Monthly Archives: October 2017

GDPR for WordPress Project Seeks to Provide a Standard for Plugin Compliance

WordCamp Denmark organizer Kåre Mulvad Steffensen and WP Pusher creator Peter Suhm are working on a GDPR for WordPress project that aims to provide an industry standard for getting plugins compliant with EU General Data Protection Regulation (GDPR) legislation. The deadline for compliance is May 28, 2018, approximately 200 days from now. The Danish duo met at WordCamp Europe a few years ago and were inspired to work together on several projects, with GDPR compliance for WordPress sites being the most urgent item on their list.

“We want to create a standard for plugin creators to describe what kind of data they store and how to handle it,” Suhm said. “With a standard like this it will be possible to build tools to make WP sites compliant with GDPR. That basically means things like generating privacy policies, tools to export sensitive data, and tools to delete it completely. GDPR is pretty complex, so there will likely be a lot of tools around this. The first thing we need is a standard. It’s critical especially for EU based companies, and I can tell you that it’s something people discuss in every meetup and WordCamp over here.”

The GDPR for WordPress site includes a summary of website owners’ obligations in regards to collecting data related to EU citizens. It’s not comprehensive but gives an idea of what items the standard will need to cover:

  • Tell the user: who you are, why you collect the data, for how long and who receives it.
  • Get a clear consent, before collecting any data
  • Let users access their data, and take it with them
  • Let users delete their data
  • Let users know if data breaches occur

Steffensen and Suhm’s first step is surveying WordPress plugin developers to gauge their awareness of the GDPR. They also want to know if developers would be interested in using a free, open source solution, like a simple file with a map of personal and sensitive data stored by their plugins. The GDPR for WordPress team would then use the tool as a foundation to build tools that can take care of compliance by parsing these files.

“When we have the survey data we will continue to work on the standard,” Suhm said. “It will be 100% open source, so everyone can use it to build whatever they see fit afterwards. So far it’s just a lot of ideas and we really want to collect as much input as possible so we can get everyone onboard.”

The team has created a roadmap that that they will update based on feedback from plugin developers. They plan to work on the following:

  • Methodology to describe how a plugin collects, stores, and uses personal data
  • Methodology file builder for plugin developers to use
  • Provide a clear visual compliance indicator on every plugin installed
  • Privacy policy text builder based on installed (compliant) plugins
  • Provide an administrative overview on each users data being stored, across plugins
  • Provide an administrative way to send user data to a specific user upon request
  • Provide an administrative way to delete user data on a specific user upon request
  • Add site wide Explicit consent checkbox, with detailed yet plain English on what data is stored, how it is used and how long. (This is a replacement for the cookie popup) – possible disablement of submitting actions until consent is given? The request to collect data should happen to every user before any data is collected, that might also mean cookies.

Despite the quickly approaching deadline, solutions aimed at helping WordPress sites to be compliant with the GDPR are virtually non-existent. There are currently only six plugins in the directory with descriptions that mention having been built with GDPR compliance and privacy in mind. Many site owners will be woefully unprepared to comply with the legislation.

A couple of months ago we looked the Wider Gravity Forms Stop Entries plugin, which helps site owners protect the privacy of form submissions by preventing them from being stored in the database. Since many plugins don’t have these options built in, other plugin developers have to extend them to suit their users’ needs. At the moment, there is no standard way of doing this because of the wide variance in how plugins store their data.

This solution the GDPR for WordPress team is proposing is different in that it aims to give plugin authors a standard for including a meta description of the personal and sensitive data that their plugins stores. The GDPR doesn’t prohibit plugins from storing personal identifiable data but it does require website owners to detail what, where, and for what purpose it is stored.

“The problem right now is that it is almost impossible to figure out what information a WordPress plugin stores and where it is stored,” Suhm said. “This will make it possible to build general solutions across plugins to ensure GDPR compliance. An example could be a tool to delete sensitive data from a WordPress site, including the data stored by plugins. That is only possible if plugin authors include some sort of description of their ‘data footprint.’”

The biggest challenge the team has is rallying plugin developers to get on board with following a new standard and updating their plugins to provide a data footprint. This is not an easy task as the burden of compliance falls to the website owners, not individual plugin developers. Even if site owners are motivated to educate themselves, the prospect of figuring out what data is being stored and where can be daunting. If the GDPR for WordPress team can successfully get the plugin developer community on board, they can work together to build a suite of tools that help end users get a broad overview of their sites’ GDPR compliance.

