Monthly Archives: February 2018

New Team Forms to Facilitate GDPR Compliance in WordPress Core

As May 25th, the enforcement date for the General Data Protection Regulation (GDPR) draws near, individuals and businesses are scrambling to make sure they’re compliant. I’ve read a number of blog posts throughout the WordPress community explaining the GDPR and what needs to be done for compliance and it’s a tough thing to grasp.

The EU GDPR was designed to harmonize data privacy laws across Europe, protect and empower European citizens data privacy, and reshape the way organizations across the region approach data privacy. In reading the regulation and various blog posts, the terminology makes it appear that the changes are geared towards large, international businesses that process personal data.

However, according to Heather Burns, a digital law specialist in Glasgow, Scotland, the GDPR affects sites large and small.

GDPR applies to all businesses, organizations, sectors, situations, and scenarios, regardless of a business’s size, head count, or financial turnover. A small app studio is every bit as beholden to these rules as a large corporation.

Determining if your site needs to be compliant and how to accomplish it can be overwhelming. If you do business in Europe or collect data from European users, you must protect that data in accordance with the GDPR as if you were in Europe. For example, if you operate a blog with a contact form that saves entries to the database from people who live in Europe, you must make your site GDPR compliant.

There are a lot of aspects to the GDPR and while an excerpt can not fully explain it at a glance, there are a few themes that stick out to me.

  • Be upfront and concise about what data is stored, sent, and used on the site or form.
  • Give the user a chance to consent without automatically opting them in.
  • Collect the least amount of data possible for legitimate business purposes.
  • Provide a way for users to download or access their data and remove it.

Many of these are common sense practices that are not implemented on many sites, WP Tavern included. How often do you visit a site’s contact form and see an explanation as to why those fields are required, where the data is stored, where it goes, and what is done with it? This is something I’ll be working on in the next few weeks.

Making WordPress Core GDPR Compliant

Earlier this month, a number of volunteers gathered to discuss GDPR compliance in WordPress core. The meeting took place in a newly created channel #gdpr-compliance that’s accessible to anyone with a SlackHQ account.

The team created a proposed roadmap to add privacy tools to core. The plan includes the following ideas:

  • Add notices for registered users and commenters on what data is collected in core by default and explain why.
  • Create guidelines for plugins on how to become GDPR compliant.
  • Create and add tools to facilitate compliance and privacy in general.
  • Add documentation and help for site owners to learn how to use these tools.

Earlier today, the team met and created a GitHub folder that houses the roadmap, knowledge base, trac ticket list, and other items associated with the project. There was also some discussion on whether the interface provided by the GDPR for WordPress project is a good foundation for core and plugins to report personal data. The GDPR Compliance Slack channel is also a good place to ask questions and discuss data privacy in general.

Popular form plugins such as GravityForms and NinjaForms have documentation available that explains GDPR compliance and how it applies to their products. For those who use the Contact Form module in Jetpack which saves entries to the database by default, you’ll need to wait for further updates. WooCommerce and Automattic have announced that they expect their products will be GDPR compliant by the time it goes into effect later this year.

GDPR Resources

If you’re like me, reading about the GDPR and its policies can make your head spin. It’s important to keep in mind that at the heart of the GDPR are common sense behaviors for handling personal data. If you’d like to learn more about the GDPR, check out the following resources.

Source: WP Tavern

Matt Cromwell Hosts Matt Mullenweg in Q&A Gutenberg Interview

Matt Cromwell, Head of Support and Community Outreach for GiveWP and an administrator for the Advanced WordPress Facebook group, hosted a question and answer session about Gutenberg with Matt Mullenweg earlier today. The interview concludes the Advanced WordPress Gutenberg interview series that includes, Joost de Valk, Ahmad Awais, and Tammie Lister.

Mullenweg began the session by explaining why there is a concerted effort to improve the editor. “It’s really almost any user test that you watch,” he said. “Both watching people brand new to WordPress and those with years of experience on how they used the editor. It became obvious that we could make something more accessible to new users, but also, a lot more powerful for developers.”

With regards to a release date, Mullenweg confirmed that Gutenberg will ship when it’s ready. Later in the interview, Mullenweg was asked if he could provide a more concrete answer.

“For those who want a concrete date, we will have one or two orders of magnitude more users of Gutenberg in April,” he responded. “That doesn’t mean necessarily a 5.0 release, but it does mean that if you’re planning on aiming for something where a lot of users will be interacting with Gutenberg, aim for April.”

While the project’s name is Gutenberg, some developers have expressed concerns on how the name will be deprecated if at all once it’s merged into core. There are a number of educational resources, products, and tool kits referencing Gutenberg that could be a source of confusion once it’s merged into core and referred to as the editor.

Mullenweg was asked if the Gutenberg name will be deprecated. “We’ll see,” he replied. “I don’t think it’s the most important thing to figure out right now. We’re tackling some much bigger issues. If the plugin is useful, we’ll keep it around for beta testing, if not, we’ll have it turn itself off.”

