Wordpress News

Gutenberg Times: WordCamp Europe 2021 starts Monday

Wordpress Planet - Sat, 06/05/2021 - 04:00

WordCamp Europe 2021 will be one of the largest virtual WordCamps again and the schedule has some great talks for every WordPress users, developers, site builders, theme designers, DIY site owners and content creators.

We looked through the schedule and spotted very forward-looking Gutenberg related talks, workshops and discussions. Before you study the list, I would recommend the site Time Zone Converter to help you convert the listed times from Central Europe Summer Time (CEST) to your local time. Once in a while I get confused by time zones, and that’s my favorite site to set me straight.

Fabian Kägy, developer at 10up:
Building great experiences in the new editor

Description: Starting out building blocks or experiences for the WordPress block editor can be a bit daunting. Where do I start? Custom blocks, block patterns or just styling core blocks. In this talk, Kägy will walk through the different options and share the benefits and downsides of each while talking about overall good practices for building great editorial experiences.

As a sidenote: Almost exactly a year ago, Fabian Kägy was a presenter at a Gutenberg Times Live Q & A together with Grzegorz Ziolkowski, and demo’d how you can use and extend the official WordPress create-block scaffolding tool.

Monday, June 7th, 2021, at 10am EDT / 14:00 UTC / 16:00 CEST

Full-Site Editing Panel Discussion

The names of the panelist are still a secret, and I will update the post when we know more.

If you’d like to get a jump start here are few resources:

Monday, June 7, 2021 at 12:34 pm EDT / 16:34 UTC / CEST: 18:34

Workshop: A walkthrough of Full Site Editing with Herb Miller, Web developer in UK,

Description: Herb Miller will give a short tour of Full Site Editing (FSE) in this workshop from his perspective as a contributor to the outreach experiment for this major development in WordPress.

He has created a learning resource which attendees can use to follow on during the workshop.

Herb will give attendees an overview of:

  • how to get started
  • the components of the Site Editor
  • example templates and template parts
  • some blocks used to create FSE themes
  • example themes
  • a very few code samples
  • some answers to FAQs
  • how to become involved
  • and many links to other resources

Tuesday, June 8th, 2021 11am EDT / 15:00 UTC / 17:00 CEST

Lee Shadle, web developer Blazing fast block development

Lee Shadle wrote in his description: “I’ve been OBSESSED w/ building blocks since before Gutenberg was released. I’ve built a BUNCH of custom block plugins over the years. In this workshop I’m going to share the framework I’ve been using for quickly building custom block plugins for WordPress.”. Shadle recently also held a talk at WordSesh and demo’d his create-block-plugin scaffolding tool and it was inspiring. This is definitely not a talk to miss.

Tuesday June 8, 2021 12:00 EDT / 16:00 UTC / 18:oo CEST

The Future of Themes in WordPress

The future of themes will be a topic of this panel discussion. Stay tuned or follow WordCamp Europe on Social Media (Twitter, Facebook, Instagram).

Join us for our next Live Q & A
on June 24, 2021 at 11am EDT / 15:00 UTC

Theme.json for Theme Authors or building themes for full-site editing in WordPress.
Host: Birgit Pauli-Haack
Panel: Daily Olson, Tammie Lister and Jeff Ong Register Now

Conversation with Matt Mullenweg

Matt Mullenweg is the co-founder of WordPress and the CEO of Automattic. The conversation should be the highlight of the WordCamp Europe

Wednesday, June 9th, 2021 – 11:42 EDT / 15:42 UTC / 17:42 CEST

This edition of the WordCamp Europe also offers interesting Sponsor talks. Look for them on the schedule, too.

Gutenberg Times: WordCamp Europe 2021 starts Monday

Wordpress Planet - Sat, 06/05/2021 - 04:00

WordCamp Europe 2021 will be one of the largest virtual WordCamps again and the schedule has some great talks for every WordPress users, developers, site builders, theme designers, DIY site owners and content creators.

We looked through the schedule and spotted very forward-looking Gutenberg related talks, workshops and discussions. Before you study the list, I would recommend the site Time Zone Converter to help you convert the listed times from Central Europe Summer Time (CEST) to your local time. Once in a while I get confused by time zones, and that’s my favorite site to set me straight.

Fabian Kägy, developer at 10up:
Building great experiences in the new editor

Description: Starting out building blocks or experiences for the WordPress block editor can be a bit daunting. Where do I start? Custom blocks, block patterns or just styling core blocks. In this talk, Kägy will walk through the different options and share the benefits and downsides of each while talking about overall good practices for building great editorial experiences.

As a sidenote: Almost exactly a year ago, Fabian Kägy was a presenter at a Gutenberg Times Live Q & A together with Grzegorz Ziolkowski, and demo’d how you can use and extend the official WordPress create-block scaffolding tool.

Monday, June 7th, 2021, at 10am EDT / 14:00 UTC / 16:00 CEST

Full-Site Editing Panel Discussion

The names of the panelist are still a secret, and I will update the post when we know more.

If you’d like to get a jump start here are few resources:

Monday, June 7, 2021 at 12:34 pm EDT / 16:34 UTC / CEST: 18:34

Workshop: A walkthrough of Full Site Editing with Herb Miller, Web developer in UK,

Description: Herb Miller will give a short tour of Full Site Editing (FSE) in this workshop from his perspective as a contributor to the outreach experiment for this major development in WordPress.

He has created a learning resource which attendees can use to follow on during the workshop.

Herb will give attendees an overview of:

  • how to get started
  • the components of the Site Editor
  • example templates and template parts
  • some blocks used to create FSE themes
  • example themes
  • a very few code samples
  • some answers to FAQs
  • how to become involved
  • and many links to other resources

Tuesday, June 8th, 2021 11am EDT / 15:00 UTC / 17:00 CEST

Lee Shadle, web developer Blazing fast block development

Lee Shadle wrote in his description: “I’ve been OBSESSED w/ building blocks since before Gutenberg was released. I’ve built a BUNCH of custom block plugins over the years. In this workshop I’m going to share the framework I’ve been using for quickly building custom block plugins for WordPress.”. Shadle recently also held a talk at WordSesh and demo’d his create-block-plugin scaffolding tool and it was inspiring. This is definitely not a talk to miss.

Tuesday June 8, 2021 12:00 EDT / 16:00 UTC / 18:oo CEST

The Future of Themes in WordPress

The future of themes will be a topic of this panel discussion. Stay tuned or follow WordCamp Europe on Social Media (Twitter, Facebook, Instagram).

Join us for our next Live Q & A
on June 24, 2021 at 11am EDT / 15:00 UTC

Theme.json for Theme Authors or building themes for full-site editing in WordPress.
Host: Birgit Pauli-Haack
Panel: Daily Olson, Tammie Lister and Jeff Ong Register Now

Conversation with Matt Mullenweg

Matt Mullenweg is the co-founder of WordPress and the CEO of Automattic. The conversation should be the highlight of the WordCamp Europe

Wednesday, June 9th, 2021 – 11:42 EDT / 15:42 UTC / 17:42 CEST

This edition of the WordCamp Europe also offers interesting Sponsor talks. Look for them on the schedule, too.

Gutenberg Times: So, You want to talk about Full-site Editing?

Wordpress Planet - Sat, 06/05/2021 - 00:50
Anne McCarthy writes at nomad.blog

As we’re nearing 5.8, there’s an increasing demand for people to speak about Full Site Editing and this post should help act as a resource guide to enable more people to do so. As always, I would love contributions from the wider community to build this out into an even more comprehensive resource! While this post covers a lot of content, see it as a go to place to mix and match as you’d like for your own presentation rather than something you need to know every detail of. For example, if you’re presenting to theme authors, you can use this to get a sense at a glance of what might be relevant from what to demo, what resources to share, what GitHub issues to highlight, and more.

Join us for our next Live Q & A
on June 24, 2021 at 11am EDT / 15:00 UTC

Theme.json for Theme Authors or building themes for full-site editing in WordPress.
Host: Birgit Pauli-Haack
Panel: Daily Olson, Tammie Lister and Jeff Ong Register Now

Resources Key points to cover around 5.8:
  • FSE is a collection of features and not a monolith.
  • Because FSE is a collection of features, Core can be flexible in shipping what is both stable and adds the most value.
  • 5.8 is focused mainly on bringing tools to extenders with limited changes to the user experience. This includes theme.json, new theme blocks, design tools, and template editing mode.
Demo ideas

Depending on who you are and who the audience, the following are your best bets for demo content:

Helpful GitHub issues Helpful Posts Conversation Starters
  • What would you like to see done as part of the gradual adoption milestone
  • What would make you more inclined to use Full Site Editing? On the flip side, what would make you less inclined? 
  • Are there any key people or resources like podcasts, courses, documentation, etc that have helped you explore Full Site Editing? 
  • How do you think Full Site Editing will change the WordPress ecosystem? What excites you there? What makes you nervous? 
  • What do you think is most helpful to communicate about Full Site Editing right now to put more people at ease and build excitement? 
  • What are you still confused about when it comes to Full Site Editing?
FAQs

These are the top questions you can most likely expect to get asked with high level answers to get you started in the right direction. For a more comprehensive list of questions and answers, check out the FSE Outreach Program’s roundups.

