Wordpress News

WPTavern: WooCommerce 3.6 to Add Marketplace Suggestions, Despite Overwhelmingly Negative Feedback from Developer Community

Wordpress Planet - Thu, 04/04/2019 - 22:55

In one of the most unpopular changes in the history of the WooCommerce open source project, version 3.6 will introduce “Marketplace Suggestions.” The update adds suggestions to the products admin screen, which vary based on whether it’s an empty state or within the list of products.

“They are contextual mentions of official extensions that may be relevant to a customer,” Todd Wilkens, Head of WooCommerce, said. “This currently includes all extensions on the official WooCommerce marketplace, which is open for submissions and lists extensions written by Automattic as well as by trusted partners and third-party developers.”

The suggestions are on by default for users who can install and activate plugins. They are dismissible, but the frequency with which they will be shown is one of the most contentious aspects of WooCommerce’s proposed implementation:

  • We’ll only show 1 on the Products screen, and 5 on the Product – empty state, Orders – empty state or Edit Product metabox.
  • Each suggestion is dismissible, we are not providing an option to dismiss all suggestions (other than if you choose to hide them).
  • We’re only showing 1 suggestion at a time, if a customer dismisses this, they won’t see another one for 24-hours.
  • If suggestions are dismissed more than five times. No further suggestions are shown in that location ( i.e. Products Listing ) for a month.

WooCommerce is providing a filter to turn off the suggestions, and this will likely soon be available as a plugin from the community. It is not something that is easy for non-technical store owners to implement.

add_filter( ‘woocommerce_allow_marketplace_suggestions’, ‘__return_false’ );

“If the above removal-by-script option proves to be difficult to implement – for example, for those who are not comfortable adding custom code – we will explore introducing a simpler way to turn them off and include this in a point release (e.g. a toggle in core settings),” Wilkens said.

WooCommerce Developer Community Sees Marketplace Suggestions as a Major Disruption to Store Owners’ Workflow

The feedback coming in on the announcement post and WooCommerce’s GitHub repository is overwhelmingly negative. In a comment on an issue titled “Rethinking 3.6’s Dashboard Ads,” Josh Kohlbach contends that WooCommerce should limit its marketing to the plugin’s dedicated Extensions screen in the dashboard:

In addition, didn’t anyone think it might be a conflict of interest for WooCommerce the commercial entity to use WooCommerce the open source plugin to show ads in this manner? Bit anti-competitive to all the 3rd party devs out there (of which there are a lot).

WooCommerce already has an amazing page under WooCommerce->Extensions with full searching capabilities etc. Why would you want to show irrelevant ads during a user’s everyday workflow?! Store owners use these screen daily, it’s terrible UX.

I suggest that it gets ripped out in its entirety and filed under “cool implementation/fun to code but horrible idea for actual users.

For those who do not stand to benefit from profits from the 400+ extensions on the WooCommerce.com marketplace, the intrusions in the product admins screen seem all the more offensive. Marketplace suggestions have not been well-received by third-party extension developers.

“This is in direct competition to every third-party developer that is not selling on WooCommerce’s marketplace,” Jamie Madden, founder of the WC Vendors Marketplace, said. “I am one of these. This is advertising for your commercial products, no matter how you try and wrap this. You have an extensions page already which is more than enough, but advertising your products every 24 hours is going too far. This is completely unacceptable.”

The general consensus of those participating in the ticket is that injecting ads into product management screens will create a disruption to store managers’ workflow.

“I too am very concerned about this,” digital agency owner Erik Bernskiold said. “I get that WooCommerce want to benefit from their commercial side, too, and there are many ways to do this. But in this case, it feels like this is at a great disregard for the users. Hijacking a product list, order list or a user interface element in this way is a major interruption of the user experience. It’s not the place for an ad.”

Several participants in the discussion have suggested that WooCommerce make it an opt-in toggle in the settings.

“There is only one scenario where I think this feature should stay in place and could be beneficial: If this feature is controlled by an opt-in toggle in WC settings,” Jeremy Pry said. “Otherwise, this whole feature should be removed entirely. Store owners don’t need advertisements in their admin dashboard. In my opinion, leaving this feature in place would be very harmful to the WooCommerce community.”

Marketplace Suggestions Require Dismissal Every Day for 5 Days, Only to Return 1 Month Later

The fact that the suggestions cannot actually be dismissed for good is one issue that developers predict will end up aggravating WooCommerce users.

“Dismissing just to keep hounding the user, that’s not dismissing… that is snoozing,” WordPress developer Patrick Garman said. “Because I told you 5 times that I don’t want to see your ads, that doesn’t mean come back in a month. The average user shouldn’t have to use a filter to make ads go away.”

I would not be surprised if WooCommerce ends up dialing back the frequency of the ads after they are closed, given that nearly all those participating in the conversation consider it unacceptable to require dismissal five days in a row, with the same process repeated every month thereafter. The frequency with which they are displayed is unusually aggressive.

“I don’t think it technically violates the guidelines it’s just obnoxious and makes WooCommerce look like a low rent solution,” Astoundify founder Adam Pickering said. “It seems we are in a midst of a monetization push and they are looking for any where they can add up sells. Apparently doing so gracefully has gone out the window.”

Despite the overwhelmingly negative feedback, WooCommerce appears to be ploughing forward on its plan to ramp up its marketing in the admin. Automattic is a business and it needs to make money with WooCommerce. Most participants in the discussion do not seem opposed to WooCommerce making money with marketplace suggestions but are strongly requesting that they do not inject ads in places where users are working on their own products in the admin.

“There’s nothing necessarily wrong with ya’ll trying to squeeze out some more money from users – so long as it’s done tastefully, and in a way that actually provides value to the user, instead of spamming and hindering them,” @justlevine commented on the GitHub issue.

Based on the WooCommerce developer community’s feedback, many are in agreement that they will only support changes will be respectful to store owners working in the admin. They would prefer WooCommerce focused its efforts on improving the existing Extensions tab, instead of injecting items from the marketplace on other screens. The current implementation of marketplace suggestions needs work, because it is too heavy-handed in displaying ads after users indicate through the UI that they want to dismiss them.

Most participants in the discussion are in favor of letting store owners decide if they want to see ads for extensions on their product admin screens. They would prefer that users opt in through a more transparent way than simply agreeing to terms of service. At the very least, most prefer WooCommerce add a setting that would allow store owners to easily turn marketplace suggestions off. If Automattic wants this new feature to be successful, the company needs to revise the implementation to be something that doesn’t instantly make the majority of the WooCommerce developer community want to turn it off.

Nebula Example

Drupal Themes - Thu, 04/04/2019 - 10:48

WPTavern: Pipdig Updates P3 Plugin after Reports Expose Vendor Backdoors, Built-in Kill Switch, and Malicious DDoS Code

Wordpress Planet - Wed, 04/03/2019 - 05:55

Over the weekend, Pipdig, a small commercial theme company, has been at the center of a scandal after multiple reports exposed a litany of unethical code additions to its Pipdig Power Pack (P3) plugin.

On Friday, March 29, Wordfence threat analyst Mikey Veenstra published a report with code examples of the backdoors Pipdig built into their plugin, along with some unsavory and questionable additions to the code.

“We have confirmed that the plugin, Pipdig Power Pack (or P3), contains code which has been obfuscated with misleading variable names, function names, and comments in order to hide these capabilities,” Veenstra said.

These include an unauthenticated password reset to a hard-coded string, which was deliberately obscured with code comments indicating it was added to “check for new social channels to add to navbar.” Veenstra also demonstrated how the plugin contained code for an unauthenticated database deletion, wherein the Pipdig team could remotely destroy any site WordPress site using the P3 plugin.

The code for remote site deletion was removed in version 4.8.0 but it still a concern for users who haven’t updated. Michael Waterfall, iOS Engineer at ASOS, tested the “kill switch” function and demonstrated that it still works with prior versions.

It also confirms they lied. They _still_ have the ability to wipe any blog that hasn't updated to the new plugin version (4.8.0), which they hurriedly released to delete the kill switch after they were exposed the other day. pic.twitter.com/bNMfRQUBpr

— Michael Waterfall (@mwaterfall) March 31, 2019

Veenstra’s investigation also uncovered questionable remote calls in the plugin’s cron events, undisclosed content and configuration rewrites, and a list of popular plugins that are immediately deactivated when P3 is activated, without the user’s knowledge. He found that some of these plugins are deactivated alongside admin_init, so any user attempts to reactivate the plugins will not stick.

Wordfence estimates the P3 plugin to have an install base of 10,000-15,000 sites. The changes made in version 4.8.0 of the plugin are not transparently identified in the changelog, so it’s not easy for users to know what has changed. The content filtering and the plugin deactivations remain in the most recent release. These types of veiled functions performed without permission could have unintended consequences on sites using the plugin, which non-technical users may not be able to fix themselves.

Pipdig P3 Plugin Performed a DDoS Attack on a Competitor’s Site

Jem Turner, a freelance web developer based in the UK, published a lengthy analysis of the P3 plugin the same day that Wordfence released its analysis. She drilled down further into the remote requests, demonstrating how Pipdig has been using the P3 plugin to perform a DDoS attack on a competitor who also provides WordPress themes and installation services to bloggers. The code triggers an hourly cron job on users’ sites, effectively using their customers’ servers to send malicious requests to the competitor’s site.

