WordPress Planet

March 21, 2025

Matt: Automattic Operating System

I was interviewed by Inc magazine for almost two hours where we covered a lot of great topics for entrepreneurs but almost none of it made it into the weird hit piece they published, however since both the journalist and I had recording of the interview I’ve decided to adapt some parts of it into a series of blog posts, think of it as the Inc Article That Could Have Been. This bit talks about some of the meta-work that myself and the Bridge team at Automattic do.

At Automattic, the most important product I work on is the company itself. I’ve started referring to it as the “Automattic Operating System.” Not in the technical sense like Linux, but the meta layer the company runs on. The company isn’t WordPress.com or Beeper or Pocket Casts or any one thing. I’m responsible for the culture of the people who build those things, building the things that build those things. It’s our hiring, our HR processes, our expenses, the onboarding docs; it’s all of the details that make up the employee experience — all the stuff that shapes every employee’s day-to-day experience.

Take expense reports. If you’ve got to spend two hours taking pictures of receipts and something like that, that’s a waste of time. You’re not helping a customer there. We switched to a system where everyone just gets a credit card. It does all the reporting and accounting stuff automatically. You just swipe the card and it just automatically files an expense report. Sometimes there’s an exception and you have to work with the accounting rules, but it just works and automates the whole process most of the time.

Another commonly overlooked detail is the offer letter. We think so much about the design of our websites and our products. We have designers work on that and we put a lot of care and thought into it. But I realized we didn’t have the same attention to detail on our offer letter. When you think about it, getting an offer letter from a company and deciding to take it is a major life decision, something you only do a handful of times in your life.  This is one of the things that determines your life path. Our offer letter was just made by attorneys and HR. No designer had looked at it right. We hadn’t really thought about it from a product experience point of view. And so it was just this, generic document with bad typography and not great design. But it’s important, so one of the things we did was redesign it. Now it has a nice letterhead, great typography, and it’s designed for the end user.

I realized that the salary and stuff was buried in paragraph two. It was just a small thing in the document! Well, what’s key when you’re deciding whether to take a job? Start date, salary, you know, that sort of thing, so we put the important parts at the very top.

And then there’s the legal language. All the legal stuff, which is different in every country. We have people in 90 countries, so there’s all the legal stuff that goes in there. And then it has this nudge inspired by the behavioral economics book, Predictably Irrational.

There’s the story about how, if you have an ethics statement above where you sign the test or something, people cheat less. So I thought, well, what’s our equivalent of that? We have the Automattic Creed. It’s an important part of our culture. So we put the creed in, it says

I will never stop learning. I won’t just work on things that are assigned to me. I know there’s no such thing as a status quo. I will build our business sustainably through passionate and loyal customers. I will never pass up an opportunity to help out a colleague, and I’ll remember the days before I knew everything. I am more motivated by impact than money, and I know that Open Source is one of the most powerful ideas of our generation. I will communicate as much as possible, because it’s the oxygen of a distributed company. I am in a marathon, not a sprint, and no matter how far away the goal is, the only way to get there is by putting one foot in front of another every day. Given time, there is no problem that’s insurmountable.

It’s not legally binding, but it’s written in the first person, you read it and you kind of identify with it and then you sign below that. We want people who work at the company who identify with our core values and our core values really are in the creed.

These sorts of things are key to our culture. And they’re universal. Again, we have people from over 90 countries. These are very different cultures, yes, and very different historical backgrounds and cultural makeups. But what’s universal? We have our philosophies that we apply every day regardless of where you were born or where you work.

by Matt at March 21, 2025 10:15 PM under Automattic

Gravatar: Digital Business Card Examples With Professional Flair

Looking for digital business card examples that actually work? Networking has changed, but the need to make a strong first impression hasn’t, and business cards are a big part of it. So, if you’re looking for inspiration, we’ll show you real digital business cards from various industries that successfully blend professional presentation with practical functionality.

Our list includes sleek corporate profiles and creative designs for artists and freelancers, each a great example of how to make your information accessible while maintaining your personal brand. 

By the end of this article, you’ll have actionable ideas for creating your own digital business card. And the best part? You can set up a free, customizable digital business card in minutes using Gravatar – no coding or design skills required.

Universal Digital Business Cards with Gravatar

Ronnie Burt Gravatar profile

Looking at my Gravatar profile, you can see how it functions as a complete digital business card that travels with me across the web. I’ve personally included a professional headshot, custom banner image, some interesting images, and verified links to all my social profiles. These sections are completely customizable, and what you include depends entirely on your goals. 

What makes this especially useful for networking is the QR code functionality. When meeting someone at a conference or event, I can quickly pull up my Gravatar profile QR code from my phone’s digital wallet. With one quick scan, my new contact instantly has access to all my professional information.

Adding a Gravatar profile QR code to Apple Wallet and Google Wallet

Anyone who scans my QR code can immediately connect with me through multiple channels – they can view my contact details, send me money, or browse through my featured photos for a more personal touch. No more fumbling with paper cards or manually typing contact info into phones.

As a technical professional, my Gravatar profile is quite literally the foundation of my online presence. When I contribute to GitHub, post on Stack Overflow, or communicate through Slack, my Gravatar profile appears automatically, helping me build a more recognizable personal brand.

Ronnie Burt profile in GitHub

The best part? I only need to update my information in one place. If I change roles or add new contact methods, updating my Gravatar profile instantly refreshes my presence across all integrated platforms – saving time and ensuring consistency.

Want to create your own universal digital business card? Sign up at Gravatar.com using just your email address. It takes minutes to set up but provides lasting professional benefits everywhere you go online.

Industry-Specific Showcases: Real Estate to Tech Professionals

Real estate agents face unique networking challenges – they need to connect instantly with potential buyers and showcase properties efficiently. Digital business cards can help in this process by offering scannable QR codes that provide immediate connections with house hunters.

Take Liz Nitz’s digital business card as an example. 

Liz Nitz Gravatar profile

As a Bozeman-based real estate agent, her Gravatar profile functions as a powerful lead generation tool. When potential clients scan her QR code, they gain instant access to her contact information plus direct links to her real estate website, where current property listings are just a tap away. This approach eliminates friction in the buying process – no typing long URLs or searching for contact details.

The benefits go beyond real estate into technical fields where showing your expertise is extremely important. Tech professionals use digital business cards to highlight their portfolios, technical skills, and ongoing projects.

Simon Willison, founder of Datasette, demonstrates this approach effectively through his GitHub profile. 

Simon Willison GitHub profile

His presence includes links to his technical blog and personal projects, creating a comprehensive snapshot of his expertise. Visitors can easily contact him while exploring his work samples – all from a single profile.

What makes this especially powerful for tech professionals is GitHub’s integration with Gravatar. When developers update their Gravatar profile picture, those changes automatically appear on GitHub and ensure a consistent, professional presence without requiring multiple updates.

For many industries, digital business cards eliminate the limitations of paper while adding dynamic elements like direct portfolio access, property listings, and instant contact options – turning a simple introduction into a potential business opportunity.

Creative examples for freelancers and artists

For creative professionals, first impressions matter tremendously. Digital business cards give artists and freelancers a powerful advantage – the ability to showcase their actual work during initial meetings rather than just talking about it.

Jonathan H. Kantor’s digital business card perfectly demonstrates this advantage. 

Jonathan H. Kantor Gravatar profile

As an illustrator at Talking Bull Games, his Gravatar profile displays samples of his artwork directly on the card itself. New contacts can immediately see his illustration style and quality before clicking through to his full portfolio website. This visual introduction creates an instant connection that paper cards simply cannot match.

Similarly, Shannon Cutts uses her digital business card to establish her credibility as a freelance writer. 

Shannon Cutts Gravatar profile

Her profile links directly to her writing samples and service pages, allowing potential clients to quickly assess her style and expertise. This immediate access to her work helps her stand out in competitive pitching situations.

Both Jonathan and Shannon have enhanced their cards with integrated QR codes connected to payment systems. This smart addition means that when someone appreciates their work, they can commission or purchase it on the spot by sending payment directly to the artist’s designated eWallet. No invoicing delays or payment friction – just a seamless transaction from introduction to sale, all through a digital business card.

Corporate digital cards that mean business

Corporate professionals require business cards that convey expertise, professionalism, and comprehensive information. Thomas McCorry’s digital business card exemplifies this approach perfectly.

Thomas McCorry Gravatar profile

His Gravatar profile is like a mini-CV, with a detailed bio section outlining his professional history and accomplishments. The card includes direct links to his personal website, portfolio of work, and LinkedIn profile – all organized in a clean, accessible format alongside professional photographs.

This structured approach gives potential clients and contacts an immediate sense of Thomas’s experience and capabilities at a glance. Rather than trying to cram limited information onto a paper card, his digital version provides depth without overwhelming the viewer. Someone meeting Thomas can quickly understand his background and then access more detailed supporting materials about specific projects or expertise areas with a single tap.

Charles Leisure takes corporate networking a step further by connecting a QR code to his digital business card. 

Charles Leisure Gravatar profile with QR code

This practical addition allows him to instantly share his complete professional profile during meetings or conferences by simply opening the QR code stored in his Apple or Google Wallet. Contacts can scan the code with their smartphone and immediately have all his information saved – eliminating the traditional business card exchange and ensuring his information never gets lost in a pocket or briefcase.

How to Create Your Perfect Digital Business Card with Gravatar

Creating a professional digital business card doesn’t require design skills or technical expertise. Anyone can set up a functional, customizable card like the examples showcased in this article by signing up for a free Gravatar profile.

Getting started takes just minutes, and the process is straightforward:

  1. Sign up using your email address – Visit Gravatar.com and click “Get Started Now.” Enter your email address and follow the verification steps. If you already have a WordPress.com account, you can connect it to speed up the process.
Creating a free profile with Gravatar

  1. Add a professional headshot – Upload a high-quality photo that represents you well. The image will be cropped to a square format, so choose one where your face is clearly visible. For business purposes, opt for good lighting and a neutral background.
Adding an image to your profile
  1. Insert verified links and social media profiles – Add your website, portfolio, and social media accounts. Gravatar verifies these connections, adding credibility to your profiles with a verification badge that builds trust with new contacts.
Adding verified links and social profiles 
  1. Add a professional bio – Craft a concise, compelling description that highlights your expertise and unique value. Think of this as your elevator pitch in written form – clear, engaging, and focused on what makes you stand out.
Adding a bio
  1. Add relevant images – Beyond your profile picture, you can add additional images that showcase your work, which is especially helpful for creative professionals wanting to display their portfolio directly on their card.
Adding relevant images 
  1. Create a QR code for easy profile sharing – Once your profile is complete, you can generate a QR code that links directly to your digital business card. This code can be added to your Apple or Google Wallet for easy sharing during in-person networking events.
Generating a QR code
  1. Customize the style and feel – Personalize your digital business card with custom backgrounds, banner images, and button styles that align with your personal or corporate branding.
Customize the style of your profile

With these seven simple steps, you’ll have a professional digital business card that works across platforms and makes networking more efficient and effective.

Customization features and design possibilities

Gravatar offers extensive customization options that let you create a truly personalized digital business card:

  • Background options: Add unique solid colors or image backgrounds that align with your personal aesthetic or company branding. 
  • Custom header/banner images: Feature your logo, portfolio samples, or professional photography that represents your work. 
Header customization
  • Button style customization: Match link buttons to your overall design theme for a cohesive, professional appearance. 
Customizing buttons on your profile
  • Section rearrangement: Position the most important elements (like payment options) at the top of your profile for better usability. 
Rearranging sections on your profile
  • Custom domains: Transform your profile from username.gravatar.com to yourname.social (or other extensions like .bio, .contact, and more). 

Privacy is also thoughtfully integrated into the design system. Gravatar gives you control over which information remains public (like your avatar and display name) and which stays private (such as phone numbers or birth dates). 

Adjusting privacy settings

When a new site or app requests access to your non-public information, Gravatar will ask for your confirmation first.

This privacy-first approach highlights one of Gravatar’s main strengths – functioning as a universal profile. Update your information once, and those changes instantly sync across all integrated platforms like WordPress, GitHub, and Slack, making your digital business card both customizable and remarkably efficient.

Start Building Your Professional Digital Presence

A free Gravatar profile offers the perfect solution for professionals seeking to establish a consistent online presence. More than just a digital business card, it functions as your unified identity across the web, appearing automatically on compatible platforms whenever you interact.

Getting started takes just minutes. Visit Gravatar.com, enter your email address, and follow the simple verification steps to create your profile. Add a professional photo, customize your information, and start connecting your social accounts. The process is straightforward and designed for users of all technical skill levels.

What truly sets Gravatar apart is its automatic synchronization capability. Once set up, your digital business card will appear seamlessly across WordPress.com, GitHub, Stack Overflow, and numerous other integrated platforms. 

Start building your professional digital presence with Gravatar today!

by Ronnie Burt at March 21, 2025 03:26 PM under Personal Branding

Do The Woo Community: Introducing the Content Sparks Hosting Team: Derek Hanson, Rae Morey, Robbie Adair and BobWP

In the latest episode of Content Sparks, BobWP introduces three monthly hosts: Robbie Adair on content and AI, Rae Morey on all things media, and Derek Hansen on content management, promising valuable insights.

by BobWP at March 21, 2025 01:24 PM under Content

Do The Woo Community: Do the Woo Friday Shares, March 21, 2025

Our curated content across the Woo and WordPress community and beyond.

by BobWP at March 21, 2025 10:47 AM

Do The Woo Community: Discovering the Impact of i2Coalition at Cloudfest with Christian Dawson, David Snead and James Webb

At CloudFest 2025, experts from i2Coalition and BigScoots discuss the importance of collaboration in the hosting industry, addressing legislative challenges while emphasizing WordPress's role in supporting small businesses globally.

by BobWP at March 21, 2025 09:00 AM under Security

March 20, 2025

Do The Woo Community: From Founding to Funding, Marieke van de Rakt’s Entrepreneurial Journey

In this episode, Jonathan Wold and Tammy Lister chat with Marieke van de Rakt, co-founder of Progress Planner. They discuss her teaching, investment philosophy, and insights on e-commerce challenges and open source opportunities.

by BobWP at March 20, 2025 01:00 PM under Founders

Do The Woo Community: Thoughts on CloudFest, Rollercoasters and WP Cloud’s Strategy with Elise Prather

Elise Prather, VP at Automattic's WP Cloud, shares her immersive experience at CloudFest, highlighting its vast size, unique networking opportunities, and the customizable hosting solutions WP Cloud offers for companies and freelancers.

by BobWP at March 20, 2025 09:33 AM under Hosting

March 19, 2025

Matt: Radiohead

It’s so funny that my random re-engagement with Radiohead re-emergence coincides with them doing a new entity that might mean something. I did a poll on Twitter and people preferred OK Computer to Kid A 78%!

Grok told me: “The band has recently registered a new limited liability partnership (LLP) named RHEUK25, which includes all five members—Thom Yorke, Jonny Greenwood, Colin Greenwood, Ed O’Brien, and Philip Selway. This move is notable because Radiohead has historically created similar business entities before announcing new albums, tours, or reissues.”

by Matt at March 19, 2025 11:06 PM under Asides

Do The Woo Community: Tara Claeys on the Benefits of Niching Down to School and Nonprofit Websites

In this episode of WP Agency Tracks, hosts Marcus Burnett and Cami MacNamara discuss the benefits and challenges of niching down with guest Tara Claeys, emphasizing her focus on schools and nonprofits for greater business success.

by BobWP at March 19, 2025 02:04 PM under Agencies

Do The Woo Community: Ronnie Burt Chats About Gravatar’s Evolution and CloudFest Experiences

At CloudFest, Ronnie Burt discusses Gravatar's history, its integration with WordPress, recent spikes in usage from platforms like ChatGPT, and the importance of digital identity ownership.

by BobWP at March 19, 2025 10:30 AM under CloudFest

March 18, 2025

Do The Woo Community: The Winners of the CloudFest Hackathon 2025

The CloudFest Hackathon 2025 celebrated innovation in open-source development, featuring diverse awards and emphasizing inclusivity within the tech community, with Accessible Infographics as the overall winner.

by BobWP at March 18, 2025 03:57 PM under Hackathon

WordPress.org blog: WordPress 6.8 Beta 3

WordPress 6.8 Beta 3 is now ready for testing!

This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

You can test WordPress 6.8 Beta 3 in four ways:

PluginInstall and activate the WordPress Beta Tester plugin on a WordPress install.  (Select the “Bleeding edge” channel and “Beta/RC Only” stream).
Direct DownloadDownload the Beta 3 version (zip) and install it on a WordPress website.
Command LineUse the following WP-CLI command: wp core update --version=6.8-beta3
WordPress PlaygroundUse the 6.8 Beta 3 WordPress Playground instance to test the software directly in your browser without the need for a separate site or setup.

The current target date for the final release of WordPress 6.8 is April 15, 2025. Get an overview of the 6.8 release cycle, and check the Make WordPress Core blog for 6.8-related posts in the coming weeks for more information.

Catch up on what’s new in WordPress 6.8: Read the Beta 1 and Beta 2 announcements for details and highlights.

How to test this release

Your help testing the WordPress 6.8 Beta 3 version is key to ensuring everything in the release is the best it can be. While testing the upgrade process is essential, trying out new features is equally important. This detailed guide will walk you through testing features in WordPress 6.8.

If you encounter an issue, please report it to the Alpha/Beta area of the support forums or directly to WordPress Trac if you are comfortable writing a reproducible bug report. You can also check your issue against a list of known bugs.

Curious about testing releases in general?  Follow along with the testing initiatives in Make Core and join the #core-test channel on Making WordPress Slack.

Vulnerability bounty doubles during Beta/RC

Between Beta 1, released on March 4, 2025, and the final Release Candidate (RC) scheduled for April 8, 2025, the monetary reward for reporting new, unreleased security vulnerabilities is doubled. Please follow responsible disclosure practices as detailed in the project’s security practices and policies outlined on the HackerOne page and in the security white paper.

Beta 3 updates and highlights

WordPress 6.8 Beta 3 contains more than 3 Editor updates and fixes since the Beta 2 release, including 16 tickets for WordPress core.

Each beta cycle focuses on bug fixes; more are on the way with your help through testing. You can browse the technical details for all issues addressed since Beta 3 using these links:

A Beta 3 haiku

Beta three refines,
WordPress shapes with steady hands,
Code grows into form.