Source: WP Tavern

New Dispensary Details Plugin for WooCommerce Adds Cannabis Details to Products

photo credit: Blueberry Kush, Indica-3(license)

Two years ago, WordPress developer Robert DeVore launched WP Dispensary, a free marijuana dispensary menu plugin for WordPress, and has since built an accompanying theme, additional free add-ons, and six commercial extensions. DeVore is aiming to make WP Dispensary a complete online menu software solution for dispensaries and delivery services. The business has grown enough over recent months for him to begin working full-time on it.

“One of the larger objectives going full time with WP Dispensary was to put together content that was specific for both dispensary owners and freelance WordPress developers,” Devore said. “There is a 50/50 split with buyers, so I know that writing content to outline how WPD can help you specifically is an important next step.”

Due to recent demand seen in pre-sales questions, DeVore has just released a Dispensary Details plugin to meet the needs of the much larger market of customers using WooCommerce. The plugin does not require WP Dispensary to work.

“Instead of leaving a need out there, I looked at WP Dispensary and knew I could create a standalone plugin that added the proper details and displayed cleanly within the WooCommerce structure,” DeVore said.

The Dispensary Details for WooCommerce plugin is the first of its kind for the e-commerce platform. It adds custom taxonomies and metaboxes that allow store owners to add cannabis details to products, including information like compound details, aromas, effects, conditions, vendors, symptoms, and more.

The plugin includes separate Edibles and Topicals details boxes where store owners can enter THC/CBD per serving, size, serving count, and net weight. It also has a Grower Details box for cannabis shops that sell clones or seeds with specific sections for origin, average grow time and yield, and the clones/seeds per unit.

Dispensary Details for WooCommerce works with any WordPress theme and simply adds the new Details tab to product pages alongside the various other tabs that WooCommerce displays. The plugin is priced at $149.00, which includes one year of support and updates.

The WordPress product market is just starting to build solutions for the growing marijuana industry, and DeVore predicts that WordPress site builders will soon be in high demand.

“I feel like the industry is going to become more regulated and also increased banking will allow for companies to focus on the marketing/sales side of the business rather than the business side of the business. With companies like KIND Financial recently putting out a seed-to-sale solution along with a bank in Canada, it’s just a sign that things are changing for the better.”

DeVore said changes like these will allow businesses to focus on their websites and WordPress developers will have the opportunity to provide solutions for them, just like they already do for so many other industries. Outside of the U.S. there are already many mail order cannabis services in operation and DeVore said inside the U.S. he has noticed a lot of delivery services that are using WP Dispensary with WooCommerce to allow patients to place orders.

More competition is starting to sprout up for this new niche in the WordPress ecosystem and many of them are working towards providing more comprehensive e-commerce solutions. Lifted Themes is a shop that sells WordPress plugins and themes for the marijuana industry. The company is working on building products that will sync with major POS or Seed to Sale systems. Similarly, H32B provides a theme along with a suite of WooCommerce plugins for medical marijuana dispensaries.

MMJ E-Commerce is another newer company that provides WooCommerce and WordPress plugins and services for dispensaries with a focus on resources for compliance. The site offers plugins for patient registration forms, credit card payments, THC CBD shipping restrictions, and Age Verification forms.

A report from Arcview Market Research published this year showed that North American marijuana sales grew 30% to $6.7 billion and sales are projected to exceed $20 billion by 2021 (assuming a compound annual growth rate of 25%). As of September 2017, 29 states and the District of Columbia have laws that legalize marijuana in some form. As prohibition collapses in more states, the marijuana industry is set to expand and this budding niche in the WordPress ecosystem will likely see significant growth.

Source: WP Tavern

Results From the 2017 WordPress User Survey Are Not Guaranteed to Be Shared

As November edges closer, the countdown to WordCamp US begins. One of the annual traditions that’s part of the event is the WordPress User Survey. The survey is used to gauge who and how people use WordPress. Although the survey says results will be presented at WordCamp US, that hasn’t been the case the last two years.