What is Full Site Editing and what value will it bring?

Full Site Editing is a collection of features that bring the familiar experience and extendability of blocks to all parts of your site rather than just post and pages. In terms of value, it depends on who you are:
User: empowerment to customize what you want to your liking without needing to dive into code.
Themer/developer: focus less on coding thanks to various design tools and more on creating a compelling experience with your theme.
Agency: greater control and consistency over what you offer clients including things like setting custom branding colors or locking down various aspects of the site such as typography settings.
When you see or feel this value depends on who you are, how early you adopt features, and when stable features land in Core. Thanks to FSE being a collection of features, some independent and some interdependent, there’s wonderful room to ship what’s stable.

What is going to happen to themes and what kinds of pathways are being created?

In the long run, it should make theme development much easier and simpler with design tools ready to tap into allowing theme authors to focus less on coding and functions and more on design expression and aesthetics. Because Full Site Editing requires a block based theme, this makes themes extremely important to get right! As a result, lots of pathways are being created including the ability to use theme blocks in a classic theme, exploring how to use the customizer and site editor as part of a “universal theme”, unlocking the ability to create a new block template in a classic theme, allowing classic themes to adopt the block widget editor, and more.
Key: Themes are a key part of the FSE experience, lots of work is being done to allow for a breadth of options going forward, and we need feedback from theme authors to make the transition easier. 

What about page builders/site builders?

FSE is being built in a way that site builders, if they choose to, can build on top of what’s being created. Overall though, FSE is being built partially so people don’t get locked into one site builder over another. While the goals shared between FSE and site builders are similar in terms of empowering users and give better tools to customize a site, the main difference is that we are developing tools that work for users, themers, and hopefully also page builders by expanding how WordPress uses blocks as a whole. Since Core has to strike a nice balance, it’s expected that future plugins will play a role here in exposing more/less depending on user needs.

How will restricting access to these features work?

This will depend on who is asking the question (a user, a theme author, a developer, etc) but some of the GitHub issues referenced above should help. For users, I’d focus on the fact that they would either need to seek out a block theme to use or their current theme would need to ship specific updates. For a themer/developer, I’d share that there will be various options to opt in and out of this work (for example with creating block templates). Upcoming 5.8 dev notes should address this for any new features.

Will upgrading to 5.8 cause FSE to take over my site like the Core Editor did in 5.0?

No. 5.8 is focused on giving tools to extenders first and foremost before more user facing changes are launched going forward and integrated into themes. In terms of user facing features, you can expect to see

Anne McCarthy published this post on her personal blog and gave us permission to republish it here as well.

Join us for our next Live Q & A
on June 24, 2021 at 11am EDT / 15:00 UTC

Theme.json for Theme Authors or building themes for full-site editing in WordPress.
Host: Birgit Pauli-Haack
Panel: Daily Olson, Tammie Lister and Jeff Ong Register Now

Gutenberg Times: So, You want to talk about Full-site Editing?

Wordpress Planet - Sat, 06/05/2021 - 00:50
Anne McCarthy writes at nomad.blog

As we’re nearing 5.8, there’s an increasing demand for people to speak about Full Site Editing and this post should help act as a resource guide to enable more people to do so. As always, I would love contributions from the wider community to build this out into an even more comprehensive resource! While this post covers a lot of content, see it as a go to place to mix and match as you’d like for your own presentation rather than something you need to know every detail of. For example, if you’re presenting to theme authors, you can use this to get a sense at a glance of what might be relevant from what to demo, what resources to share, what GitHub issues to highlight, and more.

Join us for our next Live Q & A
on June 24, 2021 at 11am EDT / 15:00 UTC

Theme.json for Theme Authors or building themes for full-site editing in WordPress.
Host: Birgit Pauli-Haack
Panel: Daily Olson, Tammie Lister and Jeff Ong Register Now

Resources Key points to cover around 5.8:
  • FSE is a collection of features and not a monolith.
  • Because FSE is a collection of features, Core can be flexible in shipping what is both stable and adds the most value.
  • 5.8 is focused mainly on bringing tools to extenders with limited changes to the user experience. This includes theme.json, new theme blocks, design tools, and template editing mode.
Demo ideas

Depending on who you are and who the audience, the following are your best bets for demo content:

Helpful GitHub issues Helpful Posts Conversation Starters
  • What would you like to see done as part of the gradual adoption milestone
  • What would make you more inclined to use Full Site Editing? On the flip side, what would make you less inclined? 
  • Are there any key people or resources like podcasts, courses, documentation, etc that have helped you explore Full Site Editing? 
  • How do you think Full Site Editing will change the WordPress ecosystem? What excites you there? What makes you nervous? 
  • What do you think is most helpful to communicate about Full Site Editing right now to put more people at ease and build excitement? 
  • What are you still confused about when it comes to Full Site Editing?
FAQs

These are the top questions you can most likely expect to get asked with high level answers to get you started in the right direction. For a more comprehensive list of questions and answers, check out the FSE Outreach Program’s roundups.

What is Full Site Editing and what value will it bring?

Full Site Editing is a collection of features that bring the familiar experience and extendability of blocks to all parts of your site rather than just post and pages. In terms of value, it depends on who you are:
User: empowerment to customize what you want to your liking without needing to dive into code.
Themer/developer: focus less on coding thanks to various design tools and more on creating a compelling experience with your theme.
Agency: greater control and consistency over what you offer clients including things like setting custom branding colors or locking down various aspects of the site such as typography settings.
When you see or feel this value depends on who you are, how early you adopt features, and when stable features land in Core. Thanks to FSE being a collection of features, some independent and some interdependent, there’s wonderful room to ship what’s stable.

What is going to happen to themes and what kinds of pathways are being created?

In the long run, it should make theme development much easier and simpler with design tools ready to tap into allowing theme authors to focus less on coding and functions and more on design expression and aesthetics. Because Full Site Editing requires a block based theme, this makes themes extremely important to get right! As a result, lots of pathways are being created including the ability to use theme blocks in a classic theme, exploring how to use the customizer and site editor as part of a “universal theme”, unlocking the ability to create a new block template in a classic theme, allowing classic themes to adopt the block widget editor, and more.
Key: Themes are a key part of the FSE experience, lots of work is being done to allow for a breadth of options going forward, and we need feedback from theme authors to make the transition easier. 

What about page builders/site builders?

FSE is being built in a way that site builders, if they choose to, can build on top of what’s being created. Overall though, FSE is being built partially so people don’t get locked into one site builder over another. While the goals shared between FSE and site builders are similar in terms of empowering users and give better tools to customize a site, the main difference is that we are developing tools that work for users, themers, and hopefully also page builders by expanding how WordPress uses blocks as a whole. Since Core has to strike a nice balance, it’s expected that future plugins will play a role here in exposing more/less depending on user needs.

How will restricting access to these features work?

This will depend on who is asking the question (a user, a theme author, a developer, etc) but some of the GitHub issues referenced above should help. For users, I’d focus on the fact that they would either need to seek out a block theme to use or their current theme would need to ship specific updates. For a themer/developer, I’d share that there will be various options to opt in and out of this work (for example with creating block templates). Upcoming 5.8 dev notes should address this for any new features.

Will upgrading to 5.8 cause FSE to take over my site like the Core Editor did in 5.0?

No. 5.8 is focused on giving tools to extenders first and foremost before more user facing changes are launched going forward and integrated into themes. In terms of user facing features, you can expect to see

Anne McCarthy published this post on her personal blog and gave us permission to republish it here as well.

Join us for our next Live Q & A
on June 24, 2021 at 11am EDT / 15:00 UTC

Theme.json for Theme Authors or building themes for full-site editing in WordPress.
Host: Birgit Pauli-Haack
Panel: Daily Olson, Tammie Lister and Jeff Ong Register Now

Gutenberg Times: So, You want to talk about Full-site Editing?

Wordpress Planet - Sat, 06/05/2021 - 00:50
Anne McCarthy writes at nomad.blog

As we’re nearing 5.8, there’s an increasing demand for people to speak about Full Site Editing and this post should help act as a resource guide to enable more people to do so. As always, I would love contributions from the wider community to build this out into an even more comprehensive resource! While this post covers a lot of content, see it as a go to place to mix and match as you’d like for your own presentation rather than something you need to know every detail of. For example, if you’re presenting to theme authors, you can use this to get a sense at a glance of what might be relevant from what to demo, what resources to share, what GitHub issues to highlight, and more.