Props to @benjamin_zekavica @krupajnanda @ankit-k-gupta @joemcgill for proofreading and review.

by Jeffrey Paul at March 18, 2025 03:35 PM under releases

WPTavern: #161 – Robert Jacobi on WordPress, Security, and the OSI Model

Transcript

[00:00:00] Nathan Wrigley: Welcome to the Jukebox Podcast from WP Tavern. My name is Nathan Wrigley.

Jukebox is a podcast which is dedicated to all things WordPress, the people, the events, the plugins, the blocks, the themes, and in this case, WordPress, security, and the OSI model, which underpins the entire internet.

If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice, or by going to wptavern.com/feed/podcast, and you can copy that URL into most podcast players.

If you have a topic that you’d like us to feature on the podcast, I’m keen to hear from you and hopefully get you, or your idea, featured on the show. Head to wptavern.com/contact/jukebox, and use the form there.

So on the podcast today we have Robert Jacobi. Robert has a long standing history with the tech and CMS industry, having worked in senior positions at Joomla, Cloudways, Perfect Dashboard and more. He’s now the Chief Experience Officer at Black Wall, a company formally known as BotGuard.

Robert talks with me today about the transition from proprietary systems to open source, and the seven layer OSI model that underpins the internet. Drawing from his experiences in tech, Robert and I try, and perhaps fail, to break down the complexities of how website traffic is rooted over the internet. This is done to try to understand how Black Wall can position itself to mitigate risks before they reach hosting companies infrastructure.

We also discuss the evolution of bot traffic on the web, where upwards of 10% of internet traffic is identified as malicious. This kind of insight is particularly important for those interested in the security aspect of web hosting and website management.

We also get into Black Wall’s rebranding journey, and its continued dedication to the WordPress community by participating in events like WordCamp Asia and Europe.

If you’ve ever wondered about the unseen layers of internet security and infrastructure, or the strategic moves involved in rebranding a tech company, this episode is for you.

If you’re interested in finding out more, you can find all of the links in the show notes by heading to wptavern.com/podcast, where you’ll find all the other episodes as well.

And so without further delay, I bring you Robert Jacobi.

I am joined on the podcast by Robert Jacobi. Very nice to have you on. I think I’m going to muddle up the company that you work for, because a little bird tells me that in the very, very recent past, the company that you work for became, well different in some way. Perhaps a name change, a logo change. Who did you work for and who do you now work for? And are they the same thing?

[00:03:08] Robert Jacobi: Well, I still have my original swag, the BotGuard polo, which all of us have at the team, but we are now Black Wall. So Black Wall, formerly known as BotGuard. So we’ve done a full rebrand. I’m sure a lot of folks have seen already. But yep, just bringing it forward. Allowing ourselves to take on more of what we do, on top of the highly focused bot security monitoring and mitigation.

[00:03:32] Nathan Wrigley: Okay. That’s a perfect introduction then. So give us your potted bio in tech, in CMSs. I’m not going to say WordPress because it’s a bit bigger than that. And maybe just throw in the BotGuard, Black Wall bit at the end there, and what your role is there. So just a couple of minutes. Just tell us who you are and whatnot.

[00:03:49] Robert Jacobi: Minutes, I could spend all day talking about myself. So I’ve been in the industry for a number of years. Mumble, mumble, how long it’s been. Let’s go with CMSs because, actually a big passion way back in the day, had an agency where we created our own, of course proprietary CMS because that’s what you did.

And then moved into open source for a number of reasons. Primarily, which I hope all agencies don’t need to talk about anymore, because I think it’s pretty obvious. It was the hit by a bus theory that, we put all our eggs into a proprietary basket, and we get hit by a bus, then that customer is stuck. With open source, there’s the community of the ecosystem, and it’s huge.

And, you’ll always have your preferred vendors for many, many, reasons, but if something happens, you’re not locked into that code. You’re not blindsided. That was a fairly quick transition, and wound up working at the time, sorry WordPress universe, went to Joomla because hey, back in that day Mambo slash which became Joomla, was honestly just more of a stack that our team leaned towards. It was MVC based. It was geeky. There were tons of features, and functions that the types of customers we were working with, it resonated with. Especially multilingual at the time.

Fast forward, let’s say 10 years, and now WordPress is beyond a competing product. It’s got an ecosystem a, value with its name brand, and literally the immense community that’s been built around it.

From there went to, transitioned off of the Joomla space, and popped into a company called Perfect Dashboard. Oh, I forgot, I actually was the president of Joomla, briefly, so.

[00:05:31] Nathan Wrigley: Just a little fact there, yeah.

[00:05:32] Robert Jacobi: You know what, I should not forget that because that one year felt like 10. It’s a lot to work with a huge community, for many, many reasons. You have so many stakeholders. People whose lives depend on the product, the solution, the community, the ecosystem. Certainly not going to get into WordPress drama, but I understand how difficult it is to bear those responsibilities. And, it’s a lot. Immense amount of work. And WordPress has done amazing things in sustaining that for decades.

So, moved over to the WordPress side of the universe. Company called Perfect Dashboard. We were acquired. Moved to running the WordPress business unit of Cloudways, also now acquired by Digital Ocean. And today I’m at Black Wall. I’m the Chief Experiences Officer for Black Wall. So that includes community, includes evangelism, includes investor in government relations. It’s really making sure that there’s an ability to communicate all the things that we do to the right people.

[00:06:32] Nathan Wrigley: And what does well formally BotGuard, now Black Wall, what do they do? What do they offer up into the market? Is it a WordPress thing, or is it more of a, we’ll get into the OSI model in a minute, but is it more of an operating system thing?

[00:06:46] Robert Jacobi: It’s at the top of the stack. So while, let’s just call it 50%, I know that’s not the exact number, but it’s close enough that I, think it’s fair to say, 50% of the web is run by WordPress. We’re still very heavily involved in the community. So we were just at WordCamp Asia. We’ll be at WordCamp Europe. These are places want to meet folks, communicate our solution, and engage with hosting providers because, when we get to running through our little OSI stack that you and I are obviously super experts in, we’ll kinda see where WordPress falls into it and where security matters, up and down that stack.

We’re trying to help WordPress end users and hosting companies before you ever actually have to get to WordPress, because we already see that a significant portion of internet traffic, 40% of internet traffic is bots. AI agents, whatever you want to call them. And 25% of that 40%, so 10% is completely malicious. And you don’t want to get near the hosting company, the actual application, or anywhere further down the stack if you can avoid it.

[00:07:50] Nathan Wrigley: So it sounds, just the name, and I confess, I don’t know much about what BotGuard, Black Wall do, did. But it sounds to me from the naming of it, that it’s a bit like you are literally a sentinel. You are standing in the way of things. Examining things that are coming your way and saying, no, you may not pass, but you may.

And a bit like throwing it into dev null, if something is unable to pass, you are just black walling it, as it were. You are just saying, nope, off you go, drop, you’re outta here. Is that basically the principle? You are a security firm preventing things that are bad happening to whoever it is that uses your services.

[00:08:25] Robert Jacobi: Some of it’s super, super bad, so you’re going to dev null it. And then there’s a spectrum of how bad those connections can be. We want to focus on humans getting to human content. Our key, sort of value propositions, humans are secure, humans are actually visiting your site. That’s what’s important.

But there are good bots, and there are good bots who accidentally do bad things. And then there are the bad, bad bots. We obviously want Google to index our sites. We may or may not want Open AI indexing our sites. We certainly don’t want it. causing an accidental denial of service by how much it’s scraping our content. Which we have seen many a time. Where it’s like, great Open AI, come on in, take one quick look and get out. But it’s like, I’m going to stay there and I’m going to churn through everything. And we’ve seen it and it knocks sites out. And the AI engines, agents are particularly bad about that, because they’re trying to fill in and understand that data.

[00:09:25] Nathan Wrigley: Yeah. Okay, so we’ve got some idea of what you do. Just as an aside, what a shame that the internet has a need for a company like yours. I don’t mean to take the food off your table, but back 20 years ago this just wasn’t really a thing. Just this promise of the internet to be this philanthropic place with unicorns and rainbows everywhere, where we were all going to throw our content in, and we were all going to consume it and it would be wonderful.

And now we have well, human beings presumably started the whole thing, but now human beings have written codes such that they can step away and let their robots carry on. And what a shame that we need to have things like captchas on forms. and we need to pay security companies to do all of this stuff.

And again, I’m not trying to say that your business doesn’t have a place. Clearly it does. But from a philosophical point of view, I wish that they didn’t need to exist, because the place was benign and harmless all the time.

[00:10:19] Robert Jacobi: I’m going to poke a tiny hole in that bubble.

[00:10:21] Nathan Wrigley: Please do.

[00:10:22] Robert Jacobi: Actually, this is not a bad thing because we’ve actually moved most of the troublemaking away from us locally. You want to go back 20 years ago and we’re dealing with Norton Antivirus on everything, and crossing our fingers and praying that something doesn’t sneak into our immediate homes.

We’ve actually been able to, because we’ve gone to cloud, push a lot of that super local personal risk a bit further downstream. So these security issues didn’t magically appear, they were much more, in fact, they were much more terrifying before. And I, oh my god, my Windows PC got hacked and now I have to like completely just throw it on the grill, light it on fire five times, and then reinstall Windows.

Most folks don’t worry about doing that with their laptops, with their phones or whatnot anymore. The scalable risks are completely different, because me getting hacked was one person. Now a cloud website platform application, and then I’m, 10 million people get hacked. But we’re pushing it further away and away and away.

[00:11:24] Nathan Wrigley: Yeah, it’s interesting. I remember in the dawn of computers that I had, I didn’t begin my computer journey right at the very, very beginning. You could walk into a store and walk out with a computer in more or less, every town and village in the country, when I began using them.

But the media, the way that you got things onto the computer was a physical thing. You held the object in your hand. It was either a CD or some kind of media that you could physically hold. And now of course literally nobody is installing anything off a CD. And so I guess the, inexorable rise of the internet, and everything coming down a, well, telephone line, and we’ll get into that in a moment. Putting it in the cloud makes way more sense, doesn’t it? It doesn’t really seem to have so much utility having the antivirus, if you like, on the computer. I know it does, don’t get me wrong. But I can see that the shift to mitigating the risk and detecting the risk and doing something about the problem in the cloud. Obfuscated, abstracted away, so that you never even really know what’s going on is probably the best way forward. So, yeah.

[00:12:25] Robert Jacobi: For 99.9 9, 9 9 9% of people, they’re not going to know or understand that they just want it to work. They don’t want to be robbed from, or in danger online. I always put it, as techy as I appear to be, I am the worst car person on earth. So when I think about internet security and what most people want to know about it, it’s pretty much what I want to know about cars.

I want my car to turn on. Go forward, go backward, get me to where I need to be as safely as possible. I don’t know, or care about anything else that’s going on under the hood. It’s a tool that I use and I want it to work like I expect it to work.

[00:13:04] Nathan Wrigley: Yeah. Given the population at large, it must be, one in a hundred thousand who care about the internals of their machine, probably even less so. Doesn’t matter really what you’re using, be it Mac, Windows, Linux, Chromebook, whatever it is, you just to flip the lid open and you want to just.

[00:13:18] Robert Jacobi: Check my email, log into my social media, buy something, call it a day.

[00:13:23] Nathan Wrigley: But because it’s becoming an increasingly crucial part of our lives. Certainly where I live in the UK, more or less everything has gone online that’s of any use. So shopping has gone online. Appointments for doctors have gone online. Dentists, it’s gone online. Pharmacy appointments, it’s all gone online. Paying your taxes, it’s online.

And so we really do need to protect this stuff. Really need to protect this stuff, because if it’s possible to, I don’t know, inject some problem in that path, we’re not just going to take out the beautiful experience of buying from a shop. We’re going to take out our ability to get fuel into our houses and into our cars and all of that.

[00:13:58] Robert Jacobi: Yeah, if you need that prescription, you don’t want that to go down, so.

[00:14:01] Nathan Wrigley: It’s become almost like, almost like a human right. That seems a bit of a ridiculous thing to say, but on some level, it seems like the internet or access to the internet is almost on that level. It certainly feels like it is as important as other key parts of the country’s infrastructure. So power and gas all of that, and the road network and what have you.

[00:14:20] Robert Jacobi: It is the information utility. So you have your power utilities, you have an information utility. It’s got to be available. In the States we always have our last mile issues, especially for very rural folks, about how connected are they, how fast is it? We always do this to ourselves. We got this great new toy, now let’s see how, great we can make it. Yeah, but if you’re not running at a hundred megabits a second your experience might really not be functional.

[00:14:46] Nathan Wrigley: So we’re going to talk today about something that I confess, I don’t know anywhere near enough of. So, Robert and I have shared an article, and I’ll put the article in the show notes. And essentially this thing that we’re going to talk about is what’s called the OSI model. And the OSI model comprises various different layers.

And basically, dear listener, if you’ve never thought about the gubbins of your computer, you, might just have this fairy tale notion that you open it up and start typing and it just works. I can send an email, of course I can send an email, you just click send and it’s gone and that recipient receives it.

But the breathtaking quantity of things going on in the background disguised from you. Really, honestly, Robert, none of this should work, and yet it does work.

[00:15:36] Robert Jacobi: Which is why I love my car analogy. I have no idea what is going on 99% of the time. I still have a gas car, so I know there’s a larger motor than an electric car. I know gas gets in there and lit on fire and moves pistons around, but really, in the most abstract sense of it. It goes, and that’s what I want it to do.

[00:15:56] Nathan Wrigley: There’s explosions happening all the time, and fuel is being funneled around, and things are turning because they’ve been lubed with oil and all of that. And honestly, your car is nothing compared to the internet. The complexities in the internet, because I know that electric cars have taken over from, or are taking over from gasoline cars, but broadly speaking, the gasoline engine probably hasn’t changed terrifically much in the last a hundred years. Whereas I think the infrastructure comprising the internet, although the OSI model probably hasn’t changed much either.

The things that are coming down the pike, and the things that have happened in the last 20 years, it’s breathtaking. So, dear listener, get out your tinfoil hat as Robert and I attempt and probably butcher what the OSI model is. And if you’ve got the capacity. Perhaps pause this podcast, go to the wptavern.com website, search for this episode and read the article. And the one that Robert came up with, which was a good one, is called What is the OSI model? It Standardizes How Computer Networks Communicate, and it’s on bluecatnetworks.com, but I’ll provide the link.

[00:17:00] Robert Jacobi: The best one I found that had the good pictures to also help. Because visually it’s hard to, you think you have a server, some wires and a browser and it’s like me saying I have an engine, some gas, and a steering wheel. There’s a lot of pieces that go in between all those parts.

[00:17:18] Nathan Wrigley: The amazing thing is this all happens really at the speed of light and. Okay, a perfect example is Robert is literally half a world away from me, and I’m talking to him through a browser, and I imagine that there is the most fractional delay between the words that I’m saying and him hearing it.

It’s probably like a thousandth of a second or something. And yet somehow that sound and that image is getting consumed by my camera. Traveling down a cable. Getting into my computer. The computer’s making decisions about, what the heck am I going to do with this? And then pushing it down a wifi network.

That wifi network is then thinking, where do I put this thing? And then it puts it there. That then decides to shunt it along somewhere else, which shunts it along somewhere else. And eventually it gets to Robert’s computer. Robert’s computer does all of it in reverse. Unpacks it rather than packing it up, and puts it on the screen. And it’s all happening like thousands of times a second, and it shouldn’t work.

[00:18:20] Robert Jacobi: It’s more live than live.

[00:18:22] Nathan Wrigley: Yeah.

[00:18:22] Robert Jacobi: Because not only do we have the video, we have a chat window on the side. It’s all encapsulated. Use some of these acronyms, but, we have our streaming protocol for the actual video and audio. And then we have our standard internet protocols for the content and everything else that’s holding the streaming protocols together.

It’s crazy. Why I’m excited to have this conversation with you is like, I feel, very anecdotally, but people are like, I’m just going to spin up a WordPress site. I’m going to be a WordPress agency. And they just do it. And there’s just all this stuff in the mix that, while it’s great to take for granted, it might help to know just a few of the pieces that are critical in that security portion of infrastructure.

[00:19:05] Nathan Wrigley: Yeah, it feels to me like a bit like you’ve been to a really nice restaurant and you’ve eaten a fabulous meal, and then you realize the 12 hours of labor that went into creating that tiny little sauce on the side or something like that. And you get real appreciation for it. And hopefully something like that will come out of this.

Again, caveat emptor, we’re not going to get everything right. Please feel free to give us a comment when we do get things wrong. But the OSI model is basically, it’s a seven layer stack and I think we’ll start at layer seven, because it sounds easier to describe it from the top down. So seven through one. And I’ll just say what all the layers are.

So they go from the application layer, that’s layer seven. Presentation layer is six. The session layer is five. Four is transport. Three is network. Two is data link. And then the final one is the physical layer. And this point, I completely stand back and say, Robert, tell us a little bit about the top one, and Robert puts his hands on his head, the application layer.

[00:20:06] Robert Jacobi: It’s funny, it’s like the top most layer and the bottom most layer are the, I feel, the easiest to like grok. Let’s use geek terms, to understand.

The application layers is as well as a WordPresser, I can explain. It’s really the top, you’re connecting from the client, your client application, so a browser, email, whatever, with specific protocols.

And what we primarily use is TCP IP, because that’s that magical thing that is able to grab a bunch of information, split it up into a billion pieces, and somehow put it all back together. How are we communicating with other devices is the way I look at that layer. It’s very high level, very abstract, it’s sort of fundamental. It’s like the air we need to breathe to actually get stuff done.

[00:21:00] Nathan Wrigley: It’s the layer, if I’m correct, it’s the layer closest to us, the user. It’s the layer which we can most readily understand, because it’s the layer closest to which we do things. So I think maybe a poor example, or an incorrect example, would be to imagine it’s something like Microsoft Word or something like that. Because it isn’t, the application itself isn’t that layer. It’s more how that interacts with the protocol underneath. So it might be HTTPS or FTP or something like that. But you are writing an email or something like that, and you hit send, and then the application layer gets in the way and says, what do we do with this?

[00:21:38] Robert Jacobi: Bingo. That’s exactly it, so we use all these, and generically they’re just called clients. So whether it’s Word, Microsoft Word, whether it is Safari, whether it’s Chrome, whether it’s Apple Mail. This will only entertain a few people, or Eudora mail. Just taking it back. Those are discreet applications on our devices.

