Wordpress News

Matt: 29 Books in 2019

Wordpress Planet - Thu, 01/02/2020 - 07:00

As a follow-on to my lists in 2017 and 2018, here are the books I completed this year. I’ve linked all to the Kindle edition except the Great Mental Models, which is so gorgeous in hardcover you should get that one, and the The World is Sound isn’t available as an ebook. Bold are ones I particularly enjoyed or found myself discussing with others a lot.

  1. The Pilgrimage by Paulo Coehlo
  2. 21 Lessons for the 21st Century by Yuval Noah Harari
  3. No Longer at Ease by Chinua Achebe
  4. Imagine it Forward by Beth Comstock
  5. The Great Mental Models Vol. 1 by Shane Parrish
  6. Why Buddhism is True by Robert Wright
  7. There Will Be No Miracles Here by Casey Gerald
  8. Less by Andrew Sean Greer
  9. Bad Blood by John Carreyrou
  10. nejma by Nayyirah Waheed
  11. Trust Exercise by Susan Choi (also on Obama’s book list, and based on the high school I went to, HSPVA)
  12. Genghis Khan and the Making of the Modern World by Jack Weatherford
  13. The Way to Love by Anthony de Mello
  14. The Fifth Agreement by Don Miguel Ruiz, Don Jose Ruiz, and Janet Mills
  15. Empty Planet by Darrell Bricker
  16. Brave New World by Aldous Huxley
  17. How to Talk So Kids Will Listen & Listen So Kids Will Talk by Adele Faber and Elian Mazlish
  18. Make it Scream, Make it Burn by Leslie Jamison
  19. A Short History of Progress by Ronald Wright
  20. Conscious: A Brief Guide to the Fundamental Mystery of the Mind by Annaka Harris
  21. The World Is Sound: Nada Brahma: Music and the Landscape of Consciousness by Joachim-Ernst Berendt
  22. The 15 Commitments of Conscious Leadership by Jim Dethmer and Diana Chapman
  23. Finite and Infinite Games by James P. Carse
  24. Four Soldiers by Hubert Mingarelli
  25. Working by Robert Caro
  26. Attached by Amir Levine and Rachel Heller
  27. Skin in the Game by Nassim Nicholas Taleb
  28. The Devil’s Financial Dictionary by Jason Zweig
  29. How to Do Nothing: Resisting the Attention Economy by Jenny Odell (also on Obama’s book list)

What’s interesting is that if you were to purchase every single one of those books, it would be about $349. You could get them all for nothing from your local library, even on a Kindle. The money I spend on books is by far and away the best investment I make every year — books expand my mind and enrich my life in a way that nothing else does.

All years: 2017, 2018, 2019.

WPTavern: Building the Community We Deserve

Wordpress Planet - Wed, 01/01/2020 - 21:01

One of our internal discussions about the future of WP Tavern has stuck with me since it wrapped up. The discussion was centered on pushing comment threads in the right direction. We often receive comments that border on conspiracy-theory territory (and those that cross over head first). We also get comments that make statements of fact without backing up those claims with evidence.

Not all those who make such comments have ill intentions. The issue is often that the ideas presented in a comment are not fully-fleshed out. Often, the commentator had not taken the time to shape their words into something that births thoughtful responses. Such is the nature of comments on the web.

WP Tavern’s big goal for 2020 should be about shepherding our community. Going forward, we will take steps toward fostering better discussions.

Building Our Community in the New Year

Shepherding the community is about creating a welcoming environment for everyone. All of our readers should feel comfortable leaving their thoughts on a given topic.

As a new writer in a long-standing community, I sometimes receive uplifting private messages and emails from community members. They often have kind words or love the coverage of a specific topic. The trouble is getting some of those people to engage in the comments. As my grandma, who would welcome anyone into her home, would say, “Y’all stop by sometime and chat for a while.” Some people are timid about commenting publicly. Others feel like they will be attacked or their ideas will be dismissed offhand. Fostering a community they would feel comfortable participating in is the goal.

The first step toward this goal is an update to our comment policy.

The intention of our policy has remained the same. In general, be kind to people. The updated policy includes some new guidelines on what is unacceptable and some clearer language in some areas. It would be nice to eventually move back to the point where we no longer moderated every comment before publishing them on the site. We are not there yet, but I remain optimistic.

The other major plan is around integrating community elements into the site design. Rest assured that this is something being worked on. Better showcasing recent comments is high on the list. However, we can go beyond that by showcasing users with the most comments, top comments by the number of likes, and more. I have some ideas that I hope to implement this year to make our readers feel like they have more of a stake in the site. This place is as much about you all as it is about our team.

Ask the Bartender

We have quietly added an Ask the Bartender form on the site. This is our idea of an advice column that you might see in traditional journalism.

At this point, it is experimental. The plan is to publish a periodic article where one of our writers answers questions from our readers. This will give you all an opportunity to bring up the big questions that you want our community to discuss.

We do not have an official format for how this will work yet. It will largely depend on the questions that people submit. We are open to nearly any type of WordPress-related question right now.

What We All Can Do

The biggest thing I ask of the Tavern community that we make 2020 the year that we thoughtfully engage with one another.

More than that, when discussing topics with others online, there is no need to feel like you must win an argument. That usually leads to nowhere good. Present your ideas and let them stand on their own merit.

With that idea in mind, think about writing responses in the form of a blog post. Then, let us know about the post here at the Tavern. Taking the time to write a post allows your ideas to mature. Doing this lets you build a stronger argument if you rationally think it through. Also, WordPress is blogging software at heart. We should use it more often to blog about WordPress.

Happy New Year, everyone! Let’s make this a memorable one.

WPTavern: Reflecting on 2019: The Year in Review

Wordpress Planet - Tue, 12/31/2019 - 21:06

Another year is in the bag. With a project as large and far-reaching as WordPress, there was no shortage of news and controversy. We covered a lot of stories in 2019 and are gearing up for another exciting year.

I always like to take a moment at the end of the year to look over everything that happened. Despite how well a website or project performs, it is good to take stock of each success. It is a time of reflection. Even in bad years, you should be able to find positive things to remember. This helps shape how you view your websites, projects, or even life. Ending the year remembering those positive things can help propel you into the new year.

It is equally important to find areas for improvement. However, you cannot understand what the next steps are until you have taken a look at where you have been.

With that in mind, let’s take a moment to reflect on the past year’s journey for WP Tavern and WordPress.

WP Tavern Stats

In 2019, WP Tavern published 382 posts. That is an increase of 52 posts over 2018.

Average words per post are the highest in WP Tavern’s history, coming in at 587 words. I am certain my long-windedness played a small role in that. We also had fewer quick posts on the whole. That is a format we should experiment with more.

