Wordpress News

WPTavern: WordPress 4.9.1 Released, Fixes Page Template Bug

Wordpress Planet - Thu, 11/30/2017 - 04:07

WordPress 4.9.1 is available for download and is a maintenance and security release. This release addresses four security issues in WordPress 4.9 and below that could potentially be used as part of a multi-vector attack. According to the release notes, the following changes have been made to WordPress to protect against these vulnerabilities.

  1. Use a properly generated hash for the newbloguser key instead of a determinate substring.
  2. Add escaping to the language attributes used on html elements.
  3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  4. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Rahul Pratap Singh and John Blackbourn are credited with responsibly disclosing the vulnerabilities. In addition to the changes above, 4.9.1 fixes eleven bugs, including the Page Template issue we wrote about last week. Many sites have already updated to 4.9.1 automatically. To see a list of detailed changes, check out this post on Make WordPress Core.

WPTavern: Distributor Plugin Now in Beta: A New WordPress Content Syndication Solution from 10up

Wordpress Planet - Wed, 11/29/2017 - 23:19

10up published a preview of its Distributor plugin today, a new solution for syndicating content across WordPress multisite networks and the web. The plugin, which the company plans to release for free, is currently in final closed beta. It enables content managers to either “push” or “pull” content to/from sites where they have permission to publish.

image credit: 10up

Distributor includes the ability for editors to make changes to the original post and have linked copies automatically inherit the changes. This includes post content, post meta (custom fields), and taxonomy terms. It also ensures that content is SEO-friendly by providing canonical links that prevent duplicate content issues.

The plugin differs from many existing content syndication solutions, which traditionally make use of RSS or XML/RPC, in that it is built using the REST API.

“The main technical advantage of the REST API is that it’s a ‘standard’ inside core for sharing information across sites,” 10up President Jake Goldman said. “Outside of multisite, we never even considered another approach. It is worth saying that you do need Distributor installed on both ‘ends’ for all of its features to work across the REST API – we need to extend the REST API a bit to get everything to pull across (plus the handling of ‘linked’ copies).”

Goldman said that although “syndication” means many different things to different people, the “classic” use case of simply pulling from a source, such as ingesting content from a newswire, is not exactly the use case for Distributor. He said the team behind the plugin is perhaps more excited about the “push” implementation. In building their own solution, 10up also incorporated its trademark lean/streamlined UI, as many existing solutions are more complicated to use.

“We’re definitely aware that there are other takes at a good content sharing workflow,” Goldman said. “We even helped Automattic refactor their solution a few years ago, which they use on VIP. We took a bit of inspiration from that project, including the modular ‘connection’ types. In earnest, when trying to help our clients find solutions that were intuitive, extensible, and engineered to an enterprise grade, we just couldn’t endorse any of the options we found. It’s more a UX problem – clunky workflows, overwhelming interfaces, feature overload (I prefer a certain simplicity) – than anything, though we also have concerns about how modular / customizable some of the other solutions are.”

10up Plans to Release Distributor on WordPress.org Following the Closed Beta

10up currently has several clients using Distributor, including large publishers with several properties/magazines/newspapers, as well as large technology businesses using it for their news and media features across a network of sites. The plugin is in final closed beta but 10up is granting early access to those with interesting use cases.

“We’re casting a pretty broad net in terms of ‘appropriate’ use cases for the beta; in fact, we’re hoping that broader beta testing will open our eyes to great use cases within the scope of its purpose that we hadn’t considered,” Goldman said. “We’ve already heard from some very large publishers, some smaller digital publishers, universities, public school systems, some enterprises with multiple properties, agencies interested in staging content, and just engineers who own multiple sites that share content – we’re excited about all of these use cases!”

Goldman said his team is most curious to see Distributor applied to use cases that aren’t simply “news and publishing,” including CRMs and product businesses with multiples sites that share content. 10up has not yet tested specific plugins for full compatibility with Distributor, but Goldman said pre-version 1.0, it should work with any plugin that adds custom post types and fields/taxonomies “the WordPress way.”

“In fact, Distributor checks to see which sites support the same post type and terms before it offers a list of sites you can ‘distribute’ content to (so you can’t ‘distribute’ a WooCommerce product to a site not running WooCommerce),” he said. Selling the same products across multiple stores, with automatically updating inventory and price changes, is just one of the many interesting use cases for Distributor.

Goldman said the team anticipates taking the plugin out of beta and putting it on WordPress.org by mid to late Q1 of 2018, in approximately 2-3 months, depending on feedback from testers. 10up does not currently have a plan to monetize the plugin.

“I never want to rule out that there are ‘eventually’ opportunities for commercialization, but I can honestly say that isn’t anywhere on our roadmap or consideration set at the moment,” Goldman said.

Those who want to get in on the Distributor beta before it is publicly available can sign up on the plugin’s website with a quick explanation of your use case. 10up will send a copy of the plugin for testing.

Dev Blog: WordPress 4.9.1 Security and Maintenance Release

Wordpress Planet - Wed, 11/29/2017 - 20:33

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

  1. Use a properly generated hash for the newbloguser key instead of a determinate substring.
  2. Add escaping to the language attributes used on html elements.
  3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  4. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Thank you to the reporters of these issues for practicing responsible security disclosure: Rahul Pratap Singh and John Blackbourn.

Eleven other bugs were fixed in WordPress 4.9.1. Particularly of note were:

  • Issues relating to the caching of theme template files.
  • A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
  • The inability to edit theme and plugin files on Windows based servers.

This post has more information about all of the issues fixed in 4.9.1 if you'd like to learn more.

Download WordPress 4.9.1 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.1:

Alain Schlesser, Andrea Fercia, Angelika Reisiger, Blobfolio, bobbingwide, Chetan Prajapati, Dion Hulse, Dominik Schilling (ocean90), edo888, Erich Munz, Felix Arntz, Florian TIAR, Gary Pendergast, Igor Benic, Jeff Farthing, Jeffrey Paul, jeremyescott, Joe McGill, John Blackbourn, johnpgreen, Kelly Dwan, lenasterg, Marius L. J., Mel Choyce, Mário Valney, natacado, odyssey, precies, Saša, Sergey Biryukov, and Weston Ruter.

WPTavern: Four Things I’d Like to See in This Year’s State of the Word

Wordpress Planet - Wed, 11/29/2017 - 17:38

This weekend, WordPressers from far and wide will descend upon Nashville, TN, for WordCamp US. One of the highlights of the event is Matt Mullenweg’s State of the Word. Last year, Mullenweg shared a variety of statistics, made a few announcements, and plotted a new course for WordPress development.