And then the application, to your point, you hit send, you hit go on your browser. And now we’re like going crazy, okay, what do we do? We have a request. A request needs to go somewhere. That’s where the application layer kicks in.

[00:22:11] Nathan Wrigley: So we have this protocol in the application layer, which then makes decisions about what to do. And each of the layers is collapsing into the layer below it. And that layer then takes something that the previous higher layer gave to it and does, some shenanigans with it, and we get something which can then move into the layer below.

[00:22:30] Robert Jacobi: Everyone knows the application layer, because we’ve all typed in HTTPS://. That is literally the application layer request.

[00:22:40] Nathan Wrigley: Okay, so in the case of a browser, it’s the capacity for the browser to send something through HTTP, what have you. And then we get into the presentation layer, which is the layer beneath. And I think, again, I’m just cribbing from this article, if I’ve parsed this correctly, it says that this layer comprises things like translation, encryption, decryption compression. And it turns all of the bits and pieces into machine readable data. So for example, it says it will convert all of the binary ones and zeros into machine readable data. If the devices are using a different communication method, the presentation layer translates that data into something understandable, so that it can be received from layer seven.

And there’s a lot more to it than that. It’s like this layer of converting what came to it, into something else, which can then be moved down the stack into five.

[00:23:34] Robert Jacobi: Bingo, that’s literally exactly it. And it’s something us as humans completely don’t interact with unless you’re the person building out that infrastructure. It’s really just we’re having computers talking to computers at this point. So when you typed in HTTPS WP Tavern, that was your human interaction. Now we’re all like, what is the process? So presentation is making sure that that data moves forward the stack.

[00:23:59] Nathan Wrigley: And my understanding as well is that this is the moment where encryption and decryption occur. And so it’s high up in the stack. That is to say it’s near the layer seven, because you obviously can’t have it encrypted before you do anything with it. It’s high up in the stack so that at this moment, before it’s gone anywhere, it has become encrypted, before it’s passed down the stack and sent down the wires. But also, this is the moment if it’s coming up the stack, towards you so that you can read it in your browser, so that it’s getting decrypted at the last possible moment as well. So the encryption, I guess is at the first possible point on the way out, and the last possible point on the way back in. Have I got that right?

[00:24:40] Robert Jacobi: Yeah, and that’s a great way to look at it is, when we look from the top of the stack to the bottom of the stack, it’s almost in physical proximity to you as the human end user.

[00:24:48] Nathan Wrigley: Yeah.

[00:24:49] Robert Jacobi: Because at first you’re typing in something. Now something’s happening, that encryption is happening locally, because otherwise it wouldn’t be safe. And as we get further down the stack, you are physically further away from what’s going on.

[00:25:02] Nathan Wrigley: Yeah. And the other thing that’s going on here is compression. So you’ve got some giant blob of data that the stack can compress to make it more efficient to fly over the wires, then that will be handled at this layer as well, is my understanding.

[00:25:17] Robert Jacobi: We have compression on the servers as well in the applications layer as well. Don’t forget, you can compress data on the protocol.

[00:25:22] Nathan Wrigley: So that all sounds really remarkable, but also quite humanly understandable, because everything that I’ve said makes perfect sense. And we start from five down. It starts to be really the domain of networking experts, and people who really obsess about computers and understand this stuff. But if you’re just the person using the web and WordPress casually, honestly, it may be that you’ve never come across this stuff, and I found it just breathtaking, to be honest.

So layer five, is called the session layer, and it is literally that. It’s managing sessions, so it’s figuring out who’s connected to who. How that communication should begin. How it should end. When it’s decided that, okay, that connection should be destroyed. We’re not using that anymore, but okay, now we’ve got something else that we need to do. And it figures out, yeah, sessions basically, which I guess is the easiest way to describe it.

[00:26:15] Robert Jacobi: Everyone knows what a session is. It’s me being connected, and my information being managed for me, so that when I log in, Nathan doesn’t get all my information.

[00:26:24] Nathan Wrigley: And also, an understanding here is that usernames and passwords, so authentication is happening at this layer as well. And again, that kind of makes sense. So you would have to authenticate before the decryption happens in the layer above and vice versa. But yeah, this is opening up connections between, in this case, you and I are chatting in a browser, so we’re occupying one session, and then there are million, literally millions of packets of data just flying around over the internet via who knows what route. They’re all going in completely different routes.

[00:26:57] Robert Jacobi: Some of these packets can literally be going through Australia or South Africa or Brazil, and back and forth and they, catch up.

[00:27:05] Nathan Wrigley: Incredible, isn’t it? Literally. It’s like, I don’t know. Imagine getting a handful of rice and chucking it all down on the floor, but it assembles itself into a tower. It just lands and it just assembles itself. That’s basically what we are dealing with.

[00:27:19] Robert Jacobi: That’s a good one. Yeah, like I have my own rice tower at home. I throw it on the ground. It gets shipped by FedEx to you, but when you open up the box, it reassembles itself.

[00:27:28] Nathan Wrigley: Just in perfect condition, yeah. So the next layer four, is the transport layer. And this is the bit which actually I guess begins the process of sending my stuff to you, and your stuff to me. And typically the protocols for that are something called UDP, which is User Datagram Protocol or TCP Transmission Control Protocol.

And my understanding, which is very basic, is that UDP differs from TCP in that UDP can be more of a stream of data, because it doesn’t require everything to come through perfectly to say, yeah, that’s now finished. So a perfect example would be us talking to each other, streaming. If bits get lost along the way, it doesn’t want to say, right end the call.

We haven’t got one bit. We need to just stop. Until that bit has been found, it just keeps going and just disregards the missing bits. Whereas TCP, this is just incredible. This is the rice tower, isn’t it?

[00:28:28] Robert Jacobi: TCP is the rice tower, exactly.

[00:28:30] Nathan Wrigley: It requires every single piece to be sent. Acknowledged. Counted out. Counted in at the destination, and for the both ends of the connection to be saying, did you get that bit? Yeah, I got that bit. What about this bit? Did you get that bit? Yeah, I got that bit. 23, did you get 23? No, 23 has gone. Where, where’s 23? Oh, I’ll send 23 again. Here it is. A million times a second for this conversation that we’re having. Well, it’s probably not a million times a second, but you know what I mean.

And I’ve summed that up very badly, but these packets of data that are flying around. They egress my computer. They go through 7, 6, 5, now we’re in 4, and they’ve got to go through further layers. But they’re not just going in a straight pipe, like a hose pipe from your faucet, spraying the garden. These are just going anywhere they choose. So one packet, like you said, might go via Australia, one might go through South Africa, and then somehow they just reassemble themselves magically at the other end.

[00:29:26] Robert Jacobi: Routers, because that’s what those do. Obviously that’s a physical component further down the pipe. They’re saying, this is the order of information. I’m going to just spew out, and everyone else needs to figure out how to put it back together, one piece. It’s crazy.

[00:29:38] Nathan Wrigley: Yeah, it is crazy. My understanding is that back in the day, when the internet was conceptualized, I think it was possibly something like Darpanet, or something like that, but it was a, I think it was a military endeavor, the enterprise was something along the lines of, we need a communication system which if various nodes are taken out, let’s say, I don’t know, bombed out of existence, or just the power is cut, the system is intelligent enough to just work round the problem, and figure, okay, we can’t go there anymore, let’s just go a different way. And that is what we now have.

[00:30:12] Robert Jacobi: It’s all about redundancy. I’m going to take just a slight tangent on federated social media. Any kind of federated application. Those exist in a lot of ways to ensure redundancy. I’m going to go way, way back, to where most of the audience probably wasn’t born. So we had these things called modems, and they would be attached to a phone, and you would run something called a bulletin board system. Those were single points of failure.

So you actually saw groups of independent bulletin board system providers create these distributed federated networks. So if you sent an email to a specific person, at a specific BBS, if that phone line was busy, it could go to another one that would take it, and keep pushing it along until you actually got it to the right place. This idea of distributed and federated systems is really what makes the internet functional because we take care of failure points. We ignore them and just work around them.

[00:31:17] Nathan Wrigley: And obviously we know that works as well because parts of every country’s infrastructure are breaking all the time. One router somewhere will just go down, even if it’s a crucial router, it doesn’t in the end stop the system. It probably creates bottlenecks in various places.

[00:31:31] Robert Jacobi: Slow it down.

[00:31:32] Nathan Wrigley: Slow the egress of traffic around, yeah. But in layer four we’re dealing with the ports that things fire out of as well. And then when we get down to layer three, that’s when the actual data is divided up into little packets and little segments. So data four and data three, honestly, to some extent they feel very similar in my head at least anyway.

But layer three is using things like IP addressing, to decide where this packet’s going to go. And I think wraps the packets up in the IP address, if you like. It’s almost like wrapping up a Christmas present and as it travels down the stack, by the time it gets to layer three, it’s being told, this is not what it’s being told, but this encapsulates it. This is a gift for Robert Jacobi. You must find Robert Jacobi.

Then it reads that, and then finally, it’ll rip off the wrapping and finally give you the gift at the end as it goes back up the stack. So, there’s not a lot to say on layer three, I don’t think, other than it’s using things like IP v4 and IP v6 to make decisions about how it’s going to be spread around. Have I got that about right? Do you think?

[00:32:35] Robert Jacobi: That works for me. I think that’s enough information for most folks. Again, we’re trying to give a taste of how complex security is, for what we do day to day. But also how we can apply it to how WordPress understands it.

[00:32:48] Nathan Wrigley: And then we’ve got the two layers where, the data link layer and the physical layer. The data link layer is handling the data transferred. So the actual data moving around. So it’s getting pushed around on the same network is my understanding for layer two. So that’s when you are, for example, in the same office building. I think layer two is just for that. I could be wrong.

[00:33:11] Robert Jacobi: It’s getting to your router and then your router will start moving stuff around. Cause don’t forget, your router is on your network as well as any other computer in that closed. So, our 192’s. Our internal network, so that’s the closest on the networking side, that hardware side, because as soon as it hits our router it goes to the cable, or whoever you’re using, outside of your office, home, your LAN.

[00:33:35] Nathan Wrigley: And then the final layer, the physical layer is the cables, the actual infrastructure out there in the world outside of your house, basically. Or your office building. Well, maybe there’s some of it in the office building as well, but the majority of it, the miles and miles of things are all in the physical layer. And it says here on the bit that I’m reading. Finally, this layer encompasses the equipment that carries data across the network, such as fiber network switches, and so on.

And so finally, our packets of data that we started off at the beginning, writing the email to Robert Jacobi. Finally, that packet has made it out. It’s escaped into the wild, and is now just rattling around on the internet desperately being told, very quickly, where to go. And then hopefully it’ll arrive. Travel to Robert’s computer. Travel in the reverse direction of the stack, and he’ll get a nice email from me with cat pictures in it.

[00:34:27] Robert Jacobi: Why is it always cat pictures?

[00:34:29] Nathan Wrigley: Why not? Okay, so all of that shenanigans is happening, and honestly, I feel a, it’s very difficult if you’re inexperienced like me, to get the words out in the correct order so that I have demonstrated that I understand it. Because I do on a very, very slight level.

And I know that entire careers, very, very, well paid careers can be built upon really understanding what we’ve just spoken about. But in there, I presume, is the capacity for threats, and the capacity for things to go wrong, and the capacity in all of these layers for people to inject things which shouldn’t be there. For clever people to figure out ways to disrupt that information. To take that information. To delete that information. To rewrite that information. And is that essentially what your company does? Prevent those things?

[00:35:18] Robert Jacobi: So when I look at it from a CMS stack, and again, let’s focus on WordPress. My mental model that is slightly different. I’ll use, I think what most of us feel like is WordPress infrastructure. I know, the really smart folks are going to yell at me for this. You have a server somewhere. It has an operating system, it has PHP, MySQL, it has WordPress, and then whatever else is in front of it.

So there’s a whole stack and layer on layers of communication that go from when I hit my browser and type in WP Tavern and hit go. And let’s move away from all the really highly technical networking protocol issues.

At some point, it’s going to make a request to a hosting company that needs to be able to say, oh, yes, let’s give them the WP Tavern homepage. In that process there are caching services, firewall products, local security on the networking side of that hosting company. What I feel personally, but also which is what makes products like Black Walls critical is, detect and defend as far away from the website as possible.

So if there are a million bots coming at you, get them before they even hit the hosting company’s infrastructure. Some will always sneak through because it’s a battle that’s just never ending and, you’re going to keep learning and fighting and learning and fighting. Mitigate the risks as close to the bad actor, and as far away from the site as possible. So, mitigate, mitigate, mitigate, mitigate, mitigate. And there are tools and solutions up and down that entire stack.

So you’re going to have stuff way before you hit the hosting company. You’re going to have some solutions closer to the hosting company. You’re going to have solutions directly on WordPress. There are security plugins that are running on your install of your site. Those are great. I personally feel that you don’t want to even get that close if you’re a bad actor. Mitigate that problem as quickly, as soon as possible.

And even solutions that work at the operating system level, or at least the language level. There are products out there that are constantly monitoring, looking for and mitigating PHP corruption. So, you really don’t want to let everyone have access all the way down to that level, because then you’re already, you will have problems, how to put it nicely. We don’t say bad words on the show.

[00:37:53] Nathan Wrigley: So do you sell your product into the WordPress space? So, you know, to freelancers, agencies, or are you more at the hosting level, or is it even more like infrastructure level? So at the router level. So in our case, this sort of physical layer that we were talking about. Is that the kind of place where your products go? I honestly don’t know where your product sits in all of that.

[00:38:16] Robert Jacobi: So, if you look at it from a hardware perspective, there’s going to be the end user is going to make request. It’s going to get routed somewhere. We sit between where it’s getting routed and the hosting company. So our goal is to prevent the hosting company from wasting physical resources. Now we need to amp up our service because there’s so much traffic coming in.

Now we need to amp up our customer support because more stuff is happening with our virtual machines or hosted infrastructure. So that’s our place in the universe. Get the bad guys before they get to the critical infrastructure.

[00:38:51] Nathan Wrigley: And another question, forgive my ignorance. Is Black Wall’s solution, is it software? Is it code that sits on an operating system? Or maybe you even have hardware that sits in the way of things, the packets have to transfer through your hardware and be inspected in a way, like a router might get in the way of those things.

[00:39:10] Robert Jacobi: Our secret sauce is that we are software that emulates the hardware that used to be required. So there are hardware companies buy this kind of routing and prevention, traffic mitigation. And we do it on the software side so that you as an agency or MSP, if you’re running a bunch of virtual machines, you can deploy this on your own. Certainly as a hosting company, you can deploy this across your entire enterprise.

[00:39:36] Nathan Wrigley: So you are dealing with very technical, the people that purchase from you they’re not me, for example. They are very technical. They’re in the data centers. The sort of technical end of the hosting companies. They understand what I’ve just butchered during this episode.

It’s not like a freelancer market. You will not be selling Black Wall as a plugin. You are dealing with, directly with hosting companies and the tech side of those hosting companies.

[00:40:01] Robert Jacobi: There’s a wonderful German word called Jein. So yes and no.

[00:40:04] Nathan Wrigley: Oh, that is a good word.

[00:40:05] Robert Jacobi: For all the Germans listening. You still want to be able to control a lot of times exactly what kind of traffic comes in. You might want to get scraped by AI bots more than someone else does. Or you might want to turn off all scraping if you’re an e-commerce store and you’re worried about people taking your pricing and not allowing you to sell at your level.

We’ve had, and are currently reworking our entire WordPress plugin, to enable that end user control of that infrastructure. So it’s not running on your WordPress install, which is great because it’s not taking up resources, filling up your hard drive. But you can control, as an end user, the granularity of the traffic that’s able to access your site.

[00:40:45] Nathan Wrigley: Oh, so you have a plugin, so you are reading what the hosting company is doing. You can view it through a GUI on your WordPress website, but you are not actually, it’s nothing to do with your WordPress install. You’re getting the data from your hosting company, and that is another layer away from you. Okay. That’s interesting. I didn’t realise that.

[00:41:04] Robert Jacobi: Yes, it empowers all these website owners, agencies, MSPs, to fine tune, for lack of a better term.

[00:41:10] Nathan Wrigley: Yeah. And then do you offer a sort of GUI for data breakdown, tables, graphs, charts, and ways to block things that you imagine are suspicious, and alerting and things like that?

[00:41:20] Robert Jacobi: Yep, as well as defaults for all sorts of things of course, just to make life easier for folks. You can go and visit our site and get some initial monitoring for your site for free. We enjoy having that as part of just an offering of the reporting and monitoring, you can see it. My traffic has been great, and then all of a sudden you look and it’s oh wait, it’s just been Chat GPT.

[00:41:40] Nathan Wrigley: Sad realization that the million visitors that seemed to be going to your excellent article were in fact Chat GPT.

[00:41:47] Robert Jacobi: Bots stealing that information.

[00:41:49] Nathan Wrigley: Sadly, time has got the better of us. We’re at the time where Robert has to walk away. I know he’s got a hard stop. Firstly, my apologies, dear listener for utterly butchering the OSI model. I’m sure there’s a lot of geeks out there who were just throwing things.

[00:42:01] Robert Jacobi: They’re going to kill, but my hope is everyone looks it up, a lazy Sunday afternoon understanding.

[00:42:06] Nathan Wrigley: Exactly. And that, really was my capacity to understand it. Doesn’t matter how much more I read it, I will be able to get no more out of it. But an important conversation, and one that we’ve never had before. We never get into the weeds of all of that. It’s always WordPress all the way down.

And this is what’s happening before, WordPress gets to put the bits and your screen. So really important and hopefully, like Robert said, it will encourage people to go and have a little look.

Robert Jacobi, thank you so much for chatting to me today, and good luck with the new rebranding of BotGuard into Black Wall. I hope that goes well too. Thank you so much.

[00:42:39] Robert Jacobi: Thank you Nathan.

On the podcast today we have Robert Jacobi.

Robert has a long-standing history with the tech and CMS industry, having worked in senior positions at Joomla, Cloudways, Perfect Dashboard, and more. He’s now the Chief Experience Officer at Black Wall, a company formerly known as BotGuard.

