Wordpress News

Akismet: Version 4.0.1 of the Akismet WordPress Plugin Is Now Available

Wordpress Planet - Mon, 11/06/2017 - 20:29

Version 4.0.1 of the Akismet plugin for WordPress is now available.

4.0.1 contains a few helpful changes:

  • We fixed a bug that could prevent some sites from connecting Akismet using an existing Jetpack connection.
  • We added some code to ensure that any pending Akismet-related events are unscheduled if (heaven forbid) the plugin is deactivated.
  • Some of the Akismet JavaScript is now run asynchronously in order to increase the speed with which your pages will appear to load.

Pretty good, right?  To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.


WPTavern: WordCamp Europe 2018 Early Bird Tickets Now on Sale

Wordpress Planet - Mon, 11/06/2017 - 19:54

WordCamp Europe 2018 has begun early bird ticket sales for its sixth edition in Belgrade, Serbia, June 14-16. Attendees who purchase a ticket before December 31, 2017, will receive a limited-edition swag item.

WordCamp Europe has sold out in many previous years and organizers of the 2017 event in Paris anticipated that it would be the largest event in WordPress history. They expected to host more than 3,000 attendees but the actual number on the ground was 1,900 – 5% fewer than the 2,000 who attended in Vienna the previous year. WCEU 2017 posted a 24% no-show rate, which was more than double that of previous years.

Putting tickets on sale too early was one of the factors that contributed to the Paris event’s high no-show rate, in addition to higher local sales, an expensive location, and attendees’ problems obtaining visas. This year ticket sales are starting a little later and batches will be staged out into 2018.

The WCEU organizing team for Belgrade includes 54 people leading 10 teams to manage sponsors, PR, volunteers, design, and on-site responsibilities. The event has also added a new Attendee Services team that will assist with things like ticket invoices, visa letters, and other services on the ground.

A batch of 1,000 early bird tickets were released today and more than 10% have already been purchased on the first day of sales. Tickets are €40.00 and include two days of presentations, lunch, coffee and snacks, a t-shirt, and a ticket to the After Party. The ticket also gives the attendee access to Contributor Day, which will take place the day before the conference and requires a separate sign up. Tickets are non-refundable but can easily be resold or gifted in the event that the purchaser cannot attend.

WPTavern: Gutenberg Contributors Discuss the Drawbacks of Using iframes for Meta Boxes

Wordpress Planet - Fri, 11/03/2017 - 23:44
photo credit: Closed square box, variation(license)

A lively and productive discussion regarding Gutenberg’s use of iframes for meta boxes is happening on GitHub. Yesterday, WordPress developer Kevin Hoffman created an issue titled “Are iframes a viable long-term solution for meta boxes?

Gutenberg 1.5 introduced initial support for meta boxes. Hoffman identified several issues with iframes that have been popping up as developers have begun testing the current meta box implementation. He did some performance testing that revealed Gutenberg’s use of iframes triples the number of asset requests, as it enqueues all of the CSS and JS assets in the parent window as well as in all the iframes.

image credit: Kevin Hoffman

“Generally speaking, iframes have been discouraged in web development for many years for reasons that are well-documented,” Hoffman said, before citing a litany of issues that plugin developers have already discovered in testing Gutenberg’s meta box support. “Can these issues be addressed without requiring modification of the theme or plugin that generates the meta box? We have to consider that third-party code that has powered meta boxes for years may not have the luxury of being updated in order to be compatible within an iframe.”

Gutenberg design lead Tammie Lister responded to Hoffman’s concerns, indicating that the current implementation of meta boxes is simply an experiment and not necessarily what would land in WordPress 5.0:

It’s good to think a little that what we have today for meta boxes in Gutenberg is an experiment, in many respects it’s a holding pattern as the project works out the direction to take. In saying that it’s one that works ‘for now’ but isn’t what we would ship with.

All the above said, I think it’s important to look at what in the future metaboxes will be used for. What are the cases (if any) that would not be converted to blocks? Do all metaboxes have to work on mobile? Is there even an alternative interface that we haven’t explored? I bet there is. Right now, it’s about looking at those possibilities and getting on a road that works for the state right now and the future state.

The presentation of this implementation as an experiment that “works for now” (but would not be shipped) comes as a surprise after Gutenberg 1.5 arrived with the announcement that “this release includes long awaited meta-boxes support (needs testing!)”

Hoffman contends that the iframe approach doesn’t even work ‘for now,’ as the issue was opened in order to cite several major ways where it is broken. If Gutenberg moves forward with the current approach, it would require many plugins to be modified in order to be compatible with WordPress 5.0, which Hoffman said would defeat the whole purpose of supporting legacy meta boxes.

“I have not seen any evidence to date that suggests meta boxes will continue working with Gutenberg,” Hoffman said. “If the answer is no, then we ought to stop pretending that 5.0 will be just another WordPress release and start being honest about breaking backwards compatibility.”

Edwin Cromley, a collaborator on the project, said that the team anticipates that certain themes and plugins will be broken and that it is not possible to accommodate every possible use case. He admitted that the iframe solution may not meet the project’s goals. Instead, he advocates creating the best experience for the vast majority of users.

However, the current approach would adversely affect many sites out there that use WordPress primarily as a CMS with meta boxes. WordPress core committer Scott Taylor expressed concerns about custom post types, many of which do not make use of the traditional “content” section in favor of meta boxes only.

“In this current iteration, meta box support is an add-on, when in many people’s reality, meta boxes ARE the UI, the API, the mechanism they use to compose their CMS,” Taylor said. “iframes are the gulag.

“And we are forgetting the values WP has been built on forever: I should be able to update to the latest version of WP, and have to rewrite nothing. I have so many projects in the wild on WP that I will never touch again. Can I be confident that some of them won’t break wildly with this change?”

Hoffman advocated scaling back the scope of the project to focus on the editor component, a popular opinion that many plugin developers share and one that was illustrated in detail in Yoast’s post proposing an alternative approach to Gutenberg. This approach stages out the changes to the edit screen, giving developers more time to update their plugins, as well as allowing the Gutenberg team to find an adequate solution for meta boxes.

“I think that goal would be a lot more achievable if Gutenberg stuck to overhauling the editor rather than taking over the entire page,” Hoffman said. “Then we could leave the existing hooks in place and meta boxes could continue to communicate with each other as they do now. Also, asset enqueuing would be a non-issue since it would work as it does today.

