Wordpress News

Post Status: WooCommerce vs Shopify: A battle for ecommerce platform dominance

Wordpress Planet - Fri, 08/02/2019 - 15:45

This post is available below by text, and Jonathan and Brian talked about it for a podcast episode as well. They are additive to one another.

Ben Thompson recently wrote about Shopify and the Power of Platforms. He highlights the difference between an aggregator (e.g. Amazon’s Merchant Services) and a platform (Shopify) and makes a case for how Shopify can successfully compete against Amazon. If you’re new to Ben’s work, I highly recommend following the links he references in the opening paragraphs.

Aggregators vs Platforms

As Ben explains, Amazon is an aggregator that owns the users (i.e. customers, Amazon Prime subscribers) and aggregates the suppliers (i.e. merchants, manufacturers). Amazon succeeds by providing a great user experience (e.g. one click checkout, same day delivery) and by treating products and their suppliers as commodities, all available to the customer in a single, aggregated shopping experience. While aggregation can provide high value for customers, it minimizes the opportunity for merchants to differentiate and can ultimately hurt customers as competition and innovation are stifled. 

A competitor to Amazon might try becoming a larger aggregator. It’s a difficult endeavor. Walmart has been trying for years. The larger an aggregator grows, the more entrenched their position, and the less likely a competitor can unseat them by utilizing the same strategy.

There is another way to compete with an aggregator. Build a platform. 

While an aggregator owns the customer and commoditizes its suppliers, a platform empowers those who build on it, relying on its suppliers being differentiated and successful in their own right. 

As Ben details in the article, Shopify’s best shot at taking on Amazon is to double-down on their focus as a platform and, by all evidence, that seems to be their strategy. Shopify wants to be the platform that empowers its merchants to succeed.

There are several problems I suggest with Shopify’s strategy, though.

  1. Data Control – Shopify has taken a strong stance on centralizing control of customer data and using their terms of service to enforce their policies. Their recent clash with MailChimp (who decided to leave the platform) may be indicative of more to come. It makes sense to have a centralized source of truth for your data. Shopify’s position, though, is an all or nothing approach that results in more lock-in to the platform and more data in their control. Actions that stifle or remove choice from the equation for end users and the suppliers who serve them is aggregator thinking more than platform thinking.
  2. Closed Source – Shopify is a proprietary platform with closed source code. While they make efforts to show open source friendliness, the reality is that the platform code is theirs. If you stop paying Shopify, you lose it all and if you don’t like what they’re doing with the platform, you’re stuck unless you choose to leave.
  3. Growth Risks – Shopify is growing fast and as a publicly traded company, they are focused on accelerating growth. Products like Shopify Capital, and the emphasis on offline services through Point-of-Sale as well as the continued push into enterprise, deepen the risk of growing for growth’s sake, rather than doing what’s best for the merchants they serve.

Shopify is a good solution for independent merchants who want to be more than an aggregated commodity. There are problems, though, and while Shopify is likely continue to grow despite the problems I’ve suggested (they have no shortage of interested investors), there is a better approach.

WooCommerce on WordPressOS

In my writing on Ecosystem Plugins, I introduced the concept of WordPress as an Operating System for the Open Web and cited WooCommerce as an example of an Ecosystem Plugin.

I believe strongly in the importance and value of WordPress as an Operating System, a platform, for the Open Web. 

With WooCommerce, I see potential for it to become more than an Ecosystem Plugin and serve as the platform for ecommerce on the Open Web. 

To do that, WooCommerce needs three things:

  1. A great core experience – Out-of-the-box, WooCommerce needs to have the essentials built-in and provide a great, user-focused onboarding and operating experience. It needs to be intuitive and accessible for non-technical, small business merchants, who should always be the core focus. Importantly, this is not about removing choices and dumbing interfaces down. This is about doing the harder work and teaching merchants how to make the right choices for them and use the power that WooCommerce provides.
  2. A vibrant partner ecosystem – Shopify has nearly 3000 apps in its “App Store” today. The WooCommerce marketplace has less than 300 extensions, and more than 30% are maintained by Automattic. For WooCommerce to succeed as a platform it needs to be trusted by its partners and seen as the best platform with clear short-term incentives and long-term value.
  3. A strong community – WordPress’ community is a huge key to its success. Meetups and WordCamps create a sense of belonging and shared ownership that drives a loyalty to WordPress that’s unparalleled. WooCommerce needs to create a similar community where merchants feel that they have each other’s backs and are able to share their love for the platform that makes it all possible.

