Monthly Archives: November 2017

Gutenberg 1.8 Adds Greater Extensibility for Plugin Developers

Gutenberg 1.8 was released this week with several notable improvements that will give plugin developers more flexibility in extending the editor. It introduces block templates, which developers can use when registering a new custom post type. The block templates define a set of pre-configured blocks that will initialize when a user creates a new post. In the example below, Gutenberg lead engineer Matias Ventura demonstrates what a block template for a book custom post type might look like.

This release also improves the design of the tools menu (toggled by the ellipses at the top of the editor) to have a more lightweight UI that will lend itself better to displaying items added by extensions in the future. The new design displays multiple menu items as a radio group where the selected item shows a checkmark, an approach that Gutenberg designers found to be more intuitive after some research.

Version 1.8 adds the ability for developers to filter allowed block types by specifying an array of type names that can be shown in the inserter component. This capability paves the way for block nesting where developers can define allowed children types. It also allows custom post types to specify which blocks are allowed or restricted, which will be useful for keeping CPTs lean as Gutenberg already has a large number of block types.

The release also improves meta box compatibility with a fallback to the classic editor if Gutenberg detects that the meta box is unsupported. Plugin authors can now explicitly declare Gutenberg incompatibility when registering meta boxes, which will trigger a warning to the end user that explains which meta boxes have caused the fallback to the classic editor.

In addition to all the improvements for extending Gutenberg, version 1.8 makes many small design tweaks, including updated color pickers with color indications and collapsible panels, updated icon and tooltip for table of contents menu, and a new contrast checker for paragraph color options. It also puts block actions back on the block level for the default, while still preserving the option to change it to a fixed toolbar at the top of the screen.

For a full list of all the changes in version 1.8, check out the release post and the changelog on WordPress.org.

Source: WP Tavern

WPWeekly Episode 296 – Gutenberg, Telemetry, Calypso, and More With Matt Mullenweg

In this episode, John James Jacoby and I are joined by Matt Mullenweg, co-creator of the WordPress project and CEO of Automattic. We discussed a wide range of topics including, his role on the board of directors at GitLab, Telemetry or data-usage gathering in WordPress, and the WordPress Growth Council.

We learned what’s happening with the Mobile teams inside Automattic, the future of Calypso, and the role of Pressable as a testing bed. Last but not least, we find out how beneficial joining HackerOne has been for WordPress and why WordPress.com finally allowed the installation of third-party themes and plugins through its Business Plan.

WPWeekly Meta:

Next Episode: Wednesday, December 13th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Listen To Episode #296:

Source: WP Tavern

WordPress 4.9.1 Released, Fixes Page Template Bug

WordPress 4.9.1 is available for download and is a maintenance and security release. This release addresses four security issues in WordPress 4.9 and below that could potentially be used as part of a multi-vector attack. According to the release notes, the following changes have been made to WordPress to protect against these vulnerabilities.

  1. Use a properly generated hash for the newbloguser key instead of a determinate substring.
  2. Add escaping to the language attributes used on html elements.
  3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  4. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Rahul Pratap Singh and John Blackbourn are credited with responsibly disclosing the vulnerabilities. In addition to the changes above, 4.9.1 fixes eleven bugs, including the Page Template issue we wrote about last week. Many sites have already updated to 4.9.1 automatically. To see a list of detailed changes, check out this post on Make WordPress Core.

Source: WP Tavern

Four Things I’d Like to See in This Year’s State of the Word

This weekend, WordPressers from far and wide will descend upon Nashville, TN, for WordCamp US. One of the highlights of the event is Matt Mullenweg’s State of the Word. Last year, Mullenweg shared a variety of statistics, made a few announcements, and plotted a new course for WordPress development.

As the event draws near, here are some things I’d like to see addressed in this year’s State of the Word.

Will There Be A Renewed Effort to Make Calypso Plugin Aware?

During the 2016 State of the Word, Mullenweg announced that Calypso became plugin aware.

Plugin Aware Calypso
Plugin Aware Calypso

The idea was that plugins that are actively installed on more than 1 million sites could participate in an experimental program that would add meta box support and other plugin specific features to Calypso. To this day, this has not materialized and I’d like to know what happened and if there will be a renewed effort in 2018.