“I’m in strong agreement with this concept put forth by Yoast, which seems to me like it would maintain much of the work already done while scaling back the scope of the project to focus on the editor component.”

Gutenberg engineer Riad Benguella indicated the team is not too keen on working towards this concept.

“Reusing Gutenberg pieces to build this concept is relatively doable, but this is not the UX we want to optimize for, we want to build the best possible editor first and make it available for people without backwards compatibility concerns (fresh installs, no metaboxes…),” Benguella said.

“When we think the ideal vision of Gutenberg is ready to ship, we’ll have time to discuss upgrade path strategies, a concept like this one is an option for an upgrade path, but definitely not as the final product. Other upgrade paths are also possible.”

The WordPress developer community is not, however, in favor of delaying this discussion once again. Many are eager to finally answer the question of how meta boxes will fit into the context of the Gutenberg editor so they know how to prepare. Given the numerous issues with the iframes approach, rendering legacy PHP meta boxes under the new editor will require more experimentation and possibly an alternative solution.

“Why devote thousands of hours into developing the ideal editor if it cannot be made compatible with existing sites?” Hoffman said. “If the first impression is that it breaks the UI they depend on, users will never experience the ideal editor in the first place.”

“I think it may be a mistake to put this off too far,” WordPress core committer Aaron Jorbin said. “Especially since many organizations are going to need at least 1-2 quarters to prepare.”

Mark Kaplun suggests the Gutenberg team use a popular plugin as a gauge for the success of current and future meta box support experiments.

“My productive suggestion, is to not declare meta boxes ready, as long as Yoast SEO does not properly work in it,” Kaplun said. “It is both slightly complex in terms of interactions and it is installed on shit loads of sites. If Gutenberg cannot work with it, probably no one is going to use it.”

Greg Schoppe, who has tested and written extensively on Gutenberg’s ongoing development, joined the conversation to advocate for Yoast’s alternative approach to the project as well.

“I highly support Yoast’s view of Gutenberg,” Schoppe said. “It is unclear to me how ‘upgrade the visual editor’ was reinterpreted to be ‘replace the entire post edit interface’ by the Gutenberg team, but it seems directly at odds with the so-called ‘Ship of Theseus.’

“In this case, the lack of clear direction and support for the existing standard workflows is actively hurting developers now. How can I move forward building a project, without a trusted set of hooks and tools that I can rely on? It is unconscionable to think that such a large software project would entirely upend the standard workflow for developers in a single update. and it is insane that these conversations are just happening now, in November, when the plan is to have a merge approved at the beginning of the year.”

The discussion regarding the iframes approach to meta boxes was opened yesterday is still relatively new, but so far the Gutenberg team’s responses have failed to adequately address the concerns of the developer community in this thread. Finding an approach to meta boxes that preserves WordPress’ powerful CMS capabilities, without alienating users and developers, is one of the Gutenberg team’s greatest challenges. They are still aiming at producing a merge proposal early next year, but with meta boxes still in the experimentation stage, the team’s anticipated timetable continues to put the project at odds with the WordPress developer community.

Concedra Theme

Drupal Themes - Fri, 11/03/2017 - 14:09

WPTavern: Bianca Welds Awarded Kim Parsell Travel Scholarship

Wordpress Planet - Fri, 11/03/2017 - 08:07

The WordPress Foundation has awarded Bianca Welds with the Kim Parsell travel scholarship to attend WordCamp US 2017. Welds lives in Jamaica and has been using WordPress since 2005. We featured her on the Tavern in 2015 when she provided insight into the Jamaican WordPress community.

Welds will be presenting at WordCamp US on how a couple is using WordPress to try to increase understanding and participation of the Deaf community in Jamaica.

“Besides the fact that I am really excited and honored to have been selected, and humbled by the outpouring of support since the announcement,” Welds said. “I’m looking forward to WordCamp US and meeting even more amazing people from the WordPress community.”

Welds has identified a few members of the WordPress community in her area and is attempting to create a nucleus to build on, “We will be starting meetups in December/January,” she said. “We also have a workshop series (a bit of an unWordCamp) being planned to help stir up more interest in WordPress and the community.”

If you see Welds at WCUS, be sure to say hi and congratulate her.

HeroPress Publishes Essay Dedicated to Kim Parsell

Coinciding with the scholarship announcement, HeroPress has published an essay that members of the community  contributed too, including myself, in memory of Kim Parsell. The theme of the essay is ‘What did the WordPress Community Mean to Kim?’.

It has been nearly three years since Kim passed away but in my conversations with her online and in the physical world, I understood what the community meant to her. It meant family, a responsibility she took very seriously. I highly encourage you to read the essay and the beautiful things people had to say about Kim. She is missed by many but her spirit lives on.

WPTavern: Press This Removed from WordPress 4.9 in Favor of a Plugin

Wordpress Planet - Thu, 11/02/2017 - 22:18
photo credit: matt-artz Tools. 2015(license)

Press This, a tool that allowed users to quickly clip and publish content from web pages, is set to be removed from WordPress’ upcoming 4.9 release. The feature is being retired and will live out its remaining days as a canonical plugin.

WordPress contributors opted to make a clean break by completely removing Press This and its supporting functions from core. After 4.9 is released, users visiting wp-admin/press-this.php will be prompted to install the plugin from WordPress.org.

A revamped version of Press This landed in WordPress 4.2, released two years ago. Contributors had been talking about switching it to use the REST API instead of admin-ajax since the 2014 redesign of the bookmarklet. This update is still on the plugin’s roadmap for anyone interested in contributing to its development.

“Following the importers and the link manager, it’s about time to say goodbye to Press This,” WordPress lead developer Andrew Ozz said in a ticket proposing the feature’s retirement. “Bookmarklets were popular seven – eight years ago, and now are considered mostly ‘old tech.’ The Press This usage was dwindling for the last several years. Currently it is at under 0.2% of the wp-admin requests (as far as I can tell). It seems best to extract it from core to a plugin, similarly to the importers.”

What Use is Press This without the Bookmarklet?

Development on Press This’ accompanying bookmarklet feature has also been discontinued. Older bookmarklets will not work with the new canonical plugin.

“Usage of bookmarklets across the web has decreased significantly and bad actors attempting to trick users to preform unsavory actions increased over the years,” Brandon Kraft said in a post announcing Press This’ retirement. “Coupled with advancing toward a new editing in experience in core, we decided it was a suitable time to make these changes in one swift move.”