The code comment tells us this is “checking the CDN (content delivery network) cache”. It’s not. This is performing a GET request on a file (id39dqm3c0_license_h.txt) sat on pipdigz.co.uk, which yesterday morning returned ‘https://kotrynabassdesign.com/wp-admin/admin-ajax.php’ in the response body.

Every single hour night and day, without any manual intervention, any blogger running the pipdig plugin will send a request with a faked User Agent to ‘https://kotrynabassdesign.com/wp-admin/admin-ajax.php’ with a random number string attached. This is effectively performing a small scale DDoS (Distributed Denial of Service) on kotrynabassdesign.com’s server.

Turner also contacted Kotryna Bass, Pipdig’s competitor, who said she had contacted her host after finding that her admin-ajax.php file was under some kind of attack. Bass’ exchanges with her host are also published in Turner’s report.

Turner’s post explained how Pipdig’s P3 plugin code manipulated links to point to their own products and services when a user includes a link to a competitor in the the content:

Here we have pipdig’s plugin searching for mentions of ‘blogerize.com‘ with the string split in two and rejoined – concatenated – to make it harder to find mentions of competitors when doing a mass ‘Find in Files’ across the plugin (amongst other things). When the plugin finds links to blogerize.com in blogger’s content (posts, pages), they’re swapped out with a link to ‘pipdig.co/shop/blogger-to-wordpress-migration/’ i.e. pipdig’s own blog migration services. Swapping these links out boost the SEO benefit to pipdig, and the vast majority of bloggers wouldn’t notice the switcheroo (especially as if the page/post was edited, the link to blogerize would appear in the backend as normal).

The plugin did not ask users’ permission before performing any of these actions and most of them were implemented with obfuscated code. Turner’s investigation also covers how the P3 plugin could harvest data and change admin passwords. Many of the findings overlap with Wordfence’s analysis.

“I was aware that Wordfence had been contacted for an opinion, although I was unaware they were writing a post and vice versa,” Turner said. “I wasn’t surprised that they wrote about it though, given the risk to WordPress users.”

She has been in contact with authorities regarding Pipdig’s unethical coding practices and privacy violations.

“From my side of things, I’ve been in contact with Action Fraud (submitted a report through their website) and NCSC (who pointed me back to Action Fraud and gave me a number to call). From pipdig’s side, there are threats of legal action in their blog post but I’ve received nothing yet.”

Pipdig’s Public Response Skirts Critical Concerns

Pipdig Creative Director Phil Clothier published a public response from the company which opens by characterizing the recent investigations as “various accusations and rumours spreading about pipdig” and includes an emotional plea regarding how distressing recent developments have been for his company. He claims that his team and their supporters are being harassed.

After pushing out the 4.8.0 version of the P3 plugin, removing some but not all of the offensive code, Clothier opts for a Q&A style format for his post, putting every question in the present tense:

Do you DDOS competitors?
No.

Do you “kill” sites?
No!

Do you have the ability to kill sites via the pipdig Power Pack?
No

Regarding the “kill switch” feature they built in, which detects all tables with the WordPress prefix and drops each of them, Clothier said it was simply a function to reset a site back to its default settings. He deliberately misrepresented what it does:

There was function in an older version of the plugin which could be used to reset a site back to the default settings. This function had no risk of of malicious or unintentional use. I can say categorically that there was no risk to your site if you were using a pipdig theme. This feature has been dug up and labelled a “Kill Switch” for maximum negative impact on us.

Clothier claims the function was available in the P3 plugin in July 2018 when a third party started posting Pipdig themes for sale on their own site:

A 3rd party was able to download all of our themes illegitimately and post them on a clone of our own site. This included previews of our themes and the ability to purchase them. We were first alerted to this by people which had purchased a pipdig theme from there, but were finding that certain features did not work correctly. After investigation, we found that the victim had purchased the theme from the 3rd party, thinking it was us. The 3rd party not only gained the financial benefit of the theme payment, but also used it as a way to inject malware and ads into the victim’s site. The reset function was put in place in order to remove the 3rd party’s ability to host preview sites with our themes. It worked, and they have since disappeared. The function was then removed in a later version of the plugin.

This is a false claim, as Wordfence pointed out in an updated article. The first instance of the code responsible for database deletion was committed to the plugin in November 2017.

The company failed to address the most critical concerns presented in the Wordfence analysis in its first pass at issuing a public statement. Instead, on the matter of coordinating a DDoS attack on competitors, Pipdig blames users and suggests they may have added the competitor’s URL to their sites.

“We’re now looking into why this function is returning this url,” Clothier said. “However, it seems to suggest that some of the ‘Author URLs’ have been set to ‘kotrynabassdesign.com’. We don’t currently know why this is the case, or whether the site owner has intentionally changed this.”

Further investigations published by Wordfence today showed that Pipdig also added DDoS code to its Blogger templates and was actively issuing malicious requests up until yesterday:

During the investigation of Pipdig’s WordPress plugin and themes, we also came across some curious code associated with their Blogger themes. This code is part of Pipdig’s suspected DDoS campaign against their competitor, and was active until April 1, four days after Pipdig’s denial of any such behavior.

Some of Pipdig’s Blogger themes have been confirmed to make external JavaScript calls to Pipdig’s server, specifically to the script hXXps://pipdigz[.]co[.]uk/js/zeplin1.js.

On March 31, as the investigations became public, Pipdig deleted its public Bitbucket repository and replaced it with a “clean one,” removing three years of commit history. Wordfence and many others cloned the repository before it was deleted and saved snapshots of pages to cite in the investigation.

That clean repository @pipdig published earlier today in place of the one containing all of their malicious code… They changed the reported release date of version 4.8.0. pic.twitter.com/YqKASTUZE7

— Nicky Bloor (@nickstadb) April 1, 2019

Pipdig’s public statement contains a number of other false claims that are outlined in Wordfence’s followup piece with code examples. Clothier closes the article by casting aspersion on the press, presumably to encourage customers not to trust what they read from other sources.

I contacted Pipdig for their comment on recent events, but Clothier declined to answer any of my questions. One of those was why the plugin disables Bluehost’s caching plugin without informing customers.

Another one from the @pipdig plugin. If you use one of their themes on @bluehost then they intentionally slow your website down by disabling the BlueHost cache plugin, then they can inject content with the title "Is your host slowing you down?" CC @jemjabella @heyitsmikeyv pic.twitter.com/48DUXsDyBj

— Nicky Bloor (@nickstadb) March 31, 2019

Clothier said he didn’t have any comments beyond what he said in the public statement but encouraged anyone interested to read the new comments added to the code in version 4.9.0:

We’ve also updated version 4.9.0 of the plugin which includes extra commenting in the code, which will hopefully help clear things up like issues with Bluehost caching and the_content() filter.

If anyone is unsure, we recommend updating to the latest version as always. However we also contend that the previous versions had no serious issues too.

Pipdig declined to answer questions about licensing but the products do not appear to be GPL-licensed. This may be why the company deemed it within its rights to take action on those who they believe to have “stolen” their themes.

Pipdig Customers Share Mixed Reactions to Reports of Vendor Backdoors and DDoS Attacks

In what is perhaps one of the most brazen abuses I’ve ever seen from a theme company in WordPress’ history, Pipdig’s user base has unknowingly been used to target the company’s competitors. Regardless of the company’s motive in combatting the unauthorized distribution of their themes, these types of backdoors and undisclosed content rewrites are indefensible. They prey upon user trust and in this case the victims were primarily bloggers.

I think that's why so many of us are so angry. Bloggers are the lifeblood of #WordPress, you create content and for the most part don't have big budgets to spend. So when someone takes advantage of that those at the "low budget" end of the market, those that cant afford devs…

— Andy Powell (@p0welly) March 31, 2019

One of the more puzzling aspects of this story is that many of Pipdig’s users seem to be unfazed by the gravity of the findings in these reports. Without full knowledge of the inner workings of a product, many customers make decisions based on how they feel about a company, regardless of being confronted with facts that should cause them to question their experiences.

I’m not concerned. I trust them. And I’m certainly not panicking and acting on the words of two blog posts citing their competitors. They’ve served me well for years.

— Caroline Hirons (@CarolineHirons) March 29, 2019

Others are angry to have had their sites used in an attack. Getting set up on a new theme is not a trivial task for non-technical users who may have had to pay a developer to launch their sites in the first place.

Honestly? I’m really angry. I trusted them for years, and in return my site has been used maliciously against other small businesses. I’ve been watching this unfold since Friday but even this update shocked me. https://t.co/mPsO8EoHBp

— Charlotte (@bycharlotteann_) April 2, 2019

“My mind is absolutely blown by pipdig’s public response,” Jem Turner said. “I understand that they were counting on their users’ completely non-tech background to bamboozle them, and it certainly seemed to be working in the beginning, but anyone with even the slightest bit of coding knowledge can see that they are lying and I genuinely don’t understand how they think they’ll get away with it.”

The crazy part is if we want to be really real about this, it's more like

The cable guy cut a big hole in my wall and installed a door handle on it. He took some painter's tape and scrawled "THIS IS A CABLE BOX" on the drywall. Then looked me in the eyes and said "No I didn't."