An Update on WordPress Foundation Supported Initiatives

Last year, we learned that WordCamp Central became its own Public Benefit Corporation while the WordPress Foundation maintained its non-profit status. In addition, the Foundation announced support for like-minded non-profits such as, Hack the Hood, Internet Archive, and Black Girls CODE.

I’d like to know how much money the Foundation has contributed to these causes and if any progress has been made on providing educational workshops in underdeveloped countries.

An Update on WordPress’ Development/Release Strategy

A year into WordPress’ new development and release strategy, I’d like to know what challenges he and the team have faced and overcome. I’d also like to know if the results he has seen thus far warrant continuing the experiment in 2018.

Take an Opportunity to Explain What Gutenberg Really Is

Last year, Mullenweg surprised the community by announcing that the WordPress post editor would be revamped. Since then, we’ve learned that the project’s name is Gutenberg and it’s about more than just the editor. I’d like to see Mullenweg take this unique opportunity to provide a deeper explanation into what the project is and why it’s pivotal for WordPress’ continued success.


This year’s State of the Word will be presented on Saturday, December 2nd, at 4PM Eastern. If you can’t see it in-person, you can watch it for free via the livestream.

Source: WP Tavern

WordCamp Albuquerque Gears Up for 5th Edition in January 2018

WordCamp Albuquerque is gearing up for its 5th edition January 19-21, 2018, following events held in 2011, 2012, 2013, and 2016. An all-new organizing team is ready to invigorate the Southwestern WordPress community with an exciting array of world-class speakers and educational opportunities for both new and experienced users.

Lead organizer Alonso Indacochea said the team is expecting to host 300 attendees. Many of them will be coming from New Mexico, Southern Colorado, West Texas, and Arizona.

“The southwestern community is interesting because there are a lot of developers doing really interesting tech work, but a lot of it happens in silos due to government secrecy,” speaker wrangler Sam Hotchkiss said. “New Mexico has a rich history of technology, from the Manhattan Project and the creation of the first nuclear weapons to the formation of Microsoft, which was founded in Albuquerque in 1975.

“We’re trying to pull together that community to connect with each other, and also establish Albuquerque as a WordCamp with consistently high-quality speakers of global renown.”

In pursuit of this goal, Hotchkiss has recruited a healthy crop of top quality speakers from the WordPress community. During the Saturday afternoon session, Chris Lema, Vice President of Products and Innovation at Liquid Web, will be interviewing a diverse group of speakers in the main hall, including the following:

  • Ashleigh Axios, former Creative Director for the Obama White House and AIGA Board Member
  • Sakin Shrestha, Founder of Catch Themes and the main drive behind the vibrant WordPress community in Nepal
  • John Maeda, Global Head, Computational Design and Inclusion at Automattic
  • Jon Brown, WordPress Nomad
  • Alonso Indacochea, WordCamp lead organizer, who had no serious software development experience 5 years ago, went through a local boot camp, and is now CEO of the fastest growing digital agency in New Mexico

This year WordCamp Albuquerque will feature multiple tracks sorted by topic, beginning with a WordPress Fundamentals track on Friday, January 19.

“Foundation Friday is something I’ve seen be really successful at other camps,” Hotchkiss said. “It gives people who are new to WP a base of knowledge so that they can go into Saturday feeling confident and ready to learn. Each class on Friday will build on the one before it. Starting from scratch? Show up at 9. Already have a site, but need help handling the layout? Come at 10:30.”

Saturday’s program will include sessions in the Business, Design, and Development tracks throughout the day, in addition to the planned interviews. A contributor day session is planned for Sunday. The event’s organizers are still accepting speaker applications until midnight on Monday, December 4. They plan to finalize the schedule next week. Tickets are on sale now and attendees can elect to purchase one for whatever combination of days they wish to attend.

