no specific guidelines in the U.S., WCAG is the largely agreed-upon standards internationally.

If you’re a small business owner using WordPress, you should start with a WordPress theme labeled as accessibility-ready. It is worth noting that “accessibility-ready” does not mean that your website will automatically become accessible. It simply means that the WordPress theme meets a minimum number of accessibility guidelines. Custom content on your website should also follow the same guidelines.

Accessibility is not a set-it-and-forget-it type of thing. It’s something that business owners need to continually evaluate and make sure that all their customers, regardless of how that person accesses the internet, can enjoy the same services equally.

The official theme review team is working through a long-term plan to make all themes accessible at WordPress.org. Many theme businesses outside of WordPress.org also comply with those same guidelines. If purchasing a theme, you should check with the business beforehand.

As always, if you’re unsure whether your website meets legal guidelines, you’ll need to consult a lawyer who specializes in website accessibility.

by Justin Tadlock at October 07, 2019 06:02 PM under accessibility

October 05, 2019

WordPress.org blog: People of WordPress: Alice Orru

You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories.

Meet Alice Orru, from Sardinia, Italy.

Alice Orru was born in Sardinia, an island in the middle of the Mediterranean Sea. As a child, she dreamt of becoming a flight attendant, traveling the world, and speaking many foreign languages.

Unable to meet the height requirements of her chosen profession, Orru ended up choosing a different path in life, following the Italian mantra: “You have to study something that will guarantee a stable and secure job for life.”

The unemployment rate in Sardinia is very high, a challenge shared throughout the surrounding islands. In addition to that, Alice wasn’t that keen on having the same job all her life, as her parents had.

When Orru was 22 she moved to Siena, Tuscany, to finish her studies. That is when she created her first personal blog. The website was built on an Italian platform named Tiscali, which she later migrated to WordPress.com.

After 2 years in Tuscany Orru moved to Strasbourg, France. She studied French and worked several jobs while living there. Her first serious job was in Milan – working 40 hours/week in the marketing department of a large, international company. She found herself surrounded by ambitious colleagues and a boss who constantly requested extra —unpaid— working hours per day.

Alice OrruAlice Orru

Choices, choices, choices…

Alice gave up blogging because she wasn’t feeling inspired enough to write. She questioned whether she really wanted to do that job forever; working 10 hours per day under the neon lights of an office. It forced her to set aside her dreams for the time being, and for a while, she mainly lived for the weekends.

Alice decided to leave the job and moved to Barcelona, Spain, all by herself, in 2012.

After a few months of intense Spanish learning at the university, she found a job in an international clinic as a “Patient Coordinator.” Orru assisted international patients coming to Barcelona for their treatments. She acted as their translator, interpreter and administrative consultant. 

Patients came from Italy, France, England, Morocco, Senegal, and several other countries. Alice was so inspired by some of their stories, that she started to write again: She dusted off her WordPress blog and filled it with stories about her new life in Barcelona and some of the women she met at the clinic. “I was feeling stronger and more independent than ever,” Orru expressed.

Technical issues led to unexpected opportunities

In the summer of 2015, Alice was writing on her blog and got stuck with a technical problem. While she was searching through the WordPress.com documentation, she saw a pop-up in the bottom right corner of her screen. It was a staff member of Automattic, checking if she needed help. They chatted for a few minutes and the problem was solved. Alice left the chat with one question, though: how did that person on chat find a support job with WordPress?

Alice found the official WordPress job page: jobs.wordpress.net and noticed a job offer that caught her attention: WP Media, a French startup, was looking for a polyglot and remote customer service teammate for one of their plugins, WP Rocket. She read their requirements: fluency in English, French and possibly other languages, excellent experience with WordPress, and some coding skills.

She knew she didn’t meet all the requirements, but could speak 4 languages, and she had a WordPress blog. She didn’t know anything about PHP, though. Orru had been a WordPress.com user for years and knew she was ready to learn more.

Orru wrote a cover letter and sent her CV. A Skype interview was conducted and several days later she received the news that she had gotten the job! 

A steep learning curve

The early days in her new job were intense. Alice felt inexperienced but was supported by her teammates. She started studying and reading everything about WordPress for beginners. Initially, she answered easy tickets from customers. All the while her teammates were sending useful material to read, setting up video-calls for 1 to 1 training, and encouraging her the entire time.