By many standards, Shopify is a giant compared to WooCommerce. With 4000+ employees, a $35+ billion dollar market cap, and a marketing budget to match, they seem to be the dominate ecommerce platform and show no signs of slowing down their efforts.

You can’t buy trust, vibrancy, and loyalty though. Deepening trust through a great core experience, investing in the partner ecosystem, and strengthening community loyalty is where I think WooCommerce has the opportunity to improve and succeed.

Here are three ideas for WooCommerce to increase its value and strengthen its position as the platform for ecommerce on the Open Web:

  1. Introduce a WooCommerce Subscription – Provide access to non-SaaS extensions for a flat, monthly rate and easy bundling of SaaS billing for those who want it. Make it a clear win for all involved, including the merchants and marketplace partners. Position the subscription as an investment in the Open Web. The code is GPL – they could stop paying at any time and keep access. Paying, though, provides support and capital for reinvestment, ensuring the continued success of the platform. A subscription also offers opportunity to streamline the user experience for customers, reducing friction for developers.
  2. Invest in the Partner Ecosystem – Make building a healthy partner ecosystem a priority. Provide guidance, mentorship, and funding to help developers succeed on the WooCommerce platform. Build strong relationships with SaaS providers, including ecommerce focused companies like BigCommerce, and help streamline their integrations into the platform. 
  3. Cultivate Community – Invest in and support ecommerce meetups and create more ecommerce focused events. Double-down on the Open Web narrative and encourage community members to support each other in improving and maintaining their freedom as merchants on the Open Web.

Shopify provides a valuable service that empowers merchants. Unfortunately, their approach to centralized data control, their closed source platform, and the risks of a growth focus pose the potential for more harm than good.

I believe that WooCommerce, with data control in the hands of its users, an open source ecosystem, and a strong independent community give it the opportunity to become the best platform for ecommerce on the Open Web.

Special thanks to Caleb Johnson for his epic illustration.

This is a guest post by Jonathan Wold. Jonathan has been living and breathing WordPress for 14 years and believes its best years are still to come. He writes about WordPress on GrowInWP.com and blogs about life and habits on JonathanWold.com

WPTavern: Gatsby Theme Jam Contest Inspires Two WordPress Starter Themes

Wordpress Planet - Fri, 08/02/2019 - 06:00

Gatsby, the open source app and website framework based on React, celebrated the stable release of Gatsby themes by launching a Theme Jam contest. Participants were invited to create their own Gatsby Themes and submit them for an opportunity to win swag or the grand prize: an all-expenses-paid trip to the Gatsby Days event of their choosing. Submissions closed yesterday and winners will be announced on August 7, 2019.

Gatsby themes include a site or app’s configuration as an installable package, which can then be versioned and managed as a dependency and easily updated. They were designed to make Gatsby-based projects more extensible, allowing developers to reuse site configurations, plugins, styles, and components across multiple sites.

Looking through the contest’s showcase of submissions, I found two that were created for sites that are using WordPress. Both rely on the WPGraphQL plugin to source WordPress content.

Alexandra Spalato created a theme called Gatsby Theme WordPress Starter that allows developers to build a standard blog. It has styles for all the standard features, such as featured images, lists, categories, and pagination support. Setup instructions are on GitHub and a demo site shows the theme in action.

Spalato plans to create some video tutorials to demonstrate how to customize the theme. She also recommends using it with the Deploy Netlify Webhook plugin to automatically rebuild the site after publishing new posts.

Andrey Shalashov created a theme called WordPress source theme for Gastby that he intends to be “a one-stop solution for a WordPress blog owner who wants to switch to Gatsby powered frontend.” For most simple sites, the only thing developers have to configure is the source url and the menu location slug.

The theme supports using a WordPress menu from a defined location but only displays first level items. It also supports post categories. It automatically downloads images embedded in posts, pages, and custom post types and converts their tags to the Gatsby img component. Links embedded in posts that lead to other pages are converted to the Link component. Check out a demo to see it in action.

So far, the Theme Jam contest seems to have been a successful strategy for Gatsby to quickly expand developer’s knowledge of creating Gatsby themes, as well as multiple their availability in the ecosystem. The showcase displays 112 themes that have been submitted for the contest.

Submissions are being judged on code quality, accessibility, performance, the availability of a live demo, documentation, and other criteria. They are also judged on having accurate metadata for showing up in searches, with certain keywords in the package.json file that enable the theme to show up in both the Gatsby showcase and npm searches.