Join us for our next Live Q & A
on June 24, 2021 at 11am EDT / 15:00 UTC

Theme.json for Theme Authors or building themes for full-site editing in WordPress.
Host: Birgit Pauli-Haack
Panel: Daily Olson, Tammie Lister and Jeff Ong Register Now

Resources Key points to cover around 5.8:
  • FSE is a collection of features and not a monolith.
  • Because FSE is a collection of features, Core can be flexible in shipping what is both stable and adds the most value.
  • 5.8 is focused mainly on bringing tools to extenders with limited changes to the user experience. This includes theme.json, new theme blocks, design tools, and template editing mode.
Demo ideas

Depending on who you are and who the audience, the following are your best bets for demo content:

Helpful GitHub issues Helpful Posts Conversation Starters
  • What would you like to see done as part of the gradual adoption milestone
  • What would make you more inclined to use Full Site Editing? On the flip side, what would make you less inclined? 
  • Are there any key people or resources like podcasts, courses, documentation, etc that have helped you explore Full Site Editing? 
  • How do you think Full Site Editing will change the WordPress ecosystem? What excites you there? What makes you nervous? 
  • What do you think is most helpful to communicate about Full Site Editing right now to put more people at ease and build excitement? 
  • What are you still confused about when it comes to Full Site Editing?
FAQs

These are the top questions you can most likely expect to get asked with high level answers to get you started in the right direction. For a more comprehensive list of questions and answers, check out the FSE Outreach Program’s roundups.

What is Full Site Editing and what value will it bring?

Full Site Editing is a collection of features that bring the familiar experience and extendability of blocks to all parts of your site rather than just post and pages. In terms of value, it depends on who you are:
User: empowerment to customize what you want to your liking without needing to dive into code.
Themer/developer: focus less on coding thanks to various design tools and more on creating a compelling experience with your theme.
Agency: greater control and consistency over what you offer clients including things like setting custom branding colors or locking down various aspects of the site such as typography settings.
When you see or feel this value depends on who you are, how early you adopt features, and when stable features land in Core. Thanks to FSE being a collection of features, some independent and some interdependent, there’s wonderful room to ship what’s stable.

What is going to happen to themes and what kinds of pathways are being created?

In the long run, it should make theme development much easier and simpler with design tools ready to tap into allowing theme authors to focus less on coding and functions and more on design expression and aesthetics. Because Full Site Editing requires a block based theme, this makes themes extremely important to get right! As a result, lots of pathways are being created including the ability to use theme blocks in a classic theme, exploring how to use the customizer and site editor as part of a “universal theme”, unlocking the ability to create a new block template in a classic theme, allowing classic themes to adopt the block widget editor, and more.
Key: Themes are a key part of the FSE experience, lots of work is being done to allow for a breadth of options going forward, and we need feedback from theme authors to make the transition easier. 

What about page builders/site builders?

FSE is being built in a way that site builders, if they choose to, can build on top of what’s being created. Overall though, FSE is being built partially so people don’t get locked into one site builder over another. While the goals shared between FSE and site builders are similar in terms of empowering users and give better tools to customize a site, the main difference is that we are developing tools that work for users, themers, and hopefully also page builders by expanding how WordPress uses blocks as a whole. Since Core has to strike a nice balance, it’s expected that future plugins will play a role here in exposing more/less depending on user needs.

How will restricting access to these features work?

This will depend on who is asking the question (a user, a theme author, a developer, etc) but some of the GitHub issues referenced above should help. For users, I’d focus on the fact that they would either need to seek out a block theme to use or their current theme would need to ship specific updates. For a themer/developer, I’d share that there will be various options to opt in and out of this work (for example with creating block templates). Upcoming 5.8 dev notes should address this for any new features.

Will upgrading to 5.8 cause FSE to take over my site like the Core Editor did in 5.0?

No. 5.8 is focused on giving tools to extenders first and foremost before more user facing changes are launched going forward and integrated into themes. In terms of user facing features, you can expect to see

Anne McCarthy published this post on her personal blog and gave us permission to republish it here as well.

Join us for our next Live Q & A
on June 24, 2021 at 11am EDT / 15:00 UTC

Theme.json for Theme Authors or building themes for full-site editing in WordPress.
Host: Birgit Pauli-Haack
Panel: Daily Olson, Tammie Lister and Jeff Ong Register Now

WPTavern: Jetpack 9.8 Introduces WordPress Stories Block Alongside Forced Security Update

Wordpress Planet - Sat, 06/05/2021 - 00:04

Jetpack 9.8 was released this week, introducing WordPress Stories as the headline feature. The Story block, which allows users to create interactive stories, was previously only available on mobile. It can now be used in the web editor. Stories went into public beta on the Android app in January 2021, and were officially released on the mobile apps in March.

Version 9.8 also included a security patch for all sites using the Carousel feature. The vulnerability allowed the comments of non-published pages/posts to be leaked. It was severe enough for the Jetpack team to work with WordPress.org to release 78 patched versions – every version of Jetpack since 2.0. Sites not using the Carousel feature were not vulnerable but could be in the future if it was enabled and left unpatched.

In a rare move, WordPress.org pushed a forced update to all vulnerable versions, surprising those who have auto-updates disabled. Several Jetpack users posted in the support forums, asking why the plugin had updated automatically without permission and in some cases not to the newest version.

So this update was a forced update on WordPress sites even with auto-updates disabled?

We had this go live on a prod site at 2am last night that has auto-updates disabled for very specific reasons.

Not cool Jetpack. https://t.co/55upBmyeHp

— Brad Williams (@williamsba) June 3, 2021

Jetpack team member Jeremy Herve said the vulnerability was responsibly disclosed via Hackerone, allowing them to work on a patch for the issue. After it was ready to go, the Jetpack team reached out to the WordPress.org security team to inform them of a vulnerability impacting multiple versions of the plugin.

“We sent them the patch alongside all the info we had (a PoC for the vulnerability, what features had to be active, what versions of Jetpack were impacted),” Herve said. “They recommended we release point releases for older versions of Jetpack as well.

“We created those new releases, and when we were ready to release them, someone from the WordPress.org team made some changes on the WordPress.org side so folks running old, vulnerable versions of the plugin would get auto-updated, just like it works for Core versions of WordPress.”

Jetpack team member Brandon Kraft estimated the number of vulnerable sites at 18% of the plugin’s active installs. He said that Jetpack was not part of the discussion about the pushing out a forced update.

We weren't part of the discussion. Provided details and got the response, but I wouldn't expect a security convo to be public. But, yes. Single feature impacted. A few things need to be all true for it to matter on a site, which looked like qualified about 18% of sites IIRC.

— A Guy Called Kraft 😷💉 (@Kraft) June 3, 2021

“What probably adds to the confusion is that WordPress 5.5 added a UI for plugin (and theme) autoupdates,” Herve said. “That UI, while helping one manage plugin autoupdates on their site, is a bit different from Core’s forced update process. Both of those update types can be deactivated by site owners, just like core’s autoupdates can be deactivated, but I don’t believe (and honestly wouldn’t recommend) that many folks deactivate those updates.”

Brandon Kraft dug deeper into the topic and published a post that explains the differences between auto-updates and forced updates. It includes how to lock down file modifications if you don’t want to receive any forced updates in the future. Forced updates, however, are exceedingly rare, and Kraft counts only three for Jetpack since 2013.

In this instance, the Jetpack team followed the official process for reporting a critical vulnerability to the plugin and security teams who determine the impact for users based on a set criteria. Users who received an email notification about an automatic update from Jetpack, despite having the UI in the dashboard set to disable them, should be aware that these forced updates can come once in a blue moon for security purposes.

Tony Perez, founder of NOC and former CEO at Sucuri, contends that forcing a security update like this violates the intent users’ assign when using the auto-updates UI in WordPress. He highlighted the potential for abuse if the system were to become vulnerable to a bad actor.

“The platform is making an active decision that is arguably contrary to what the site administrator is intending when they explicitly say they don’t want something done,” Perez said. “Put plainly, it’s an abuse of trust that exists between the WordPress user and the Foundation that helps maintain the project.

“My position is not that it shouldn’t exist. That’s a much deeper ideological debate, but it is about respecting an administrators explicit intent.”

WPTavern: Jetpack 9.8 Introduces WordPress Stories Block Alongside Forced Security Update

Wordpress Planet - Sat, 06/05/2021 - 00:04

Jetpack 9.8 was released this week, introducing WordPress Stories as the headline feature. The Story block, which allows users to create interactive stories, was previously only available on mobile. It can now be used in the web editor. Stories went into public beta on the Android app in January 2021, and were officially released on the mobile apps in March.