Soon, Orru was replying to customers whose first language was either Spanish or Italian in their native language. This was much appreciated and resulted in several happy comments. Until that moment the plugin’s support had been offered only in English and French.

Finding her way in the WordPress community

At WordCamp Paris 2016, one of Alice’s teammates introduced her to how the WordPress community collaborated and kept in contact through Slack.

“You speak multiple languages, why don’t you try to contribute to the polyglots team?” he asked.

Alice knew very little about contributing to WordPress. She had only been working for WP Media for 6 months and didn’t feel ready to dive into a new challenge and start also contributing to WordPress.

Yet, curiosity led her to join both the local Italian and the global WordPress Community on Slack. For the first few months, she mainly observed what was happening the channels. Then, she attended WordCamp Milan and met some members of the Italian Polyglots team.

It was love at first string! Laura, one of the General Translation Editors (GTE) for Italy, taught her how to start contributing and translating, following the polyglots guidelines. She also told her about the Italian community’s big efforts to work together, consistently, to boost and grow WordPress related events in Italy.

With her teammates’ encouragement, Orru applied to WordCamps as a speaker and gave her first talk in December 2016 at WordCamp Barcelona. After that, she both spoke at WordCamp Torino on April 2017 and at WordCamp Europe in 2017.

Alice Orru speaking at WordCamp Europe, in Paris, in 2017

Dreams evolve, all the time!

Orru knows that her experiences are not just due to luck. She used her previous skills and passions and adapted them to a new career and life path.

“We all have some skills; and if we don’t know which they are exactly, we should take some time to make a list of the things we’re really good at. With that in mind, just try. Apply. Get involved. Don’t get stuck in the feeling of ‘I can’t do it because I don’t know enough’. So that’s what I did. Without even realizing it, I started putting into reality the dream of the little girl who was born on an island and wanted to travel and speak different languages.WordPress made this possible. I’m now part of a big community, and I am proud of it.”

Alice Orru

This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard.

Meet more WordPress community members over at HeroPress.com!

by Yvette Sonneveld at October 05, 2019 04:24 AM under Interviews

October 04, 2019

WPTavern: WooSesh 2019 Scheduled for October 9 and 10: Registration Now Open

WooSesh is happening next week on October 9 and 10, and registration is now open. This is the second edition of the virtual WooCommerce event hosted by WPSessions. In addition to presentations focused entirely on e-commerce, the event will include a “Hallway Track” that offers opportunities for attendees to connect with each other, along with virtual swag donated by various WordPress companies.

Day 1 will cover a wide range of topics for WooCommerce professionals with a focus on store builders, including sessions on designing with blocks, sales tax, optimizing the checkout experience, and store emails. The first day will also feature a two-hour “State of the Woo” keynote address from the WooCommerce team. They plan to discuss case studies, lessons learned, and priorities for the year ahead.

Day 2 will focus on more technical topics for WooCommerce developers, such as “Custom Tables and the Checkout Bottleneck,” solving store UX problems, and productizing development work.

The event is being organized by Brian Richards and Patrick Rauland. For the past two years it has been the official successor to the previously held in-person WooConf events. Given how successful WooSesh has been in connecting the WooCommerce community, it’s easy to see why WooConf has not yet been reinstated.

“One thing I can say, having helped three WooConfs and both WooSesh’s, is that a virtual event is a fraction of the cost,” Rauland said. “And we had twice as many people show up live for WooSesh compared to an in person event.”

In 2018, WooSesh had 2,800 registrants and more than 1,400 who participated live during the event. Rauland reported that 900 people watched the keynote address. After the conclusion, 94% of respondents to an attendee survey said they would like to attend again the next year.

Last year attendees could watch all sessions for free as long as they attended at least one presentation during the live event. This year sessions will be free during the event to encourage maximum engagement, and the recordings will be available on WPSessions.com for a fee after its conclusion.