WPTavern: Ninja Forms Parent Company Saturday Drive Acquires CalderaWP

Wordpress Planet - Thu, 08/01/2019 - 20:15

Saturday Drive, makers of Ninja Forms, Ninja Shop, and SendWP, has acquired Caldera Forms, a React-based, drag-and-drop forms builder plugin. In addition to the free plugin on WordPress.org, which has more than 200,000 active installs, CalderaWP’s product line includes a Pro version and more than 30 free and commercial add-ons for things like payment processors and marketing integrations.

Josh Pollock, who co-founded CalderaWP in 2015 with Christie Chirinos, will be joining Saturday Drive as VP of Engineer Experience, along with three other employees from the company, bringing Saturday Drive’s total crew number to 25. Chirinos began working as a product manager at Liquid Web earlier this year.

Caldera Forms will still operate under the Saturday Drive umbrella and continue to be developed with more resources.

“If it ever felt to you like Caldera Forms was a part time thing, that was true,” Pollock said. “It’s not true anymore.” Saturday Drive is aiming to speed up development and decrease support times.

“Caldera Forms is not going anywhere,” Pollock said. “It’s going to get a lot more focus and attention now. I didn’t contribute any code to the last release, it was all Nico and community contributors. I reviewed the changes. Kevin (CTO at Saturday Drive) and I helped manage him, but he’s ready to take over Caldera Forms from me and has all of the support he needs.”

Pollock will be focusing on improving the engineering process at Saturday Drive and working on some products, starting with SendWP. He also plans to continue writing tutorials about PHP and JavaScript development.

James Laws, Saturday Drive co-founder and co-creator of Ninja Forms, said the attraction to CalderaWP was “a combination of acquiring the team and the profit potential.” With more resources at their disposal, he anticipates that Caldera will become even more profitable. Laws declined to share more specific details on the financial aspects of the arrangement but shared a few factors involved in considering what it costs to acquire a forms builder plugin in the WordPress space these days.

“It really depends on the form builder,” he said. “It’s similar to any WordPress plugin – number of customers, active users, growth trend, support load, team makeup, and so much more all goes into the conversation. Some form builders might not be worth anything. Others are worth millions. Much of it depends on the objectives of the buyer.”

How Saturday Drive Plans to Market Two Different WordPress Forms Plugins Under one Umbrella

One of the more intriguing aspects of this acquisition is that Saturday Drive already has one of the most successful WordPress forms plugins in its arsenal. Ninja Forms has more than a million active installs but is knee deep in competition with alternatives such as Contact Form 7 (5 million+ installs), WPForms (2 million+), and Gravity Forms. Although Caldera Forms is technically a competitor to Ninja Forms, both Laws and Pollock seem to be confident marketing them separately under the same company umbrella.

“We’ve been really friendly competitors for years,” Pollock said. “Caldera Forms had always been a developer tool with a goal of being intuitive enough for everyone. I think this will allow us to focus Ninja Forms and Caldera Forms on serving different needs. Neither plugin can make everyone happy.”

Laws said the plan is to keep Caldera Forms as a unique brand, since it has a different user base and primary message focused on developers.

“We will focus on this difference in messaging,” Laws said. “Ninja Forms for a long time has been moving towards being more user centric with a focus towards simplicity and specific ways of accomplishing particular tasks. This direction has certainly alienated developers who want to do deeper customizations because that just isn’t our primary goals any longer.”

For Saturday Drive’s co-founders, the decision to acquire CalderaWP seems to have been just as much about gaining Pollock’s leadership and his team as it was about gaining the product line.

“Caldera Forms has always been the WordPress developers form builder,” Laws said. “Josh is, at his core, an extremely talented developer who loves helping developers. Caldera Forms is the product of this passion. We saw a great opportunity to have a tool under our umbrella that now focused on this exciting space of developers, agencies, and freelancers that needed a tool that could be truly modified to their hearts content.”

Laws said Saturday Drive plans to slow down for a bit to ensure all four of the company’s products are where they want them to be. “I’m confident that all the products will be seeing some very cool updates over the next 6 months,” he said.

Pollock, who has a strong interest in headless WordPress setups, said he has been experimenting with new ways to use the newer React-driven parts of Caldera Forms anywhere. He has a Gatsby + WordPress test site (futurecapable.dev) where he set up a first pass at this prior to getting distracted by acquisition negotiations and daily life.

