WordPress.org

The University of Wisconsin is offering a free self-paced course on Creating WordPress Websites for students through its Stevens Point branch. It is one of ten free courses offered to the general public in a catalog that includes courses on management, communication, personal finance, customer service, and small business marketing. Creating WordPress websites has become an essential skill, as the software now powers 37.5% of all websites ranked in the top 10 million by Alexa.

The WordPress course is designed to give users hands-on experience in building a website. Students will learn how to design pages, add content, and customize their sites using themes and plugins. Self-hosted sites require paid hosting, and SiteGround has donated a free 90-day hosting account and temporary domain for students to use while taking the course. Instructions for how to sign up are included in Lesson 1.

The course is 24 hours and covers a wide range site creation topics, including creating content, uploading images and files, the basics of optimizing for usability and search engines, and how to analyze stats and promote content to social media. This is a good way to get started for anyone wanting to learn WordPress with a more structured approach. It may be helpful for new users who are exploring a career change or wanting to create a website for a new business.

Creating WordPress Websites is a non-credit course and is suitable for students who are comfortable learning without an instructor. The registration deadline for the free courses is June 30, 2020. Students will have three months of access to the course after registration.

Yesterday, core contributor Aaron Jorbin proposed renaming the default “master” branch for all WordPress-owned Git repositories to “main.” The proposal comes among a flurry of related terminology changes that the larger tech community is considering around oppressive language.

Based on the ongoing discussion in the comments of the proposal, the term “trunk” has gained popularity, and the original post has been updated in favor of that term. If it moves forward, trunk would be more in line with core WordPress, which uses Subversion (SVN). It would also make sense along with the “branch” terminology already in use with both SVN and Git — tree, trunk, and branches.

“As a part of tearing down the systems of oppression that exist in the world, WordPress should remove references to master and replace them with trunk in all git repositories,” wrote Jorbin.

Amidst the backdrop of the Black Lives Matter movement and following the death of George Floyd, the tech community has been taking a deeper look into its systems and determining what changes it can make. While there are larger systemic issues at play, many are determined to remove any potentially oppressive or discriminatory terminology. The idea is not that these minor changes will create an evolution overnight but that they are small pieces of the much bigger picture — cogs in the machine that must move for the wheel to turn.

“This is a small move, but if it makes one more person comfortable contributing to a WordPress project, it will be worth it,” wrote Jorbin.

GitHub should soon be making a similar change across its platform. In response to a tweet calling for GitHub to lead the charge and rename the default “master” branch to “main,” CEO Nat Friedman said they were already working on a solution. It is unclear how this will work going forward and whether it would affect existing repositories. For now, it seems GitHub is on board.

Thus far, the WordPress proposal has been mostly met with support. However, there was some dissent.

Core contributor Zebulan Stanphill argued that language is oppressive based on context and, in this context, the change does not make sense. “Similarly, no one in their right mind is going to think you support human slavery when you use the term ‘master branch,'” he wrote in the comments of the proposal. “The term ‘master’ itself is already used far outside of the context of slavery. Think novice->pro->master. Think also: mastering the craft, remastering music, and etc.”

As harmless as the word “main” seems in most Western cultures, a comment posted by Mike Schroder (original Japanese text by Takayuki Miyoshi and translation by Shinichi Nishikawa) pointed out that it was problematic in Japanese culture. “In Japan, for example, to put ‘main’ and ‘others’ as different groups has been utilized as an excuse to justify discrimination,” said Miyoshi. “Not caring about suppressing the Ainu people and their culture at all is possible because of the assumption that Yamato folk is the main and others are secondary. I now came to a point to think we should consider that to set one thing as ‘main’ creates marginals that get oppressed.”

Language is not always easy, especially when addressing a global community, each with their own terms that are possibly discriminatory. For now, trunk seems to be a good fit while throwing a nod to WordPress’s SVN roots.

This would not be the first time that WordPress has made a move to change terminology such as this. David Artiss, a Support Engineer at Automattic, created a ticket seven months ago to rename “comment blacklist” to “comment blocklist.” The change, which replaced only the user-facing text, went largely unnoticed and landed in WordPress 5.4.

Jason Coleman, CEO of Stranger Studios, also opened a more extensive ticket two days ago. It calls for changes of any use of “blacklist” to “blocklist” and “whitelist” to “safelist,” even within the code and database options. Such changes would be backward compatible and not break sites upon upgrade.

Change is almost certainly coming. The big decision is going to be around what the new terms will be.

For developers who want to rename the default branches of their own Git repositories, there is an existing project with instructions and a GitHub action for doing so.

WebDevStudios released its custom block scaffolding tool to the public on Tuesday. It is a fork of the core WordPress script, which was rolled out in February alongside Gutenberg 7.4. The goal is to allow plugin developers to get started building without all the tedious setup required to build even the most basic block.

The script is available as an npm package titled @webdevstudios/block. One of the differences between the core package and this one is the addition of the WebDevStudios custom CSS, JavaScript, and PHP coding standards. It makes use of the WDS Block Starter project to build out the initial block plugin. The package also includes support for Sass, PostCSS, Webpack, Babel, and ESLint.

“One major difference is that WDS’s block scaffolding tool requires a PHP namespace,” said Michael Joseph Panaga, backend engineer at WebDevStudios. “WP core’s does have a --namespace option on its scaffolding tool, but it’s only used as the block’s internal namespace and not PHP’s.”

Panaga also pointed out that it is not as easy to customize the build setup when beginning with core’s starter. “In WDS’s, the webpack.config.js is just right there making it easy for developers to pretty much do what they want to do with it,” he said.

This script is primarily for building single-block plugins rather than building blocks within an existing plugin. Ideally, this will be the route that many plugin developers take over the long term, particularly as the block directory becomes a more important part of WordPress.

“WordPress block development can be daunting,” wrote Panaga in the announcement. “It’s already intimidating enough that you need to know ReactJS, you also need to install and configure tools like webpack, Babel, and ESLint.”

The tool requires the latest versions of Node and npm to get started, which most WordPress developers should already have in their development environments. From the command line, developers merely need to move to their wp-content/plugins folder and run the following command:

npm init @webdevstudios/block [Namespace]/[BlockName]

That will create a working plugin based on the BlockName input. It will come complete with all the necessary files and folders to hop straight into development. By default, the plugin will create what is essentially a custom paragraph block as a starting point.

The package includes several commands out of the box for developers to use for building their custom block:

• npm run start – Automatically builds and compiles files as changes are made in development.
• npm run build – Builds the final code for production.
• npm run lint:css – Runs linting on the plugin’s CSS files.
• npm run lint:js – Runs linting on the plugin’s JavaScript files.
• npm run lint:php – Runs linting on the plugin’s PHP files.

The script is simple to use, even for a novice block developer. After a few minutes of letting it install the necessary dependencies and beginning the build process, I was up and running with my new “Tavern Box” block. I cracked open my code editor, made a few cosmetic changes, and gave it a test in the editor.

With several tools for jump-starting the block-building process now floating around the WordPress community, there is little reason for plugin developers to not be exploring new block ideas. I might even try my hand at something more complex than the basic colored box I ran with this test (feel free to shoot some ideas in the comments).

One year ago developers at Google and Yoast began collaborating with other contributors on a proposal to add XML sitemaps to WordPress core. The XML Sitemaps feature plugin went into testing in late January and the feature is now on deck for inclusion in WordPress 5.5.

This week contributors merged a basic version of sitemaps that plugin developers can either build on or disable.

“This core sitemaps feature aims to provide the base required functionality for the Sitemaps protocol for core WordPress objects, then enables developers to extend this functionality with a robust and consistent set of filters,” Google engineer Pascal Birchler said in the merge announcement.

Millions of WordPress sites have already implemented sitemaps using an SEO plugin or a dedicated sitemaps plugin. Plugin authors are encouraged to re-architect their solutions to work with the core sitemaps protocol, but users do not have to worry about conflicts. Birchler said he expects many users will no longer need additional plugins to meet their sitemap needs.

“If for some reason two sitemaps are exposed on a website (one by core, one by a plugin), this does not result in any negative consequences for the site’s discoverability,” Birchler said.

Although native XML sitemaps have received a mostly favorable response from the community and WordPress’ leadership, there are some who believe this functionality would be better left to plugins. Fortunately, there’s an easy way for anyone who is concerned to turn it off. Users who don’t want sitemaps activated can change WordPress’ settings to discourage search engines from indexing the site. Developers can disable it using a filter.

The basic sitemaps implementation does not include any UI controls for further customization, such as excluding certain posts or pages. Birchler explained that this was not part of the scope of the project. The plugin ecosystem will still have plenty of latitude in addressing more complex sitemap requirements:

User-facing changes were declared a non-goal when the project was initially proposed, since simply omitting a given post from a sitemap is not a guarantee that it won’t get crawled or indexed by search engines. In the spirit of “Decisions, not options”, any logic to exclude posts from sitemaps is better handled by dedicated plugins (i.e. SEO plugins). Plugins that implement a UI for relevant areas can use the new filters to enforce their settings, for example to only query content that has not been flagged with a “noindex” option.

Performance was one of the chief technical concerns when the project was initially proposed, particularly in response to the number of URLs per page and the lastmod date in the index.xml file. Contributors landed on capping the URLs per sitemap at 2,000. The solution for the lastmod date that they implemented adds a cron task that runs twice daily, fetches the lastmod dates of each sitemap, and stores them in the options table. [Update: The lastmod date was removed during development because community feedback indicated this additional property provided no clear benefit.]

“The addition of this feature [core sitemaps] does not impact regular website visitors, but only users who access the sitemap directly,” Birchler said. “Benchmarks during development of this feature showed that sitemap generation is generally very fast even for sites with thousands of posts. Thus, no additional caching for sitemaps was put in place.”

More information about extending core sitemaps is available in the merge announcement, along with FAQs. This feature is expected to be released with WordPress 5.5 in August.

BuddyPress broke into the world of blocks last month with its 6.0 release. Group and Member blocks were the first blocks to make it into the core plugin and next up are block versions of the existing widgets. Contributors are also working on block requests based on community feedback.

Today, BuddyPress core developer Mathieu Viet shared a prototype of his early work on adding a block based Activity post form to BuddyPress. This is one of the most highly-requested features from the plugin’s community of developers, according to a recent poll.

Viet submitted a PR for a playground inside the WP Admin that allows posting to the activity stream via a custom bp/text block. It is an adaptation of the basic core/paragraph block with a modified block toolbar that removes unnecessary controls, such as alignments, text color, and strikethrough formatting. 

The custom activity posting block adds a new emoji picker control to the block toolbar, with a popover that includes categories of all the emoji WordPress supports. This is far more convenient for users than launching their operating system’s emoji picker.

Viet’s PR highlighted several major benefits to bringing the block editor to activity posting: formatting text and adding links is more intuitive, inserting emoji is easier, and users can easily schedule activities using the block editor’s DateTimePicker component.

One of the biggest benefits Viet identified is the opportunity to standardize the UI. In the same way the block editor is helping WordPress unify the UI for publishing and site design, a block-based activity form will help standardize the UI for BuddyPress plugin developers.

“Today, when BuddyPress Plugin developers extend this post form, they do not have a structured way to process, they simply use a hook: it can be a very different one from plugin to plugin,” Viet said. “Plugins are mostly using jQuery (some can tidy this a bit using Backbone), UI controls can look very different. This is really not ideal for BuddyPress users. By extending the WordPress Blocks API to make available a BP Activity Blocks API we will improve all this and we’ll benefit from the ‘WordPress Blocks’ developers interest to give our users great new BP Activity Blocks to share richer content like media, or more interactive content like Polls.”

