Wordpress News

WordPress 5.1 Beta 3

Wordpress News - Thu, 01/31/2019 - 03:34

WordPress 5.1 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Testerplugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the beta here (zip).

WordPress 5.1 is slated for release on February 21, and we need your help to get there!

Site Health Check

One of the features originally slated for WordPress 5.1—the PHP error protection handler—will target WordPress 5.2 instead. Some potential security issues were discovered in the implementation: rather than risk releasing insecure code, the team decided to pull it out of WordPress 5.1. The work in #46130 is showing good progress towards addressing the security concerns, if you’d like to follow development progress on this feature.

Additional Changes

A handful of smaller bugs have also been fixed in this release, including:

  • TinyMCE has been upgraded to version 4.9.2 (#46094).
  • The block editor has had a couple of bugs fixed (#46137).
  • A few differences in behaviour between the classic block and the classic editor have been fixed (#46062, #46071, #46085).
  • When adding rel attributes to links, ensure the value isn’t empty (#45352), and that it works as expected with customizer changesets (#45292).
Developer Notes

WordPress 5.1 has many changes aimed at polishing the developer experience. To keep you informed, we publish developers’ notes on the Make WordPress Core blog throughout the release cycle. Subscribe to the Make WordPress Core blog for updates over the coming weeks, detailing other changes in 5.1 that you should be aware of.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! The beta 2 release also marks the soft string freeze point of the 5.1 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

In just a few weeks
WordPress Five-One will be here.
Your testing helps us!

Portfolio theme

Drupal Themes - Wed, 01/30/2019 - 10:13

Matt: 39 Books in 2018

Wordpress Planet - Mon, 01/28/2019 - 17:38

Here’s what I read in 2018, in chronological order of when I finished it, as promised in my birthday post. I’ve highlighted a few in bold but in general I was pretty satisfied with almost all of my book choices this year. I’ve put a lot more time into the “deciding what to read” phase of things, and have also had some great help from friends there, and have been trying to balance and alternate titles that have stood the test of time and newer au courant books.

  1. Hot Seat: The Startup CEO Guidebook by Dan Shapiro
  2. The Unbearable Lightness of Being by Milan Kundera (audio)
  3. A Higher Standard by Ann E. Dunwoody
  4. Extreme Ownership by Jocko Willink and Leif Babin (audio)
  5. The Boat by Nam Le
  6. Charlotte’s Web by E. B. White
  7. Nonviolent Communication by Marshall B. Rosenberg
  8. How to Say Goodbye by Wendy Macnaughton
  9. When Things Fall Apart by Pema Chödrön
  10. Soul of an Octopus by Sy Montgomery
  11. Poor Charlie’s Almanack by Charlie Munger and Peter Kaufman
  12. Sam the Cat by Matthew Klam
  13. The Prophet by Kahlil Gibran
  14. The Vegetarian by Han Kang
  15. The Paper Menagerie by Ken Liu
  16. After On: A Novel of Silicon Valley by Rob Reid
  17. The Conquest of Happiness by Bertrand Russell
  18. How to Write an Autobiographical Novel by Alexander Chee
  19. Ficciones by Jorge Luis Borges
  20. Black Box Thinking by Matthew Syed
  21. Darkness Visible by William Styron
  22. Tin Man by Sarah Winman
  23. Sapiens by Yuval Noah Harari
  24. Let My People Go Surfing by Yvon Chouinard
  25. Pachinko by Min Jin Lee
  26. Homo Deus by Yuval Noah Harari
  27. The Lessons of History by Will & Ariel Durant
  28. Stories of Your Life and Others by Ted Chiang
  29. So You Want to Talk About Race by Ijeoma Oluo
  30. Three Body Problem by Cixin Liu
  31. How to Fix a Broken Heart by Guy Winch
  32. Sum: Forty Tales from the Afterlives by David Eagleman
  33. Exit West by Mohsin Hamid
  34. Tiny Beautiful Things by Cheryl Strayed
  35. Farsighted: How We Make the Decisions That Matter the Most by Steven Johnson
  36. Severance: A Novel by Ling Ma
  37. On the Shortness of Life by Seneca
  38. It Doesn’t Have to Be Crazy at Work by Jason Fried and David Heinemeier Hansson
  39. Notes of a Native Son by James Baldwin

Post Status: An Interview with Ernst-Jan Pfauth of De Correspondent

Wordpress Planet - Fri, 01/25/2019 - 23:00

Stressing subscriptions over scale, De Correspondent launched in 2013 with €1.7 million from 18,933 members. Membership has grown over fourfold since then. Subscriptions and book sales are De Correspondent‘s primary revenue sources. Today The Correspondent is closing on its first 50,000 subscribers with $2.6 million raised in pre-launch funding.

Ernst is a long-time WordPress user, but his vision for journalism led to the creation of a technology company built around a proprietary CMS called Respondens for De Correspondent and now The Correspondent. Respondens’ unique design reflects an ethic where subscribers are treated as a community of people who want to be involved in the production of the news they read. In the future, Ernst hopes to market Respondens to support its development and spread the practice of what we might call “responsive journalism.”