— Mikey Veenstra (@heyitsmikeyv) March 31, 2019

This incident shines a spotlight on how unregulated the commercial plugin and theme ecosystem is and how little protection users have from companies that abuse their power. If you are a Pipdig customer affected by this incident, there is no assurance that the company will not build more backdoors into your site in the future. The plugin updates are not reviewed by any kind of authority. Fortunately, there are a few actions you can take to create a safer environment for your website.

First, look for GPL-licensed themes and plugins, because they grant you more freedoms as the user and are compatible with WordPress’ legal license. GPL-licensed products are also a strong indication that the authors respect user freedoms and the shared economic principles that this open source license supports.

Many reputable theme companies choose to host their products’ companion plugins on WordPress.org for ease of distribution and shipping updates. The official directory does not permit these kinds of shady coding practices described in this article and all of the plugins go through a security review by the WordPress Plugin Team. If you are concerned about code quality and the potential for abuse, do a little research on your next prospective commercial theme provider or opt for free WordPress.org-hosted themes and plugins that have undergone a more rigorous vetting process.

HeroPress: Growing a WordPress business in Vietnam

Wordpress Planet - Wed, 04/03/2019 - 02:00

Xem nội dung tiếng Việt ở dưới.

It’s been 13 years since I first knew WordPress. Thinking of it, I found it to be one of the most fortunate things I had in my career and life. I can do what I love, can make money to support myself, my family and have many good friends.

When I found out about WordPress, I was still a second-year student at the university. The major I studied was not IT but mechanical engineering. I chose it with the desire to get a scholarship abroad (it was in Russia). But in the process of learning, I found myself inclined to and more passionate about coding. Therefore, I taught myself coding.

In my second year of university, I wanted to set up a website to download software. It is not a very proud thing, because at that time I just wanted to share the software with everyone, including free software and pirated software (software pirating is still a big problem in Russia and in Vietnam). It can be said that software was what attracted me the most at that time. I was passionate about finding new software, testing, running them, finding great features and sharing experiences with people.

At that time, the web was still something very new to me and I didn’t have many concepts about it. I just needed to find a free platform to build a blog about software.

At that time, there were two platforms that caught my attention – WordPress and BoBlog. BoBlog was a Chinese platform (it’s dead now), and WordPress seemed more international, so I chose WordPress.

It can be said that the choice of WordPress has made me learn more seriously about the web and related technologies. By editing the theme, making additional features for my blog, I learned a lot about HTML, CSS, JavaScript, and PHP. During my time at the university, I had been exploring these things and gradually improving my knowledge base.

For me, the web has a big advantage comparing to other software, which is any line of code you write, you can see the result right in the browser by just pressing F5. This was the point that I was very excited about because when I tried coding in other languages, the compiling process made me feel time-consuming and not very intuitive.

Start My Own Blog

After that, I felt that the knowledge I learned was quite interesting and wanted to share it with everyone. So I started my personal blog, it is still active at deluxeblogtips.com. Blogging is an important thing in my career, maybe the most. It brings a lot of fortunate to me:

English: English is not my native language. But by blogging, my reading and communication skill in English has improved significantly. Although there are still many errors, I feel quite confident when talking to international friends. This has been happening for a long time and I am very grateful for it.

The first freelance jobs: Blogging has been around for a while, some people knew about me thanks to my helpful sharing. And they started contacting me and asked if I wanted to work for them. At that time, as a student, I was very happy, because I could earn some money. Later, when I graduated from university, I started my career with those freelance jobs. I did freelancing for about 4-5 years since 2010. I participated in many projects, learned a lot of things and knew a lot of friends. During this time, I also gathered a group of Vietnamese friends to work on those freelance jobs. Until now, although the group is no longer available, we are still good friends and still meet often.

Start ideas for products: precisely Meta Box. This is my company’s flagship product at the moment. Its idea started from my tutorial on the blog. Thanks to those sharing, it’s now a plugin of 400,000 active installs that based on a tutorial.

Community

Blogging makes many people known about me. And my share (and other products) is also useful for many people and thanks to that, I connect with many developers around the world and in Vietnam. In 2012, when Philip Author Moore came to Vietnam, we met the first time, and it was a “fateful” meeting between us. Together, we built the WordPress community in Vietnam from those early years, started the Hanoi WordPress Meetup and shared a lot of things about WordPress. There were many companies in Vietnam starting to redirect and working on WordPress from such meetup sessions.

So far, the community has been strong and we are no longer involved because we’re quite busy and we do not have too much experience in organizing and maintaining offline activities. Online activities are still very exciting thanks to Facebook!

Building products and company

Being a developer and having the opportunity to work on projects with customers, in 2010, I found many things missing from WordPress. And at that time, I had the idea of Meta Box, which is a developer framework to quickly create custom fields. I shared a series of tutorials on my blog. What I didn’t expect was that there were so many people having the same interest.

After that, I continuously upgraded the plugin, based on feedback from other users and developers. I also get a lot of help from other developers, especially Kaiser. I am really grateful to them because, without them, Meta Box could not become a plugin with 400,000 active installs.

When I first developed the plugin, I didn’t have much idea about commercializing it. All were free. At that time, I didn’t know much about interacting on wordpress.org and the Trac system, so I released the code on Google Code. A long time later, I uploaded it to wordpress.org. Therefore, when comparing the custom fields plugins, Meta Box is sometimes not considered the first plugin, while it should be.

The idea of Meta Box was later inherited by many people and developed similar plugins. And I really like that, because that’s the idea of open source!

The success of Meta Box was the basis for me to establish my own company – eLightUp to develop products for WordPress.

In addition to Meta Box, while creating a freelance team, we also tried to become a theme provider and joined ThemeForest. It was not very successful, because I feel ThemeForest is a battlefield in which the parties race to add features to make a theme become powerful, able to do many things and therefore very bloated and not optimal. As a developer, I always feel uncomfortable with those things.

The theme work then was separated into two brands of our company: FitWP for themes on ThemeForest and GretaThemes for themes that are simple, optimal and serve a specific purpose. Currently, the focus of our company are Meta Box and GretaThemes.

And for freelance work, we moved into a division of our company that specializes in projects with customers. We carry out projects for both domestic and international customers.

The shift in roles

Before establishing the company, the income from the products and projects helped me and my family have a comfortable life in Vietnam. But for a long time in the WordPress community, I’ve seen many brands that I’ve always admired, especially WooThemes (now merged into Automattic). Seeing their great contributions to the community, I always want to do the same. And to do that, it’s difficult to do as an individual. So I founded eLightUp, wishing to create good products and contribute to the community.

When I founded the company, I did not measure all the management issues or predicted that. I had to learn a lot, from managing people, resources, finance to strategy, market research and marketing. As a developer, they are all new and challenging things. There were times when I was very stressful because I had to do both developing products and other work which were not my strength.

So far, things have gotten better, I have become more comfortable to work, although I still have to code and manage at the same time.

Above all, I see what I have now is big luck, and that is totally love and support from the community for me. Therefore, no matter how difficult or challenging things are, I still feel very happy with what I have and will try to do better.

Tiếng Việt

Đã 13 năm kể từ khi tôi biết đến WordPress lần đầu tiên. Nghĩ lại, tôi thấy đó là một trong những điều may mắn nhất mà tôi có được trong sự nghiệp và cuộc sống của mình. Tôi được làm điều mà tôi yêu thích, có thể kiếm tiền nuôi sống được bản thân, gia đình và có thêm nhiều bạn bè tốt.

Khi tôi biết đến WordPress, tôi vẫn còn là 1 cậu sinh viên năm thứ 2. Chuyên ngành mà tôi học không phải là IT mà là cơ khí chế tạo máy. Tôi đã chọn chuyên ngành đó với mong muốn có được 1 suất học bổng ở nước ngoài, khi đó là ở Nga. Nhưng trong quá trình học tập, tôi thấy mình có thiên hướng và đam mê về lập trình nhiều hơn. Vì thế, tôi đã tự học và bổ sung các kiến thức về IT cho mình.

Năm thứ 2 đại học, tôi muốn lập 1 website về download phần mềm. Cũng không phải là một điều tự hào gì lắm, vì lúc đó tôi chỉ muốn chia sẻ các phần mềm với mọi người, trong đó có phần mềm miễn phí và có cả phần mềm crack (vấn nạn crack phần mềm ở Nga và ở Việt Nam vẫn còn rất lớn). Có thể nói phần mềm là thứ thu hút tôi lúc đó nhiều nhất. Tôi say mê tìm phần mềm mới, thử nghiệm, chạy chúng, tìm các tính năng hay và chia sẻ kinh nghiệm với mọi người. Lúc đó, web vẫn còn là một thứ gì đó rất thô sơ và tôi cũng chưa có nhiều khái niệm về nó. Tôi loay hoay tìm một nền tảng có sẵn để xây dựng một blog về phần mềm. Vào thời điểm đó, có 2 nền tảng đã gây sự chú ý với tôi – đó là WordPress và BoBlog. BoBlog là 1 blog của Trung Quốc, còn WordPress thì có vẻ quốc tế hơn, nên tôi đã chọn WordPress.