BuddyPress’ activity component is a frontend feature, so the idea is to test the block-based activity posting form in the admin and then work through the hurdles for bringing it to the frontend.

“Bringing this block based Activity post form in this area is the goal and a huge challenge mainly due to the fact we have less control over the layout,” Viet said. “There’s one WordPress administration layout, but there are thousands of different front-end layouts.”

Viet proposed BuddyPress tackle this in small steps:

• Making the block based Activity Post form only available from a WP admin screen
• Making the block based Activity Post form only available into a new complete “BP Default” theme
• Making the block based Activity Post form available from a modal
• Making the block based Activity Post form available from a new template pack

BuddyPress only supports WordPress 4.8+. If a block-based activity form is ready for inclusion in version 7.0 of the plugin, BuddyPress will need to raise the required WordPress version to 4.9. Sites running on older versions would be able to fall back to the legacy activity posting form.

Viet credits his PR to WordPress’ developer documentation for building a custom block editor and Dave Smith’s  Standalone Gutenberg Block Editor repository.

The first beta for WooCommerce 4.3 was released yesterday. The team behind the popular eCommerce plugin added a new homepage screen, updated the product grid blocks, and is pushing users to update their version of PHP.

Users who want to test the latest beta version can do so by grabbing the ZIP file from WordPress.org and uploading it to their site. They can also install and activate the WooCommerce Beta Tester plugin to switch between versions.

The WooCommerce team plans to make the first release candidate available on June 23. If all goes well over the following two weeks, the official 4.3 release is slated for July 7. The timeline gives users a three-week window to provide feedback and test for bugs before upgrading.

The version 4.3 beta currently includes over 40 bug fixes along with dozens of enhancements, tweaks, and dev-related changes. See the 4.3 change log for a full overview.

New WooCommerce Admin Homepage

• Old Dashboard Screen
• New Home Screen

The largest user-facing change coming to version 4.3 is a new homepage screen. It is replacing the Dashboard screen introduced in version 4.0. Users should see a new item titled “Home” under the normal WooCommerce admin menu.

The previous Dashboard left a lot to be desired. It was essentially a set of customizable charts and stats for the user’s shop. When it was first released, some users experienced issues with data populating for the screen. It never felt right, particularly when much of the data shown on the Dashboard felt redundant — it could be found under the Reports and Analytics screens.

The new Home screen is a fresh take on what a “dashboard” should be. The primary focus is on displaying the latest messages from the shop’s inbox, which is displayed on the left side of the screen. To the right is a box with an overview of the shop’s stats that further links to the Analytics screen where more detailed stats can be found. Below that is a box with quick links for managing various aspects of the store.

Call me a fan. The old stats and charts Dashboard always felt a bit overwhelming and not exactly what I was looking for. The new Home screen is simpler, provides an overview of the important bits, and leads me to the places I might want to visit.

Upcoming Block Changes

Except for the All Products block, each of the grid-related product blocks now defaults to three rows of products on output. Unless the user changed the default block settings, this will also affect existing blocks used on the site.

Some of the blocks this change will affect include:

• Newest Products
• Hand-picked Products
• Products by Category
• Best Selling Products
• On Sale Products
• Top Rated Products
• Products by Attribute

In past versions of the plugin, the default number of rows was set to one. If three rows are undesirable, end-users should check their sites upon update to make sure the appropriate number of products is displayed where those blocks are in use.

The team has made some other important changes to blocks, such as improved handling of taxes for the Filter Products by Price block and adding options for the Filter Products by Attribute block. Some blocks also no longer support HTML editing. The reason for this is to prevent accidental breakage during editing.

PHP 7.2 Minimum Recommendation

As of WooCommerce 4.3, the plugin will be asking that users upgrade to at least PHP 7.2 with plans to make it a minimum requirement in the future. The team did not provide an exact date for when it will become a requirement. It will likely at least be WooCommerce 4.4 or later. However, shop owners should get ahead of this and upgrade their PHP version as soon as possible.

“As the world of WordPress is preparing for upgrading minimum requirement for PHP to 7.2+, we are following the suit,” wrote Peter Fabian, WooCommerce core team lead, in the announcement post. “We will be increasing the version required to run WooCommerce to PHP 7.2 soon as well. With WooCommerce 4.3, to provide enough lead time for merchants and store owners, we will start displaying a recommendation to update to PHP 7.2+.”

It is worth noting that WordPress itself is not moving to a minimum requirement of PHP 7.2 (this information was incorrect in the WooCommerce announcement post). It is merely moving to a minimum recommendation of PHP 7.2+ for now.

Nevertheless, this is a good move for the biggest eCommerce plugin in the world. WooCommerce should be a leader in making sure that end-users are on versions of PHP that are still receiving security updates. Given its massive audience and other plugins like it, it should be seen as a duty.

From the beginning, conversations have occurred about what else HeroPress could do, but the necessary factors never line up to make them a reality.

Until now.

Last fall, potential sponsorship got us thinking. This spring, community interest got us researching. And now, it is time to move!

Plans are in the works to build out new community-focused resources that will provide opportunities through out all of WordPress, resources like a Facebook Group, newsletter, new website content, etc.

Along with our ideas, we’ll be reaching out to get your thoughts as well. We want to know what needs you see and problems that HeroPress could help solve. We’ve always believed a stronger community comes through collaboration, and a stronger community is the point after all.

One thing that won’t change are the essays. They will continue just as they always have. The new resources will come alongside partnering opportunity with their inspiration.

The post Changes are Coming to HeroPress appeared first on HeroPress.

Review Signal founder Kevin Ohashi has published the site’s annual WordPress Hosting Performance Benchmarks for 2020, along with a smaller set of benchmarks for WooCommerce hosting. For the past seven years Ohashi has been using sentiment analysis to capture consumer reviews of hosting companies on Twitter. He also performs a set of tests to measure peak performance and consistency for WordPress hosts.

The testing started as a bet that Ohashi took from an executive at GoDaddy who claimed the company’s platform was as good, in terms of performance, as any other on the market at that time.

“I didn’t believe him and asked if he would put his money where his mouth was (figuratively, there were no costs associated with the early tests because I had free load testing tools/load testing sponsors),” Ohashi said. “He agreed and sure enough they were on equal footing performance wise at the time. The reaction was pretty immediate and companies all wanted to participate. That level of excitement I got from people in providing objective testing in an industry full of marketing speak and affiliate spam was fulfilling.” 

The benchmarks are focused purely on performance, as Review Signal does not test companies’ support, features, or any other aspect of their products. Almost all the major hosting companies are included in Ohashi’s tests (29 companies with 31 brands) with a few notable exceptions. Kinsta declined to participate this year because they were doing a major platform upgrade and didn’t want to have their old systems benchmarked. WP Engine and Liquid Web did not offer any reasons for declining.

The results are divided up into six tiers of hosts ranging from less than $25/month to $500+ enterprise hosting. The top scores for 2020 in the budget tier include A2 Hosting, GoDaddy, HighAvailability, LightningBase, Raidboxes, SiteGround and WPX Hosting. Ohashi publishes an individual analysis for all hosts participating, which often includes comparisons from the previous year.

In the enterprise hosting bracket, Review Signal ranked all tested companies as having “earned Top Tier status.” Almost none of the data points significantly differentiated any of the products. All companies had perfect or near-perfect uptime. Flywheel scored the fastest WebPageTest average response time. WordPress.com VIP showed the fastest peak average response time on Load Impact. Servebolt ranked the highest in the WPPerformanceTester results as the fastest on both PHP and WP Bench, as well as scoring the fastest average response time on Load Storm.

Review Signal Introduces WooCommerce Hosting Performance Benchmarks for 2020

This is the first year that Ohashi has tested WooCommerce hosting products. Only seven companies are included but he hopes to add more as the word gets out.

“Since this was the first year I tried to do this, I offered a lot of different options to companies,” Ohashi said. “I had three different price tiers and three different site options: 1 basic site, basic site + high product count site, basic site + high product site + heavy theme/plugin site. The only combination of them that had enough companies interested to make it worthwhile was 1 basic site with hosting plans costing under $100 per month.”

Ohashi said he got as many companies on board as possible under the most popular option for this first round of benchmarks.

“I would love to see deeper testing done, but that also means cooperation from the companies too,” he said.

The WooCommerce performance benchmarks mimic the WordPress tests with one major change in Load Storm. Ohashi said the test performed in Load Storm is specific to WooCommerce testing different user profiles, such as someone going through a buying funnel, or browsing products, or checking their order.

Green Geeks, Nestify, Pressable, Servebolt and SiteGround earned top tier ratings. This distinction is awarded to companies that maintain 99.9% uptime throughout the testing process (three months) and show little to no performance degradation during load testing, primarily focused on error rate and response times.

Tips for Understanding and Using the Benchmarks when Considering Hosting Products

In between the lowest and highest tiers of WordPress hosting are additional results for nearly every budget from $25/mo to $500/mo. The results can be overwhelming for consumers to try to analyze. Ohashi recommends that consumers consider how much performance matters to them.

“If the answer is very little, it may not be the best starting point because that’s not what they value,” he said. “If they do value performance, I would say understand that there is a lot of nuance in my tests. I don’t rank a company ‘the best’ and generally don’t say this company did the best in a specific test either. Measuring and determining best is hard. I say which companies handled my tests well and which struggled, my tests would be a filtering mechanism for who you might consider buying from.”

Ohashi explained that if consumers only look at raw numbers like lowest response time, they might miss the nuance of why numbers might be lower for some companies than others. For example, most of his testing tools are hosted on Amazon servers, so companies using the same infrastructure might post better scores on the tests.

He also recommends that consumers perform their own human testing, such as reaching out to a company’s sales team and asking questions.

“Did any company stand out and make you want to be their customer? Did anyone disappoint you? I strongly believe if you aren’t happy with a company before you become a customer, you’re unlikely to become happier after you become one. So do your own testing, because mine is one data point, but there should be many data points in your decision making process.”

Trends in WordPress Hosting: Companies Are Getting More Specialized

Following hosting trends over the past seven years, Ohashi has witnessed nearly every major hosting company adding WordPress products, as the software’s market share has made it impossible to ignore.

“The WP hosting space has grown dramatically over the past few years,” he said. “When I started doing my testing in 2013 there were a handful of companies doing ‘WordPress hosting’ and I’m not sure how many people took it seriously. Today it has almost the opposite problem, everyone is doing ‘WordPress hosting’ and a lot of users feel like the term has become meaningless or a marketing gimmick to sell higher priced services by calling it WordPress hosting without really doing anything substantially different.” 

WordPress-specific hosts have started specializing to further differentiate themselves from the mass market shared hosts. Through his experience in operating Review Signal, Ohashi has noticed that consumers are benefiting from the diversity of options and competition on quality and service:

The reality is there are at least dozens of companies doing a lot to bring WordPress as quickly and securely as possible to visitors all over the globe. The space has attracted large sums of venture capital with players like Automattic raising ~700M, WPEngine raising ~300M, and Pantheon raising 100M dollars. The major trend I see in my data is that these specialized WordPress companies are able to offer a lot better services to customers and keep them happier than the major shared hosting companies. They are also targeting a lot of different niches/markets. There are mass market brands but also ones specializing in catering towards larger customers. Others have built whole integrated platforms and become more than simply hosting companies. The WordPress hosting ecosystem is becoming incredibly rich with different kinds of providers and experiences. That trend I think is great for consumers because there is a better chance of finding a company that meets your more specific needs than ever before.