Ernst and his colleagues intend to avoid the churn of breaking news by taking a structural focus on the issues they cover, working in the tradition of constructive, problem-solving, or “solutions journalism.”

9/ Not just the problem, but what can be done about it. In Europe, they call it "constructive journalism." In the US, solutions journalism. The idea: Your report is incomplete — lacks depth — unless it includes what we can do: as individuals, as a society or political community.

— Jay Rosen (@jayrosen_nyu) February 20, 2018

Finding solutions as journalists means listening, engaging, and collaborating with readers. In his predictions for journalism in 2019, Ernst told Harvard’s Nieman Lab,

“To really be a reader-driven organization, every journalist that works there should be open to the knowledge, ideas, and concerns of their readers. You can’t outsource that interaction to an engagement editor.”

This approach to journalism slows down and deepens communication by focusing issues around the people and the communities they concern. The constructiveness of this approach may have a lot to do with its calming and humanizing effects.

Ernst has written several Dutch best-sellers, including a Thank-You Book or “gratitude” journal that came out of his efforts to overcome anxiety about public speaking. In his reflections on work, overwork, and gratitude for TEDx, Ernst emphasizes that resistance to “the burnout society” where “creativity is crushed” is a collective task: everyone needs to make daily space for their close relationships where work and media do not intrude.

I am grateful Ernst took some time after the holidays to talk about his experience with WordPress, collaborative online communities, and democratized journalism. Here is the conversation we had.

DK: What are your thoughts about WordPress today? Have you made any connections or maintained relationships with the WP community in other ways?

EP: I started using WordPress in 2006 when I launched my personal blog ahead of an internship at a press agency in the United Nations HQ in New York. The fact that I then, as a twenty-year-old, could start a publication in such an easy way, has been crucial in my career and something I will be the WordPress community eternally grateful for. Since then, I have started several sites, most of them running on WordPress. In 2007 I co-founded the blog of The Next Web Conference, now known as thenextweb.com, in 2009 I started a news blog for the Dutch daily nrc.next, and in 2010, as head of digital at the Dutch quality newspaper (NRC Handelsblad), I switched their main site from ‘Escenic’ to WordPress. The fact that we could so easily build our own plugins (for example, a liveblog feature to cover the Arab spring) was crucial in the success of that news site. Also, the developers enjoyed their work more, since they could give back to the community.

I still run my personal site on WordPress, and even though I don’t publish there anymore, I love to stay in the loop of new WordPress releases and the ever-increasing user-friendliness of the software. In lost moments, I enjoy reading the developers forums and checking their discussions about new releases (I admire the distributed, self-organizing and voluntary efforts of the community) but I’m not in touch with one of the members. I’m just an admiring bystander.

DK: Can you explain when and why you came to see community and membership features as essential to a CMS? What does it look like when the idea of membership/audience inclusion is integral to the software architecture and vision? How are you doing this in Respondens?

EP: The main consideration was focus. We wanted a CMS that only had features for our writers that we deemed important. We didn’t want to create any distraction by having other options available — both to our developers as to our writers. If we build it ourselves, we force ourselves to make conscious decisions about every new feature we add. I.e., we wouldn’t just switch a ‘like’ button on in the comment section, simply because it’s already there. Forcing ourselves to do this made sure we built a laser-focused CMS and publication. The focus and the calm that follows makes it unique. (See “Cultivating calm: a design philosophy for the digital age.”)

Also, our approach to reader interaction — as you mentioned — is a unique asset of our CMS. I elaborate on that in this Medium post, “Reinventing the Rolodex: Why we’re asking our 60,000 members what they know.” We believe in the democratization of the journalistic research process. Anyone could be a source, anyone has expertise and knowledge to share within a specific niche.

1/ THREAD: There’s a great untapped resource in journalism, and it’s available to every journalist right now.

It’s the experience and expertise of your *readers*.

Giving them the opportunity to share what they know, could fundamentally transform journalism.

— Ernst Pfauth (@ejpfauth) December 11, 2018

DK: How does your model of membership-based journalism change at scale, when you have potentially the largest possible national and international audience? Will you still ask your journalists to spend 30-50% of their time reading and responding to member comments and other feedback? Is this essential (or even possible) to sustain at scale?

EP: The thought that you see your readers as sources of knowledge and expertise is crucial. It works for the local examples you mentioned, but it can also work for global topics. For example, we interviewed Shell employees from all over the world — who we found through our Dutch members forwarding a call-out. (“How reader engagement helped unearth the Shell tape.”) We also created the position of “conversation editor” to help journalists with the scalability of their reader interaction.