Tickets are free, thanks to sponsors that include WooCommerce, Jilt, and Avalara. Attendees can register on the website and preview the schedule in their own timezones.

by Sarah Gooding at October 04, 2019 07:10 PM under woosesh

WPTavern: WordPress.org Bumps PHP Maximum for Plugin Directory to Version 7.2

The WordPress.org SVN system received a version bump to 7.2 on October 3. This change means that plugin authors can now use newer PHP syntax in plugins they submit to the official plugin directory. In the future, the version maximum will match what’s running on WordPress.org.

This should be good news for any plugin developers who are using newer PHP syntax. Previously, authors were able to submit code using newer PHP functions if they had a compatibility check in the same file. However, newer syntax wasn’t allowed.

“The issue was that the Linter (being stuck on 7.0) prevented anyone from checking in code via SVN that used 7.1+ standards,” said Mika Epstein from the plugin review team. “So things like the Spaceship operator would fail on commit and you’d be told the syntax was invalid. This was holding back certain plugins from committing code into the directory.”

Epstein first opened a ticket to address the issue 13 months ago but said she’d been quietly asking for a fix for a while longer.

The max PHP version isn’t listed anywhere in the plugin guidelines. Technically, it’s an SVN limitation on WordPress.org and not something the plugin team chose. However, for plugin authors, they may not have known about the issue until their plugin was rejected by the system. They would then message the plugin team about the problem. “I may end up putting something in the docs, but it’s a somewhat uncommon occurrence,” said Epstein.

This has been an issue for some plugin authors since PHP 7.1 was released, which was December 1, 2016. “It was a once a year issue, then twice, and then it inched up to every couple months,” said Epstein. “As of September, at least once a month someone would hit this and complain to plugins.”

One potential problem with blocking newer PHP code is with plugins that rely on third-party libraries, which may only have security patches in more recent versions. However, Epstein said that she was not aware of any security issues that resulted from the version limitation.

Andrey “Rarst” Savchenko pointed out in the ticket that “7.2 was released almost two years ago.” While he says it’s an improvement over the previous 7.0 limitation, version 7.2 should not be a hard ceiling for plugins in the repository.

PHP 7.3 was released on December 16, 2018, and PHP 7.4 will be released on November 28, 2019.

“Given PHP’s poor adoption curves,” responded Dion Hulse, “all that this means is that you can’t release a plugin through WordPress.org that only works on 15% of WordPress sites. “You can even use newer functions in PHP if including compat code, just not newer syntax.”

Plugin author Josh Pollock called awareness to the issue on Twitter in February. “Hours later, I’m downgrading a dependency, because it requires another dependency, which requires PHP 7.1.”

“I think we got lucky and there were no bugs,” Pollock said of downgrading to an earlier version of the dependency. “I don’t think I’ve used SVN since. I’m really fortunate that’s not a part of my life anymore.”

“I agree with Rarst,” said Pollock. “We should be allowing for PHP 7 and making it easier for plugins not to support sites on out of date versions of PHP.” This echoes the sentiment of other developers who are pushing for WordPress to adopt newer standards or at least allow them to do so in their own plugins in the official directory.

For the majority of plugin authors, this should be a non-issue as long as the SVN system remains updated to match the version of PHP used on WordPress.og.

PHP 7.2 will lose active support on November 30, 2019, and security support on November 30, 2020.

by Justin Tadlock at October 04, 2019 04:41 PM under plugin directory

October 03, 2019

WPTavern: Matt Mullenweg and David Heinemeier Hansson Discuss WordPress Market Share, Monopolies, and Power in Open Source Communities

In what began as a heated conversation on Twitter, Automattic CEO Matt Mullenweg and Ruby on Rails creator and Basecamp co-founder David Heinemeier Hansson took to the airwaves to debate opposing viewpoints on market share, monopolies, and power in open source communities. Hansson reacted to a statement Mullenweg made in an interview after Salesforce Ventures invested $300 million in Automattic last month.

“I think there’s potential to get to a similar market share as Android, which I believe now has 85% of all handsets,” Mullenweg told TechCrunch. “When you think about it, open source has a virtuous cycle of adoption, people building on the platform and more adoption.”

Hansson reacted on Twitter, sparking a conversation that received 116 comments.

“‘We want every website, whether it’s e-commerce or anything to be powered by WordPress’ is a nasty, monopolistic goal,” he said. “Listening to Matt muse about 85% marketshare dreams is a real downer. But $300m is a down payment on monopoly dreams.”

