Wordpress News

WPTavern: WordPress 5.6 Beta 4 Delayed, Auto-Updates Implementation Changed

Wordpress Planet - Tue, 11/10/2020 - 21:29

Earlier today, release lead Josepha Haden announced the team was pushing back the release of WordPress 5.6 Beta 4 to Thursday, November 12. The beta release was slated to go live today. Questions around the readiness of the auto-updates feature held the beta update back. However, those questions are now resolved.

Haden followed up the Beta 4 announcement with a more in-depth picture of how auto-updates will change for WordPress 5.6. She summarized the current concerns, laid out a path for version 5.6 and 5.7, and discussed plans for the future. The auto-updates feature is not something that will be complete overnight or in just one release. There are complex technical hurdles that must be jumped and a need for a dedicated focus in upcoming releases.

Much of her post focuses on the tactics going forward. However, she mentioned in our chat that she does not want the community to lose sight of the big-picture, vision-setting aspects of the project.

“The subject of auto-updates has resulted in many complicated discussions,” she wrote. “As I reminded the release squad, decisions like these require us to remember that we’re contributing to over 30% of the web, and we have to balance our immediate needs with long term planning.”

The short-term plan is to allow current WordPress users to opt-in to major updates while enabling auto-updates for both minor and major releases for new installations. Some changes to the auto-updates UI are also in the works along with a plan to revise based on feedback in WordPress 5.6.1.

In WordPress 5.7, which is several months away, the goal is to add a nudge on the Site Health screen for anyone opted out of major updates. We could also see a setting to opt-into updates as part of the WordPress installation flow for new sites.

The big picture that Haden is talking about? That is to make sure that all WordPress installations are receiving auto-updates, that these updates are seamless, and that users are running a secure version of WordPress.

Nearly two years ago, WordPress project lead Matt Mullenweg outlined nine goals for 2019. One of those goals was to provide users a method of opting into automatic updates of major releases. It has taken WordPress a while to get there, but it is on the cusp of launching this feature that many have looked forward to.

Haden also further clarified that goal. She said that the long-term plan for both Mullenweg and the other original feature contributors was to always have auto-updates for major releases enabled by default.

Apart from those who already prefer to opt-out of any sort of automatic updates, some users’ trust in the system eroded a couple of weeks ago. The WordPress auto-update system updated sites to version 5.5.3-alpha instead of 5.5.2 — WordPress currently automatically updates only minor releases. While there was no difference between the two versions and the core team quickly resolved the problem, the damage to user trust was already done.

This was not an ideal leadup to the December launch of auto-updates for major releases.

However, one hiccup — one that was effectively not an issue — seven years after WordPress 3.7 launched with security and maintenance updates is not too bad. The system has been a boon to making the web a more secure place. Ultimately, that is what auto-updates are all about. The big goal is to make sure that all WordPress sites are running on the most secure version available.

“It’s important that whatever we implement isn’t taking us further away from our long term goals of having seamless, auto-updates across the project,” wrote Haden. “Auto-updates can help us have a more secure WordPress ecosystem, and in turn can help change the public perception of WordPress being an unsecure choice for users of any skill level.”

HeroPress: Don’t Miss Your Chance to Speak at WordFest Live 2021

Wordpress Planet - Tue, 11/10/2020 - 20:55

As part of the growth of HeroPress, we’re looking at ways to support other community-focused initiatives, and here’s an excellent place to start:

Looking for something new in the new year? Kick off 2021 by being a part of WordFest Live. The team at Big Orange Heart is pulling together the first ever global event focused around 24 hours of celebrating WordPress.

They need sponsors and attendees, but most timely right now is the call for speakers.

If you’d like to apply to speak, head over to https://www.wordfest.live/call-for-speakers/ The event is looking for speakers from all over the world to share their WordPress knowledge.

Want to learn more? This article gives you a feel for the event, answers some questions, provides some topics to help guide you if you’re stuck, and explains what makes this a festival instead of “just” a conference.

The event is FREE with donations going to support Big Orange Heart. Speaker submissions close 18 November, 2020.

The post Don’t Miss Your Chance to Speak at WordFest Live 2021 appeared first on HeroPress.

WPTavern: Biden-Harris Transition Website Launches on WordPress

Wordpress Planet - Tue, 11/10/2020 - 04:24

The Biden-Harris presidential transition team has launched a new Twitter account and a website powered by WordPress. BuildBackBetter.com is hosted by Automattic and is zippy fast, thanks to Jetpack, Cloudflare CDN, and a lot of other performance optimizations. It loads in 333 ms, performing just 19 requests.

The site was created by Ben Ostrower’s team at Wide Eye, an 11-year old agency based in Washington, D.C., and the same team behind Kamala Harris’ 2020 presidential campaign website. Their work on Harris’ site won recognition as a finalist in Fast Company’s 2020 Innovation by Design Awards in the Graphic Design category.

In anticipation of winning the election, the Biden-Harris Transition team uploaded the content for the website in October, based on the image URLs. Peeping under the hood, it looks like the site is using the Ninja Forms plugin to power the email signup and contact forms, as well as Google Tag Manager for analytics. The design is a custom theme called Transition.

Wide Eye paid particular attention to the multilingual and accessibility features of the site with beautifully implemented toggles for contrast and font size. The high contrast toggle (dark mode) creates an elegant and natural transition between modes, without compromising the quality of the design.

The transition site also has an official accessibility statement regarding the team’s commitment to working towards WCAG 2.1 AA standards compliance:

Our on-going accessibility effort works towards conforming to the Web Content Accessibility Guidelines (WCAG) version 2.1, level AA criteria. These guidelines not only help make web content accessible to users with sensory, cognitive and mobility disabilities, but ultimately to all users, regardless of ability.

Visitors are encouraged to email accessibility@bidentransition.org with feedback on how to provide a better experience.

la web de Biden y Harris "de transición" (como lo llaman ellos) dice mucho de sus intenciones

➡️ Está hecha con WordPress (código abierto)
➡️ Es multilingüe (español e inglés)
➡️ Es MUY accesible (me da entre un 80 y 90% en tests)https://t.co/vY2Peb8BJ4

— Manu Quiroga 🎈 (@Manuls) November 8, 2020

The Biden-Haris transition team is focused on building the necessary infrastructure for providing a smooth transfer of power from the current administration with a focus on critical matters, such as public health policy and national recovery plans. The website publishes updates on the leadership being assembled to tackle these challenges.

Both the current administration’s whitehouse.gov and JoeBiden.com are also running on WordPress. If the Biden-Harris transition website is any indication, the next edition of whitehouse.gov may also relaunch on WordPress.

WPTavern: WordPress 5.6 Will Ship With Another Major jQuery Change

Wordpress Planet - Mon, 11/09/2020 - 21:31

WordPress 5.6 will ship with the latest jQuery library next month. This is a major update that all plugin and theme developers should begin testing against. Last week, Marius Jensen announced the change on the Make Core blog.

The following jQuery-related libraries are expected to ship in the update (WordPress Trac ticket):

  • jQuery 3.5.1
  • jQuery Migrate 3.3.2
  • jQuery UI 1.12.1

This change is not surprising. Lead developer Andrew Ozz announced the original three-phase transition to update the jQuery library earlier this June. The end goal is for WordPress to bundle the most up-to-date version and keep it updated going forward. WordPress has fallen behind and relied on an older version for several release cycles. As a result, much of the plugin and theme ecosystem has relied on outdated features.