As the event draws near, here are some things I’d like to see addressed in this year’s State of the Word.

Will There Be A Renewed Effort to Make Calypso Plugin Aware?

During the 2016 State of the Word, Mullenweg announced that Calypso became plugin aware.

Plugin Aware Calypso

The idea was that plugins that are actively installed on more than 1 million sites could participate in an experimental program that would add meta box support and other plugin specific features to Calypso. To this day, this has not materialized and I’d like to know what happened and if there will be a renewed effort in 2018.

An Update on WordPress Foundation Supported Initiatives

Last year, we learned that WordCamp Central became its own Public Benefit Corporation while the WordPress Foundation maintained its non-profit status. In addition, the Foundation announced support for like-minded non-profits such as, Hack the Hood, Internet Archive, and Black Girls CODE.

I’d like to know how much money the Foundation has contributed to these causes and if any progress has been made on providing educational workshops in underdeveloped countries.

An Update on WordPress’ Development/Release Strategy

A year into WordPress’ new development and release strategy, I’d like to know what challenges he and the team have faced and overcome. I’d also like to know if the results he has seen thus far warrant continuing the experiment in 2018.

Take an Opportunity to Explain What Gutenberg Really Is

Last year, Mullenweg surprised the community by announcing that the WordPress post editor would be revamped. Since then, we’ve learned that the project’s name is Gutenberg and it’s about more than just the editor. I’d like to see Mullenweg take this unique opportunity to provide a deeper explanation into what the project is and why it’s pivotal for WordPress’ continued success.

This year’s State of the Word will be presented on Saturday, December 2nd, at 4PM Eastern. If you can’t see it in-person, you can watch it for free via the livestream.

HeroPress: WordPress Gave Me the Perfect Identity

Wordpress Planet - Wed, 11/29/2017 - 12:00
How it all began… I just love this picture of myself..hehehe

I remember when cybercafés started trending in Nigeria; I had just finished high school and was awaiting my results for admittance into the university. I would spend not less than 10 hours surfing the internet every day, all my pocket money went into buying bulk time at cafes. My first email was opened in 2002 on my 1st attempt to surf the internet. Spending my day at cafes continued till I left the university after which I bought a desktop computer and a modem. You can imagine my excitement as being a proud owner of a PC even though it was a desktop PC.

You see, my first degree was in Philosophy. I remember my dad asking me if I was sure about that course because prior to my senior school leaving exams I had always said I was going to study business administration. What business administration was, to be honest, I had no idea, I only wanted it because I had the impression it was a cool course and I would be a corporate employee in a big firm strutting around in my skirt suit looking all glamorous.

Funny right?

Anyway i always had a thing for Philosophy so you can imagine my enthusiasm when I discovered Philosophy was a course of study, of course I opted to study Philosophy in 2004 and graduated in 2008. However my love for the internet did not reduce by the way. I not only surfed the internet but I spent a lot of time freelancing and testing my skills as a ghost writer on different freelancing sites. I also went into blogging as well in 2009. I tried using blogger, hubpages and WordPress, but oh my, I found WordPress so complicated for me because I did not understand how it worked so I stuck with blogger and hubpages.

Growing up as a Timid but Curious Cat… I and my little brother. Haa of course we all grown now. Haha

During my younger years and even up to two years ago I was always a shy person deep down in my mind, but alas quite a number of people thought I was bold. This might be because 99.9% of my friends were males, or maybe not. Perhaps this could also be because I grew up with 3 brothers and no sister. It’s quite shocking though that they thought that way because it is only quite recent that I cultivated the courage to speak my mind. Prior to a year ago (2016), expressing my feelings by speaking the words out was a herculean task; this was what led me to starting a personal blog around 2009. I needed to let out my feelings and since I dared not speak them out, I blogged them.

Blogging gave me a voice and a medium to express my thoughts and I became a better writer with each passing script. After my one year government mandated youth service in 2010 which is required of every Nigerian citizen after a bachelor’s degree, I bought an HP Mini Laptop. Can you imagine my excitement at owning a personalized computer? This I could carry around, my happiness knew no bounds.

In 2010 thanks to the social network Facebook I met an Uncle of mine and we became BFF’s {Best Friends Forever} even though we had never met physically before. He was in Rome at the period we met studying Media and Communication. He came back home in 2012 but his job as a Salesian Brother took him to Ghana. Of course I made sure to keep a date with him when he came back home briefly in 2012 before heading to resume in Ghana. We had cake and ice cream at my favourite café that day.

I and my BFF Uncle..Hehe Rediscovering WordPress…

Then came 2015, I ended a horrid relationship and i lost my best friend female; I mean I thought I was in love, but alas I had loved the idea of loving a person. I was not happy and I wanted a breath of fresh air and a change of environment. At that period, I had obtained a postgraduate diploma in mass communication and I had started a Masters Degree in Information Management and my required 3 months internship was coming up that summer. I decided to volunteer in Ghana at the headquarters of the Salesians of Don Bosco in West Africa {SDBAFW} where my Uncle was. My time there was beyond awesome and a new beautiful story in my life chapter.

I met a lot of amazing people and made new friends within the SDB community in Ashaiman, Ghana i and other volunteers and great friends at Kakum National Park in Cape Coast, Ghana

I worked in the communications department at the SDBAFW province. My Uncle knew how much I loved blogging and he had been my writing tutor for a while, so one day he asked why I was not blogging on WordPress. Of course I went on about how difficult and complicated the platform was, he sighed, told me their organization website was built on WordPress and he gave me a folder with tutorial videos made by Morten Rand-Hendriksen for beginners to go watch.

After two weeks of watching those videos, my life changed. You see prior to 2015 I treated my time online as a purely personal affair because I was just passionate about being online right, exploring, freelancing and discovering. I never thought it would become something I could make a full time career out of. I was still pursuing a career in Human Resources since managing people was another thing I was great at. In late 2015 I had joined a series of online Facebook groups and I was wowed by one in particular run by John Obidi (SmartBCamp) because I saw a lot of people earning an income from things I did and knew for the fun of it. I found myself asking what planet I had been living on and why I had not made my passion my business.

Hence I made a decision in 2016 to make my passion my business, I decided to move to Lagos since I was done with my Master’s coursework and focus on this new journey of mine. Meanwhile in December of 2015, a woman had contacted me saying she loved how my blog UX on WordPress looked and if I could work on hers.

As at then I didn’t even know the difference between wordpress.com and wordpress.org so I started googling which is something I’m also great at.