Có thể nói sự lựa chọn WordPress đã khiến tôi học hỏi nghiêm túc hơn về web và các công nghệ liên quan. Bằng cách chỉnh sửa giao diện, làm thêm các tính năng bổ sung cho blog của mình mà tôi đã học được nhiều điều về HTML, CSS, JavaScript và PHP. Trong suốt thời gian học đại học, tôi đã mày mò những cái này và dần hoàn thiện nền tảng kiến thức của mình.

Đối với tôi, web có 1 điểm hơn các phần mềm khác, đó là bất kỳ dòng code nào mà bạn viết, bạn có thể thấy kết quả của nó ngay trên trình duyệt (chỉ với 1 lần nhấn F5). Đây là điểm mà tôi rất thích thú, vì trước đó tôi đã thử lập trình trên một số ngôn ngữ khác, nhưng quá trình biên dịch khiến tôi cảm thấy mất thời gian và không trực quan lắm.

Bắt đầu viết blog

Sau đó, tôi cảm thấy những kiến thức mà tôi học hỏi được cũng khá thú vị và muốn chia sẻ nó với mọi người. Và tôi bắt đầu viết blog để chia sẻ. Blog của tôi đến nay vẫn hoạt động tại deluxeblogtips.com. Có thể nói viết blog là bước ngoặt quan trọng trong sự nghiệp của tôi. Nó đã giúp tôi có được nhiều thứ quyết định trong sự nghiệp của mình:

Tiếng Anh: tiếng Anh vốn không phải là ngôn ngữ mẹ đẻ của tôi. Nhưng nhờ trau dồi viết blog mà khả năng đọc hiểu và trao đổi bằng tiếng Anh của tôi tiến bộ rõ rệt. Mặc dù còn nhiều lỗi, nhưng tôi cảm thấy khá tự tin khi nói chuyện với bạn bè quốc tế. Việc này xảy ra trong khoảng thời gian dài và tôi rất biết ơn điều đó.

Những công việc freelance đầu tiên: Viết blog được 1 khoảng thời gian, nhờ những chia sẻ có ích của mình mà một số người đã biết đến tôi. Và họ bắt đầu contact với tôi và hỏi xem tôi có muốn làm việc cho họ không. Lúc đó, với 1 sinh viên thì tôi rất vui mừng, vì có thể kiếm được chút ít tiền. Về sau này, khi tôi tốt nghiệp đại học, tôi đã bắt đầu sự nghiệp của mình bằng những công việc freelance đó. Tôi đã làm freelance trong suốt khoảng 4-5 năm kể từ 2010. Tôi đã được tham gia nhiều dự án, học hỏi được rất nhiều điều và biết được thêm rất nhiều bạn bè. Trong khoảng thời gian này, tôi cũng đã tập hợp được 1 số bạn bè cùng làm WordPress tại Việt Nam thành 1 nhóm và cùng làm các công việc freelance đó. Đến nay, tuy nhóm cũ không còn, nhưng chúng tôi vẫn là những người bạn tốt và vẫn hay thường xuyên gặp nhau.

Bắt đầu ý tưởng cho các sản phẩm: cụ thể là Meta Box. Đây là sản phẩm flagship của công ty của tôi hiện tại. Ý tưởng của nó bắt nguồn từ những chia sẻ của tôi trên blog. Nhờ những chia sẻ đó mà tôi đã xây dựng 1 sản phẩm được 400.000 người sử dụng với gốc là từ 1 bài tutorial.

Cộng đồng

Viết blog khiến nhiều người biết đến tôi. Và những chia sẻ của tôi (và cả các sản phẩm nữa) cũng có ích cho nhiều người và nhờ đó tôi cũng kết nối được với nhiều bạn developer trên thế giới và ở Việt Nam. Năm 2012, khi anh Philip Author Moore tới Việt Nam, chúng tôi đã gặp nhau lần đầu tiên, và đó là buổi gặp “định mệnh” giữa chúng tôi. Cả 2 chúng tôi đã xây dựng cộng đồng WordPress Việt Nam từ những năm đầu đó, cùng start Hanoi WordPress meetup và chia sẻ rất nhiều điều về WordPress. Có rất nhiều công ty ở Việt Nam bắt đầu chuyển hướng và làm về WordPress từ những buổi meetup như vậy.

Đến nay, cộng đồng đã vững mạnh và chúng tôi không còn tham gia nhiều nữa vì công việc khá bận rộn và bản thân chúng tôi cũng không có quá nhiều kinh nghiệm trong việc tổ chức và duy trì các hoạt động offline. Các hoạt động online thì vẫn diễn ra rất sôi động nhờ vào Facebook!

Xây dựng sản phẩm và công ty

Vốn là 1 developer và đã có cơ hội làm việc với các dự án với khách hàng, vào những năm 2010, tôi thấy có nhiều điều còn thiếu trong WordPress. Và lúc đó, tôi đã có ý tưởng về Meta Box, là một framework giúp developer tạo nhanh các custom fields. Tôi đã chia sẻ 1 loạt bài tutorial về việc xây dựng nó trên blog của mình. Và điều tôi không ngờ lúc đó là có rất nhiều người có cùng mối quan tâm như vậy.

Sau đó, tôi đã liên tục nâng cấp plugin, dựa theo những phản hồi của các developer khác. Tôi cũng nhận được sự giúp đỡ rất nhiều của các bạn developer khác, mà trong đó không thể không nhắc tới Kaiser. Tôi thực sự rất biết ơn các bạn, cả những người dùng nữa, vì không có các bạn thì Meta Box đã không thể trở thành 1 plugin với 400.000 lượt active installs được.

Khi mới phát triển plugin, tôi chưa có ý niệm nhiều về thương mại hoá nó. Toàn bộ đều được chia sẻ miễn phí. Lúc đó, tôi cũng chưa biết nhiều về tương tác trên wordpress.org với hệ thống Trac, nên tôi release code trên Google Code. Mãi sau này tôi mới đưa lên wordpress.org. Vì thế nên nhiều khi so sánh tuổi đời của các plugin về custom fields, Meta Box đôi khi không được coi là plugin đầu tiên, trong khi đúng ra là nó phải là như vậy.

Ý tưởng của Meta Box sau này còn được nhiều người kế thừa và phát triển ra các plugin tương tự. Và tôi rất thích điều đó, vì đó là tư tưởng của open source!

Sự thành công của Meta Box là cơ sở để tôi thành lập công ty của riêng mình – eLightUp để phát triển các sản phẩm cho WordPress.

Ngoài Meta Box, trong khi thành lập nhóm làm freelance, chúng tôi cũng đã thử dấn thân vào mảng làm theme và đã tham gia ThemeForest. Có thể nói là mảng đó không được thành công lắm, vì tôi cảm thấy ThemeForest là một chiến trường trong đó các bên đua nhau thêm những tính năng để cho 1 theme trở nên mạnh mẽ, làm được nhiều thứ và do đó rất nặng nề và không tối ưu. Mà tôi là 1 developer nên luôn cảm thấy không thoải mái với những điều đó.

Mảng làm theme sau này phân tách ra thành 2 brands của công ty chúng tôi: FitWP cho những theme trên ThemeForest và GretaThemes cho những theme đơn giản, tối ưu và phục vụ 1 mục đích cụ thể. Hiện nay thì trọng tâm của công ty chúng tôi là Meta Box và GretaThemes.

Còn mảng làm freelance sau này chúng tôi tách thành một nhánh trong công ty của chúng tôi là chuyên làm các dự án với khách hàng. Chúng tôi thực hiện các dự án cho cả khách hàng trong nước và quốc tế.

Sự chuyển dịch vai trò

Trước khi thành lập công ty, nguồn thu nhập mà các sản phẩm và dự án mang lại cũng đã giúp tôi và gia đình có 1 cuộc sống khá thoải mái ở Việt Nam. Nhưng ở trong cộng đồng WordPress đã lâu, tôi đã thấy rất nhiều brand mà khiến tôi luôn ngưỡng mộ, trong đó nổi bật là WooThemes (nay đã không còn nữa). Thấy các đóng góp to lớn của họ cho cộng đồng, tôi cũng mong muốn mình làm được những điều tương tự. Và để làm việc đó, sức lực của 1 cá nhân rất khó. Nên tôi đã thành lập eLightUp, với mong muốn tạo ra những sản phẩm tốt, đóng góp cho cộng đồng và cả những đóng góp miễn phí nữa.

Khi thành lập công ty, tôi đã không lường được hết những vấn đề về mặt quản lý công ty. Tôi đã phải học rất nhiều điều, từ việc quản lý con người, nguồn lực, tài chính đến những vấn đề về định hướng, chiến lược, nghiên cứu thị trường, marketing. Đối với 1 developer, đây đều là những thứ mới mẻ và thách thức. Có những khoảng thời gian tôi đã rất áp lực, vì vừa phải phát triển sản phẩm, vừa phải làm những công việc khác vốn không phải là thế mạnh của mình.

Đến nay, mọi thứ đã tốt hơn, tôi đã quen dần hơn với công việc, mặc dù tôi vẫn phải code và quản lý cùng một lúc.