The three steps of the process are as follows:

  • WordPress 5.5: Remove the jQuery Migrate 1.x script.
  • WordPress 5.6: Update to the latest jQuery, jQuery UI, and jQuery Migrate scripts.
  • WordPress 5.7: Remove the jQuery Migrate script.

If the removing, adding, and once again removing jQuery Migrate sounds confusing, it is because it can be. jQuery Migrate is essentially a helper script that allows developers to “migrate” to newer versions of jQuery. It is a backward-compatibility fix. The version of jQuery Migrate being re-added in WordPress 5.6 corresponds to newer versions of jQuery. It is being added as a temporary fix to give plugin and theme developers time to update their code. The hope is that developers will no longer rely on it by the time WordPress 5.7 ships.

“Following the best practices and the recommendations of the jQuery team, Migrate should be used as a helper tool, not as a permanent backwards compatibility solution,” said Ozz in our discussion a few months ago. “Ideally, WordPress will be able to do this.”

Whether jQuery Migrate is removed in WordPress 5.7 remains to be seen. Right now, it is a tentative goal. Thus far, the process is still on track. Much of this also depends on how smooth the WordPress 5.6 ship sails. The 5.5 release sunk, at least for many users. This is a result that we do not want to repeat.

Navigating all of this is no small feat for end-users. They rely on WordPress, plugin, and theme developers to keep things running smoothly. With a month left before the launch of WordPress 5.6, plugin and theme authors need to start testing to make sure their projects work with the latest version of WordPress.

Expecting some issues with WordPress 5.5, the WordPress development team created the Enable jQuery Migrate Helper plugin to ease the transition for users on WordPress 5.5. In the first week, the plugin had over 10,000 active installations. Today, it has over 200,000 users. This number is not necessarily indicative of plugins and themes with outdated code. Presumably, some percentage of these users no longer need the plugin because their extensions have been updated while they have yet to deactivate it. There is no public data on who is using the plugin and why.

The plugin is still useful right now. It logs deprecation notices and makes them available to users. If the plugin does not log any notices after a week or two, users are encouraged to deactivate the plugin. If they are still seeing notices, they should contact their theme or plugin developers, depending on what is triggering the notices. When users update to WordPress 5.6, they should no longer need the plugin.

We will be six months into this process for the next major release. Developers have had ample time to make adjustments. Let this be a friendly reminder to test plugins and themes during the 5.6 beta cycle.

Plugin and theme authors should test with the SCRIPT_DEBUG constant enabled in their wp-config.php files. More information is available via the Debugging in WordPress documentation.

Jensen has published a guide on updating jQuery in unmaintained themes or plugins. It is primarily geared toward end-users who are comfortable enough going the DIY route. However, developers can find some useful information in the tutorial too.

WPTavern: Editor Plus 2.1 Overhauls Block Controls UI and Adds Lottie Animations

Wordpress Planet - Fri, 11/06/2020 - 22:03

Yesterday, Munir Kamal released version 2.1 of the Editor Plus plugin. The biggest change is a complete overhaul of its design controls. The developer also added a new Lottie animation block.

I probably sound like a broken record after covering the last several releases of the plugin, but Kamal is doing some amazing things with the block editor. He is pushing limits and experimenting in areas that few others have yet to attempt. I am beginning to wonder if he has some secret, never-ending checklist of feature ideas in which he ticks off a few boxes every couple of weeks.

The plugin has only 1,000+ active installs at the moment. However, it has maintained growth of over 11% since the midway point in 2020. I expect this to accelerate in the coming year as Kamal continues placing individual pieces of the larger puzzle, which includes the free blocks, patterns, and templates at Gutenberg Hub. He has laid the groundwork and now has one of the largest block editor resources on the web.

Design Controls Overhaul More compact block design controls.

My biggest complaint about Editor Plus has always been how overwhelming some of the block options have felt. Too many choices can be blinding, and they make it tough to figure out where to start when customizing blocks.

In our last discussion a couple of weeks ago, Kamal said that “other UI improvements are yet to come.” He was already working on tightening up controls, creating what he referred to as a more compact UI. He was drawing inspiration from the Figma and Sketch design tools.

On the whole, this update creates that cleaner UI that he was shooting for. Some of the biggest improvements come from moving controls and labels inline with one another. The change means that users must do less scrolling to go through a multitude of options.

There are still areas that could be cleaned and made more intuitive. Right now, Editor Plus adds custom block options tabs where WordPress already has the same tabs. For example, the plugin creates its own “+ Typography” tab. Instead, it should mount its custom options on the existing core Typography tab. From a purely user-experience perspective, it is confusing to see the similarly-named tabs. This would also create a more compact list of top-level tabs. The plugin has other tabs or controls with the same issue.

Lottie Animation Block Still shot of the Bouncy Car Lottie animation.

Kamal added the plugin’s first seven blocks in the last plugin update. His primary goal is to stretch what the default WordPress blocks can do. However, he needed to create some new blocks to handle some of the layouts that were not possible with core alone. The latest update adds a Lottie animation block, which allows users to link to or upload a JSON file for a Lottie animation.

Created by Airbnb, Lottie is a library that parses Adobe After Effects animations that are exported as JSON with Bodymovin. It then renders them natively on mobile devices or the web. The file sizes are smaller than many other options, and the animations can be scaled up or down without pixelation.

LottieFiles is one of the largest libraries of free Lottie animations on the web. It has 1,000s of animations for users to choose from.

Kamal has already begun making use of the new Lottie animation block in Gutenberg Hub’s section patterns library, which houses block code that users can copy and paste into the editor, provided they have the Editor Plus plugin installed. Thus far, he has added three Lottie patterns with Black Friday animations — just in time for the shopping season.

Still shot of an animated Black Friday pattern.

While the Lottie animation JSON files are small, the script to play the animations is not. The JavaScript file comes in at a whopping 294 kb. This file is only loaded if the Lottie block is in use. The size may be a deal-breaker for some users. However, for animation-heavy websites, it might be worth considering.

WPTavern: WooCommerce Patches Vulnerability that Allowed Spam Bots to Create Accounts at Checkout

Wordpress Planet - Fri, 11/06/2020 - 20:37

WooCommerce 4.6.2 was released yesterday with a fix for a vulnerability that allowed account creation at checkout, even when the “Allow customers to create an account during checkout” setting is disabled. The WooCommerce team discovered it after several dozen users reported their sites were receiving spam orders, or “failed orders” where the payment details were fake.

Source: WooCommerce Developer Advisory

WooCommerce developer Rodrigo Primo described how the bot is attacking stores:

The gist of it is that the bot is able to create a user when placing an order exploiting the bug fixed by 4.6.2. After creating the user, the bot tries to find vulnerabilities in other plugins installed on the site that require an unprivileged authenticated account.

WooCommerce recommends users update to 4.6.2 to stop bots from creating users at checkout and then remove any accounts the bot previously created. This will not stop the bots from creating fake orders so store owners are advised to install additional spam protection from the WooCommerce Marketplace. Some users in the support forum are trying free plugins like Advanced noCaptcha & Invisible Captcha and Fraud Prevention Plugin for WooCommerce.

The first logged instance happened nine days before WooCommerce was able to issue a fix. In the meantime, some users reported having their site’s URL changed and other hacking attempts. Dave Green, WordPress engineer at Make Do, used log files to determine that the script relies on exploiting other vulnerabilities in order to gain access to the database.

“That script is creating the order, and is also likely to be exploiting whatever vulnerability is available to bypass customer account settings and create a new user; it may or may not be relying upon other exploits for this,” Green said.