Heavy users of Press This might wonder what the feature is worth without the bookmarklet. Posting through the interface will now require more copying and pasting. The URL scanning remains, but it’s not as efficient as highlighting a portion of text on a page and clicking on the bookmarklet to auto-populate a new post in WordPress. This change makes the plugin simpler to maintain but removes the time-saving feature that made Press This feel like magic.

“With the rise of bad actors attempting to trick folks to entering their credentials via phishing attempts, I removed the functionality in an effort to not promote requesting credentials after firing off JavaScript on a random site,” Kraft said. “To set expectations, I am not foreseeing a change in this decision; however, I support continued conversation and dialogue.”

Kraft opened a GitHub issue on the plugin’s new repository to centralize any discussion regarding restoring the bookmarklet functionality.

Any plugin authors who have extended Press This will need to update their plugins with a check for plugin availability as demonstrated in wp-admin/press-this.php.

WPTavern: GitHub Launches Community Forums to Connect Developers

Wordpress Planet - Thu, 11/02/2017 - 19:00

GitHub launched its new community forums this week as another way for the platform’s 24 million developers to stay connected. The company built them on top of the Lithium SaaS community platform, a popular choice for enterprise customers, including Sony, Cisco, HP, Skype, Barclaycard, Symantec, Google, and PayPal.

The first iteration of the forums includes a gamification aspect that rewards participants for interaction and contribution. Users can “rank up” by receiving “Kudos” and providing solutions to questions on the forums. GitHub plans to expand on these features in the future.

Naturally, this style of ranking and participation led users to be curious whether GitHub is aiming to have its forums become a StackOverflow Q&A platform alternative. When asked what the company had in mind when designing this feature, GitHub Community Manager Nadia Padzensky said the forums provide another avenue for open discussion on ideas and general questions unrelated to specific projects.

“Issues don’t always lend themselves well to these kinds of discussions; however, a forum presents a place designed specifically for these types of conversations,” Padzensky said. “In the past, we’ve not had a GitHub-owned space for users to engage with each other in this way.”

GitHub has also launched an educational section called GitHub Original Series with articles from staff on workflows and features, written on topics that users often ask about in private support emails. The team plans to build out this section of the site while adding more features to the forums.

“We are looking to add contests, polls, and better processes and tooling for taking user feature requests,” Padzensky said. “Additionally, the Community Forum will adapt to its members needs; Community Forum member activity and feedback will directly help inform what the Community Forum evolves into.”

The ability to keep in touch with its user base is perhaps the most important function the forums will provide to GitHub. It offers a space where users can discussion problems they are having with GitHub’s products and have those concerns heard by staff. This could potentially help the company avoid public relations disasters like last year’s when a group of open source project maintainers confronted GitHub with an open letter of complaints regarding issue management. The company admitted to having become disconnected from the needs of its open source community and promised to launch new features that would better serve community-led projects, as well as make it easer for developers to offer feedback on the products it is building.

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

Wordpress Planet - Thu, 11/02/2017 - 16:30

BuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

The 2.9.2 release addresses five security issues:

  • A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported by J.D. Grimes.
  • Some uses of serialized data were judged to need hardening. Reported by John James Jacoby of the BuddyPress security team.
  • An open redirect was fixed on the user edit screens. Reported by Yasin Soliman (ysx).
  • An unauthorized information disclosure vulnerability was fixed in an AJAX handler. Reported by J.D. Grimes.
  • A Cross Site Scripting (XSS) vulnerability was fixed in the avatar upload interface. Reported by Ronnie Skansing.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to all reporters for practicing coordinated disclosure.

In addition, 2.9.2 includes a change that improves compatibility with the upcoming WordPress 4.9 release, by removing the call to a newly deprecated hook.

The Month in WordPress: October 2017

Wordpress News - Thu, 11/02/2017 - 12:02

While this month we focused on building new features for WordPress core, we advanced other areas of the project too. Read on to learn more about what the WordPress project accomplished during the month of October.

Take the 2017 Annual WordPress User Survey

The annual WordPress User Survey is a great opportunity for you to provide your feedback about how you use WordPress. This year is no exception, as the 2017 WordPress User Survey is out now.

The information collected in the survey is used to make informed decisions about improvements across the WordPress project, so your answers are incredibly valuable and help shape the future of the platform.

WordPress 4.8.3 Security Release

At the end of October, WordPress 4.8.3 was released containing an important security fix for all previous versions of WordPress. If your WordPress installation has not updated automatically, please update it now to protect your site.

This security issue was brought to light by a community member, so if you ever discover a security vulnerability in WordPress core, please do the same and disclose it responsibly.

WordPress 4.9 Nearly Ready for Release

WordPress 4.9 was in rapid development this month. We released four beta versions and published a release candidate. The target for shipping WordPress 4.9 is November 14 — just two short weeks away. With many new features, this is a hugely exciting release that improves WordPress’ user experience considerably. Notably, you’ll see improvements to the theme selection experience, plenty of widget enhancements, drastically improved code editing, and much better user role management.

To get involved in building WordPress Core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.

WordPress Charity Hackathons are Growing

For the last few years, the number of do_action series of WordPress charity hackathons has grown around the world. What started as a community event to assist local nonprofit organizations, has become something many WordPress communities are replicating in an increasing number of cities.

As of this month, do_action events have been hosted in Cape Town and Johannesburg, South Africa, Beirut, Lebanon, Austin, Texas, and Montréal, Canada. In addition, events are now scheduled for Bristol, England and Zurich, Switzerland in 2018.

To get involved in organizing a do_action event locally, read the do_action organizer’s handbook and join the #community-events channel in the Making WordPress Slack group.

Gutenberg Development Advances

While work steadily continues on Gutenberg — the new editor for WordPress core — one update from this month addresses one of the primary concerns that some people shared about the project.

Up until the release on October 24, Gutenberg did not support the meta boxes that so many WordPress content creators rely on. The new editor now has initial support for meta boxes as well as a host of other critical features for content creation in WordPress.

Test out Gutenberg right now and help develop it by joining the #core-editor channel in the Making WordPress Slack group and following the Core team blog.

Further Reading:

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

Dev Blog: The Month in WordPress: October 2017

Wordpress Planet - Thu, 11/02/2017 - 12:02

While this month we focused on building new features for WordPress core, we advanced other areas of the project too. Read on to learn more about what the WordPress project accomplished during the month of October.