Robert talks with me today about the transition from proprietary systems to open source, and the seven-layer OSI model that underpins the internet. Drawing from his experiences in tech, Robert and I try, and perhaps fail, to break down the complexities of how website traffic is routed over the internet. This is done to try to understand how Black Wall can position itself to mitigate risks before they reach hosting companies infrastructure.

We also discuss the evolution of bot traffic on the web, where upwards of 10% of internet traffic is identified as malicious. This kind of insight is particularly important for those interested in the security aspect of web hosting and website management.

We also get into Black Wall’s rebranding journey, and its continued dedication to the WordPress community by participating in events like WordCamp Asia and Europe.

If you’ve ever wondered about the unseen layers of internet security and infrastructure, or the strategic moves involved in rebranding a tech company, this episode is for you.

Useful links

Black Wall (formerly BotGuard)

Joomla

Cloudways

Digital Ocean

What is the OSI model? It standardizes how computer networks communicate

by Nathan Wrigley at March 18, 2025 02:00 PM under security

Do The Woo Community: The Challenges and Wins of Creating a Suite of WordPress Plugins with Steve Burge

In this episode host Mark Westguard chats with Steve Burge, founder of PublishPress, discussing their journeys, the evolution of WordPress plugins, and strategies for business growth.

by BobWP at March 18, 2025 09:26 AM under SaaS

Gutenberg Times: Source of Truth (WordPress 6.8)

Ahead of WordPress 6.8 Beta release and in absence of Anne McCarthy, we publish the Source of Truth a second time on the Gutenberg Times.

With me, I mean all the collaborators on this post: Krupal Lakhia, Justin Tadlock, Jonathan Bossenger, and JuanMa Garrido.

Changelog

Any changes will be cataloged here as the release goes on.

The post will be updated around RC 1 release (March 25) . If you find missing features, please ping me on WPSlack or DM on Bluesky (@gutenbertimes.com)

Important note/guidelines

Please do not copy and paste what is in this post since this will be shared with many people. This should be used to inspire your own content and to ensure that you have the best information about this release. If you do copy and paste, keep in mind that others might do the same, opening the door for some awkwardness around duplicated content out on the web. 

  • Each item has been tagged using best guesses with different high level labels so that you can more readily see at a glance who is likely to be most impacted.
  • Each item has a high-level description, visuals (if relevant), and key resources if you would like to learn more.

Overview 

WordPress 6.8 is set to be released on April 15th, 2025. This release continues refining foundational features introduced in previous versions, focusing on improving data views, query loops, and block interactions. It introduces a more streamlined design experience with a Zoom Out editing approach, expanded style controls, and enhanced typography options. API developments, including the Block Hooks and Interactivity API, aim to enhance extensibility, while speculative loading integration and performance optimizations seek to improve site speed. Accessibility improvements and ongoing support for PHP 8.x ensure WordPress remains user-friendly and forward-compatible.

Of note, this release includes Gutenberg 19.4 – 20.4.

6.8 assets: 

In this Google Drive folder you can view all assets in this document 

Tags

To make this document easier to navigate based on specific audiences, the following tags are used liberally: 

[end user]: end user focus. 

[theme author]: block or classic theme author. 

[plugin author]: plugin author, whether block or otherwise.

[developer]: catch-all term for more technical folks. 

[site admin]: this includes a “builder” type. 

[enterprise]: specific items that would be of interest to or particularly impact enterprise-level folks

If no tags are listed, it’s because the impact is broad enough to impact everyone equally. 

Priority items for 6.8

Global Styles available on the main site editor sidebar

[theme author] [site admin]

The Site Editor sidebar is getting increasingly powerful, serving as the entry point to manage all things on your site. Until this version, the Styles panel offered limited style settings, focusing on style variations, color palettes, and typographies. WordPress 6.8 changes this by introducing a full-fledged Global Styles panel in its place, giving users site-wide granular control of styles at the top level.

Site editor sidebar with more design tools

Swifter hiding and showing the template

[theme author][site admin]

Switching between editing your site templates and content pages should be as smooth and seamless as possible; sometimes, you need to focus on the post content and hide the rest of the template. This was previously possible in the post settings, but now it is much easier thanks to the Show template toggle directly on the preview dropdown in the top toolbar.

Style Book

[theme author][site admin]

The Style Book provides a comprehensive overview of your site’s colors, typography, and block styles in an organized layout. Each block example and style group is labeled, making it easy to preview and understand your theme’s current design settings.  

Think of it as if your theme threw a party, and all the design elements showed up wearing name tags. 😀

Ramon Dodd, release lead of Gutenberg 19.9 

The Style Book can be accessed in two ways. The first option is via the Styles menu item in the left sidebar. The second option is available when editing theme elements via the right Styles sidebar. This was already available in WordPress 6.7. 

With WordPress 6.8, opening the Style Book from the left sidebar Styles menu shows subsets of blocks and makes them available for site wide editing. 

When you click on Typography you can preview all text-related blocks, and adjust options and settings. You can preview and modify specific blocks via the Blocks option. 

The Style Book also received some performance improvements to ensure a more fluid user experience. 

  • Give the Style Book its own route so it can be linked to directly (67811).
  • Scroll to top at the styles root (67605).
  • Try splitting the Style Book into sections (68071).

For classic themes that support the Style Book, site patterns have been relocated to Appearance > Design > Patterns, consolidating all design-related functionality from the Site Editor into one place. Previously, patterns were listed under Appearance > Patterns.

Support is available for classic themes that either support editor styles via add_theme_support( ‘editor-styles’ ) or have a theme.json file (66851).

Zoom Out View

[theme author][site admin][end user]

In Zoom Out view, users can now apply different section styles and designs directly from the toolbar, cycling through them and inspecting them in the context of the rest of the page. This enhancement streamlines the decision-making and production process (67140). 

change design in block toolbar

The Block options on the block toolbar only lists Copy, Cut, Duplicate, and Delete for sections in Zoom Out view (67279).

Zoom out view with only four choices in toolbar options dropdown.

In addition to the added Zoom Out icon in the toolbar, users can also invoke Zoom Out view via the Keyboard shortcut Shift command + 0 on a Mac and Shift + Ctrl + 0 on Windows (66400). The shortcut has also been added to the Keyboard shortcuts list. 

keyboard shortcuts

Design Tools

[end user][theme author] [site admin]

Design Tools offers increasingly refined tools for visual customization. When it comes to border and spacing support, the block editor itself provides granular controls within individual blocks, allowing users to define border widths, styles, colors, and radii, as well as precise padding and margin adjustments. These controls facilitate the creation of visually distinct elements and well-structured layouts. The work for WordPress 6.6 and 6.7 was continued for WordPress 6.8 to provide all design tools to all blocks, where possible. 

In this release, the following blocks received border support

  • Comments (66354),
  • Comments Link (68450),
  • Comments Count (68223),
  • Latest Posts (66353),
  • Page List, also received color and spacing support (66385),
  • Content, also spacing support (66366),
  • RSS, also spacing support (66411),
  • Archives, also color support (63400), (68685), and
  • Query Total (68323)

Beyond those, the Category block supports color options as well (68686).

For the Post Content block, the color support via the sidebar Design Tools has been brought up to feature parity with the options available via theme.json. Now users and designers can adjust colors for all heading levels in addition to text, background, and link (67783).

post content block not has additional text color options.

Another user experience improvement can be found in the list of fonts: Each font family is now previewed in the font picker dropdown and gives users a better indication as to what the font will look like (67118).

preview of fonts in drop down

The Roster of design tools per block (WordPress 6.8 edition) gives you a complete overview of the available Design Tools per core block. 

Updated Core Blocks 

Buttons 

[theme author][developer]

WordPress 6.8 adds a small piece of code (`box-sizing: border-box;`) to the styling of buttons. Imagine you’re putting a picture in a frame. You want the picture to fit nicely within the frame’s borders. That’s what `box-sizing: border-box;` does for buttons (and other elements) on a website. It tells the browser to include the border and padding of an element in its total width and height (65716)

Cover Block

[theme author][site admin][end user]

Images used as backgrounds in Cover blocks now come with resolution controls so that you can change their sizes. This works with both an uploaded background image or the already assigned featured image. This adds to the more granular control for designers and theme developers. (#67273), (62926).

Details block

[theme author][site admin][developer][end user]

In WordPress 6.8 the Details block is now more flexible to use and has received some quality-of-life updates: 

The addition of the name attributes field in the Advanced panel of the block’s settings. This allows a group of Details blocks to be connected and styled if needed.  (56971

Details block name attributes in editor shows FAQ name attribute in front end

The summary content is used as the label in the List View which makes it quicker to identify the block and allows for easier reorganizing of content (67217). 

Shows Details block summary in List View

The Details block also receives anchor support via the Advanced panel, allowing users to create anchor links to specific Details blocks. 

With the help of the allowedBlocks attributes, developers can now control what blocks content creators can use in a Details block. (68489). 

File block

[end user][site admin]

Allow content-only editing, which gives users the ability to update the filename text and download button text (65787).

[end user][site admin]

Each image in a Gallery block shows multiple options on how a link should behave and how a visitor to the site can interact with the images. For WordPress 6.8 contributors added Expand to click to the Gallery’s toolbar to open all images in a light box effect, with one click. The option is available from the Link toolbar button (64014). 

Gallery block now with Expand on click link option.

Image Blocks and handling

[end user][site admin]

The outcome of the Image manipulation methods are now better communicated in the block editor. The success notices are displayed at the bottom of the editor. The notices also come with a handy Undo link to revert to the original if necessary (67314, 67312).

shows notification of image manipulation sucesses.

[theme author][site admin][end user]

Featured images offer a nice touch in external previews, making them more attractive to potential readers. However, it can be easy to forget to set one! To help set featured images more easily, Image blocks now offer a dropdown action to directly set them as the featured image of the post or page containing the block (65896).

Displays bock toolbar option dropdown with Set featured image

Another WordPress 6.8 update also changes how the Image block handles those cool overlay styles aka filters (like a semi-transparent color wash) designers might add on top of images. It’s making the way these styles are applied more efficient and reliable. Details on CSS changes can be found in the PR (67788). 

[end user][site admin][theme author]

The theme of polish also continues for the Navigation Block. Menu names are now displayed in the List View for easier orientation and, for faster design considerations, a Clear option was added to the color picker(68446)(68454). 

These updates enabled non-interactive formats for the block, and users can now use the choices from the dropdown menu in the block’s tools bar, like Highlight, Strikethrough, or Inline image (67585). 

Query Loop Block

[site admin][theme author][end user]

The Query Loop block received an additional filtering option named Formats, making it possible to create templates or post lists for the various post formats available in WordPress: Image, Video, Aside, Link, Standard, and Gallery. Caveat: the used Theme needs to register support for post formats (66037)

For Pages, content creators will find two additional sorting options: Ascending by order and Descending by order, which allows for a display following the page attribute page_order (68781). 

Video: https://videopress.com/v/CN22ETfh

Looking to replace your Query Loop block’s design? The Query Loop block patterns have been relocated from a modal to a dropdown. It’s still in the block toolbar, now under Change design (66993).

new dropdown for query loop designs patterns

The Query Loop block now has a new option to ignore sticky posts. When selected, the Query Loop block ignores whether a post has the sticky option enabled. When used, all posts show based on the ORDER BY preferences selected without taking the sticky status into account. (66221) (69057)

query loop now has ignore sticky post option.

Introducing the Query Total block

[theme author][site admin][end user]

You know how many results are in your queries, but do your site’s readers? The new Query Total block is here to help.When added to a Query Loop block, the Query Total block displays the number of results the query has returned, or, alternatively, the current range in a set of paginated results. Out of the box, the new block shows its border controls (68150)(68323) (68507).

Query Total block

Separator Block

[theme author][developer][site admin]

Now designers and creators can choose between a <div> or <hr> tag, opening up more styling possibilities for this block. The setting to switch can be found under Advanced > HTML Element. The transformation option now also includes the Spacer block. (67530) (66230)

div tag with Separtor block

Social Icons block updates

[end user][site admin]

The social icons block shipped with the option to add a Discord icon, received a Clear button to reset color options, and received contentOnly support. To add a URL to the icons, you now only need to press the arrow key once. This certainly streamlines the content creation process. (64883) (68564) (66622)

Social icons includes Discord icon now.

Editor improvements 

[end user][site admin][theme author]

The Editor screens received a few helpful improvements in WordPress 6.8. 

Reset 

Reset colors for blocks and global styles in the editor with a single click thanks to the inline reset button added to all color controls (#67116). The Shadow panel and the Duotone settings also received a very handy reset button. Instead of the need to remove settings one at a time, designers can quickly start over. (66722) (68981)

Cut

The Block Options menu now also lists a Cut action together with the Copy action in the dropdown menu. (68554)

Cut option now in block toolbar options  dropdown

New Commands

Two new commands were added to the Command Palette in the Site editor: 

  • The Add new page command creates a new page from anywhere in the site editor and speeds up the content creation process (65476). 
  • The Open Site Editor command offers a one click navigation to the site editor, from the page or post editor screens accessed via the WP-Admin menu (66722).

Starter Content

With WordPress 6.8, a new pattern category is available, called Starter Content. It lists the page layouts that are otherwise available via the New Page modal. If a user has disabled the starter content  pop-up when creating new pages, this category surfaces the page layouts, should they be needed. (66819) The Inserter now also always shows all the available patterns in a list. (65611).

Patterns in folders

[theme author][site admin] [developer]

With WordPress 6.8 developer can now use sub-folders to organize patterns for their themes. For example, all header patterns are added to the “header” folder, all footer patterns into the “footer” folder, testimonials patterns into the “testimonials” folder, and so on. (62378)

Data Views updates 

This release also contains quite a few Data Views improvements:

A user can modify the amount of whitespace that is displayed per row on three levels: comfortable, balanced, and compact.  (67170)  

You can now set your site’s homepage from the Site Editor via the page’s actions menu (#65426). This is the equivalent of updating the Reading Settings in Settings > Reading. Under Pages in the editor, find the page you’d like to set as your homepage, click on the action menu, and select Set as homepage.

All delete actions now show a Confirm to delete modal, to safeguard against accidental removal of templates, patterns, or pages. (67824)

Here is a list of PRs with more Data View changes: 

  • Add: Media field changing UI to Data views and content preview field to posts and pages. (67278)
  • Add combined fields support. (65399)
  • DataViews Fields API: Default getValueFromId supports nested objects. (66890)
  • DataViews list layout: Hide actions menu when there is only one action and is primary. (67015)
  • DataViews table layout: Hide actions menu when there is only one action and is primary. (67020)
  • DataViews: Expand configuration dropdown on mobile. (67715)
  • DataViews configuration dropdown: Remove style overrides. (65373)
  • Update “hidden” icon to be clearer, and invert logic as used in DataViews. (65914)

API iterations

[developer][plugin author][enterprise]

Interactivity API

The Interactivity API in WordPress 6.8 introduces an improved wp-each directive, making it more flexible and reliable. Previously, it could only loop through arrays or objects with a .map method. Now, it supports any iterable value, including strings, arrays, maps, sets, and generator functions. Additionally, it can handle undefined or null values by subscribing to changes and updating automatically when the value becomes iterable.(67798)

Block Hooks API 

In WordPress 6.8, work continues on improvements to the Block Hooks API.

The Block Hooks API now supports dynamically inserting blocks into post content. (67272) A typical example would be a plugin that provides blocks that can be used in posts and that would like to provide extensibility for those blocks. The Block Hooks API will now also work with Synced Patterns. (68058)

Security enhancements

Various security-related enhancements made it into WordPress 6.8, the most significant of which is the switch to using bcrypt for password hashing. This includes improvements to the algorithm that’s used for storing application passwords and security keys. The dedicated post WordPress 6.8 will use bcrypt for password hashing covers these changes in detail. You will find a list of all security updates in 6.8 on WordPress Core Trac.

Support for Speculative Loading

Building upon the success of the Speculative Loading plugin, which has over 40,000 active installations, WordPress 6.8 integrates speculative loading into core. This feature utilizes the Speculation Rules API to prefetch URLs dynamically based on user interaction, aiming to improve performance metrics like Largest Contentful Paint (LCP). The current proposal has a default configuration employing conservative prefetching to ensure safety and compatibility, but feedback is requested on this. Developers have access to filters for customization, allowing adjustments to the speculative loading behavior as needed (#62503). Details are laid out in the Speculative Loading in 6.8 Dev Note.

Additional Performance improvements

For the WordPress 6.8 release, several key performance improvements have been implemented in the block editor and collectively contribute to a more responsive and efficient editing experience.

  • To address performance issues in the site editor when handling navigation blocks with multiple submenu. The isBlockVisibleInTheInserter selector was improved to prevent unnecessary computations, resulting in a more efficient block editor experience (#68898).
  • This release also introduces the withSyncEvent action wrapper utility to streamline event handling, reducing potential performance bottlenecks (#68097). A Dev Note is in the works. 