“Assuming it has successfully gained access to the system, it then tries to update the DB. It either fails and leaves you with nuisance orders, or succeeds and points your site to the scam URL.”

The WooCommerce team has also fixed this same bug in WooCommerce Blocks 3.7.1, preventing checkout from creating accounts when the related setting is disabled.

WooCommerce did not publish the names of any of extensions that have vulnerabilities being exploited by this script. However, some one user reported an attack that coincided with the fake orders:

I had a failed order yesterday with similar info to the OP as well.

At the exact same time that failed order came in, my WAF blocked two attempted attacks from the same user/IP (bbbb bbbb) for “TI WooCommerce Wishlist < 1.21.12 – Authenticated WP Options Change”

The script may have been probing for a vulnerability in the TI WooCommerce Wishlist plugin, which was patched approximately two weeks ago. The plugin is active on more than 70,000 WordPress sites.

The WooCommerce team is still researching the origin and impact of this vulnerability and will publish more information as it becomes available.

WPTavern: WordPress.com Drops Over 100 Block Patterns, Carving a Path the Design Community Should Follow

Wordpress Planet - Thu, 11/05/2020 - 23:09

Automattic released over 100 block patterns to its users on WordPress.com last week. Patterns are a set of blocks that users can insert into their posts or pages for predefined yet customizable sections of content. Most of WordPress.com’s new patterns are general enough in design to cover a range of uses. However, the choices also cover some niches like restaurants.

“The WordPress Editor is a powerful tool that can help bring your design ideas to life but one of the best parts is, you don’t have to start from scratch,” wrote Ian Stewart, the WordPress.com Design Team Lead, in the announcement. “Building sophisticated designs can be as easy as picking Patterns from our growing library, and snapping them together to create beautiful-looking posts and pages.”

Aside from the work that Gutenberg Hub has done with its template library, this is one of the largest dumps of block patterns from anyone in the WordPress community at once. The big question right now is whether the larger WordPress community will see them in some form.

“No immediate plans to bring those out to the larger community outside of WordPress.com just yet,” said Stewart in a quick chat. “I expect us to contribute in some fashion to the potential block pattern directory but no immediate plans there yet either.”

Admittedly, I was a little disappointed in the response. I bought into the idea of block patterns from day one and have been patiently awaiting an explosion of layouts from the development community. As a former theme business owner, I see the dozens of problems that patterns would have solved for me five, six, or seven years ago. And, this is a feature that could win over some holdouts who are waiting for the block editor to mature enough to build more advanced layouts.

Grouping Quote, Spacer, and Columns creates custom Quote pattern.

“The team’s current focus is on making great-looking WordPress.com patterns and contributing back to the Gutenberg Project when we see potential for improvement with the tools for creating them,” said Stewart. “I think, like you, we’re pretty excited about the potential for Patterns and improved design controls in the Block Editor. So we’re plugging away at that right now. There’s a lot of exciting designs that can be made today and even more that we’ll be able to make in the future.”

Not now is not a no, however. Automattic has a gluttony of talented designers. If a block pattern directory emerges from recent discussions (it’s still an early idea), I have little doubt that individuals from the company would submit patterns. Users of the WordPress software will also see new patterns in themes that the design team releases publicly, such as those within Seedlet.

Heading, Paragraph, Spacer, and YouTube blocks create this pattern.

The great thing about patterns is that they are easy to recreate. Even if the WordPress.com design team decides to keep them in-house for the foreseeable future, they can offer inspiration to theme authors who are looking to dive into this feature. Most of the patterns use only the core WordPress blocks. However, some of the contact-related patterns use the Form block, which is available via the Jetpack plugin.

Other patterns make use of the Layout Grid block, which is in the official plugin directory. This is one area that the block editor still lags a bit behind in, so it is necessary to use a plugin to make some of the more complex pattern designs work. However, there is an open discussion on a grid system for core. Tavern readers seemed to be receptive to the idea earlier this year too.

Grids within grids — nesting for a complex layout.

The design team put together an extensive array of call-to-action patterns. With over 20 to choose from in this category alone, just about any site owner who wants to sell a product, service, or content should be able to find something that suits them.

Call to Action block pattern for shops.

For now, those using WordPress.com can fully enjoy one of the better parts of the block editor. As for theme authors who are building for the open-source WordPress platform, remember that great artists steal.

WPTavern: Frontity Inks Partnership with 10up

Wordpress Planet - Thu, 11/05/2020 - 03:18
photo credit: Matt Moloney

Frontity has launched a partnership program to support the maintenance of its open source framework for building React-based WordPress sites. 10up, a large agency that provides headless solutions to enterprise customers, is the first partner to join in support of the project.

“Since we launched Frontity Framework last year, dozens of WordPress publishers have asked our team about consulting services and for help on their migration to Frontity,” Frontity communications director Reyes Martínez said. “It was great to see an increasing interest in using Frontity at an enterprise-level but, unfortunately, we didn’t have an efficient way to help them all and fulfill the custom requirements these projects usually need.”

This partnership allows Frontity to funnel requests for consulting to 10up and other future agency partners. Reyes said the partnership does not have a monetary aspect but rather 10up is supporting the project by maintaining and extending the framework through contributions.

Prior to this arrangement, the agency had already contributed to the core framework, most notably by developing the Link Component and Auto-Prefetching features. 10up also created the ElasticPress package, which improves search for sites using Elasticsearch.

“Frontity provides an easy to use package management interface that enables us to quickly extend the platform — similar to how plugins work in the WordPress ecosystem,” 10up VP of Engineering Taylor Lovett said, explaining why the company formalized a partnership with the framework’s creators. “It includes features that typically require custom engineering, such as Google Analytics integration, routing, and integration with plugins (like SEO tools).”

Earlier this year Frontity raised €1M in funding in a round led by K Fund, with Automattic covering 22%. This funding keeps the maintainers free to focus on the open source project. Frontity recently ranked #9 on Runa Capital’s Open Source Startup (ROSS) Index, which ranked the top 20 startups by Github star growth for Q3 2020.

The project’s partnership program is an interesting and somewhat uncommon approach to sustaining the framework’s growth. It redirects a steady stream of leads for custom work to partners, helping potential users find expertise, while ensuring the project is well maintained. As the WordPress ecosystem demonstrates increasing interest in building React-powered websites, Frontity is turning the growing demand for custom work into an opportunity to bolster the open source project and ensure the framework’s future.

“Some companies are aware of the advantages of a decoupled React front-end and contact us because they are interesting in using Frontity, but don’t have the team or the internal resources to build or migrate a project from scratch,” Reyes said. “Others that have the resources and already tried (or know) Frontity, contact us because they still want a freelancer or agency to help with the development, design or maintenance of the project.”

Frontity is in conversation with some agencies from the WordPress VIP Agency Partner Program and other hosting companies but could not share more details at this time. The basic qualifications for partners include previous experience with enterprise customers in the WordPress space, expertise with headless WordPress and React frontends, and willingness to actively contribute to the Frontity framework.

WPTavern: Gutenberg 9.3 Provides Indicator of Where Full-Site Editing Is Going, a Future Without Widgets and Customizer Screens

Wordpress Planet - Wed, 11/04/2020 - 20:36

Version 9.3 of the Gutenberg plugin dropped earlier today. It is the first version of the plugin during the WordPress 5.6 release cycle that will not see its new features land in the core platform. However, bug fixes have been backported to WordPress 5.6 beta 2 and 3. Much of the work for the release focused on full-site editing (FSE) features and fixes. However, some minor enhancements outside of the site editor landed in the update.