I took on the task of redesigning her website and I started troubleshooting all the current issues she had on her site, I read up a lot, I visited the WordPress.Org/showcase and was wowed with all the good things I could do with WordPress.org, I especially loved Snoop Doggs website and told myself my goal would be to be able to make a project that would look like that one day. But of course the first few sites I designed were horrible, when I look back at them now I wonder what was going on in my head when I designed them.

A typical day for me in front of my PC

Alas I had great online plans for the year 2016 but up until the middle of year 2016, I had a series of bad experiences that sent me back to the stone age and my parents house; I blogged about it here. They were bad experiences alright, but a lot of good came out of them. I got saved bit by bit and found my rhythm again. Meanwhile I was already falling in love with WordPress so I decided to look for ways to give back. That’s when I stumbled upon make.wordpress.org and discovered there were so many ways to give back. I was not a programmer alright so what will I go to do in Core or CLI or any other similar place, I automatically went for the community.

Building the Nigerian WordPress Community…

In November 2016 I made one of the best decisions that turned my life around. I was fed up because the entire year had not turned out in any way I had planned in December 2015 of the previous year. So I made an interesting decision to turn off my data and go to sleep by 10pm. Trust me this was a big decision for me before I would usually freak out if my data wasn’t functioning or if my phone battery died. Anyway during this period I had moved back to my parents’ right and I needed to work in a quiet room because I so much needed to focus.

Also by now I had discovered there was a WordPress Meetup community in Lagos but when I applied I did so for Ogun which is my state, but during my conversations with WordPress Global they had requested if I would be willing to join the Lagos WordPress Group, at first I was a little hesitant because Lagos is an hour drive from my town, I don’t have a car, so that adds another one hour. Surely you can’t live in Lagos and not know Lagos and traffic are best buddies so that adds another hour to my trip. Without thinking too much about it I agreed. Looking back today I do not regret it one bit.

This started my journey as a WordPress Lagos Community Co-organizer and a Community Deputy.

the first meetup i had as a Lagos co-organizer

This is 2017 right, I must not fail to mention it to you that my income in the last one year has come solely from WordPress Web Design. Today the Nigerian WordPress has grown, still growing definitely, the Lagos WordPress Meetup group has also grown and we have had 8 Meetups this year. I have made great friends and co-organizers in the community who are dedicated to building and sharing their WordPress knowledge with the community like I am. We are hosting the very first Nigerian WordCamp in Lagos on March 10 2018 at the Civic Centre in Victoria Island, Lagos. I must not forget to mention that we also now have an Ijebu WordPress Community; that’s my town alright  .

this was our 4th meetup event this year this was our first meetup event this year our third meetup early this year WPlagos 30th Sept Meetup (5th meetup this year)

We recently created a google photos for our past meetups, click here to view them. So tell me why I shouldn’t be grateful? Why I shouldn’t fall in love with WordPress? Because this is all that has happened to me since I met WordPress, I have fallen head over heels in love with WordPress and I am excited.

What have i gained from WordPress?
  1. I overcame my stage fright fully because i have to get in front of the crowd at every meetup to do the introductions and introduce the WordPress communities.
  2. I attended my first WordCamp in Cape Town, South Africa. Click here to see my picture story. Coincidentally this was also my first time outside West Africa. I had never been in an aircraft for more than one hour before my trip.
  3. I have made money from WordPress Web Design Projects, enough to sustain me during my learning period. Still learning everyday.
  4. I jumped off Signal Hill in Cape Town, find post here; next up, sky diving.
At a WordCamp Cape Town session

My advice to you from my experience so far…

Always seek to understand the basics of whatever knowledge you seek…never jump in too fast, wanting to spiral to the top while ignoring the learning curve. You will crash down effortlessly if you do so and would have learnt nothing.

WordPress Gave Me the Perfect Identity Indeed…I no longer roam the internet..hehehe

The End…?
I Don’t Think So…
My Story has Just Begun. Stay Tuned….!

The post WordPress Gave Me the Perfect Identity appeared first on HeroPress.

Material Corporate

Drupal Themes - Wed, 11/29/2017 - 06:30

Material-Corporate

Presenting the fully responsive Drupal 8 theme based on material design. Install the theme and place the logo of your company in the root folder of the theme as logo.png and allow the theme to design your site.

Features

  • Responsive for any device
  • A total of 12 block region
  • Supported standard theme features: site logo, site name, site slogan, material-icons, images in nodes
  • Use of Google Fonts and Nice Typography
  • Drupal standards compliant
  • HTML5 & super clean markup
  • Ideal for corporate, business and personal sites

Current Browsers Supported

  • All Modern Mobile Browsers
  • Opera
  • Firefox
  • Chrome
  • Safari

WPTavern: WordCamp Albuquerque Gears Up for 5th Edition in January 2018

Wordpress Planet - Wed, 11/29/2017 - 02:30

WordCamp Albuquerque is gearing up for its 5th edition January 19-21, 2018, following events held in 2011, 2012, 2013, and 2016. An all-new organizing team is ready to invigorate the Southwestern WordPress community with an exciting array of world-class speakers and educational opportunities for both new and experienced users.

Lead organizer Alonso Indacochea said the team is expecting to host 300 attendees. Many of them will be coming from New Mexico, Southern Colorado, West Texas, and Arizona.

“The southwestern community is interesting because there are a lot of developers doing really interesting tech work, but a lot of it happens in silos due to government secrecy,” speaker wrangler Sam Hotchkiss said. “New Mexico has a rich history of technology, from the Manhattan Project and the creation of the first nuclear weapons to the formation of Microsoft, which was founded in Albuquerque in 1975.

“We’re trying to pull together that community to connect with each other, and also establish Albuquerque as a WordCamp with consistently high-quality speakers of global renown.”

In pursuit of this goal, Hotchkiss has recruited a healthy crop of top quality speakers from the WordPress community. During the Saturday afternoon session, Chris Lema, Vice President of Products and Innovation at Liquid Web, will be interviewing a diverse group of speakers in the main hall, including the following:

  • Ashleigh Axios, former Creative Director for the Obama White House and AIGA Board Member
  • Sakin Shrestha, Founder of Catch Themes and the main drive behind the vibrant WordPress community in Nepal
  • John Maeda, Global Head, Computational Design and Inclusion at Automattic
  • Jon Brown, WordPress Nomad
  • Alonso Indacochea, WordCamp lead organizer, who had no serious software development experience 5 years ago, went through a local boot camp, and is now CEO of the fastest growing digital agency in New Mexico

This year WordCamp Albuquerque will feature multiple tracks sorted by topic, beginning with a WordPress Fundamentals track on Friday, January 19.