Version 9.8 also included a security patch for all sites using the Carousel feature. The vulnerability allowed the comments of non-published pages/posts to be leaked. It was severe enough for the Jetpack team to work with WordPress.org to release 78 patched versions – every version of Jetpack since 2.0. Sites not using the Carousel feature were not vulnerable but could be in the future if it was enabled and left unpatched.

In a rare move, WordPress.org pushed a forced update to all vulnerable versions, surprising those who have auto-updates disabled. Several Jetpack users posted in the support forums, asking why the plugin had updated automatically without permission and in some cases not to the newest version.

So this update was a forced update on WordPress sites even with auto-updates disabled?

We had this go live on a prod site at 2am last night that has auto-updates disabled for very specific reasons.

Not cool Jetpack. https://t.co/55upBmyeHp

— Brad Williams (@williamsba) June 3, 2021

Jetpack team member Jeremy Herve said the vulnerability was responsibly disclosed via Hackerone, allowing them to work on a patch for the issue. After it was ready to go, the Jetpack team reached out to the WordPress.org security team to inform them of a vulnerability impacting multiple versions of the plugin.

“We sent them the patch alongside all the info we had (a PoC for the vulnerability, what features had to be active, what versions of Jetpack were impacted),” Herve said. “They recommended we release point releases for older versions of Jetpack as well.

“We created those new releases, and when we were ready to release them, someone from the WordPress.org team made some changes on the WordPress.org side so folks running old, vulnerable versions of the plugin would get auto-updated, just like it works for Core versions of WordPress.”

Jetpack team member Brandon Kraft estimated the number of vulnerable sites at 18% of the plugin’s active installs. He said that Jetpack was not part of the discussion about the pushing out a forced update.

We weren't part of the discussion. Provided details and got the response, but I wouldn't expect a security convo to be public. But, yes. Single feature impacted. A few things need to be all true for it to matter on a site, which looked like qualified about 18% of sites IIRC.

— A Guy Called Kraft 😷💉 (@Kraft) June 3, 2021

“What probably adds to the confusion is that WordPress 5.5 added a UI for plugin (and theme) autoupdates,” Herve said. “That UI, while helping one manage plugin autoupdates on their site, is a bit different from Core’s forced update process. Both of those update types can be deactivated by site owners, just like core’s autoupdates can be deactivated, but I don’t believe (and honestly wouldn’t recommend) that many folks deactivate those updates.”

Brandon Kraft dug deeper into the topic and published a post that explains the differences between auto-updates and forced updates. It includes how to lock down file modifications if you don’t want to receive any forced updates in the future. Forced updates, however, are exceedingly rare, and Kraft counts only three for Jetpack since 2013.

In this instance, the Jetpack team followed the official process for reporting a critical vulnerability to the plugin and security teams who determine the impact for users based on a set criteria. Users who received an email notification about an automatic update from Jetpack, despite having the UI in the dashboard set to disable them, should be aware that these forced updates can come once in a blue moon for security purposes.

Tony Perez, founder of NOC and former CEO at Sucuri, contends that forcing a security update like this violates the intent users’ assign when using the auto-updates UI in WordPress. He highlighted the potential for abuse if the system were to become vulnerable to a bad actor.

“The platform is making an active decision that is arguably contrary to what the site administrator is intending when they explicitly say they don’t want something done,” Perez said. “Put plainly, it’s an abuse of trust that exists between the WordPress user and the Foundation that helps maintain the project.

“My position is not that it shouldn’t exist. That’s a much deeper ideological debate, but it is about respecting an administrators explicit intent.”

WPTavern: Jetpack 9.8 Introduces WordPress Stories Block Alongside Forced Security Update

Wordpress Planet - Sat, 06/05/2021 - 00:04

Jetpack 9.8 was released this week, introducing WordPress Stories as the headline feature. The Story block, which allows users to create interactive stories, was previously only available on mobile. It can now be used in the web editor. Stories went into public beta on the Android app in January 2021, and were officially released on the mobile apps in March.

Version 9.8 also included a security patch for all sites using the Carousel feature. The vulnerability allowed the comments of non-published pages/posts to be leaked. It was severe enough for the Jetpack team to work with WordPress.org to release 78 patched versions – every version of Jetpack since 2.0. Sites not using the Carousel feature were not vulnerable but could be in the future if it was enabled and left unpatched.

In a rare move, WordPress.org pushed a forced update to all vulnerable versions, surprising those who have auto-updates disabled. Several Jetpack users posted in the support forums, asking why the plugin had updated automatically without permission and in some cases not to the newest version.

So this update was a forced update on WordPress sites even with auto-updates disabled?

We had this go live on a prod site at 2am last night that has auto-updates disabled for very specific reasons.

Not cool Jetpack. https://t.co/55upBmyeHp

— Brad Williams (@williamsba) June 3, 2021

Jetpack team member Jeremy Herve said the vulnerability was responsibly disclosed via Hackerone, allowing them to work on a patch for the issue. After it was ready to go, the Jetpack team reached out to the WordPress.org security team to inform them of a vulnerability impacting multiple versions of the plugin.

“We sent them the patch alongside all the info we had (a PoC for the vulnerability, what features had to be active, what versions of Jetpack were impacted),” Herve said. “They recommended we release point releases for older versions of Jetpack as well.

“We created those new releases, and when we were ready to release them, someone from the WordPress.org team made some changes on the WordPress.org side so folks running old, vulnerable versions of the plugin would get auto-updated, just like it works for Core versions of WordPress.”

Jetpack team member Brandon Kraft estimated the number of vulnerable sites at 18% of the plugin’s active installs. He said that Jetpack was not part of the discussion about the pushing out a forced update.

We weren't part of the discussion. Provided details and got the response, but I wouldn't expect a security convo to be public. But, yes. Single feature impacted. A few things need to be all true for it to matter on a site, which looked like qualified about 18% of sites IIRC.

— A Guy Called Kraft 😷💉 (@Kraft) June 3, 2021

“What probably adds to the confusion is that WordPress 5.5 added a UI for plugin (and theme) autoupdates,” Herve said. “That UI, while helping one manage plugin autoupdates on their site, is a bit different from Core’s forced update process. Both of those update types can be deactivated by site owners, just like core’s autoupdates can be deactivated, but I don’t believe (and honestly wouldn’t recommend) that many folks deactivate those updates.”

Brandon Kraft dug deeper into the topic and published a post that explains the differences between auto-updates and forced updates. It includes how to lock down file modifications if you don’t want to receive any forced updates in the future. Forced updates, however, are exceedingly rare, and Kraft counts only three for Jetpack since 2013.

In this instance, the Jetpack team followed the official process for reporting a critical vulnerability to the plugin and security teams who determine the impact for users based on a set criteria. Users who received an email notification about an automatic update from Jetpack, despite having the UI in the dashboard set to disable them, should be aware that these forced updates can come once in a blue moon for security purposes.

Tony Perez, founder of NOC and former CEO at Sucuri, contends that forcing a security update like this violates the intent users’ assign when using the auto-updates UI in WordPress. He highlighted the potential for abuse if the system were to become vulnerable to a bad actor.

“The platform is making an active decision that is arguably contrary to what the site administrator is intending when they explicitly say they don’t want something done,” Perez said. “Put plainly, it’s an abuse of trust that exists between the WordPress user and the Foundation that helps maintain the project.

“My position is not that it shouldn’t exist. That’s a much deeper ideological debate, but it is about respecting an administrators explicit intent.”

WPTavern: Create Per-Post Social Media Images With the Social Image Generator WordPress Plugin

Wordpress Planet - Fri, 06/04/2021 - 23:59

It was a bit of a low-key announcement when Daniel Post introduced Social Image Generator to the world in February via tweet. But, when you get repped by Chris Coyier of CSS-Tricks and the co-founder of WordPress uses your plugin (come on, Matt, set a default image), it means your product is on the right track.

I am not easily impressed by every new plugin to fly across my metaphorical desk. I probably install at least a couple dozen every week. Sometimes, I do so because something looks handy on the surface, and I want to see if I can find some use for it. Other times, I think it might be worth sharing with Tavern readers. More often than not, I consider most of them cringeworthy. I have high standards.

As I chatted with Post about this new plugin, I was excited enough to call Social Image Generator one of those OMG-where-have-you-been? types of plugins. You will not hear that from me often.

Post quit his day job to venture out earlier this year, creating his one-man WordPress agency named Posty Studio. Social Image Generator is its first product.

“I kept seeing tutorials on my Twitter feed on how to automatically generate images for your social media posts, but unfortunately, they all used a similar approach (Node.js) that just wasn’t suitable for WordPress,” said Post of the inspiration for the plugin. “This got me thinking: would it be possible to make this for WordPress? I started playing around with image generation in PHP, and when I got my proof of concept working, I realized that this might actually be something I should pursue.”