In an episode titled “Open Source and Power,” Mullwenweg joined Hansson on the Rework podcast for a more in-depth discussion that dives deeper into Mullenweg’s remarks on WordPress’ potential market share.

Hansson contends that he would like to see a very large, rich ecosystem of providers of tools and services on the web and expressed concern about WordPress growing many times faster than any of its competitors.

Mullenweg countered that unique domains are not the only measure of a monopoly. He also referenced Shopify as having a thriving business with a small percentage of the e-commerce platform market share.

“Even though open source can become a bit of a standard, it doesn’t prevent others from starting on it,” Mullenweg said. “The truth is if I had an evil hat on – let’s say I started doing evil monopoly stuff, people could easily fork the software – and they would. There’s a checks and balances there.”

This is a classic power dynamic in BDFL-led open source projects where the potential for a fork checks the project leader’s actions.

Hansson challenges Mullenweg’s assertion that a fork would be a threat to the project, arguing that this power is illusionary when a project has become as dominant as WordPress:

Technically someone could fork Ruby on Rails tomorrow. What is the likelihood that fork is going to succeed? Once you have this juggernaut of network effects, WordPress is growing so much faster than anyone else, the gravitational pull is huge. Should someone fork it, introducing incompatibilities, what is the likelihood that is going to be a serious contender? From me, my assessment is extremely low, just the same as if someone was to fork Ruby on Rails today and call it Snoopy on Pails. The odds of that being anything other than a curiosity for two days on Hacker News is extremely low.

The notion of Snoopy on Pails injected a bit of humor into the debate that remained high intensity for the hour-long discussion, but it also illustrated Hansson’s point regarding the absurdity of any kind of WordPress fork becoming a real threat to the project’s momentum.

“Open source can provide a veil over true power and who has that power, and I would argue that WordPress being in the position that it is, a third of all sites, is tremendous power,” Hansson said. “Even if that power is somewhat distributed, it’s still very much so located mostly with the company backing that engine and that you built a commercial business on top of it that even uses the name, goes even further to say there’s a lot of power here.

“Why would venture capitalists invest half a billion dollars into WordPress if they didn’t see Automattic as a company as having a lot of power over WordPress? The whole reason someone is able to raise that kind of money is off the back of someone who can pitch: ‘We have over a third of all websites on the internet and we think we can get to 85%.’ That’s a very compelling venture story.”

Mullenweg counters that if a Rails fork couldn’t attract a lot of users, that speaks to the Hansson’s stewardship of the project. He said that a typical WordPress release has 400-500 contributors with an estimated 10% from Automattic.

“If 200 of those went someplace else because I did something really brain dead, that would be a pretty serious competitor, and there are some examples of that in open source history,” Mullenweg said. He contended that forks with enough weight behind them can become very interesting. On this point the two project leaders remained at odds.

How Open Source Market Dominance Impacts Diversity of Tools and Services on the Web

One of Hansson’s chief concerns with WordPress reaching 85% market share is what he described as the “death of diversity.” He perceives this pursuit of increased adoption as growing open source in monopolistic ways.

“We’re living through an era right now where a small handful of big tech companies are exerting a completely undue amount of power over the internet, over discourse, over all sorts of things, and that’s something we should try to recoil from and at least learn from, not aspire to building more of,” Hansson said. “That’s what got this going – why isn’t WordPress in a great place only being a third of all the sites of the internet. Why does it need to get to 85%? Why does its growth need to be that explosive and that wild?”

This is a question many in the WordPress community have asked in the past. Does the mission of democratizing publishing necessitate such a zealous drive towards market dominance?

“I don’t want to see this concentration of power in one engine, no matter how good it is,” Hansson said.

It is at this juncture that Mullenweg revealed more of his vision for WordPress becoming the “operating system of the web,” an idea he has floated several times over the past few years.

“You have referred to WordPress a lot of times as blogging,” Mullenweg said. “I think of it more like a platform. If you look at how a lot of people are building on it, they use WordPress to bootstrap something that doesn’t look like WordPress at all. It might not even have a website. It might be powering just an API. It might be a headless or decoupled installation. It could be a store.”