Total and average comments are down. Admittedly, we have been a bit heavy-handed with deleting comments that break our comment policy this year. Average Jetpack-powered “likes” per post are at an all-time high (6.9 likes per post). Total likes are the second-highest for a year (2,614 likes). We are also seeing a lot of engagement on Twitter. It will be interesting to see how this plays out in 2020 with social media having such a stronghold on how people engage with one another online.

We need to continue improving both the frequency and the quality of comments.

The Year in WordPress

WordPress turned 16 years old this year. It’s old enough to drive now.

The community enjoyed three major updates throughout the year:

Most of the year was focused on the Gutenberg plugin and porting its features and improvements into WordPress. WP Tavern covered nearly everything you ever wanted to know about Gutenberg.

Matt Mullenweg’s 2019 State of the Word primarily focused on the work that went into the block editor in the past 12 months. He also outlined the next phases of the project, which include full-site customization, collaboration between post authors, and multilingual sites.

Alex Mills (Viper007Bond) Passed Away

In February, the WordPress community lost one of its greatest members, Alex Mills, as his battle with leukemia ended. Alex was a mentor and hero to many of us. As a developer, I learned more from his work than I may ever be able to pay forward. We never met in person, but he was one of my early teachers by simply leading the way for people like me.

His Regenerate Thumbnails plugin also saved me countless hours over the years. I cannot imagine building or testing WordPress themes without it. Automattic adopted the plugins Alex built during his WordPress journey.

Alex, thank you for everything you contributed to the WordPress community.

Favorites From 2019

The following are various WordPress and Tavern-related things that I found most interesting throughout 2019.

Posts From Tavern Writers

We have had numerous well-written stories from everyone who has contributed in 2019. The following are personal favorites from contributors other than myself that I wanted to highlight before we close the year out.

These are my favorites for various reasons and presented in no particular order. Sometimes, I liked the content of the article. At other times, I appreciated them for how well-written they were. If you missed them, now is a good time to hop back and check out some stories our team has written this year.

My Articles

I am closing in on 70 posts since becoming a fulltime contributor to WP Tavern. This job has allowed me to explore a variety of topics in a few months, and I look forward to continuing this into 2020. I enjoyed writing many stories, but there were two that I was particularly happy to have the opportunity to cover.

The first was my coverage of the U.S. Supreme Court’s denial of Domino’s appeal to determine whether its website must be accessible to all of its customers. This story helped me jump far outside my comfort zone of strictly writing about WordPress and development topics. It was also a stark reminder that we, as a community, need to become better at making the web accessible for all people.

The post I enjoyed working on the most was El Soberano’s launch on Newspack. The interesting thing about covering this story was not the actual re-launch of the publication. It was getting to chat with other journalists, particularly those who were down in the trenches and fighting for justice. It reminded me that, at the end of the day, journalism is always about people.

Favorite Theme

This was an easy pick. Twenty Twenty takes the top spot on my list. There were themes released this year with designs better-suited to my tastes. There were certainly other themes pushing more limits in terms of functionality.

What I like most about Twenty Twenty is that it seems unafraid to be bold. It showcases how a theme can have personality while being designed around the block editor. I am not sure if I would ever use it for my sites simply because it’s not my preferred style. However, I appreciate its artistic merit.

Favorite Plugin

While it was not released in 2019, GiveWP is the most interesting plugin I have used this year. It is a fundraising plugin that allows WordPress users to accept donations directly from their website.

I worked with the plugin in two capacities this year. The first was as a plugin developer who was building an integration between it and another plugin. As a developer, I appreciated how well-written and well-documented the code was. The team behind the plugin includes top-notch programmers.

I also helped push a couple of friends to set it up for their projects. Both were pleased with their experiences.

Top 10 Posts From 2019

The following posts are the most-commented posts of the year. Loads of comments typically mean controversy around here, so this list may contain, more or less, the most controversial topics of the year. Either way, there are some great discussions in some of the comment threads.

WPTavern: WordPress Theme Review Team Announces Alpha Color Picker for the Customizer

Wordpress Planet - Mon, 12/30/2019 - 20:28
Using the color picker in the customizer.

The WordPress Theme Review Team announced its color picker control today. The project is a single package that allows theme authors to include an advanced color control in the customizer. The control allows users to select a hex color with an optional alpha channel to handle transparency.

The color control is the fourth feature package released by the team in 2019. The idea for feature packages took off in June. Feature packages are repositories for single features that theme authors may use in their themes. Their purpose is to standardize common features so that developers do not have to recreate the wheel, so to speak.

Arguably, the color control is the most complex package the team has built. The bulk of the work was handled by feature packages lead, Ari Stathopoulos. The project is available via its GitHub repository and Packagist.

Officially, the team launched version 1.0 in October, but the project has undergone some changes since its release. Initially, the project utilized the Iris color picker script included with WordPress. However, the team ran into trouble making it work as they wanted with RGBA colors. The team refactored the project to use React Color instead.

“The main issue with this project was the thing that WordPress is most famous for — backward-compatibility,” said Stathopoulos. “Compatibility is one of WP’s greatest assets, but at the same time, a pain for developers. Things don’t get updated because they need to work for plugin A/B/C that hasn’t been updated in 6 years. So scripts like the Iris picker, things that were great half a decade ago, have been abandoned and are just dead weight. RGBA support could easily have been in WP core’s picker. There was always a demand for it. But it never happened.”

The team decided to move forward without relying on past solutions. Stathopoulos said the biggest hurdle with building the control to use React Color was making it look native to WordPress. He described the project as an example for others to see that it was possible to use React in the customizer.

Setting up the control with the basics is relatively easy. Theme authors should be able to quickly integrate it into their themes by following the usage instructions. Color data is stored as a hex value (e.g., #000000) if there is no transparency or as a RGBA value (e.g., rgba(0,0,0,0)) if there is.

The control does come with more advanced features. For example, it is possible to store color data as an array, which includes a slew of information, such as:

  • RGB (red, green, blue)
  • HSL (hue, saturation, lightness)
  • Alpha transparency
  • Hex
  • CSS value
  • Accessibility properties

The accessibility properties are interesting and may allow theme authors to help to ensure users choose colors that meet accessibility standards. Some of the included data is the color’s luminance, contrast with white and black, max contrast color, and more.

The Future of Feature Packages

Currently, the TRT’s feature packages are not widely adopted by theme authors. The overall project is still in its infancy. In the wake of the news that WordPress will be moving toward full-site editing, the team is not sure what that will mean for the project going forward.

Stathopoulos said that some theme authors are hesitant to do big things at the moment. It’s a tough sell to get developers on board when the future of theme development is in a holding pattern, waiting for the other Gutenberg shoe to drop.