Source: WP Tavern

Practicing the Pac-Man Rule at WordCamp US

With more than 2,000 attendees expected, WordCamp US is one of the largest conferences devoted to WordPress. It’s a great opportunity to meet a lot of new faces and catch up with familiar ones. If you’re standing in the hallway at WordCamp US speaking with a group of people and want to encourage others to say hi or be part of the conversation, try this tip shared by Jason Cosper called the Pac-Man rule written by Eric Holscher.

Mini Pac Man Arcade Machine
photo credit: rbatina Random Phone Shots (license)

The rule is simple. When standing in a circle, provide an opening for someone to join the group. By standing in an open circle, it gives a passersby explicit permission to join the group and limits the appearance of cliques. I didn’t realize how standing in a closed circle can be off-putting to those wanting to introduce themselves or chime in until learning about this rule.

In addition to the Pac-Man rule, Bob Dunn suggests using eye contact to invite people to the group. Morten Rand-Hendriksen suggests that if you’re looking to start a conversation with someone new, start with groups of two people as they likely know each other and want to talk to new people. I’ll be practicing the Pac-Man rule this weekend and I encourage other attendees to do so as well.

Source: WP Tavern

Gutenberg Team Is Ramping Up Usability Testing at WordCamp US

The Gutenberg Team will have a usability testing station set up at WordCamp US where attendees can participate in a round of pre-set tests that focus on the writing flow. Testers will answer a short survey that includes their prior WordPress experience level, age, and device used. Volunteers will get participants set up with a testing site and will start the screen recording app.

Testers will be asked to create a post based on the content shown in an image. There are three different images, which require the user to perform actions such as adding images, embedding media, creating unordered lists, adding quotes, and other basic content creation tasks. In order to segment results, the usability tests have been divided into beginner, intermediate, and advanced level images.

Advanced level task image for Gutenberg usability testing

After completing the test, participants will be asked to answer a few followup questions, such as “Did the task take longer or shorter than you expected?” and “Are you more or less likely to use the Gutenberg editor in the future?”

“This is the second round of usability testing scripts — we tried out the first batch of scripts at WordCamp Milano, and made some adjustments for clarity,” Gutenberg design lead Tammie Lister said. “As a result of testing, we moved the toolbar on blocks to not be fixed and back to the block. At Milano, we tested the tests.”

As the result of these tests and other prior feedback, Lister recommended the default position of the toolbar to be fixed to the block.

Anna Harrison, UX lead at Ephox (the makers of tinyMCE), has been instrumental in helping with the efforts around testing and writing scripts. She also offered feedback on the ticket, referencing comments from the previous discussion on the issue:

A fixed [docked to top] toolbar solution has several complications. Firstly, we break accessibility. I won’t reiterate the discussion, as it’s well articulated above. Secondly, we break things independent of accessibility – I ran user tests on something quite similar to this last year, and we discovered that disconnecting the toolbar from the point of action resulted in 100% user test fails.

Gutenberg version 1.8 will change the default back to displaying block actions on the block level, although the option to change it to a fixed toolbar at the top of the screen will still be available. This change is one example of how usability testing is shaping Gutenberg’s development. WordCamp US is an opportunity for the team to collect a host of new testing data in one place.

Lister said all the data that is collected will be processed by volunteers on the make/test team, but the team is still small and they could use more volunteers to work on this effort.

“The turnaround time on processing the data we collect really depends on how many volunteers are available to work on it,” Lister said. “It also depends on if it’s a bug reported – bugs are easier to get fixed right away. If the data indicates an area where we need to investigate more, we’ll do that. The results of the testing will be published on make.wordpress.org/test.”

Lister said the team is hoping to reach a wider variety of WordPress users at WCUS this year, from all backgrounds and careers. The testing booth offers an opportunity for anyone to contribute to the future of WordPress, regardless of your experience level or familiarity with the software. The team is also eager to broaden its testing field by recruiting non-WordPress users as well. If you can’t make it to WordCamp US, you can still contribute to Gutenberg by taking and administering usability tests on your own with the help of the instructions posted on the make.wordpress.org/test site.