The Social Links block now supports Patreon, Telegram, and Tiktok, which brings the total number of social icons to 43. The Buttons block also has an overhauled alignment option.

Overall, the release mostly adds polish to existing areas. The development team fixed over 20 bugs and has continued pushing forward with improvements to the site editor.

Removal of Widgets and Customizer Screens Widgets and Customizer no longer under Appearance menu.

The biggest story around Gutenberg 9.3 is not in measurable code or user-facing design changes. Instead, it is within a discussion on a ticket about removing the Customizer and Widgets screens when a user has FSE enabled.

Version 9.3 hides the Widgets and Customizer items from the WordPress admin menu. However, they are still accessible by directly going to the URL or lingering links within various parts of the WordPress admin like on the Themes screen. This change could have implications for the future of those screens.

“I think it would be a bad move to hide them now without clearly communicating to the WordPress community what the future of widgets and the customizer is,” wrote Carolina Nymark, a Themes Team representative, in the ticket. “Hiding them is going to lead to more questions from worried users and developers. I think hiding them without answering these questions publicly is a bad idea. I’m not asking you to answer me in this pull request, I am asking that ‘WordPress,’ be it the core-editor team or someone else, presents the long term plan for these core features.”

She lists several questions that should be answered by project leaders. Most of them boil down to the central question of what role the customizer will play in the long term:

  • Even if the menu item is hidden, the customizer can still be accessed, will the options still work?
  • What role will the customizer have with FSE themes?
  • Will it be deprecated, how and when? If it is not going to be deprecated, why hide them?
  • Will it also be deprecated for non-FSE themes? How and When?
  • How do I convert existing customizer options for my updated theme?
  • What about the WordPress options that are only available in the customizer, like the site icon?

“The idea here is that since FSE themes don’t have widget areas, the widgets screen is useless,” responded Riad Benguella. “For the customizer, it’s a duplicate of the Site Editor screen (similar capabilities), so we need to make sure the Site Editor fills the gaps left by the Customizer. Global styles and Site blocks address most of the site options required for FSE themes and making the switch (hiding the customizer) will allow us to discover gaps we’re missing.”

That FSE themes will not have widget areas does leave one to wonder why so much work has been put into converting the sidebar/widgets system to use blocks over the past year. It was also a planned feature for WordPress 5.6 that did not make the cut.

Benguella’s thoughts seem to be in line with 5.6 release lead Josepha Haden’s recent comments. “There’s a lot of interest in reducing the number of workflows, and I’m hopeful that we can consolidate down to just one beautiful, intuitive interface,” she said in response to pulling the plug on widgets for 5.6.

Benguella’s comment is also one of the first public indications that I have seen about what such a consolidation would look like. Presumably, there will be no need for the Nav Menus, Widgets, or Customizer screens as WordPress progresses in the coming releases.

I still question whether the work that the team is putting into making those screens handle blocks is worth it. Traditional themes should simply use traditional nav menus, widgets, and customizer options. New block-based themes should use the site editor when it lands.

There are still some unanswered questions from Nymark’s list. We will need to wait for further feedback from someone in the know. She is right about the need for clear and public communication.

Automatic Switching to FSE Notice given to users when they are using an FSE-capable theme.

One of the biggest improvements, particularly for people testing FSE, is that Gutenberg now automatically enables FSE when a user activates an FSE-capable theme. It will also disable FSE when switching back to a traditional theme.

Some good themes to test FSE with are Q, Twenty Twenty-One Blocks, and Seedlet Blocks.

Users can also no longer enable FSE via the Gutenberg Experimental settings screen. Using a block-based theme is now a requirement to test this part of the Gutenberg experience. This is probably a good call at this stage. Despite being clearly labeled as experimental, thousands of users run Gutenberg in a production environment and may enable it. Plus, it keeps people from testing a broken experience when their theme does not support it.

Buttons Block Content Alignment New inner content alignment option for the Buttons block.

For theme authors who do not rely on the Gutenberg base styles, they may need to update their theme stylesheets to handle content-alignment classes on the Buttons block. However, they will also need to continue supporting the old classes for backward compatibility.

This change means that users can use wide and full-width alignment on the block while separately aligning the block’s content.

The update adds a content justification option to the editor toolbar for the Buttons block. It makes sense to use this method because the Buttons block is technically a container. It merely houses one or more inner Button blocks. The previously-used alignment system is meant for aligning the entire block rather than the block’s content.

In past versions of the block editor, the Buttons block used the traditional align* classes for left, right, and center alignment. This Gutenberg update switches the classes to is-content-justification-*.

The editor will automatically transition the Buttons block to the new classes when a user edits a specific post with the block. Otherwise, they will still have the old align* classes.

WPTavern: WordPress 5.6 to Add UI for Enabling Major Version Auto-Updates, Contributors Discuss Adding a Filter to Hide It

Wordpress Planet - Tue, 11/03/2020 - 23:32

WordPress 5.6 is set to add a UI that allows users to opt into auto-updates for major versions of core. Previously, developers could turn these updates on by setting the WP_AUTO_UPDATE_CORE constant to true or by using the allow_major_auto_core_updates filter. Version 5.6 exposes this setting in the UI to make it more accessible for users.

Jb Audras posted a dev note on the feature yesterday with instructions for how developers can extend it to add more options.

A previous version of this UI specified that the setting refers to major versions:

Keep my site up-to-date with regular feature updates (major versions).

This was changed 11 days ago to remove the wording that tells users which versions the setting controls.

“The idea was to make the wording more general, and maybe easier to understand,” Jb Audras said. “As minor updates are already automatically updated (since 3.7), new users may not understand what is behind the ‘major versions’ term.”

This new wording makes the setting unclear. Users may not understand what “major versions” are but “feature updates” is even less clear. Does it include updates to existing features? Or only the introduction of brand new features? A better option might be to link “major versions” to documentation on HelpHub.

In the current climate, where positive sentiment regarding auto-updates is declining, shipping the new UI with a nebulous term like “feature updates” is not going to inspire as much confidence as explicitly identifying what updates the setting controls.

Audras said he is open to having the wording changed but that so far those testing the beta don’t seem to have a problem with it. String freeze is scheduled for November 10, and after that no more wording updates can be committed.

Contributors are also discussing adding a filter that would allow developers to hide the auto-updates UI for major versions. Mike Schroder noted that this would be especially useful for hosting companies that are handling updates in a different way. Some developers or agencies may want to use the filter to prevent their clients from turning auto-updates on for major versions.

Core Committer Jonathan Desrosiers said he is not in favor of using a filter to hide the UI on a page that is not likely to be accessed by users who have the ability to update core:

If that change is made (disabling the form when the constant is defined or allow_major_auto_core_updates filter is used), then I am not sure the UI should ever be hidden. As raised by @aaroncampbell in today’s weekly meeting, the update page is only accessible to those with the update_core capability (trusted users). While there may be valid use cases for wholesale hiding the new feature, I haven’t seen one yet. To me, disabling the form and explaining why the form cannot be used to update the desired behavior is more valuable to the site owner, as they would be better equipped to make an adjustment.

If you want to contribute to the conversation, check out the dev note on the new auto-updates interface for major versions and the Trac ticket for a filer that would hide the UI.

WPTavern: Automattic Releases Spearhead, a Seedlet Child Theme Aimed at Podcasters and Content Creators

Wordpress Planet - Tue, 11/03/2020 - 22:24
Spearhead theme blog/posts page.