“We’ve been discussing and thinking of what packages we should build,” said Stathopoulos. “The problem is that the editor is the centerpiece of WordPress. Everything else just surrounds the editor. Gutenberg is expanding, and it looks like it’s taking over everything else in WordPress. So we think the next packages should be around the editor too.”

He said some of the initial package ideas like a standardized hook system, more customizer controls, and accessible menus may not be the best route. Those ideas may not make sense in the context of a block-editing world. The team could see the launch of such packages dead on arrival.

“It’s a tricky, transitional period for themes and theme developers,” said Stathopoulos. “We all need to learn how to better leverage the editor.”

WPTavern: What Should an Author Bio Block Look Like?

Wordpress Planet - Fri, 12/27/2019 - 20:00
Two author bio block mock-ups compared.

Joshua Wold, co-representative for the WordPress design team, shared an early exploration of an author card block. Community members explored several ideas at the design table during the contributor day at WordCamp US 2019. In the post, Wold followed up on the original sketches from that melding of design minds.

The original idea for the author block was a GitHub ticket created in July 2017, but it was far ahead of its time. The Gutenberg project needed to focus on the basics and more common blocks for post content at that point. Now is the time to shift gears and begin work on these more complex blocks that will likely be a large part of the full-site editing phase of the project.

Currently, there are several proposed components to the author block:

  • Image/Avatar
  • Name
  • Description/Biography
  • Website Link
  • Social Network Links
  • Recommended Posts

I am on the fence about a recommended posts option as part of the block. If they were recommended posts written by that author, it could be an interesting concept to explore. However, version 1 of the block should focus on the most common elements, which the other components in the list cover.

Wold asked four key questions about the future of the block. The following are my responses to each.

What Is the Value of the Block and How Will It Be Used?

Coming from the theme world, what surprises me is that WordPress has never standardized on this feature at this point. Author bio sections are commonplace in theme development. Core should have standardized this feature years ago. We have a standard search form, comment list, featured image, and more. Many of the features that WordPress has standardized over the years were born out of theme designers carving the path forward, and author bios are no different.

It has long made sense for an author bio template tag to exist. However, we are living in a block world. The concept has merely shifted.

We do not need an author bio block today. We will need it tomorrow. As we shift closer and closer to full-site editing, we need to be building, iterating, and testing these types of blocks in preparation for the point of no return. This block, along with similar blocks, should drop in core at the same time the switch is flipped on full-site editing.

The primary use case will be for end-users to edit their theme’s block templates to stick the author bio at the end of their single post views. However, such a block need not be limited to that scenario. Users could create a “team” or “authors” page on their site. Some may want to drop these into columns or create some sort of gallery of author bios.

I could see taking this even further and naming it a “user bio” block. Use cases do not have to be centered around the concept of an author.

Where Should the Author Data Come From?

The primary, or at least initial, source of data should come from user data and metadata stored in the database. It does not make sense to duplicate efforts by retyping content within the block if it already exists.

One big question will be around social icons. If these are a part of the block, there is no current source to pull the URLs from. If automatically generating the data, WordPress will need to add social media contact methods to the user profile screen in the admin. That can be a slippery slope when deciding which social networks to include. However, core WordPress could stick to three or four major networks and provide a filter hook for plugin authors to utilize along with a standard for how additional fields are handled.

There is also the possibility that this block could simply be a pre-defined pattern of existing, smaller blocks that pulled in data like a user biography, user social icons, and user avatar. Then, the site owner could move other blocks in and out as they saw fit.

What Block Design Options Should Be Available?

The obvious design options are the standard text color, background color, and font size options. Border design options would be a bonus, but that goes beyond the scope of this specific block.

The standard alignment options would be welcome, particularly center, wide, and full. An alignment option for the avatar image to shift it left or right could also be useful. It could work similarly to the existing Media & Text core block.

I would not go overboard with design options. Let theme authors create custom block styles for users to choose from. That is the theme author’s job.

What Additional Features Should the Block Handle?

Outside of an avatar and biography, a social icon list is the most necessary feature. It is almost ubiquitous with author bio boxes.

What I would like to see is an author/user “gallery” block that builds upon this initial idea. At the moment, I am already imagining the painful user experience of creating a team page and putting individual user bio blocks into columns. Then, I am further imagining having to update that page and potentially move columns around. As an end-user, there are times when I want to micro-manage certain aspects of my site. This would not be one of them. Just give me a simple block to list user bios in some sort of columnized format.

Such a block could provide an avenue for many types of options. Maybe an option to list authors of a certain post type. Perhaps an option to list users by role. Or, let me list the top users by post count.

This idea may be pushing over into plugin territory. However, in terms of what I would want to do with my sites, this would be high on the list.

Joseph: 2020 Style

Wordpress Planet - Fri, 12/27/2019 - 18:02

With the year 2020 fast approaching, I thought it would be a good time to change up the style on blog.josephscott.org. To that end, I’m trying out the Twenty Twenty WordPress theme.

blog.josephscott.org

One of the things I’m really happy to see in the Twenty Twenty theme is the use of vanilla JavaScript, without jQuery. I’m hopeful that more WordPress themes will follow that pattern ( jQuery has been great, but if you don’t need it, don’t use it ).

WPTavern: Rank Math SEO Plugin Adds WordPress Block Editor Support

Wordpress Planet - Mon, 12/23/2019 - 19:53

The team behind the Rank Math SEO plugin released an update that includes full support for the block editor on December 18. The update includes around two dozen features, improvements, and fixes. The biggest feature update was the inclusion of a new plugin sidebar for the block editor.

Some of the new features include a filter for unlimited focus keywords, an email notification each time the plugin is automatically updated, and a warning when using the review Schema type. It also improved compatibility with the Elementor plugin’s sitemap module and added Advanced Custom Fields integration to the sidebar. A full list of features is available in the plugin’s public change log.

The team has a public demo available for end-users to test the plugin without having to install it on their sites.

Bhanu Ahluwalia, co-founder and CMO at Rank Math, said that everyone on the team had been experimenting with the Gutenberg plugin since the first beta was released. “We had some experience with Gutenberg, but working on Rank Math has taught us so many things and helped us on so many levels,” he said.

It was not always a smooth journey. Ahluwalia said the team wanted to keep the plugin lightweight and not sacrifice speed with new technologies. “We had to learn React, Webpack, ES6, etc.,” he said. “In essence, we had to re-learn patterns, practices, and pitfalls of Gutenberg, and we had to do it all with little-to-no documentation available. We had to dive deep into the code and get ourselves familiar with every line of code to ensure nothing interfered with the existing functions of our plugin.”