Accessibility improvements

WordPress 6.8 includes 26 accessibility improvements. A Dev Note with more details will be in the Field Guide around the Release candidate release on March 25. 

by Birgit Pauli-Haack at March 18, 2025 09:16 AM under Updates

Do The Woo Community: My Content Journey Leading to Content Sparks

BobWP reflects on their journey with audio and content creation, from childhood fascination with radios to launching the podcast, Do the Woo. They now introduce a new show, Content Sparks, exploring diverse content topics.

by BobWP at March 18, 2025 08:51 AM under video

March 17, 2025

Do The Woo Community: Inside the World of Composable CMS: A Deep Dive with Tom Cranstoun from AEM

This show is sponsored by… Avalara: providing cloud-based and scalable global tax compliance that is hassle-free, safe and secure plus topped off with enterprise-class security. In this episode of Scaling Enterprise, WP and OSS, join Brad Williams, Tom Willmot, and Karim Marucchi as they dive into the world of enterprise content management system. Special guest […]

by BobWP at March 17, 2025 02:20 PM under Enterprise

Do The Woo Community: Bridging Innovation and Community with Jessica Lyschik and Jakob Trost at the CloudFest Hackathon

In this episode of Open Web Conversations, Adam Weeks discusses the CloudFest Hackathon with Greyd's Jessica Lyschik and Jakob Trost, exploring innovations, community contributions, and enhancing WordPress.

by BobWP at March 17, 2025 12:17 PM under Hackathon

Do The Woo Community: Staying on Top of Things, A Packed RSS Reader

I have a strong appreciation for RSS, highlighting its simplicity, effectiveness in managing content, and preference over cluttered inboxes and social media.

by BobWP at March 17, 2025 10:39 AM under RSS

March 16, 2025

Do The Woo Community: CloudFest Hackathon. Behind CMS Freedom with Patricia BT and Dennis Snell

Patricia and Dennis discuss their CMS Freedom project at the CloudFest Hackathon, aiming to simplify system transitions and preserve online content. They emphasize teamwork, learning, and the value of contributions beyond coding.

by BobWP at March 16, 2025 01:20 PM under Hackathon

March 15, 2025

Matt: Dalio & Benioff in Singapore

With the world changing so quickly, it’s hard to find alpha, but the best way is by following the brightest thinkers. This CNBC interview with Ray Dalio and Marc Benioff is good, but it’s way better if you go to the livestream about 25 minutes in and see the full discussion without the editing. You hear what these great thinkers actually think, rather than what an editor thought you’d enjoy. A little bit of friction gets you a lot more information.

by Matt at March 15, 2025 08:46 PM under Asides

Gutenberg Times: WordPress 6.8 Dev Notes, WP:25, new Blocks and sites — Weekend Edition 321

Hi,

This week I will feel a lot of FOMO as I had a chance to attend CloudFest but had to bow out at the last minute, to give my busted knee a rest. My doctor is convinced that I had overdone the walking in Manila and WordCamp Asia. So going to an amusement part and another trade show, would not be wise. Unfortunately, there are no live-streams to participate remotely. 🤷🏼‍♀️

Meanwhile, I have been testing WordPress 6.8 and although there are no new ones, the updates to existing features are amazing and make content creation so much easier. Next week on Tuesday, in time of Beta 3 release, I’ll publish the Source of Truth, while Anne McCarthy is on sabbatical. The release team started to release Dev Notes already. You’ll find the list below.

This week, I have many updates again in this edition. Enjoy!

Yours, 💕
Birgit

Tom Willmot, CEO of Human Made posted the WP:25 Recap: The Future of WordPress with links to the recorded session. WP:25 was a virtual conference, hosted by Human Made with some awesome speakers and panels. I wanted to highlight two of them:

Tammie Lister speaking on The power of FSE, in which she took the audience “through the incredible transformation Full Site Editing is bringing to WordPress. Tammie made it clear: FSE isn’t just another feature—it’s a fundamental shift in how teams build and manage content.”

Mary Hubbard, executive director of WordPress, and Noel Tock chat about what’s next for the world’s favorite CMS in the coming year. WordPress in 2025. “AI is reshaping the way we interact with content, and WordPress is embracing AI in every way, any way that can enhance it, without replacing the human creativity aspect. So I think this right now, we’re at a pivotal point, not just for what it means for open source, but actually, what it means for the project itself.” – Mary Hubbard.

You’ll find the other WP:25 sessions on this YouTube Playlist

Developing Gutenberg and WordPress

WordPress 6.8 release cycle is progressing as schedule to Beta 3 next week. WordPress 6.8 Beta 2 was released this week.

And a reminder to Help Test WordPress 6.8 to figure out if all features work as supposed to and report bugs. The instructions provided Krupa Nanda are excellent to get a head start on many things updates in WordPress 6.8

The first Dev Notes are now available on the Make Core blog:

Plugins, Themes, and Tools for #nocode site builders and owners

In his latest post, How to disable and lock Gutenberg blocks, Bud Kraus takes you on a deep dive into content governance topic and how to provide guardrails to authors and enforce editorial guidelines for your site. It’s comprehensive coverage of the topic and includes explanation on how UI tools work as well as enforcing block locking with PHP and via theme.json.


ICYMI, After a longer beta period, GenerateBlocks 2.0 was released Mid-February with the aim of providing “fundamental changes to GenerateBlocks with a streamlined and robust system to make building fast and effective sites easier” Kathy Zant wrote in the announcement post Introducing GenerateBlocks 2.0: A New Era for High Performance Websites . The post also provides a migration path from version 1 to version 2 and outlines many changes for the plugin.


Diane and Yann Collet created a great resource at WP Gallery featuring beautiful websites designed with the Gutenberg Block Editor. It’s a fantastic place for inspiration.

Twentig also a creation of Diane and Yann Collet, was also updated last month. The plugin is a toolkit designer working on Block Themes and has over 25,000 users. It provides Starter content, more Gutenberg Blocks and hundreds of patterns. You can browse the changelog of the latest version on the Twentig website.


Bhargav (Bunty) Bhandari posted on X (former twitter) about his work on a new block to add LinkedIn-like work experience information to a site. With it, you can showcase professional experience, with option to add a title, company name, description. The plugin is on its way to the WordPress plugin repository, and it might take a few weeks to be released. Meanwhile, you can download it from GitHub repo.

Djordje Arsenovic created a Typewriter block, and it is now available in the WordPress plugin repository. Use the block to make text appear on the fronted as it was typed out on the old-fashioned typewriter machine.

Theme Development for Full Site Editing and Blocks

Is your theme.json getting too big? Iulia Caza, developer at Dekode, built an npm package called Create Theme JSON that lets you split up the theme.json into multiple files in a theme-json folder and the build script assembles it into your theme’s theme.json file, when ready. “It definitely makes development much easier and faster.” Caza wrote on LinkedIn.


Anne Katzeff published a new tutorial on how to add categories to a Block Theme menu and guides you through accessing the menu editor and adding custom links for categories by copying their URLs from the WordPress dashboard. Katzeff also demos the steps in this YouTube video


Ryan Welcher worked on a new WordPress block theme for the Block Developer Cookbook during his live stream. You can watch how he creates a new skin for his theme (aka Style variation) and also add different block style variations. Welcher also prompts Cursor AI to make changes. The code is available on this GitHub repository.


Joshua Siagia announced the arrival of WindPress – a platform-agnostic Tailwind CSS integration plugin for WordPress that allows you to use the full power of Tailwind CSS within the WordPress ecosystem, streamlining workflows for developers. It supports Tailwind CSS v3 and v4, offers features like autocompletion, HTML-to-native conversion, and class sorting, and ensures lightweight performance with optimized CSS caching. Seamlessly compatible with popular builders like Gutenberg and Bricks, it simplifies customization while maintaining speed. WindPress is ideal for developers seeking efficient Tailwind CSS integration in WordPress projects. It is now available in the WordPress plugin repository: WindPress

 “Keeping up with Gutenberg – Index 2025” 
A chronological list of the WordPress Make Blog posts from various teams involved in Gutenberg development: Design, Theme Review Team, Core Editor, Core JS, Core CSS, Test, and Meta team from Jan. 2024 on. Updated by yours truly. The previous years are also available: 2020 | 2021 | 2022 | 2023 | 2024

Building Blocks and Tools for the Block editor.

Save the date! Nick Diego and Ryan Welcher will demo on March 19th, 2025 How to build incredible WordPress Blocks with Cursor AI on YouTube Live hosted by Jamie Marsland. They will explore the power of AI in crafting exceptional WordPress blocks. In this session, you’ll discover practical techniques, pro tips, and AI-driven tools to enhance your block-building skills and streamline workflows. Whether you’re a developer or looking to expand your WordPress expertise, this is your chance to unlock new possibilities for your WordPress site!

Bart Kalisz, JavaScript Engineer at WooCommerce announced in his post WooCommerce Blocks client files relocated to complete monorepo merge. As of March 5, 2025, WooCommerce Blocks client files have moved from plugins/woocommerce-blocks to plugins/woocommerce/client/blocks, completing the monorepo merge initiated in December 2023. This change enhances codebase consistency and repository organization. Developers with existing pull requests need to rebase their branches. End users will not experience any functional differences. The build process remains the same, ensuring a smooth transition.


Do you want to jumpstart adding AI to your site? Felix Arntz has you covered with his plugin AI Services from the WordPress repository. The plugin provides a “central infrastructure that allows other plugins to make use of AI capabilities. It exposes APIs that can be used in various contexts, whether you need to use AI capabilities in server-side or client-side code.” The latest update comes with AI image generation, starting with OpenAI’s DALL-E and Google’s recently published Imagen models! The plugin page also lists a few code examples on how to integrate it using PHP or JavaScript.


Developer Advocates, Brian Coords and Nick Diego were experts on this week’s InstaWP webinar: Building WordPress Plugins with AI with founder Vikas Singhal to “reveal game-changing insights for leveraging AI to build powerful WordPress plugins.” Both developers demo’d their workflow programming with Cursor AI.


This post Introducing Preview Sites: Pushing the Limits of Collaboration with Studio, Antonio Sejas catches us up on the latest features of Studio, WordPress’s local development tool. “Demo Sites” are now “Preview Sites” with increased storage (2 GB) and more sites allowed (10). Personalized URLs are introduced, and sites remain active for seven days after the last update. These changes enhance collaboration and testing for Studio users.


Geoff Graham built Baseline Status in a WordPress Block and published a blog post about his approach, from scaffolding, settings, supports, rendering front and back end and styling. The plugin is available on the WordPress repository
Baseline Status

Need a plugin .zip from Gutenberg’s master branch?
Gutenberg Times provides daily build for testing and review.

Now also available via WordPress Playground. There is no need for a test site locally or on a server. Have you been using it? Email me with your experience

GitHub all releases

Questions? Suggestions? Ideas?
Don’t hesitate to send them via email or
send me a message on WordPress Slack or Twitter @bph.


For questions to be answered on the Gutenberg Changelog,
send them to changelog@gutenbergtimes.com


Featured Image: Wasserburg am Inn – Photo by Birgit Pauli-Haack


Don’t want to miss the next Weekend Edition?

We hate spam, too, and won’t give your email address to anyone
except Mailchimp to send out our Weekend Edition

Thanks for subscribing.

by Birgit Pauli-Haack at March 15, 2025 05:15 PM under Weekend Edition

March 14, 2025

Do The Woo Community: Do the Woo Friday Shares, March 14, 2025

This weeks curated shares from the community.

by BobWP at March 14, 2025 10:28 AM

March 13, 2025

Gravatar: SEO-Friendly Author Bio Pages: Essential Tips

If you’re an author, chances are you’ve come across terms like E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). These concepts are critical for improving your visibility in search engine results, but putting them into action can feel like a daunting puzzle. Whether you’re a book author, a blogger, or someone with a diverse portfolio of written work, creating a strong web presence is essential to establishing your authority.

Author SEO goes beyond just writing great content – it involves technical elements like schema markup and consistent author profiles to signal credibility to search engines. But how do you bring all these moving parts together to create an effective strategy?

In this guide, we’ll explore actionable steps to optimize your author bio pages and build a consistent online presence. From Gravatar integration to schema markup, these techniques will help you strengthen your E-E-A-T signals and achieve better search rankings. 

Building author E-E-A-T through optimized bio pages

Establishing E-E-A-T is essential for authors striving to improve their visibility online. According to Google’s Search Quality Rater Guidelines, high E-E-A-T pages are deemed more trustworthy, which can directly impact rankings.

Your author bio page is a prime opportunity to strengthen your position. Here’s how to optimize each component:

  • Experience: Share milestones like years of writing, notable projects, or awards. This helps showcase your firsthand knowledge, making your expertise relatable and credible.
  • Expertise: Highlight qualifications such as degrees, certifications, or industry recognition. These reinforce your authority on your subject matter.
  • Authoritativeness: Link to your published work on reputable platforms, which positions you as a trusted source. Tools like Gravatar ensure your online presence remains consistent.
  • Trustworthiness: Build trust by including testimonials or reviews. A professional headshot and clear contact details further enhance reliability.

Keep in mind that an optimized bio page is more than just an introduction to your readers – it signals your credibility and authority to search engines and readers alike. 

Now that you have a strong bio page in place, the next step is integrating tools like Gravatar to maintain consistency across all platforms. 

Creating consistent author profiles with Gravatar

Gravatar homepage

Being consistent across all your digital profiles can help you build a solid and trustworthy online presence, and Gravatar simplifies this process. This platform links your profile picture and key details – like your name, bio, and website – to your email address, ensuring that your information is automatically updated across supported websites.

Example of a completed Gravatar profile – Ronnie Burt

For authors, Gravatar eliminates the hassle of managing profiles manually on multiple platforms. Whether it’s a WordPress blog, an online portfolio, or a comment section, Gravatar ensures your professional identity remains uniform, building trust and reinforcing your E-E-A-T.

Setting up Gravatar is straightforward: Create an account, upload a professional photo, and fill in your details. 

Example of the Gravatar profile dashboard – Editing the About section

From there, Gravatar takes care of the rest, providing flawless integration and a polished, consistent online presence. This not only saves time but also enhances your credibility, making it an essential tool for any author looking to strengthen and monitor their digital footprint.

WordPress integration and cross-platform syncing

According to W3Techs, “WordPress is used by 62.0% of all the websites whose content management system we know. This is 43.6% of all websites.” So, it’s no wonder that so many authors, writers, and contributors go with WordPress as their platform of choice. 

Gravatar integrates perfectly with WordPress, automatically displaying your avatar across the WordPress ecosystem wherever your email address is linked, such as in blog posts, comments, or author pages. This standard integration helps maintain a consistent online identity with minimal effort.

However, for authors looking to go beyond the basics, the Gravatar Enhanced plugin offers additional features. Unlike the default Gravatar setup, which only pulls the profile picture, this plugin provides greater customization options, allowing you to display more detailed author profiles, including links to your social media and published works. 

Example of a customized profile block with the Gravatar Enhanced plugin

You can also control how your Gravatar appears on various sections of your WordPress site, such as post bylines and author widgets.

On top of that, with Gravatar you can create multiple profiles each linked to a different email address, and you can pull any of these easily with the Gravatar Enhanced plugin. This is invaluable if you write across different genres or target audiences (more on that in a second). 

If you’re tech-savvy or have the budget to work with a developer, and have many people contributing to your website, you can also take advantage of the Gravatar REST API. This gives you more flexibility and granular control over exactly what data gets imported and displayed on the website. It also makes it much easier for guest authors to contribute – their Gravatar profile information will be automatically imported. 

This applies to every single platform that has integrated Gravatar, including GitHub, Slack, OpenAI, Figma, Zapier, and many more. 

Logos of websites that have integrated Gravatar

Managing multiple author identities

For authors who write across different genres or target diverse audiences, managing multiple online identities can be a challenge. Gravatar simplifies this with its ability to associate multiple email addresses with unique profiles. Each profile can feature a distinct avatar, bio, and contact details, allowing you to tailor your online presence to specific audiences or platforms.

To use a different profile with Gravatar Enhanced , you just need to put the email address corresponding to that profile. 

Importing a Gravatar profile through email and the Gravatar Enhanced plugin

For instance, if you write technical guides under one pen name and fiction under another, Gravatar ensures your profiles stay separate and relevant. By linking each email to a unique profile, you maintain consistency and professionalism for both identities without any crossover confusion.

This flexibility helps you maintain your E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness) across different niches, ensuring that each identity aligns with its intended audience while reinforcing your credibility.

Technical SEO essentials for author pages

Optimizing the technical side of your author pages can help your site rank well in search engine results and provide an easy and memorable user experience. Here are some key areas to focus on:

Page speed and mobile responsiveness

Fast-loading, mobile-friendly pages are a must. Use tools like Google PageSpeed Insights to identify performance bottlenecks and ensure your site is accessible on all devices. Reasons for a slow website include: 

  • Large image files – High-resolution images that aren’t optimized can significantly increase load times.
  • Too many HTTP requests – Each image, script, or CSS file requires a separate HTTP request, slowing down the site.
  • Unoptimized JavaScript and CSS – Heavy or poorly written scripts can delay rendering, especially if they aren’t minified or compressed.
  • Lack of browser caching – Without caching, users have to download site elements repeatedly, even if they’ve visited before.
  • Slow server response time – Poor hosting or high traffic can lead to delays in how quickly the server processes requests.
  • Bloated plugins – Excessive or poorly coded plugins can slow down the backend and frontend of the site.
  • Unoptimized database – A database cluttered with unnecessary data, like old revisions or spam comments, can slow query times.
  • High traffic without proper resources – A sudden spike in visitors can overwhelm your hosting plan, leading to slowdowns.

Whatever the issue is, make sure you fix it on time since most users access the web via mobile, a responsive, clutter-free design helps with usability and improves your search rankings. 

Schema markup for author pages

Implementing schema markup helps search engines understand your content better. Use the “Author” schema to display rich snippets, such as your name, bio, and image, directly in search results. 

Example of an author page on Google Search Results

Canonical URLs and structured navigation

Ensure each author page has a unique, canonical URL to prevent duplicate content issues. Structured navigation, including breadcrumbs, helps search engines and users understand your site’s hierarchy, improving crawlability and the user experience. They are also essential for screen readers and users who only use keyboards to navigate. 

Secure and accessible design

A secure site (HTTPS) is critical for building trust with both users and search engines. Additionally, ensure your content is accessible to all users, including those with disabilities, by adhering to Web Content Accessibility Guidelines (WCAG). Here are some of the main areas you need to consider: 

  • If you have a shop for your books, events, or services, make sure that users can successfully complete a purchase with any assistive technology, including screen readers and keyboard navigation. 
  • Create functional and descriptive alt text for your images and files. Users should be able to understand the main idea behind each image and if it’s only decorative, just leave the alt text tag empty. 
  • Make sure your link texts make sense – “click here to book a spot for my book signing” is much better than just “click here.”
  • Use accessible fonts and ensure that users can scale text up to 200% without the loss of functionality and content. 

Meta descriptions and optimized headings

Every author page should have a compelling meta description and properly structured headings (H1, H2, etc.). These elements improve click-through rates and help search engines identify the page’s main focus. They are also essential for accessibility: The meta descriptions and titles are what the assistive technologies will read out loud to people who use them and want to search online. 

Implementing author schema markup

Schema markup helps search engines understand the structure and content of your author pages, boosting visibility in search results. By implementing author-specific schema, you can enhance your E-E-A-T signals, making your pages more appealing to both users and search engines.

Example of a rich snippet of an author website

For blog authors, use the Article schema to mark up your blog posts, including details like the headline, author name, and publication date. For book authors, the Book schema is ideal. It highlights properties like the book title, ISBN, and author information, making your work easier to find​.