Last Thursday, Automattic announced its new Spearhead theme to WordPress.com users, which primarily focuses on podcasters. However, the team has marketed it toward content creators in general. It is a child theme of the company’s recently-released Seedlet theme. Cece Yu originally created the design for the Spearhead podcast, which is currently in use on the website.

Spearhead is not just a theme for WordPress.com users. Self-hosted WordPress users can expect availability in the future. “Adding Spearhead to the themes directory is on our to-do list,” said Jeff Ong, a designer at Automattic. “Just haven’t gotten round to it yet.”

For self-hosted users who want to give the child theme a spin right now, Automattic hosts all of its free themes in a GitHub mono-repository. The Spearhead theme is located in its own /spearhead sub-directory.

The announcement post said that the theme is fully block powered. This would be better reworded to say that it is a block-first WordPress theme. When full-site editing lands in core WordPress, we can start saying that themes are fully powered by blocks. Until then, it is just the content that is made of blocks. And, Spearhead’s parent theme is a prime example of a solid block-first theme. I imagine it will be the springboard of many upcoming themes from Automattic’s theme designers, whether that is in the form of a building child themes or using it as a starter.

Given Spearhead’s podcast roots, the development team wrote a small function to locate an Audio block from the post content and present it on the blog and other archive-type pages below the excerpt. In the past, this sort of feature was difficult to achieve because of little-to-no standardization on audio output. However, the block system makes it possible with just a few lines of code.

Automatic Dark Mode Support Light vs. dark modes based on OS settings.

One of the more interesting aspects of Spearhead is its support for users who are browsing the web in dark mode. This setting is located in various locations based on the user’s operating system. However, when enabled by the user, the theme automatically detects this and switches its color scheme.

This system uses the prefers-color-scheme CSS media feature to style for dark mode. This feature is generally supported by most modern web browsers. For browsers and operating systems without dark/light mode support, users will see the default light color scheme for the theme.

I generally prefer light color schemes, but this is one of the few dark color schemes that is at least comparable or maybe better than the light one. Far too often, I find dark schemes unreadable for long-form content, but the development team took care to select a palette that works well for whatever the site visitor chooses.

Custom Block Patterns Inserting the Podcast Links block pattern.

Spearhead removes the three patterns registered by the Seedlet parent theme. It then registers four of its own patterns:

  • Related Posts
  • Archive Page
  • Podcast Links
  • Podcast Links List

The Related Posts pattern requires the Jetpack plugin to be installed. Currently, the theme does not check if the plugin is active before registering the pattern. Presumably, this is because Jetpack features are available on all WordPress.com sites. However, the development team will need to address this before submitting it to the WordPress.org theme directory.

The Archive pattern allows users to create an archive page on their site. It displays a search form, the latest posts, and the site’s categories. It is not quite as fully featured as a complete archive plugin. However, it does replace what is often the traditional archive page template shipped with many themes. The use of a pattern is a nice shift that gives users more flexibility to change the output than what is possible with page templates.

It will be interesting to see if more theme authors follow suit and reevaluate their theme’s page templates. Transitioning to a block pattern may be a better option in many cases.

The Podcast Links pattern outputs a Navigation block with links to sites that host podcasts. End-users will want to update the link URLs. The Podcast Links List pattern is similar. Surprisingly, it is not actually a list. It is a paragraph of links and does not have the same prefix text.

Aristotle

Drupal Themes - Tue, 11/03/2020 - 13:20

Aristotle is a HTML5, responsive and mobile-friendly theme.

It is the default theme for the Drupal 9 version of Opigno LMS distribution and includes many styles specifically for Opigno.

WPTavern: WordPress 2019 Survey Results Show Professionals Slow to Adopt Block Editor, 2020 Survey Now Open

Wordpress Planet - Mon, 11/02/2020 - 23:12

WordPress has opened its 2020 Annual Survey, a short set of questions designed to collect more information on how different groups of people are using the software. It takes approximately 5 minutes to complete and all data is anonymized.

WordPress Executive Director Josepha Haden Chomphosy said she uses the results from the survey to inform her plans and recommendations all year long. In addition to providing valuable information for WordPress’ leadership, the results will also be shared with the wider community.

The Community Team has prepared a report with results from the 2015 and 2019 surveys, which had not been previously published. The 2019 results are summarized in a set of Google slides and are also available as a PDF or PPT.

Despite 2019 being the first year that the survey was translated into five different languages, it only received 6,203 respondents, as compared to nearly 46,000 in 2015. The highest number of responses came from Europe (62%) and Asia (12%), while North American engagement has declined drastically to just 10%. Unchanged from previous years, most WordPress users identify as male (79%).

2019 NPS Results: Detractors are Steadily Shrinking

The 164-page report has a lot of information to digest but one of the highlights is the Net Promoter Score (NPS). It is a loyalty metric derived from users’ responses to the question of how likely they are to recommend WordPress to friends, colleagues, or clients. It provides an informal measurement of user satisfaction or perception.

WordPress’ 2019 NPS was 54, an increase from previous scores of 50 and 52. Promoters remain static while Detractors are steadily shrinking. This score, however, is skewed towards representing those who have a favorable enough opinion of WordPress to take the time to respond to the survey. The software’s truest detractors have likely already moved on to following other tech communities and may be underrepresented in the NPS score.

More than 75% of respondents have been using WordPress for three years or more. Results indicated the project’s open source community is an important driver for why people use the software:

“Nearly six-in-ten (59%) of survey respondents choose WordPress because it’s what they know best. Half (50%) say they enjoy its open source community. Nearly half (48%) say WordPress has the features they need.”

This indicates that the WordPress community provides a factor of “stickiness” equal to that of the features the software offers. Improving and maintaining a healthy community is an important consideration for user retention, since a user sticking with WordPress is just as important as attracting new users.

CMS Usage on the Rise Among Professionals, Blogging Is Declining

The 2019 survey found that 76% of professionals are using WordPress as a CMS, with slightly higher numbers (79%) for the WordPress Company Pros segment (those who work for a company that designs/develops websites). Blogging usage among professionals is consistently declining.

In the segment of respondents reporting as Users, blogging is also on the decline, with 49% using WordPress as a personal blog in 2019 vs. 63% in previous years (2015-2017).

WordPress Professionals Slow to Adopt the Block Editor

One noteworthy section in the 2019 results includes data on block editor adoption. When asked “Which editor do you currently use?”, 53% of respondents who identified as professionals said they are using the Classic Editor. This indicates the block editor is still finding its footing among professionals. An increasing percentage of these professionals are also self-employed (44% in 2019 vs 36% in 2016).

Another question asked, “Have you or your team built blocks for the new editor?” Less than half of those using the new editor confirmed they have new blocks added for using it, and 17% were not sure. If more than half of professionals have yet to adopt the new editor, it seems the market for block-based products has a great deal of room to grow.

Block editor adoption among Users could be as low as 36% or as high as 56%, but a large portion of users (20%) are unsure which editor they are using. This is not a bad thing, as most new users will have no prior knowledge of the Classic editor. Results from the 2020 survey should be useful for tracking adoption of the block editor over a longer period of time since its debut in WordPress 5.0 (2018.)