Testing the Block Editor Sidebar Rank Math sidebar as seen in the block editor.

Immediately upon activating the update, I noted the Rank Math button at the top right of the editor. Admittedly, I was not happy with the space the button took up or its difference in design when compared to other plugin sidebar buttons. Instead of a simple icon, the button includes both an icon and an SEO score. As more and more plugins and themes begin adding sidebars of their own, this space could become cluttered quickly. I would like to see this scaled back to simply be an icon and not take up precious screen real estate.

The plugin manages to pack a ton of options and information into a tight spot. Once viewing the plugin sidebar, it presents four sub-tabs (General, Advanced, Schema, and Social), each with custom panels or sections. While I am not generally a fan of complex SEO plugins and prefer solutions such as Slim SEO, the plugin handles the interface gracefully.

In comparison to the old meta boxes, the interface is a huge step up. The meta box system used in previous versions of the plugin or with the current Classic editor is cumbersome at best. The team had to get more creative to pull off a solution for the sidebar, which forced them to tighten up the interface.

Not all users were happy with the narrow space provided by the new sidebar. The Rank Math team was ahead of the game and included a filter hook to disable this feature. Disabling will return the old-style meta box at the bottom of the post-editing area.

“Supporting both the Classic Editor and Gutenberg at once with a single plugin is hectic to say the least,” said Ahluwalia. “We would rather put our energy into a single editing experience, but seeing how WordPress is evolving after Gutenberg, we have to double our efforts to offer a consistent user experience.”

At the moment, the team plans to continue supporting the classic editor until at least 2022. “Depending on the user feedback and the acceptance of the Classic editor, we can continue to support it even further,” said Ahluwalia.

The Rank Math also team shared a video of block editor support on Twitter:

🎉 Here's a sneak preview of Rank Math's upcoming major update which adds #Gutenberg support – now it's even easier for people using the latest version of #WordPress to use Rank Math #SEO 🔝

Want to take the Beta for a spin now? Join us on Facebookhttps://t.co/Ykfhj2d5Z1 pic.twitter.com/E1ItpD0b4B

— Rank Math SEO (@rankmathseo) November 23, 2019

BuddyPress: BuddyPress 5.1.1 Security Release

Wordpress Planet - Mon, 12/23/2019 - 09:45

BuddyPress 5.1.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 5.1.1 release addresses one security issue:

  • A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder. Discovered by nomnom.

Thi vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

For complete details, visit the 5.1.1 changelog.

Update to BuddyPress 5.1.1 today in your WordPress Dashboard, or by downloading from the WordPress.org plugin repository.

WPTavern: Version 1 Prototype of the WordPress Admin Block Directory Announced

Wordpress Planet - Fri, 12/20/2019 - 21:09

Mel Choyce-Dwan shared the first version of the WordPress admin block directory prototype the design team has been working on. The goal is to bring the block directory to the admin in WordPress 5.5, which is currently set for August 2020 on the roadmap. The post also outlines reusable components that can be used in other areas of the admin in the long term.

The Figma prototype is available for those who want to give it a test run. It is important to remember that this is an early version and many things can change by the time the block directory lands in WordPress.

The prototype was built after feedback from the first round of concepts shared in July on the Make Design blog.

For this admin project to be successful, WordPress plugin developers will need to start submitting blocks to the block directory on WordPress.org. At the moment, there are only 10 blocks listed. Getting in early will give block authors an edge on the competition. The block directory has a few additional guidelines beyond normal plugins that authors should review.

About Blocks Screen About Blocks admin screen.

The About Blocks screen is the primary blocks admin screen. It appears to be an informational page with resources for users to learn more about using blocks on their sites. It also has links to development resources for designing and building blocks.

Making this information directly available, especially to users, would be a smart decision if it makes it into the final design. As we move toward an entirely new way to build websites with WordPress, it is important to provide learning tools to users. This seemed to be one of the missing components when the block editor first launched in core. If done right, it could ease the burden on new users and old users who are transitioning to the new editor.

The above screenshot also shows the new admin screen header proposal. The page title is followed by a short description of what the screen is about. Followed the intro are action links on the left and meta-type links on the right. I am a fan of the generous use of whitespace and extra information.

Add Blocks Screen Add Blocks screen.

The add blocks screen is similar to the current new plugin screen in the WordPress admin. The primary “Featured” tab (the tab opened when first visiting the screen) is broken down into various sections, such as “Blocks We Love” and “Popular Tags.”

One of the more interesting sections of this page is the “Top Authors” list. This concept would be a great way to give recognition to block authors who are building useful blocks for the community.

There is also a “Recent Blocks” section near the bottom of the page. I would rather see a top tab for that. It feels a bit buried in the current design. New plugin and theme authors already struggle to break into popular lists. Recently-added blocks should be higher up the page or have a dedicated tab/page to showcase them a bit more.

Installed Blocks Screen Installed Blocks screen.

The block installation screen is similar to the existing installed plugins screen in core and lists all of the blocks that are installed. There are also active and inactive tabs. Improvements here are primarily around list table design. On the whole, they are minor adjustments, but the look of the tables is much nicer. Can we have this in core, across the board, now?

A new element is the “Instances” column, which lists the number of times a block has been used on the site. By clicking the number, you are taken to a new screen that lists the posts the block has been used in. It also displays the instances for each post. This would be a useful feature for deciding whether to deactivate or remove a block.

Side note to this: I have worked on numerous projects in the past where I was doing cleanup and attempting to figure out if a plugin, especially those with shortcodes, were in use on the site. Showing the instances count for blocks is brilliant.

Manage Blocks Screen Manage Blocks screen.

Plugins such as EditorsKit have had built-in block management for a while. However, this feature feels like it should be in core WordPress. There are numerous core blocks that some users will likely never use. Having the ability to hide them from the block inserter will reduce clutter and make it easier to find the blocks they need.

The block management screen will allow users to activate or deactivate any specific block on their website. Like the block installation screen, it also displays the number of instances a block is in use.

Reusable Blocks Screen Reusable Blocks screen.

The reusable blocks screen is already available in WordPress. It does not currently have an admin menu link, so it is not easily discoverable. You can view it by going to the yoursite.com/wp-admin/edit.php?post_type=wp_block URL or clicking the “Manage All Reusable Blocks” link under the “Reusable” tab in the block inserter.

This screen allows users to manage blocks that are stored for reuse within multiple posts. Like the installation and management screens, the prototype displays an instances column for tracking how often the block has been used.

Users can import and export reusable blocks. It will be interesting to see if more WordPress users start sharing their block creations with others once this screen has better exposure or if it will be something people simply use to copy blocks from site to site.