Yes, there are scale challenges. We see our journalists as conversation leaders and our members as contributing experts. We notice when a journalist gets more feedback from their sources (their readers), they need a research assistant to keep up — for example by highlighting interesting contributions to them or taking over some interviews. These are tasks that can be easily outsourced, as long as the correspondent remains the main point of contact in the comment sections and guides the conversation.

I don’t see the 30 and 50 percent as time to spend on ‘responding to comments.’ The comments are just a means to an end. The end goal is to involve your audience, so you can get a wider set of sources, become more inclusive and publish richer journalism. We estimate it takes 30 to 50 percent of your time to live up to that mission.

DK: On the other end of the spectrum, does your model have things to teach small, local journalism and other membership-focused businesses that they don’t already know? In the new membership-based local journalism I’ve been watching in the US and Canada — local media startups where there’s no history or expectation of a printed product or advertising — there’s a definite limit on the subjects that can be curated and written (or spoken) about in a deep and penetrating way. Is this a low or slow-growth model that simply must be accepted?

EP: It starts with being open about your mission as a journalist (all our new correspondents publish a mission statement when they start working with us) and then telling your audience what you expect from them. It’s about that personal relationship. The CMS, practices, technology and resources all follow. But it’s the being open to your audience input and being open about your shared goal with them that’s crucial. Anyone can do that. And when you start, it might even be easier to do it on a small scale, but it’s more intimate, and you can scale up as you get better at it.

The Correspondent team browses their unbreaking newspaper. From left: Zainab Shah, Jessica Best, Rob Wijnberg, Baratunde Thurston, and Ernst Pfauth.

DK: What do you do to keep sane and whole amid the busyness and stress of work? Are you still a practitioner of journaling and daily gratitude? Have your thoughts on that changed or deepened? 

EP: I still write in a gratitude journal every night and noticed this three-year habit has really made me more aware of ordinary but beautiful moments in life, and also taught me to enjoy the process instead of the end goal. I save my evenings and (80% of) my weekends for family and friends — and always have my phone on DND in those hours. Also: I don’t check my email before I have left my apartment. Setting these clear boundaries and turning them into routines have really helped me to stay sane in the busyness of the campaign.

BADCamp Sight

Drupal Themes - Fri, 01/25/2019 - 16:40

Business Listing Zymphonies Theme

Drupal Themes - Fri, 01/25/2019 - 13:01

Easily create a local or global money making business directory portal using Business Listing Zymphonies Theme. Business Listing Zymphonies Theme is an ultimate directory theme for service providers which has a clean and unique design and useful features. It is one of the easiest themes to build your Drupal Business Listing website. The Theme is highly customizable and it has covered most of the Drupal default features. read more

Live Demo Advanced Themes

  • Drupal 8 core
  • Bootstrap v4
  • Mobile-first theme
  • Price table
  • Client list
  • Social media links
  • Included Sass & Compass source file
  • Well organized Sass code
  • Custom slider - Unlimited image upload
  • Full-width page without sidebar
  • Contact us page.

Sponsored by Zymphonies

WPTavern: WPWeekly Episode 344 – Introduction to the WordPress Governance Project

Wordpress Planet - Fri, 01/25/2019 - 01:32

In this episode, John James Jacoby and I are joined by Morten Rand-Hendriksen and Rachel Cherry to discuss the WordPress Governance project. We discover why it was created, its goals, and how it aims to help govern the systems and processes that make up the WordPress project.

Stories Discussed:

WPML Alleges Former Employee Breached Website and Took Customer Emails

The Era of “Move Fast and Break Things” Is Over

WPWeekly Meta:

Next Episode: Wednesday, January 30th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #344:

WPTavern: WordPress Names Josepha Haden New Executive Director, Joost de Valk Marketing and Communications Lead

Wordpress Planet - Wed, 01/23/2019 - 22:23

During the 2018 State of the Word address, Matt Mullenweg acknowledged lessons learned in the process of releasing WordPress 5.0. One of those was the need for various teams across the project to work together better. The friction during the 5.0 development cycle was beneficial in that it surfaced areas where the project can grow and sparked conversations that are already leading to improvements.

Last week Mullenweg announced that WordPress is expanding its leadership team to include Josepha Haden in a new Executive Director role and Joost de Valk as the Marketing and Communications Lead. These new roles better distribute project leadership to more individuals who have demonstrated the ability and judiciousness to guide large, diverse teams towards success. Haden will be overseeing WordPress’ contributor teams and de Valk is leading the marketing team and overseeing improvements to WordPress’ websites and other outlets.

The Executive Director role is particularly critical for the health of the project, as contributor and community feedback pours in across so many different mediums. Tracking all of this information and taking it into consideration amounts to a full-time job. In her first week in the new role, Haden is seeking feedback regarding the challenges contributors face when working on the project. She identified seven challenges which seem to resonate with many who have commented:

  • Coordinating on collaborative work between teams
  • Aligning our work better to project goals/values
  • Understanding team roles, leadership structures, and decision making
  • Clarifying the differences between open source and open commit
  • Tracking conversations and progress across the project
  • Raising project-wide concerns more easily
  • Improving how we recognize and celebrate success

Responses from contributors have so far revolved around a similar theme – the desire for more clearly-defined projects and goals for teams, along with more communication from leadership.