“Part of the new job is finding new ways to fill the same needs that Caldera Forms, Ninja Forms, and Ninja Shop fulfill today,” he said. “If the future is headless and static sites, which I think so, then contact forms, eCommerce, list building, etc. we need to make that easy. That’s the challenge I’m most interested in.”

WordPress.org blog: The Month in WordPress: July 2019

Wordpress Planet - Thu, 08/01/2019 - 09:56

This month has been characterized by exciting plans and big announcements – read on to find out what they are and what it all means for the future of the WordPress project.

WordCamp Asia Announced

The inaugural WordCamp Asia will be in Bangkok, Thailand, on February 21-23, 2020. This will be the first regional WordCamp in Asia and it comes after many years of discussions and planning. You can find more information about the event on their website and subscribe to stay up to date with the latest information.

This is the latest flagship event in the WordCamp program, following WordCamps Europe and US. Tickets are now on sale and the call for speakers is open. Want to get involved in WordCamp Asia? Keep an eye out for volunteer applications, or buy a micro sponsor ticket. You can also join the #wcasia channel in the Making WordPress Slack group for updates.

WordCamp US Planning Continues

The WordCamp US organizing team is excited to announce some new additions to this year’s WCUS in St. Louis, Missouri, on November 1-3, 2019. The first is that there will be an onsite KidsCamp: child-friendly lessons that introduce your young one(s) to the wonderful world of WordPress.  You can register your child for KidsCamp here. In addition, free, onsite childcare will be provided at this year’s event – you can sign up here.

Looking for further ways to get involved? The call for volunteers is now open. For more information on WordCamp US, please visit the event website.

Exploring Updates to the WordPress User & Developer Survey

To improve the annual WordPress User & Developer Survey, a call has been made for updates and additional questions that can help us all better understand how people use WordPress.

To improve the survey, contributor teams are suggesting topics and information that should be gathered to inform contributor work in 2020. Please add your feedback to the post.

Gutenberg Usability Testing Continues

Usability tests for Gutenberg continued through June 2019, and insights from three recent videos were published last month. This month’s test was similar to WordCamp Europe’s usability tests, and you can read more about those in the part one and part two posts. Please help by watching these videos and sharing your observations as comments on the relevant post.

If you want to help with usability testing, you can also join the #research channel in the Making WordPress Slack group, or you can write a test script that can be usability tested for Gutenberg.

Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

The Month in WordPress: July 2019

Wordpress News - Thu, 08/01/2019 - 09:56

This month has been characterized by exciting plans and big announcements – read on to find out what they are and what it all means for the future of the WordPress project.

WordCamp Asia Announced

The inaugural WordCamp Asia will be in Bangkok, Thailand, on February 21-23, 2020. This will be the first regional WordCamp in Asia and it comes after many years of discussions and planning. You can find more information about the event on their website and subscribe to stay up to date with the latest information.

This is the latest flagship event in the WordCamp program, following WordCamps Europe and US. Tickets are now on sale and the call for speakers is open. Want to get involved in WordCamp Asia? Keep an eye out for volunteer applications, or buy a micro sponsor ticket. You can also join the #wcasia channel in the Making WordPress Slack group for updates.

WordCamp US Planning Continues

The WordCamp US organizing team is excited to announce some new additions to this year’s WCUS in St. Louis, Missouri, on November 1-3, 2019. The first is that there will be an onsite KidsCamp: child-friendly lessons that introduce your young one(s) to the wonderful world of WordPress.  You can register your child for KidsCamp here. In addition, free, onsite childcare will be provided at this year’s event – you can sign up here.

Looking for further ways to get involved? The call for volunteers is now open. For more information on WordCamp US, please visit the event website.

Exploring Updates to the WordPress User & Developer Survey

To improve the annual WordPress User & Developer Survey, a call has been made for updates and additional questions that can help us all better understand how people use WordPress.

To improve the survey, contributor teams are suggesting topics and information that should be gathered to inform contributor work in 2020. Please add your feedback to the post.

Gutenberg Usability Testing Continues

Usability tests for Gutenberg continued through June 2019, and insights from three recent videos were published last month. This month’s test was similar to WordCamp Europe’s usability tests, and you can read more about those in the part one and part two posts. Please help by watching these videos and sharing your observations as comments on the relevant post.

If you want to help with usability testing, you can also join the #research channel in the Making WordPress Slack group, or you can write a test script that can be usability tested for Gutenberg.

Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

Proto

Drupal Themes - Thu, 08/01/2019 - 08:15

Bare-bone theme, for use on new projects. Done like it is supposed to be.