WPTavern: WordPress 5.3.2 Addresses a Handful of Bugs

Wordpress Planet - Fri, 12/20/2019 - 00:19

On December 18, less than a week since WordPress 5.3.1 security update shipped to the masses, the core team dropped a version 5.3.2 maintenance release. No security issues were named in this update. Instead, 5.3.2 addresses a couple of high-priority bugs along with a few other issues.

Users with automatic updates enabled should already be updated to the latest version or will receive an update soon. Other users should update as soon as they are able, especially if their installation is affected by any of the following issues.

The first high-priority fix addressed an issue with modified post objects that have an invalid date. The fix ensures that the get_feed_build_date() function handles this scenario. The documentation was updated to clarify the function will return false on failure. This change also led to a comparison-check fix in the test tools when inserting a post with a future or published status.

The second major bug fixed in 5.3.2 was an edge case where unique file names could clash. On case-sensitive systems, the wp_unique_filename() function failed to rename some files when the uploaded file matched an existing file with an uppercase file extension. The fix addresses a fatal error in those cases.

Developers tackled another issue with the wp_unique_filename() function. When a destination directory for an uploaded file was unreadable, WordPress was throwing PHP warnings. The fix includes only running the final filename-collision test for files that are saved to the user’s /uploads directory.

Building off the accessibility work in the previous release, buttons with the .active class are now properly styled in the non-default admin color schemes. On some screens, particularly the Permalinks admin screen, active buttons had white text on a light gray background, making them unreadable.

Users who wish to do so, can view the full release documentation from WordPress.

With the widespread usage of automatic updates, it would be nice to see more of these quicker releases during the development cycle. Maybe weekly releases are a bit much. However, shipping a few extra minor releases between major upgrades would be a good opportunity to knock out some of the 6,500 Trac tickets on WordPress’ 2020 roadmap.

WordPress 5.3.2 Maintenance Release

Wordpress News - Wed, 12/18/2019 - 22:42

WordPress 5.3.2 is now available!

This maintenance release features 5 fixes and enhancements.

WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4.

You can download WordPress 5.3.2 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Maintenance updates

Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues.

Main issues addressed in 5.3.2:

  • Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
  • Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
  • Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
  • Administration: Fix the colors in all color schemes for buttons with the .active class.
  • Posts, Post Types: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

For more information, browse the full list of changes on Trac or check out the version 5.3.2 HelpHub documentation page.

Thanks!

Thank you to everyone who contributed to WordPress 5.3.2:

Andrew Ozz, Andrey “Rarst” Savchenko, Dion hulse, eden159, Jb Audras, Kelly Dwan, Paul Biron, Sergey Biryukov, Tellyworth.

WordPress.org blog: WordPress 5.3.2 Maintenance Release

Wordpress Planet - Wed, 12/18/2019 - 22:42

WordPress 5.3.2 is now available!

This maintenance release features 5 fixes and enhancements.

WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4.

You can download WordPress 5.3.2 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Maintenance updates

Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues.

Main issues addressed in 5.3.2:

  • Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
  • Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
  • Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
  • Administration: Fix the colors in all color schemes for buttons with the .active class.
  • Posts, Post Types: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

For more information, browse the full list of changes on Trac or check out the version 5.3.2 HelpHub documentation page.

Thanks!

Thank you to everyone who contributed to WordPress 5.3.2:

Andrew Ozz, Andrey “Rarst” Savchenko, Dion hulse, eden159, Jb Audras, Kelly Dwan, Paul Biron, Sergey Biryukov, Tellyworth.

WPTavern: One-Time vs. Recurring Payments for WordPress Products

Wordpress Planet - Wed, 12/18/2019 - 20:37

Jeff Starr posed the question at Digging into WordPress: Which Pricing Model Do You Prefer: One-Time or Recurring?

It is not the first time the question has been asked in the WordPress community and will not be the last. It is important that we keep coming back to it from time to time.

In the early days of the commercial WordPress ecosystem, many shops sold products for a one-time fee. This was particularly true during the 2007-2010 years, which were what many dub the “WordPress themes heyday,” a period in which theme shops raked in tons of cash due to lack of competition.

As the market became more saturated, many businesses saw the writing on the wall. One-time fees for commercial themes or plugins did not make for a sustainable business model. Of course, some companies pushed forward with that model. They were either large enough to capitalize on an influx of new customers every year or they continued to push out new products for existing customers to buy.

Today, most theme and plugin shops utilize a recurring business model. Many of those shops also set up automatic renewals. From a business perspective, companies need to keep existing customers while bringing in new buyers to continue maintaining, supporting, and building new features for the current product catalog. Companies also need growth to build new products. A recurring fee helps ease the burden of supporting and maintaining the existing products.

Pippin Williamson saw massive revenue growth over 20 months after turning on automatic renewals across his company’s various products. Other companies have seen similar increases with the same model.

As a former business owner, I dumb-lucked my way into yearly, recurring payments. When I first launched a theme shop in 2008, that was the model I went with. I did not know a single thing about running a business except that money exchanged hands. I was in my early 20s and accustomed to living off minimum wage, digging change from the couch to buy a value meal, and finding creative ways — short of dumpster diving — to scrape by. Anything better than that was a success for me. Recurring payments just made sense, especially because I was vastly undercutting my competitors in price. That one decision helped sustain my business for many years. In hindsight, I would not have had the little success I had with a single-payment model because I never brought in enough new customers.

Having worked on the business end of WordPress for over a decade and being a member of the community for even longer, it is easy for me to say most companies should use a recurring business model.

However, as a software customer in general, I have not always maintained that mindset. There are many pieces of software that I loathe paying for each year. This was particularly true before running a business that dealt with software. There is a part of me that feels some shame for disliking the recurring model with non-WordPress software. Those businesses need to pay their employees and afford to continue making the product better.

On the other hand, there is always that part of me that simply wants to pay for something once and always have access to it. Perhaps I am a product of my culture. Software is unlike other art forms where Version 1.0 is the finished product. Customers do not always see the work that goes on to maintain, support, and continue building a product. That is certainly true when I look at non-WordPress software.

For WordPress products, I am always more than happy to pay a recurring fee because I have been on the other side. I also get to talk with others every day who are trying to run their own companies. That human variable in the equation changes how I view software in the WordPress ecosystem in a way that is much harder with other software.

A Middle Ground

Starr pointed out a middle-of-the-road option that few WordPress companies take but is often the model used for other software products. Major releases of software carry an upgrade fee while minor and patch releases are included with the initial purchase. Often, major software releases have years in between. Customers may not feel like they are constantly having to pay for updates in this system. Major upgrades also mean feature upgrades. Features are what sell the product to the average end-user.