In our chat over Slack, we actually saw the plugin in action. As he shared Coyier’s article from CSS-Tricks, the chatting platform displayed the social image in real-time.

Auto-generated image appearing via Slack.

Maybe it was fate. Maybe Post knew it would happen and thought it would be a good idea to show off his work as we talked about his project. Either way, it was enough to impress the writer who is unafraid to call your plugin a dumpster fire if he smells smoke.

Post seems to be hitting all the right notes with this commercial plugin. It has a slew of features built into version 1.x, which we will get to shortly. It is dead simple to use. It is something nearly any website owner needs, assuming they want to share their content via social networks. And, with a $39/year starting price, it is not an overly expensive product for those on the fence about buying.

How the Plugin Works

After installing and activating Social Image Generator, users are taken to the plugin’s settings screen. Other than a license key field and a button for clearing the image cache, most users will want to dive straight into the template editor.

At the moment, the plugin includes 23 templates. From Twenty Seventeen to Twenty Twenty-One, each of the last four default WordPress themes also has a dedicated template. After selecting one, users can customize the colors for the logo, post title, and more — the amount of customization depends on the chosen template.

Browsing the plugin’s templates.

Aside from selecting colors, users can choose between various logo and text options. They can also upload a default image for posts without featured images.

Editing a template from Social Image Generator.

When it comes time to publish, the plugin adds a meta box to the post sidebar. Users can further customize their social image and text on a per-post basis.

Social image preview box on the post-editing screen.

Once published, the plugin creates an image that will appear when a post is shared on social media.

On the whole, there is a ton that anyone can do with the built-in templates. There is also an API for developers to create their own. For a first outing, it is a robust offering. However, there is so much more that can be done to make the plugin more flexible.

Version 2.0 and Beyond

Thus far, Post said he has received tons of positive feedback along with feature requests. Primarily, users are asking for more customization options and the ability to create and use multiple templates. These are the focus areas for the next version. With a 1,718% increase in revenue in the past month, it seems he might have the initial financial backing to invest in them.

“I’ve started building a completely overhauled drag-n-drop editor, which will allow you to create basically any custom image you want,” he said. “It will be heavily inspired by the block editor, and I want to keep the UI and UX as close to the block editor as possible.”

The new template editor would allow users to create multiple layers, an idea similar to how Photoshop, Gimp, and other image-editing software works. The difference would be that it can pull in data from WordPress.

“For example, an ‘Image’ layer will have options such as height/width and positioning, as well as some stylistic options like color filters and gradient overlays,” said Post. “A ‘Text’ layer can be any font, color, and size and can show predefined options (post title, date, etc.) or whatever you want. You can add an infinite number of layers and order them however you’d like.”

He seems excited about opening up new possibilities with an overhauled editor. Users could potentially create social image templates for each post type. A custom layer might pull in post metadata, such as displaying product pricing or ratings from eCommerce plugins like WooCommerce.

“The prebuilt templates will still exist, similar to Block Patterns in the block editor,” said the plugin developer. “They will, however, serve as a starting point rather than the final product. I’ll also try to implement theme styling as much as possible.

“The possibilities here are so endless, and I’m incredibly excited for this next part.”

WPTavern: Create Per-Post Social Media Images With the Social Image Generator WordPress Plugin

Wordpress Planet - Fri, 06/04/2021 - 23:59

It was a bit of a low-key announcement when Daniel Post introduced Social Image Generator to the world in February via tweet. But, when you get repped by Chris Coyier of CSS-Tricks and the co-founder of WordPress uses your plugin (come on, Matt, set a default image), it means your product is on the right track.

I am not easily impressed by every new plugin to fly across my metaphorical desk. I probably install at least a couple dozen every week. Sometimes, I do so because something looks handy on the surface, and I want to see if I can find some use for it. Other times, I think it might be worth sharing with Tavern readers. More often than not, I consider most of them cringeworthy. I have high standards.

As I chatted with Post about this new plugin, I was excited enough to call Social Image Generator one of those OMG-where-have-you-been? types of plugins. You will not hear that from me often.

Post quit his day job to venture out earlier this year, creating his one-man WordPress agency named Posty Studio. Social Image Generator is its first product.

“I kept seeing tutorials on my Twitter feed on how to automatically generate images for your social media posts, but unfortunately, they all used a similar approach (Node.js) that just wasn’t suitable for WordPress,” said Post of the inspiration for the plugin. “This got me thinking: would it be possible to make this for WordPress? I started playing around with image generation in PHP, and when I got my proof of concept working, I realized that this might actually be something I should pursue.”

In our chat over Slack, we actually saw the plugin in action. As he shared Coyier’s article from CSS-Tricks, the chatting platform displayed the social image in real-time.

Auto-generated image appearing via Slack.

Maybe it was fate. Maybe Post knew it would happen and thought it would be a good idea to show off his work as we talked about his project. Either way, it was enough to impress the writer who is unafraid to call your plugin a dumpster fire if he smells smoke.

Post seems to be hitting all the right notes with this commercial plugin. It has a slew of features built into version 1.x, which we will get to shortly. It is dead simple to use. It is something nearly any website owner needs, assuming they want to share their content via social networks. And, with a $39/year starting price, it is not an overly expensive product for those on the fence about buying.

How the Plugin Works

After installing and activating Social Image Generator, users are taken to the plugin’s settings screen. Other than a license key field and a button for clearing the image cache, most users will want to dive straight into the template editor.

At the moment, the plugin includes 23 templates. From Twenty Seventeen to Twenty Twenty-One, each of the last four default WordPress themes also has a dedicated template. After selecting one, users can customize the colors for the logo, post title, and more — the amount of customization depends on the chosen template.

Browsing the plugin’s templates.

Aside from selecting colors, users can choose between various logo and text options. They can also upload a default image for posts without featured images.

Editing a template from Social Image Generator.

When it comes time to publish, the plugin adds a meta box to the post sidebar. Users can further customize their social image and text on a per-post basis.

Social image preview box on the post-editing screen.

Once published, the plugin creates an image that will appear when a post is shared on social media.

On the whole, there is a ton that anyone can do with the built-in templates. There is also an API for developers to create their own. For a first outing, it is a robust offering. However, there is so much more that can be done to make the plugin more flexible.

Version 2.0 and Beyond

Thus far, Post said he has received tons of positive feedback along with feature requests. Primarily, users are asking for more customization options and the ability to create and use multiple templates. These are the focus areas for the next version. With a 1,718% increase in revenue in the past month, it seems he might have the initial financial backing to invest in them.

“I’ve started building a completely overhauled drag-n-drop editor, which will allow you to create basically any custom image you want,” he said. “It will be heavily inspired by the block editor, and I want to keep the UI and UX as close to the block editor as possible.”

The new template editor would allow users to create multiple layers, an idea similar to how Photoshop, Gimp, and other image-editing software works. The difference would be that it can pull in data from WordPress.

“For example, an ‘Image’ layer will have options such as height/width and positioning, as well as some stylistic options like color filters and gradient overlays,” said Post. “A ‘Text’ layer can be any font, color, and size and can show predefined options (post title, date, etc.) or whatever you want. You can add an infinite number of layers and order them however you’d like.”

He seems excited about opening up new possibilities with an overhauled editor. Users could potentially create social image templates for each post type. A custom layer might pull in post metadata, such as displaying product pricing or ratings from eCommerce plugins like WooCommerce.

“The prebuilt templates will still exist, similar to Block Patterns in the block editor,” said the plugin developer. “They will, however, serve as a starting point rather than the final product. I’ll also try to implement theme styling as much as possible.

“The possibilities here are so endless, and I’m incredibly excited for this next part.”

WPTavern: Create Per-Post Social Media Images With the Social Image Generator WordPress Plugin

Wordpress Planet - Fri, 06/04/2021 - 23:59

It was a bit of a low-key announcement when Daniel Post introduced Social Image Generator to the world in February via tweet. But, when you get repped by Chris Coyier of CSS-Tricks and the co-founder of WordPress uses your plugin (come on, Matt, set a default image), it means your product is on the right track.

I am not easily impressed by every new plugin to fly across my metaphorical desk. I probably install at least a couple dozen every week. Sometimes, I do so because something looks handy on the surface, and I want to see if I can find some use for it. Other times, I think it might be worth sharing with Tavern readers. More often than not, I consider most of them cringeworthy. I have high standards.

As I chatted with Post about this new plugin, I was excited enough to call Social Image Generator one of those OMG-where-have-you-been? types of plugins. You will not hear that from me often.

Post quit his day job to venture out earlier this year, creating his one-man WordPress agency named Posty Studio. Social Image Generator is its first product.