These recent trends underscore the need for Review Signal’s transparent performance benchmarks. Ohashi said that the annual WordPress hosting tests are more popular than anything else he does with the site, including the main reviews based on sentiment analysis. In an interview with Indie Hackers, Ohashi disclosed that Review Signal earns roughly between $3,000-$4,000 per month from affiliate links. For now this is enough revenue to sustain the work he puts into yearly testing.

“I am not getting rich on it – providing honest web hosting reviews doesn’t pay that well!” Ohashi said. “When I publish these tests every year I get people who tell me they have been waiting for this. People value my work and trust it. That inspires me and keeps me going. I genuinely enjoy helping people and combined with my passion for data it’s a good match.”

Yoast, the company behind the popular Yoast SEO plugin, announced it had acquired the Duplicate Post plugin earlier today. Along with the acquisition of the project, the company brought on its creator, Enrico Battocchi, as a senior developer. He will continue in a lead role with the future development of the plugin.

Duplicate Post currently has over three million active installations and is translated into 46 languages. Of its 451 reviews, it has almost a near-perfect 429 five-star ratings. Few plugins, especially when they garner such a large user base, can pull off the feat of an average 4.9 user rating. Battocchi has put in over a decade of work into building the community around the plugin.

The plugin does exactly what its name implies. It allows end-users to duplicate posts. “Post” in this sense means any type of content, including pages and post types from other plugins. It also allows users to choose which fields are copied in the duplicated post.

“Lots and lots of people use this, for several workflows,” said Joost de Valk, Chief Product Officer at Yoast. “They use plugins like this to be able to re-publish and have a publishing ‘workflow’ on existing posts, something we intend to make easier. They use this to copy a design made in a page builder like Elementor or Divi, a complex post setup with ACF blocks, or something like that, and just have to alter the content and not restructure the whole thing.”

For a plugin in such a seemingly small niche, many users have found a need for the ability to clone posts. “It surprised me as well that there was this large a group of users for a plugin like this,” said de Valk,” but it’s obviously there.”

It was not immediately apparent how a post cloning plugin would fit into the traditional Yoast brand. The company’s primary focus is on SEO tools. However, de Valk feels like it has a home at Yoast.

“What we want to do is twofold: the first of the workflows I mentioned, republishing content, is often done with SEO at least ‘in mind,'” he said. “We want to make that workflow easier. The second has an SEO ‘risk’: changing a post or page only slightly could lead to duplicate content problems. When we know that a post or page is a duplicate of another post or page, we can verify that it has, in fact, been changed enough, or give feedback to mitigate that potential SEO issue.”

“Yoast is also a key part of the wide WordPress community, supporting it in various ways (from Core development to WordCamp sponsoring),” wrote Battocchi in his own announcement. “I’m excited to join them because I’m confident that Yoast will be a great new home for Duplicate Post, and its users will benefit of all the advantages of an inventive company which can provide quality, support, vision for the future.”

What’s in Store for the Plugin?

Yoast plans to keep Duplicate Post free for the long haul and has no plans for commercial upgrades. This is not an empty promise, assures Battocchi. “One of the conditions for me to join was to be sure that Duplicate Post would stay free: there are no plans to switch to a premium/freemium scheme, and none of its current functionalities will be removed from it,” he said.

The team is remaining tight-lipped about any big features on the horizon. However, the most immediate goal is to improve the plugin’s accessibility.

It almost goes without saying that the team will look into how Yoast SEO and Duplicate Post can work together. “We’ll add some simple integrations between Yoast SEO and Duplicate Post,” said de Valk in the announcement post. “Such as making sure that the user roles that Yoast SEO adds, SEO Editor and SEO Manager, can duplicate posts.”

Beyond that, the company is awaiting feedback from end-users. “We have ideas,” said de Valk, “but we’re also very interested in hearing yours and your readers’ suggestions.”

He has also opened feedback requests on the Advanced WP Facebook group. Thus far, most of the feedback is centered on better integration with page builders and other plugins that build content.

The quest for the perfect form plugin is nearly as old as WordPress. Projects have come and gone. There are some great form plugins out there, but far too often the choices are between massive builders that do things their own way and solutions so simple that they do not quite live up to expectations. Munir Kamal has put his hat into the ring with his take on this saturated market with Gutenberg Forms, a plugin designed for exclusively building forms within the block editor.

The plugin is by no means perfect. It has numerous quirks. It does a lot of things right. It fails at times with features that could be game-changing. It has the potential to be one of the best form-building plugins for WordPress.

As of version 1.4.0, the latest update, Gutenberg Forms is a mixed bag of success and frustration. I am excited about it.

I am excited because we are still in the early part of this plugin’s lifespan. I am excited because Kamal has built some successful Gutenberg-related projects in a short amount of time, including Gutenberg Hub and ACF Blocks. I am excited because I believe it will improve over time.

Form plugins are not easy. Despite its current issues, which we’ll get to, Gutenberg Forms is a useful plugin that ticks many of the boxes that I want to see in a form builder going forward. The ideas needed for block-based forms are in place. The execution just needs some refinement.

Gutenberg Forms was recreated in February this year. Kamal originally released the plugin in 2018, but it sat in limbo for a year and a half before he updated it with the latest APIs. Since then, he has been on a tear, releasing frequent updates and improving how the plugin works. I first tested it months ago and was not happy with the result. However, the latest iteration shows much more promise.

With only 200+ current users, the biggest thing the plugin needs is more feedback from more users.

Building Forms

Gutenberg Forms makes form building simple. There are two ways to build forms in the plugin. The first method is a custom “Forms” screen in the admin. It is a custom post type that works just like a post or page. The difference is that users are limited to adding form fields provided by the plugin. Using this method of building forms is ideal because the form is saved in a single place and can be used anywhere on the site.

The second method is building a form directly from the post or page editor. All of the plugin’s custom blocks are available for creating a custom form. For one-off forms, this may be the method to use, but I recommend building from the Forms screen instead.

After building a form via the Forms screen, users can later use the Gutenberg Forms block to insert a saved form. What actually happens when inserting this block is that, when choosing a saved form, the plugin inserts a shortcode into the editor. This is one of those quirks with the plugin. One of the ideas of building blocks is for developers to move away from utilizing the shortcode system. There is no need to mix in a shortcode here from a technical perspective. It should simply be a server-side block. I do not imagine this matters much to end-users. It works. It is simply an oddity that I hope evolves in the long run.

The plugin provides most of the common form fields that end-users would expect to see in a form plugin. The following are the form-field blocks currently available:

• Calculation
• Checkbox
• Date Picker
• Email
• File
• Form Button
• Message
• Name
• Number
• Phone
• Radio
• Select
• Text
• Website
• Yes / No

Gutenberg Forms also includes other blocks that are not for outputting fields. The Form Columns block allows end-users to create columnized fields. This works great for fields that need to be lined up horizontally, such as city, state, and ZIP code fields. The Form Group block allows users to group multiple blocks. It also has several design options, including custom colors and padding. The Form Step block is useful for adding steps in multi-step forms.

The biggest but least polished feature is the pre-designed templates library that Gutenberg Forms makes available. Currently, the plugin has around three dozen custom templates. Given Kamal’s work with templates at Gutenberg Hub, I am guessing that we will see even more templates in the future.

The problem? The form template inserter does not always work.

Testing the plugin against both the latest WordPress and Gutenberg plugin, I was not able to insert any form template via the new form screen. There were JavaScript errors that prevented it from being inserted. One of the most exciting features of the plugin failing to work, at least in my test environment, was a bit of a letdown.

While inserting a template did not work on the form-building screen, it did work when building one-off forms on the page-editing screen. However, I did receive the dreaded “this block contains unexpected or invalid content” message for some of the blocks after insertion.

This issue is not insurmountable. The Gutenberg project is in a constant state of flux. I am forgiving of these types of issues right now because things are so unsettled, and I also know they can be addressed in an update. However, I do want to point them out for users who may need something a bit more polished in their production environments. You can build forms easily without the template feature.

Final Thoughts

Yes, Gutenberg Forms is a bit rough around the edges. It is not at the point where it can be competitive with some of the other major players in the forms marketplace. However, six months or a year from now, assuming continued improvement, it should be in a position to start slicing its own piece of the pie.

There are some other nitpicks with the plugin. For example, the “Inline” block style available with some blocks cannot be reset to the default. The “C” in the Checkbox block name is lowercase while all other block names begin with an uppercase letter. These minor things make the plugin seem less polished than it is.

Even with the issues I have outlined, I would recommend people in the market for a block-based form builder to give this plugin a test run. Its simplicity will make it an easy choice for many. For the most part, it works well. At the end of the day, it lets you build forms and stores the submissions for those forms directly in the database, and that is what truly matters.

I am a firm believer that we are at the beginning of something special. It will just take a bit of time before we get there. Even if Gutenberg Forms does not take over the form-builder market, other plugin developers should start taking cues from what this plugin is doing.

Late last week WordPress made major progress towards the goal of getting users to adopt newer versions of PHP. The ServeHappy API has been updated to set the minimum acceptable PHP version to 7.2, while the WordPress downloads page recommends 7.3 or newer.

Sergey Biryukov committed this change on the meta trac after Marius Jensen opened a ticket for it nine days ago. Previously, the ServeHappy dashboard widget was showing the upgrade notice to users of PHP 5.6 or lower.

“After discussing with the core Site Health team and the Hosting Team, it has come up that the most sensible next move is to show the upgrade notice to users of PHP <=7.1 (this means setting ACCEPTABLE_PHP to 7.2),” Jensen said.

“Looking at the numbers, we’re seeing roughly 25% of sites running a WordPress version that includes ServeHappy [that] would then get an upgrade notice.”

This change means that the majority of WordPress sites are using an acceptable version of PHP. Approximately 47% are running WordPress on older versions. Those who are on WordPress 5.2+ (when Site Health was introduced) will see the upgrade notices generated by the ServeHappy API.

This update also bumps the lowest branch of PHP which is actively supported to 7.3 and bumps the lowest branch of PHP that is receiving security updates to 7.2.

The Site Health team scheduled the change for last Friday, but Jensen noted that the API call is cached for a week in core. It should start popping up for users throughout this week.

In December 2018, PHP 5.6 and 7.0 reached End of Life (EOL) and stopped receiving security updates. This left approximately 83% of users on unsupported versions of PHP at the end of 2018. Today, with the progress encouraged by the Site Health project, 47% are on unsupported PHP versions. The update put in place last week should help significantly decrease this number before PHP 7.2 reaches EOL in November 2020.

Jenny Wong, who helped coordinate the project as part of the Site Health team, described how they got started and worked successfully across teams with design, Polyglots, and Hosting contributors to make this update possible.

“I remember going to WordCamp San Francisco and sitting down with Andrew Nacin and Mark Jaquith at lunch and asking them why WordPress supported such old versions and what the project was doing about it,” Wong said. “They told me the work that had been going on.

“They told me the issues, they took the time took explain it all to me and answer all my questions.”

Wong said she was grateful to be part of that initial discussion in 2014 and to have shared in the journey with dozens of contributors.

“To the polyglots who translated everything we threw at them, to everyone else who gave feedback, argued, fought, discussed and debated, to everyone who has shared ideas and patches, to every person who has listened to me complain, took my wild ideas and made them an reality – Thank you!” Wong said.

Given WordPress’ large share of the market, encouraging adoption of newer versions of PHP will help make the web more secure. Please note that this update means that 7.2 is now the lowest branch of PHP that is considered acceptable for use with WordPress, according to the ServeHappy API. Sites that are running on older versions may continue to work but WordPress will continue strongly urging users to upgrade.

Like many tech conferences, OpenJS World 2020 was forced to go virtual for its upcoming event scheduled for June 23-24, in Austin. The global conference was designed to be representative of all 32 projects hosted with the OpenJS Foundation. This includes Node.js, webpack, jQuery, Mocha, ESLint, Lodash, Grunt, and other popular projects. The Foundation is also in the process of initiating AMP and Electron through an incubation process.