Source: WP Tavern

Delete Me WordPress Plugin Assists Website Owners in Granting the GDPR Right to be Forgotten

photo credit: pj_vanf to err is human(license)

With the EU GDPR compliance deadline just 178 days away, many WordPress site owners are looking for tools that will help them meet the requirements. The regulation expands existing rights of data subjects in several key ways, including (but not limited to) the right to be notified of data breaches, the right to access personal data, the right to be forgotten, and the right to data portability.

A plugin called Delete Me, by Clinton Caldwell, is one that may be helpful in addressing the Right to be Forgotten. The GDPR.org website breaks it down as follows:

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.

The Delete Me plugin takes this one step further for site owners who are comfortable allowing users to delete their own data without having to create a request for it. By default, the delete button displays on the profile.php screen in the admin, but administrators can elect to use a shortcode to display it somewhere else on the frontend.

The plugin will delete the users’ posts, links, and even comments (optional) after the user confirms. The confirmation screen could stand to include more information about what data is being deleted so that the user knows what to expect. However, administrators do have the option to specify this within the JavaScript confirmation dialog. After deletion the user is dumped back out to the homepage by default, but the redirect URL can be configured in the plugin’s settings page.

Additional configurable settings include the ability to select specific WordPress roles to allow to delete themselves, specify class and style attributes of delete link, enable or disable JavaScript confirm for Shortcode, specify button text, and send an email notification when users delete themselves.

Delete Me also supports network activation and single site activation for multisite installations. By default, users can only delete themselves and their content from a single site, while other networked sites where they are registered will not be affected. The plugin does include a “Delete From Network” checkbox that administrators can enable to allow users to delete themselves from all sites on the network.

Delete Me is available for free on WordPress.org. I tested the plugin and have confirmed that it works with WordPress 5.0-alpha. It is currently active on more than 2,000 sites. By no means does it satisfy the full requirements of the GDPR, but it provides a decent starting point for site owners who want to make this option available to their users without having to manually fulfill their requests.

Source: WP Tavern

WPWeekly Episode 295 – Turkey With A Side of Gutenberg and Giving Thanks to Open Source

I apologize for the delay in getting this episode out to you. In this episode, John James Jacoby and I discussed a range of topics, including a caching bug introduced in WordPress 4.9 that causes Page Templates not to display for an hour. We talk about the possibilities of using Gutenberg with WooCommerce and how it could impact product management.

As is tradition, near the end of the show, we shared what we’re thankful for. We also shared what listeners are thankful for regarding open source.

Stories Discussed:

This bug is causing some theme developers to rip their hair out. Weston Ruter explains why the change was implemented.
WooCommerce Explores the Possibilities and Challenges for E-Commerce in the Gutenberg Era
Tailor Page Builder Plugin Discontinued, Owners Cite Funding, Gutenberg, and Competition
WordCamp Europe 2018 Speaker Applications Now Open
GitHub Launches Security Alerts for JavaScript and Ruby Projects, Python Support Coming in 2018

Picks of the Week:

Trigger Happy developed by Hotsource is a visual scripting tool for WordPress, allowing you to connect plugins and events together using a simple user interface. It currently supports core WordPress functionality, WooCommerce, and Ninja Form.

Big dummy is a project for folks who need to emulate an established blog with plenty of content while doing WordPress benchmarking and performance testing.

There are 2495 posts, 6197 comments, 231 tags, 26 categories, and 10 pages worth of WordPress dummy data, fully ready to import. That’s 3 (simulated) years worth of content. Note: There are ~1.6 GB of images (courtesy of Unsplash) attached to these posts. It’s a very good idea to import everything but the media in order to avoid timeouts or errors with the WordPress Importer.

WPWeekly Meta:

Next Episode: Wednesday, November 29th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Listen To Episode #295:

Source: WP Tavern

Workarounds for the Page Template Bug in WordPress 4.9

WordPress 4.9 “Tipton” was released last week and although it’s largely trouble-free, there is one particular issue users and developers are running into that’s causing frustration. In 4.9, custom page templates that are created fail to display in the Template drop-down menu. The issue is related to changes made to the file editor.

Previous versions of WordPress listed files 2-levels deep in the editor. In 4.9, the entire directory tree for a theme is listed regardless of its depth. Caching was added to help limit the performance impacts of loading large WordPress themes. “An unintended side effect of the caching is that the same directory listing function get_files is used both for the theme editor and for gathering page templates,” Weston Ruter, Co-Release Lead for WordPress 4.9 said.