WPTavern: WPWeekly Episode 362 – Fitness, Freelancing, and More With Michelle Schulp

Wordpress Planet - Thu, 08/01/2019 - 00:41

In this episode, John James Jacoby and I are joined by Michelle Schulp, an independent freelancer and Director of Technology at AIGA Minnesota. We discussed the impacts speaking at multiple WordCamps had on her business early on, why she continues to be a freelance contractor as opposed to managing her own agency, and the role fitness has in her life. We also touch on what her personal experience has been like as a woman in the WordPress community.

Stories Discussed:

WordPress Security Team Discusses Backporting Security Releases to Fewer Versions

WordSesh EMEA Coming September 25: A New Virtual WordPress Event for Europe, Middle East, and Africa

How to Be A WordPress Ally

Fitness and Freelance

Add support for gradients in cover image

WPWeekly Meta:

Next Episode: Wednesday, August 7th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #362:

WPTavern: Gutenberg 6.2 Adds Nesting Capabilities to Cover, Media & Text Blocks

Wordpress Planet - Wed, 07/31/2019 - 23:34

Gutenberg 6.2 has two new user-facing features that were added based on community feedback. The Cover and Media & Text blocks now allow for nesting any type of block inside.

Previously, the Cover block only allowed users to add a heading, button, or paragraph block. Users had resorted to employing clunky solutions to get around the restrictions, such as using the group block with a custom class and using CSS to add backgrounds and overlay styling. The restrictions have now been removed to give users greater flexibility in styling these blocks.

Another new user-facing feature in 6.2 is the ability to customize the link target of the Button block, enabling users to designate the link to open in a new tab. Gutenberg Phase 2 lead Riad Benguella said this small improvement was a frequently requested feature.

This release also introduces a new PHP API to simplify the registration of block styles variations. It offers a simple way for plugin and theme developers to register block styles using only PHP function calls, instead of using JavaScript. This should make styling blocks more approachable for those who are more comfortable with PHP.

Gutenberg 6.2 includes more than two dozen enhancements and bug fixes, along with many mobile and documentation improvements. Check out the changelog in the release post for more details.

WPTavern: Meta Box Plugin Introduces MB Blocks, a PHP-based Extension for Creating Custom Blocks

Wordpress Planet - Wed, 07/31/2019 - 19:02

Meta Box, one of the most popular WordPress custom fields frameworks, has released a new extension for creating custom Gutenberg blocks using only PHP. MB Blocks gives developers the ability to build blocks with various settings, using a similar syntax as creating a meta box, without having to know React, Webpack, or Babel.

MB Blocks inherits many settings and field types from Meta Box to speed up development. Those who are experienced using Meta Box should be able to create a new Gutenberg block in under 10 minutes.

Tran Ngoc Tuan Anh created the Meta Box framework in 2010, launched on WordPress.org in 2011, and began releasing commercial extensions in 2014. The plugin’s user base has grown to more than 400,000 active installs and Tran now leads a three-person team, including two developers and one marketer.

“The revenue is not as good as other businesses, but it’s enough for us to run a small team,” Tran said. Learning React was new for his developers and it took them several months to get familiar with the framework before being able to create the MB Blocks extension.

Following in the footsteps of Advanced Custom Fields (ACF), which offers ACF blocks as part of its Pro version, Meta Box’s PHP-only block creation solution is only available as a commercial extension.

“The MB Blocks extension is our strategy to attract users to Meta Box,” Tran said. “Since Gutenberg is becoming a huge thing, people really need a way to work with it. With this extension, we hope to bring more premium users to Meta Box.”

With more than one million active installs, ACF is the market leader and Meta Box’s main competitor, but Tran said his team is also keeping an eye on other plugins like Toolset, CMB2 (200,000+ installs), and Pods (80,000+ installs). He identified flexibility as Meta Box’s chief differentiator, since it is a code-based solution that he believes gives developers a greater level of customization in creating custom fields.

“The main difference between Meta Box and ACF is Meta Box is more developer-focused. It’s mainly code-based, e.g. you define meta boxes and fields with code (it has the UI as a premium extension but code is still the main part),” Tran said. “Meta Box has some extra things like supporting custom table storage, making frontend forms, advanced conditional logic, and building user profiles on the frontend.”

Tran said he is satisfied with Gutenberg’s support for meta boxes at the moment but would like to see it improved.

“The way it works is kind of a ‘fake’ submission for post data via ajax,” he said. “Sometimes that makes users have to refresh the page to see the updated content. I mean for complex data, it still doesn’t have a good way to refresh the meta boxes when a post is saved. I wish there was was a way to do that.”