Nhưng mà, trên tất cả, tôi thấy những gì mà mình có được bây giờ đều là sự may mắn, và đó đều là sự yêu thương, support từ cộng đồng đã dành cho tôi. Bởi thế, cho dù mọi thứ có khó khăn, thách thức như thế nào, tôi vẫn cảm thấy rất vui với những gì mình đang có, và sẽ cố gắng để làm mọi thứ tốt hơn.

The post Growing a WordPress business in Vietnam appeared first on HeroPress.

WPTavern: Jetpack 7.1 Adds Feature Suggestions to Plugin Search Results

Wordpress Planet - Tue, 04/02/2019 - 15:40

Jetpack 7.1 was released earlier this month with new blocks for WordAds, Business Hours, Contact Info, Slideshows, and Videos. This release also quietly added suggestions to the plugin search screen, a change that has not been well-received by the developer community. If a user searches for a plugin that has a feature that is already offered by Jetpack, the plugin will insert an artificial (and dismissible) search result into the first plugin card slot, identifying the corresponding Jetpack feature.

Although these suggestions in plugin search results were not presented as a headline feature in the 7.1 release post, it was clearly listed in the changelog under enhancements. More people began taking notice after WordPress developer Mehul Gohil tweeted a screenshot of it on a live site:

Nowadays, plugin search in #WordPress admin suggests a product/add-on. I see the future of these suggestions to be used by plugin authors to keep their product first in certain plugin search terms for upsells like admin notices.

What do you think about this? #DontHijackWPAdmin pic.twitter.com/TERjrPgEt6

— Mehul Gohil (@mehul_gohil0810) March 26, 2019

Manipulating search results, even to insert an artificial result, using a plugin that is already installed, is a major new development among plugins hosted on WordPress.org. Automattic is setting a precedent for other plugin authors that want to recommend their own add-ons or extensions when users match certain search terms.

In the feature’s initial proof of concept, Jetpack product lead Beau Lebens explained the motivation behind adding suggestions to the search screen:

We’ve seen that people with Jetpack installed and activated often search for Jetpack features (even by name) in the Plugins > Add New screen in wp-admin. This new module attempts to spot those searches, and provide an artificial search result that calls out that what they’re looking for is in Jetpack, which they already have, and which is already active.

Eight years since its initial release, Jetpack has grown to 45 modules. Most users are not familiar with everything the plugin offers. In fact, many users may not have even installed Jetpack themselves, as it often comes pre-installed with hosting. The suggestions may prevent users from adding alternate third-party plugins, as Jetpack’s module placement in the results subtly implies that these are inferior options to its existing modules.

One of the reasons the feature has many developers rattled is because the UI fails to make it clear that this is an artificial result and not something generated by the plugin directory’s algorithm. Although it is intended to function more as a notice, for the regular user, it is virtually indistinguishable from an advertisement in its current implementation. It hasn’t been live for very long, but over time it may even make it more difficult for plugin developers to offer plugins that compete with Jetpack features.

The feature suggestions in plugin search results became a hot topic on Post Status‘ Slack where Automattic’s Gary Pendergast dropped in to reiterate the Jetpack team’s intentions.

“I’ve been talking to some folks on Jetpack about what’s going on,” Pendergast said. “I think the team’s end goal is pretty good, and it solves a real problem WordPress has. Too often, site owners install masses of plugins that they don’t need, which ultimately creates all sorts of security, performance, and stability issues. In this particular use case, if a site owner is looking for functionality that Jetpack already handles, then the owner should be aware of that.”

Pendergast also said he thinks WordPress core should offer an API for any plugin to be able to do something similar.

Plugin Team Says Jetpack’s Artificial Search Results Do Not Break WordPress.org Guidelines

Although it’s easy to conjure up different ways to abuse this avenue for advertising a plugin’s existing features, WordPress.org’s plugin team is ready to deal with a potential influx of various implementations on a case-by-case basis.

“It’s not really advertising anything – it’s just adding search results for pieces of a plugin that you already have and might not know about, so it’s not really against any rules,” Samuel “Otto” Wood said. “If it was misleading in some manner, then that would be different.”

Wood said the team discussed it but concluded that any implementation of something similar in other plugins will need to be reviewed to see if it’s doing anything misleading.

“Realistically it’s always going to be a judgment call of some sort,” Wood said. “For example, if a plugin was to insert search results for other plugins, then that wouldn’t be okay, because it’s misleading. But, this isn’t that case. It’s just trying to say ‘hey, you have a plugin already installed which does what you’re looking for,’ so it’s trying to be helpful in that respect. It may not necessarily be the best way of accomplishing that goal, admittedly. But it’s pretty valid.”

Wood did not place a hard requirement on having the artificial result be dismissible but said anytime a developer inserts something into a screen where would not normally be, having dismiss functionality is good UX. He doesn’t think it’s likely that many other plugin authors will implement something similar since most are not collections of dozens of plugins and add-ons. However, this type of suggestion seems like it would also be applicable to block collection plugins that include dozens of Gutenberg blocks.

“It will be really difficult for users when all the essential plugin authors implement it,” Gohil said in response to comments on the screenshot he tweeted. “They are using JS to hack into plugin search using hook ‘admin_enqueue_scripts’ and that’s not good. I’m not in favor of it.”

If more plugin authors begin adding suggestions, users could see several rows of artificial results before seeing any real ones, depending on which plugins they have installed. Plugin developers are already brainstorming ways to strip the feature suggestions out. It likely will not be long before plugins like Hide Jetpack Promotions removes the artificial search results to maintain results as delivered by WordPress.org.

Wood said the plugin team does not intend to write any new guidelines for plugin authors creating their own implementations of feature suggestions on the search screen.

“The difference is always going to be one of intent,” Wood said. “It’s JP’s intent here to notify the user of the existence of a feature they may not know about. That’s trying to be helpful to the user, not trying to shut out competition. It doesn’t remove search results. It doesn’t reorder them or filter them. It just adds a card about the feature you’re searching for. If you don’t have JP, then it can’t do anything. It’s not advertising for other plugins or anything like that.”

Jetpack is also tracking search terms longer than three characters, and Wood confirmed that this is also within the guidelines, as long as it is disclosed to the user.

“The whole tracking module doesn’t activate until after you agree to the ToS thingy, so honestly, it’s allowed,” Wood said. “They track lots of things for stats and such. Realistically, so do many other plugins. As long as you ask the user first, before tracking anything, then tracking data is allowed. Opt-in is the rule.”

Wood said he found the search term tracking to be unnecessary since WordPress.org already collects this information through its new search system that runs on ElasticSearch.

“We get all the search terms on the WordPress.org servers, anyway, so both we and they kinda already have them,” Wood said. “Automatticians built our newest plugin search engine, after all. It seems kind of a waste to track them using Jetpack when they literally receive all the searches to run through the search engine.”

Jetpack’s artificial search results, although dismissible, take up the top spot, bypassing the algorithm altogether. It gives the appearance that Jetpack’s built-in feature is either a promoted listing or superior to all other options available in the directory.

Although a suggested module may work more harmoniously with other Jetpack features than a third-party plugin, the modules are built to be fairly general in terms of features. They address the basic needs for the largest number of users but rarely provide more options than a standalone plugin dedicated to performing something similar. Users may very well be searching for a replacement for what Jetpack provides. The ability to easily turn off suggestions in search results with a toggle could go a long way for diplomacy.

WPTavern: Automattic Launches Happy Tools Product Line for Distributed Teams

Wordpress Planet - Tue, 04/02/2019 - 04:28

Automattic has released Happy Schedule, the first in a new line of products called “Happy Tools,” created to solve problems for distributed teams. The products have grown out of internal tools that Automattic uses with its distributed team of more than 850 employees in 68 countries.

Most employee scheduling tools are designed for more traditional work environments where people report to work in person in the same timezone. Happy Schedule allows employees to set their own flexible schedules all the way down to 15-minute increments, seamlessly managing timezones for team members in one calendar. Automattic uses it to manage 24-hour global support with its 300+ Happiness Engineers.

Happy Tools is currently priced at $60/month for 12 users and then $5/user after that.

“In addition to Happy Schedule, we’ll be looking to bring our customer chat tool into Happy Tools,” Happy Tools product lead Matt Wondra said. “We’ll also look at other applications Automattic has already built to help with team communication, people-management, and customer support.”

The product suite complements Matt Mullenweg’s recent TED talk in which he evangelizes distributed work as “the future of work.” Mullenweg predicts that companies will evolve to become distributed first or will soon be replaced by ones that are.

Beyond simply recognizing the benefits of employees being able to design their own work environments, there are some real challenges to becoming a distributed company. This is especially true for those that didn’t start out that way. Smaller companies have less experience navigating all the tax laws and legal processes around hiring people from different countries. These hurdles make it difficult to grow an international team and retain employees as anything more than hourly contractors.

Answering some of these difficult questions gets into the meat of making distributed teams a reality. With its position as one of the few distributed companies that has successfully scaled into the hundreds, Automattic has an opportunity to open source some of its counsel, documents, and HR guides around international hiring. This would be a valuable addition to distributed.blog or the Happy Tools blog that would help more companies move beyond their initial explorations of distributed work and ultimately create a larger market for these kinds of tools.