Example of a book Google snippet

You can then implement the schema on your website with the Google’s Structured Data Markup Helper or WordPress plugins like Rank Math and Yoast. You can tag relevant sections of your page, such as your name, bio, and links to your published works, and generate JSON-LD code for seamless integration​. 

To get the most out of schema markup, make sure you: 

  • Include key details: Author name, profile image, and links to verified profiles.
  • Stay consistent across platforms by syncing with Gravatar, which adds a professional touch to your author bio.
  • Validate your schema with Google’s Rich Results Test to check for errors and ensure all required fields are present.

Measuring and improving author page performance

Optimizing your author pages doesn’t stop at implementation – you need to measure their performance and refine them over time. Here’s how:

Key metrics to track

  • Organic traffic – Use tools like Google Analytics to monitor how many users find your author pages through search.
  • Bounce rate – A high bounce rate could indicate poor user experience or irrelevant content.
  • Time on page – Longer time spent suggests that visitors find your content engaging and valuable.
  • Search rankings – Track keyword rankings for your name, book titles, or blog posts using tools like Google Search Console, Ahrefs, or SEMrush.

Improving author page performance

  • Enhance content – Ensure your bio includes relevant keywords, links to authoritative publications, and an engaging summary of your work.
  • Optimize for mobile – Many visitors will access your page from mobile devices, so ensure your layout is responsive and user-friendly.
  • Leverage internal linking – Link to related blog posts, books, or interviews to keep users engaged and improve site navigation.
  • Update regularly – Add new publications, awards, or noteworthy achievements to keep your page fresh and relevant.

Use heatmaps and session recordings

Heatmaps (e.g., from tools like Hotjar) show which parts of your page users interact with most, helping you refine layout and content. 

Example of a Hotjar heatmap

Session recordings provide deeper insights into user behavior, highlighting any obstacles they encounter.

Enhance your author authority now

As AI-generated content continues to flood the web, a verified and consistent author profile is the best strategy to help you stand out and maintain reader trust. A strong, recognizable presence builds credibility and helps search engines and audiences alike see you as a reliable source.

With the tips outlined in this article, you’ll lay a solid foundation for optimizing your author website. Start with a polished bio, leverage schema markup for better search visibility, and use Gravatar to maintain a consistent online identity. With its “Update Once, Sync Everywhere” functionality, Gravatar ensures your avatar and profile details are synchronized across platforms, saving you time while keeping your branding professional and cohesive.

The key to successful author SEO lies in the trinity of a professional bio and website, technical SEO, and an up-to-date Gravatar profile. Ready to boost your authority? Learn more about Gravatar today!

by Ronnie Burt at March 13, 2025 06:49 PM under Gravatar Guides

Do The Woo Community: Meet Some of Our Hosts at CloudFest 2025

Make sure and say hi to some of our hosts if you are attending the CloudFest event or the Hackathon.

by BobWP at March 13, 2025 12:03 PM under Hackathon

Do The Woo Community: A New Show, Content Sparks, with Regular Host BobWP

BobWP introduces "Content Sparks," a show focusing on content creation insights, featuring tips from his 18 years in the WordPress space combined with my hosts experiences.

by BobWP at March 13, 2025 09:27 AM under Content

March 12, 2025

WPTavern: #160 – Rahul Bansal on Success in Enterprise WordPress

Transcript

[00:00:00] Nathan Wrigley: Welcome to the Jukebox Podcast from WP Tavern. My name is Nathan Wrigley.

Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in this case, creating a successful business in enterprise WordPress, and working to foster the WordPress community.

If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice. Or by going to wptavern.com/feed/podcast, and you can copy that URL into most podcast players.

If you have a topic that you’d like us to feature on the podcast, I’m keen to hear from you and hopefully get you, or your idea, featured on the show. Head to wptavern.com/contact/jukebox, and use the form there.

So on the podcast today, we have Rahul Bansal.

Rahul is the founder and CEO of rtCamp, a large agency that specializes in enterprise grade WordPress projects. He began his journey quite differently, starting as an individual blogger back in 2006, discovering WordPress in 2007, and gradually transitioning from being a publisher to a freelance developer, before founding rtCamp in 2009.

Today, rtCamp is an enterprise grade WordPress consultancy agency operating globally and trusted by clients such as Google, Meta, Automattic, News UK and Al Jazeera.

Rahul sheds his light on working with enterprise clients in the WordPress space. Many of us are familiar with WordPress in the context of small businesses and blogging, but the enterprise space demands additional layers of security and scalability. Rahul explains the factors that set enterprise projects apart, and why meticulous code reviews, and security audits are essential when working at this level.

He talks about the opportunities in the enterprise space, recounting how rtCamp initially stumbled into enterprise level projects, not even realizing their potential until a client’s high expectations led to a decision to market themselves as an enterprise agency.

We also discussed the role of WordPress in enterprise environments, from why Gutenberg has become a credible selling point due to its powerful editing capabilities, to how the platform’s flexibility supports varied enterprise needs.

Rahul also gets into the importance of positioning. How historical context offers advantages, and the expanding market that makes WordPress a compelling choice for large clients today.

Towards the end, we explore rtCamp’s innovative intern program, aimed at growing the WordPress talent pool, and the way they’re contributing back to the WordPress project, a win-win for the business and the broader community.

If you’ve ever considered what it takes to work with WordPress at the enterprise level, this episode is for you.

If you’re interested in finding out more, you can find all of the links in the show notes by heading to wptavern.com/podcast, where you’ll find all the other episodes as well.

And so without further delay, I bring you, Rahul Bansal.

I am joined on the podcast today by Rahul Bansal. Hello.

[00:03:47] Rahul Bansal: Hello.

[00:03:48] Nathan Wrigley: It is very nice to have you on the podcast today. We’re going to talk about the enterprise, which I confess is something that I only really know about because people talk about it. I’ve never worked in the enterprise, I’ve never worked with enterprise clients. So Rahul is here. He’s very much in the enterprise as you’re about to find out, and he’s going to educate me all about that.

So Rahul, I wonder if you wouldn’t mind just for a minute or two minutes, just tell us who you are, what you do in the WordPress space, where you work, your position there, and so on. A little potted bio.

[00:04:18] Rahul Bansal: Currently I am founder and CEO of rtCamp, which is a large agency specifically dealing in enterprise grade WordPress projects. I started quite differently, like I started as a individual blogger, back in 2006.

In 2007 I found WordPress. I started developing with WordPress in 2007. And slowly from being a publisher, I become freelance developer, and then around 2009 rtCamp started. So I’ve been with rtCamp for the last 16 years.

[00:04:46] Nathan Wrigley: That’s been quite a journey. I see the name rtCamp everywhere. And we should just say, so it’s spelt, lowercase r, lowercase t, and then Camp with a capitol C, a m p. Go and Google that, and have a look at what the team over there doing.

How big has the team grown to? How many employees, staff do you have over there now?

[00:05:05] Rahul Bansal: So currently we are 230 people, all spread over.

[00:05:08] Nathan Wrigley: That is truly an enormous agency. So bravo for growing that. That’s really incredible.

The first question that I want to ask though is, when does normal WordPress become enterprise WordPress? At what point do we cross the Rubicon where a site is, I don’t know, big enough, or your agency is working with a different type of client? Can you define what you think that means? And I’m sure that if you’re on the cusp of being an enterprise agency, this is something that, you know, may be slightly confusing.

[00:05:37] Rahul Bansal: Firstly, there is no formal definition to that. Many agencies believe they’re serving enterprise space when they’re not. Some people are actually serving enterprise space, but they don’t realise it.

So in my opinion, it’s where the requirement changes a lot. Like, for example, if we’re building a small WordPress site, which I don’t consider as an enterprise site, we will be tempted to pick first theme and plugin that matches our need, like if it works, if it gets a job done, that’s it.

But then in enterprise space, there is a lot of security and scalability concerns. These two concerns are very big. Something might be working all right, but then when you look at the code, you realise that there’s going to be a security issues, or there could be scalability issues. Many times, indy developer person, they design small WordPress plugins. They don’t have data or big enough site to test it on a large installation. So those things are not tested on really high traffic website. So enterprise can mean really high traffic website, with a lot of scalability requirement.

On the other hand, the traffic can be less, but the security requirement can be enormous. Consider the White House website. It was on the WordPress with the previous administration, and it’s again, on the WordPress with the new administration. So in both cases, I don’t think White House, like a website we can classify as a very high traffic website, but it is a very sensitive website.

It would be a lot embarrassing if that site gets hacked. So every piece of code that goes into White House website, which agency is working on it, will be thoroughly checked for security attack, for audit, for all the compliances. And this additional efforts is what makes it enterprisey, in my opinion.

[00:07:12] Nathan Wrigley: Okay, so it’s not necessarily the size of the client, or the fame, for want of a better word, of the client. It’s more about the kind of work that you’re doing in the background. So custom code largely, because you simply at that scale cannot have something off the shelf.

[00:07:28] Rahul Bansal: So we can have things off the shelf. The thing is, you cannot just take it and use it. You still have to own it in that sense. Like, for our clients also, we go and use many things from WordPress plugin directory. But then when we put it on this website, it is kind of like signed by us. So it’s like we have to verify, even if it is not coded by us, we have to verify line by line that it is following best coding practices, database queries will scale with high traffic, if it is a high traffic website.

There are many checks and balances in place. So no matter if you are doing in-house, like as a custom coding, or we are buying a premium plugin or using a free plugin, everything has to go through certain checks. And those checks are very expensive to do, because that’s a human labor. You have to literally go through things line by line. And in many cases, you have to put extra efforts to make it scalable with their existing system.

Because usually a large enterprise won’t use just a website in silos. It’ll be part of multiple system like authentication system, where if an employee joins a large organisation based on some rule, they might get automatic access to their website. Likewise, if they leave organisation, their access should be automatically revoked, or they have some CRM integrations, data integrations, some kind of asset, like digital asset management solution integration.

So all these have to be connected, and this all need to work together. So a lot of effort goes in doing these extra things, which are either don’t exist for small websites. So, enterprise website that I’m talking about, this can be really unknown website. We have a client which is basically a government public origin fund. Common people don’t even know about them, but they basically want pretty much all the big companies we know. Like, they have stake in all the big companies. Their asset is something like $400 billion in under management.

Most people don’t even know that company. But then it’s very sensitive because that money they’re managing is public money, it’s not like VC fund. It’s actually state reserve. Now, seriousness, we need to demonstrate in the security is very high, because if something gets hacked or somebody uploads the wrong investor report or something like portfolio report, it can have a lot of consequences.

[00:09:32] Nathan Wrigley: It kind of sounds to me as if the assurance that you are giving an enterprise client is basically that what we’ve built is, as far as we can tell, it’s bulletproof. We’ve gone through it line by line. We may have custom coded bits and pieces, but certainly the bits that we didn’t custom code, we are totally guaranteeing that this is going to be robust.

And also it’s sounds a bit like, if a client at an enterprise level approaches you and they say, can you do this? Your answer is yes. Basically, yes, we can do it. We can do it with WordPress. There may be a cost, but we can do it. There’s almost no scenario where a client would come to you and say, can you do this, forget the money, can you do it? The answer’s never no. The answer’s always going to be yeah, yeah, we’ll figure it out.

[00:10:15] Rahul Bansal: So that’s the thing, like if the budget has no limit then there is no limit on technology. Most often, like even where enterprise agency, WordPress has this large spectrum. So we end up with a lot of low quality leads, where somebody knocks on an enterprise agencies’ door and they really have budget constraint. They really want something really good out of the box, but they don’t want to pay for it. Or they don’t want to pay as high as it’ll require to deliver that kind of solution.

For some enterprises, budget is no limit, but then we try to be mindful of resources. For example, many enterprise agencies, including us, if you go to their GitHub account, they would have list of published themes and plugins. Most commonly plugins, themes rarely are used off the shelf. So we will build these plugins to ensure that the cost of rebuild project is less, like if we have to deliver another project, we try our best that we reuse as much as possible.

And that’s the open source spirit, that the entire WordPress committee follows. We use many times solutions that are already put in open source by our competing agencies. They also use our solution. So that’s where the enterprise solution with WordPress is also affordable. The right enterprise client that we target, usually have higher budget than we would need to develop because we are competing against a lot of experienced managers, which are very expensive, super expensive.

And when I is super expensive, I’m just talking about licensing fees. Before you hire an agency to write custom code for you, you have already paid a lot of money just for the right to use the software. With WordPress, that right to use costs zero. And then all the nice agencies in WordPress space, big, small, no matter what size they are, try their best to reuse existing solutions, to bring the cost down.

So enterprise WordPress, relatively, cost less than other enterprise CMS, but then it certainly costs a lot than building a small website. Like, you cannot go to an enterprise agency and expect in $500 your site to be built perfectly, because the requirement gathering phase, like talking to all stakeholders and understanding all the solutions they use inhouse can take like many days.

[00:12:15] Nathan Wrigley: So you may have answered this question just now with what you’ve just said. I feel that you’ve definitely gone into this territory, but it sounds like there’s a lot of line by line checking of everything. So for example, if you use a plugin off the repo, you’re going to go through that one line at a time. And you said this can be an expensive process. You’ve also said that obviously there’s benefits of using WordPress because you can take things that other people have used and so on.

But I guess at some point there’s got to be some sort of tipping point where you think, okay, WordPress is going to be good for this project, but it might not be good for that project. Is it always WordPress for you? Do you always lean into WordPress, or does there come a point where you say, do you know what, with the custom things that this particular client wants and what have you, lets just build the thing ourselves, let’s not rely on the CMS, or do you always lean in on WordPress?

[00:13:01] Rahul Bansal: Maybe it’s the nature of our positioning that we rarely get things that we cannot do in WordPress, so we always do things in WordPress. The boundary varies with how much off the shelf WordPress we’ll use, and how much custom we’ll use. In one of the project, I remember there was a specific data crunching process that we needed to build. And we felt that it’ll be better if it is built as a microservice and run independently.

So we built that in Python, but then it was talking to WordPress REST API. So that freedom we have from client, for example like that microservice, that microservice was never visible to any of the client’s editorial team. Everything they were doing, their only interface was WP admin. There was no second login or no second interface to them. It was just something was running on some server and magically data was going inside and outside WordPress.

And that’s the power of WordPress. It has so many APIs to communicate with outside world, like rest API, GraphQL, and even from the traditional XML-RPC. That WordPress can coexist with other systems very nicely. And that’s where we never face that, can we do this on WordPress or not? It’s like, can we do everything on WordPress, or do we need to put some minor things outside WordPress?

And those decisions are not the engineering limitation. Like, that microservice, we could have put it in WordPress also, but we felt that its architecture was more suited for independent microservice. That was the right call, it turned out to be right call. Much later that microservice grew independently.

[00:14:26] Nathan Wrigley: If we rewind the clock to the beginning when you were just beginning with WordPress and beginning the agency that ended up being rtCamp with your 230 odd employees, did you intend for what’s happened to happen? Did you always know that you wanted to grow something to the point where it became, air quotes, enterprise with many, many employees, or did it just evolve over time unexpectedly?

[00:14:49] Rahul Bansal: Yeah, it all happened unexpectedly. Like, I started as a professional blogger. I used to make money from advertising, affiliate marketing. So it’s like, I wasn’t doing anything remotely related to agencies.

So one thing led to another and then I started freelancing. Then even after freelancing, when I started rtCamp as an agency, because I was coming from bloggersphere, most of my initial client were bloggers, like independent bloggers. Somebody wanted a theme, somebody wanted a plugin, somebody wanted a sidebar, which sidebar just used to be a lot more popular in those early days of blogging. Like, people used to have MySpace, like experience on the web, like lots of widgets, email submission form, this pop up.

So in fact, the first enterprise client that walked into our door, that’s why I said like many agencies don’t even realise when they mingle with enterprise space. I kind of felt very irritated because they asked so many questions. They got our reference from LinkedIn. We had zero, we were not even using enterprise word anywhere in our branding, marketing, anywhere at all. But back in 2010, also, we made a good name for ourselves.

So anybody who shouted, hey, any WordPress references, our name used to pop up on social media. So we got that. And they sent us a very large procurement checklist, which we never heard of. All of our projects were like email exchange, two, three emails, money via PayPal, and emails used to be contact. Like, whatever you committed on email is the contract.

And suddenly there comes like this long PDF, Excel sheets with check boxes. Do you have a data storage policy? This policy, that policy. If we end up filling this, we’re not going make any profit with this project. So then one of my teammates said, let’s price in that. Let’s price in and see if they can afford it. So we literally added another zero to our pricing, literally like 5 times, 10 times. And we said like, hey, this is our minimum, do you want to go ahead?

I said, sure, like this is peanuts. And they were worried like, do you understand the project? You are quoting very less, your starting point is very less than our internal budget. So they came to our office, they were based in India. Luckily they were in the same city. They came to our office to audit us physically. They put like remarks like, you don’t have a fingerprint scanner in your biometric sensors in your office entry. There is no employee log.

But we are not storing any of your data. So this office is not the building where your data will reside. Your data will reside on AWS, or all those cloud servers. And then they got convinced. WordPress was very small then, and we were the only known agencies, which was fully committed to WordPress at that point. So they didn’t have choice two, three, so they kind of crossed the fingers and gave us that project.

It took six months to close. I was very pessimistic. It’s only after two, three years that we realised that they’d become our largest client by a huge margin. All my blogger friend put one side, and this single client, one side. And that revenue was growing very nicely, year on year. Renewals, they had this retainers, every year they were renewing without asking questions.

So I realise that it’s very hard to win these big clients, but once you are in it becomes very smooth journey, henceforth, like after that point. And then I think 2014 around, after two, three years data, when I saw that this client was consistently, for the last three years in a row, our biggest client. Zero sales effort, zero account issues, no negotiation on pricing, and everything was smooth.

So then I thought like we should go in to some enterprise space, and luckily around that time I had a call with Chris Lema. Chris Lema used to be available for consulting calls on Clarity. I’m not sure if that service is still around. And I still remember it was exactly 33 minutes that I talked to Chris. He repositioned rtCamp. In 33 minutes he gave me some amazing breakthrough idea.

And after that call, first time we told ourselves, we are enterprise WordPress agency from today. Until 2014 we were not identifying ourself or branding ourself as an enterprise workplace agency. That moment was the first time when we put in bold letters on our homepage, in SEO Meta, everywhere we added, we are enterprise, enterprise, enterprise WordPress.