Mullenweg concluded the interview thanking the Advanced WordPress Facebook group for the passion and discussions shared by members. The group has more than 30K members, is free to join, well maintained, and often filled with interesting topics. You can watch the interview in its entirety below.

Source: WP Tavern

WordCamp Orange County Plugin-A-Palooza First Place Prize is $3,000

WordCamp Orange County, CA, 2018 will take place June 9-10. In addition to the regular WordCamp format of speakers sharing their knowledge, there is also a mini-event called Plugin-A-Palooza. This year marks the fourth contest where plugin authors will compete for one of three prizes.

  • First Place – $3,000 cash and 1 Sucuri Business (VIP) license
  • Second Place – $1,500 cash and 1 Sucuri Business (VIP) license
  • Third Place – $500 cash

Teams will be judged live based on the following criteria:

  • Originality
  • User Experience/User Interface
  • Code Quality
  • Presentation of the plugin on WordPress.org.

Teams can have up to three participants, are required to build their own plugin, and upload it to the WordPress plugin directory by May 18th. Teams will present their plugins to the judges and audience on June 10th.

Previous winners and plugins include:

Bridget Willard, WordCamp Orange County organizer, says the event encourages innovation and personal development which are important parts of WordCamps. “The first plugin that won was WPRollback by WordImpress,” she said. “It’s widely used in the community now. We’d love to see other camps doing this.”

If you’re interested in participating in Plugin-A-Palooza at WordCamp Orange County this year, you’ll need to fill out this entry form. The deadline for submissions is March 5th.

Source: WP Tavern

WPWeekly Episode 305 – 10up, JavaScript for WordPress Conference, and Jetpack 5.8

In this episode, John James Jacoby and I discuss the news of the week. We also chat about the Winter Olympics, crypto mining in order to access content on the web, and the joys of taking care of a puppy. Last but not least, we talk about Elasticsearch in Jetpack 5.8 and whether or not improving WordPress’ native search functionality through a service is the way to go.

Stories Discussed:

Jetpack 5.8 Adds Lazy Loading for Images Module
Free Virtual WordPress for JavaScript Conference June 29th
10up Turns Seven
“Not Updated In …” Warning

WPWeekly Meta:

Next Episode: Wednesday, February 21st 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #305:

Source: WP Tavern

10up Turns Seven

10up, a web development agency founded by Jake Goldman in 2011, has turned seven years old. In a blog post celebrating the occasion, Goldman reviews the previous year and highlights some notable events for the company.

“We welcomed more than 30 new clients to our portfolio in another record sales year,” Goldman said. “We launched new websites along with web and mobile apps for major brands across verticals as diverse as finance, healthcare, academia, high-tech, big media, consumer packaged goods, food and beverage, and fitness… to name a few.”

He also highlighted the company’s commitment to open source and giving back to WordPress. Throughout the past year, the company has released a number of WordPress plugins and developer tools including, Distributor, WP Snapshots, WP Local Docker, Async Transients, and more.

Goldman describes three trends he’s noticed in the past few years.

  1. Integrations with innovation happening in other projects and platforms has become increasingly important as the web matures. You see it in React.js and Vue.js emerging as popular front end standards, in the rise of Elasticsearch and NoSQL platforms, with two factor authentication and Google single sign on, with the rise of modern Asset Management Systems.
  2. For publishers, it’s increasingly becoming about distribution to multiple platforms, more so than just building a website. Google AMP, Facebook Articles, Apple News, Alexa, YouTube channels to name a few.
  3. If you need any more evidence of WordPress dominance, look no further than how highly in demand top-tier engineering talent is. It’s probably – literally – around a factor of 1.5x – 2x what great engineers were earning 3-4 years ago.

With seven years of experience under his belt, Goldman offers the following advice for those who are in their first or second year of running an agency or in a leadership position.

  1.  Don’t be quite so hard on yourself – when you run a business – when you’re a lease – there will always be highs and lows – don’t dwell on the lows.
  2. Put more emphasis on building systems, routines, and check-ins that offer a better pulse on the collective and individual fulfillment, engagement, and health of the team, rather than relying on transparent upwards communication.

Congrats to 10up on seven years in business. To learn more about the company and employment opportunities, visit their official site.

Source: WP Tavern

Free Virtual WordPress for JavaScript Conference June 29th

Zac Gordon, who launched his Gutenberg development course earlier this year, is organizing a virtual conference called JavaScript for WordPress. The conference will take place June 29th and is free to watch.

“Making the event free and online was really important for me so we could have as few barriers to entry for folks wanting to learn,” Gordon said. “I have a feeling a lot of folks who can’t tune live will still appreciate having all the talks available on YouTube for free.”

So far, 15 speakers have been confirmed with more to be announced soon. The speakers include WordPress core developers, theme and plugin developers, agency owners, and educators. Some of the talks will be from designers allowing user experience and usability to be part of the conversation.

Gordon says he’s been wanting to an in-person event for a while but considering the challenges involved, a virtual conference was the next best thing.

“I used to run in-person workshops in the Washington DC area, which I miss, and have wanted to do an event for a while,” he said. “But doing in-person events is so difficult, so the online format seemed like the best option to go with. I got some good advice from Human Made and WP Campus, who both have experience doing online events, so hopefully everything will go smooth.”