Astute readers may remember that results from the 2015 survey were not shared. When asked why, Matt Mullenweg replied, “Lots of data to go over, but basically more people are using WordPress, app development is growing, lots of people are making their living with WordPress, and other great trends are showing up,” he said. “We’ll try to do a blog post about it.”

That blog post was never published. Additionally, results from last year’s survey were not shared during the State of the Word or in a blog post.

Thousands of people take the survey providing insight into trends, how people use the software, and demographics. If users voluntarily provide this data to WordPress.org, sharing the results with the public whether it’s a blog post, separate session, or during the State of the Word, would be a nice way to return the favor.

Source: WP Tavern

Patreon Launches App Directory and Free WordPress Plugin for Membership Sites

Patreon was founded in May 2013 as a service with business tools that allow content creators to crowdfund their work through donations and subscriptions. The service is now expanding to help users connect their accounts to more third-party tools that make patron management easier. Patreon launched its new App Directory and Developer Portal today, featuring a free WordPress plugin that offers basic membership capabilities.

The plugin uses the Patreon API to tell the WordPress site who is a patron and what pledge level they are at. Patrons can then click on the “Connect with Patreon” button included with the plugin and site owners will have the ability to publish posts that are viewable by patrons only. It also includes an option to provide an ad-free experience for patrons visiting the site.

The plugin is free, maintained and supported by Patreon, and released under the Apache License Version 2.0. Users who want more features can purchase a commercial plugin called Patron Plugin Pro, which is available in the App Directory from a third party. It offers more granular control over content restriction:

  • Make entire site patron only with a single click
  • Mark an entire post, post type, or parts of content as patron-only with a click
  • Customizable different types of notifications for Patron only content with Message and buttons
  • Custom Banner/Notification for non-patrons viewing a patron-only Post
  • Protect excerpts in listings for patron-only content

Usage of the plugin is $30/year, which includes ongoing updates and access to community support. It does not include premium support. Patron Plugin Pro was created and maintained by CodeBard, a company that also has a plugin on WordPress.org for adding Patreon buttons and widgets. For those who want to build their own integrations, Patreon’s new Developer Portal has documentation on its REST API and Webhooks.

Last month Patreon announced that the company had raised $60M in new funding and hinted that integrations with other platforms were coming. Today’s announcement of apps for WordPress, Zapier, Discourse, Slack, and other services is the beginning of the company’s plan to make a whole ecosystem of tools available to help creators expand their memberships.

Source: WP Tavern

WordPress 4.9 Will Support Shortcodes and Embedded Media in the Text Widget

WordPress 4.8 brought TinyMCE to the core Text widget, along with brand new Image, Video, and Audio media widgets. The upcoming 4.9 release builds on this progress and will introduce some long-awaited improvements to Text widget. Users will finally be able to use shortcodes in the Text widget without the help of additional code from plugins or themes.

This new feature is the answer to an eight-year-old ticket requesting shortcode support inside the Text widget. Weston Ruter broke down the technical details in the dev note for the feature, explaining why it took so long to find a solution:

One reason for the long delay with adding shortcode support in Text widgets was due to many shortcodes looking for a global $post when they run. Since the global $post varies depending on whatever the query is, the shortcodes in a Text widget could render wildly different on different templates of a site. The solution worked out was to temporarily nullify the global $post before doing the shortcodes so that they will consistently have the same global state, with this global $post then restored after the shortcodes are done.

Hundreds of thousands of WordPress installations currently use a plugin to add shortcode support to widgets. Contributors to 4.9 have taken this into account so that updating will not cause unexpected issues.

“If a plugin has added do_shortcode() to widget_text then this filter will be suspended while the widget runs to prevent shortcodes from being applied twice,” Ruter said.

In addition to the new core gallery widget landing in 4.9, this release will also allow users to embed media in the Text widget. A new “Add Media” button is available, making it easy for users to insert images, audio, galleries, and videos, along with text and other content. WordPress 4.9 also adds support for oEmbeds in the Text widget and the Video widget has been updated with expanded support for any oEmbed provider for video.

Little enhancements like these make it easier for users to update their own websites without having to hire a developer or add extra plugins for things that should be simple. The improvements to widgets have also been implemented in such a way that users will be more prepared for how Gutenberg will handle media.

“The media-specific widgets are closely aligned with blocks in Gutenberg; the existence of media inside the Text widget will align with eventual nested blocks in Gutenberg, and would be treated as Classic Text blocks in any future migration from widgets to blocks,” Ruter said.