“Foundation Friday is something I’ve seen be really successful at other camps,” Hotchkiss said. “It gives people who are new to WP a base of knowledge so that they can go into Saturday feeling confident and ready to learn. Each class on Friday will build on the one before it. Starting from scratch? Show up at 9. Already have a site, but need help handling the layout? Come at 10:30.”

Saturday’s program will include sessions in the Business, Design, and Development tracks throughout the day, in addition to the planned interviews. A contributor day session is planned for Sunday. The event’s organizers are still accepting speaker applications until midnight on Monday, December 4. They plan to finalize the schedule next week. Tickets are on sale now and attendees can elect to purchase one for whatever combination of days they wish to attend.

WPTavern: Practicing the Pac-Man Rule at WordCamp US

Wordpress Planet - Tue, 11/28/2017 - 21:06

With more than 2,000 attendees expected, WordCamp US is one of the largest conferences devoted to WordPress. It’s a great opportunity to meet a lot of new faces and catch up with familiar ones. If you’re standing in the hallway at WordCamp US speaking with a group of people and want to encourage others to say hi or be part of the conversation, try this tip shared by Jason Cosper called the Pac-Man rule written by Eric Holscher.

photo credit: rbatina Random Phone Shots (license)

The rule is simple. When standing in a circle, provide an opening for someone to join the group. By standing in an open circle, it gives a passersby explicit permission to join the group and limits the appearance of cliques. I didn’t realize how standing in a closed circle can be off-putting to those wanting to introduce themselves or chime in until learning about this rule.

In addition to the Pac-Man rule, Bob Dunn suggests using eye contact to invite people to the group. Morten Rand-Hendriksen suggests that if you’re looking to start a conversation with someone new, start with groups of two people as they likely know each other and want to talk to new people. I’ll be practicing the Pac-Man rule this weekend and I encourage other attendees to do so as well.

WPTavern: Gutenberg Team Is Ramping Up Usability Testing at WordCamp US

Wordpress Planet - Tue, 11/28/2017 - 16:55

The Gutenberg Team will have a usability testing station set up at WordCamp US where attendees can participate in a round of pre-set tests that focus on the writing flow. Testers will answer a short survey that includes their prior WordPress experience level, age, and device used. Volunteers will get participants set up with a testing site and will start the screen recording app.

Testers will be asked to create a post based on the content shown in an image. There are three different images, which require the user to perform actions such as adding images, embedding media, creating unordered lists, adding quotes, and other basic content creation tasks. In order to segment results, the usability tests have been divided into beginner, intermediate, and advanced level images.

Advanced level task image for Gutenberg usability testing

After completing the test, participants will be asked to answer a few followup questions, such as “Did the task take longer or shorter than you expected?” and “Are you more or less likely to use the Gutenberg editor in the future?”

“This is the second round of usability testing scripts — we tried out the first batch of scripts at WordCamp Milano, and made some adjustments for clarity,” Gutenberg design lead Tammie Lister said. “As a result of testing, we moved the toolbar on blocks to not be fixed and back to the block. At Milano, we tested the tests.”

As the result of these tests and other prior feedback, Lister recommended the default position of the toolbar to be fixed to the block.

Anna Harrison, UX lead at Ephox (the makers of tinyMCE), has been instrumental in helping with the efforts around testing and writing scripts. She also offered feedback on the ticket, referencing comments from the previous discussion on the issue:

A fixed [docked to top] toolbar solution has several complications. Firstly, we break accessibility. I won’t reiterate the discussion, as it’s well articulated above. Secondly, we break things independent of accessibility – I ran user tests on something quite similar to this last year, and we discovered that disconnecting the toolbar from the point of action resulted in 100% user test fails.

Gutenberg version 1.8 will change the default back to displaying block actions on the block level, although the option to change it to a fixed toolbar at the top of the screen will still be available. This change is one example of how usability testing is shaping Gutenberg’s development. WordCamp US is an opportunity for the team to collect a host of new testing data in one place.

Lister said all the data that is collected will be processed by volunteers on the make/test team, but the team is still small and they could use more volunteers to work on this effort.

“The turnaround time on processing the data we collect really depends on how many volunteers are available to work on it,” Lister said. “It also depends on if it’s a bug reported – bugs are easier to get fixed right away. If the data indicates an area where we need to investigate more, we’ll do that. The results of the testing will be published on make.wordpress.org/test.”

Lister said the team is hoping to reach a wider variety of WordPress users at WCUS this year, from all backgrounds and careers. The testing booth offers an opportunity for anyone to contribute to the future of WordPress, regardless of your experience level or familiarity with the software. The team is also eager to broaden its testing field by recruiting non-WordPress users as well. If you can’t make it to WordCamp US, you can still contribute to Gutenberg by taking and administering usability tests on your own with the help of the instructions posted on the make.wordpress.org/test site.

WPTavern: Delete Me WordPress Plugin Assists Website Owners in Granting the GDPR Right to be Forgotten

Wordpress Planet - Tue, 11/28/2017 - 00:08
photo credit: pj_vanf to err is human(license)

With the EU GDPR compliance deadline just 178 days away, many WordPress site owners are looking for tools that will help them meet the requirements. The regulation expands existing rights of data subjects in several key ways, including (but not limited to) the right to be notified of data breaches, the right to access personal data, the right to be forgotten, and the right to data portability.

A plugin called Delete Me, by Clinton Caldwell, is one that may be helpful in addressing the Right to be Forgotten. The GDPR.org website breaks it down as follows:

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.

The Delete Me plugin takes this one step further for site owners who are comfortable allowing users to delete their own data without having to create a request for it. By default, the delete button displays on the profile.php screen in the admin, but administrators can elect to use a shortcode to display it somewhere else on the frontend.

The plugin will delete the users’ posts, links, and even comments (optional) after the user confirms. The confirmation screen could stand to include more information about what data is being deleted so that the user knows what to expect. However, administrators do have the option to specify this within the JavaScript confirmation dialog. After deletion the user is dumped back out to the homepage by default, but the redirect URL can be configured in the plugin’s settings page.

Additional configurable settings include the ability to select specific WordPress roles to allow to delete themselves, specify class and style attributes of delete link, enable or disable JavaScript confirm for Shortcode, specify button text, and send an email notification when users delete themselves.

Delete Me also supports network activation and single site activation for multisite installations. By default, users can only delete themselves and their content from a single site, while other networked sites where they are registered will not be affected. The plugin does include a “Delete From Network” checkbox that administrators can enable to allow users to delete themselves from all sites on the network.