Take the 2017 Annual WordPress User Survey

The annual WordPress User Survey is a great opportunity for you to provide your feedback about how you use WordPress. This year is no exception, as the 2017 WordPress User Survey is out now.

The information collected in the survey is used to make informed decisions about improvements across the WordPress project, so your answers are incredibly valuable and help shape the future of the platform.

WordPress 4.8.3 Security Release

At the end of October, WordPress 4.8.3 was released containing an important security fix for all previous versions of WordPress. If your WordPress installation has not updated automatically, please update it now to protect your site.

This security issue was brought to light by a community member, so if you ever discover a security vulnerability in WordPress core, please do the same and disclose it responsibly.

WordPress 4.9 Nearly Ready for Release

WordPress 4.9 was in rapid development this month. We released four beta versions and published a release candidate. The target for shipping WordPress 4.9 is November 14 — just two short weeks away. With many new features, this is a hugely exciting release that improves WordPress’ user experience considerably. Notably, you’ll see improvements to the theme selection experience, plenty of widget enhancements, drastically improved code editing, and much better user role management.

To get involved in building WordPress Core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.

WordPress Charity Hackathons are Growing

For the last few years, the number of do_action series of WordPress charity hackathons has grown around the world. What started as a community event to assist local nonprofit organizations, has become something many WordPress communities are replicating in an increasing number of cities.

As of this month, do_action events have been hosted in Cape Town and Johannesburg, South Africa, Beirut, Lebanon, Austin, Texas, and Montréal, Canada. In addition, events are now scheduled for Bristol, England and Zurich, Switzerland in 2018.

To get involved in organizing a do_action event locally, read the do_action organizer’s handbook and join the #community-events channel in the Making WordPress Slack group.

Gutenberg Development Advances

While work steadily continues on Gutenberg — the new editor for WordPress core — one update from this month addresses one of the primary concerns that some people shared about the project.

Up until the release on October 24, Gutenberg did not support the meta boxes that so many WordPress content creators rely on. The new editor now has initial support for meta boxes as well as a host of other critical features for content creation in WordPress.

Test out Gutenberg right now and help develop it by joining the #core-editor channel in the Making WordPress Slack group and following the Core team blog.

Further Reading:

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

Matt: New Backpack: Aer Fit Pack

Wordpress Planet - Thu, 11/02/2017 - 05:50

As an interim update to my 2017 gear post, I'd like to strongly endorse the Aer Fit Pack 2 as my new primary backpack, replacing the Lululemon bag I suggested before. It has better material, much better zippers, a logical design, more pocket distribution inside, and it's cheaper! I put this bag and its predecessor through all the rounds, including taking it to Burning Man, and it's been a champ. If you're reading this and work for Automattic, this bag is also now available as an official choice for your bag and it'll come embroidered with a cool logo. (Previously we only offered Timbuk2.)

WPTavern: Gutenberg 1.6 Improves Writing Experience, Moves Block Toolbar to the Top of the Editor

Wordpress Planet - Thu, 11/02/2017 - 00:18

The Gutenberg plugin’s Halloween release (version 1.6) includes major updates to the writing experience and many performance improvements. The block toolbar has been relocated to the top of the editor, a suggestion that was mocked up and described in detail in a post on the Yoast SEO blog proposing an alternative approach for Gutenberg.

Prior to version 1.6, users could inadvertantly end up in a situation like the screenshot below – with tools and toggles popping into view from all sides of a block.

Gutenberg prior to version 1.6

Previously, any small mouse move would pull the block toolbar back into view, which made for a somewhat jarring writing experience. Gutenberg 1.6 makes the block toolbar completely independent of the content by fixing it to the top of the editor. This move reduces the amount of visual distraction in the writing zone, while keeping the toolbar accessible in a way that is familiar to users coming from the Classic Editor.

The toolbar will automatically adjust to display tools specific to the block type that is in focus, so that users don’t have to sift through other tools that are not applicable to that specific type of content. It does not show if no blocks are selected.

In the ticket proposing the change, Gutenberg designer Joen Asmussen describes it as part of a larger effort to try to reduce the visual weight of the block.

“The cognitive load of the chrome we show around and in context of the block unit has been an ongoing topic for a while,” Asmussen said. “Concerns have been noted that it feels heavy, there are many toolbars, options, and it gets in the way of writing.”

Placing the block toolbar to the top of the editor is a strong move toward making blocks feel lighter, and version 1.6 includes several other UI tweaks along the same theme. It introduces an alternate style for block boundaries and multi-selection that removes the previous hover and selected styles for blocks, which were somewhat heavy-handed and distracting. Instead, hovering over blocks will simply bring the floating settings dots into view on the side of the block. Contributors also redesigned the selection styles to be more subtle, making the separator, more, and button UI items feel more lightweight.

Other visual changes include:

  • Engage “edit” mode when using arrow keys (hides UI)
  • Complete rework of arrow keys navigation between blocks—faster, clearer, and respects caret position while traversing text blocks
  • Added keyboard shortcuts to navigate regions
  • Implement multi-selection mode using just arrow with shift keys and support horizontal arrows
  • Change visual style of multi-selected blocks so it has the same color as highlighted text does

Gutenberg 1.6 introduces the ability to convert a classic block (post) into several Gutenblocks. The resulting divided block is fairly instantaneous.

Version 1.5 of the plugin added initial support for meta boxes in an Extended Settings panel beneath the post content. Version 1.6 changes the UI to make meta boxes part of the main column, instead of a collapsible box. Plugin developers had complained that the UI gave the impression of having been pinned to the bottom as “a bit of an afterthought.”

“I think the current design does meta boxes a real disservice,” one tester, Patrick B., commented on our post. “The current layout and the section heading, “Extended Settings,” makes it look and feel like a bit of an afterthought. Undoubtably, many meta boxes will be able to be moved to their own blocks, but there will still be situations where what is contained under Extended Settings is essential to putting together a page but isn’t appropriate as a block. In that case, Extended Settings just doesn’t feel right and seems easily forgettable. That could create an awkward publishing experience, especially when those fields are required to publish.”

Meta boxes now appear below the content without the Extended Settings label and individual accordion items are toggled closed by default. The bottom section appears regardless of whether or not the sidebar Settings panel is toggled open, so it is always there. This is a change from the previous release where toggling the sidebar Settings panel open was required to see the Extended Settings panel.