WordPress 4.9 will improve the experience of switching between themes by including logic that is better at mapping widgets between two themes’ widget areas. This release will also improve the UI for updating and saving widgets in the admin screen. It adds an indicator that shows whether or not widget changes have been saved, as well as a notice if the user attempts to leave the page with unsaved changes.

Source: WP Tavern

WPWeekly Episode 292 – Recap of WooConf and CaboPress

In this episode, John James Jacoby and I are joined by Cody Landefeld, co-founder of Mode Effect. Landefeld described his experience attending WooConf as we reviewed highlights from the State of the Woo.

We also discussed WooCommerce retiring its Canvas theme in favor of Storefront. Jacoby shared his experience attending CaboPress and near the end of the show, we talk about WordPress 4.9 Beta 4.

Stories Discussed:

WooCommerce Stores on Track to Surpass $10B in Sales This Year
WooCommerce Retires Canvas Theme, Recommends Customers Migrate to Storefront Theme
WordPress 4.9 Beta 4 Removes ‘Try Gutenberg’ Call to Action

Picks of the Week:

HeroPress is now accepting donations. If you support the project, please consider donating.

Ninja Forms achieved a milestone. The plugin is activated on more than 1M sites.

WPWeekly Meta:

Next Episode: Wednesday, November 1st 3:00 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #292:

Source: WP Tavern

Goodnight Firebug

firebug logo

Twitter is lighting up with sentimental Firebug remembrances today after Mozilla announced it will reach end-of-life in the Firefox browser next month. Firebug was the first browser-based tool that allowed developers to easily inspect HTML and debug JS. It was discontinued as a separate add-on and merged into Firefox DevTools in 2016 where it will live on.

I remember the days of painstaking debugging before Firebug was available. It was a revolutionary tool that instantly became indispensable, helping developers work more efficiently.

“Firebug changed everything for me as a frontend developer,” Jens Grochtdreis said. “Looking back I cannot remember how hard the times were before Firebug stepped on the scene. Now each browser has mature developer tools. That’s because of Firebug. Mission accomplished!”

In recognition of what Firebug brought to developers, Mozilla reviewed one of the most important points in Firebug history – the decision to open source the software. This allowed for the proliferation of similar browser development tools that we see today. Firebug creator Joe Hewitt, who eventually moved on to Facebook, made the tool open source in December 2006:

The first announcement is in regards to Firebug’s licensing. As I was developing Firebug 1.0, I began to wonder if I should try to turn the project from a hobby into a business. When I proposed this idea on my blog, the response was very positive and reaffirmed my belief that Firebug could do well as a commercial product.
However, in the end, I just don’t feel like that is the right thing to do. I love working on Firebug because I know I’m making a lot of people happy and helping to advance the state of the art. That’s a lot more meaningful to me than just about anything else, and so, I’ve decided that Firebug will remain free and open source.

Mozilla reported that more than a million people are still using the Firebug add-on. Firefox Developer Tools has a guide for migrating from Firebug. There are still several Firebug features missing from Firefox DevTools, but Mozilla is tracking them and working to bring greater parity between the two. Support for the separate Firebug extension will be discontinued with the release of Firefox Quantum (version 57) in November 2018.

Source: WP Tavern

WordPress 4.9 Beta 4 Removes ‘Try Gutenberg’ Call to Action

WordPress beta releases typically don’t generate controversy but in WordPress 4.9 Beta 3, a call to action was added to the dashboard that encouraged users to install and activate Gutenberg.

Try Gutenberg Call to Action
Try Gutenberg Call to Action

Members of the WordPress community raised concerns that clients may install Gutenberg and shared ways to hide the prompt from users. The negative reaction inspired some developers to create plugins that hide the prompt.

One of the primary concerns is that Gutenberg is in a high state of flux and encouraging users to create content inside of it on live sites may cause compatibility issues or adversely affect saved content in the future.

“Any change to the integrity of published content and its formatting that results from changes during continued development and evolution would be unacceptable from the point that we encourage users this directly to install it on live sites,” Nick Halsey said.

“On the other hand, this could require core to take on significant technical debt to maintain compatibility for earlier iterations of the editor as a plugin.