Delete Me is available for free on WordPress.org. I tested the plugin and have confirmed that it works with WordPress 5.0-alpha. It is currently active on more than 2,000 sites. By no means does it satisfy the full requirements of the GDPR, but it provides a decent starting point for site owners who want to make this option available to their users without having to manually fulfill their requests.

WPTavern: WPWeekly Episode 295 – Turkey With A Side of Gutenberg and Giving Thanks to Open Source

Wordpress Planet - Mon, 11/27/2017 - 07:54

I apologize for the delay in getting this episode out to you. In this episode, John James Jacoby and I discussed a range of topics, including a caching bug introduced in WordPress 4.9 that causes Page Templates not to display for an hour. We talk about the possibilities of using Gutenberg with WooCommerce and how it could impact product management.

As is tradition, near the end of the show, we shared what we’re thankful for. We also shared what listeners are thankful for regarding open source.

Stories Discussed:

This bug is causing some theme developers to rip their hair out. Weston Ruter explains why the change was implemented.
WooCommerce Explores the Possibilities and Challenges for E-Commerce in the Gutenberg Era
Tailor Page Builder Plugin Discontinued, Owners Cite Funding, Gutenberg, and Competition
WordCamp Europe 2018 Speaker Applications Now Open
GitHub Launches Security Alerts for JavaScript and Ruby Projects, Python Support Coming in 2018

Picks of the Week:

Trigger Happy developed by Hotsource is a visual scripting tool for WordPress, allowing you to connect plugins and events together using a simple user interface. It currently supports core WordPress functionality, WooCommerce, and Ninja Form.

Big dummy is a project for folks who need to emulate an established blog with plenty of content while doing WordPress benchmarking and performance testing.

There are 2495 posts, 6197 comments, 231 tags, 26 categories, and 10 pages worth of WordPress dummy data, fully ready to import. That’s 3 (simulated) years worth of content. Note: There are ~1.6 GB of images (courtesy of Unsplash) attached to these posts. It’s a very good idea to import everything but the media in order to avoid timeouts or errors with the WordPress Importer.

WPWeekly Meta:

Next Episode: Wednesday, November 29th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Listen To Episode #295:

BYU Theme

Drupal Themes - Thu, 11/23/2017 - 19:34
BYU Theme

BYU Brand-compliant Theme using Bootstrap and web components.

Dependencies
  • Version 8.x-1.x requires the Porto subtheme. Contact Katria for access.
  • Version 8.x-2.x requires the Bootstrap subtheme.
  • Both 8.x themes have a strong dependency on the Block Classmodule for the byu-footer-column component.
  • The 7.x version requires multiple dependencies. Please visit http://webcommunity.byu.edu/drupal-7 for installation instructions.
Requesting Features and Options

Requests for enhancements should be created here. Enhancement requests for the header and footer specifically should be posted on the #engineering-group channel or in Github: https://github.com/byuweb/byu-theme-components/issues

Reporting Bugs & Issues

Report bugs here for the theme. For the header or footer not working (if you think this is related to the components, and not Drupal): https://github.com/byuweb/byu-theme-components/issues. If you aren't sure if it's a component or Drupal issue, assume it is Drupal and it will be redirected if it is for the components group instead.

Understanding Header/Footer Components

You can read the full documentation for the BYU Header & Footer components on these pages: http://2017-components-demo.cdn.byu.edu/ and http://webcommunity.byu.edu/html-5

Questions? Ask the Group

The Engineering team of web developers around campus that supports the components is on slack.Join the byuweb team (see http://webcommunity.byu.edu/) and go to the #engineering-group channel.

Search Options

The search in the byu header can be disabled in the header settings. You can also customize how it works. It is using the byu-search component.

If you use the default core search module, it will work out of the box.

Using Different Search Modules

You are able to use different search modules (i.e. Custom Search or Google Custom Search). If the search component gets confused finding your search/text input and your button/submit input, the theme has settings provided to tell it specifically which elements to target.

For example, if you use the Custom Search module, you will want to specify:
input[data-drupal-selector="edit-keys"] for the Search Box element
and input[data-drupal-selector="edit-submit"] for the Search Button element.
These fields take simple CSS selectors, so if your search module isn't working, make sure you are using a CSS selector that will not target multiple divs, and that will not change. (i.e. ID's of these search elements often change once you start searching or reloading the page.)

Zurb Clean Blog

Drupal Themes - Thu, 11/23/2017 - 09:37

Zurb Clean Blog is a new and clean theme based on official blog theme of Zurb Foundation 6
This theme can be used for blogs.

Zurb Foundation 6 is the most popular and advance HTML, CSS, and JS framework for developing responsive, mobile first projects on the web.

Requirements:

Theme Configuration

  • Step 1 . Add Site branding block to Logo region
  • Step 2 . Configure required block in Header region (i.e. remove all block except "main navigation")
  • Step 3 . Configure site branding block and uncheck site slogan and site name (if not required)

WPTavern: Workarounds for the Page Template Bug in WordPress 4.9

Wordpress Planet - Thu, 11/23/2017 - 00:42

WordPress 4.9 “Tipton” was released last week and although it’s largely trouble-free, there is one particular issue users and developers are running into that’s causing frustration. In 4.9, custom page templates that are created fail to display in the Template drop-down menu. The issue is related to changes made to the file editor.

Previous versions of WordPress listed files 2-levels deep in the editor. In 4.9, the entire directory tree for a theme is listed regardless of its depth. Caching was added to help limit the performance impacts of loading large WordPress themes. “An unintended side effect of the caching is that the same directory listing function get_files is used both for the theme editor and for gathering page templates,” Weston Ruter, Co-Release Lead for WordPress 4.9 said.

Within the trac ticket, developers suggests that a button be added that flushes all caches or disabling the cache if WP_DEBUG is set to true. Neither suggestion turned into a patch committed to core. Instead, Ruter has released a plugin as a workaround that flushes the template cache. Other workarounds include, bumping the theme’s version, running the wp cache flush command in WP CLI, or waiting 60 minutes for the cache to expire.

The ticket is marked as a high priority but because of the upcoming holidays in the US and WordCamp US next weekend, it could be at least a few weeks before WordPress 4.9.1 is released.

WPTavern: Tide Project Aims to Audit and Score WordPress Themes and Plugins based on Code Quality

Wordpress Planet - Wed, 11/22/2017 - 21:21

Last week XWP dropped an intriguing preview of a new project called Tide that aims to improve code quality across the WordPress plugin and theme ecosystems. The company has been working with the support of Google, Automattic, and WP Engine, on creating a new service that will help users make better plugin decisions and assist developers in writing better code.