Prior to going virtual, regular attendee ticket prices for OpenJS World ranged from $350 (early bird) – $899 (late). Ordinarily, travel expenses and missed work can make conferences like this cost-prohibitive for some attendees whose employers don’t sponsor their work travel. Now that the event has moved to be fully online, tickets are free for all who want to attend.

OpenJS World gives developers the opportunity to connect with others across the JavaScript and web ecosystem while learning from a diverse, world-class lineup of speakers. The schedule spans a variety of topics, including JavaScript architectures and patterns, internationalization, diagnostics and debugging, infrastructure, IoT, and more.

Glitch CEO Anil Dash is one of 16 keynote speakers. He will be talking about JavaScript and its place in tech after 25 years, as well as how its community should be working together. NASA astronaut Christina Hammock Koch will also be a keynoting the event on June 24, at 9 AM CT. Koch served as a flight engineer on the International Space Station for multiple expeditions and holds the record for longest single spaceflight by a woman (328 days). The event also features keynote panels with engineers and executives responsible for deploying applications at a massive scale.

While the pandemic has rendered many people housebound, there are a lot of virtual events competing for your attention. Although these sessions are likely to be available on YouTube at some point in the future, there are a few distinct benefits of attending live: the opportunity to network with other attendees, engage in live speaker Q&A sessions, and interact with sponsors. For WordPress developers, it may be a convenient avenue for getting outside the WordPress bubble and connecting with others in the industry.

Yesterday, the Gutenberg team released version 8.3 of the ongoing plugin behind the block editor. While much of the focus for the team is on the upcoming full-site editing, this update includes several user-facing features, such as a reorganized set of block categories, a parent block selector, a spacing control, and link color options.

One smaller enhancement includes the ability to filter the Latest Posts block by author. The level control for the Heading block has also changed. Instead of selecting the level in the block options sidebar, the level selector is now located in the editor toolbar.

In Gutenberg 8.2, hitting the Enter key within the caption field for an image block created a new paragraph. In 8.3, that feature has been extended to all blocks with captions.

The team corrected over 20 bug fixes in the latest release. On the whole, the new plugin update appears to be solid after a day of use. However, some of the experimental additions, such as the new padding control, may be worth some concern. Theme authors need to start testing this, providing feedback, and making sure development is heading in the right direction.

New Block Categories

The Gutenberg team has renamed and reorganized the block categories. The new list seems to make more sense and is better consolidated into proper groups:

• Text
• Media
• Design
• Widgets
• Embeds

While I am a fan of the new category names, I find the categories useless for any practical purpose at this point. Ever since Gutenberg dropped the tabbed interface in the block inserter, it has felt like a large wall of blocks. My eyes naturally skip by the category names as I scroll and scroll and scroll through the list of available blocks to find that particular block I need. I almost always use keyboard slash commands for inserting blocks. In those cases where I don’t, it is not an ideal user experience, and the new categories do not help much.

Select Parent Block

One of the more frustrating experiences in Gutenberg is attempting to select a parent block in a nested-block scenario. Far too often, users feel like they are clicking around at random in the hopes they hit that sweet spot where they can actually navigate to the block they need to edit. It is an exercise in frustration in the best moments.

The Gutenberg team took a step — a small step — toward alleviating this pain. When hovering over the “change block type or style” button in the editor toolbar, a new button appears to select the parent block.

I am unsure if this is the right way of handling the problem. I would like to see some experiments with some sort of arrow button that appears without hovering. For now, I am satisfied that the team is attempting to solve the issue and hope that future iterations improve navigation within nested blocks.

This feature does not seem to work when the top toolbar mode is enabled. For those who use this mode, the best way to select a parent block is via the breadcrumb navigation at the bottom of the editor.

Experimental Spacing/Padding Control

Theme authors can now add support for an experimental padding control via add_theme_support( 'experimental-custom-spacing' ). When supported, the end-user will see a new Spacing tab under the block options sidebar for the Cover block, which should be available for other blocks in the future. By default, users can control the padding for all four sides of a block with a single value. They can also “unlink” the padding and control the top, bottom, left, and right values individually.

Presumably, the Gutenberg team will extend this spacing feature to include a margin control too. It would be the natural move and one in which I hope that leads to the death of the Spacer block that users have had to live with for the past couple of years.

However, I am not sold on allowing end-users to control padding with explicit values. Haphazardly changing padding values will break the vertical rhythm that many theme authors take the time to meticulously calculate. When using pixel values (the default), users will most certainly run into issues with tablet and mobile screen sizes. Essentially, it will create a complete mess of spacing.

I am not against the idea. I want it done right before this lands in WordPress. Theme authors should be able to register named classes that are handled via the stylesheet. This goes back to the idea of WordPress having a design framework. Create a set of utility classes for spacing (oh, hello, Tailwind). Let theme authors define the spacing based on their design. Let users choose from those. Then, provide a custom option for those times where users want to take matters into their own hands. At that point, they have made an explicit decision to break away from the design flow the theme author has chosen.

Link Colors

One of the tougher hurdles theme authors have had to face when styling for the block editor is figuring out what to do with link colors when the user changes the background color of a block. Users have long had control of the text color in that scenario. However, link colors could quickly become inaccessible or just downright ugly. Forward-thinking theme authors would style those link colors so that they inherited the text color, but that is not always the ideal solution.

That’s where user-controlled link colors come in. To add support for custom link colors, theme authors must opt into the feature via add_theme_support( 'experimental-link-color' ). This will add a new color selector for the Paragraph, Heading, Group, Columns, and Media & Text blocks.

Unable to get this feature working with the theme-support function call, I had to dig into the code a bit to find the issue. For theme authors to add support for link colors, they should also define their default links as shown in the following CSS code snippet:

a {
	color: var( --wp--style--color--link, #000 );
}

WordPress will automatically set the --wp--style--color--link variable. For further specificity, theme authors can also target .has-link-color a.

The Gutenberg team is currently immersed in bringing full-site editing capabilities to the block editor as part of Phase 2 in the project’s longterm roadmap. Meanwhile, Gutenberg engineer Riad Benguella has been experimenting with ideas for the collaboration features coming in Phase 3, which aims to deliver a more intuitive way to co-author content.

Today, Benguella unveiled a collaborative writing prototype called AsBlocks that is built using the Gutenberg editor. It is an example of the editor working outside of WordPress. AsBlocks provides an end-to-end encrypted writing environment that can be shared to other users with a link, while the server itself cannot decrypt the content.

In the video demo below you can see a user adds some content, clicks the share button, and is presented with an option to share a link for a live collaboration session (Write) or a link for read-only access (Read). The session is private and only users with the link can access the post.

None of the content is automatically saved. If collaborators leave the page, all the content is gone but users have the option to save an encrypted version to the server by clicking the Save button.

AsBlocks supports ~30 blocks and the UI is very similar to working inside the WordPress editor. It even includes block settings in the sidebar. AsBlocks also has an optional dark mode. Check out the live demo at asblocks.com.

Benguella said he was inspired by excalidraw, a collaborative drawing and diagram app.  In the future, he plans to add the following features:

• Comments.
• Live Chat.
• Selection/Caret indicators.
• Document outline, counts.
• Local save button.
• Local storage persistence.

WordPress’ implementation of collaborating writing may not look exactly like this but AsBlocks is an interesting exploration of what is possible with the block editor. Although Benguella described it as his “new side project” in his Twitter announcement, his post clarified that AsBlocks is a prototype that was created as an exploration for future WordPress core capabilities.

“AsBlocks is an important step in our journey to understand live-collaboration and bring it to Core,” Benguella said. “A WordPress plugin based on AsBlocks’ technology is also on the radar.”

It will be a long road before something like AsBlocks could rival Google Docs and its vast array of features. But for something like collaborating on a page or blog post, AsBlocks provides a delightfully simple implementation that could give WordPress a major springboard into Gutenberg phase 3. The project is GPL-licensed and available on Github, if you want to dig into the code or contribute.

A fake ransomware scam is going around that targets website contact forms. It sends an email to the site owner with the subject “Your Site Has Been Hacked.” The body of the email claims the hackers have exploited a vulnerability to gain access to the site’s database and “move the information to an offshore server.” The email threatens to ruin the site owner’s reputation by selling the site’s database, notifying customers that their information has been compromised, and de-indexing the site with search engines using blackhat techniques.

Within the past few weeks, website owners have reported having received this email on various support channels, including WordPress.org, stackoverflow, and reddit. The sites in question have not been defaced, nor do they show any other evidence of tampering.

The Bitcoin Abuse Database has seen a surge of reports regarding this scam in May and June, logged under various Bitcoin addresses. The scammers send the email out indiscriminately, even targeting sites that do not have a database. So far the campaigns have not been very successful at convincing site owners to pay the ransom.

• https://www.bitcoinabuse.com/reports/1DQ2F5YsTGSEgvAeJSgjydb5i4jvPKDBW1
• https://www.bitcoinabuse.com/reports/1Bs6CYDuHy1UGLr5ccz2UxRNcPGpeAa7tz
• https://www.bitcoinabuse.com/reports/1Q1DF9rJS6fNDSpiV2iEA46BS1mNEaELtC
• https://www.bitcoinabuse.com/reports/12KLZzgrNX2DvbWQM7yQ1V9vPwy9JPvUKM

The Bitcoin Abuse Database advises visitors that extortion emails are 100% fake and those who receive them should not pay ransoms.

If you or one of your clients receive an email like this, rest assured that it is a scam that requires no action. If you want to be extra cautious you can change your passwords and use a security plugin to scan your files for changes. Otherwise, simply delete the email.

An example of this scam email is below for reference:

PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website [website URL] and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site [website URL] was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

12KLZzgrNX2DvbWQM7yQ1V9vPwy9JPvUKM

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you https://cex.io/ for buying bitcoins.

What if I don’t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

Highrise Digital is set to host the first of a new video series under the banner of WP Café. The first episode will begin at 11 am BST (10 am UTC) on June 11, which will be a discussion on building WordPress themes in the new era of the block editor.

Highrise Digital is a UK-based agency that focuses on building WordPress sites for post-small, pre-enterprises businesses. The goal for the new video series is to hold live discussions with other professionals on the “challenges, solutions, and ideas” of developing on top of WordPress. Mark Wilkinson, the company’s co-founder, will be hosting the inaugural event.

The first episode is titled “Developing Themes With Gutenberg (IRL).” The following developers will be joining Wilkinson on the panel:

• Ben Gillbanks: Co-owner of Pro Theme Design and co-writer of the MasterWP newsletter.
• Diane Wallace: Freelance web developer recently hired by BrightTALK for Gutenberg-related work.
• Michael Bragg: Senior Developer and Studio Manager at EDGE Creative.
• Keith Devon: Co-founder and front-end developer at Highrise Digital.

To stay updated with the first event and those to come later, subscribe to the company’s YouTube channel. You can watch the first show when it airs via the following video:

On June 1, Devon put out a call for questions the panel should discuss. A single request came from Ross Wintle. “I feel like Gutenberg is a moving target,” he tweeted. “If I develop a theme today, it could look very different from a theme I develop next year. So if I’m developing a custom theme today, which bits of Gutenberg are ‘safe’ to use?”

The volatile nature of developing themes against the block editor is a frustration that many theme authors have shared. We have discussed it when covering where Gutenberg went wrong for theme authors. It is an issue that Carolina Nymark is facing while building her full-site editing course. It is unlikely the panel can provide a perfect answer to the question. However, given their experience, they may be able to offer some insight into how they are handling theme development in a rapidly changing environment.