Attendance at WordPress community events, such as meetups and WordCamps, seemed to be on the rise, as well as submitting bug reports and contributing to documentation. However, 2019 saw a sharp decline in the percentage of those who report having created their own theme (61% to 42%) or plugin (50% to 38%), when compared with previous years. The percentage of core contributors (5%) has remained steady. This might mean that creating themes and plugins is becoming more difficult or less rewarding, or perhaps the survey attracted more of a different type of user than it did in previous years. There are any number of explanations but this may be a trend to continue watching.

WordPress Users Remain Uneasy about Auto-Updates, Positive Sentiment is Declining

In light of the incident last week where WordPress’ auto-update system misfired, updating live sites to an alpha version, the survey includes valuable data about how users are feeling about this feature. The data from 2019 indicates that positive sentiments regarding auto-updates were already on the decline since 2015.

Those reporting that they loved auto-updates declined from 41% to 35%. The percentage of those who would like to see auto-updates for major releases of WordPress declined from 24% to 15%. Positive sentiment regarding theme and plugin auto-updates also decreased. Meanwhile, awareness of auto-updates increased in 2019, and slightly more users reported the feature makes them nervous or that they hate it.

These are just a few major highlights from the 2019 survey results, but the report includes much more detailed data regarding contributor satisfaction, time spent contributing, contributors’ experiences, and other topics. Check out all the summaries in the Google docs presentation, and make sure to take the 2020 survey to improve the representation of WordPress users this year.

WPTavern: Full-Site Editing Is Not the End of Artistic WordPress Themes

Wordpress Planet - Mon, 11/02/2020 - 22:12

These plain canvas-like themes have until now been a choice for those who prefer it (those who like to design their own thing), but this article makes it sound like these types of themes should be the only choice in the future of WP.

This is worrisome to me as a non-designer who looks for themes specifically based on things like attractive button styles.

FSE sounds bad for people like me, who aren’t artistic, can’t coordinate colors, and want themes to do the artistic stuff.

This was the response by a Tavern reader named Isabel on the recent coverage of the Q theme, an experimental project for the upcoming full-site editing (FSE) feature of WordPress. More specifically, she was worried about a thought that Ari Stathopoulos, the theme designer, had made asking that theme authors not get too opinionated with their default styles for things like buttons and so on. His view seemed to lean more toward creating open and customizable themes. However, it is not the only valid opinion on what themes should look like.

This is not much different than what we have experienced over the previous decade or more. Some theme authors build open canvasses for users to customize. Other theme authors build intricately-designed layouts with unique textures, shapes, and forms.

This is not going to change when FSE lands in core WordPress. Themes are merely the expression of the designer’s vision for what a site could look like, and not all theme authors think about design in the same ways.

The Q theme is meant as a starting point or testbed for FSE. There will be many open-canvas themes. These types of themes are already wildly popular, particularly when used in conjunction with a page builder. Astra has over a million installs. Hello Elementor has surpassed 400,000. GeneratePress has over 300,000. There is big money in this segment of the theme market. FSE will undoubtedly help to increase the competition.

However, that is not all that themers are giving us. The recently-released PhotoFocus theme by Catch Themes is on the upward trend, inching its way into the popular themes list on WordPress.org. And, there are hundreds of other options that go beyond the plain ol’ open, black-text-on-white-background themes built for customization by the end-user.

I simply do not see the current trends shifting too much. Yes, those trends already lean heavily toward open-canvas themes. FSE will allow developers to build those types of themes for core WordPress instead of page builders much more easily.

However, this is also an opportunity for those who want to experiment with more artistry to do so.

Stathopoulos did say:

It’s tempting to add extremely opinionated styles, for buttons for example, but more and more things get added every day to the editor like a border-radius setting for buttons.

But, we must put that into the context of his followup remarks:

Theme authors should avoid the trap of designing an FSE theme having in mind what the editor currently does. Instead, theme authors should strive to build something having in mind a vision of what the editor will eventually become.

He is not saying that every theme needs to be plain and boring. He is not saying that theme authors should be reluctant to put a unique spin on the Button block, for example. He is saying that theme authors need to evaluate how they approach design based on what block options are available for end-users.

Buttons are a good example of this. With the border-radius option that allows end-users to control rounded corners for buttons, he means that theme authors should not overwrite border-radius styles in their CSS. Users should have the option to control it if they want. He is also talking about using the eventual Global Styles system to set up defaults. If theme authors want rounded buttons by default, they should use the system that WordPress provides rather than writing the CSS. He wants theme authors to be aware of the current block options and styles while preparing for new options in the future.

This upcoming era of theming changes how theme authors work with the system. It does not mean they cannot branch out in terms of design.

Here’s where the block editor project makes things more interesting for those users who want things like “attractive button styles” but lack some of the artistic skills expected from the theme’s designer. The block system is set up for unlimited variations on what themes can provide to end-users.

Sticking with the Button block example, users can already see two block styles named Fill and Outline in WordPress as shown in the following screenshot.

Using the Outline block style.

Theme authors can add all sorts of style variations today, and some have already done so. Block styles offer a lot of variety, and WordPress allows users to further customize these if they wish to do so.

WordPress also offers two different block patterns that utilize the Buttons block. They are basic two and three-button layouts. However, theme authors can use the Patterns API to create any number of layout options using buttons.

Inserting the “two buttons” block pattern into the editor.

Stathopoulos’s comments on not being too opinionated should also be taken in the context of the upcoming Global Styles system, which is currently being tested in the Gutenberg plugin. This system allows theme authors to set up global, default options for everything. They can also drill down and set up default options for individual blocks. For example, a theme author can set a default background gradient, rounded corners, and any other options available for the Button block. These default options can span the width of the spectrum, from a simple and understated square button to a rounded button with a vibrant gradient background and a drop-shadow. The more block options that WordPress’s editor offers in the future, the more flexible theme authors can be with their designs.

Experimental, per-block global styles in the site editor (feature not finished).

Isabel’s concern is valid. It is tough to keep up with all the changes happening and those that are on the feature list of the future. The Gutenberg project moves fast, and when we write about features or experimental themes, it is easy to overlook some of those questions that the average user might have.

To put some users’ minds at ease, future WordPress themes will undoubtedly offer a breadth of artistic designs that are suitable for all sorts of websites. Designers and non-designers alike should look forward to the months and years ahead.

WordPress.org blog: WordPress 5.6 Beta 3

Wordpress Planet - Mon, 11/02/2020 - 21:23

WordPress 5.6 Beta 3 is now available for testing!

This software is still in development, so we recommend that you run this version on a test site.

You can test the WordPress 5.6 beta in two ways:

The current target for the final release is December 8, 2020. This is just five weeks away, so your help is needed to ensure this release is tested properly.

Thank you to all of the contributors that tested the beta 2 development release and provided feedback. Testing for bugs is an important part of polishing each release and a great way to contribute to WordPress.

Some Highlights

Since beta 2, 20 bugs have been fixed. Here is a summary of a few changes included in beta 3:

  • Added block patterns for Twenty Twenty (see #51098) and Twenty Nineteen (see #51099) themes.
  • Added theme support for navigation-widgets (see #51445).
  • Fixed incorrect slashes in the URL if the parent is empty for REST API (see #44745).
  • Added a test to Site Health to verify that the Authorization header is working as expected for Application Passwords (see #51638).
  • 10 additional bugs fixed in the block editor (see #26588).

To see all of the features for each Gutenberg release in detail, check out the release posts: 8.68.78.88.99.09.1, 9.2, and 9.3.

Developer notes

WordPress 5.6 has lots of refinements to the developer experience as well. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers’ notes for updates on those and other changes that could affect your products.

How to Help

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you!