“Define goals and deliverables for each project deliverable,” Daniel Bachhuber suggested. “Once these are defined, it’s much easier to estimate the level of effort and resources required. Distinguish between full-time sponsored, part-time sponsored, and completely volunteer labor. Each of these three do not work at the same pace. It’ll be much easier to estimate a team’s velocity if you know what type of labor you have to work with.”

Meagen Voss offered some valuable insight from a newer contributor’s perspective. She said the leadership of the project is very unclear and that people could benefit from that information being more prominently published. She also suggested that WordPress explore the idea of having ambassadors for each team to facilitate communication and collaboration across projects.

You get to know your team very well, but no so much other teams. I’ve met some great folks in Slack and am getting to know the two groups I’m involved in super well. But if I have an issue or a question that needs to be addressed to another group, then I would have to hang out in that team’s channel for a while to figure out who the right person is to get in touch with. Identifying “ambassadors” or points of contact for each group could be a quick and helpful way to address that.

The conversation is still open for contributors to jump in and share their own challenges and suggestions. Haden plans to follow up with the next steps after gathering more feedback. Action born out of these conversations has the potential to greatly improve contributors’ experiences working together, resulting in fewer people burning out on communication struggles or losing momentum from lack of clearly defined objectives.

Matt: Thich Nhat Hanh on Tea

Wordpress Planet - Wed, 01/23/2019 - 21:27

Drink your tea slowly and reverently, as if it is the axis on which the world earth revolves – slowly, evenly, without rushing toward the future.

— Thich Nhat Hanh in The Miracle of Mindfulness

WPTavern: WooCommerce Launches New Mobile Apps for iOS and Android

Wordpress Planet - Wed, 01/23/2019 - 05:35

This week marks the first public release of WooCommerce’s new mobile app for Android and the improved version for iOS. WooCommerce began beta testing the Android app late last year and the original iOS app has been updated to offer the same features.

This first release should be considered a basic start that is mostly useful for tracking store performance with detailed stats and getting alerts for new orders and product reviews. Users cannot add or edit products and the app does not yet allow for switching between stores. The first release offers basic order management and fulfillment but does not include the ability to change order status. The mobile apps don’t yet live up to their tagline of “Your store in your pocket,” but it’s a good starting place.

According to the Google Play Store, the WooCommerce app has been installed more than 10,000 times and the response from users has been mixed. The app is averaging a 2.5-star rating after early reviews from 45 users. The iOS app has received similar responses. Many of the negative reviews are due to connection/login issues and the requirement for stores to use Jetpack.

“This has promise, but get rid of the need for Jetpack,” one reviewer wrote. “There are other secure ways of syncing up. Other apps have done it for years. This app has been long overdue, but is poor in execution when you need to install a plugin that tends to bog down your site and that most don’t need. Give an alternative means of syncing and allow us to edit at least the basics of a product on the go.”

WooCommerce marketing representative Marina Pape explained the Jetpack requirement in a post announcing the mobile apps’ launch:

The Jetpack plugin connects your self-hosted site to a WordPress.com account and provides a common authentication interface across lots of server configurations and architectures.

Both Apple and Google only allow a single trusted sender for pushes for security reasons (read more), making Jetpack the best way for us to give you modern mobile app features like push notifications.

In order to connect sites with the app, Jetpack creates a shadow site on WordPress.com’s servers and syncs quite a bit of data. Although this list of data is transparently outlined, the Jetpack requirement is a deal breaker for some users. They either object to sharing their data or believe the plugin will slow down their stores. Until the app’s features are more compelling than the detriments users perceive in Jetpack, it may lose a few users based on this requirement.

According to BuiltWith, WooCommerce is now the most popular shopping cart technology used by 22% of the top 1 million websites, with competitors Shopify and Magento not too far behind at 17% and 13% respectively. Having a new mobile app should help WooCommerce remain competitive, but the team needs to keep iterating on the app to make it more useful for those managing stores on the go.

WPTavern: Gutenberg Phase 2 to Update Core Widgets to Blocks, Classic Widget in Development

Wordpress Planet - Tue, 01/22/2019 - 21:11

Gutenberg phase 2 development is underway and one of the first orders of business is porting all existing core widgets to blocks. This task is one of the nine projects that Matt Mullenweg outlined for 2019, along with upgrading the widgets-editing areas in wp-admin/widgets.php and adding support for blocks in the Customizer.

Contributors on phase 2 are also developing a Classic Widget, which would function as a sort of “legacy widget block” for third-party widgets that haven’t yet been converted to blocks. There may be many instances where plugin developers have not updated their widgets for Gutenberg and in these cases their plugins would be unusable in the new interface without the option of a Classic Widget. This block is still in the design stage.