To reserve a seat and receive updates, visit the JavaScript for WordPress conference site.

Source: WP Tavern

Jetpack 5.8 Adds Lazy Loading for Images Module

Jetpack 5.8 is available for download and includes a handful of new features for Professional, Premium, and Personal plan users. In October of last year, Jetpack 5.4 began beta testing a new search module based on Elasticsearch. Jetpack 5.8 concludes the beta and the new search service is available to Professional plan customers.

The new search module replaces the native search functionality in WordPress and Jetpack developers claim sites with a large amount of content, images, or products will see significant speed improvements and more relevant results. Developers can fine-tune the user experience by using custom queries and template tags. Users can sort results by categories, tags, month/year, post type, or any taxonomy.

In addition to the Content Delivery Network, users have another method to optimize their sites with a new module named Lazy Load Images. When activated, Jetpack will display a page’s textual content first. When a user scrolls down the page, Jetpack will request and download images so they appear when that section of the page comes into view. Sites with a large amount of images will benefit most from having this module activated.

Premium plan customers can now perform security scans on their sites at any time, upload an unlimited amount of videos, and access SEO tools that were once restricted to Business plan customers.

Other notable improvements include:

  • Support for timezone and site language settings
  • Improved display of notices
  • The GettyImages shortcode now uses the new format required by GettyImages

To view all of the additions in this release, check out the Jetpack 5.8 changelog.

Source: WP Tavern

WPWeekly Episode 304 – DesktopServer, Life, and Health with Marc Benzakein

In this episode, John James Jacoby and I are joined by Marc Benzakein, Operations Manager for ServerPress, LLC. We discussed recent updates to DesktopServer and received a progress report on 4.0. Marc also shared some of the struggles the team encountered throughout 2017.

We learned what’s new with WP SiteSync and what customers can look forward too later this year. We also talked about Marc’s journey of becoming a healthier person both physically and mentally. He recalls the issues he had to overcome and shares advice on how others can improve their health.

Stories Discussed:

WooCommerce 3.3.1 Released, Addresses Template Conflicts
WordPress 4.9.4 Fixes Critical Auto Update Bug in 4.9.3
Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

WPWeekly Meta:

Next Episode: Wednesday, February 14th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #304:

Source: WP Tavern

WooCommerce 3.3.1 Released, Addresses Template Conflicts

WooCommerce 3.3.1 is available and fixes template conflicts discovered in a handful of WordPress themes that forced the team to revert WooCommerce 3.3. The team reviewed handful of the most common themes running WooCommerce and tested them for compatibility with 3.3.1.

WooCommerce developers recommend that theme authors use hooks instead of template overrides to ensure maximum compatibility.

According to Mike Jolley, WooCommerce lead developer, this release highlighted issues with the template system’s extensibility and a disconnect between theme authors on external marketplaces. “We hope to find solutions to these problems in the near future,” Jolley said.

WooCommerce 3.3.1 has at least 90 commits. Users are encouraged to create a full-backup of their sites and then browse to Dashboard > Updates to update WooCommerce from within WordPress.

Source: WP Tavern

WordPress 4.9.4 Fixes Critical Auto Update Bug in 4.9.3

Hours after WordPress 4.9.3 was released, the WordPress development team followed it up with 4.9.4 to fix a critical bug with the auto update process. The bug generates a fatal PHP error when WordPress attempts to update itself.

This error requires WordPress site owners and administrators to manually update to WordPress 4.9.4 by visiting your Dashboard and clicking the Update Now button on the Updates page. Alternatively, you can update by uploading the files via SFTP or by using WP-CLI.

Dion Hulse, WordPress lead developer, says managed hosts that apply updates automatically for their customers will be able to update sites as they normally do. This may explain why some users have reported that sites running 4.9.3 have automatically updated to 4.9.4 without issue.

The bug stems from an attempt to reduce the number of API calls made when the auto update cron job is run. Unfortunately, the code committed had unintended consequences. “It triggers a fatal error as not all of the dependencies of find_core_auto_update() are met,” Hulse said.

A postmortem will be published once the team determines how to prevent this mistake from happening in the future. “We don’t like bugs in WordPress any more than you do, and we’ll be taking steps to both increase automated coverage of our updates and improve tools to aid in the detection of similar bugs before they become an issue in the future,” Hulse said.

While WordPress 4.9.3 and 4.9.4 do not include any security fixes, it’s important to note that in order to receive automatic security updates in the future, sites using the 4.9 branch must be running at least 4.9.4. Older branches are unaffected.

Source: WP Tavern

WordPress 4.9.3 Released, Fixes 34 Bugs

WordPress 4.9.3 is available and fixes 34 bugs. Customizer changesets, the visual editor, widgets, and compatibility for PHP 7.2 highlight this release. You can view all of the changes via the changelog or trac tickets. Most sites will update automatically. However, if you want to trigger the update ahead of time or manually update, visit your Dashboard, click the Updates link, and click Update Now.

Source: WP Tavern