“There should be a make/core post addressing this issue, at a minimum, along with a compatibility plan for the next stage of development as a plugin. Before core encourages millions of sites to use the plugin and rely on it functioning a certain way.”

Other members of the community advocated for the call to action saying it would lead to a larger test sample.

The call to action was removed after the core team discussed it with Matt Mullenweg, “I like the idea of the Gutenberg promo, but want things to be a bit further along before we really open the doors to try to get as many users as possible,” Mullenweg said. “If we can flag off or remove the promo, we can always bring it back in 4.9.1 or another time when things are more ready.”

‘Try Gutenberg’ Dashboard Prompt Will Set A New Precedent

There have been many WordPress features in core that started off as plugins first, MP6 being one of the most memorable. However, to the best of my knowledge, there has never been a dashboard prompt encouraging users to install and activate a beta plugin on a live site.

Although the call to action is focused on raising awareness of Gutenberg, John James Jacoby suggests that the meta block be rewritten so that it can be recycled for other features or plugins to use in the future.

“My concern is that the current approach is not scalable to future feature developments beyond Gutenberg,” Jacoby said. “For example, when a new codenamed feature comes along for WordPress 5.2, cloning this same approach does not seem ideal.”

He suggests that the dashboard widget become a standard part of the dashboard. “This way, we can hype the new hotness on an as-needed basis, and plugins that want to hide it forever can reliably do so one time in a plugin,” Jacoby said.

When Is the Right Time to Hype Gutenberg to the Masses?

Gutenberg is actively installed on more than 3K sites with nearly half of installations running version 1.4. This is a far cry from the 100K active installs Mullenweg would like to see before merging it into core.

I don’t think advertising Gutenberg in the dashboard to millions of users as the new editing experience should be considered until a merge proposal has been published on the Make Core WordPress site. By this time, many of its quirks and how it handles meta data, meta blocks, and preventing data loss will likely be solved.

I am one of the people who raised their eyebrows at the idea of advertising Gutenberg at its current stage of development to the masses. My primary concern is that it’s not ready yet. At the same time, I wonder when or if there is a right or responsible time to advertise installing beta software onto a live site. What do you think?

Source: WP Tavern

WooCommerce Retires Canvas Theme, Recommends Customers Migrate to Storefront Theme

WooCommerce is retiring its Canvas Theme after seven years. Canvas was one of the most innovative themes on the market when it first launched in 2010, giving customers the ability to modify their sites’ design and layout through an extensive options panel. It sold for $99 before the product URL was redirected to a retirement page today.

Canvas’ retirement is a strong signal that Automattic is going all-in on Gutenberg. Without a complete overhaul, the theme is no longer able to keep pace with the changes that Gutenberg and the Customizer will bring to WordPress theming and site building.

“While still early, we believe strongly that Gutenberg is the future,” Canvas lead developer Jeffrey Pearce said. “We’ve decided to invest our resources in preparing our products for it in order to bring you the best experience. Unfortunately, that won’t include Canvas.”

WooCommerce has discontinued Canvas sales and will not be open sourcing the theme to the community.

“Overhauling the theme wouldn’t serve our users, yet continuing to sell it as-is wasn’t the right decision. So we made the difficult decision to say goodbye,” Pearce said.

“We considered open sourcing Canvas to the community, but ultimately decided that extending its lifetime will not serve the community. It’s in the best interest of our users and the community to eventually move to another theme.”

WooCommerce plans to continue supporting active subscriptions and will offer support for lifetime subscriptions for the next year. However, the theme will not be updated to support newer features coming to WordPress. The team strongly urges users to migrate their sites to Storefront, the company’s more mobile-friendly flagship theme built on top of the Underscores starter theme. WooCommerce has published a migration guide to help customers move on from Canvas.

Over the years customers have created many different types of websites (not limited to e-commerce) using Canvas. While some have accepted the inevitable, others are anxious and upset about the change, faced with the prospect of migrating dozens of sites (in many instances) away from the theme. The news of Canvas’ retirement was especially difficult for those who support clients who may not be happy to pay for their existing sites to get updated with no appreciable difference. It’s not easy to sell the change to clients when most of it happens under the hood.