Along with the proposed guest question, the WP Café webpage officially lists the following topics of discussion:

• What are the biggest challenges when building themes with Gutenberg?
• What opportunities does Gutenberg offer to theme developers?
• How much should we customize the back-end?
• Are you building custom blocks? How?
• How are your clients getting on with the block editor?

Ideally, the answers to those questions should focus on two time periods: today and six months down the road. My hope is the panel can provide some answers to other theme authors on how to hop on the Gutenberg train now and help push them to stay on track in the next six months or year.

If nothing else, these are the types of discussions the theme author community needs to be holding. It is nice to see experienced developers diving into them.

WordPress 5.4.2 is now available!

This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.

If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the bugs for you.

Security Updates

WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

• Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
• Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
• Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
• Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
• Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
• Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

One maintenance update was also deployed to versions 5.1, 5.2 and 5.3. See the related developer note for more information.

You can browse the full list of changes on Trac.

For more info, browse the full list of changes on Trac or check out the Version 5.4.2 documentation page.

WordPress 5.4.2 is a short-cycle maintenance release. The next major release will be version 5.5.

You can download WordPress 5.4.2 from the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Thanks and props!

In addition to the security researchers mentioned above, thank you to everyone who helped make WordPress 5.4.2 happen:

Andrea Fercia, argentite, M Asif Rahman, Jb Audras, Ayesh Karunaratne, bdcstr, Delowar Hossain, Rob Migchels, donmhico, Ehtisham Siddiqui, Emilie LEBRUN, finomeno, garethgillman, Giorgio25b, Gabriel Maldonado, Hector F, Ian Belanger, Aaron Jorbin, Mathieu Viet, Javier Casares, Joe McGill, jonkolbert, Jono Alderson, Joy, Tammie Lister, Kjell Reigstad, KT, markusthiel, Mayank Majeji, Mel Choyce-Dwan, mislavjuric, Mukesh Panchal, Nikhil Bhansi, oakesjosh, Dominik Schilling, Arslan Ahmed, Peter Wilson, Carolina Nymark, Stephen Bernhardt, Sam Fullalove, Alain Schlesser, Sergey Biryukov, skarabeq, Daniel Richards, Toni Viemerö, suzylah, Timothy Jacobs, TeBenachi, Jake Spurlock and yuhin.

One of my favorite WordPress memories is standing in line to register at WordCamp London 2018. Upon saying my first name, no one looked surprised or asked me to say that again, please? Where I live, in the Netherlands, Siobhan is definitely not a common name. Also, the pronunciation is quite different from the spelling. For most languages obviously, I’m guessing in Irish it makes sense! This really gave me a welcoming feeling. At this event, I wasn’t going to be spending time explaining my name. Although I love my name, explaining it does get a bit old sometimes.

To me, this feels like a metaphor for the WordPress community. I’ve always felt very welcome without having to explain myself, or pretend to be someone different. Disclaimer: I do realize not everyone does, but this is me sharing my personal experiences. I understand that I come from a place of privilege. Not in the least by being employed by Yoast, a company that takes contributing to WordPress very seriously. I get to allocate part of my hours to contributing, which is a luxury. I also literally have lunch with a lot of knowledgeable people that can provide context when I don’t understand something, or share their opinions when I ask.

On the other hand, working for a company well-known within WordPress, has also felt like a possible pitfall. For a long time, I have felt the need to prove myself. To show that I’m capable of getting somewhere on my own merits, not just because I have a magenta hoodie.

Reaching Out

So at my first contributor day, I purposely joined a team that none of my coworkers were in. The WordPress marketing team. This makes sense anyway, as my regular job is in social media marketing. I joined the marketing team on Slack, as they weren’t physically at this WordCamp. At the time, I didn’t have one of the super recognizable Yoast avatars. I just dove in, read up on the team and the work they did, and asked some questions. To be honest, I found it hard at first to actually get to work, as I was lacking context.

After attending a few Slack meetings, I felt bold enough to take on the meeting notes. It’s a relatively easy job that doesn’t feel meaningful (it is, though!), but I loved having made my first contribution. The team was so welcoming and took the time to acknowledge me and the work I’d done. That motivated me to ask if there was any project or task I could join. Things moved quickly from there. I wrote a piece of content and got some very useful feedback from a native English speaker. They didn’t just correct my text, they explained what they’d change and why. I try to do the same now, as it makes so much sense. I still learn a lot every time I get feedback from someone in the team. Over the next months, I kind of accidentally led a few marketing tables at contributor days. I remembered how I’d struggled myself, so I enjoyed on-boarding people and getting them excited about the team. After a while, the team reps asked me to join them. Such an honor!

Understanding What Worked

All it took for me to join the team was taking that first step. Speaking up and just saying ‘hey, I’m here, what can I do?’. The team didn’t ask for any references of my work, or need to know who I was. I felt trusted, and that made me want to deliver the best work I could. Of course, after a while, I actually got to meet the people in real life. And if you’ve ever been at a WordCamp that Yoast attended, you probably know we take branding seriously. You won’t see me there without my Yoast shirt or hoodie! I’m proud to work for such a company and I get to meet a lot of awesome people because of it. But that also meant, people now couldn’t not know that I am part of Team Yoast.

Being recognizable definitely made it easier for me to move within the community. We have a lovely community team at Yoast that took the effort of introducing me to a lot of people. That helped me meet people outside of the marketing team, which has proven to be pretty valuable for my work within the team as well. So, a lot of perks come from the company I work for. What I’m trying to get at though, is that I feel that other contributors appreciate me for who I am. For my work, my knowledge, my commitment, my personality. I’d like to believe that even though my day job has made it a lot easier for me to find my place within WordPress, a large part of it is down to my own strengths.

When our founder, Joost, became marketing lead at WordPress, we worked together regularly. As team rep for the marketing team, I had experience within the team and already knew the people. Some people out there were only noticing the marketing team for the first time then. Sometimes when I spoke to people, I realized they assumed I’d gotten my position as team rep through Joost. They didn’t know I’d already been a team rep for at least a year. This annoyed me, but it also motivated me to show them this wasn’t the case. I enjoyed working on this with Joost, but I also made sure to keep doing my own thing. I’m currently on maternity leave, but I’m looking forward to returning to the team in a few weeks!

The Value Of Being On A WordPress Team

The greatest learning experience I’m having within WordPress, lies within being a team rep. I learn so much from working closely with the other reps, who come from around the world and from all kinds of jobs and companies. I learn to see different points of view, and take things into account that I’d never have thought of myself. I learn to communicate with people from all types of jobs and cultures. I learn a lot about themes I didn’t know of before, like inclusiveness, and accessibility. All of this helps me grow as a person and as a professional. And the other way around: I get to use skills and knowledge I’ve learned at Yoast to help empower the team.

I love the combination of my regular job and the work I do in WordPress. Both teach me different things as the job, the people, the context, the means of communication, basically everything, is different. It’s definitely a win-win situation for me. I also take pride in what I’ve done for myself, by taking opportunities and making the most of them. I’ve been running international meetings, getting up on stage, spoken during an online event, leading discussions on- and offline, and so on. The people in WordPress have been so encouraging and are always there to cheer me on.

Lifelong Friendships

And another thing: valuable friendships have come from it. During WordCamps, I love to spend the evenings having a drink with other attendees. I’ve met such diverse people and have had the most interesting conversations, way outside of my own bubble at home. And more recently, Abha and Yvette (two of the other team reps) were even going to come visit me at home, to meet my newborn baby girl! Unfortunately, COVID-19 put a stop to that.

Finding my way within the WordPress community, being backed by Yoast, helps me develop myself in several ways. It’s making me take steps and do things I never thought I would. I hope to make my company proud, and I’m proving to myself that I have skills to bring to the table. I’m not just at the table because of where I work.

Of course, I still feel overwhelmed sometimes, or like I’m just not getting it. But I know we’re a team, and I can ask for help. I got to where I am today, by just diving in and making myself known. Taking that step back then has brought me a lot. I’d be happy if my story inspires someone to do the same. Anyone can contribute, it doesn’t matter where you’re from or where you work. At all times, a lot is happening and contributors are working hard. They might not notice you, but that doesn’t mean they don’t care. Reach out, introduce yourself, you never know where it’ll take you!

The post How Contributing To WordPress Empowers Me appeared first on HeroPress.

This week the web is celebrating 25 years since Rasmus Lerdorf released version 1.0 of his “Personal Home Page Tools (PHP Tools).” PHP is now used by 78.9% of all the websites whose server-side programming language W3Techs can detect. (This includes sites in the Alexa top 10 million or in the Tranco top 1 million list.) WordPress makes up a large portion of these sites (37.3% of websites), but many popular sites like Facebook, Wikipedia, and Yahoo, still use PHP in some form.

Although PHP may not be the most fashionable programming language, it is still dominating the web, albeit on a slow decline. It may have already hit its peak usage at 80.6% in January 2015, but PHP keeps getting faster and better with each release.

In a 2017 interview on the Mapping the Journey podcast, Matt Mullenweg explained some of the reasons he was first attracted to PHP.

“PHP is amazing in its ubiquity,” he said. “Part of the reason I switched to it from Perl and Python and other things that I wrote early on, is…its integration with Apache web servers, which is so darn easy. You didn’t have to mess with file permissions and everything else in the same way, and then every web host supporting it also makes distribution easy.”

The ease of finding hosting for PHP-based sites is one of the contributing factors to its large marketshare among server-side languages. Mullenweg said he appreciated how PHP and MySQL provided a platform on which people could easily run WordPress from anywhere in the world.

“Even to this day, even though a lot of Automattic’s work is now in Go, Node, or JavaScript or different things, it’s still nothing beats PHP for its server-side scalability and distribution,” Mullenweg said. “So, we still plan for the server side of WordPress to be in PHP for the foreseeable future.”

Mullenweg reaffirmed his dedication to PHP during a Q&A session at WordCamp Europe in 2019. When he was asked how he plans to balance chasing the new and shiny with all of WordPress’ existing legacy APIs, he said, “PHP is going to be crucial to us for many years to come.”

Although WordPress site owners have historically been slow to adopt newer versions of PHP, the Site Health infrastructure that was put in place last year has brought greater awareness to users about the importance of upgrading. The PHP update instructions, along with better protection for fatal errors, makes it easier than ever for users to contact their hosts about getting on newer versions.

Juliette Reinders Folmer, a prolific contributor to a number of widely used, PHP-based open source projects, including WordPress, wrote a short tribute to the programming language on the make.wordpress.org/core blog on its 25th birthday.

“PHP has evolved hugely, with the Zend Engine seeing the light in PHP 4, much improved support for object-oriented programming being added in PHP 5, and huge performance improvements being gained with the rewritten engine in PHP 7,” Reinders Folmer said.

“By now, PHP is a fully featured programming language and developers are eagerly looking forward to the release of PHP 8, expected towards the end of this year.

“The WordPress community owes a massive debt of gratitude to PHP, so please join me in thanking all the developers behind PHP and in wishing PHP a happy birthday and many happy returns!”

Full-site editing is a mere half a year away from becoming a reality. The feature is expected to land in WordPress 5.6, scheduled for release in December. To prepare theme authors for this upcoming change, Carolina Nymark has created a new website and training course, aptly titled Full Site Editing.

Nymark has been a long-time theme author and contributor to the WordPress Themes Team. She has been a team lead or representative for several years and is one of the leaders behind the push for more accessibility-ready themes.

There are two major roadblocks that theme authors face right now. The first is that full-site editing is still in an experimental phase. The second is that there is not enough documentation, tutorials, and courses that do deep dives into this evolution of theming for WordPress. At least for the latter issue, Nymark has enough experience to do something about it, which is exactly what this new undertaking is all about.