The widgets.php admin page will need to be completely reimagined as part of this process. Mark Uraine, a designer who works at Automattic, created some mockups to kick off the discussion about what this screen might look like.

These mockups are just explorations of where widgets may be headed next, and they do not take into account everything that will be required of this screen.

Nick Halsey, one of the maintainers for WordPress’ Customize component recommended abandoning this screen altogether in favor of showing widget block areas in the Customizer:

The widgets admin screen has a fundamental disconnect with the way that widget areas actually work – with different areas showing in different parts of the screen and potentially on different parts of the site. It will be very difficult to clearly reflect the frontend page structure on this screen in a way that users will be able to understand. Experimenting with contextual approaches to this experience in the customizer offers numerous opportunities for this fundamental problem to be solved. Starting with the visible edit shortcuts that are already in core, revamped widgets could be edited directly on the frontend (of the customize preview) or in an overlay that is more directly related to the display on a particular screen. The ability to navigate to different parts of the site within the customize preview solves a problem that this screen will never be able to address.

Getting blocks to work in the Customizer is also part of phase 2, but conversation on the ticket related to wp-admin/widgets.php indicates the team is not going to abandon this screen just yet.

“While this screen will eventually be deprecated in the future, especially as more of the site is built in Gutenberg, it’s a necessary “baby step” to get us all there together,” Uraine said. “Maybe the best thing is to keep the existing layout, but just allow the use of all blocks within the accordion content areas? This will keep our resources and investment minimal on this particular piece with just a few suggested tweaks to the mockup in the initial post. It will also allow us to move to the Customizer more quickly.”

Gutenberg accessibility contributor Andrea Fercia encouraged contributors to address accessibility before creating visual mockups by designing the information architecture first. He encouraged them to organize the required information and controls while thinking about how someone might navigate them in a linear way.

“The customizer is not fully accessible,” Fercia said. “The admin widgets screen is the only place where persons with accessibility needs have a chance to manage widgets without having to face big accessibility barriers.”

Discussion on the future of the widget management screen continues in the ticket and contributors are looking to get more input during this exploration stage. There’s also a project board where anyone can share a blog post with their own explorations.

Porting widgets to blocks has its own project board if you want to follow along or jump in on an issue. Most of the core blocks are already finished and a handful are still in progress.

Updating the widgets management page and bringing blocks into the Customizer is a major overhaul but will further unify WordPress’ interface for editing and previewing content. Widgets have served WordPress well over the years, making it easy for users to customize their websites without having to know how to code. The feature has also survived many evolutions, eventually making its way into the Customizer five years ago in WordPress 3.9. One of the limitations with widgets is that they can only be used in “widgetized” areas. Transforming widgets into blocks removes that limitation and makes it possible to use widgets in posts and pages as well.

Dev Blog: WordPress 5.1 Beta 2

Wordpress Planet - Tue, 01/22/2019 - 01:01

WordPress 5.1 Beta 2 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the beta here (zip).

WordPress 5.1 is slated for release on February 21, and we need your help to get there!

Over 110 tickets have been closed since beta 1, many of which are documentation and testing suite improvements. Here are the major changes and bug fixes:

  • Several refinements and bug fixes related to the Site Health project have been made.
  • The pre_render_block and render_block_data filters have been introduced allowing plugins to override block attribute values (#45451, dev note coming soon).
  • get_template_part() will now return a value indicating whether a template file was found and loaded (#40969).
  • A notice will now be triggered when developers incorrectly register REST API endpoints (related dev note).
  • Bulk editing posts will no longer unintentionally change a post’s post format (#44914)
  • Twemoji has been updated to the latest version, 11.2.0 (#45133).
  • A bug preventing the Custom Fields meta box from being enabled has been fixed (#46028).
  • The treatment of orderby values for post__in, post_parent__in, and post_name__in has been standardized (#38034).
  • When updating language packs, old language packs are now correctly deleted to avoid filling up disk space (#45468).
Developer Notes

WordPress 5.1 has many changes aimed at polishing the developer experience. To keep you informed, we publish developers notes on the Make WordPress Core blog throughout the release cycle. Subscribe to the Make WordPress Core blog for updates over the coming weeks, detailing other changes in 5.1 that you should be aware of.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! The beta 2 release als marks the soft string freeze point of the 5.1 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Do you enjoy bugs?
I don’t. So, we fixed them all.
Well, not all. But close.

WordPress 5.1 Beta 2

Wordpress News - Tue, 01/22/2019 - 01:01

WordPress 5.1 Beta 2 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the beta here (zip).

WordPress 5.1 is slated for release on February 21, and we need your help to get there!