XWP’s marketing manager Rob Stinson summarized the project’s direction so far:

Tide is a service, consisting of an API, Audit Server, and Sync Server, working in tandem to run a series of automated tests against the WordPress.org plugin and theme directories. Through the Tide plugin, the results of these tests are delivered as an aggregated score in the WordPress admin that represents the overall code quality of the plugin or theme. A comprehensive report is generated, equipping developers to better understand how they can increase the quality of their code.

The XWP announcement also included a screenshot of how this data might be presented in the WordPress plugin directory:

XWP plans to unveil the service at WordCamp US in Nashville at the Google booth where they will be inviting the community to get involved. Naturally, a project with the potential to have this much impact on the plugin ecosystem raises many questions about who is behind the vision and what kind of metrics will be used.

I contacted Rob Stinson and Luke Carbis at XWP, who are both contributors to the project, to get an inside look at how it started and where they anticipate it going.

“Tide was started at XWP about 12 months ago when one of our service teams pulled together the idea, followed up by a proof of concept, of a tool that ran a series of code quality tests against a package of code (WordPress plugin) and returned the results via an API,” Stinson said. “We shortly after came up with the name Tide, inspired by the proverb ‘A rising tide lifts all boats,’ thinking that if a tool like this could lower the barrier of entry to good quality code for enough developers, it could lift the quality of code across the whole WordPress ecosystem.”

Stinson said XWP ramped up its efforts on Tide during the last few months after beginning to see its potential and sharing the vision with partners.

“Google, Automattic and WP Engine have all helped resource (funds, infrastructure, developer time, advice etc) the project recently as well,” Stinson said. “Their support has really helped us build momentum. Google have been a big part of this since about August. We had been working with them on other projects and when we shared with them the vision for Tide, they loved it and saw how in line it is with the vision they have for a better performant web.”

The Tide service is not currently active but a beta version will launch at WordCamp US with a WordPress plugin to follow shortly thereafter. Stinson said the team designed the first version to present the possibilities of Tide and encourage feedback and contribution from the community.

“We realize that Tide will be its best if its open sourced,” he said. “There are many moving parts to it and we recognize that the larger the input from the community, the better it will represent and solve the needs of the community around code quality.”

At this phase of the project, nothing has been set in stone. The Tide team is continuing to experiment with different ways of making the plugin audit data available, as well as refining how that data is weighed when delivering a Tide score.

“The star rating is just an idea we have been playing with,” Stinson said. “The purpose of it will be to aggregate the full report that is produced by Tide into a simple and easy to understand metric that WordPress users can refer to when making decisions about plugins and themes. We know we haven’t got this metric and how it is displayed quite right. We’ve had some great feedback from the community already.”

The service is not just designed to output scores but also to make it easy for developers to identify weaknesses in their code and learn how to fix them.

“Lowering the barrier of entry to writing good code was the original inspiration for the idea,” Stinson said.

Tide Project Team Plans to Refine Metrics Used for Audit Score based on Community Feedback

The Tide project website, wptide.org, will launch at WordCamp US and will provide developers with scores, including specifics like line numbers and descriptions of failed sniffs. Plugin developers will be able to use the site to improve their code and WordPress users will be able to quickly check the quality of a plugin. XWP product manager Luke Carbis explained how the Tide score is currently calculated.

“Right now, Tide runs a series of code sniffs across a plugin / theme, takes the results, applies some weighting (potential security issues are more important than tabs vs. spaces), and then averages the results per line of code,” Carbis said. “The output of this is a score out of 100, which is a great indicator of the quality of a plugin or theme. The ‘algorithm’ that determines the score is basically just a series of weightings.”

The weightings the service is currently using were selected as a starting point, but Carbis said the team hopes the WordPress community will help them to refine it.

“If it makes sense, maybe one day this score could be surfaced in the WordPress admin (on the add new plugin page),” Carbis said. “Or maybe it could influence the search results (higher rated plugins ranked first). Or maybe it just stays on wptide.org. That’s really up to the community to decide.”

In addition to running codesniffs, the Tide service will run two other scans. A Lighthouse scan, using Google’s open-source, automated tool for improving the quality of web pages, will be performed on themes, which Carbis says is a “huge technological accomplishment.”

“For every theme in the directory, we’re spinning up a temporary WordPress install, and running a Lighthouse audit in a headless chrome instance,” Carbis said. “This means we get a detailed report of the theme’s front end output quality, not just the code that powers it.”

The second scan Tide will perform measures PHP compatibility and will apply to both plugins and themes.

“Tide can tell which versions of PHP a plugin or theme will work with,” Carbis said. “For users, this means we could potentially hide results that we know won’t work with their WordPress install (or at least show a warning). For hosts, this means they can easily check the PHP compatibility before upgrading an install to PHP 7 (we think this will cause many more installs to be upgraded – the net effect being a noticeable speed increase, which we find really exciting and motivating).”

Carbis said that the team is currently working in the short term to get the PHP Compatibility piece into the WordPress.org API, which he says could start influencing search results without any changes to WordPress core.

“We’d also like to start engaging with the community to find out whether surfacing a Code Quality score to WordPress users is helpful, and if it is, what does that look like? (e.g. score out of 100, 5 star rating, A/B/C/D, etc.),” Carbis said. “We will release our suggestion for what this could look like as a plugin shortly after WordCamp US.”

More specific information about the metrics Tide is currently using and how it applies to plugins and themes will be available after the service launches in beta. If you are attending WordCamp US and have some suggestions or feedback to offer the team, make sure to stop by the Google sponsorship booth.

Matt: Adam Robinson on Understanding

Wordpress Planet - Wed, 11/22/2017 - 16:33

This is a long quote/excerpt from Adam Robinson I’ve been holding onto for a while, from Tribe of Mentors. Worth considering, especially if you strive to work in a data-informed product organization.

Virtually all investors have been told when they were younger — or implicitly believe, or have been tacitly encouraged to do so by the cookie-cutter curriculums of the business schools they all attend — that the more they understand the world, the better their investment results. It makes sense, doesn’t it? The more information we acquire and evaluate, the “better informed” we become, the better our decisions. Accumulating information, becoming “better informed,” is certainly an advantage in numerous, if not most, fields.

But not in the eld of counterintuitive world of investing, where accumulating information can hurt your investment results.