Within the trac ticket, developers suggests that a button be added that flushes all caches or disabling the cache if WP_DEBUG is set to true. Neither suggestion turned into a patch committed to core. Instead, Ruter has released a plugin as a workaround that flushes the template cache. Other workarounds include, bumping the theme’s version, running the wp cache flush command in WP CLI, or waiting 60 minutes for the cache to expire.

The ticket is marked as a high priority but because of the upcoming holidays in the US and WordCamp US next weekend, it could be at least a few weeks before WordPress 4.9.1 is released.

Source: WP Tavern

Tide Project Aims to Audit and Score WordPress Themes and Plugins based on Code Quality

Last week XWP dropped an intriguing preview of a new project called Tide that aims to improve code quality across the WordPress plugin and theme ecosystems. The company has been working with the support of Google, Automattic, and WP Engine, on creating a new service that will help users make better plugin decisions and assist developers in writing better code.

XWP’s marketing manager Rob Stinson summarized the project’s direction so far:

Tide is a service, consisting of an API, Audit Server, and Sync Server, working in tandem to run a series of automated tests against the WordPress.org plugin and theme directories. Through the Tide plugin, the results of these tests are delivered as an aggregated score in the WordPress admin that represents the overall code quality of the plugin or theme. A comprehensive report is generated, equipping developers to better understand how they can increase the quality of their code.

The XWP announcement also included a screenshot of how this data might be presented in the WordPress plugin directory:

XWP plans to unveil the service at WordCamp US in Nashville at the Google booth where they will be inviting the community to get involved. Naturally, a project with the potential to have this much impact on the plugin ecosystem raises many questions about who is behind the vision and what kind of metrics will be used.

I contacted Rob Stinson and Luke Carbis at XWP, who are both contributors to the project, to get an inside look at how it started and where they anticipate it going.

“Tide was started at XWP about 12 months ago when one of our service teams pulled together the idea, followed up by a proof of concept, of a tool that ran a series of code quality tests against a package of code (WordPress plugin) and returned the results via an API,” Stinson said. “We shortly after came up with the name Tide, inspired by the proverb ‘A rising tide lifts all boats,’ thinking that if a tool like this could lower the barrier of entry to good quality code for enough developers, it could lift the quality of code across the whole WordPress ecosystem.”

Stinson said XWP ramped up its efforts on Tide during the last few months after beginning to see its potential and sharing the vision with partners.

“Google, Automattic and WP Engine have all helped resource (funds, infrastructure, developer time, advice etc) the project recently as well,” Stinson said. “Their support has really helped us build momentum. Google have been a big part of this since about August. We had been working with them on other projects and when we shared with them the vision for Tide, they loved it and saw how in line it is with the vision they have for a better performant web.”

The Tide service is not currently active but a beta version will launch at WordCamp US with a WordPress plugin to follow shortly thereafter. Stinson said the team designed the first version to present the possibilities of Tide and encourage feedback and contribution from the community.

“We realize that Tide will be its best if its open sourced,” he said. “There are many moving parts to it and we recognize that the larger the input from the community, the better it will represent and solve the needs of the community around code quality.”

At this phase of the project, nothing has been set in stone. The Tide team is continuing to experiment with different ways of making the plugin audit data available, as well as refining how that data is weighed when delivering a Tide score.

“The star rating is just an idea we have been playing with,” Stinson said. “The purpose of it will be to aggregate the full report that is produced by Tide into a simple and easy to understand metric that WordPress users can refer to when making decisions about plugins and themes. We know we haven’t got this metric and how it is displayed quite right. We’ve had some great feedback from the community already.”

The service is not just designed to output scores but also to make it easy for developers to identify weaknesses in their code and learn how to fix them.

“Lowering the barrier of entry to writing good code was the original inspiration for the idea,” Stinson said.