After losing her job due to COVID-19, she wanted to use her free time to contribute back to the block editor. “At the same time, people around me started asking questions about full-site editing, and with the testing that I had done, I knew how to get started,” she said. “If I could share that, I could ease the process for others.”

Her representative role with the Themes Team also provided a unique insight into the uphill battle that theme authors would be facing. Nymark said she felt a sense of urgency with full-site editing looming ahead. “I only see a very small portion of the ecosystem — the WordPress themes that are submitted to be included in the WordPress theme directory; but most of the themes I see do not take advantage of blocks,” she said. “The themes do not style blocks, and the editor does not match the front. We as theme authors have not adapted fast enough to the block editor, and now there is another big change coming in six months.”

The course is available for free to everyone right now. However, that may not always be the case. Nymark is seeking sponsorship from people within the WordPress community. The idea is that they could fund the ongoing development of the course. If there is not enough sponsorship money available, she will need to turn it into a paid course. If that happens, she said the plan would be to go with a one-time fee model. Because of the frequent updates to full-site editing she wants customers to have access to the updated course material.

Developers who have a working knowledge of theme development are the primary audience for the course. Before anyone dives in, they should understand WordPress functions, PHP, HTML, and CSS.

What’s in the Course?

Currently, the course is unfinished. That is no surprise as the site editor is still half a year away from inclusion in WordPress. However, it does take theme authors through some of the basics they need to be familiar with before taking the next steps. The site also has an open forum that anyone can join and begin discussions on building themes from blocks.

The course is broken down into the following sections, each with its own lessons:

• Introduction
• All About Blocks
• Block-Based Themes
• Site Editor

Most lessons have a short video between two and five minutes. Nymark provides full transcripts of the videos for users who prefer to read. Along with the video and transcript, some lessons have downloadable material, such as code examples. At this time, there is only a single quiz for the “All About Blocks” part of the course.

Right now, the course covers only the basics. For theme authors who have already stepped into block-based themes, they might find some of the intro material to be a bit too low-level. However, they should expect more advanced topics going forward. For theme authors who have yet to dive into the block system, now would be a prime opportunity to catch up and begin prepping for the next phase of theme development.

Nymark is ready to add more content to the course soon, but it is an ongoing challenge staying on top of things at this point. “I have recorded content that I cannot use because of how fast the block editor changes, but that was expected,” she said. “My biggest concern is that I don’t want to spread misinformation, and that is difficult in this early stage.”

On the roadmap are example themes and slides that others can download and use for presentations during WordPress meetups. She is also building a parser that will create an improved block reference for theme authors to use in their templates.

The Road Traveled

There is a learning curve, even for someone as experienced as Nymark. She said it is still hard to picture how the template system will work when all is said and done. Because things are changing, it is an educational process as she builds out the course to teach others.

“The biggest confusion for me when I started was how the templates and template parts were saved,” she said. “When you edit and save a template in the site editor, it is saved as a custom post type, and that template will be used instead of the file that you have in the theme. Currently, if you change themes, the block structure that you have saved in the template is used, but it is styled by the new theme. This is why it is so important that theme authors style and test blocks.”

For theming, particularly one-page sites or blogs, the structure of the theme is likely to be much simpler than what we see today. Nymark said the new system, while under active development, still feels familiar enough to make the transition from traditional themes easy. The big difference is between making fewer decisions regarding custom JavaScript and PHP with more work toward design.

“The downside to this is that, in the beginning, I think we will see less variations in the themes,” she said. “Once the first excitement over playing with new toys passes, this might feel limiting. Block patterns will play a major role and I am looking forward to using them soon.”

For theme authors who are dipping their toes into the full-site-editing waters for the first time, she suggests starting by recreating headers, footers, and other small sections as block patterns. It is enough to get your feet wet without diving in headfirst.

Her second recommended step is to start thinking about how to convert customizer options to the block system. For example, when thinking about the various header options that many themes have, it may be worth creating block patterns to expose those user choices through the full-site editor.

The Road Ahead

Nymark identified several areas that need to be addressed going forward, namely documentation. “The general lack of documentation is a problem, not only for full-site editing but for the entire Gutenberg project,” she said. “It makes it difficult for people to learn and contribute.”

One key feature she would like to see is the ability for theme authors to lock templates to keep users from accidentally removing critical blocks that provide functionality to their websites.

She also listed several necessary components that are under development by the Gutenberg team but are not ready yet:

• Selecting and creating template parts in the site editor.
• Finalizing the global styles feature.
• Updating existing full-site editing blocks with more controls.
• Creating new blocks for remaining template tags.
• Improving the Navigation block so that it is responsive.

There is still a lot of work to be done and many questions are still in the air. However, there is hope for a brighter future as WordPress moves toward a common design language through blocks.

“It will be easier for designers to create layouts without concern for the code,” said Nymark, “and once templates can be exported it will also be easier to share those layouts as themes. The barrier of entry will be moved; it will be easy to create a basic theme, but it may be more difficult to create complete solutions for users.”

One of the most exciting parts of Matt Mullenweg’s session at WordCamp Europe 2020 Online was the live demo of the new image editing tools that will land in the next release of the Gutenberg plugin. The video is already available on WordPress.tv (and embedded below). At the 8:30 mark, Mullenweg and Matías Ventura, lead architect of the Gutenberg project, unveil a collection of the latest block editor improvements.

The six-minute demo shows a handful of new features that are coming in WordPress 5.5, which is scheduled for release in August. These include more polished interactions, copying and pasting blocks, block patterns, and new design tools for the cover block.

Ventura also highlighted the team’s progress on adding rich image editing capabilities to Gutenberg.

These new tools allow users to easily rotate, flip, and crop the image inside the block. Cropping with zoom mode (shown in the image below), is particularly useful with the live preview showing the results in context of the rest of the content on the page.

The current iteration only allows for cropping with fixed aspect ratios but contributors are working on adding free-form crop to the lineup. They are also discussing refinements such as adding snackbar notices and queuing up image edits to only apply once all edits are complete.

In the past, WordPress users have frequently had to seek out alternative applications to perform quick image edits, taking them outside of the content editor and interrupting their workflow. With the new inline image editing tools in place, most simple edits can now be handled by the image block, making WordPress a more compelling place for writing content.

image credit: Gutenberg GitHub Repository

Ventura confirmed that these tools change the source image – they do not not just apply CSS changes. He also said the API for image editing will be available in other parts of the editor. The Gutenberg team is working on making the tools more extensible so developers can add things like image filters.

Contributors are hoping the new image editing tools will be ready for inclusion in WordPress 5.5. Users who want to test them ahead of the release can install the Gutenberg plugin and watch for the upcoming 8.3 update.

Over the past few weeks, I have had the GenerateBlocks plugin sitting in my test environment. I have built a few layouts with it, tinkering with the plugin between other projects. The one thing I kept thinking was that it had huge potential. Aside from a couple of issues, I began enjoying the plugin more and more as I played around with its options.

GenerateBlocks was created by Tom Usborne. It was built specifically to work along with his popular GeneratePress theme. However, the plugin claims to work with any WordPress theme.

GenerateBlocks is meant to be the block answer to the page builder question. It is meant to take those elements that make page builders so popular and boil them down to a handful of blocks. It is meant to simplify the process of building complex layouts without the need for heavier solutions. The question is whether it holds up — does it do the job it set out to do?

Overall, it works well, particularly in terms of giving more freedom with layout building. It will not likely eat into the market share of page builders any time soon. However, it may make for a few more converts to the block editor, especially with those who are not tied into an existing solution and are looking for something lightweight.

Watch a quick video on how GenerateBlocks works:

The Plugin’s Blocks

GenerateBlocks’ bread and butter is its Container block. It is the WordPress Cover and Group blocks rolled into one with a gluttonous amount of additional options that cover nearly every need.

The one major area that the Container block falls short is with handling full-width sections. Instead of taking advantage of the standard full-width block alignment option that all themes can opt into, it goes with a custom solution. That solution is to provide a notice that the user’s theme must have some sort of full-width content option (likely via a page template). By choosing this route it means the majority of themes, including those built to style blocks, will not support the GenerateBlocks Container block when set to full width.

For end-users who are using a theme that supports the standard full-width block alignment, there are two tricks to bypass this limitation. The first solution is to enter alignfull into the CSS Classes field under the Advanced block options tab. The second solution is to wrap the Container block with the WordPress Group block and set it to full width. How these solutions work out will largely depend on how the theme handles those elements.

With all the flexibility of GenerateBlocks, this would be the reason that I would not recommend the plugin to users who want full-width layouts. The two tricks are not an ideal user experience. In design, the most important thing is for the user to not have to think. The provided solution should simply work.

If we gave that single element of the plugin a one-star rating, everything else would be an easy five stars.

The plugin’s four blocks can easily replace several other blocks. Instead of creating a library of dozens of one-off blocks, GenerateBlocks adds versatility without going overboard. It is easy to see why users have given it a perfect five-star rating (out of its current 34 reviews).

In total, the plugin adds four blocks to the editor:

• Container
• Grid
• Headline
• Buttons

Admittedly, I am partial to Automattic’s Layout Grid plugin, primarily because I prefer the visualization of the grid in the background. It puts me at ease. However, the Grid block in GenerateBlocks runs a close second. In practice, it is more flexible, providing more layout options out of the box and fine-grained control. For those who need greater control over column widths and a host of color, typography, background, and spacing options, GenerateBlocks is a no-brainer.

The Headline and Buttons blocks are essentially recreations of the core Heading and Buttons blocks with all the options that make this plugin useful. Plus, the blocks have an extra icon option, which allows users to choose between entering custom SVG code or selecting from a predefined list of general and social icons. This is a nice touch that I would like to see in core WordPress.

The thing that makes the four plugin blocks so flexible is the bounty of block options. For every block, you will find most of the following options tabs with numerous fields under each:

• Typography
• Spacing
• Colors
• Background Image
• Background Gradient
• Advanced (extra options for the core tab)
• Icon

The plugin also provides options based on desktop, tablet, and mobile modes. This allows end-users to make changes based on the screen size of the website visitor.

If I had one other nit-pick about the plugin it would be that its color options do not take advantage of the theme-defined color palette. For design consistency, it would be nice to be able to use those without using a color picker or entering the hex code. Update: there is a “Show Color Palette” button that does this, but it was not apparent that it would provide access to my theme colors.

Final Thoughts

Would I recommend the plugin? Absolutely.

I would make sure to note the full-width Container block issue with that recommendation. If you are using this with a theme other than GeneratePress, you will need to have a solution for handling full-width sections. For me, this is the most vital piece of what is essentially a layout builder, and it failed to live up to that expectation.

However, one issue does not discount the usefulness of what the developer has built. It is a solid plugin. Under the hood, it is a well-coded and documented piece of software. I have no doubt that it will be serving many more users in the years to come and will only continue to improve.

Over the past week, I’ve been thinking a lot about George Floyd, Breonna Taylor, and Ahmaud Arbery. I have been thinking about white supremacy, the injustice that Black women and men are standing up against across the world, and all the injustices I can’t know, and don’t see. 

The WordPress mission is to democratize publishing, and to me, that has always meant more than the freedom to express yourself. Democratizing publishing means giving voices to the voiceless and amplifying those speaking out against injustice. It means learning things that we otherwise wouldn’t. To me, it means that every voice has the ability to be heard, regardless of race, wealth, power, and opportunity. WordPress is a portal to commerce; it is a canvas for identity, and a catalyst for change.