If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Props to @hellofromtonya for help and @chanthaboune  for final review.

WordPress 5.6 Beta 3

Wordpress News - Mon, 11/02/2020 - 21:23

WordPress 5.6 Beta 3 is now available for testing!

This software is still in development, so we recommend that you run this version on a test site.

You can test the WordPress 5.6 beta in two ways:

The current target for the final release is December 8, 2020. This is just five weeks away, so your help is needed to ensure this release is tested properly.

Thank you to all of the contributors that tested the beta 2 development release and provided feedback. Testing for bugs is an important part of polishing each release and a great way to contribute to WordPress.

Some Highlights

Since beta 2, 20 bugs have been fixed. Here is a summary of a few changes included in beta 3:

  • Added block patterns for Twenty Twenty (see #51098) and Twenty Nineteen (see #51099) themes.
  • Added theme support for navigation-widgets (see #51445).
  • Fixed incorrect slashes in the URL if the parent is empty for REST API (see #44745).
  • Added a test to Site Health to verify that the Authorization header is working as expected for Application Passwords (see #51638).
  • 10 additional bugs fixed in the block editor (see #26588).

To see all of the features for each Gutenberg release in detail, check out the release posts: 8.68.78.88.99.09.1, 9.2, and 9.3.

Developer notes

WordPress 5.6 has lots of refinements to the developer experience as well. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers’ notes for updates on those and other changes that could affect your products.

How to Help

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you!

If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Props to @hellofromtonya for help and @chanthaboune  for final review.

WordPress.org blog: The Month in WordPress: October 2020

Wordpress Planet - Mon, 11/02/2020 - 18:14

October 2020 was a notable month for WordPress lovers, thanks to the release of several products and updates. Read on to keep up with all the latest news!

The 2020 WordPress Annual Survey is out

The team published the 2020 WordPress Annual survey —  to help those who build WordPress to understand more about our software usage and our contributors’ experience. The Annual Survey will be open for at least 6 weeks and is available in French, German, Japanese, Russian, and Spanish. The survey results (once complete) will be posted on WordPress.org/news. The 2019 survey results have also been released and can now be viewed as slides or downloaded in PDF format

WordPress Translation celebrations spanned four weeks

The last week of September and most of October were focused on recruiting and encouraging polyglot contributors to the WordPress translation project. What was originally envisioned as a single-day event lasted 24 days! The Polyglots and Marketing Teams are exploring how future mini-events can be supported to continue building the momentum. Recordings of the live talks and interviews with contributors are available on YouTube. Write-ups from the different events are on the WPTranslationDay website.  The Polyglots team is also working on its 2020 survey and is requesting feedback on the questions.

Want to help WordPress speak your own language? Follow the Polyglots team blog and join the #polyglots channel in the Making WordPress Slack group

WordPress maintenance and beta releases

The Core team released WordPress 5.5.3 on Oct. 31, following the release of Version 5.5.2 on Oct. 29. Both releases fix several bugs and security issues with WordPress. You can update to the latest version directly from your WordPress dashboard or download it now from WordPress.org.  The team also released WordPress 5.6 Beta 1 on Oct. 20, followed by Beta 2 on Oct. 27. When ready, the final release will include improvements to the editor, auto-updates for major releases, PHP 8 support, and the Twenty Twenty One theme. You can test the Beta versions by downloading them from WordPress.org or using the WordPress Beta Tester plugin.

Want to be involved in the next release? Follow WordPress 5.6 updates on the development cycle and sign-up for the code review/commit office hours. You can help build WordPress Core by following the Core team blog and joining the #core channel in the Making WordPress Slack group. If you would like to help out with WordPress 5.6 outreach, contact the WordPress Marketing team on the #marketing channel.

Gutenberg 9.2 is released

Version 9.2 of the Gutenberg plugin came out on Oct. 21. This release offers support for video subtitles, the ability to transform selected blocks into the columns block, background patterns in cover blocks, along with several exciting features such as improvements to the widget screen, as well as bug fixes. You can find out more about the Gutenberg roadmap in the What’s next in Gutenberg blog post.

Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.

Learn WordPress is gearing up for launch

The Learn WordPress initiative, which offers WordPress video workshops followed by interactive discussions, is aiming to put out two courses by the end of the year as part of its full launch. The team is working on creating courses and is requesting feedback from community members on the planned list of courses.

Want to contribute to Learn WordPress? You can now submit a workshop application (submissions in non-English languages are welcome), apply to become a discussion group leader, organize discussions for your local WordPress meetup group, or update screenshots on existing lesson plans.

Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

The Month in WordPress: October 2020

Wordpress News - Mon, 11/02/2020 - 18:14

October 2020 was a notable month for WordPress lovers, thanks to the release of several products and updates. Read on to keep up with all the latest news!

The 2020 WordPress Annual Survey is out

The team published the 2020 WordPress Annual survey —  to help those who build WordPress to understand more about our software usage and our contributors’ experience. The Annual Survey will be open for at least 6 weeks and is available in French, German, Japanese, Russian, and Spanish. The survey results (once complete) will be posted on WordPress.org/news. The 2019 survey results have also been released and can now be viewed as slides or downloaded in PDF format

WordPress Translation celebrations spanned four weeks

The last week of September and most of October were focused on recruiting and encouraging polyglot contributors to the WordPress translation project. What was originally envisioned as a single-day event lasted 24 days! The Polyglots and Marketing Teams are exploring how future mini-events can be supported to continue building the momentum. Recordings of the live talks and interviews with contributors are available on YouTube. Write-ups from the different events are on the WPTranslationDay website.  The Polyglots team is also working on its 2020 survey and is requesting feedback on the questions.

Want to help WordPress speak your own language? Follow the Polyglots team blog and join the #polyglots channel in the Making WordPress Slack group

WordPress maintenance and beta releases

The Core team released WordPress 5.5.3 on Oct. 31, following the release of Version 5.5.2 on Oct. 29. Both releases fix several bugs and security issues with WordPress. You can update to the latest version directly from your WordPress dashboard or download it now from WordPress.org.  The team also released WordPress 5.6 Beta 1 on Oct. 20, followed by Beta 2 on Oct. 27. When ready, the final release will include improvements to the editor, auto-updates for major releases, PHP 8 support, and the Twenty Twenty One theme. You can test the Beta versions by downloading them from WordPress.org or using the WordPress Beta Tester plugin.

Want to be involved in the next release? Follow WordPress 5.6 updates on the development cycle and sign-up for the code review/commit office hours. You can help build WordPress Core by following the Core team blog and joining the #core channel in the Making WordPress Slack group. If you would like to help out with WordPress 5.6 outreach, contact the WordPress Marketing team on the #marketing channel.

Gutenberg 9.2 is released

Version 9.2 of the Gutenberg plugin came out on Oct. 21. This release offers support for video subtitles, the ability to transform selected blocks into the columns block, background patterns in cover blocks, along with several exciting features such as improvements to the widget screen, as well as bug fixes. You can find out more about the Gutenberg roadmap in the What’s next in Gutenberg blog post.

Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.

Learn WordPress is gearing up for launch

The Learn WordPress initiative, which offers WordPress video workshops followed by interactive discussions, is aiming to put out two courses by the end of the year as part of its full launch. The team is working on creating courses and is requesting feedback from community members on the planned list of courses.

Want to contribute to Learn WordPress? You can now submit a workshop application (submissions in non-English languages are welcome), apply to become a discussion group leader, organize discussions for your local WordPress meetup group, or update screenshots on existing lesson plans.

Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

WPTavern: WordPress Auto-Update System Misfires, Updating Live Sites to an Alpha Release

Wordpress Planet - Fri, 10/30/2020 - 22:57

WordPress’ Core systems team had an eventful Friday when an error in the auto-update system caused sites to update to WordPress 5.5.3-alpha-49449, including live production sites with no auto-update constants defined.

I just had a random production site auto-update itself to #WordPress 5.5.3-alpha 😨 Anyone else seeing this?

— Mark Root-Wiley (@MRWweb) October 30, 2020

Those who received an email about the update logged into their sites to see the message: “BETA TESTERS: This site is set up to install updates of future beta versions automatically.” 

Shaun Rieman logged the first ticket about sites being updated to 5.5.3-alpha-49449, which was also incidentally his first WordPress trac ticket. More users and developers confirmed the issue.

“It’s worth noting that there’s no functional difference between 5.5.2 and 5.5.3-alpha, so there’s no need to worry in that regard,” core committer John Blackbourn said.

Sites that were accidentally updated also installed all the default themes released over the last decade, as well as Akismet. Developers will need to manually delete the bundled themes that they don’t need.

In under an hour, all affected sites were automatically returned to 5.5.2, but the incident has eroded trust and damaged confidence in the auto-update system. Several commenting on the ticket asked how they can explicitly disable development updates.

“The worrying thing is that a single developer can do this, seemingly without any checking or confirmation by other developers,” UK-based developer Paul Stenning said. “This is a serious security concern as a rogue developer could push out malicious code in an update that nobody else checks.”

WordPress agency owner Rob Migchels, who had approximately 50 websites affected, tracked 18 minutes between the the trac ticket (#51679) and receiving the fix.

“The 5.5.3-alpha issue is a side effect of another issue that occurred on 5.5.2,” WordPress engineer and 5.6 Triage release lead Tonya Mork said. Jake Spurlock published an official statement regarding the incident as part of the 5.5.3 release notes:

“Earlier today — between approximately 15:30 and 16:00 UTC — the auto-update system for WordPress updated some sites from version 5.5.2 to version 5.5.3-alpha. This auto-update was due to an error in the Updates API caused by the 5.5.3 release preparations.”

Spurlock elaborated on the technical details in a separate post on the WordPress development blog:

While work was being done to prepare for WordPress 5.5.3, the release team attempted to make 5.5.2 unavailable for download on WordPress.org to limit the spread of the issue noted in the section above, as the error only affected fresh installations. This action resulted in some installations being updated to a pre-release “5.5.3-alpha” version.

In a situation like this, where users who haven’t elected to run their live sites on beta releases are getting a forced update, site owners might wonder whether this update is actually arriving from WordPress, or if the system has been hijacked.

Security researcher Slavco Mihajloski, who commented last week on the lack of transparency regarding how automatic updates are tested and performed, said this incident highlights the need for more openness surrounding the process.

“Why is transparency important? Because procedure will become public and when public, the community will be able to contribute in order to improve it,” Mihajloski said. “At the moment it is more than obvious that this process and the whole security at WP.dot org lacks QA and QC. Each task is left to an individual or closed group. Imagine the following: what if an automatic security update could be pushed only if: – X out of Y (where X < Y) authorities agree that update is fine – have a pilot update on let’s say 100 different servers (I hope .org could afford this) where regression tests will be fired against each one. The current problems would not occur.”

Automatic background updates for minor releases have saved developers thousands of hours in updating sites. A UI for allowing users to opt into automatic updates for major releases is on the roadmap for WordPress 5.6, expected in early December.

This particular accidental update has betrayed for many developers what was already a somewhat fragile trust in the auto-update system. It doesn’t shore up more confidence for selling the idea of core updates when 5.6 is released, but it doesn’t mean that auto-updates are not a good idea. WordPress.org will need to put better processes in place in order to win back users’ trust.

The incident affected more than 100 sites for WordPress agency owner Robert Staddon. He reports that they all displayed the “Update now” button with the confusing and incorrect text seen below. Staddon said the incident has not yet caused him to change his approach to allowing clients to receive auto-updates.

“I was very grateful for the extraordinarily fast response time to get the problem fixed,” Staddon said. “However, it did shake my confidence in the WordPress auto-update process. Considering the number of websites using WordPress, a mistake of this magnitude could end up having a rather catastrophic effect around the web. I would hope that the core team would be able to evaluate how this happened and consider putting some checks in place to make sure it doesn’t happen again.”

WPTavern: Twenty Twenty-One Blocks Theme Launching as a Separate Project

Wordpress Planet - Fri, 10/30/2020 - 20:35
Twenty Twenty-One in the Gutenberg site editor.

Last Friday, Themes Team representative Carolina Nymark announced the Twenty Twenty-One Blocks theme project. It is a block-based version of the Twenty Twenty-One default theme that is shipping along with WordPress 5.6. It will work with the site editor available in the Gutenberg plugin. Developers will work on the two themes as separate projects.

The original plan was to explore support for full-site editing after the WordPress Beta 1 release for Twenty Twenty-One. Some had hoped that support would land in the theme itself. However, a second theme could be a better path in the long run.

As I wrote in my original coverage of Twenty Twenty-One, it did not seem likely that full-site editing would be far enough along in development for it to be a primary feature for the theme. Since the feature will not be in WordPress 5.6, it makes sense to develop for it outside of the primary theme for the time being.

“Twenty Twenty-One Blocks is an experimental theme created as an example to highlight what is possible with Full Site Editing,” wrote Nymark in the announcement. “The theme will need Gutenberg and the Full Site Editing experiment to be enabled. It will not be part of Core, but once complete it will be available in the theme directory.”

Currently, there are no plans to integrate the two themes down the road. They will be maintained as separate projects. This sounds like a smart strategy for this theme. It will allow developers to work on the Blocks theme as a separate entity in the coming months without having to worry about potential problems with merging.

I am excited about this project because it means we get a somewhat official, though not technically a default, theme that supports full-site editing. Otherwise, the community would have had to wait another year for the Twenty Twenty-Two theme, which will presumably be 100% built with blocks.

The Q theme by Ari Stathopoulos, a Themes Team representative, is a little farther along at the moment. It is a solid starting point and learning tool. However, there should be a theme project coming from core WordPress developers that is leading the way for other theme authors. There is a sense of trust, particularly for first-time theme authors, when picking apart an officially-supported theme that it is built to current standards. That is why Twenty Twenty-One Blocks is important.

Thus far, little work has gone into the theme, much of it coming from the original pull request to kick off development from Kjell Reigstad. The theme is currently stored in the WordPress Theme Experiments repository. Ideally, the team will split this theme into its own GitHub repository since it will be added to the theme directory and not merely an experiment.

For theme authors who want to cut their teeth on building block-based themes, this would be a good place to begin taking those initial steps. Or, it will at least be a good project to follow because this is as close to an “official” theme that supports full-site editing that we will see for a while.

At this point, the theme does not do a lot. It is minimal and nowhere near a block-based equivalent of Twenty Twenty-One. However, it works as well as most other themes supporting Gutenberg’s site editor.

For now, template parts do not seem to be working on the front end. However, template parts have been hit or miss in my tests for a while, sometimes seemingly working only by some randomly magical force that rears its head when I close in on the limits of my frustration — it will likely begin working immediately after publishing this post. That is often the nature of testing alpha-level software. Nevertheless, I am excited about following the development of this theme in the coming weeks and months.

Pages