[00:18:35] Nathan Wrigley: Can you remember that moment? So if you cast your mind back, when you added the zero and sent it, and there was obviously some suspicion in your mind that nothing’s going to come of this or what have you. Can you remember the feeling? So it’s an odd question because I’m asking you about your feelings, but can you remember the feeling when they came back and said, oh yeah, this is not as expensive as we’d imagined? That really must have opened up an entirely new world for you.

[00:19:00] Rahul Bansal: Yeah. So firstly, it was very unexpected because we were selling like WordPress projects for $100, $50, $500. The biggest was $1,000. We still remember we built a complete BuddyPress plugin for $900. And we were like so happy when that client sent us $100 tip. He rounded up to $1,000 and we were partying, like with that extra $100, we throw a party to our team.

And suddenly this client comes and they said, $5,000 is okay? Are you kidding me? Because they sent so much data I didn’t want to fill in, so I just thought, let’s just give them a number and they will walk away. We’ll not appear as a company who didn’t want to fulfill their data request. I thought, I will give them a reason to walk away, but then it didn’t walk out.

Initially I was still skeptical because they really demand too much data. Just imagine, we were like some 20 people agency at that time, and we spent three to six months in back and forth sales call. We didn’t have typical sales team at that point. Writing those long answers. We were not even understanding questions. The problem was not that we didn’t want to give data or we didn’t take security seriously, there were things that we never heard of.

It was all like foreign language to us. What are they asking? Why do they want to do that? I was not expecting lifetime revenue, that concept was not in our books then. So it was project, money in, money out, end of email, site goes live. Then the recurring revenues hosting companies. We were not into selling maintenance contract.

So it was a project kind of thinking like big, big economy mindset. So even with 5,000, I thought like, the amount of effort they’re putting us, we won’t be left with any decent margin after this project. And that was a true case. For first year there was not much margin left because they had put us through a lot of work to fulfill that project. And then we realised we underquoted after that also, because when the data, we had to talk to their Microsoft vendor. They were using Microsoft SharePoint. There were many rough edges that we had no idea could happen to us.

In year one, they were the highest revenue, but project was in loss. It’s only a year, two, three, it was very good profit. And then we have the strategy that we call now land and expand. Land big accounts, no matter whatever price point you wanted to do, go aggressive, and then once you are in, then you spread within the organisation.

[00:21:08] Nathan Wrigley: Oh that’s an interesting insight. So land and expand. Land the client, the big fish, if you like, with the knowledge that if you maintain the relationship over many years, the profit can build up. Not necessarily year one, but maybe a bit in year two, and year three, and year four, it’s beginning to mature.

And, it sounds like such an interesting story. And, again, I’m going to rewind back to before 2014, so before you added enterprise to your website and have you. Do you think if you had begun your journey today, that you would have the same capability to expand in the same way? Because it feels like there are now quite a few players. Perhaps when you began that was less of the case. You were competing in a much less crowded marketplace.

But it feels like everybody’s intent now is to become an agency which can call itself enterprise. And I’m imagining that you got your foot in the door at a really nice time where you became a name that everybody could trust, and the recommendations come in because of prior work, but maybe that would be more difficult now.

[00:22:08] Rahul Bansal: The market is much bigger now. In fact, just imagine WordPress market share. When we were building the first initial websites, there was not even custom post types that were present in WordPress. So all the WordPress plugins, we used to do a lot of hacks. There was not standardisation. So a lot of things happened with WordPress as a platform. WordPress evolved. The market share has become so big. It’s easier to sell. We have so many examples like from White House to large publishers. And globally, it’s not like just the American companies are using WordPress. India’s second largest publisher also uses WordPress. So does Al Jazeera in Qatar.

So there are many big websites all over the world so it makes WordPress easy to sell. The market is big. There is a precedence where you can pitch somebody, this is WordPress used by so and so. I believe that no matter which lead you are dealing with, so if you have a lead from a certain industry, a certain geography, you will find a WordPress success story in their geography. You will find WordPress being used by your prospect’s competition. That makes it easier to sell WordPress.

So, yeah, the competition is more because opportunity is bigger. The pie is a lot bigger. Otherwise we would’ve stuck to the same size. Every year we are adding more people because we are able to get more work for them, even with these new agencies coming up. In fact, it’s easier to build WordPress agency, or any kind of enterprise grade agency now, because the recipe is quite clear. Because we can look at how other agencies are doing and you can take some lessons from them.

At that time we had no idea. Like, in fact, we didn’t have the idea that we should position ourselves enterprise grade agency, that was the call with Chris. Before that call, we had no idea that we should be labeling ourselves as an enterprise grade agency.

[00:23:42] Nathan Wrigley: If clients approach you, and it sounds like this may not be the case. It feels like people are approaching you because you build WordPress, not inquiring whether or not you would do a WordPress project for them. What are the one or two bits that you always bring out when a client says, well, why would we go with WordPress? What are the one or two top line items which you think, okay, if we’re going to build you a website, we’re going to choose WordPress, and here’s the best reasons at enterprise? So we’re not talking about a mom and pop store, that it really doesn’t matter if it goes down a bit. What are the one or two things which you bring out when an enterprise client wants to know why WordPress?

[00:24:18] Rahul Bansal: First we want to reassure them that WordPress is the right platform. So this is a difference between a product company and agency. A product has a landing page, which is more similar, it gets us to a lot of people. But an agency pitch is tailored for every client, every prospect. So our first goal is to find competition. So which are the competitors for this particular client, prospective client, and see if they’re using WordPress. If your competition is using WordPress, you will feel a lot more comfortable going after it, because nobody wants to be first, especially in large enterprises.

Another way we define enterprise is that, when you are not buying from out of your pocket. In a large organisation, your job is not to save the money or find cheapest solution, your job is to deliver result so that it can go very nicely in your annual review report. I still believe people, especially in enterprise, are looking for safety as a first because they know that they have budget to build anything under the sun.

So usually we say less like, WordPress can do this, WordPress can do that. Because for everything that WordPress or any platform doesn’t do out of the box, they have budget. What they need to know is that it’s secure, it’s safe, it’ll scale well. And if some government approaches us, so we show that public sovereign fund, that they’re managing. So that client has a special permission with us, like we cannot refer them publicly, that government agency, but we can refer them to other government agencies in private conversations. So that is how we convince like, okay, this is similar people to you who are using WordPress.

And I think safety is still the first thing that people are looking for because, it’s not even WordPress, it starts with open source. There is something, somebody did some marketing where people believe or have this misconception that open source will be easy to hack, because you can see the code, you can easily hack. That is our first step. If client mentions it explicitly, we go all in. Even if the client doesn’t mention it, if the prospect says that we are looking for rating interest, we still will verify. Are you sure that you are sorted on WordPress being safe? Any concerns, any doubts?

And then features, because WordPress has no match. And I’m not saying this as a WordPress agency. The Gutenberg editor itself alone is miles apart. If you go to any other platform, the editing capabilities are nowhere close to Gutenberg editor. Gutenberg editor demo itself is a deal breaker in many cases. We just show them Gutenberg editor, and they’re like, wow, is this possible? Is this thing real? Is this some mockup? No, this is website. After the call, we are going to send you a URL, go and try your hands on. This is no fake, that vaporware demo where you see something on my screen, but in reality it doesn’t work like that. This is the real website. Go and try it.

[00:26:53] Nathan Wrigley: That’s really interesting because in the non-enterprise, that message hasn’t necessarily landed. Gutenberg is, it’s very divisive issue, isn’t it? Whether you use it or not. And it’s curious that you are saying that it’s one of the key things which leads to the success.

Can you just dig into that a little bit? What are some of the aspects of Gutenberg which make the clients think, okay, this is great, this is perfect, this is just what we need? What are some of the features that you draw out of the block editor?

[00:27:19] Rahul Bansal: So I think the main difference that we feel like compared to the consumer WordPress, I would say. The consumer WordPress access technologies on very different platform, like proprietary. Just imagine somebody is using Instagram to create reels. With that mindset they come to WordPress Media Library and expect video editing experience like that to happen in WordPress, they will be disappointed.

But here we’re talking to people in large companies, very large companies, using legacy systems, probably from the nineties. They might have a desktop application to update a webpage, some ugly looking forms. We even have a memory where a client, their publishing workflow they had to write an article using a very poorly designed HTML web form, and they had to upload images via FTP. And then they had to reference images in document. There was no drag and drop interface.

So now if somebody like this person comes to Gutenberg, it’s like an iPhone moment for them. With that being said, Gutenberg itself is a very powerful editor. We haven’t come across a case where somebody said, oh, this is not flexible. As I said, like enterprise have a very good balance around the feature versus maintenance. For example, so Gutenberg may have one or two features less compared to a third party page builder, but then being part of Core, they’re assured that five years down the line, it will be very well maintained.

Security is more important to them because one less plugin means one less attack vector. Less things to break, less things to train, less things to maintain going forward. We as an agency develop so many sites on Gutenberg that we have our own libraries and our own patterns. So it’s like, whenever a requirement comes, we can easily map it to Gutenberg.

[00:28:51] Nathan Wrigley: I think that’s the difficult thing to imagine if you’ve never built your own block or you’ve never delved into patterns. But certainly at the enterprise level, if a client comes to you and said, we have this repeatable thing, and we need to put this repeatable thing on page every time. And honestly it’s real chore. And you can build a block, and they drop the block in, and now they just fill out some fields, drag an image in here, and suddenly, boom, it’s exactly on the front end what were expecting.

It’s that kind of thing, isn’t it? It’s that, almost like an app inside of an editor. So we’ve got a block which consumes perfectly the content that you want, and we can adapt it if your needs change. But if you’ve never really gotten into that, it’s hard to imagine. It’s just a bunch of paragraphs and images, but it’s not, it’s so much more powerful than that.

[00:29:34] Rahul Bansal: One thing I would say that, if you look at any large corporation, they have something called design systems, where they have their brand guidelines across products, not just websites like, across mediums like print and everywhere. With Gutenberg, it is very intuitive and easy to map the design system into WordPress. So that is where Gutenberg shines, that you can create patterns, you can create theme json. You can give them a starting point which blends very well with their existing design system.

That is where half of the job gets done. Like, compared to indie hackers or small businesses, large enterprises are not running after lots of plugins. They don’t want to try a hundred plus blocks plugin, a plugin with 200 blocks. They want to restrict number of choices. They want to have less number of blocks, but properly weighted with the user’s guidelines. So it’s like, the freedom they demand is easily given by Gutenberg, and with the assurance of, it is going to be around long term. It’ll be very well maintained. It’ll be very well supported, and performance. I still feel Gutenberg has much better performance, the markup, SEO qualities, top notch.

[00:30:35] Nathan Wrigley: I think it’s just the constraints that you can put around that editing experience. So if the client comes and they want this inexperienced user to be able to create content but have boundaries so they can, I don’t know, they can add an image here and it will be, it doesn’t matter, they just put it in and it will output perfectly. And here’s where the text goes, but they can’t change the fonts, you’re not allowed to change the color and what have you. All of those kind of constraints around the editing experience. It’s just miraculous really what’s possible.

And I think it gets lost because the majority of people, I’m imagining using WordPress are sort of tinkering with Core blocks and it can become confusing. There’s lots of choices. You try one thing and it doesn’t work out, and you throw your hands in the air. But if you’ve built the perfect thing, then all of those guardrails are in place and it will output the perfect thing every time. I think that’s really interesting.

How do you grow, and how do you find your next employees? Because I’m guessing at the level that you are now at, you must have some fairly exacting specifications when you put out a job description. And WordPress is becoming an increasingly JavaScript based thing. Lot more technical difficulties. Where do you find your talent, and is it becoming harder to find?

[00:31:40] Rahul Bansal: This would be unique to literally us. We have what we call our own training center where we, every year we take some 50 students from college, who recently graduated. Every six months we take 25 to 30 students from colleges. We put them through six months of training, like a complete, they get paid to learn WordPress for six month. They have no obligation to continue with us. They can join our competition, they can do anything with the WordPress.

But we really get this talent and this job is very popular in India. So this training we run, the pay scales are very popular in India. So last year also we had some 90,000 applications for 60 positions. We literally have to build a platform. So we have a campus adding platform, its name is Chitragupta. Chitragupta is basically is responsible for managing the ledger of your good and bad work. So in Hindu mythology. So we built  Chitragupta, which basically scans your GitHub repos and assigns your grade.

And those 9,000 people gets graded. And then we interview from top to bottom until 60 positions gets filled. So last time we had to interview some 1,200 students, by the time 60 students got selected.

Then we put them to the six month training. Our course is public, so people know what is going to be in the course, and so we find a lot of passionate people. Many times by the time they join our course, I’ve already gone through it from the public website that we have learn.rtcamp.com. From there, they already have checked it. And then we put them through the six month training. After that, this thing we started this year only. After six month training, we put them six months into the WordPress.

So WordPress Core has a mentorship program running on for new contributors. So this year we enrolled 10 people, managed by Automattic and Google employees, senior employees. So they are mentoring this people for further. So first year we, we invest them heavily. Zero revenue, only investment in year one.

And then from year two, we start getting, like some client work done from them. And this is something turned out to be very great for us from last three years. At some point we felt, there are same number of people switching between agencies, and net new addition to the WordPress worker pool was getting stagnant, especially around Covid.

I felt the way people used to discover life with WordPress, or a professional life with WordPress was mostly through WordCamps or meetup groups, and when that Covid happened, we suddenly missed those years, when new people didn’t come to the WordPress, as many as they used to come before.

So there was this gap that started hurting large agencies, like us. Because if we look at a small website, then the enterprise budget appears a lot, but there’s always a limit. No company approves unlimited budget for any venture. Like for every project there’s a budget. It’s usually large enough, but there’s always a number and, as talent was getting more expensive, WordPress was getting unaffordable at some point.

So I talked to some medium publishers, medium sized publishers, not the big ones, who complain a lot. Like the good WordPress agencies are either sold out or too expensive. It’s like WordPress is suddenly getting unaffordable, and that is when we started in this hiding experiment, where we onboarded people every year. And this is, we are doing from last four years.

So we have been hiring for many years, but early it was 5, 10 people. This massive scale of hiring we started from last three to four years. And, it turned very well for us. Like all these people in second year clocked, like in agency billable hours is a very big metric, and in second year, these people clock 90%, more than 90% billable hours.

[00:35:08] Nathan Wrigley: That’s incredible. What a great idea. Can I just ask, just to clarify with that, is that an in-person thing? So you come to a place where 60 people gather, and the tuition is taking place in the same room, or is it an online thing or?

[00:35:23] Rahul Bansal: So before Covid it was, it used to be in the same room, but the scale was 20 people at that time only. After Covid, we made it completely remote. It’s now completely remote. It’s still in the same time zone because, these are the Zoom calls, recordings. The time zone synchronization is needed. So that’s why it’s currently India only. But we are expanding it to other territories, and we are seeing like if we can create similar talent pool in other part of the world. Because,early it was in n office, then it went remote over Zoom. And this year, it is going async. We have a dedicated department, which is called Learning and Development Department.

So our agency head has implemented most lessons in a synced way, so that people can wake up at different time. And so it’s like they won’t get blocked. They can learn asynchronously, they can complete this six month course asynchronously.

[00:36:11] Nathan Wrigley: It just sounds like the appetite is incredible. The numbers that you just mentioned there, I think you said something like 1200 or something like that, people for 90 places. That’s just remarkable. So the appetite really is there. It seems like such a commendable project as well, in that you are putting out a limited, you know what, you can manage. 60 people out into the workplace. Some of them may end up working with you. Some may end up working with your competitors. But you’ve put 60 people out there who are really credible at pushing the boundaries of what WordPress can do, and hopefully just making a start on their career.

[00:36:44] Rahul Bansal: Yeah.

[00:36:45] Nathan Wrigley: But I know that it’s not just limited to that. And, I would like to get into this just before we finish, because I think this is important. Over the last few years we see these metrics every year of companies who put time into the WordPress project in general, in a whole manner of different ways. They may be sponsoring events. They may be committing staff to Five for the Future and what have you.

And the company, your company, rtCamp, it always seems to be right at the forefront of that in a growing way. I’d just like to applaud you for that and give you an opportunity to say what it is that you do so that we’ve got an impression of just how much good you are doing apart from obviously, having a very profitable agency and what have you, how much good you’re putting back into the community as well. So just outline your commitments to the WordPress project.

[00:37:29] Rahul Bansal: So, as I mentioned that, so we have multiple ways of contributing. So as we hire a lot of from college, unfortunately we cannot have a lot of Core committers with us, but we take care of the other end. For example, these 10 people, we have a commitmentt now internally that every six months, so we will put 10 people full-time, like full-time as in literally full-time. A hundred percent of their time will go in working on WordPress project for six months.

And then this will be rotated by next batch. So in rotation there will be at least 10 people. As we grow further, then we’ll make it 15, 20. And we want to keep this ramping up this number. So there will be always, WordPress Core will have enough junior people to pick the task. So, that good first issues will, somebody will be looking at them.

Then we have a QA people, work into the QA team, other teams. I myself as WordCamp organizer, for WordCamp Asia. We have other people contributing to different part of WordPress.

We have a training course, which is public domain, in public domain. We started that much before learn.wordpress.org is there. Now  learn.wordpress.org is there, it is much better resource. But then this course was there for many years, and many other agencies use it. So that is one of the way to build human capital. So this word actually drives me a lot. We want to consciously put our efforts in developing human capital of WordPress.

Because in the end, it’s people that do the job, no matter how fancy it is. You need a human to put a prompt to the AI. ChatGPT won’t build things on its own. You need to, you need a human to ask creative questions. And we want to ensure that WordPress economy continues to grow, and it never falls short of people. So we hire a lot of junior people. We put into the workplace. We publish our videos tutorial. We publish our training material also in the public domain.

Many companies use it, and we expect no link back, also, no credit. Because sometimes they have a apprehension that if they know, this is why rtCamp course will, for, example, our training course site doesn’t require registration. So if you’re sending your employees to learn WordPress on our site, we won’t track them. We won’t solicit them. We have no way of knowing who’s learning. Google Analytics just shows traffic. A lot of traffic is coming to those training sites, but we have no personally identify information tracked there.