Over 110 tickets have been closed since beta 1, many of which are documentation and testing suite improvements. Here are the major changes and bug fixes:

  • Several refinements and bug fixes related to the Site Health project have been made.
  • The pre_render_block and render_block_data filters have been introduced allowing plugins to override block attribute values (#45451, dev note coming soon).
  • get_template_part() will now return a value indicating whether a template file was found and loaded (#40969).
  • A notice will now be triggered when developers incorrectly register REST API endpoints (related dev note).
  • Bulk editing posts will no longer unintentionally change a post’s post format (#44914)
  • Twemoji has been updated to the latest version, 11.2.0 (#45133).
  • A bug preventing the Custom Fields meta box from being enabled has been fixed (#46028).
  • The treatment of orderby values for post__in, post_parent__in, and post_name__in has been standardized (#38034).
  • When updating language packs, old language packs are now correctly deleted to avoid filling up disk space (#45468).
Developer Notes

WordPress 5.1 has many changes aimed at polishing the developer experience. To keep you informed, we publish developers notes on the Make WordPress Core blog throughout the release cycle. Subscribe to the Make WordPress Core blog for updates over the coming weeks, detailing other changes in 5.1 that you should be aware of.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! The beta 2 release als marks the soft string freeze point of the 5.1 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Do you enjoy bugs?
I don’t. So, we fixed them all.
Well, not all. But close.

WPTavern: WPML Alleges Former Employee Breached Website and Took Customer Emails

Wordpress Planet - Mon, 01/21/2019 - 16:21

Over the weekend, many WPML customers received an unauthorized email from someone who claimed to have hacked the company’s website and gained access to customer emails. WPML founder Amir Helzer suspects that the attacker is a former employee.

“The customer is an ex-employee who left an exploit on the server (not WPML plugin) before leaving. Besides fixing the damage, we’ll also be taking legal actions,” Helzer said Saturday night.

The WPML team worked around the clock over the weekend to secure their systems and sent out an email informing customers of the incident. They also assured customers that the WPML plugin does not contain an exploit and that payment information was not compromised. The company published an announcement to their website, detailing the incident and their response:

We updated wpml.org, rebuilt everything and reinstalled everything. We secured access to the admin use 2-factor authentication and minimized the access that the web server has to the file system.

These are more precautions than actual response to the hack. Our data shows that the hacker used inside information (an old SSH password) and a hole that he left for himself while he was our employee.

This hack was not done via an exploit in WordPress, WPML or another plugin, but using this inside information. In any case, the damage is great and it’s done already.

WPML urges customers not to click on any links in the email the attacker sent out and recommends they change their passwords for wpml.org. The attacker has customer names, emails, and sitekeys, but WPML said the sitekeys cannot be used to push changes to customer websites.

Helzer is convinced that the attack was an inside job and suspects two former employees. He and his team are working to provide evidence to the authorities. He said the the nature of the attack demonstrates that it was likely not an outside hacker:

  • The first time our site was breached was on the day we fired an employee, who had access to our servers. We didn’t identify the breach at that time. However, once we got hacked, we analyzed the original hole and we found in our log when it was placed (yup, he deleted the log, but he didn’t delete the backup). Now that we finished cleaning up the mess, we’re going through all logs and collecting the full evidence.
  • The attacker targeted specific code and database tables that are unique to our site and not generic WordPress or WPML tables.
  • The attacker crafted the attack so that it would cause us long term damage and not be apparent in first sight. That long-term damage is very difficult to guess without knowing our business objectives and challenges. This is information that our employees have, but we don’t disclose.

The idea that a former employee who is known to the company would risk performing these illegal actions is difficult to grasp, even in the case of someone who was fired and may have been acting in retaliation. The risks of being caught seem too great.

“In many jurisdictions including the USA, this is jail time,” Wordfence CEO Mark Maunder said. “So I find it quite incredible that an employee would leave a backdoor, use it to deface their site, steal their data and email all subscribers. This is the infosec equivalent of walking into a police precinct and tagging the wall while the cops watch.”

Helzer said the incident should serve as a wakeup call for companies that employ remote workers. It highlights the importance of having procedures in place for revoking employee access to all systems used as part of day to day operations.

“We have to admit that our site was not secured well enough,” Helzer said. “If someone previously had admin access and stopped working for us, we should have been more careful and avoided this situation.

“This can be a wakeup call for others. We talk a lot about the benefits or remote work and most of the WordPress industry works remotely. This made us realize that we need to be a lot more pessimistic when we allow any access to our system.

“For example, the fact that we’re now coding for ourselves a requirement to login with 2fa, means that we’re not alone in this exposed situation.”

The attacker’s unauthorized email and WPML’s response email went out over the weekend, so many customers will be learning of the incident today when they return to work. Helzer said customers have been supportive so far.

“I think that customers appreciate the fact that we contacted them as fast as we could and we dropped everything and ran to handle this,” he said. “I think that we’ll still have damage. Clients did not run away from us right now but a good reputation is something that you build over years. A nasty incident like this stays ‘on your record.’ This is our livelihood and we take it seriously.”

WPTavern: WPML Website Hacked, Customer Emails Compromised

Wordpress Planet - Sun, 01/20/2019 - 02:32

On Saturday, January 19, WPML customers started reporting having received an email from someone who seems to have hacked the plugin’s website and gained access to customer information.