Gutenberg 1.6 is a fairly large release with several dozen fixes and performance improvements. For a full list of all the changes, check out the release post from Matias Ventura and the plugin’s changelog.

WPTavern: WPWeekly Episode 293 – WordPress 4.8.3, RIP Firebug, and Patreon

Wordpress Planet - Wed, 11/01/2017 - 22:41

In this episode, John James Jacoby and I discuss the news of the week including, a behind the scenes look at how WordPress 4.8.3 was released, WordPress 4.9 RC1, and Patreon launching an app directory along with a free WordPress plugin. We also talk about the difficulties of surveys, from asking the right questions, to organizing the data obtained from them. Last but not least, we pour one out for Firebug.

Stories Discussed:

WordPress 4.8.3, A Security Release Six Weeks in the Making
WordPress 4.9 Release Candidate 1 Released
WordPress 4.9 Will Support Shortcodes and Embedded Media in the Text Widget
Patreon Launches App Directory and Free WordPress Plugin for Membership Sites
Results From the 2017 WordPress User Survey Are Not Guaranteed to Be Shared
Call For Speakers for WPCampus Online
Goodnight Firebug

Picks of the Week:

A Family Well Loved, a HeroPress essay I contributed too about Kim Parsell and her love for the WordPress community.

Transients Manager by Pippin Williamson is a developer’s tool that provides a UI to manage your site’s transients. You can view, search, edit, and delete transients at will. A toolbar option is also provided that allows you to suspend transient updates to help with testing and debugging.

WPWeekly Meta:

Next Episode: Wednesday, November 8th 3:00 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #293:

WPTavern: Scotch School Offers Free Course on Getting Started with JavaScript for Web Development

Wordpress Planet - Wed, 11/01/2017 - 21:22

The Scotch School, a developer resource with video training and tutorials, is offering its Getting Started with JavaScript for Web Development course for free through the end of this week. If you’re just now getting started on your journey to learning JavaScript deeply, this 23-lesson video course from Chris Sevilleja offers a quick foundation on the basics with 4.7 hours of learning and hands-on practice.

The course includes lessons that introduce students to the following concepts:

  • Types and Variables
  • Operators
  • Comparisons
  • Conditionals, Flow, and Loops
  • Functions
  • Objects
  • Built-in Objects

After completing the fundamentals, students move on to build a couple of starter applications. At the end of the course Sevilleja guides students through building a bookmarking type application for grabbing links from the web and storing them in local storage. Code for the course is available on GitHub and requires a basic set of tools: a browser with support for ES6 features, DevTools and the console, and a code editor.

The course is targeted at those who have already learned HTML and CSS but don’t know JavaScript yet. It’s also helpful for developers who have jumped into jQuery, Angular, React, or other libraries but haven’t taken the time to learn the core language first.

The Scotch School has two other free courses at the moment: 10 Need to Know JavaScript Concepts and Build an Online Shop with Vue. The site also offers a wide selection tutorials and paid courses on using Angular, React, Sass, CSS, Git, Node, Laravel, HTML, and other technologies.

Getting Started with JavaScript for Web Development will go back to being a paid course next week but WP Tavern readers can use a coupon for 3 months free to continue learning at the Scotch School.

HeroPress: A Family Well Loved

Wordpress Planet - Wed, 11/01/2017 - 12:00

There are times when I hear a story from the WordPress community and I think “That’s a HeroPress story”, whether it has been or ever will actually be posted on the site. Some stories are just so great that you think “Wow, that’s just really great”. This week’s essay is one of those stories, but it won’t be told by the person it’s about.

Kim Parsell has one of my absolute favorite HeroPress stories, but we lost her before HeroPress was even properly started. I’ve keenly felt the loss of the wisdom and joy she would have brought to HeroPress. I only met her in person once, at the last WordCamp San Francisco. She was so very much in her element, even I could see it, who barely knew her.

I’ve literally spent years now, trying to think of an appropriate way to share her story on HeroPress, and I think this year I found it. The WordPress community was Kim’s family, and she was our mom. I’m going to let some of the people closest to her tell some of her story.

— Topher

From Jeff Chandler

What did the WordPress community mean to Kim Parsell? Family.

In order to understand how highly valued the WordPress community was to Kim Parsell, you first have to realize her environment.

Kim was a middle-aged woman who lived off a dirt road, on top of a hill, in Southern rural Ohio. She was often by herself, taking care of the property with only a few neighbors up and down the road.

She received internet access from towers that broadcasted wireless signals, similar to cell phones but at lower speeds.

Through WordPress Weekly, Kim gained access to members of the WordPress community where she was able to talk to them on a weekly basis. The show and its after hours sessions provided Kim a chance to mingle with the who’s who of WordPress at the time. It helped establish long-lasting relationships that would open up future opportunities.

In a location where not many around her used or even heard of WordPress, the community was an outlet for her to be around like-minded people. Kim had a blast interacting with people online and at WordCamp events. Many members of the WordPress community became her second family, a responsibility she took very seriously.

My Backyard, Revisited – 10/25/2007 – Kim Parsell
Autumn’s patchwork quilt has finally descended upon this area – the trees are in full fall color. This was taken yesterday morning. I tried to take this from just about the same vantage point as the previous one – I think I got pretty close!
Copyright © 2007 Kim Parsell. May not be reproduced without permission. If you’d like to license an image for usage, contact me at kparsell@kpimages.net for details.

From Carrie Dils

When Topher asked me if I’d write a few words in remembrance of Kim, I couldn’t say YES fast enough. I told him I remembered a whole lot more about how she made me feel versus how she felt about WordPress and the community. (I suppose the saying is true that people don’t remember what you say, they remember how you made them feel).

I first remember meeting Kim on Twitter, so I went back and did a search to the earliest conversations of ours I could find. They dated back to January 2013, nearly two years to the date after she passed in January 2015. I will always remember Kim, along with Mika Epstein and Andrea Rennick, for their kindness to me when I was new to the community. They were the first “women of WordPress” to draw me in and make me feel at home simply by sharing themselves and their knowledge.

That’s what community is, right? You share things that are personal, vulnerable even. You share your experiences. In doing that, you naturally invite others to reciprocate. That’s the environment Kim created with hundreds of others, not just me. Affectionately called #wpmom, Kim was an investor. She invested countless hours into the WordPress project (she had “props” for 5 major releases of WP and also volunteered her time for the documentation team). She invested in women who wanted to break into tech. She invested in me.