While WordPress as an open source project may not be capable of refactoring unjust judicial systems or overwriting structural inequality, this does not mean that we, the WordPress community, are powerless. WordPress can’t dismantle white supremacy, but the WordPress community can invest in underrepresented groups (whose experiences cannot be substituted for) and hire them equitably. WordPress can’t eradicate prejudice, but the WordPress community can hold space for marginalized voices in our community.

There is a lot of racial, societal, and systemic injustice to fight. At times, change may seem impossible, and certainly, it’s been too slow. But I know in my heart that the WordPress community is capable of changing the world. 

If you would like to learn more about how to make a difference in your own community, here are a few resources I’ve gathered from WordPressers just like you.

• Social Justice Toolbox
• Anti-racism resource list
• An open source Guide to Allyship
• How to be a WordPress Ally
• Supporting Black Lives Matter in Europe
• Cost of Colourism in India 
• Overcoming Biases by Walking Toward Them 

I wish we lived in a world in which we could discuss code each day, not allowing political¹ opinions to seep into the discourse. We could talk about the next exciting project around the corner. We could chat about a small startup getting its first big break or new investments into WordPress companies.

However, I also wish we lived in a world where a developer did not have to create a plugin in support of black Americans who have lost their lives to those charged with protecting us.

I wish we lived in a world where we had no unsavory comments to delete on a post about an all-women WordPress release squad.

I wish we lived in a world where WordPress.com had no Sandy Hook conspiracy theory blogs to boot from its platform.

I wish we lived in a world where major restaurant chains complied with accessibility laws without being sued.

I wish we lived in a world where Newspack-run Chilean publication El Soberano had no need to defend citizens’ rights.

I wish we lived in a world where the Women in Tech Salary Transparency Project was unnecessary.

I wish we lived in a world where governments did not block its citizens from viewing websites that support freedom of speech.

Each of these stories may not be important to you as an individual reader. However, they are important to some of our readers. We are a community made up of vastly different opinions, and we must represent this wide array of views as they relate to WordPress.

Sometimes, we will publish stories that do not jive with your personal viewpoint. Sometimes, you will tell us to not post anything political. The answer to that is that we cannot simply separate the code from the politics. As much as many of us would like to, that is not the world we live in today.

WordPress itself is inherently political. From its license to its mission statement, WordPress takes some political stances.

The platform is founded on the bedrock of free software, an idea that is as much political as anything else. It is an idea that has shaped the foundation of the web. The concept that users have the freedom to run, copy, alter, improve, or even distribute software is a political statement. It is a political statement in direct defiance of major corporations and governments controlling software through proprietary licenses.

Politics play a part in how we shape our community. We do not have to agree on all things, and different things brought us together. However, there are some foundational elements that we all must agree on to some extent.

It is a generally accepted principle that all people are born with the inalienable right to free expression. I wager that the majority of our community would agree with this statement. Given that the software we all use is built upon that idea, I would hope so. The idea of democratizing publishing is not just about providing a tool to people who can already freely express themselves. It is also about reaching to the dark corners of the globe and being a beacon of light to those who do not share in our freedom. It is about exposing the horrors of dictators. About newsrooms publishing the wrongdoings of politicians. Citizen bloggers fighting for the oppressed.

No, do not tell me that WordPress is not political.

What you really want to say is to not post political views that you disagree with. You really want us to not share plugins or projects that make you uncomfortable.

While the code itself may not hold political views, the people who use the code do. Politics is woven into the fabric of our lives. It is woven into the licenses of the software we use, the communities we choose to join, and the web we dare to create.

When you tell us to stay away from politics here at the Tavern, the only reasonable answer to provide is that it would be impossible to do so.

We will continue writing about the next companies to receive VC funding, blocked-based WordPress themes, plugins that push the envelope, and every other project that makes WordPress fun. However, at times, we must open the floor to tough discussions. We must be a source for sharing projects in our community that have their own political slant, regardless of whether we agree.

When the day comes that The Show Must Be Paused plugin, the Women in Tech Salary Transparency Project, and a multitude of other important projects no longer need to exist — on that day — we can celebrate. We can discuss code, WordPress, and kittens without politics getting in the way.

1. The term “political” is being used in this post in the common vernacular, which more broadly encompasses social, human rights, and political issues. It is the terminology used in those comments which prompted this article. I am merely meeting such comments on the same turf.

Matias and I just finished up the discussion and Q&A for the online WordCamp Europe that is going on right now, which was originally happening in Porto.

There were more good questions than we had time to get to, so at the end I suggested that we continue the conversation here, in the comments section! Comments are the best part of blogging.

So if you have a question we didn’t get to, please drop it below. If you don’t have a Gravatar yet now’s a good time to make one.

WordCamp Europe 2020 Online kicked off yesterday with a record-breaking contributor day. More than 2,500 people signed up to participate. The pandemic may have forced the event to go virtual but an enthusiastic flock of contributors, both seasoned and brand new, joined from their homes to carry on supporting the open source project that connects them.

“The world is literally on fire, but today I am focusing on WordPress,” Francesca Marano said. “WCEU contributor day is on. I am literally crying in my living room: so many familiar faces, so many new faces. Missing people and also feeling this is a huge opportunity.”

Representatives from 16 Make.WordPress.org teams coordinated contributors for a productive day. Organizers tweeted out progress reports on a variety of initiatives:

• The CLI team had a very successful day: they merged 46 pull-requests, as well as restructuring the handbook on the WordPress content side.
• The Meta team updated the Cookie Policy page, created a new ticket about unexpected redirects, and worked on a WordCamp.org ticket.
• The Training team made several enhancements to the lesson plan “Setting Up E-Commerce” including a new slide presentation.
• The Polyglots team is making headway in Italian and French localization: 4 plugins translated and 2 new PTEs (Project Translation Editor Request).
• WPTV is having a great time and discussing improvements for outreach, documentation, and possible project status tools. They have also been sharing some great ideas for tutorials on the various video editing tools for future implementation.
• The Marketing team is working on a number of guides to help the community in topics like podcasting and live streaming.
• The Hosting Team has implemented a new contribution process and is working on a new Hosting Handbook.
• The Core team has committed 4 patches and propped 10 different individuals on those commits.

An astounding 8,600 people from 138 countries registered to participate in WCEU online. Opening remarks kicked off day 1 of talks with a poignant and timely reminder of how WordPress publishing can amplify voices that may not otherwise be heard.

The music attendees are hearing throughout the event was written by designer Angel de Franganillo.

“When WCEU asked me to make the tune, it was a bit challenging since I only play piano for fun and I’m not a professional,” de Franganillo said. “I usually work with graphics, so I just follow the process I’d use for a graphics project, but with an audio piece.

“After some research and talks with WCEU, my main goals were: Tech, Europe, and Community. So I sat down in front of my piano to play some chords that suited those concepts and made a loop with them. Later, I looked for some synths to dress the loop and finish the piece.”

Attendees are also sharing selfies using the #WCEUFamilyPhoto hashtag on social networks. Organizers are gathering these to create a giant WCEU “family photo” collage.

If you did not register in time for WordCamp Europe, you can still watch live by visiting the site and clicking on any of the tracks to join the broadcast on YouTube. Registered ticket holders have access to exclusive Zoom rooms dedicated to networking with speakers and other attendees, watching sponsors’ presentations, and visiting sponsors’ virtual booths.

Nick Hamze makes it no secret that he loves the WordPress block system. He has spearheaded several unique blocks on the fun side of things as well as made more practical blocks through his Sorta Brilliant brand. It is his website for funding ideas for the block editor. For his most recent project, he has taken blocks outside of the post-editing screen, and this project is, well, sorta brilliant too.

Mission Ctrl is a WordPress plugin that blockifies the WordPress dashboard screen. The plugin allows users, developers, agencies, or even hosts set up the dashboard with custom widgets (called boards) that are built through the block editor.

It is just brilliant enough to make me ask myself why I did not think of the idea first.

It is also low-hanging fruit that took little code to accomplish. Hamze said his mission is to get blocks everywhere in WordPress. The dashboard was a logical place to begin. “When I start a new site, I change my permalinks and hide all the dashboard widgets, which is sad, and I knew blocks could fix it,” he said.

I would wager that many other WordPress users are in the same boat. The dashboard is essentially a dead-end screen that we all have to live with. Few developers have put much time and effort into revitalizing this admin screen that all WordPress users visit upon logging in.

Mission Ctrl is priced at $29 for version 1.x updates on an unlimited number of sites. While it is not explicitly stated on the site at this time, it appears Sorta Brilliant is taking a more traditional software pricing approach by selling based on major version releases rather than the yearly subscription model that is common in the WordPress ecosystem.

The marketing pitch for the plugin is simple: if the WordPress dashboard screen is useless for you, Mission Ctrl is the solution.

There is huge potential for this plugin. Have a client you want to easily expose training videos to? Create a new board and drop a video in. Want to leave yourself a note? Drop a paragraph block with a bright yellow background to get your attention via another board.

“For me, it’s the perfect place for documentation,” said Hamze. “Either for products you use on your site or for things you want you or your users to remember. Since I’m just a single user who makes regular sites I probably don’t have a wide enough experience to think of all the ideas. This is one product where its future is going to be driven by users.”

Mission Ctrl also serves as a framework for others to build on. Block developers can create dashboard-specific blocks that expose useful information to users. However, it is unlikely that this idea will catch on with the broader development community until core WordPress supports blocks on the dashboard out of the box. At the very least, this plugin can provide inspiration to the Gutenberg team. It is a project worth supporting.

How Mission Ctrl Works

The plugin adds a new screen titled “Boards” under the normal dashboard menu item in the WordPress admin. It is a custom post type, which works the same as any other post or page. Whenever you add a new board, the plugin essentially translates this into a dashboard widget. Users can add as many boards as they want. Boards can also be enabled or disabled on a per-user basis via the screen options tab like any other dashboard widget.

One important caveat is that Mission Ctrl disables all existing dashboard widgets, regardless of whether they come from WordPress or a third-party plugin. The idea is to provide users with a clean slate to build a dashboard screen to their liking.

Adding boards is as simple as inserting your preferred block and publishing it. If you need some inspiration, how about dropping an RSS block into the editor and linking it to the WP Tavern feed?

By default, the plugin registers a single block. It provides a recreation of the WordPress “At a Glance” dashboard widget in block form. For now, the rest is left to the user.

However, Hamze does not plan to stop there. He has other blocks under development that will be useful on the dashboard:

• World Time Block
• Dictionary/Thesaurus Block
• Notes Block
• Weather Block

Mission Ctrl is a product early in its lifecycle. It has huge potential, particularly in helping the development community move forward with adding blocks to other areas in the WordPress admin interface.

However, it is not without its faults, which is expected with a plugin on its version 1.x branch. Currently, there is a question on how to deal with theme styles applied to the block editor but not applied to the dashboard screen, which can make for some inconsistencies with block design. It is not an insurmountable issue, but it will need to be addressed in the long term.

On the whole, Mission Ctrl actually makes the dashboard screen useful. For far too long, the screen has sat in limbo, awaiting someone to actually do something — anything — with it.

Version 4.1.6 of the Akismet plugin for WordPress is now available. It contains the following changes:

• Disable “Check for Spam” button until the page is loaded to avoid errors with clicking through to queue recheck endpoint directly.
• Add filter “akismet_enable_mshots” to allow disabling screenshot popups on the edit comments admin page.

To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.

Automattic has invested $4.6M in New Vector, a company founded by the creators of Matrix, an open standard that powers decentralized conversations with end-to-end encryption. Matrix.org is home to the open source project that offers HTTP APIs and SDKs, enabling developers to create their own communication clients on top of the Matrix open standard with open federation. This means anyone can communicate with others on the Matrix ecosystem by deploying their own server.