This may not be a priority for the Gutenberg team, as the ideal is for meta boxes to be converted to blocks wherever possible to maintain a unified editing interface. The reality is that many plugins are still not block-enabled, which is why the WordPress Plugin Directory has a section devoted to promoting those that are.

“Many users still need custom meta boxes because of two reasons: building custom Gutenberg blocks is not easy enough, and a lot of plugins still require meta boxes to work,” Tran said.

The availability of PHP-based solutions for creating custom Gutenberg blocks has been an important development for those who have been slow to take the deep dive into JavaScript and React. Tran said the feedback he has received from his userbase indicates that many have not prioritized gaining the skills necessary to become proficient at custom Gutenberg development.

“Our main users are web creators who build websites on a daily basis,” Tran said. “Many of them have built a solid foundation for their work to speed up the workflow. Things such as a page builder, a custom fields framework, a powerful theme, are their daily tools. Putting Gutenberg into this toolset requires a lot of time learning and mastering it. Sometimes it’s not feasible, especially when Gutenberg is not powerful enough to build websites. Most of them still use a page builder to build websites, while they keep testing Gutenberg to see what’s new.”

Tran said most of his customers are using page builders like Beaver Builder or Elementor. Some give access to their clients and others do not. This is where they often look to plugins like Meta Box to help them build settings for their websites.

With MB Blocks released today, the Meta Box team is moving forward on its roadmap, working on integrations with other plugins like WP All Import, and improving the Meta Box Builder to support creating relationships and settings pages with a UI.

WPTavern: WordPress Security Team Discusses Backporting Security Releases to Fewer Versions

Wordpress Planet - Wed, 07/31/2019 - 00:17

The WordPress Security Team is exploring different approaches to backporting security fixes to older versions of the software. The effort that goes into supporting versions back to 3.7 (the release that introduced automatic background updates) increases with each major version released.

“For the Core Security team, that means when security updates need to be released, we have to take the testing and release process not just to the current version of WordPress, but we have to test the changes, create code patches, and then release to every major version all the way back to 3.7,” security team lead Jake Spurlock said. “With 5.3 around the corner that puts us at over fifteen major versions of WordPress to support long term.”

Spurlock said 3.7 represents 0.1% of all WordPress sites but noted that supporting older versions requires “a large amount of time and energy and hurts the team’s ability to work effectively.”

When asked how much of a time investment is in involved, Spurlock said it varies depending how many tickets/issues have to be ported. All patches are reviewed, tested, and committed by several team members. There are approximately 50 security experts on the team, many of which are employed by Automattic, although some are volunteers.

“The problem with developing security releases for older versions of WordPress lies in the amount of testing and then reengineering that is specific to each older version of WordPress,” Spurlock said. “As an example. WordPress 4.2 received a fairly large refactor, and so taking a fix back before that time means extra testing, and ensuring that paths works for patches and more. Getting the testing suite to work on older versions has been difficult too with the code changes that accompany each version.”

Spurlock called for feedback and ideas on how the security team can support fewer versions of WordPress while keeping users secure. An active discussion is underway and opinions range from enthusiastic support for the idea to opposition.

Some who weighed in prefer to focus on urging users to update via emails to admins on older installs and/or a “please upgrade” widget ported back to older versions. As big version jumps can be intimidating for users, some recommended WordPress provide better ways to do incremental updates from older versions to the next most recent.

“If the goal is to keep WordPress users secure against hackers and other rogue agents, you should continue supporting older versions with security releases,” WordPress core contributor Rami Yushuvaev said.

“WordPress 3.7 represents 0.1% of all WordPress sites but WordPress 3.0 – 3.6 represents 1.6% of all WordPress sites. You don’t want to increase the number of sites using un-secure versions. With the current policy, ‘old version’ is not the same as ‘un-secure version.’

“I think you should educate users to use updated software, not to stop releasing security releases for older versions.”

Several commenters are in favor of limiting backporting security fixes to a set number of versions, as outlined by former WordPress security lead, Aaron Campbell:

I like the idea if supporting X versions back. That allows users to know that they don’t have to update to the latest version no matter what our release cycles are, and also makes sure we can eventually hone in on how many versions are actually tenable to support.

Supporting X years back would allow users to know they can avoid upgrading for a certain amount of time, but it would also mean that the security team wouldn’t always be supporting the same number of versions and if a release ever took longer than our supported time then all users would be expected to upgrade to the latest version (exceptions could always be made, but it’s harder to rely on those).