I still well up with tears when I remember Kim. I’m proud that the WordPress Foundation now offers a scholarship in her memory. She loved this community and this community loved her right back. Her legacy lives on…

Eastern Tiger – Posted on 09/30/2007 – Kim Parsell
An Eastern Tiger Swallowtail perches on some tall ironweed that grows down near the pond. I shot this one when I slipped away from the festivities for a little while during my family reunion back in August. Couldn’t pass up the opportunity!
Copyright © 2007 Kim Parsell. May not be reproduced without permission. If you’d like to license an image for usage, contact me at kparsell@kpimages.net for details.

From Jayvie Arellano

Kim was a self-reliant person who had a nurturing spirit, and WordPress gave her a channel by which she can channel that energy. I believe that her participation in WordCamps and the docs team enriched her life; every WC she went to, there was always someone she’s known online that she would connect with and check up on. She was concerned with everyone’s well-being.

She wouldn’t be a coder in our common understanding, but she understood coders. She understood the pitfalls of an isolated life and encouraged people to reach out and be concerned for one another. Her record of kindness and generosity have set an example for a lot of others to follow.

Misty Morning – Posted on 08/19/2007 – Kim Parsell
Storms the night before gave way to dense fog in early morning. The sun finally began to burn through, creating beautiful pools of light and long morning shadows. Copyright © 2007 Kim Parsell. May not be reproduced without permission. If you’d like to license an image for usage, contact me at kparsell@kpimages.net for details.

From Jan Dembowski

Kim Parsell was the sort of person who made me want to become a better human being. And the reciprocal of that is that I sought her approval for what I did, how I behaved and how I handled myself in the WordPress community and in life.

Just to be clear, she never said or did anything that indicated that her approval was needed. Or that it was a condition for her friendship. But she was #wpmom and that’s just how it was for me. Our online interactions were fun and collaborating with her in the WordPress community was a learning experience for me. I used that experience to become better at my job and it showed.

When I had to deal with a death in my family, she was one of the people I emailed. I needed that interaction and she was there for me with others in the community.

I met Kim in person at WordCamp SF 2014. She was amazed at how everyone was treating her. All these people she had contact with and everyone was thrilled to meet her. When the time came, she gave a video presentation on the docs team. She was nervous, had some laptop troubles and didn’t feel prepared. She did fine and I was there cheering her on from the sidelines.

After WCSF 2014 we stayed in touch and I would send her images of things my children did. When I got the news of her passing it was hard. But she left an amazing example. She taught me and others to take care of yourself, take care of those close to you and be a responsible person. How often do you meet someone like that? I’m so glad for having met her. Just by being herself she made me a better person.

Fire at Night, Part II – Posted on 02/17/2007 – Kim Parsell
7/10/2005 – The colors become more brilliant as the sky darkens even more.
Copyright © 2005 Kim Parsell. May not be reproduced without permission. If you’d like to license an image for usage, contact me at kparsell@kpimages.net for details.

From Drew Jaynes

Kim Parsell was driven. She knew the things she knew, and had a pretty good idea of how to find out the things she didn’t.

You’d be amazed how far the simple quality of that “self starter” attitude can take you as a contributor.

Don’t get me wrong, I’m not intentionally diminishing Kim to simply having the will to pull herself up by her proverbial boot straps. It’s merely to demonstrate the point that Kim’s temperament and poise in unfamiliar situations was unmatched, and that is one of the reasons why she was able to affect so much positive change in WordPress.

Kim’s positive attitude and helping nature was infectious. She had the uncanny ability to walk into a room of complete strangers and walk out with a group of new friends – and newly-gleaned knowledge to go along with it.

When Kim visited WordCamp San Francisco (the precursor to WordCamp US) for the first time in 2014, it was hugs all around. Literally. Kim had been contributing to WordPress for years and largely never met many of the people she’d had an opportunity to collaborate with.

The community summit was being held in conjunction with WCSF that year and the only way she could afford to go was on a travel scholarship offered at the time by the foundation – the same scholarship that now justly bears her name.

It was an amazing thing to see, made all the more tragic when Kim left us just a few short months later. She was well on her way to realizing her goal of being able to contribute full time and get paid for her effort.

I’m sad to say Kim never got there, but her spirit lives on in the people she knew and inspired. Here’s hoping that the Kim Parsell Memorial Scholarship will serve to further inspire those who follow in her footsteps.

Kim Parsell
1956-2015

The post A Family Well Loved appeared first on HeroPress.

WPTavern: WordPress 4.8.3, A Security Release Six Weeks in the Making

Wordpress Planet - Wed, 11/01/2017 - 10:11

WordPress 4.8.3 is available and is a security release for 4.8.2 and all previous versions. This release addresses an issue with $wpdb->prepare() that could lead to a potential SQL injection. While WordPress core is not vulnerable, hardening has been added to prevent plugins and themes from inadvertently causing a vulnerability.

If you’re experiencing a bit of déjà vu, it’s because WordPress 4.8.2 attempted to solve the same problem. According to Anthony Ferrara who reported and disclosed the vulnerability, the patch in 4.8.2 didn’t solve the underlying problem and broke many sites.

Ferrara says he reported the issue immediately after 4.8.2 was released and was ignored by the WordPress security team for several weeks.

“When I got the attention of the team, they wanted to fix a subset of the issue I reported,” he said. “It became clear to me that releasing a partial fix was worse than no fix (for many reasons). So I decided the only way to make the team realize the full extent was to Full Disclosure the issue.”

Full Disclosure is the process of publicly sharing technical details of a vulnerability so that the public knows the same amount of information about it as hackers. The threat of full disclosure is typically used to pressure businesses and software creators to act swiftly and release patches as soon as possible.

On October 26th, Ferrara used his Twitter account to notify the public that WordPress contained a serious SQLi vulnerability and that because he lacked confidence in the team, fully disclosing it was his only option. His message was retweeted 562 times and liked by 484 people.

The amount of publicity his Tweet received had an impact as on October 27th, Ferrara reported that constructive discussions resumed with the team and that he would delay the disclosure until October 31st.

RE: WP Issue: I constructive discussions have resumed with the security team. I will be delaying FD until at earliest the 31st.

— Anthony Ferrara (@ircmaxell) October 27, 2017

On October 27th, Ferrara spoke to a member of the WordPress security team who provided a fresh set of eyes to the problem, “A security team member who hadn’t yet participated in the thread went back to the beginning of the thread and re-read every post,” he said.