The protocol also allows for bridging existing platforms like Slack, IRC, XMPP, Gitter, Telegram Discord, Facebook, and many more, creating “a global open matrix of communication.” Matrix is the protocol behind Riot.im, a universal chat app that is often described as “a Slack alternative.” Riot supports groups and teams with chat, file sharing, widgets, and voice/video calls. It is currently the most mature Matrix client and the most well-known New Vector product.

A loose comparison might liken Automattic’s role in the WordPress ecosystem to New Vector’s role in growing the Matrix ecosystem while funding the development of the protocol. Co-founders Matthew Hodgson and Amandine Le Pape created the company to keep the lights on for the open source project. Automattic is now one of six investors in the company with voting rights.

In 2017, Matt Mullenweg contributed to Matrix’s Patreon when the project was struggling to stay afloat. On a recent Matrix Live podcast episode, he elaborated on why Matrix drew his interest for an investment from Automattic:

I really like when things solve a real user problem and do so in a technically rigorous and an intellectually and morally pure way. Those are things that attracted me then and now to the Matrix project. I also like to think, ‘What if this is successful?’ What does the world look like if 90% of the messages in the world are sent over the Matrix systems and protocols? That would be kind of amazing….I think that a widespread worldwide adoption of what you all are working on could be amazing for humanity.

A growing dissatisfaction with the ethics and privacy breaches of today’s most popular social platforms has caused a great deal of personal communication and social sharing to shift away from these massive data silos and into a myriad of private messaging apps. Mullenweg has often spoken of his fascination with messaging platforms and their relationship with the independent web. In an interview with Om Malik at WordCamp Europe 2017, he mentioned that Automattic was experimenting with Telegram’s group broadcasting feature. It’s not surprising that the company is making a significant investment in an open, decentralized communication protocol.

Five years ago, at an event in San Francisco, Matt Mullenweg said that Automattic has “flirted with commercializing” P2, its internal messaging system. The Matrix ecosystem offers a more real-time version of these types of collaboration tools that are client-agnostic. With the explosion of companies working from home due to the pandemic, Matrix-powered communication tools might be a strategic addition to Happy Tools, Automattic’s suite of products for remote teams.

The Matrix project boasts 10 million global visible accounts with 20,000 federated servers powering 2.5 million messages per day. More than 400 projects and 70 companies are building on this technology, so it is still relatively obscure but growing rapidly since the Matrix 1.0 release in June 2019.

Matrix is somewhat of an underdog among enterprise communications platforms, but New Vector is working to position its client better with competitors by designing a more modern UI. In Matrix.org’s announcement about Mozilla selecting Matrix as the successor to IRC for its public community, Matthew Hodgson said the Matrix team “are absolutely determined for Riot to have as good if not better UX than the likes of Slack or Discord.” New Vector also hired more designers to work full-time on Riot’s UI and UX, and shifted the product’s focus from being developer-led to design-led.

Automattic Plans to Adopt Matrix-Powered Tools and Build Bridges to WordPress

Given that New Vector is actively developing Riot as a Slack competitor and selling hosted Matrix services, it seems inevitable that Automattic will incorporate some form of Matrix-powered collaboration in the near future. Hodgson’s announcement about the investment stated they do not yet have a concrete project to announce but “at the very least, we should expect to see Automattic’s communities migrating over to Matrix in the coming months.”

Hodgson was also enthusiastic about the many possibilities of bringing Matrix to WordPress’ massive user base:

Imagine if every WP site automatically came with its own Matrix room or community? Imagine if all content in WP automatically was published into Matrix as well as the Web? (This isn’t so far fetched an idea – turns out that Automattic already runs a XMPP bridge for wordpress.com over at im.wordpress.com!). Imagine there was an excellent Matrix client available as a WordPress plugin for embedding realtime chat into your site? Imagine if Tumblr (which is part of Automattic these days) became decentralised!?

Some bristled at the idea of introducing Matrix in WordPress core, but Mullenweg was quick to clarify that the intention was likely to reference WordPress.com and not self-hosted sites.

Given the hosting requirements for a Matrix client for WordPress, it would have to be offered through WordPress.com, as a SaaS offering through Jetpack, or as an add-on with WordPress hosting companies to gain widespread use.

Automattic is hiring Matrix.org/WordPress Integrations engineers to “bridge the two software worlds” and explore cross pollination opportunities that “may include building open-source plugins for either platform, enabling real-time chat and collaboration for business websites, blogs, e-commerce stores, or communities, integration of existing infrastructure.”

“I would love to hire a few folks to contribute to the [Matrix] project full-time and help Automattic’s adoption of it, because I think it’s really healthy for the ecosystem if there’s more than one company sponsoring it,” Mullenweg said on the Matrix Live podcast. Hodgson said that currently New Vector supplies an estimated 90-95% of the open source contributions to the Synapse release of the Matrix server implementation and to Riot.

One user on Hacker News suggested that WordPress.org also adopt Matrix-powered communication tools for collaborating on the open source project:

Here’s hoping Automattic has enough influence to move the WordPress.org open source and community discussions (which are currently hosted on Slack, but used to take place on IRC) to Matrix too.

Hodgson responded saying, “That’s the hope – the pressure is on the Riot/Matrix side to ensure that the transition is a no-brainer in terms of UX.” Ideally, any migration away from Slack would preserve both public and private messages, including emoji reactions, files, and the full treasure of collaborative history of the project for the past five years.

Can Automattic Take Decentralized Communication Tools Mainstream?

Although the main commercial thrust for New Vector seems to be centered around enabling enterprise collaboration platforms with Matrix and its necessary infrastructure, Mullenweg had a lot to say about social networking during the recent Matrix Live podcast episode.

“I think communication is at the core of what makes us great and what brings us together,” Mullenweg said. “And the breakdown of communication and separation is the source of most conflict and suffering in the world.”

He used Facebook as an example of how a platform’s massive success can cause it to fly too close to the sun and ultimately miss the opportunity to deliver what users truly want.

“I think as centralized or decentralized systems become ultra successful, what’s made them successful also contains the seeds of their own demise,” Mullenweg said. “When a ‘Facebook’ becomes a social network which sucks up maybe 90 percent of all media we generate in the world, that also then draws in everyone else creating the alternatives. I think the economic inevitabilities of the commercial self-interests of Facebook, in this example, growing from that particularly in a shareholder beholding system – their success is the golden handcuffs which prevents them from doing the thing that the users or the audience might want next.”

The concept of decentralized social networking has so far failed to attract mainstream attention. Most implementations are woefully difficult to set up for anyone who is not technically inclined. A 2017 Wired op-ed contends these types of networks will never work because “we join [social networks] because our friends are there, not for ideological reasons like decentralization.” New social networks can be challenging to navigate. Networks like Diaspora and Mastadon still struggle to gain much traction.

Late last year Twitter CEO Jack Dorsey announced that the company is funding a small team under the project name “bluesky” to develop an open and decentralized standard for social media. If successful, the ultimate goal would be to move Twitter to this new decentralized model.

Dorsey cited challenges that his centralized network struggles to meet, including scaling a centralized enforcement of global policy to address abuse and misleading information. He also credits the advent of blockchain technology for advancing decentralized solutions into the realm of viability.

In response to the thread, many suggested Twitter consider using the existing ActivityPub standard that is already a W3C spec. This spec seems quite narrowly focused around networks built on a simple system of following and liking and not as well suited to more dynamic communities with real-time chat capabilities.

I could imagine Matrix-powered communities pioneering a protocol that accounts for a blog or website as the user’s home on the web, where content originates and can be automatically published to select streams, such as communities or rooms.

Ten years ago there was a project called SocialRiver that aimed to bring decentralized social networking to WordPress and BuddyPress. It was based on the the OStatus specification and promised to allow users to host and control their own stream of information, which could then be merged with others’ streams to make a unique social river. The creators were making a hosted instance as well as a plugin to help site owners create their own SocialRiver instance.

The project was abandoned a few years later. It disappeared without any explanation, but the basic idea seemed to hold so much potential for the growing world of WordPress sites.

Automattic is a company that might be able to take decentralized social networking mainstream with the help of Matrix, freeing users from the clutches of the data silos and their dehumanizing algorithms. The right team of people with enough resources, rooted in the principles of the open web, could change the face of social networking forever.

The Matrix.org homepage calls on visitors to imagine a world:

• …where it is as simple to message or call anyone as it is to send them an email.
• …where you can communicate without being forced to install the same app.
• …where you can choose who hosts your communication.
• …where your conversations are secured by E2E encryption.
• …where there’s a simple standard HTTP API for sharing real-time data on the web.

Combining WordPress’ mission to democratize publishing with the Matrix project’s technology for “democratizing control over communication” should yield some interesting products that stand to impact both open source ecosystems.

On Tuesday, Automattic launched Jetpack Scan, an automated malware and vulnerability scanning service. It is a premium service offered to sites connected to a WordPress.com account and the third major add-on launched on top of the plugin in recent months.

Jetpack Scan is available for $7 per month or $70 for an annual subscription. Both options are 30% off the regular price of $10 and $100, respectively. Currently, the feature runs daily scans for security threats. However, the plan is to add a real-time scanning option, presumably at a higher price point.

“It’s like having a security guard monitoring your site,” said Paolo Belcastro, Head of Product for Jetpack. “You can rest easy knowing that someone’s watching out for you 24/7. And if we find any threats, you’ll receive an instant email alert so you can fix it right away and get back to running your business. We can even repair the majority of security threats for you with just one click.”

The service comes on the heels of two other big Jetpack launches in the last couple of months. In April, the Jetpack team re-launched Jetpack Search as a standalone service. The team then opened the Jetpack Backup service in May, which was the first step in selling what is essentially a two-part security solution for site owners — backups and security scanning go hand in hand. The backup service is $30 per year for daily backups and $200 per year for real-time backups. For a complete security solution, end-users will probably combine the Jetpack Scan service with Jetpack Backup, which will run at a minimum of $100 every year. These numbers are based on introductory rates, which are expected to increase in the future.

Backup and security scanning services are major moves. Jetpack is likely to gobble up a huge slice of the security pie in the coming months and years, which is a sector that is currently represented by several other big businesses in the industry. With over five million self-installed WordPress users and millions more at WordPress.com, it will be an easy choice for many to opt into Jetpack’s solution rather than look elsewhere.

Jetpack Scan Features and Interface

• Desktop View
• Mobile View

Jetpack Scan automatically scans connected websites each day. Once a user sets up the feature, they no longer need to perform any actions for routine security maintenance. The feature offloads the actual scanning to Automattic’s servers instead of running checks directly on the user’s site. This also has the benefit of making scan results accessible even if the user’s site is down for some reason.

If the scanning system finds an issue, it sends an email directly to the user. The system comes with a one-click fix feature. “Just press a button and Jetpack will fix the majority of known malware problems so you can get your site back up and running,” wrote Rob Pugh, Director of Product Marketing at Automattic, in the announcement post.

Jetpack Scan also integrates with the Jetpack Backup service, which will allow end-users to completely restore their site to a previous point in time in the case of site hacks.

For new Scan and Backup customers, they will be able to enjoy a new all-in-one interface on the Jetpack website. The team will bring the upgraded experience to existing customers soon.

“Even the best security tools can become useless if they require advanced skills to configure complicated settings,” said Filipe Varela, of Jetpack Design. “That’s why it was so important for us to build an accessible and streamlined service. We’re proud to announce a fresh, dedicated interface for Jetpack Scan on Jetpack.com. It will be the central hub for managing all your Jetpack Security products. You can scan your website, check the results, respond to issues, and, when combined with Jetpack Backup, quickly restore your site to working order all in one place.”