Stephen Edgar, one of the maintainers of WordPress’ build tools component, suggested implementing automatic major version upgrades to keep moving users forward to supported versions in waves.

“Maybe continue to ship them until ‘major’ updates are implemented,” Edgar said. “The current thinking is to add major updates to 3.7 first, bumping 3.7 to 3.8 via automatic updates. Once that’s completed then security updates would no longer be backported to the 3.7 branch.

“And similarly, once 3.8 major updates are implemented, i.e. 3.8 gets bumped to x.x then again, backports to 3.8 would cease at the same time and so forth through the branches.”

Edgar also noted that providing users a way to opt into automatic updates for major core releases is one of the nine projects that Matt Mullenweg had identified for working on in 2019.

Several other commenters said they would like to see WordPress implement semantic versioning and adopt a long-term support (LTS) policy. WordPress would then clearly communicate the number of years those versions would be supported. Older sites could then be auto-updated to the LTS version.

No decision has been made on the ideas proposed and the discussion is still ongoing. If you have experience maintaining older sites or have input on how WordPress can best keep users secure while decreasing the work load, leave a comment on the Make WordPress Core post.

WPTavern: WordSesh EMEA Coming September 25: A New Virtual WordPress Event for Europe, Middle East, and Africa

Wordpress Planet - Mon, 07/29/2019 - 22:47

WordSesh is launching a new event aimed at WordPress enthusiasts living in the Middle East, Europe, and Africa. The 12-hour virtual event is scheduled for September 25, 2019, from 7:00-19:00 UTC. While the event has always been open to participants across the world, WordSesh “EMEA” will be the first to offer a schedule that is tailored to attendees living in the Eastern hemisphere.

Organizer Brian Richards said that hosting an event for this region has been on his mind ever since he took the reins of WordSesh in 2018.

“I switched to a 12-hour format to make the event easier to manage and attend, but I recognized immediately that I was alienating a huge portion of the audience by setting those 12 hours to track across my own timezone,” Richards said. “The primary goal here is to create an event that is more convenient to attend for people across Europe, Middle East, and Africa.”

WordSesh EMEA sessions will be conducted in English this time around and will also be live captioned just like the previous two events. The schedule will include ten 50-minute sessions (including Q&A) and three 15-minute sessions. All sessions will be recorded and available on WPSessions after the live event has ended.

Applications for speakers are already open. Each speaker receives a free coaching session for their presentation and a $250 stipend. The deadline to apply is August 9, 2019.

Richards said he has already had a few talks submitted on topics like image performance, mental health, and Gatsby.

“I’d love to see talks that angle around a case study or ‘recipe,’ (e.g. Here’s a thing I built, how I did it, and how you can too.),” he said. “I would also love to see more talks around the area of design, front-end workflows, and things like that. I’m most excited to host presenters who themselves are excited about an idea.”

With WordSesh officially going global in support of different timezones, Richards said he anticipates the next region will be Asia Pacific and is enthusiastic to organize it.

“I don’t know how many personal relationships I currently have across APAC to make a WordSesh for that region a reality – in terms of sponsors, speakers, and attendees – but it’s a big region and community, and it’s on my radar for 2020,” Richards said.

WordSesh EMEA will be the second WordSesh held this year. There were more than 1,000 attendees registered for the May 2019 event and 700 participated live throughout the day.

“WordSesh is one of the best attended WordPress events, which is very humbling,” Richards said. “I’m excited to see how many people attend WordSesh EMEA, given how much larger WCEU is relative to WCUS. WCEU 2019 had more than 2X the participants of WCUS 2018.”

He said he doesn’t anticipate that kind of disparity in attendance since it’s the first time for this event, but wouldn’t be surprised if the attendance at this event surpasses the May 2019 event.

The first WordSesh was held in April 2013 and is now six years running, thanks in part to Richards’ contagious enthusiasm for hosting it and his willingness to try new things in an effort to best serve the community. WordSesh EMEA will mark the seventh event in the series.

“I think the WordSesh events are popular because the broad WordPress community is a distributed-first body – not only the contributors, but also the majority of the agencies, product shops, and even client relationships,” Richards said.

“Thus, an event that caters to a distributed audience – watch from anywhere, replay at any time – feels like a pretty natural extension of how we already work and interact.”