“He (correctly I may add) summarized the entirety of the issues, as well as asked a few clarifying questions. He also asked for a little more time but gave me a target of Tuesday, October 31st so it wasn’t wide open. This was the response I was looking for the entire time.”

Both parties collaborated on a patch that fixed the issue and WordPress 4.8.3 was released. Although his experience started out frustrating, Ferrara is hopeful that the team will do better with future reports.

“I get that there are competing priorities,” he said. “But show attention. Show that you’ve read what’s written. And if someone tells you it seems like you don’t understand something, stop and get clarification. And ask for help. Overall, I hope the WP security team moves forward from this. I do honestly see hope.”

Aaron Campbell, WordPress Security Team Lead, says that although there were some rough patches in working with Ferrara, they were able to work together to get a fix released in the end. While the threat of full disclosure didn’t have a huge impact on getting the vulnerability patched, it may have been the catalyst to get a new person involved in the process.

“A threat of disclosure certainly adds pressure and possibly stress, but doesn’t actually change the overall equation that much.” Campbell said. “An issue isn’t more severe because it’s going to be disclosed, but it can become more rushed (meaning a higher likelihood of mistakes).

In this case, I actually think the threat of disclosure ended up coinciding with one of the people from our security team joining in to help out. The new person was much better at communicating with Anthony, and it really turned things around.”

In the official release post, the WordPress Security Team thanked Ferrara for practicing Responsible Disclosure. This generated some conversation on Twitter on whether responsible disclosure should be renamed to coordinated disclosure.

Dear WordPress:

Stop calling it "responsible disclosure". It's "coordinated disclosure".

— Scott Arciszewski (@CiPHPerCoder) October 31, 2017

“I’m not sure I know what the terminology change would be aiming to accomplish,” Campbell said. “I do see that some places use this particular phrasing, but honestly I don’t see how it conveys anything that’s not already generally understood with responsible disclosure.”

Users are encouraged to update their sites to 4.8.3 as soon as possible. Since this release changes the behavior of esc_sql(), developers are highly encouraged to read this dev note on the Make WordPress Core site.

WordPress 4.8.3 Security Release

Wordpress News - Tue, 10/31/2017 - 14:20

WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.

This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change, you can read more details in the developer note.

Thank you to the reporter of this issue for practicing responsible disclosure.

Download WordPress 4.8.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.3.

Dev Blog: WordPress 4.8.3 Security Release

Wordpress Planet - Tue, 10/31/2017 - 14:20

WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.

This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change, you can read more details in the developer note.

Thank you to the reporter of this issue for practicing responsible disclosure.

Download WordPress 4.8.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.3.

WPTavern: GDPR for WordPress Project Seeks to Provide a Standard for Plugin Compliance

Wordpress Planet - Mon, 10/30/2017 - 23:20

WordCamp Denmark organizer Kåre Mulvad Steffensen and WP Pusher creator Peter Suhm are working on a GDPR for WordPress project that aims to provide an industry standard for getting plugins compliant with EU General Data Protection Regulation (GDPR) legislation. The deadline for compliance is May 28, 2018, approximately 200 days from now. The Danish duo met at WordCamp Europe a few years ago and were inspired to work together on several projects, with GDPR compliance for WordPress sites being the most urgent item on their list.

“We want to create a standard for plugin creators to describe what kind of data they store and how to handle it,” Suhm said. “With a standard like this it will be possible to build tools to make WP sites compliant with GDPR. That basically means things like generating privacy policies, tools to export sensitive data, and tools to delete it completely. GDPR is pretty complex, so there will likely be a lot of tools around this. The first thing we need is a standard. It’s critical especially for EU based companies, and I can tell you that it’s something people discuss in every meetup and WordCamp over here.”

The GDPR for WordPress site includes a summary of website owners’ obligations in regards to collecting data related to EU citizens. It’s not comprehensive but gives an idea of what items the standard will need to cover:

  • Tell the user: who you are, why you collect the data, for how long and who receives it.
  • Get a clear consent, before collecting any data
  • Let users access their data, and take it with them
  • Let users delete their data
  • Let users know if data breaches occur

Steffensen and Suhm’s first step is surveying WordPress plugin developers to gauge their awareness of the GDPR. They also want to know if developers would be interested in using a free, open source solution, like a simple file with a map of personal and sensitive data stored by their plugins. The GDPR for WordPress team would then use the tool as a foundation to build tools that can take care of compliance by parsing these files.

“When we have the survey data we will continue to work on the standard,” Suhm said. “It will be 100% open source, so everyone can use it to build whatever they see fit afterwards. So far it’s just a lot of ideas and we really want to collect as much input as possible so we can get everyone onboard.”

The team has created a roadmap that that they will update based on feedback from plugin developers. They plan to work on the following:

  • Methodology to describe how a plugin collects, stores, and uses personal data
  • Methodology file builder for plugin developers to use
  • Provide a clear visual compliance indicator on every plugin installed
  • Privacy policy text builder based on installed (compliant) plugins
  • Provide an administrative overview on each users data being stored, across plugins
  • Provide an administrative way to send user data to a specific user upon request
  • Provide an administrative way to delete user data on a specific user upon request
  • Add site wide Explicit consent checkbox, with detailed yet plain English on what data is stored, how it is used and how long. (This is a replacement for the cookie popup) – possible disablement of submitting actions until consent is given? The request to collect data should happen to every user before any data is collected, that might also mean cookies.

Despite the quickly approaching deadline, solutions aimed at helping WordPress sites to be compliant with the GDPR are virtually non-existent. There are currently only six plugins in the directory with descriptions that mention having been built with GDPR compliance and privacy in mind. Many site owners will be woefully unprepared to comply with the legislation.

A couple of months ago we looked the Wider Gravity Forms Stop Entries plugin, which helps site owners protect the privacy of form submissions by preventing them from being stored in the database. Since many plugins don’t have these options built in, other plugin developers have to extend them to suit their users’ needs. At the moment, there is no standard way of doing this because of the wide variance in how plugins store their data.

This solution the GDPR for WordPress team is proposing is different in that it aims to give plugin authors a standard for including a meta description of the personal and sensitive data that their plugins stores. The GDPR doesn’t prohibit plugins from storing personal identifiable data but it does require website owners to detail what, where, and for what purpose it is stored.