WordPress.org blog: Minimum PHP Version update

Wordpress Planet - Mon, 04/01/2019 - 14:51

WordPress 5.2 is targeted for release at the end of this month, and with it comes an update to the minimum required version of PHP. WordPress will now require a minimum of PHP 5.6.20.

Beginning in WordPress 5.1, users running PHP versions below 5.6 have had a notification in their dashboard that includes information to help them update PHP. Since then, the WordPress stats have shown an increase in users on more recent versions of PHP.

The dashboard widget users see if running an outdated version of PHP Why You Should Update PHP

If your site is running on an unsupported version of PHP, the WordPress updater will not offer WordPress 5.2 to your site. If you attempt to update WordPress manually, that update will fail. To continue using the latest features of WordPress you must update to a newer version of PHP.

When updating to a new version of PHP, WordPress encourages updating to its recommended version, PHP 7.3. The PHP internals team has done a great job making its most recent version the fastest version of PHP yet. This means that updating will improve the speed of your site, both for you and your visitors.

This performance increase also means fewer servers are needed to host websites. Updating PHP isn’t just good for your site, it also means less energy is needed for the 1-in-3 sites that use WordPress, so it’s good for the planet.

How to Update PHP

If you need help updating to a new version of PHP, detailed documentation is available. This includes sample communication to send to your host for them to assist you. Many hosting companies have published information on how to update PHP that is specific for them.

5.6 now, but soon 7+

This is the first increase in PHP required version for WordPress since 2010, but may not be the only increase in 2019. The WordPress core team will monitor the adoption of the most recent versions of PHP with an eye towards making PHP 7+ the minimum version towards the end of the year.

Update PHP today, so you can update WordPress tomorrow!

Minimum PHP Version update

Wordpress News - Mon, 04/01/2019 - 14:51

WordPress 5.2 is targeted for release at the end of this month, and with it comes an update to the minimum required version of PHP. WordPress will now require a minimum of PHP 5.6.20.

Beginning in WordPress 5.1, users running PHP versions below 5.6 have had a notification in their dashboard that includes information to help them update PHP. Since then, the WordPress stats have shown an increase in users on more recent versions of PHP.

The dashboard widget users see if running an outdated version of PHP Why You Should Update PHP

If your site is running on an unsupported version of PHP, the WordPress updater will not offer WordPress 5.2 to your site. If you attempt to update WordPress manually, that update will fail. To continue using the latest features of WordPress you must update to a newer version of PHP.

When updating to a new version of PHP, WordPress encourages updating to its recommended version, PHP 7.3. The PHP internals team has done a great job making its most recent version the fastest version of PHP yet. This means that updating will improve the speed of your site, both for you and your visitors.

This performance increase also means fewer servers are needed to host websites. Updating PHP isn’t just good for your site, it also means less energy is needed for the 1-in-3 sites that use WordPress, so it’s good for the planet.

How to Update PHP

If you need help updating to a new version of PHP, detailed documentation is available. This includes sample communication to send to your host for them to assist you. Many hosting companies have published information on how to update PHP that is specific for them.

5.6 now, but soon 7+

This is the first increase in PHP required version for WordPress since 2010, but may not be the only increase in 2019. The WordPress core team will monitor the adoption of the most recent versions of PHP with an eye towards making PHP 7+ the minimum version towards the end of the year.

Update PHP today, so you can update WordPress tomorrow!

WordPress.org blog: The Month in WordPress: March 2019

Wordpress Planet - Mon, 04/01/2019 - 08:59

WordPress reached a significant milestone this month. With some exciting developments in Core, an interesting new proposal, and the return of a valuable global event, March was certainly an interesting time.

WordPress Now Powers One-Third of the Web

WordPress’ market share has been steadily increasing, and as of halfway through this month, it powers over one-third of the top 10 million sites on the web (according to W3Techs, which tracks usage statistics for all major web platforms).

This growth of WordPress is only made possible by the large team of volunteers working to build the project and community. If you would like to get involved in building the future of WordPress, then check out the Make network for a contributor team that fits your skill set.

WordPress 5.2 is on the Way

WordPress 5.1.1 was released this month, with 14 fixes and enhancements, and the Core team is now focusing on the next major release, version 5.2. This release will include some great new features, along with the latest updates to the block editor.

One of the most anticipated new features is the improved fatal error detection – this was removed from v5.1 shortly before release so that it could be improved and made more secure for this release. Along with that, PHP 5.6 is going to become the minimum required PHP version for WordPress, a significant step towards a more modern web and updated coding standards.

WordPress 5.2 is now in beta and you can test it by installing the Beta Tester plugin on any WordPress site.

Want to get involved in building WordPress Core? Follow the Core team blog and join the #core channel in the Making WordPress Slack group.

Proposal for a Central Block Directory

With blocks becoming the new way to manage content in WordPress, more and more types of blocks are being developed to cater for different use cases and content types. In an effort to make it easier for content creators to find these block types, there is a proposal for a new type of plugin and a directory to handle it.

The proposal outlines a new type of WordPress plugin that provides blocks and nothing else, named Single Block Plugins. The primary benefit would be to provide content creators with individual pieces of functionality and new types of blocks without the need to search for and install new plugins.

The Single Block Plugins would be hosted in a separate Block Directory section of the Plugin Directory and they would initially be JavaScript-based. Each plugin will register a single block, and they will be searchable and installable from within the editor itself. This puts blocks at the publishers’ fingertips — you no longer have to leave the editor to find them.

Want to get involved in shaping this new type of plugin? Join in the conversation on the proposal post, follow the Meta team blog, and join the #meta channel in the Making WordPress Slack group.

Global WordPress Translation Day is Back

On 11 May 2019, the fourth Global WordPress Translation Day will take place. This is a 24-hour global event dedicated to the translation of all things WordPress, from core to themes, plugins to marketing.

Over the course of 24 hours, WordPress communities will meet to translate WordPress into their local languages and watch talks and sessions broadcast on wptranslationday.org. During the last Global WordPress Translation Day, 71 local events took place in 29 countries, and even more communities are expected to take part this time.

Want to get involved in the Global WordPress Translation Day? Find out how to organize a local event, apply to be a speaker, follow the updates on the Polyglots team blog, and join the #polyglots channel in the Making WordPress Slack group.

Gutenberg Development Continues

With the block editor in WordPress Core, the team has been able to focus on adding some frequently requested features. Version 5.3 of Gutenberg,  released this month, includes a new block manager modal, the ability to nest different elements in the cover block, and some UI tweaks to improve the hover state of blocks.

Want to get involved in developing Gutenberg? Check out the GitHub repository and join the #core-editor channel in the Making WordPress Slack group.

Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

The Month in WordPress: March 2019

Wordpress News - Mon, 04/01/2019 - 08:59

WordPress reached a significant milestone this month. With some exciting developments in Core, an interesting new proposal, and the return of a valuable global event, March was certainly an interesting time.

WordPress Now Powers One-Third of the Web

WordPress’ market share has been steadily increasing, and as of halfway through this month, it powers over one-third of the top 10 million sites on the web (according to W3Techs, which tracks usage statistics for all major web platforms).

This growth of WordPress is only made possible by the large team of volunteers working to build the project and community. If you would like to get involved in building the future of WordPress, then check out the Make network for a contributor team that fits your skill set.

WordPress 5.2 is on the Way

WordPress 5.1.1 was released this month, with 14 fixes and enhancements, and the Core team is now focusing on the next major release, version 5.2. This release will include some great new features, along with the latest updates to the block editor.

One of the most anticipated new features is the improved fatal error detection – this was removed from v5.1 shortly before release so that it could be improved and made more secure for this release. Along with that, PHP 5.6 is going to become the minimum required PHP version for WordPress, a significant step towards a more modern web and updated coding standards.

WordPress 5.2 is now in beta and you can test it by installing the Beta Tester plugin on any WordPress site.

Want to get involved in building WordPress Core? Follow the Core team blog and join the #core channel in the Making WordPress Slack group.

Proposal for a Central Block Directory

With blocks becoming the new way to manage content in WordPress, more and more types of blocks are being developed to cater for different use cases and content types. In an effort to make it easier for content creators to find these block types, there is a proposal for a new type of plugin and a directory to handle it.

The proposal outlines a new type of WordPress plugin that provides blocks and nothing else, named Single Block Plugins. The primary benefit would be to provide content creators with individual pieces of functionality and new types of blocks without the need to search for and install new plugins.

The Single Block Plugins would be hosted in a separate Block Directory section of the Plugin Directory and they would initially be JavaScript-based. Each plugin will register a single block, and they will be searchable and installable from within the editor itself. This puts blocks at the publishers’ fingertips — you no longer have to leave the editor to find them.

Want to get involved in shaping this new type of plugin? Join in the conversation on the proposal post, follow the Meta team blog, and join the #meta channel in the Making WordPress Slack group.

Global WordPress Translation Day is Back

On 11 May 2019, the fourth Global WordPress Translation Day will take place. This is a 24-hour global event dedicated to the translation of all things WordPress, from core to themes, plugins to marketing.

Over the course of 24 hours, WordPress communities will meet to translate WordPress into their local languages and watch talks and sessions broadcast on wptranslationday.org. During the last Global WordPress Translation Day, 71 local events took place in 29 countries, and even more communities are expected to take part this time.