“I kept seeing tutorials on my Twitter feed on how to automatically generate images for your social media posts, but unfortunately, they all used a similar approach (Node.js) that just wasn’t suitable for WordPress,” said Post of the inspiration for the plugin. “This got me thinking: would it be possible to make this for WordPress? I started playing around with image generation in PHP, and when I got my proof of concept working, I realized that this might actually be something I should pursue.”

In our chat over Slack, we actually saw the plugin in action. As he shared Coyier’s article from CSS-Tricks, the chatting platform displayed the social image in real-time.

Auto-generated image appearing via Slack.

Maybe it was fate. Maybe Post knew it would happen and thought it would be a good idea to show off his work as we talked about his project. Either way, it was enough to impress the writer who is unafraid to call your plugin a dumpster fire if he smells smoke.

Post seems to be hitting all the right notes with this commercial plugin. It has a slew of features built into version 1.x, which we will get to shortly. It is dead simple to use. It is something nearly any website owner needs, assuming they want to share their content via social networks. And, with a $39/year starting price, it is not an overly expensive product for those on the fence about buying.

How the Plugin Works

After installing and activating Social Image Generator, users are taken to the plugin’s settings screen. Other than a license key field and a button for clearing the image cache, most users will want to dive straight into the template editor.

At the moment, the plugin includes 23 templates. From Twenty Seventeen to Twenty Twenty-One, each of the last four default WordPress themes also has a dedicated template. After selecting one, users can customize the colors for the logo, post title, and more — the amount of customization depends on the chosen template.

Browsing the plugin’s templates.

Aside from selecting colors, users can choose between various logo and text options. They can also upload a default image for posts without featured images.

Editing a template from Social Image Generator.

When it comes time to publish, the plugin adds a meta box to the post sidebar. Users can further customize their social image and text on a per-post basis.

Social image preview box on the post-editing screen.

Once published, the plugin creates an image that will appear when a post is shared on social media.

On the whole, there is a ton that anyone can do with the built-in templates. There is also an API for developers to create their own. For a first outing, it is a robust offering. However, there is so much more that can be done to make the plugin more flexible.

Version 2.0 and Beyond

Thus far, Post said he has received tons of positive feedback along with feature requests. Primarily, users are asking for more customization options and the ability to create and use multiple templates. These are the focus areas for the next version. With a 1,718% increase in revenue in the past month, it seems he might have the initial financial backing to invest in them.

“I’ve started building a completely overhauled drag-n-drop editor, which will allow you to create basically any custom image you want,” he said. “It will be heavily inspired by the block editor, and I want to keep the UI and UX as close to the block editor as possible.”

The new template editor would allow users to create multiple layers, an idea similar to how Photoshop, Gimp, and other image-editing software works. The difference would be that it can pull in data from WordPress.

“For example, an ‘Image’ layer will have options such as height/width and positioning, as well as some stylistic options like color filters and gradient overlays,” said Post. “A ‘Text’ layer can be any font, color, and size and can show predefined options (post title, date, etc.) or whatever you want. You can add an infinite number of layers and order them however you’d like.”

He seems excited about opening up new possibilities with an overhauled editor. Users could potentially create social image templates for each post type. A custom layer might pull in post metadata, such as displaying product pricing or ratings from eCommerce plugins like WooCommerce.

“The prebuilt templates will still exist, similar to Block Patterns in the block editor,” said the plugin developer. “They will, however, serve as a starting point rather than the final product. I’ll also try to implement theme styling as much as possible.

“The possibilities here are so endless, and I’m incredibly excited for this next part.”

WPTavern: Building Featured Boxes With the WordPress Block Editor

Wordpress Planet - Fri, 06/04/2021 - 05:07

It is a new day with another chase for that elusive block plugin that will bring a little joy into my life. Today’s experiment comes courtesy of the Feature Box plugin by Sumaiya Siddika. It is a simple block that allows end-users to upload an image and add some content to an offset box.

The plugin’s output is a typical pattern on the web. As usual, I am excited to see plugin authors experimenting with bringing these features to WordPress users. I want to see more of it, especially from first-time plugin contributors.

I was able to quickly get the block up and running, adding my custom content. The following is what the block looked like after entering my content and customizing it. I envisioned myself as a recipe blogger for this test.

Inserting and modifying the Feature Box block.

On a technical level, the plugin worked well. I ran into no errors. Everything was simple to customize. However, it never felt like an ideal user experience.

The first thing I immediately noticed is that image uploading happens in the block options sidebar. Core WordPress blocks have a dedicated button in the toolbar for adding images and other media. I also found myself wanting more direct control over individual elements. How could I change the heading font size? Where were the typical button styles like Outline and Solid Color? How do I insert other blocks, like a list?

None of those things were possible. Like many other blocks, the developer has created a system with specific parameters, and the user cannot move outside of them. There are times when that rigidity makes sense, such as when building custom blocks for clients. However, more often than not, publicly-released plugins should be far more open.

This tightly controlled block is reflective of how WordPress worked in the past. It was often inflexible, leaving users to what theme and plugin developers thought was best for their sites.

The block system is about tossing out these overly rigid concepts and giving users power over their content. The job of plugins and themes is to define the framework the user is operating under. They set up some rules to more or less keep things from breaking, but the users get to strap themselves into the driver’s seat. Their destination is their own.

The block would have been far more well-rounded if users could control all of the content in the box. Ideally, they could put whatever blocks they wanted into the “content” area of the Feature Box block. The design would match their theme better too.

A couple of weeks ago, I wrote a post titled You Might Not Need That Block. The premise was that users could recreate some blocks with the current editor and that themers could make this easier by offering patterns.

I knew replicating this particular block would be impossible without at least a little custom code. WordPress’s editor does not have a feature for offsetting a block’s position.

A theme author could easily duplicate this functionality. Typically, I would create a custom pattern, complete with all the existing pieces in place. However, I wanted to approach this with custom block styles. This would allow end-users to select the content offset from the sidebar and switch it around if needed.

Note: For those who wish to learn how to create custom block styles, Carolina Nymark’s tutorial is the best resource.

The Cover block made an ideal candidate for this. Because it has an existing “inner wrapper” element, it meant that I could target it with CSS and move it around. The following is a screenshot of the Offset Left style I created:

Offset Left Cover block style.

I simply replicated the code and changed a few values to create an Offset Right style immediately after. The code is available as a GitHub Gist. It is a simple proof-of-concept and not a polished product. There are various approaches to this, and several Cover block options are left unhandled. Theme authors are free to take the code and run with it.

These block styles looked far better because they matched my theme. Everything from the spacing to the border-radius to the button looked as it should.

Offset Left and Right block styles.

The big win was that I had design control over every aspect of the content box. I could select the button style I wanted. I could change my font sizes. The default spacing matched my theme as it should.

The problem I ran into with the block style method is allowing users to control the content box’s background color. The Feature Box plugin wins in the user experience category here because it has an option for this. The block style I created inherits its background from the Cover block parent. It may not be immediately obvious how to change it.

The other “problem” with the block style is that it does not handle wide and full alignments for the Cover block. That is because I did not take the experiment that far, only replicating the plugin’s layout. I will leave that to theme designers to tinker around with. There are many possibilities to explore; don’t wait for me to provide all the ideas.

My goal with this post and similar ones is to show how I would approach these things as both a user and developer. As a user, I want flexibility in all things. As a developer, I want to provide the solutions that I desire as a user.

I also want to see plugin and theme authors thinking beyond their initial use case when building blocks, patterns, styles, and more. Lay the groundwork. Then, expand on that initial idea by thinking of all the ways that users might want to customize what you have built.

WPTavern: Building Featured Boxes With the WordPress Block Editor

Wordpress Planet - Fri, 06/04/2021 - 05:07

It is a new day with another chase for that elusive block plugin that will bring a little joy into my life. Today’s experiment comes courtesy of the Feature Box plugin by Sumaiya Siddika. It is a simple block that allows end-users to upload an image and add some content to an offset box.

The plugin’s output is a typical pattern on the web. As usual, I am excited to see plugin authors experimenting with bringing these features to WordPress users. I want to see more of it, especially from first-time plugin contributors.

I was able to quickly get the block up and running, adding my custom content. The following is what the block looked like after entering my content and customizing it. I envisioned myself as a recipe blogger for this test.

Inserting and modifying the Feature Box block.

On a technical level, the plugin worked well. I ran into no errors. Everything was simple to customize. However, it never felt like an ideal user experience.

The first thing I immediately noticed is that image uploading happens in the block options sidebar. Core WordPress blocks have a dedicated button in the toolbar for adding images and other media. I also found myself wanting more direct control over individual elements. How could I change the heading font size? Where were the typical button styles like Outline and Solid Color? How do I insert other blocks, like a list?