In 1974, Paul Slovic — a world-class psychologist, and a peer of Nobel laureate Daniel Kahneman — decided to evaluate the effect of information on decision-making. This study should be taught at every business school in the country. Slovic gathered eight professional horse handicappers and announced, “I want to see how well you predict the winners of horse races.” Now, these handicappers were all seasoned professionals who made their livings solely on their gambling skills.

Slovic told them the test would consist of predicting 40 horse races in four consecutive rounds. In the first round, each gambler would be given the five pieces of information he wanted on each horse, which would vary from handicapper to handicapper. One handicapper might want the years of experience the jockey had as one of his top five variables, while another might not care about that at all but want the fastest speed any given horse had achieved in the past year, or whatever.

Finally, in addition to asking the handicappers to predict the winner of each race, he asked each one also to state how confident he was in his prediction. Now, as it turns out, there were an average of ten horses in each race, so we would expect by blind chance — random guessing — each handicapper would be right 10 percent of the time, and that their confidence with a blind guess to be 10 percent.

So in round one, with just five pieces of information, the handicappers were 17 percent accurate, which is pretty good, 70 percent better than the 10 percent chance they started with when given zero pieces of information. And interestingly, their confidence was 19 percent — almost exactly as confident as they should have been. They were 17 percent accurate and 19 percent confident in their predictions.

In round two, they were given ten pieces of information. In round three, 20 pieces of information. And in the fourth and final round, 40 pieces of information. That’s a whole lot more than the five pieces of information they started with. Surprisingly, their accuracy had flatlined at 17 percent; they were no more accurate with the additional 35 pieces of information. Unfortunately, their confidence nearly doubled — to 34 percent! So the additional information made them no more accurate but a whole lot more confident. Which would have led them to increase the size of their bets and lose money as a result.

Beyond a certain minimum amount, additional information only feeds — leaving aside the considerable cost of and delay occasioned in acquiring it — what psychologists call “confirmation bias.” The information we gain that conflicts with our original assessment or conclusion, we conveniently ignore or dismiss, while the information that confirms our original decision makes us increasingly certain that our conclusion was correct.

So, to return to investing, the second problem with trying to understand the world is that it is simply far too complex to grasp, and the more dogged our at- tempts to understand the world, the more we earnestly want to “explain” events and trends in it, the more we become attached to our resulting beliefs — which are always more or less mistaken — blinding us to the financial trends that are actually unfolding. Worse, we think we understand the world, giving investors a false sense of confidence, when in fact we always more or less misunderstand it.
You hear it all the time from even the most seasoned investors and financial “experts” that this trend or that “doesn’t make sense.” “It doesn’t make sense that the dollar keeps going lower” or “it makes no sense that stocks keep going higher.” But what’s really going on when investors say that something makes no sense is that they have a dozen or whatever reasons why the trend should be moving in the opposite direction.. yet it keeps moving in the current direction. So they believe the trend makes no sense. But what makes no sense is their model of the world. That’s what doesn’t make sense. The world always makes sense.

In fact, because financial trends involve human behavior and human beliefs on a global scale, the most powerful trends won’t make sense until it becomes too late to profit from them. By the time investors formulate an understanding that gives them the confidence to invest, the investment opportunity has already passed.

So when I hear sophisticated investors or financial commentators say, for example, that it makes no sense how energy stocks keep going lower, I know that energy stocks have a lot lower to go. Because all those investors are on the wrong side of the trade, in denial, probably doubling down on their original decision to buy energy stocks. Eventually they will throw in the towel and have to sell those energy stocks, driving prices lower still.

 

HeroPress: Finding WordPress in Cameroon

Wordpress Planet - Wed, 11/22/2017 - 15:45

My name is Michaël Nde Tabefor, I reside in Cameroon. I grew up in the economic capital of the country surrounded by so much diversity and culture.

Yet I was still very young when I developed an interest in technology, back in Primary school I had a PC at home I used to play around, most especially Spider Solitaire hahaha. Well that game sound crazy but it’s educative, it built up my reflex with the mouse and yeah it worth it. When I arrived in Secondary school I quickly picked up the subject.

I began educating myself on the trend of Technology and how they work. I developed a great interest for organisations such as Google, what they doing for humanity not just about technology. So I understood that no matter the position I get, I must always contribute to Humanity by volunteering.

When I got to the University back in 2014 as a Freshman, I enrolled into Software engineering program where I began excelling and widening my thinking and reflex, met with other enthusiasts of technology.

Taking Another Path

Unlike other students I decided to go in for an internship at my first year (am one of those who believe university is good but it contribute to just about 10 – 20% of what builds up skill, people must be passionate about what the do, that passion alone will get you have the skills and be able to learn more and more).

On my first day of internship, my internship coordinator gave me a task to go and install WordPress on my computer and create with the use of an external template (not there default themes) the website of my university.

Let me make this point, I didn’t know about WordPress. Had no idea of what it’s meant for. Completely blank.

I went back to my university, I met one of my professors, explained it to him, he redirected me to a senior student who once did internship and had to use WordPress.

I went home, got my environment set up and called my senior, She did the guiding all through the installation on phone, till installing the template, my curiosity did the rest of the job hahaha, end of story. The next day I went back to the office, my coordinator didn’t expect me that soon Lol.

Diving Deeper

So I worked on some tutorial on building themes and plugin from scratch from Lynda.com but I took a break from building cuz I didn’t have much skills in PHP, in first year we didn’t do web technologies, I began hacking on PHP on my own, basic’ly I learnt almost every skill on my own via research and practice.

I worked on several sites that used WordPress and began installing for others. My coordinator told me it would be interesting to start a WordPress Community so others could benefit from it. Actually the more I share knowledge with someone I gain 100% in return too, it builds up my mastery and ability to debug and resolve issues.

I began our local community and everyday I kept understanding WordPress more and more.

After a couple of months I officially joined the WordPress Volunteer Community in doing more reach outs in (November 2015 – via Rocio Valdiva) and on April 15, 2017 I organized the very first WordCamp in the whole of Central Africa that brought together over 240 persons. Complete gallery on Flickr, Video on YouTube.

After the WordCamp I later on built a Mobile Money Payment Gateway with a local Network Operator web payment API using WooCommerce.

The post Finding WordPress in Cameroon appeared first on HeroPress.

WPTavern: Tailor Page Builder Plugin Discontinued, Owners Cite Funding, Gutenberg, and Competition

Wordpress Planet - Tue, 11/21/2017 - 00:15

Enclavely, Inc., the owners of the Tailor Page Builder plugin, have announced that they will be discontinuing its development effective immediately.