Scrivener, a writing program for authors, uses this model. Instead of having to pay yearly, I can upgrade to the new, shiny version when it drops with loads of features. As a customer, I feel like I am getting something tangible when forking over the cash for an update.

Perhaps I am happy to continue paying for software that helps me pursue my lifelong dream of becoming a novelist. Perhaps the company simply knows how to sell to its customer base. Either way, it is one piece of software that I have never complained about renewing.

What is the Best Option?

To answer the question posed by Starr, I will always prefer a one-time fee as a customer simply because it is in my nature to want to pay the least amount I can for anything. However, I would prefer most WordPress businesses to go with whatever model is most sustainable for their specific business. We are all in this boat together, and I wish growth for the ecosystem.

One of the missing pieces with many WordPress plugin and theme shops is that they need to find creative ways to sell the customer on coming back. Support and maintenance can be eye-catching for agencies and freelancers, but they are not always selling points for the average consumer after that initial purchase.

Right now, there is a sense of complacency as WordPress-related businesses have stuck with similar recurring options over the last several years. It might be time for someone to shake things up.

WPTavern: Bluehost Launches Premium WordPress Theme Marketplace to Customers

Wordpress Planet - Tue, 12/17/2019 - 20:40
Screenshot of the Bluehost Marketplace from the customer dashboard.

In November, web hosting provider Bluehost launched a WordPress plugin and theme marketplace. The company integrated with MOJO Marketplace to provide access to WordPress products via its customer dashboard. Currently, the marketplace is open to third-party theme developers. Plugin authors will have to wait, but they will eventually be able to sell their plugins through the Bluehost Marketplace.

By integrating with MOJO Marketplace, much of the existing infrastructure and products are already in place. Bluehost can simply offer the products to its customers through a custom-built interface and provide MOJO sellers with another avenue for distribution.

The idea behind the marketplace is for Bluehost’s customers to be able to build their websites without ever leaving their control panel. “Ultimately, we are trying to save customers time and energy from having to hunt for these things themselves and instead work within the dashboard to find the themes and plugins that are best fit for their site,” said Suhaib Zaheer, general manager for Bluehost.

“Our native marketplace also provides our customers with the ability to automatically install the themes and plugins they have purchased, reducing the amount of time and number of steps required to get their site appearance and functionality up and running,” he said.

The Bluehost Marketplace currently has over 900 themes and 18 WooCommerce plugins for customers to choose from. The themes are all viewable via the WordPress themes page on the MOJO website. All themes uploaded by sellers go through a manual review process by the Bluehost Marketplace team before approval. This includes basic items like design quality, functionality, installation, and documentation.

There is also a “Bluehost Certified” filter available to users who want to use themes that have been further tested for quality control. “We conduct additional reviews to certify themes for our Bluehost Certified category on a quarterly basis,” said Zaheer .

There appear to be 85 themes that are Bluehost Certified based on a screenshot acquired of the marketplace. However, that number is not verified. The MOJO Marketplace page does not appear to have a filter to view these, but it is available to users of Bluehost’s hosting service.

Selling on the Bluehost Marketplace

Theme developers who want to sell themes via Bluehost can apply through MOJO Marketplace. Authors should note that they would like to be Bluehost Certified.

Theme sellers who want to get certification must meet the Bluehost Certified guidelines. Some are fairly normal and would be expected in today’s market such as responsiveness, browser compatibility, fast load times, and active support from the author.

Others are a bit of a head-scratcher.

Certification requires that themes support page builders. It’s unclear which page builders need to be supported and what level of support is necessary. Ideally, this would be the other way around. Page builders should be built in such a way that they do not need theme-specific support.

Demo content is required. It is not clear if the requirements simply mean to provide an installable XML file with demo content or for the theme to output demo content in the absence of user content. Based on the description, it seems like the latter. If so, I would not want any part of that as a potential theme author. I could see requiring the use of the WordPress starter content feature in this case but nothing more.

The requirements also list “plugins supported” with no additional description. Good luck to theme authors figuring out exactly what that means.

Bluehost needs to make its Bluehost Certified page more detailed to be attractive to potential theme authors. There are far too many unanswered questions.

Commission rates are the same rates as other themes on the MOJO Marketplace. Themes sold exclusively through the marketplace earn between 50% and 70% based on the number of sales. Non-exclusive theme commissions are at a flat rate of 50%. Both exclusive and non-exclusive authors can distribute their themes through the Bluehost Marketplace.

“Theme sellers are welcome to set the price of their item,” said Zaheer. “However, we recommend they stay within $49-$69 range. If the review team does not feel the price is uniform with other themes in the same category, they will request a price change in order to be sold on the Marketplace.”

The pricing recommendation seems to be a bit on the low end, but it is consistent with the theme industry’s race to the bottom. Quality theme work should be at least double.

Fortunately for theme authors, pricing is based on yearly renewals. They are required to offer technical assistance within 24-48 hours while a user’s yearly support license is up to date.

SeASer Blog Theme

Drupal Themes - Tue, 12/17/2019 - 13:22

Seaser Blog is minimal but powerful Drupal 8 theme. Takes its power from Uikit. Uikit is more than a css framework. It provides dozens of commonly used functions with just one js file.

  • grid (smart)
  • slideshow
  • slider (carousel)
  • lightbox
  • masonry
  • parallax
  • sticky (navbar)
  • off-canvas (menu)
  • ...

Matt: Comments and Collatz Conundrum

Wordpress Planet - Mon, 12/16/2019 - 21:46

Over the summer Terence Tao, a Fields Medal-winning mathematician considered one of the best of his generation, got an anonymous comment on his WordPress blog post from 2011 exploring the Collatz conjecture — one of the most persistent problems in math — suggesting he explore the problem for “almost all” numbers. Terence has been a regular WP.com blogger since 2007 and he and his commenters make extensive use of our LaTeX feature to express and embed equations.

That anonymous comment led him to an important breakthrough on the Collatz Conundrum, as Quanta Magazine reports. If you want great comments, you as the author have to participate in them and Terence is incredibly active in engaging with the commenters on his site.

I’ve always said that comments are the best part of blogging, but this is a particularly cool example. Here’s Terence’s latest post on it, with an excellent comment thread following.

WPTavern: Slim SEO Keeps Options Simple and Handles the Legwork of SEO

Wordpress Planet - Mon, 12/16/2019 - 20:48

I have been running a blog of some kind since the Spring of 2003. In a few short months, it will be my 17th blog-aversary. The most important lesson I have learned over the years is to not do more work than is necessary to publish a blog post.

There was a time when I fiddled with custom field boxes to fine-tune every aspect of a blog post, such as meta keywords, descriptions, titles, and much more. However, worrying over every bit of metadata about a post became more work than actually writing the blog post itself. It was killing my creative process.