Got same mail and there is this text on #wpml website visible now. What happened guys? #security #hack #vulnerability #0day or something? #WordPress

— Gytis Repečka (@gytisrepecka) January 19, 2019

The hacker claims to be a disgruntled customer who had two websites hacked due to vulnerabilities in the WPML plugin:

WPML came with a bunch of ridiculous security holes which, despite my efforts to keep everything up to date, allowed the most important two of my websites to be hacked.

WPML exposed sensitive information to someone with very little coding skills but merely with access to the WPML code and some interest in seeing how easy is to break it.

I’m able to write this here because of the very same WPML flaws as this plugin is used on wpml.org too.

The hacker also claims to have exploited the same vulnerabilities in order to send the email to WPML’s customers and has published the same message to the plugin’s website. The text is still live at this time and product pages have also been defaced.

Defaced product features page, for example. pic.twitter.com/MWNZh6g1HQ

— Wordfence (@wordfence) January 20, 2019

The commercial multilingual plugin has been in business since 2009 and is active on more than 600,000 WordPress sites. It is a popular plugin for business sites in Europe, North America, Asia, and South America, especially those with a global audience. Customers are still waiting for an official explanation from WPML.

We contacted the company for comment but have not yet received a response. If you are using the plugin, you should deactivate it until the company pushes an update to patch the security vulnerabilities. This story is developing and we will publish new information as it becomes available.

Update from WPML founder Amir Helzer: “The customer is an ex-employee who left an exploit on the server (not WPML plugin) before leaving. Besides fixing the damage, we’ll also be taking legal actions.”

WPTavern: WPWeekly Episode 343 – Newspack, Expanding Leadership, and Cory Miller

Wordpress Planet - Fri, 01/18/2019 - 22:57

In this episode, John James Jacoby and I discuss Automattic’s quest to create a new service tailored to journalists. We discuss what’s next for Cory Miller as his chapter at iThemes ends later this month. Near the end of the show, we talk about recent leadership changes in the WordPress project and share our opinions of Slack’s new logo.

Stories Discussed:

Thirty-Five

Journalism and Newspack

Embarking On My Next Adventure

WordPress 5.1 Schedule Updates

Expanding WordPress Leadership

Slack’s New Logo

How WordPress Knows What Page You’re On

WPWeekly Meta:

Next Episode: Wednesday, January 23rd 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #343:

WPTavern: WordPress.com Secures $2.4 Million in Funding from Google and Partners to Build a Publishing Platform for News Organizations

Wordpress Planet - Thu, 01/17/2019 - 22:52

WordPress.com has announced plans to create a new, open source publishing platform that caters to small and medium-sized news organizations. The Google News Initiative has contributed $1.2 million towards the development of “Newspack” on top of WordPress.com’s infrastructure.

Automattic and Google have joined with other contributing partners from the broader world of journalism for a total of $2.4 million in funding for the first year of the project. These partners include The Lenfest Institute for Journalism ($400K), ConsenSys, the venture studio behind Civil Media ($350K), The John S. and James L. Knight Foundation ($250K), and an additional partner who will join later this month. Spirited Media and News Revenue Hub will also contribute to the creation of the platform.

Local news organizations are critical for a healthy democratic society, keeping the public informed about things happening close to home. The move to digital news consumption has forced consolidation in the news industry where larger players have come out ahead while smaller publications struggle to stay above water.

In a report called “The Expanding News Desert,” published in 2018, researchers at the University of North Carolina found that nearly one in five newspapers has disappeared during the past 15 years. Many others have become “ghost newspapers,” shells of what they once were – either absorbed by larger dailies that purchased them or suffering from a severely pared back newsroom that is unable to adequately cover local events.

WordPress.com has amassed an expert team to address this crisis in local news. The Newspack platform will cater to the technological and editorial needs of smaller newsrooms, with the monetization tools to make their work sustainable. WordPress.com is currently accepting applications for charter participants and plans to launch in beta near the end of July 2019.

Open Source Newspack Platform to Offer an Alternative to Expensive Proprietary CMS’s

The WordPress community has speculated widely about what shape Newspack will take, whether it will be like WordPress.com VIP tailored to publications or something similar to Jetpack with a curated set of tools that could be used by self-hosted sites through SaaS upgrades. According to WordPress.com president Kinsey Wilson, a former executive for NPR and The New York Times who joined Automattic in 2018, the platform may end up being a hybrid of approaches.

“It’s still very early in the process, but I expect elements of both VIP and Jetpack to inform this,” Kinsey said. “Newspack will be part of the WordPress.com platform, but we’re going to be working on a highly curated experience tailored to these news organizations, with individualized support available across editorial and business.”

The platform will support plugins that solve problems publishers experience at the local level and will also include Gutenberg-specific editorial tools.