He likened the idea to Apache and nginx having a dominant market share (55% and 23% respectively) in the server space.

“That doesn’t prevent the different types of websites that are built on it,” Mullenweg said. “If nginx got to 80 or 85%, that wouldn’t prevent the diversity or what people could put on their websites. WordPress could get to 85% and it wouldn’t mean that there’s any sort of monoculture or lack of diversity. If anything, it would allow people to focus more on what’s different and not recreating the WYSIWYG, the user system, the login, all that stuff we have all built a million times and you just don’t need to anymore, if something like WordPress solves your needs.”

Hansson asked what it would look like if 85% of the web ran on WordPress, a question that the community behind the project hasn’t deeply examined yet. He encouraged listeners to consider what they want the internet to look like in the future:

What is the future I’d like to live in? What does a healthy, open, free internet look like? To me it looks like an internet with tons of different providers, tons of different tools, and what we collaborate around is protocols, not consolidation of software market share, that gives individuals and companies or even projects outsized power to dictate the matters of the internet.

Matt clarified that his comments on an 85% market share are not a goal, but rather a “trailing indicator” in the quest to create the best possible experience for developers and users. A growing market share is a signal of adoption in that sense, not a goal in itself.

WordPress Community Reactions to the Debate

After the initial exchange on Twitter, the broader tech community seemed delighted to hear Mullenweg and Hansson square off in a civil debate on topics that affect so many people working on the web. The conversation touched on a lot of the friction points in the WordPress ecosystem with Automattic being one of the most powerful companies driving WordPress’ market share. Many listeners were grateful for answers to questions they have had for years.

However, the idea of WordPress as web infrastructure and the level of market dominance (85%) discussed in the podcast are controversial and even off-putting for some who are deeply invested in the platform.

“Matt appears to think of WordPress as infrastructure for the web, in the same way that Google and Facebook think of themselves as infrastructure for the web,” Morten Rand-Hendriksen said.

“In the conversation about the dangers of market control, monopolization, and monoculture, Matt says, ‘We are not a grain, we are the soil.’ The only way to interpret that from my position is ‘WordPress is not a thing on the web. It is the web,’ i.e. infrastructure. A future where WP is web infrastructure is something I think very few people actually want, open source or not.”

On the podcast, Mullenweg argued that open source allows for competition in a way proprietary software does not, but Rand-Hendriksen said he sees this as a logical fallacy.

“He talks at the same time about WP being infrastructure and powering 85% of the web AND about this being a reason for others to fight it with other solutions,” he said. “So monopolization leads to competition somehow. I don’t think WordPress is infrastructure, or that it should power 85% of the web, especially after hearing this conversation.

“If we truly believe in this idea of open source as diversification and forking, WP should actively support other projects and try to not be the dominant force on the web. WP is not infrastructure, it is very much a grain that has become a monoculture.”

Matt Medeiros, host of the Matt Report podcast focused on WordPress business and entrepreneurs, said that while the conversation answered a lot of questions, it left him wanting more.

“The cloud of uncertainty that hangs above a large portion of this community is directly formed from lack of clear communication in both WordPress.org and how Automattic + Jetpack move in lockstep with the open source project,” Medeiros said. “As we see hundreds of millions of dollars invested, with billions of dollars of valuation going to a single company, surely the optics leave one wondering how all of this gets repaid to investors?”

Automattic invariably comes under more public scrutiny regarding its investments due to having the WordPress project lead as its CEO. One interesting observation Mullenweg made during podcast is that Automattic is just one of many larger players that make up the the WordPress economy, which he has previously estimated at $10 billion/year.

“Automattic makes probably 2-3% of the revenue in the WordPress world,” Mullenweg said. “There are companies like GoDaddy, which might not contribute very much back to core, but probably have 3 or 4 times the number of subscribers than us running WordPress. I think about that a lot. I want to grow the whole ecosystem, not just our slice of it.”

Revenue is not always equal to influence, and a good portion of the end of the podcast tackled questions about power and leadership in open source.