I have tried numerous SEO plugins and even built such a plugin myself once. Eventually, I would always come back to simply automating most of the process for whatever project I was working on.

Some SEO purists may balk at the idea. They might argue that everything must be fine-tuned for the best results in search engines. I could not say. Worrying about ranking seems to be a never-ending, uphill battle. In my experience, no particular plugin has ever given me an edge in comparison to another. Results were always similar regardless of whether I fixated on every detail that options-filled SEO plugins offered or let an automated system generate the bits and pieces I needed.

I decided to give the Slim SEO plugin a try. It promised to handle the dirty work and ticked most of the boxes in terms of what I was looking for in an SEO plugin.

Slim SEO is a plugin built by eLightUp, the company behind the Meta Box framework and GretaThemes. Given their history of building quality extensions for WordPress, their SEO plugin made sense for a test run.

The plugin beautifully handles the basics that you would expect from an SEO plugin. It automatically handles meta tags, including Open Graph Tags for social media. It generates a sitemap of your public posts and pages. It outputs structured data via JSON-LD with no work on the user’s part.

TL;DR: For users who are looking for a simple SEO solution with little legwork, Slim SEO is a solid option. For users who want to tinker with every aspect of their SEO, look elsewhere.

A Slim User Interface

As a user, the things I tire of quickly the most are complex options screens. Just give me the basics. That is exactly what Slim SEO does. It has a single options screen titled “SEO” under the default “Settings” menu in the admin. Currently, the only options are for inputting header and footer scripts from various services, such as Google Tag Manager or Google Analytics.

On the post-editing screen, the plugin provides a simple meta box for customizing the meta title and description. Users can also opt to hide the post from search engines and change the Facebook and Twitter images for the post. And, that’s it.

Per-post SEO options meta box.

Each of these options can be skipped if you prefer to let the plugin handle them automatically.

Suffice it to say, I am a fan of the slimmed-down interface. The plugin has no SEO scores, keyword rankings, or 20 different options to worry about. It does not show a preview of what the post might look like in a search engine. The options available are items that I may want to configure from time to time, so it’s nice to have the ability to do so when needed.

The Downsides of the Plugin

Slimmed-down does not always equate to being better. You make sacrifices by allowing the plugin to make decisions that may not always be the best for your site. Keep these in mind when deciding whether to use the plugin.

Automatic Redirects

One of the biggest downsides of automated systems is that I sometimes want things to be handled differently by the plugin. The plugin’s automatic redirect feature is a good example of that issue. Out of the box, the plugin will redirect all attachment page views to the media file. It also redirects visitors to author archive pages to the home page if the author has not written any posts or on single-author sites.

These auto-redirects may be desirable for some end-users, but they are not something I want. The problem is there is no clear way to disable this feature, even via code.

Header Cleanup

The plugin also has a “cleanup” feature that automatically removes the RSD link, Windows Live Writer manifest link, WordPress version number, and post shortlink from the <head> area on the front end. It may be desirable to remove those items, but their removal would be more appropriate in a cleanup WordPress type of plugin rather than a plugin focused on SEO.

Automatic Image Alt Attributes

Slim SEO automatically adds the alt attribute to post thumbnails and when inserting images into the editor. The problem is that it uses the attachment title. This could make accessibility worse than simply leaving the alt attribute empty. If your attachment title is something like DS_IMG9453.jpg, it does not accurately describe an image.

Breadcrumbs

The plugin has a shortcode for outputting breadcrumbs. It must either be manually added to a shortcode-aware area or within a theme template.

The breadcrumbs functionality provides a baseline experience. It doesn’t handle every scenario or even close to every scenario. The feature will not get you far with highly-complex setups. However, it would work OK for the average install.

That’s par for the course with SEO plugins — mediocre breadcrumbs at best. Frankly, SEO plugins should drop breadcrumbs from the feature list and let fully-fledged breadcrumb plugins do their thing. Users should use opt for a plugin that specifically focuses on being a breadcrumb plugin. Authors who build those tend to have more experience handling edge cases.

How Does the Code Stack Up?

From a programming perspective, the code is clean and clear. It is 90% to the point where it should be. The missing 10% is that there are no references to many of the objects the plugin creates. This is not an issue limited to this plugin and is more common than it should be.

This issue makes it next to impossible to remove actions and filters from hooks. For end-users, this does not matter. For developers, it is not a frustration-free exercise to manipulate how the plugin works. This could easily be solved in numerous ways, such as using a container, service locator, static single instance, singleton, or even a global. Whether some of those methods should be deployed is beyond the scope of this review. Nevertheless, some reference to the plugin’s objects would help.

Addressing this issue would come in handy disabling those auto-redirects.

The Final Verdict

Aside from a handful of admittedly trivial gripes, I would use this plugin in lieu of SEO plugins with more options. Years of running multiple sites has taught me to grab for the simplest solutions so that I can get back to doing the things I enjoy doing.

If you prefer to micro-manage every aspect of your SEO, there are plenty of existing options out there. Slim SEO will not fit your needs.

WPTavern: Inserting Special Characters Into the Block Editor

Wordpress Planet - Fri, 12/13/2019 - 20:46

For users of the Classic WordPress editor who often needed to insert special characters into their posts, life was once simple. Click the “Ω” button in the editor to open a modal with a list of characters not found on a standard keyboard. The user then only needed to click on the character they wanted to insert and go about the business of writing their post.

For users who made the move to the block editor and were accustomed to inserting special characters at the click of a button, life became more complicated. The answer to their woes was to first insert a Classic block and use its special character inserter, which kind of defeats the purpose of using the new and shiny block editor. Another option was to use the special character app/program packaged with their computer, which assumes all users know the keyboard shortcut for it or how to run the program.

By many accounts, this would be considered a standard feature for any text editor. When WordPress is at a stage of trying to sell a new editor, it should be prepared to include features that users of the old editor consider standard. The lack of a special-character inserter could have been written off as an oversight if people were not asking for it.

People were asking for it.

Fortunately, the requests caught the attention of the 10up team. In September this year, they released the first version of their Insert Special Characters plugin. It has since gone through a couple of updates and works well across browsers.

The plugin is simple and does its job much better than the previous Classic editor inserter. Instead of just handling the basics, the team went above and beyond what was necessary to launch the plugin.

The plugin adds a new sub-menu item to the text toolbar titled “Ω Special Characters.”

“Special Characters” rich text menu item.

After clicking the link to insert a special character, a modal box appears on the screen. The box provides hundreds of special characters to choose from. It sorts them under Miscellaneous, Math, Latin, and Arrow categories while providing a search filter to narrow down the list. The box can also be reached by typing ctrl/cmd + o on the keyboard.