“This puts me in a terrible position,” WooCommerce customer Leon Wagner said. “I have 10 client sites on Canvas. They look beautiful and the clients are happy. So these are done deals, I’ve been paid, and do occasional maintenance. Now you’re telling me I have to go back to each of them and explain that because you’re discontinuing this theme, my clients will now have to pay me thousands of dollars to port their sites (with no obvious improvements) to new themes. Pretty sure I’ll just lose most of those clients.”

Other freelancers and small business owners find themselves in the same boat, many of them with twice that many clients on the Canvas theme. Although the theme can continue to be used without breaking, it will no longer receive compatibility or security updates after the support window expires in October 2018. WooCommerce is currently giving away its Storefront Extensions Bundle for free to Canvas customers to help make the migration easier.

Source: WP Tavern

Gutenberg 1.5 Adds Initial Support for Meta Boxes, Makes Gutenberg the Default Editor

Gutenberg 1.5 was released this morning and introduces several major changes to the plugin. This version takes the new editor off the back burner and makes it the default for creating new posts. The team has also included a way for users to create posts with the Classic Editor, but this requires knowing where to go to access the dropdown (All Posts » Add New).

Version 1.5 adds initial support for meta boxes in an Extended Settings panel beneath the post content. Users won’t see this bottom panel unless they have a plugin installed that includes meta boxes. The sidebar Settings panel must already be toggled open for the bottom panel to appear.

The Extended Settings panel slides up to reveal accordion toggles for plugins that have meta box settings available. The design could use some improvement, especially for navigating back to the post editor. The panel takes over the entire section. On installations with lots of legacy meta boxes it is easy to get lost in all the open/closed toggles.

Gutenberg design lead Tammie Lister said this is the first step towards supporting meta boxes and that there will be iterations to follow. She also warned that it is possible some advanced meta box uses will not work as expected. The Gutenberg team is eager to receive feedback on these cases and will work to find solutions for them. Testers who discover issues with meta box support can post an issue on GitHub or via the plugin’s feedback form, describing the setup and how to reproduce what is breaking.

Version 1.5 also adds a new inserter button between blocks, which Gutenberg engineer Matias Ventura demonstrated with an animated gif in the release post:

This release adds a dropdown to the Publish button. It currently supports visibility and post scheduling features.

There was a great deal of discussion on GitHub surrounding the UI for the publish button, whether it should be a split button dropdown or a single button that provides slightly more friction to prevent accidental publishing. The general consensus was that introducing a bit more friction is desirable, as contributor Davide Casali noted there are many cascading actions that are often tied to the Publish button:

“Some automated publishing actions are irreversible: pings gets sent, emails get sent, Facebook and Twitter gets updates, etc.,” Casali said. “This is very very important for a lot of people and businesses, and nobody wants to send out such actions by accident.”

Contributors are looking for feedback on this implementation and are willing to explore some alternate design options as well. They agreed that it is more important to make the Publish button area pluggable and to work on adapting it based on feedback.

For those who want to completely disable Gutenberg, a new plugin called Classic Editor is available on WordPress.org and ready for testing. It requires WordPress 4.9-beta2 or newer and Gutenberg version 1.5+. Classic Editor comes with two modes that give users the option to fully replace Gutenberg or allow access to both the old and new editors:

  • Fully replaces the Gutenberg editor and restores the Edit Post template.
  • Adds alternate “Edit” links to the Posts and Pages screens, on the toolbar at the top of the screen, and in the admin menu. Using these links will open the corresponding post or page in the Classic Editor.

A setting for switching between the modes is available at Settings » Writing. Other plugins for turning Gutenberg off will likely pop up the closer the it gets to being included in core, but Classic Editor is the official one recommended by core contributors.

The timeline for the merge proposal is not yet set in stone but the Gutenberg team aims to get it more widely tested before writing the proposal. The plugin is currently active on approximately 3,000 WordPress sites.

“The plan is to still have the plugin ready by December, but with holidays the actual merge proposal might be next year,” Tammie Lister said. “It’s important that we get as many users and as much feedback as possible at this point. All of that impacts what happens going forward.”

Source: WP Tavern

Facebook is Testing a “Pay to Play” Requirement for Publishers in the News Feed

Last week Facebook began rolling out its new Explore feed, which is now available for users globally on both desktop and mobile. The new Explore feed encourages discovery by including posts from people and pages that the user doesn’t follow.