[00:39:45] Nathan Wrigley: I would imagine that in every aspect of your business, except this, maybe, there’s gotta be some measurable ROI. Okay, we put this in, we get this out. Do you have any metrics to measure your commitment to the community, or is it just putting your finger in the air and thinking, okay, last year, our business did this, let’s put, I don’t know, whatever it might be. Do you have a pro forma that you stick to? A number of hours, a number of people? Or is it just, yeah, this feels right this year. Because you can’t measure this. And in some cases, I imagine people would think, yeah, they’re probably overdoing it a little bit over there and what have you.

[00:40:21] Rahul Bansal: So, we have a top line mandate that, so it’s like, internally we divide engineers in three categories in rtCamp. The junior ones were like less than two years in rtCamp. The senior ones like two to five years. And lead levels were like more than five years with us. The junior one, we target 20% of their time for WordPress Core. And the medium level, the seniors, 10%, and lead level is 5%. Lead level is very hard, because we have very less lead engineers. The demand supply gap is more evident on senior and lead level. But then, these metrics are, so our office structure is that we have some called business needs.

So every people need to submit their 20% report. Not only they need to submit the hours report, like they have their hours went into the WordPress Core or different part. They have to compile what are the issues they solved. It’s not like you’re just making time entries. You have to tell in the leadership quarterly review that I have 50 people in my business units, and together they clock 3000 hours. And this is what we achieved in 3000 hours. And this is approved. The props messages we see in WordPress Slack, those screenshots, if our employee names is mentioned, are taken screenshots and filing into those review reports.

Three people got props from my team. The WordPress Core release notes, like with major releases. So those contributor list also presented by them. If somebody’s doing some make WordPress blog post or activity, those are also tracked by them. So the heads compile this report, from like bottom ups and then present in leadership meeting. So this is not accidental.

The material ROI is very hard to measure. We cannot say that, oh, we made like X dollars because of this effort. I think, as a salesperson, when I tell a client like, hey, I’m going to give you an engineer who knows WordPress very well. I’m more confident if that person has contributed six months to the WordPress Core. And their patches is weighted by some amazing people in WordPress community, especially senior ones. It’s like a win-win situation for all. This gives me a very, very well trained people to sell.

[00:42:16] Nathan Wrigley: That’s exactly how I was just thinking about it. This kind of win-win cycle of you put people into WordPress, and obviously at a junior level, more time and I can understand that. That makes sense. Presumably the ones who are more experienced, they’ve got other work to be doing. But also they’ve probably gained a ton of experience doing those prior years of extra hours.

So you put the hours in, but also they contribute to Core, but they get experience back out. They’ll be exposed to all sorts of different things that your projects would never have put them in front of, presumably. So they’ll be touching on subject matters. Getting into plugins, themes, blocks, code, Core, whatever it may be in a whole range of different ways than they would be. So like you say, it’s like you slap my back, I’ll slap yours a little bit. Win-win. WordPress wins, you win.

[00:43:06] Rahul Bansal: There are three wins here. The person, that student, who came right out of the college, and usually in college, people here, people have some negative perception about professional life. That companies are evil. You are going to do labor. Somebody will steal your credit, and here they’re on their own. Like they go into the WordPress community on their own. They sign a patch with their name. They file a Trac ticket with their name. They get props in their name. They get treated very well by contributor. If somebody makes mistakes, WordPress committee is full of nice people. Nobody’s going to pull them down. Nobody’s going to shout at them.

Everybody corrects them with respect and compassion, and that helped them grow as a person. Like, they become better human. They become better coder. And that empathy, we see that, when they become senior engineers, and when they’re reviewing some junior’s code, they remember that, hey, when I was, it was my first day in WordPress community, and I made that patch. I made one mistake, but somebody was nice to me, so I have to pass it on. So that niceness cycle continues.

And, the biggest win is that these people like, who has an incredible job satisfaction. They love open source more. Many of them don’t join for the love of open source, they’re at a point when they, join rtCamp, they’re at a point when their college is ending. They just want to get a job, and secure a financial life. Whatever jobs comes their way, they’re okay with it. Open source, closed source, not much preference. But once they’re in, and then we take them through this one year of tour, like six months in training center, then six months in WordPress community, they become the advocate of open source for life.

And that is a very most important win for us because we want people to believe in open source. We don’t want them to say open source is good because their company is selling it. We want them to have that faith that open source is the right way to do things. And that faith is very important for growth. You cannot mug up your mission statement and stand for it.. You have to believe in something to stand for it.

[00:45:00] Nathan Wrigley: What a profoundly interesting thing to have said. I think that’s just fabulous. I think your company is doing so many interesting things. It’s obviously, financially it’s working out, but just the position that you’ve painted there of the way that you are treating your employees, and the autonomy that you’re giving them, and the future opportunities that you are giving them. And the training opportunities giving them, just remarkable. And I’m profoundly impressed by what you’ve been doing.

Unfortunately, time is our enemy. We’re going to call it a day there. Rahul, thank you so much for chatting to me today. That has been an incredible journey. Long may it continue. I wish you and rtCamp all the success that you can possibly have the future.

[00:45:39] Rahul Bansal: Thank you, Nathan. Thanks for having me on this podcast.

On the podcast today we have Rahul Bansal.

Rahul is the founder and CEO of rtCamp, a large agency that specialises in enterprise-grade WordPress projects. He began his journey quite differently, starting as an individual blogger back in 2006, discovering WordPress in 2007, and gradually transitioning from being a publisher to a freelance developer, before founding rtCamp in 2009. Today, rtCamp is an enterprise-grade WordPress consultancy agency, operating globally and trusted by clients such as Google, Meta, Automattic, NewsUK, and Al Jazeera.

Rahul sheds light on working with enterprise clients in the WordPress space. Many of us are familiar with WordPress in the context of small businesses and blogging, but the enterprise space demands additional layers of security and scalability. Rahul explains the factors that set enterprise projects apart, and why meticulous code reviews,   and security audits are essential when working at this level.

He talks about the opportunities in the enterprise space, recounting how rtCamp initially stumbled into enterprise level projects, not even realising their potential until a client’s high expectations led to a decision to market themselves as an enterprise agency.

We also discuss the role of WordPress in enterprise environments, from why Gutenberg has become a credible selling point, due to its powerful editing capabilities, to how the platform’s flexibility supports varied enterprise needs.

Rahul also gets into the importance of positioning, how historical context offers advantages, and the expanding market that makes WordPress a compelling choice for large clients today.

Towards the end, we explore rtCamp’s innovative internship program aimed at growing the WordPress talent pool, and the way they are contributing back to the WordPress project; a win-win for the business and the broader community.

If you’ve ever considered what it takes to work with WordPress at the enterprise level, this episode is for you.

Useful links

rtCamp

White House website

Al Jazeera website

Campus at rtCamp

rtLearn

by Nathan Wrigley at March 12, 2025 02:00 PM under podcast

Do The Woo Community: Effective Collaboration with Clients and Teams: A Chat with Zach Hendershot

In this episode, Adam and Emma discuss effective collaboration with Zach, CEO of Miruni, focusing on setting clear expectations, minimizing manual tasks via automation, and enhancing communication for better client and team interactions.

by BobWP at March 12, 2025 09:49 AM under SaaS

March 11, 2025

Gravatar: Top Strategies for Reducing Friction in Sign-Ups

Creating effective sign-up flows presents a challenging balance. Users expect quick, frictionless experiences, but businesses need quality data to better serve their customers. To get this information, they often overload the sign-up process, leading to high abandonment rates and lost opportunities.

Thankfully, there is a way to find balance – and we’re talking about more than just user-friendly designs. Advanced strategies like intelligent data collection timing and progressive disclosure techniques help maintain healthy conversion rates while gathering essential user information. These approaches, combined with AI-driven personalization, can transform a standard sign-up process into an engaging experience.

Reducing friction while maintaining control over data collection might seem daunting. However, by implementing strategic optimization techniques and tools like Gravatar’s developer API, you can significantly reduce friction points in their sign-up process. 

So, let’s see how you can do just that while still collecting valuable user data that allows for personalization and improves the overall user experience.

Essential strategies for reducing sign-up friction

When talking about sign-up friction, a common topic is form optimization, but that’s only the beginning. You need a bit more if you want to create better sign-up experiences and reduce drop-off rates while still maintaining high data quality.

First, progressive profiling allows you to collect user information gradually rather than overwhelming new users with lengthy forms like these: 

 Example of a bad sign-up form with loads of information

Instead of requesting all details upfront, ask only for essential information during sign-up, and additional data can be gathered as users engage with your product.

Example of progressive profiling in a sign-up

You can also use email-based profile systems like Gravatar to make the process even easier. By integrating Gravatar into your sign-up flow, you can automatically populate user avatars and profile information using just an email address. This eliminates several manual entry steps.

Delayed email verification keeps users engaged by letting them access your app immediately after sign-up. ChargeBee is a great example of this approach: 

  1. New users enter the platform right away by filling in the more important details. 
Chargebee sign-up page
  1. They verify their email address only after signing in.
Chargebee email confirmation message

Finally, smart forms with predictive error prevention catch potential issues before submission rather than returning users to a form with error messages. This real-time validation helps users complete sign-up forms correctly the first time.

Example of predictive error prevention on Chargebee’s sign-up page

Intelligent data collection: When and what to ask 

Making smart decisions about when to request user information can significantly impact sign-up completion rates. A strategic approach starts with distinguishing between essential and non-essential data.

Essential information typically includes:

  • Email address (for account creation).
  • Password.
  • Username (if required).

Non-essential information such as company name, last name, job title, team size, and phone number can definitely wait. 

Custom triggers help time additional data requests effectively. For example, only ask for team size after users show interest in collaboration features. Or request company details when someone visits the enterprise pricing page.

Example of custom triggers for additional data

Profile enrichment through integrations and APIs offers another powerful approach. By combining email-based profile services like Gravatar with progressive data collection, you can build comprehensive user profiles without overwhelming new users.

Gravatar’s API can automatically populate non-essential information from a user’s email address, eliminating the need to ask for basic profile details during sign-up. This approach maintains high conversion rates while still gathering valuable user data.

How Gravatar simplifies user onboarding

Gravatar for developers – Profiles-as-a-Service homepage

Gravatar transforms the traditional sign-up process by automatically populating user profiles through a single email address. This approach eliminates multiple manual entry steps that often cause users to abandon sign-up forms – according to a 2020 study by Wyzow, 80% of users have deleted an app because they found the initial setup process too complex.

This is why major platforms like GitHub, OpenAI, and Atlassian use Gravatar to enhance their sign-up experiences. 

By implementing Gravatar’s REST API, developers can instantly access a rich set of user information:

  • Display names and avatars.
  • Professional information.
  • Biography and location.
  • Language preferences.
  • Pronouns.
  • Social and professional links.
  • User interests.
  • Work history.
  • Social connections.

This enriched data collection happens without requesting additional information from users during sign-up. Instead of presenting new users with lengthy forms asking for profile details, applications can pull this information automatically through the Gravatar API.

The benefits extend beyond the initial sign-up. With comprehensive profile data available immediately, applications can create personalized experiences from the first interaction:

  • Customized welcome messages using the user’s name.
  • Interface language set to user preferences.
  • Content recommendations based on stated interests.
  • Contextual features based on professional background.
  • Team collaboration suggestions using work history.
  • Social connections through matched interests.
  • Location-based content and recommendations.

Implementing Gravatar also helps solve common onboarding challenges:

  • Reduces form abandonment by minimizing required fields.
  • Eliminates the need for users to upload profile pictures.
  • Maintains consistency across multiple platforms.
  • Allows users to update their information in one place.
  • Supports both individual and role-based personalization.
  • Enables automatic profile updates across integrated services.

The system respects user privacy by letting individuals control what information they share. Users can maintain multiple profiles with different levels of detail tied to separate email addresses, giving them full control over their online presence while still providing valuable data for personalization.

Example of privacy settings for a Gravatar profile – toggle switch for API access

For developers, integration is straightforward through the REST API, with comprehensive documentation and support available. And since Gravatar is free for both users and developers, it offers a cost-effective way to enhance sign-up flows and improve user engagement from the start. The API’s design focuses on developer experience, making it simple to implement and maintain while providing powerful personalization capabilities.

Real-world examples: Successful Gravatar implementations

Let’s see how different websites use Gravatar to make signing up and getting started super simple. 

OpenAI offers a perfect example of a streamlined approach: 

  1. Users sign up with their email and create a password.
Creating an account on OpenAI
  1. Their profile picture automatically appears from Gravatar. 
Profile picture on the OpenAI website 

No extra steps are needed. This small touch adds a personal element to their AI platform experience right from the start.

WordPress.com takes this integration even further. When someone signs up, the platform automatically pulls in everything from their Gravatar profile – their bio, display name, social links, and even their location and interests. 

Profile information on WordPress.com

This means new bloggers can jump right into writing instead of spending time filling out profile forms. Plus, any changes they make to their Gravatar profile automatically update across all their WordPress sites.

Other popular platforms also use Gravatar in creative ways to make things easier for their users:

Developer platforms:

  • GitHub shows Gravatar avatars next to code contributions, helping developers build recognition in open-source communities.
Profile picture on GitHub
  • GitLab uses Gravatar to personalize project dashboards and team features.

Collaboration tools:

  • Figma automatically loads team member profiles to help people connect faster.
  • Slack shows profile pictures in chat to help teammates recognize each other.
  • Trello adds Gravatar photos to cards and boards to make project tracking more personal.

The best part? Users only need to update their info in one place – their Gravatar profile. That single update gets reflected everywhere they use these tools, making it super convenient to keep a consistent online presence.

Optimizing mobile sign-up experiences

Making sign-ups work smoothly on mobile devices has become essential, with mobile traffic now exceeding 60% of all web visits. But mobile users face unique challenges – smaller screens, touch interfaces, and often spotty connections. Here’s how to create a mobile-friendly sign-up flow that gets results.

Start with the basics: optimize every element for touch. 

  • Buttons need to be at least 44×44 pixels, with enough spacing to prevent accidental taps. 
  • Make forms finger-friendly by adding ample padding between fields. 
  • Stick to readable font sizes – 16px minimum for text inputs to prevent automatic zooming.

Smart keyboard handling makes a big difference too. Set the right input types (email, tel, number) so users get appropriate keyboards. Group similar fields together to minimize keyboard switches. For example, keep all text fields together, then numeric fields.

Simplify data entry by:

  • Enabling autofill where possible.
Example of autofill during sign-up
  • Offer social login options optimized for mobile.
Example of user-friendly social media sign-up buttons on mobile devices
  • Using Gravatar to auto-populate profile info from email addresses.
  • Adding real-time validation to catch errors early.
Example of real-time validation of a password

Break up longer forms into logical steps with clear progress indicators. Each step should fit comfortably on a mobile screen without scrolling. And remember – every field you require is another chance for users to abandon the process. Only ask for what’s absolutely necessary.

Finally, test your flow on multiple devices and screen sizes. What works on a large iPhone might be frustrating on a smaller Android phone.

Get started with Gravatar’s developer tools

Ready to streamline your sign-up process with Gravatar? Their developer tools make integration surprisingly simple. The new REST API gives you instant access to user profiles with just a few lines of code.

Getting started takes just three steps:

  • Register for a free API key at Gravatar’s Developer Dashboard.
  • Use the interactive console to test API endpoints.
  • Follow the comprehensive documentation to add Gravatar to your app.

The API lets you fetch rich user data like:

  • Profile pictures and avatars.
  • Display names.
  • Professional details.
  • Social links.
  • Location preferences.
  • Custom profile fields.

Best of all, users control what information they share. You just need an email address to start pulling available profile data. This balance between functionality and privacy makes Gravatar great for both developers and users.

Want to explore more? Get in touch with our team today, and we can discuss specific integrations for your platform. 

by Ronnie Burt at March 11, 2025 10:19 PM under User Experience

WordPress.org blog: WordPress 6.8 Beta 2

WordPress 6.8 Beta 2 is now ready for testing!

This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites.  Instead, you should evaluate Beta 2 on a test server and site.

You can test WordPress 6.8 Beta 2 in four ways:

PluginInstall and activate the WordPress Beta Tester plugin on a WordPress install. (Select the “Bleeding edge” channel and “Beta/RC Only” stream.)
Direct DownloadDownload the Beta 2 version (zip) and install it on a WordPress website.
Command LineUse this WP-CLI command: wp core update --version=6.8-beta2
WordPress PlaygroundUse the 6.8 Beta 2 WordPress Playground instance to test the software directly in your browser.  No setup is required–just click and go! 

The current target date for the final release of WordPress 6.8 is April 15, 2025. Get an overview of the 6.8 release cycle, and check the Make WordPress Core blog for 6.8-related posts in the coming weeks for more information.

Catch up on what’s new in WordPress 6.8: Read the Beta 1 announcement for details and highlights.

How to test this release

Your help testing the WordPress 6.8 Beta 2 version is key to ensuring everything in the release is the best it can be. While testing the upgrade process is essential, trying out new features is equally important.  This detailed guide will walk you through testing features in WordPress 6.8.

If you encounter an issue, please report it to the Alpha/Beta area of the support forums or directly to WordPress Trac if you are comfortable writing a reproducible bug report. You can also check your issue against a list of known bugs.

Curious about testing releases in general? Follow along with the testing initiatives in Make Core and join the #core-test channel on Making WordPress Slack.

Vulnerability bounty doubles during Beta/RC

Between Beta 1, released on March 4, 2025, and the final Release Candidate (RC) scheduled for April 8, 2025, the monetary reward for reporting new, unreleased security vulnerabilities is doubled. Please follow responsible disclosure practices as detailed in the project’s security practices and policies outlined on the HackerOne page and in the security white paper.

Beta 2 updates and highlights

WordPress 6.8 Beta 2 contains more than 14 Editor updates and fixes since the Beta 1 release, including 21 tickets for WordPress core.

Each beta cycle focuses on bug fixes; more are on the way with your help through testing. You can browse the technical details for all issues addressed since Beta 1 using these links:

A Beta 2 haiku

Second wave refines,
Lines of code like rivers flow,
WordPress finds its form.

Props to @ankitkumarshah @vgnavada @krupajnanda @michelleames @audrasjb @marybaum @ecgan for proofreading and review.

by Jeffrey Paul at March 11, 2025 03:46 PM under releases

Follow our RSS feed: 

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this site, send an email to Matt.

Official Blog

For official WordPress development news, check out the WordPress Core Blog.

Subscriptions

Last updated:

March 21, 2025 11:45 PM
All times are UTC.