Special characters insertion modal box.

Like many modals, the box pops up in a weird position from time to time, depending on where the insertion point is on the screen. Outside of that, I found no major problems with the plugin.

The plugin also provides a hook for other developers to manipulate the tabs and available characters in the modal.

This does beg the question of whether the feature should be implemented in the core block editor now. If the core team puts it in at this point, one would hope they would make it competitive with the plugin. Anything less would be a letdown.

WPTavern: WordPress 5.3.1 Includes Security and Bug Fixes, Accessibility Enhancements, and Twenty Twenty Changes

Wordpress Planet - Fri, 12/13/2019 - 00:58

WordPress 5.3.1 was released today with 46 bug fixes and enhancements. Changes include several accessibility improvements and four security vulnerability fixes. The update includes multiple changes to the default Twenty Twenty theme.

Version 5.3.1 is a security and maintenance release. All users are encouraged to update as soon as possible. For those with auto-updates enabled, updates are currently rolling out. All major branches of WordPress from version 3.7 through 5.3 received the new security fixes.

The following security issues were addressed:

  • Users without the correct permission (capability) could make a post sticky via the REST API.
  • An issue where cross-site scripting (XSS) could be stored in links.
  • Hardening the wp_kses_bad_protocol() function so that it is aware of the named colon attribute.
  • A stored XSS vulnerability using block editor content.

Most of the release focused on maintenance. Form fields and buttons now have the same height, which should result in a more consistent admin UI. This has long been an issue, but the accessibility changes in WordPress 5.3 highlighted the problem.

A bug with how permalinks were generated with the new Date/Time changes in WordPress 5.3 has been fixed. This left some sites using date-based URLs with incorrect post permalinks.

Other changes include removing support for the CollegeHumor oEmbed provider (the site is no longer available), updating the sodium_compat library, and making sure admin verification emails use the user’s locale instead of the site’s locale. For a full overview of all changes, visit the WordPress 5.3.1 release page.

Accessibility Improvements “Coffee” color scheme with new button colors.

Some of the biggest accessibility changes fixed issues with the alternate admin color schemes available in WordPress. The accessibility improvements to buttons in WordPress 5.3 did not get carried over to most of the alternate schemes. Or, rather, those alternate color schemes were not taken into account when the changes went into effect. This left secondary button elements practically unreadable in some cases, which made accessibility worse.

Version 5.3.1 creates a unified design for secondary buttons for every color scheme. It also makes sure that the :active state for buttons are consistent.

Other improvements to accessibility include adding underlines to links on the Dashboard screen that were not clearly links by context, properly disabling nav menu forms when they should not be in use, and adding hover effects for links on the “About” admin screens.

Twenty Twenty Changes Author bio option in the customizer.

The Twenty Twenty theme launched with JavaScript-based, smooth-scroll behavior for anchor links. This feature did not work correctly in all cases. It also broke anchor links to individual comments when paginated comments were enabled on a site.

Version 1.1 of Twenty Twenty includes CSS-based, smooth-scroll behavior. This greatly simplifies the code by using native behavior. It also works based on the user’s reduced motion setting for their browser, which enhances accessibility for the theme.

The theme update comes packaged with a new option for showing or hiding the post author bio. The setting is available under the “Theme Options” section in the customizer. It is enabled by default and will show the author bio section at the end of every post across the site.

The Twenty Twenty update also includes several bug fixes, most of which were trivial issues.

WordPress 5.3.1 Security and Maintenance Release

Wordpress News - Fri, 12/13/2019 - 00:07

WordPress 5.3.1 is now available!

This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.

You can download WordPress 5.3.1 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security updates

Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues.

  • Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
  • Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
  • Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
  • Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.
Maintenance updates

Here are a few of the highlights:

  • Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
  • Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
  • Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
  • Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
  • Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
  • External libraries: update sodium_compat.
  • Site health: allow the remind interval for the admin email verification to be filtered.
  • Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
  • Users: ensure administration email verification uses the user’s locale instead of the site locale.

For more information, browse the full list of changes on Trac or check out the version 5.3.1 HelpHub documentation page.

Thanks!

In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.3.1:

123host, acosmin, Adam Silverstein, Albert Juhé Lluveras, Alex Concha, Alex Mills, Anantajit JG, Anders Norén, andraganescu, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andrey “Rarst” Savchenko, aravindajith, archon810, Ate Up With Motor, Ayesh Karunaratne, Birgir Erlendsson (birgire), Boga86, Boone Gorges, Carolina Nymark, Chetan Prajapati, Csaba (LittleBigThings), Dademaru, Daniel Bachhuber, Daniele Scasciafratte, Daniel Richards, David Baumwald, David Herrera, Dion hulse, ehtis, Ella van Durpe, epiqueras, Fabian, Felix Arntz, flaviozavan, Garrett Hyder, Glenn, Grzegorz (Greg) Ziółkowski, Grzegorz.Janoszka, Hareesh Pillai, Ian Belanger, ispreview, Jake Spurlock, James Huff, James Koster, Jarret, Jasper van der Meer, Jb Audras, jeichorn, Jer Clarke, Jeremy Felt, Jip Moors, Joe Hoyle, John James Jacoby, Jonathan Desrosiers, Jonny Harris, Joost de Valk, Jorge Costa, Joy, Juliette Reinders Folmer, justdaiv, Kelly Dwan, Kharis Sulistiyono, Kite, kyliesabra, lisota, lukaswaudentio, Maciej Mackowiak, marcelo2605, Marius L. J., Mat Lipe, mayanksonawat, Mel Choyce-Dwan, Michael Arestad, miette49, Miguel Fonseca, mihdan, Mike Auteri, Mikko Saari, Milan Petrovic, Mukesh Panchal, NextScripts, Nick Daugherty, Niels Lange, noyle, Ov3rfly, Paragon Initiative Enterprises, Paul Biron, Peter Wilson, Rachel Peter, Riad Benguella, Ricard Torres, Roland Murg, Ryan McCue, Ryan Welcher, SamuelFernandez, sathyapulse, Scott Taylor, scvleon, Sergey Biryukov, sergiomdgomes, SGr33n, simonjanin, smerriman, steevithak, Stephen Bernhardt, Stephen Edgar, Steve Dufresne, Subrata Mal, Sultan Nasir Uddin, Sybre Waaijer, Tammie Lister, Tanvirul Haque, Tellyworth, timon33, Timothy Jacobs, Timothée Brosille, tmatsuur, Tung Du, Veminom, vortfu, waleedt93, williampatton, wpgurudev, and Zack Tollman.

Pages