None of those things were possible. Like many other blocks, the developer has created a system with specific parameters, and the user cannot move outside of them. There are times when that rigidity makes sense, such as when building custom blocks for clients. However, more often than not, publicly-released plugins should be far more open.

This tightly controlled block is reflective of how WordPress worked in the past. It was often inflexible, leaving users to what theme and plugin developers thought was best for their sites.

The block system is about tossing out these overly rigid concepts and giving users power over their content. The job of plugins and themes is to define the framework the user is operating under. They set up some rules to more or less keep things from breaking, but the users get to strap themselves into the driver’s seat. Their destination is their own.

The block would have been far more well-rounded if users could control all of the content in the box. Ideally, they could put whatever blocks they wanted into the “content” area of the Feature Box block. The design would match their theme better too.

A couple of weeks ago, I wrote a post titled You Might Not Need That Block. The premise was that users could recreate some blocks with the current editor and that themers could make this easier by offering patterns.

I knew replicating this particular block would be impossible without at least a little custom code. WordPress’s editor does not have a feature for offsetting a block’s position.

A theme author could easily duplicate this functionality. Typically, I would create a custom pattern, complete with all the existing pieces in place. However, I wanted to approach this with custom block styles. This would allow end-users to select the content offset from the sidebar and switch it around if needed.

Note: For those who wish to learn how to create custom block styles, Carolina Nymark’s tutorial is the best resource.

The Cover block made an ideal candidate for this. Because it has an existing “inner wrapper” element, it meant that I could target it with CSS and move it around. The following is a screenshot of the Offset Left style I created:

Offset Left Cover block style.

I simply replicated the code and changed a few values to create an Offset Right style immediately after. The code is available as a GitHub Gist. It is a simple proof-of-concept and not a polished product. There are various approaches to this, and several Cover block options are left unhandled. Theme authors are free to take the code and run with it.

These block styles looked far better because they matched my theme. Everything from the spacing to the border-radius to the button looked as it should.

Offset Left and Right block styles.

The big win was that I had design control over every aspect of the content box. I could select the button style I wanted. I could change my font sizes. The default spacing matched my theme as it should.

The problem I ran into with the block style method is allowing users to control the content box’s background color. The Feature Box plugin wins in the user experience category here because it has an option for this. The block style I created inherits its background from the Cover block parent. It may not be immediately obvious how to change it.

The other “problem” with the block style is that it does not handle wide and full alignments for the Cover block. That is because I did not take the experiment that far, only replicating the plugin’s layout. I will leave that to theme designers to tinker around with. There are many possibilities to explore; don’t wait for me to provide all the ideas.

My goal with this post and similar ones is to show how I would approach these things as both a user and developer. As a user, I want flexibility in all things. As a developer, I want to provide the solutions that I desire as a user.

I also want to see plugin and theme authors thinking beyond their initial use case when building blocks, patterns, styles, and more. Lay the groundwork. Then, expand on that initial idea by thinking of all the ways that users might want to customize what you have built.

WPTavern: Building Featured Boxes With the WordPress Block Editor

Wordpress Planet - Fri, 06/04/2021 - 05:07

It is a new day with another chase for that elusive block plugin that will bring a little joy into my life. Today’s experiment comes courtesy of the Feature Box plugin by Sumaiya Siddika. It is a simple block that allows end-users to upload an image and add some content to an offset box.

The plugin’s output is a typical pattern on the web. As usual, I am excited to see plugin authors experimenting with bringing these features to WordPress users. I want to see more of it, especially from first-time plugin contributors.

I was able to quickly get the block up and running, adding my custom content. The following is what the block looked like after entering my content and customizing it. I envisioned myself as a recipe blogger for this test.

Inserting and modifying the Feature Box block.

On a technical level, the plugin worked well. I ran into no errors. Everything was simple to customize. However, it never felt like an ideal user experience.

The first thing I immediately noticed is that image uploading happens in the block options sidebar. Core WordPress blocks have a dedicated button in the toolbar for adding images and other media. I also found myself wanting more direct control over individual elements. How could I change the heading font size? Where were the typical button styles like Outline and Solid Color? How do I insert other blocks, like a list?

None of those things were possible. Like many other blocks, the developer has created a system with specific parameters, and the user cannot move outside of them. There are times when that rigidity makes sense, such as when building custom blocks for clients. However, more often than not, publicly-released plugins should be far more open.

This tightly controlled block is reflective of how WordPress worked in the past. It was often inflexible, leaving users to what theme and plugin developers thought was best for their sites.

The block system is about tossing out these overly rigid concepts and giving users power over their content. The job of plugins and themes is to define the framework the user is operating under. They set up some rules to more or less keep things from breaking, but the users get to strap themselves into the driver’s seat. Their destination is their own.

The block would have been far more well-rounded if users could control all of the content in the box. Ideally, they could put whatever blocks they wanted into the “content” area of the Feature Box block. The design would match their theme better too.

A couple of weeks ago, I wrote a post titled You Might Not Need That Block. The premise was that users could recreate some blocks with the current editor and that themers could make this easier by offering patterns.

I knew replicating this particular block would be impossible without at least a little custom code. WordPress’s editor does not have a feature for offsetting a block’s position.

A theme author could easily duplicate this functionality. Typically, I would create a custom pattern, complete with all the existing pieces in place. However, I wanted to approach this with custom block styles. This would allow end-users to select the content offset from the sidebar and switch it around if needed.

Note: For those who wish to learn how to create custom block styles, Carolina Nymark’s tutorial is the best resource.

The Cover block made an ideal candidate for this. Because it has an existing “inner wrapper” element, it meant that I could target it with CSS and move it around. The following is a screenshot of the Offset Left style I created:

Offset Left Cover block style.

I simply replicated the code and changed a few values to create an Offset Right style immediately after. The code is available as a GitHub Gist. It is a simple proof-of-concept and not a polished product. There are various approaches to this, and several Cover block options are left unhandled. Theme authors are free to take the code and run with it.

These block styles looked far better because they matched my theme. Everything from the spacing to the border-radius to the button looked as it should.

Offset Left and Right block styles.

The big win was that I had design control over every aspect of the content box. I could select the button style I wanted. I could change my font sizes. The default spacing matched my theme as it should.

The problem I ran into with the block style method is allowing users to control the content box’s background color. The Feature Box plugin wins in the user experience category here because it has an option for this. The block style I created inherits its background from the Cover block parent. It may not be immediately obvious how to change it.

The other “problem” with the block style is that it does not handle wide and full alignments for the Cover block. That is because I did not take the experiment that far, only replicating the plugin’s layout. I will leave that to theme designers to tinker around with. There are many possibilities to explore; don’t wait for me to provide all the ideas.

My goal with this post and similar ones is to show how I would approach these things as both a user and developer. As a user, I want flexibility in all things. As a developer, I want to provide the solutions that I desire as a user.

I also want to see plugin and theme authors thinking beyond their initial use case when building blocks, patterns, styles, and more. Lay the groundwork. Then, expand on that initial idea by thinking of all the ways that users might want to customize what you have built.

WPTavern: Delicious Brains Acquires Advanced Custom Fields Plugin

Wordpress Planet - Fri, 06/04/2021 - 03:35

Delicious Brains, the company behind WP Migrate DB Pro and SpinupWP, has acquired the Advanced Custom Fields (ACF) plugin from its creator, Elliot Condon. After 10 years, the plugin has more than 1 million active installs and a thriving business based on the Pro version. It has become an indispensable part of the workflow for thousands of WordPress developers around the globe.

The plugin allows developers to easily customize WordPress edit screens and custom field data. In 2019, the Pro version introduced ACF Blocks, a PHP-based framework for developing custom blocks. This came as a great relief to many developers who did not know how they were going to keep pace with learning the JavaScript required to use WordPress’ Block API.

General reaction to the news was positive, as ACF fits in neatly with Delicious Brains’ suite of well-maintained developer products. The company’s founders also possess a genuine appreciation of ACF and its importance to the WordPress developer community.

“I don’t think WordPress would be where it is today without ACF,” Brad Touesnard said on a recent episode of the Delicious Brain Waves podcast.

Condon cited the scale of the project and “technology complexity and user expectation” as factors in his decision to sell ACF. As a one-person team, he was unable to keep up with the growth of ACF over the years.

“Stepping away from ACF has not been an easy decision to make,” Condon said. “The reasoning behind it comes from a place of humility. As the number of installs have grown from thousands to millions, the needs of the product have outgrown my ability to develop solutions. The last thing I want to do to this amazing community is unintentionally hold back the project, so something needed to change.”

Delicious Brains’ announcement stated that the company will be reviewing Condon’s roadmap for the product in hopes of fulfilling his vision moving forward.