“David’s questions are spun from the threads that fear monopoly on the web, as much as we fear a singular rule of decision making in the open source project,” Medeiros said. “I think David did well at challenging Matt’s view on the desire of world domination and how undesirable it is to earn the title of Benevolent Dictator — but it left me wanting more. For example, in an attempt to throw a curveball, Matt pointed out, the investment is made in Automattic — not WordPress — a point so opaque it didn’t fool David, but didn’t have him pressing any deeper.

“Had David viewed this conversation through the lens of our community, he would know that Automattic and WordPress.com enjoy the full benefit of leveraging the WordPress brand, a brand protected by a foundation that Matt himself founded, which may have guided the podcast episode into the ethics of it all.”

While Mullenweg’s claim that “WordPress belongs to you as much as it belongs to anyone else” is true in the sense that the software is freely available to be used and modified by anyone, the full power of leveraging the WordPress brand does not belong to everyone.

“I don’t think Matt would have been willing to have this kind of conversation with me or most members from the the general community, so I’m glad someone of David’s clout was able to engage here,” Medeiros said. “I do sympathize with all that Matt is responsible for and it’s not a challenge I think I’d be up for, given the opportunity. I love this community and want to see people stay, contribute, and flourish — not walk away because they felt unheard. DHH isn’t the hero we asked for, but he’s the hero we need right now. Hopefully he continues to keep a watchful eye over where WordPress is heading.”

If you only listen to one podcast this week, Hansson’s conversation with Mullenweg is an invigorating battle of opposing open source ideals held as a respectful exchange. In defending their positions, both reveal how their experiences of the early days of the web shaped their ideologies and approaches to open source project leadership and commercialization. Conversations like these are rare but long overdue, as the WordPress community considers its growing influence on the future of the web.

by Sarah Gooding at October 03, 2019 06:59 PM under open source

WPTavern: WordPress Theme Review Team Brings Back Review Shindigs

The WordPress theme review team (TRT) is kicking off a review weekend October 5 and will begin at 10:00 Coordinated Universal Time (UTC). These events, called “review shindigs,” are marathon sessions where the team joins together to review themes and teach best practices. The current plan is to hold the event on the first Saturday of every month.

“The goal of the review weekend is to get together and do as many quality reviews as possible,” wrote Carolina Nymark, one of the team’s review representatives, in the event’s announcement. Events sometimes have different goals, depending on what the team needs to work on at the time.

Most of the event will happen over the team’s Slack channel. They will also hold a live presentation or Q&A on Zoom at 13:00 UTC. Anyone is welcome to attend (the Zoom link will be provided in Slack). This will help teach those who are interested in how to perform reviews and check common issues. Anyone attending is also able to submit topics for discussion in the comments on the announcement post.

The TRT originally announced plans for the event after the last team meeting, but it was overshadowed by other news, such as the team moving to a flat structure. “Not sure if anyone but myself will be there,” joked Nymark. “It’s short notice. Some of the team reps already had other plans.”

Anyone from the WordPress community is allowed to participate in the event by simply commenting on a ticket without being assigned a review. Nymark provided links on how to become a reviewer and the team’s reviewer onboarding process to get new reviewers started.

Review shindigs can help new reviewers because it puts them in touch with more experienced reviewers at a time when they know someone will be online to answer questions. They’re also a team-building exercise where people can join together and work toward a common goal.

Currently, 214 tickets are awaiting review. A successful event would significantly cut that number down.

Events From the Past

Theme review shindigs have seen varying levels of success over the years. In the TRT’s earliest days, review gatherings were regular events and helped keep the ever-growing ticket queue under control. Participation waned over time as leaders within the team switched to other projects or no longer had time to run the events. Proposals to bring back them back have not gone far in the last couple of years.

The last TRT shindig was a December 2016 event that saw over 50 participants. Reviewers worked on 108 tickets throughout the weekend. The event also coincided with contributor day at WordCamp US, which helped bump up participation numbers.

Jose Castaneda, Cristiano Zanca, Benjamin Lu, and Afzaal Ahmed held a live stream that covered how to load scripts and styles in themes in the previous review event.

by Justin Tadlock at October 03, 2019 06:29 PM under theme review team

Follow our RSS feed: 

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this site, send an email to Matt.

Official Blog

For official WordPress development news, check out the WordPress Core Blog.


Last updated:

October 20, 2019 03:45 AM
All times are UTC.