Want to get involved in the Global WordPress Translation Day? Find out how to organize a local event, apply to be a speaker, follow the updates on the Polyglots team blog, and join the #polyglots channel in the Making WordPress Slack group.

Gutenberg Development Continues

With the block editor in WordPress Core, the team has been able to focus on adding some frequently requested features. Version 5.3 of Gutenberg,  released this month, includes a new block manager modal, the ability to nest different elements in the cover block, and some UI tweaks to improve the hover state of blocks.

Want to get involved in developing Gutenberg? Check out the GitHub repository and join the #core-editor channel in the Making WordPress Slack group.

Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

Classy Accessible Base Theme

Drupal Themes - Mon, 04/01/2019 - 01:09

An Accessible base theme based on the Classy core theme.

HeroPress: Four Years

Wordpress Planet - Sat, 03/30/2019 - 02:49

On March 25th, 2015, I published Rarst’s HeroPress essay “Finding Your Place“. It’s been four years.

As of this post there are 165 essays published. 165 stories of dreams, successes, failures, and courage. 165 people I’ve gotten to know and love. It feels like it’s always been there.

For a while this last year I only published once a month, so I could both focus on work a little more as well as draw attention to past essays. A few weeks ago I went back to weekly, and I’m happy with it. It’s exciting getting to know a new person every week. Not just meet them, but have good conversation and really get to know them.

I have some fun news. The other day Josepha The Magnificent approached me about syndicating HeroPress on https://wordpress.org/news/. It’s already on WordPress Planet (Thanks Matt!), which is the number one driver of traffic to this site, by FAR. I’ll be interested to see what being on /news does.

People often ask me about the future of HeroPress, but I don’t really see it changing much. Getting syndicated is nice, but doesn’t really change what I do or publish. We did a scholarship giveaway a couple years ago and we’ve discussed doing it again. I really enjoyed that, I’d welcome more things like it from other organizations.

To all of you who’ve read over the years, I thank you. To all of you who’ve been transparent and had the courage to let the world see your story, I can’t thank you enough. Every time someone says to me “HeroPress is such an encouragement to me” it’s because of you.

Here’s to the future, and many more stories.

The post Four Years appeared first on HeroPress.

WPTavern: WordCamp Asia Proposed for 2020 in Bangkok, Thailand

Wordpress Planet - Fri, 03/29/2019 - 20:19
photo credit: Eustaquio Santimano

The organizers of WordCamp Asia, a brand new regional WordCamp, have published a proposal for making Bangkok, Thailand, the host city for a 2-3 day event in early 2020. They are currently planning for February or March to avoid clashing with other regional WordCamps (WCEU, WCUS). The camp has been informally discussed since 2015 while organizers focused on growing new city-based WordCamps across the region.

“WordCamps in Asia have reached a critical mass that will enable a successful regional WordCamp,” Jon Ang said in the introduction to the proposal. “We believe that running this WordCamp will contribute directly to long term efforts in fostering WordPress interest in countries that lack it.”

WordCamp Asia organizers are being mentored by lead organizers of WordCamp Europe and have created an official proposal based heavily on the one submitted by WordCamp Nordic organizers. They have submitted it to the broader WordCamp community leaders for review before submitting and official application to WordCamp Central.

Asia has many vibrant and diverse WordPress communities across distant geographical areas. It technically includes Middle Eastern countries such as Turkey, Israel, and Iran, as well as all of Russia and India and everything in between.

Hugh Lashbrooke commented on the proposal, asking if it is actually a “WordCamp South-East Asia,” given all the currently listed organizers are from this region, or if they intend to include other countries beyond this area. Ang said that the event will certainly include leaders from India and Pakistan and they have discussed forming a global team with two representatives from each country. The leaders currently listed in the proposal are those who were specifically involved in drafting it.

Bangkok is proposed for the first host city due to its relatively affordable location, the ease of obtaining a visa on arrival for attendees from many Asian counties, and the availability of inexpensive flights to most major cities in Asia. The local WordPress community is also experienced at running large WordCamps (500+ attendees) and Bangkok’s local meetup group has more than 1,500 members. WordCamp Asia organizers are planning for 750-1,000 attendees.

WPTavern: New Gutenberg Playground Offers a Standalone Version of the Editor for Testing Outside the WordPress Admin

Wordpress Planet - Thu, 03/28/2019 - 20:04

The Gutenberg team merged a pull request three days ago that adds a local “playground” development environment for testing outside of the WordPress admin. Riad Benguella, the technical lead for Gutenberg phase 2, said that the playground could grow over time to contain “more than just a standalone version of the editor” and could become a way for developers to test out components in isolation. He shared a screenshot of the playground in action:

During Tuesday’s JavaScript chat meeting, Benguella elaborated on the playground’s intended use.

“Now that we’re expanding the usage of Gutenberg outside of the edit-post and also talking about cross-CMS usage and external usage (in the broad sense), we need a way to run the block editor in a context independent from the WordPress Admin. This means no WordPress admin styles, no API.”

Testing Gutenberg in the playground’s “no-context” mode allows developers to ensure their components don’t rely on WP-Admin styles to be present. Benguella said it demonstrates how core blocks can be used without requiring a post object, which will be useful for architecting the widgets screen.

“This playground could evolve to contain examples of our reusable components (think Storybook),” Benguella said. “It could also serve as a contributor tool. For example, we could include a way to search for selectors.”

The playground was just merged this week, so contributors are working on better documentation. In the meantime, check out the PR for more details on how to test it.

WPTavern: WordPress 5.2 Beta 1 Released: Help Test New Blocks, Block Manager, and Improved Fatal Error Protection

Wordpress Planet - Thu, 03/28/2019 - 03:36

WordPress 5.2 beta 1 was released this evening with an exciting lineup of new user-facing features that are ready for testing. The upcoming release introduces new blocks for RSS, Search, Calendar, Tag Cloud, and Amazon Kindle embed.

The proliferation of block collection plugins as a block distribution mechanism has caused some WordPress installations to become bloated with too many unused blocks. Version 5.2 includes new block management capabilities that will make it easy to turn blocks on or off and tidy up the block inserter tool for greater efficiency.

This release also introduces fatal error protection that catches errors before they produce a white screen, so that users can still log into the admin to attempt to resolve the issue. This feature was previously targeted for 5.1 but needed a few security issues ironed out before it was ready for core.

If you’re just getting started with testing WordPress, the 5.2 beta is a very approachable release with features that anyone can put through the paces. The easiest way is to install the WordPress Beta Testing plugin and select “bleeding edge nightlies.” Try out the new blocks, experiment with turning blocks and and off. Do the new features seem like they work as advertised? Are there any bumps in the road when trying to use them? You can report any issues to the Alpha/Beta area in the support forums or log a ticket on trac.

Developers have a few big items to test as well. Plugin authors can now specify a minimum PHP version that the plugin will support. WordPress is also adding the sodium_compat library, a libsodium-compatible cryptography API for PHP 7.2+.

According to the notes from today’s core developer chat, there are currently 116 open tickets that contributors plan to address in three betas. The goal is to slash that number down to 66 before beta 2. WordPress 5.2 is targeted for April 30, 2019.

WordPress.org blog: WordPress 5.2 Beta 1

Wordpress Planet - Wed, 03/27/2019 - 23:39

WordPress 5.2 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

You can test the WordPress 5.2 Beta two ways:

WordPress 5.2 is slated for release on April 30, and we need your help to get there. Here are some of the big items to test so we can find as many bugs as possible in the coming weeks.

Block Editor

The block editor has received significant performance improvements since WordPress 5.1, shaving 35% off the load time for massive posts, and cutting the keypress time (how responsive it feels when you’re typing) in half!

Accessibility continues to improve, too. The block editor now supports your browser’s reduced motion settings. The post URL slug has better labelling and help text. The focus styling for keyboard navigating through landmarks is clearer and more consistent. There are a variety of new speak messages, and existing messages have been tweaked for more useful screen-reader behaviour.

We’ve added several new blocks:

  • An RSS block
  • An Amazon Kindle embed block
  • A Search block
  • A Calendar block
  • A Tag Cloud block

To help you keep track of these blocks, and only show the ones you need, there’s a new block management tool to switch blocks on and off.

Block Management Modal

We’re constantly working on existing blocks, too. There are hundreds of bug fixes and improvements in the block editor, you can read more about them in the Gutenberg plugin releases: 4.9, 5.0, 5.1, 5.2, and 5.3.

The WordPress Mobile Apps

The block editor isn’t just for websites, either. The WordPress mobile apps now include an experimental version of a built-in block editor. This is still under development, but you can try it out now!

The block editor is coming to the mobile apps Site Health Check

Site Health Check is an ongoing project aimed at improving the stability and performance of the entire WordPress ecosystem.

The first phase of this project (originally scoped for WordPress 5.1) is now included in WordPress 5.2. For the first time, WordPress will catch and pause the problem code, so you can log in to your Dashboard and see what the problem is (#44458). Before, you’d have to FTP in to your files or get in touch with your host.

The Improved Fatal Error Protection

In addition, we’re adding a new Health Check tool to your Dashboard. Visit the Tools menu and click on Health Check to get information that can help improve the speed and security of your site.