Over the weekend, Filip Struhárik, a journalist and editor at Denník N, published data from sixty of the largest Slovak media pages that have experienced a dramatic decrease in organic reach as the result of Facebook moving Pages from the News feed into the Explore feed. Facebook representatives said this is a regional test the company is conducting in six smaller markets, including Bolivia, Cambodia, Guatemala, Serbia, Slovakia, and Sri Lanka. The main News feed in these areas includes only posts from friends and sponsors.

Struhárik shared a chart that shows Slovak media pages having received 4x fewer interactions (likes, comments, shares) since the test began:

Interactions on 60 of the largest Slovak media Facebook pages – Source: CrowdTangle

Adam Mosseri, head of News Feed at Facebook, has confirmed that the experiment is limited to the six countries and the company does not plan to take roll it out globally.

“It’s not global and there are no plans to be,” Mosseri said. “People often tell us they want more from friends so we’re testing two feeds, one for friend content and another dedicated to page content.”

When asked how long the experiment will last, Mosseri said, “Likely months as it can take that long for people to adapt, but we’ll be looking to improve the experience in the meantime.”

Nevertheless, the test has had a dramatic impact on traffic to publishers in the six markets where it is currently active. It has also given the rest of the world a preview of what a new “pay to play” requirement for Facebook’s main News feed might look like in the future.

Limiting the main News feed to posts from friends and family and relocating content from Pages to the Explore feed would be a welcome change for users but bad news for publishers that depend on Facebook to drive referrals. The News Feed has increasingly become a never-ending pile of clickbait posts and ads that users have to sift through in order to see any meaningful content from friends.

Pages and publishers have had to become highly active in marketing their content to compete with advertising. If Facebook’s split feed experiments turn out to be a success, publishers may need to allocate more resources to their advertising budgets if they want to maintain the same reach on the social network.

Source: WP Tavern

Postman SMTP Plugin Forked after Removal from WordPress.org for Security Issues

photo credit: Jerry Kiesewetter

In early October the popular Postman SMTP plugin was removed from WordPress.org due to security issues. The plugin had not been updated in two years and also contained a reflected cross-site scripting (XSS) vulnerability that was made public in June and left unfixed. The security researcher’s attempts to contact the plugin’s author, Jason Hendriks, were unsuccessful.

The plugin is used to improve the delivery of emails that WordPress generates and it logs the causes of failed emails to help eliminate configuration mistakes. It was installed on more than 100,000 sites before it was removed from WordPress.org.

Yehuda Hassine, a WordPress developer and longtime user of the plugin, decided to fork it for the sake of its users and because he thought it was a shame to see all the the original author’s hard work go to waste.

“As a fan of the amazing work Jason has done, I was amazed no one thought of taking it over,” Hassine said. “It’s a great plugin – Jason solved so many problems dealing with SMTP setup in WordPress. He worked so hard and the idea it might disappear shocked me. The plugin worked with almost zero bugs for the past two years.”

Hassine’s fork started on GitHub with fixes for the security issue, but he said he realized not having it on WordPress.org might be a problem for some users. He submitted it under a new name, Post SMTP Mailer/Email Log, and included a patch for the security vulnerability along with fixes for a few bugs with the Gmail API, Mandrill, and SendGrid. The next item on his roadmap is to fix a few issues with PHP 7 compatibility.

Hassine also requested to adopt the original plugin, as there is no way to contact the 100,000 users who depend on it. He said the WordPress.org plugin team denied his request at this time due to the number of users and his relative unfamiliarity in the community, as well as to give the original author more time to respond.

The Post SMTP Mailer/Email Log fork has been alive for a week and already has more than 1,000 users. Hassine said he is spending his free time getting to know the SMTP protocol and Hendriks’ original code. Postman SMTP users who want to switch to the fork can keep the same settings by simply deactivating the old plugin and activating the new one.

Hassine has committed to keeping the plugin free, as many of its users are somewhat technical and able to offer each other support. He said if the fork becomes popular and more difficult to maintain, he will consider a commercial model for support.

Users of the original Postman SMTP plugin had no way of learning about the reasons behind its disappearance except on third-party sites like the Wordfence blog or Facebook posts. The WordPress.org Meta team is currently working on developing a better way to communicate why certain plugins have been closed or removed from the directory. This is a high priority ticket item for the team and a solution should be in place when the next version of the plugin directory goes live.

Source: WP Tavern