Andrew Worsfold, the original developer, launched Tailor in April 2016 and the plugin received an enthusiastic reception from the WordPress community. After performing a critical review of the major page builders available to users in September 2016, Pippin Williamson found only three that he could happily recommend to his customers: Tailor, Pootle Page Builder, and Beaver Builder. This recommendation was based primarily on code quality, usability, and compatibility with other plugins.

The plugin came under new management in July 2017 after the original developer no longer had enough time to dedicate to the project. Worsfold sold it to Enclavely, whose owners were early and enthusiastic users of the plugin, for what he said was “a nominal amount.” Three months later, the new owners cite the cost of keeping up with Gutenberg and other competitors as the primary reason for discontinuing its development:

Gutenberg is going to be bundled with WordPress itself. That’s definitely going to give a tough time to all 3rd party page builders and even that is not the case there are some really big players around like Elementor, Divi, Beaver Builder, and others which are going to be hard for us to compete with, being a completely free project and providing almost all the great features in free version…

So the main reason for us to discontinue Tailor is due to finances, which Tailor needs to keep on its development and marketing to compete with all the big players and especially Gutenberg.

This instance seems to be more of a case of the new management running out of funds, rather than Gutenberg preemptively killing off a page builder. Enclavely was no longer willing to invest in developing a product that could compete against some of the more widely used page builders.

“Tailor needs a lot of effort and money, which was much more than we estimated,” an Enclavely representative said when I contacted the company. “And even if we continue to put effort and money in this project, we all know that Gutenberg is going to smash this space soon and we won’t be able to survive, and so will be the case with some other page builders. This is why we decided to end this now.”

Tailor currently has more than 3,000 active installations, according to WordPress.org. Fans of the plugin commented on the announcement, asking if the original developer might be able to pick the project back up again.

When I contacted the company, they said the original developer was no longer involved with the project.

“The original developer has parted ways since the acquisition,” an Enclavely representative said. “He was involved with some stuff in the start but not that much, thus the decision is mainly taken by us based on the issues we were facing in maintaining this project.”

However, Worsfold’s account of his involvement with Tailor following the acquisition differs greatly from Enclavely’s report.

“I handed over control of the project in July, although all releases since then were also written by me and deployed on their behalf,” Worsfold said. “Given that I haven’t been asked to help with anything recently, and there have been no further releases, it looks like development has already ended.”

The plugin is available free on WordPress.org and licensed under the GPL, so anyone who wants to can fork it. Worsfold doesn’t anticipate having the time to maintain the project himself and said he was under the impression that Enclavely is attempting to sell it.

“I made the decision to hand over control of Tailor as work and other commitments meant that I couldn’t dedicate enough time to the project,” Worsfold said. “I had hoped that the new team would continue development, provide support, and ensure the needs of existing users were met. However after just three months they’ve decided to give up. That’s obviously very disappointing.”

Worsfold said that when he sold it to them, it was with the understanding that they would continue to develop and maintain it. He doesn’t anticipate being able to re-adopt it due to a lack of time to dedicate to the project.

“I’m in much the same situation I was in before and it seems they are wanting to on-sell it themselves, so I can’t imagine I will be able to readopt it,” Worsfold said. “I have mixed feelings about the whole situation. Ultimately I see Gutenberg doing most of what page builders currently do, but in a better, more standardized, way. Hopefully, whatever’s left (custom blocks, styles, functionality etc.) will build on the framework and serve to reduce the amount of fragmentation in the ecosystem.”

Worsfold is still limited on free time but said he would be willing to contribute to the project if someone decided to fork it and keep it alive.

“It would be a shame to see something I built, and that people use, simply die,” he said. “Hopefully someone will either fork it or take over development.”

WPTavern: GitHub Launches Security Alerts for JavaScript and Ruby Projects, Python Support Coming in 2018

Wordpress Planet - Sat, 11/18/2017 - 00:25

Last month GitHub launched its Dependency Graph feature that tracks a repository’s dependencies and sub-dependencies under the Insights tab. This week the company rolled out an expansion of the feature and will now identify known vulnerabilities and send notifications with suggested fixes from the GitHub community.

Dependency graphs and security alerts are automatically enabled for public repositories, provided the repository owner has defined the dependencies in one of the supported manifest file types, such as package.json or Gemfile. (Private repo owners have to opt in.) The vulnerability alerts are not public – they will only be shown to those who have been granted access to the vulnerability alerts.

GitHub uses data from the National Vulnerability Database to alert repository owners about publicly disclosed vulnerabilities that have CVE IDs. Vulnerability detection is currently limited to JavaScript and Ruby projects but Python support is next on the roadmap for 2018. PHP, which is a bet less widely used in projects on GitHub, is likely further down the list.

WPTavern: WordCamp Europe 2018 Speaker Applications Now Open

Wordpress Planet - Fri, 11/17/2017 - 19:19

WordCamp Europe 2018 has opened the call for speakers and will be accepting applications through January 15. The organizing team recommends that speakers already have some experience ahead of applying to speak at the largest WordPress event in Europe, but a dedicated Content Team will also be available with resources for helping speakers create a successful presentation.

The 2017 event received a total of 235 speaker applications and 43 were selected for the main event. Organizers plan to stick to the same format and are calling for 40-minute talks (30 min + 10 min Q&A) as well as 10-minute lightning talks. This year the event will experiment with hosting community workshops and organizers plan to open a separate call for workshop leaders next week.

The Content Team put out a specific call for more technical talks at the 2018 event after a community survey showed that more developer-oriented talks are what the audience is looking for. More than half of those surveyed identified themselves as developers (54%), with business owners (12%) the next largest demographic.

The survey also showed that 37% of respondents have been working with WordPress for more than 9 years and roughly 90% of attendees have been using WordPress for 4-9+ years. Advanced development was the most highly requested topic for presentations, selected by 53% of respondents, followed by design (45%).

The survey results offer some insight about which topics might fare well at WCEU in 2018. Organizers have also compiled an extensive list of ideas and topics to inspire speaker applicants.

A batch of 1,000 Early Bird tickets recently went on sale and there are still 680 available. Attendees who purchase a ticket before December 31, 2017, will receive a limited-edition swag item. The organizing team plans to release tickets in batches, as in previous years, but will not be setting specific expectations on sales this year, according to PR representative Letizia Barbi. The Sava Center venue, an international congress and cultural center, is the largest audience hall in Serbia and will accommodate all who want to attend WCEU 2018. Barbi said it should also scale down nicely in case of a smaller turn out.

Pages