PHP Version Bump

With this release, WordPress will increase its minimum supported PHP version to 5.6. To help you check if you’re prepared for this change, WordPress 5.2 will show you a warning and help you upgrade your version of PHP, if necessary.

For Developers
  • Plugins can now specify the minimum version of PHP that they support, so you can safely modernise your development practices without risking breaking your users’ sites. (#40934)
  • We’ve added the sodium_compat library, which provides backwards compatibility for the Sodium-based cryptography library added in PHP 7.2. (#45806)
  • There’s a new release of Dashicons, the WordPress Dashboard icon font. There are 25 new icons for you to use! (#41074)
  • You can now pass a label to get_search_form(), improving accessibility. (#42057)

There have been 130 tickets closed in WordPress 5.2 so far, with numerous small bug fixes and improvements to help smooth your WordPress experience.

Keep your eyes on the Make WordPress Core blog for developer notes (which are assigned the dev-notes tag) in the coming weeks detailing other changes in 5.2 that you should be aware of.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

With each new release,
bearing multiple betas;
We fix, then we fly.

WordPress 5.2 Beta 1

Wordpress News - Wed, 03/27/2019 - 23:39

WordPress 5.2 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

You can test the WordPress 5.2 Beta two ways:

WordPress 5.2 is slated for release on April 30, and we need your help to get there. Here are some of the big items to test so we can find as many bugs as possible in the coming weeks.

Block Editor

The block editor has received significant performance improvements since WordPress 5.1, shaving 35% off the load time for massive posts, and cutting the keypress time (how responsive it feels when you’re typing) in half!

Accessibility continues to improve, too. The block editor now supports your browser’s reduced motion settings. The post URL slug has better labelling and help text. The focus styling for keyboard navigating through landmarks is clearer and more consistent. There are a variety of new speak messages, and existing messages have been tweaked for more useful screen-reader behaviour.

We’ve added several new blocks:

  • An RSS block
  • An Amazon Kindle embed block
  • A Search block
  • A Calendar block
  • A Tag Cloud block

To help you keep track of these blocks, and only show the ones you need, there’s a new block management tool to switch blocks on and off.

Block Management Modal

We’re constantly working on existing blocks, too. There are hundreds of bug fixes and improvements in the block editor, you can read more about them in the Gutenberg plugin releases: 4.9, 5.0, 5.1, 5.2, and 5.3.

The WordPress Mobile Apps

The block editor isn’t just for websites, either. The WordPress mobile apps now include an experimental version of a built-in block editor. This is still under development, but you can try it out now!

The block editor is coming to the mobile apps Site Health Check

Site Health Check is an ongoing project aimed at improving the stability and performance of the entire WordPress ecosystem.

The first phase of this project (originally scoped for WordPress 5.1) is now included in WordPress 5.2. For the first time, WordPress will catch and pause the problem code, so you can log in to your Dashboard and see what the problem is (#44458). Before, you’d have to FTP in to your files or get in touch with your host.

The Improved Fatal Error Protection

In addition, we’re adding a new Health Check tool to your Dashboard. Visit the Tools menu and click on Health Check to get information that can help improve the speed and security of your site.

PHP Version Bump

With this release, WordPress will increase its minimum supported PHP version to 5.6. To help you check if you’re prepared for this change, WordPress 5.2 will show you a warning and help you upgrade your version of PHP, if necessary.

For Developers
  • Plugins can now specify the minimum version of PHP that they support, so you can safely modernise your development practices without risking breaking your users’ sites. (#40934)
  • We’ve added the sodium_compat library, which provides backwards compatibility for the Sodium-based cryptography library added in PHP 7.2. (#45806)
  • There’s a new release of Dashicons, the WordPress Dashboard icon font. There are 25 new icons for you to use! (#41074)
  • You can now pass a label to get_search_form(), improving accessibility. (#42057)

There have been 130 tickets closed in WordPress 5.2 so far, with numerous small bug fixes and improvements to help smooth your WordPress experience.

Keep your eyes on the Make WordPress Core blog for developer notes (which are assigned the dev-notes tag) in the coming weeks detailing other changes in 5.2 that you should be aware of.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

With each new release,
bearing multiple betas;
We fix, then we fly.

WPTavern: rtCamp Releases GitHub Actions for Automated Code Review, Deploying WordPress, and Slack Notifications

Wordpress Planet - Wed, 03/27/2019 - 22:46

rtCamp, a 60+ person agency and WordPress.com VIP service partner, has released three new GitHub Actions that handle automated code review, WordPress deployment, and Slack notifications.

The PHPCS Code Review action takes advantage of GitHub’s pull request review feature. It performs an automated code review on pull requests using PHPCS. This Action is based on WordPress.com VIP’s GPL-licensed review scripts.

“Our action is a wrapper around the original vip-go-ci project,” rtCamp CEO Rahul Bansal said. “VIP’s project uses Teamcity which is expensive and very hard to get up and running. We built a wrapper around it to get it working with Github. Still huge props to them for sharing what we consider to be the USP of the VIP platform to the public at large.”

The Deploy WordPress GitHub action uses the Deployer.org tool to deploy code changes. Using it requires your git repo to match rtCamp’s WordPress Skeleton which is very similar to the VIP Go Skeleton. The action includes optional support for Hashicorp Vault, which is useful for managing multiple servers.

“Our action supports secrets fetching via HashiCorp Vault project,” Bansal said. “For small teams or indies using Vault might be overkill. But at scale, such as our hosting dept, where they are responsible for more than 100+ servers, Vault streamlines WordPress Deploys. It’s partly because of Vault, devs can simply change the hostname on the fly and everything still works.”

rtCamp has also released a GitHub action called Slack Notify that sends a message to a Slack channel. It can be customized to notify a channel about deployment status. The Site and SSH Host details are available if the action is run following the Deploy WordPress GitHub action. All three of the new Actions are designed to work seamlessly together.

rtCamp plans to add more Actions to its GitHub Actions Library in the future. Bansal said they are currently working on build actions to cover Sass, Webpack, and Grunt, as well as Testing actions for phpunit and QUnit. Further down the road they are planning to build an action that will automatically update their theme and plugin products in their EDD store when there is a GitHub release.

WPTavern: How Will Gutenberg Phase 4 Impact Multilingual Solutions for WordPress?

Wordpress Planet - Tue, 03/26/2019 - 19:00

During the 2018 State of the Word address, Matt Mullenweg announced that Phase 4 of the Gutenberg project would be aimed at developing an official way for WordPress to support multilingual sites. There are no technical details available yet for what approach core will take, because it’s still in the experimental stage. The site building objectives in Phase 2 are currently the primary focus of the Gutenberg team.

Although Phase 4 is still a long way off (targeted for 2020 and beyond), WordPress multilingual product owners are starting to speculate about the impact of core offering its own standardized solution for multilingual sites. At WordCamp Nordic I had a quick chat with Robert Windisch, CIO of Inpsyde, a large WordPress agency in Germany and the creators of the MultilingualPress plugin.

Windisch predicts a culling of the multilingual solutions for WordPress after Phase 4, in the same way that Gutenberg has challenged page builders. Maintaining a plugin with thousands of users takes a toll on a company, because users require support and product owners need to have a way to continue offering something that isn’t already available by default in core.

“It’s the same with Gutenberg and all the page builders,” Windisch said. “You need to adapt. If core tackles 80-90% of the features the plugin does, then I’m sure some will decide to pursue other roads or extend core features with a new plugin.”

Windisch doesn’t see any issues for his company’s multilingual solution because of how it is architected to closely align with WordPress core in its use of multisite. The MultilingualPress website advertises the product as having “future-proof, WordPress core-based architecture.” Windisch said that big agencies and companies with local sites tend to opt for MultilingualPress’ solution because of the separation of access that multisite provides.

After some consideration, he said he found that Mullenweg’s timeline for getting multilingual support in core made sense, because existing solutions mean there is no pressing need to provide this functionality.

“Currently nobody waits for the multilingual in core, because there are already solutions out there,” Windisch said. “There’s not really the pressure to have it right now.”

Check out the quick interview below to hear more thoughts on how Gutenberg Phase 4 may impact other multilingual solutions:

Charity Zymphones Theme

Drupal Themes - Tue, 03/26/2019 - 17:22

Charity Zymphones Theme is perfectly designed for charity, nonprofit, non-governmental organization (NGO), donation and fund-raising campaign with outstanding features. This theme has all necessary features for a Charity site and it has fully responsive mobile-first layout. It fits perfectly on various displays and resolutions desktop screens, tablets, iPads, iPhones and small mobile devices. Read more

Live Demo Advanced Themes

  • Drupal 8 core
  • Bootstrap v4
  • Mobile-first theme
  • Client list
  • Social media links
  • Included Sass & Compass source file
  • Well organized Sass code
  • Custom slider - Unlimited image upload
  • Home page layouts
    • 4 column news layout
    • 4 column updates layout
    • 4 column bottom layout
    • 4 column footer layout
Most installed Zymphonies theme Contact Zymphonies

Have Queries? Click here to contact Zymphonies

  • Free theme customization & additional features
  • Drupal custom theme development
  • Drupal website design & development
  • Drupal website migration

Sponsored by Zymphonies

Pages