“The problem right now is that it is almost impossible to figure out what information a WordPress plugin stores and where it is stored,” Suhm said. “This will make it possible to build general solutions across plugins to ensure GDPR compliance. An example could be a tool to delete sensitive data from a WordPress site, including the data stored by plugins. That is only possible if plugin authors include some sort of description of their ‘data footprint.'”

The biggest challenge the team has is rallying plugin developers to get on board with following a new standard and updating their plugins to provide a data footprint. This is not an easy task as the burden of compliance falls to the website owners, not individual plugin developers. Even if site owners are motivated to educate themselves, the prospect of figuring out what data is being stored and where can be daunting. If the GDPR for WordPress team can successfully get the plugin developer community on board, they can work together to build a suite of tools that help end users get a broad overview of their sites’ GDPR compliance.

Post Status: The WordPress product market is completely different now

Wordpress Planet - Mon, 10/30/2017 - 21:38

This article is a member contribution from Scott Bolinger. Scott is the founder of Holler Box and the co-founder of AppPresser.

The WordPress economy is changing, and many businesses are feeling it.

The market is maturing, and customers are behaving differently. It’s happening slowly, but I think everyone realizes things are changing.

Often this change has been discussed in terms of hosts and agencies, but let’s talk about products.

I just read an article on Indie Hackers about MH Themes, a premium theme shop that started in 2013. They describe a hard-fought journey to a solid $30K in monthly revenue, but they have noticed big changes in the market since they started.

The author, Michael Hebenstreit, puts it this way:

Back in 2013 it was much easier to launch a WordPress theme and make it somewhat popular. Today the market for WordPress themes has become heavily crowded and oversaturated. It’s near to impossible to make a theme highly successful without investing lots of time and money in marketing and building a community behind your product.

It comes as no surprise that the theme business is saturated; it has been for years. I would now say the plugin business is saturated as well.

From 2008 to 2010 you could have released just about any decent plugin or theme, and it would have done fairly well, simply because there was very little competition. The WordPress market was in an early and extreme growth phase. People were realizing there was money to be made.

Many different product categories were ripe for innovation, with no dominant players at all. For example, the eCommerce landscape was wide open before WooCommerce became popular in 2011. Now there is no one even remotely close to them, and competing with WooCommerce doesn’t seem like a good idea.

Today what we see in most product categories is at least one dominant player, and many other new entrants at their heels. Backups, security, SEO, themes, page builders, forms, caching, lead generation, and other categories all have stiff competition.

Previously the competition was a developer trying to figure out how to grow a company. Now it’s a 30+ person organization with millions of dollars in revenue. iThemes, Yoast, Gravity Forms, Awesome Motive, and WooCommerce are just a few. These companies have a loyal following that makes it harder for smaller shops to take a piece of the pie.

Popular plugins now have millions of downloads, lots of articles written about them, and avid fans. They are becoming harder and harder to dethrone, or even to challenge for a slice of market share.

Your product is a commodity

As Alex Turnbull says in this recent article, “if your product isn’t already a commodity, it will become one in the next few years.”

It’s becoming easier and easier to create and sell a product online. Developers are ubiquitous, websites are cheap, and many people can build something on the side with a full time job.

That means when you release a product you not only have the established leaders to contend with, but lots smaller players with great products just getting started. Even if your product is great, there are 10 other great products in the same category.

That doesn’t mean a great product isn’t important — it certainly is. It does mean that it’s not enough.

If your product isn’t enough to stand out in a crowded marketplace, what does it take?

How to bring a new product to market now

The old way of starting a new product might have been to go where there was less competition and create a better product. If there are still places of “less competition” they are much harder to see.

You can go after a niche, but WordPress is already a niche. A niche within a niche is a very small market.

It’s not impossible to slay the giant Goliath product companies. As Jason Cohen points out, they have an Achilles heel: “The profitable revenue stream is a prison.” They are slower to adapt to changes in the marketplace because they can still make money doing what they have always done.

If you are thinking about bringing a new product to market, here are a few observations that may help you.

1) It’s going to be a lot harder than it used to be, and it’s going to take longer.

Can you go for a year (or two) without making any money and still be cranking out code and marketing yourself? That may be what it takes.

Putting up a website and starting a content strategy takes six months to see any solid organic traffic. Publishing your plugin to official WordPress directory does not result in automatic downloads. The newer search algorithms favor the entrenched plugins that have more downloads and reviews.

It’s an uphill battle, and it takes time.

2) You must have a strategic advantage, or a unique difference to win.

Ninja Forms went into a crowded space against one of the most popular plugins of all time, Gravity Forms. They gained an advantage by offering a free version and distributing it on the directory, while Gravity Forms was entirely commercial. Why did they do so much better than other free form plugins? I don’t know, but they certainly executed well, and they have created a great brand.

Can you find a competitive advantage and exploit it?

One weakness I see in many WordPress companies is marketing. Many of the early successes in WordPress were coders who made a cool plugin. Most of them are not marketers, and they have enough business without needing to learn marketing. This leaves the door open for companies with great marketing.

Can you dominate an under-marketed product category?

You are going to have to do something different and better than what has come before. Copying a business model that worked in 2012 is not a good strategy.

3) Branding is more important than ever.

Your brand is what will help you gain market share against your competitors.

A brand is not your logo, and it’s not what you say about your company. It’s what they say. They, as in, your customers.

Providing great customer service, getting to know people at events, being helpful on social media, providing refunds without asking questions — these are all parts of your brand. Being known for doing good work is another, so that when you release a new product, people just buy it.

I think of the brand Pippin Williamson has built for himself, since he is known for putting out high quality products. I will buy a plugin he makes over a more established competitor because of his reputation for quality. iThemes is another great example of a company that cares about their customers. They have built a brand on integrity.

Building a brand takes time, but it is more important than ever.

Looking forward

The WordPress market is no longer high growth and low competition.

The companies involved in products are maturing into well staffed, well funded operations. Their fans are loyal, and their products are entrenched. This makes it harder for new entrants into the market to compete.

New products must have a well thought out strategy to gain traction in this competitive marketplace. Without unique positioning and hard fought execution, they will not survive.

It’s not all bad news, because this is how most marketplaces look already. It’s a sign that those of us who make products need to get more creative about how we approach product development and marketing.

As the more successful companies get larger, they will also become more resistant to change. When this happens, newer product offerings will be able to steal market share with fast paced innovation and development.

This post was originally posted for Post Status Club Members. Join to get exclusive content like this.

Pages