Tide Project Team Plans to Refine Metrics Used for Audit Score based on Community Feedback

The Tide project website, wptide.org, will launch at WordCamp US and will provide developers with scores, including specifics like line numbers and descriptions of failed sniffs. Plugin developers will be able to use the site to improve their code and WordPress users will be able to quickly check the quality of a plugin. XWP product manager Luke Carbis explained how the Tide score is currently calculated.

“Right now, Tide runs a series of code sniffs across a plugin / theme, takes the results, applies some weighting (potential security issues are more important than tabs vs. spaces), and then averages the results per line of code,” Carbis said. “The output of this is a score out of 100, which is a great indicator of the quality of a plugin or theme. The ‘algorithm’ that determines the score is basically just a series of weightings.”

The weightings the service is currently using were selected as a starting point, but Carbis said the team hopes the WordPress community will help them to refine it.

“If it makes sense, maybe one day this score could be surfaced in the WordPress admin (on the add new plugin page),” Carbis said. “Or maybe it could influence the search results (higher rated plugins ranked first). Or maybe it just stays on wptide.org. That’s really up to the community to decide.”

In addition to running codesniffs, the Tide service will run two other scans. A Lighthouse scan, using Google’s open-source, automated tool for improving the quality of web pages, will be performed on themes, which Carbis says is a “huge technological accomplishment.”

“For every theme in the directory, we’re spinning up a temporary WordPress install, and running a Lighthouse audit in a headless chrome instance,” Carbis said. “This means we get a detailed report of the theme’s front end output quality, not just the code that powers it.”

The second scan Tide will perform measures PHP compatibility and will apply to both plugins and themes.

“Tide can tell which versions of PHP a plugin or theme will work with,” Carbis said. “For users, this means we could potentially hide results that we know won’t work with their WordPress install (or at least show a warning). For hosts, this means they can easily check the PHP compatibility before upgrading an install to PHP 7 (we think this will cause many more installs to be upgraded – the net effect being a noticeable speed increase, which we find really exciting and motivating).”

Carbis said that the team is currently working in the short term to get the PHP Compatibility piece into the WordPress.org API, which he says could start influencing search results without any changes to WordPress core.

“We’d also like to start engaging with the community to find out whether surfacing a Code Quality score to WordPress users is helpful, and if it is, what does that look like? (e.g. score out of 100, 5 star rating, A/B/C/D, etc.),” Carbis said. “We will release our suggestion for what this could look like as a plugin shortly after WordCamp US.”

More specific information about the metrics Tide is currently using and how it applies to plugins and themes will be available after the service launches in beta. If you are attending WordCamp US and have some suggestions or feedback to offer the team, make sure to stop by the Google sponsorship booth.

Source: WP Tavern

Envato Elements Adds Unlimited WordPress Theme and Plugin Downloads to Subscription Plan

Envato has added unlimited WordPress theme and plugin downloads to its Elements digital assets subscription service. The company is including a curated collection of 210 WordPress themes and 100 plugins along with 400,000 other design assets already offered through the service.

Envato is the largest WordPress theme marketplace on the web with 39,102 themes and website templates for sale. Last year the company celebrated 10 years in business and reported that the community earned more than $40 million, with a significant portion of that revenue coming from WordPress products.

The new “all you can eat” style package for WordPress themes on Envato Elements was introduced to boost the value of the service’s annual subscription plan and is not available to monthly subscribers. For $228/year, annual subscribers can change themes as often as they choose, which is the chief selling point of the new addition. However, the subscription service does not provide direct item support for the themes, as they are submitted by independent designers.

Current Elements subscribers have the option to change their payment plans from monthly to annual to gain access to the unlimited WordPress products. Several disgruntled customers have taken to Twitter to express their dissatisfaction with the WordPress additions being withheld from existing monthly subscribers and perceive it to be heavy-handed a tactic for locking in more annual subscribers before raising the price.

An Envato support representative offered some background on the decision in response to monthly subscribers who do not appreciate being excluded from additions to the service.

“We chose this pricing model because we think it creates the fairest platform for both our subscribers and our authors,” the representative said. “A huge amount of time and dedication goes into creating and maintaining WordPress themes and plugin so this allows us to help protect the earnings of the authors who provide our community with premium assets.”

Source: WP Tavern