“Two of our greatest strengths that we’ll bring to ACF are design (UI/UX) and developer education,” Touesnard said. “We’ll be focusing our initial efforts in those areas. I have a few UI/UX improvements in mind that would make a huge difference to users. We also see a significant opportunity to produce developer-focused content focused on effectively using ACF in your WordPress projects.”

Touesnard also confirmed that Delicious Brains will not be making any drastic changes to ACF or ACF Pro, nor do they plan to adjust the pricing of the product anytime soon.

“If we ever decide to update pricing in the future, we won’t force existing customers onto the new pricing,” he said.

After the initial announcement, there was some confusion surrounding lifetime licenses that originated from a hasty response to a customer inquiry. Delicious Brains has since updated the post to clarify the company’s commitment to ACF Pro’s lifetime customers.

“We are committed to honoring lifetime licenses forever,” Touesnard said. “Lifetime license holders will get all ACF Pro software updates forever.”

More information on how the acquisition happened, as well as what customers can expect in the future, is available on the most recent episode of the Delicious Brain Waves podcast.

WPTavern: Delicious Brains Acquires Advanced Custom Fields Plugin

Wordpress Planet - Fri, 06/04/2021 - 03:35

Delicious Brains, the company behind WP Migrate DB Pro and SpinupWP, has acquired the Advanced Custom Fields (ACF) plugin from its creator, Elliot Condon. After 10 years, the plugin has more than 1 million active installs and a thriving business based on the Pro version. It has become an indispensable part of the workflow for thousands of WordPress developers around the globe.

The plugin allows developers to easily customize WordPress edit screens and custom field data. In 2019, the Pro version introduced ACF Blocks, a PHP-based framework for developing custom blocks. This came as a great relief to many developers who did not know how they were going to keep pace with learning the JavaScript required to use WordPress’ Block API.

General reaction to the news was positive, as ACF fits in neatly with Delicious Brains’ suite of well-maintained developer products. The company’s founders also possess a genuine appreciation of ACF and its importance to the WordPress developer community.

“I don’t think WordPress would be where it is today without ACF,” Brad Touesnard said on a recent episode of the Delicious Brain Waves podcast.

Condon cited the scale of the project and “technology complexity and user expectation” as factors in his decision to sell ACF. As a one-person team, he was unable to keep up with the growth of ACF over the years.

“Stepping away from ACF has not been an easy decision to make,” Condon said. “The reasoning behind it comes from a place of humility. As the number of installs have grown from thousands to millions, the needs of the product have outgrown my ability to develop solutions. The last thing I want to do to this amazing community is unintentionally hold back the project, so something needed to change.”

Delicious Brains’ announcement stated that the company will be reviewing Condon’s roadmap for the product in hopes of fulfilling his vision moving forward.

“Two of our greatest strengths that we’ll bring to ACF are design (UI/UX) and developer education,” Touesnard said. “We’ll be focusing our initial efforts in those areas. I have a few UI/UX improvements in mind that would make a huge difference to users. We also see a significant opportunity to produce developer-focused content focused on effectively using ACF in your WordPress projects.”

Touesnard also confirmed that Delicious Brains will not be making any drastic changes to ACF or ACF Pro, nor do they plan to adjust the pricing of the product anytime soon.

“If we ever decide to update pricing in the future, we won’t force existing customers onto the new pricing,” he said.

After the initial announcement, there was some confusion surrounding lifetime licenses that originated from a hasty response to a customer inquiry. Delicious Brains has since updated the post to clarify the company’s commitment to ACF Pro’s lifetime customers.

“We are committed to honoring lifetime licenses forever,” Touesnard said. “Lifetime license holders will get all ACF Pro software updates forever.”

More information on how the acquisition happened, as well as what customers can expect in the future, is available on the most recent episode of the Delicious Brain Waves podcast.

WPTavern: Delicious Brains Acquires Advanced Custom Fields Plugin

Wordpress Planet - Fri, 06/04/2021 - 03:35

Delicious Brains, the company behind WP Migrate DB Pro and SpinupWP, has acquired the Advanced Custom Fields (ACF) plugin from its creator, Elliot Condon. After 10 years, the plugin has more than 1 million active installs and a thriving business based on the Pro version. It has become an indispensable part of the workflow for thousands of WordPress developers around the globe.

The plugin allows developers to easily customize WordPress edit screens and custom field data. In 2019, the Pro version introduced ACF Blocks, a PHP-based framework for developing custom blocks. This came as a great relief to many developers who did not know how they were going to keep pace with learning the JavaScript required to use WordPress’ Block API.

General reaction to the news was positive, as ACF fits in neatly with Delicious Brains’ suite of well-maintained developer products. The company’s founders also possess a genuine appreciation of ACF and its importance to the WordPress developer community.

“I don’t think WordPress would be where it is today without ACF,” Brad Touesnard said on a recent episode of the Delicious Brain Waves podcast.

Condon cited the scale of the project and “technology complexity and user expectation” as factors in his decision to sell ACF. As a one-person team, he was unable to keep up with the growth of ACF over the years.

“Stepping away from ACF has not been an easy decision to make,” Condon said. “The reasoning behind it comes from a place of humility. As the number of installs have grown from thousands to millions, the needs of the product have outgrown my ability to develop solutions. The last thing I want to do to this amazing community is unintentionally hold back the project, so something needed to change.”

Delicious Brains’ announcement stated that the company will be reviewing Condon’s roadmap for the product in hopes of fulfilling his vision moving forward.

“Two of our greatest strengths that we’ll bring to ACF are design (UI/UX) and developer education,” Touesnard said. “We’ll be focusing our initial efforts in those areas. I have a few UI/UX improvements in mind that would make a huge difference to users. We also see a significant opportunity to produce developer-focused content focused on effectively using ACF in your WordPress projects.”

Touesnard also confirmed that Delicious Brains will not be making any drastic changes to ACF or ACF Pro, nor do they plan to adjust the pricing of the product anytime soon.

“If we ever decide to update pricing in the future, we won’t force existing customers onto the new pricing,” he said.

After the initial announcement, there was some confusion surrounding lifetime licenses that originated from a hasty response to a customer inquiry. Delicious Brains has since updated the post to clarify the company’s commitment to ACF Pro’s lifetime customers.

“We are committed to honoring lifetime licenses forever,” Touesnard said. “Lifetime license holders will get all ACF Pro software updates forever.”

More information on how the acquisition happened, as well as what customers can expect in the future, is available on the most recent episode of the Delicious Brain Waves podcast.

WordPress.org blog: A New Design is Coming to WordPress News

Wordpress Planet - Thu, 06/03/2021 - 20:47

After many years of a tidy, white-space filled design on WordPress.org/news it’s time to bring new life to the way we present our content. So much has changed since this site was first created: the people who read it, the type and variety of what is published, even the way WordPress works has changed.

Which means it makes sense to change our theme.

Earlier this year, Matt requested a new design from Beatriz Fialho (who also created the State of the Word slides for 2020). The design keeps a clean, white-space friendly format while incorporating a more jazzy, playful feeling with a refreshed color palette.

More detail on this modern exploration have been posted on make.wordpress.org/design. I encourage you to stop by and read more about the thoughts behind the coming updates; and keep an eye out for the new look here and across WordPress.org!

WordPress.org blog: A New Design is Coming to WordPress News

Wordpress Planet - Thu, 06/03/2021 - 20:47

After many years of a tidy, white-space filled design on WordPress.org/news it’s time to bring new life to the way we present our content. So much has changed since this site was first created: the people who read it, the type and variety of what is published, even the way WordPress works has changed.

Which means it makes sense to change our theme.

Earlier this year, Matt requested a new design from Beatriz Fialho (who also created the State of the Word slides for 2020). The design keeps a clean, white-space friendly format while incorporating a more jazzy, playful feeling with a refreshed color palette.

More detail on this modern exploration have been posted on make.wordpress.org/design. I encourage you to stop by and read more about the thoughts behind the coming updates; and keep an eye out for the new look here and across WordPress.org!

WordPress.org blog: A New Design is Coming to WordPress News

Wordpress Planet - Thu, 06/03/2021 - 20:47

After many years of a tidy, white-space filled design on WordPress.org/news it’s time to bring new life to the way we present our content. So much has changed since this site was first created: the people who read it, the type and variety of what is published, even the way WordPress works has changed.

Which means it makes sense to change our theme.

Earlier this year, Matt requested a new design from Beatriz Fialho (who also created the State of the Word slides for 2020). The design keeps a clean, white-space friendly format while incorporating a more jazzy, playful feeling with a refreshed color palette.

More detail on this modern exploration have been posted on make.wordpress.org/design. I encourage you to stop by and read more about the thoughts behind the coming updates; and keep an eye out for the new look here and across WordPress.org!

Pages