“It will leverage Gutenberg,” Kinsey said. “A few examples of the tools that might be launched with Newspack include email integration for marketing and editorial; programmatic ad integration, analytics, real-time backups, and revenue generating tools for subscriptions and e-commerce. We hope to work closely with partners across the WordPress ecosystem for potential ways to work with services that are beneficial to news organizations.”

The most important distinction of the Newspack platform is that it will be open source. That also puts it directly in competition with proprietary CMS’s like Arc, Vox Media’s Chorus CMS, and MediaOS, that are prominent in the news industry right now. Instead of working together, larger media companies have opted to build their own CMS’s and many of them are also licensing enterprise versions to publishers or offering them as SaaS solutions.

I asked Kinsey if Newspack will be something news organizations could self-host or if it will be inextricably tied to WordPress.com’s infrastructure. WordPress.com is making it open in the sense that publishers will not be tied to using it forever if they want to their information and copy the same setup somewhere else.

“It is not only open source, it will be designed so that at any point in time any individual site or even a commercial competitor could capture an image of the setup and port it to another platform,” Kinsey said. “The value we offer is our knowledge of the news industry, our ability to keep pace with new requirements, and our ability to vet various plug-ins and open-source contributions to the project for security and interoperability — all at an attractive operating cost of between $1,000 and $2,000 per month. In addition, we hope to expose news organizations to a wider community of like-minded developers and to create an on-boarding system that simplifies the setup.”

Operating costs on proprietary platforms are much higher than what WordPress.com is planning for Newspack. Arc costs smaller publishers $10,000 per month in software licensing fees and can cost up to $150,000 monthly for larger publications. Vox media executives told the Wall Street Journal that the company “plans to sell Chorus at different pricing tiers depending on the demands of each customer with fees in the six and seven-figure ranges.” Small local news publications are often priced out of using a publishing platform like this.

“It breaks my heart how much of their limited resources these organizations still sink into closed-source or dead-end technology,” Automattic CEO Matt Mullenweg said in a post introducing Newspack on his blog. “Open source is clearly the future, and if we do this right Newspack can be the technology choice that lasts with them through the decades, and hopefully our 15 years of growth lends some credibility to our orientation to build things for the long term.”

Google’s support of Newspack is in line with its history of building with and supporting open source projects. When asked for clarification on Google’s investment in the project, Kinsey said, “It is a donation that is intended to support work that otherwise would not likely find commercial support because of the relatively modest means of small digital publishers.”

WordPress.com’s Newspack announcement comes on the heels of the news of Digital First Media’s unsolicited $1.36 billion bid for Gannett. The future of local news is tenuous, as larger players in the industry press for more consolidation and cost-cutting journalism. In the same week, Facebook, who has had a hot and cold relationship with publishers, announced the company is investing $300 million to support local news.

In recognition of the dire situation facing many local newsrooms, the largest companies on the web are committing funds to help them find a sustainable business model. WordPress.com’s Newspack platform, with its affordable, open source alternative to proprietary systems, is positioned to make a strong impact during this seminal time in the evolution of the news industry.

“By itself, an open source CMS is not going to help news organizations remain independent,” Kinsey said. “However, by helping new, emerging organizations overcome the complexity and cost typically associated with technology deployment and instead allowing them to focus resources on journalism and smart business practices, we think we can help them become more sustainable.”

Boom

Drupal Themes - Thu, 01/17/2019 - 18:53

This theme blows your mind. It is the source of all creation, all that a themer holds important: semantic HTML. It is the Big Boom.

Matt: My TED Video on the Future of Work

Wordpress Planet - Wed, 01/16/2019 - 20:32

I was thrilled to participate in TED’s new video series, The Way We Work, and not surprisingly I made the case that distributed work is where everything is headed.

&version;Why Working from Home Is Better for Business

This company is so dedicated to remote working that they literally don't have an office. Here's why a "distributed" workforce is better for business — and employees:

Posted by The Way We Work on Monday, January 14, 2019

It has over 130,000 views already! What I really love about this video in particular is that we get into the specifics of how a company can start to embrace a culture of letting employees work from anywhere, even if it started out as a traditional office with everyone in the same place. Automattic never started that way, so even as we’ve scaled up to more than 840 people in 68 countries, there’s never been a question — it’s now built in to our entire culture.

For distributed work to scale up, it’s going to require more CEOs, workers, and managers to test the waters. Any company can experiment with distributed work — just pick a day or two of the week in which everyone works from home, I suggest Tuesdays and Thursdays, then build the tools and systems to support it. Yes, that may require some shuffling of meetings, or more written documentation versus verbal real-time discussion. But I think companies will be surprised how quickly it will “just work.”

If the companies don’t experiment, workers may force them to do it anyway:

I don't think tech folks quite understand how pervasive remote work has become. It's not even a debate anymore, it's a full on revolution. Hard to do any recruiting these days and not constantly run into talented folks who will never go back to working in an office again.

— Max Lynch (@maxlynch) January 14, 2019

Pages