WPTavern: WordPress Contributors Explore the Possibility of a Global Accessibility Event

Wordpress Planet - Mon, 07/29/2019 - 19:17

WordPress’ accessibility team is evaluating the possibility of organizing a virtual Global Accessibility Day, similar to the Polyglots’ Global Translation Day. This marathon-style contributor event has proven to be valuable for the Polyglots in terms of recruiting, onboarding, and fueling progress on translation projects.

Accessibility contributors proposed the idea at a meeting two weeks ago after discussing the team’s desire to have more representation at WordCamp contributor days. WordCamp Europe 2019 had a strong contingency of accessibility contributors, but being present on the ground in Berlin was not an option for the vast majority of the team.

“I heard different people saying that this Contributor Day was extremely useful, because they had the opportunity to talk in person and exchange ideas with a lot of other people,” Stefano Minoia said. “This is really good: if we want to push forward a project like WordPress, it’s extremely important to have the opportunity of working together at least once a year in person.”

Due to the relatively small size of the team and the expense associated with traveling to larger WordCamps, accessibility contributors do not often have the opportunity for in-person collaboration. A remote contributor day focused on accessibility was proposed as an alternative.

“We’re a small group with very little sponsorship,” Joe Dolson said during the initial discussion. “I don’t go to most WordCamps anymore, because the time and expense is just too great for me. I’ll probably go to my local WordCamp only, this year, if I have the time.”

Due to the nature of the work, Dolson anticipates the team may face some challenges in working around some of the constraints of collaborating through a virtual event.

“There are some tasks that work really well as remote contributor days; others are harder,” he said. “I’ve personally found it difficult to do accessibility contributor sharing remotely.”

A virtual contributor day could be helpful for some basic things like teaching new contributors how to use Trac, updating the handbook and documentation, and organizing sprints for jumpstarting larger tasks. There is no shortage of accessibility projects to work on, with the new block directory in the admin slated for this year, some major changes needed to improve navigation to Gutenberg’s advanced settings block sidebar, and more general Gutenberg issues.

One development that is working in the team’s favor is that Slack has improved the screen reader experience in the most recent update. Using threads was previously discouraged during accessibility team discussions due to their lack of navigability. Keyboard accessibility for getting around Slack should now be more streamlined than previous versions. This should help to improve remote collaboration for the accessibility team. Users can press CMD + ? to launch the list of available keyboard shortcuts in Slack.

All you need to get around Slack now is:
• F6 to cycle through the UI
• TAB to navigate through focusable elements
• UP/DOWN to navigate through lists

And if you feel adventurous LEFT/RIGHT keys to navigate between the message list & threads.https://t.co/ir2I52ZBFI https://t.co/hNM1bHutfo

— George Zamfir (@georgezamfir) July 25, 2019

As a first step towards organizing a 24-hour virtual event, WordPress’ accessibility team is working to put together a team of 10 or more people to lead the effort. Organizers will then determine the scope of the project, define the goals of the event, set a timeline, and begin the call for speakers and local meetups.

“The scope of the day can change based on the team,” Dolson said. “If we can’t do 24 hours, that’s fine, but the team has to come first.”

Anyone interested to help organize the event can sign up on the project’s public spreadsheet.

WPTavern: WordCamp US 2019 to Offer Free On-Site Childcare

Wordpress Planet - Sat, 07/27/2019 - 01:11
photo credit: Aaron Burden

WordCamp US announced today that the event will be offering free on-site childcare for children aged 6 weeks to 12 years old. Organizers have contracted A Helping Hand, a licensed conference childcare service company based in Virginia Beach, VA, to provide childcare for all three days, with flexible drop off and pick up throughout the day as necessary.

When WCUS tickets went on sale in May, parents who registered had the option to indicate whether they would be interested in on-site childcare during the conference, as organizers considered different childcare options. This is the first time WordCamp US has offered it as part of the event. WordCamp Europe has included childcare for years and a handful of other camps have also had it available in a varying capacities, including WordCamp Nordic, WordCamp Pittsburgh, and WordCamp Vienna.

Parents interested in using this service at WordCamp US will need to pre-register by selecting a “Parent with Kids ticket.” Registrants will receive an email with a pre-registration link to complete the signup process on the childcare provider’s website. Both lunch and snacks will be provided, so parents will not be required to pick their kids up for lunch.

The availability of childcare makes it possible for single parents to attend and speak at events. It can also be helpful for parents with small children who are unable to be separated from their caregivers for long periods of time. With WordCamp US opting to provide childcare at this year’s event, it’s clear that this is a growing trend to help promote diversity at WordPress conferences.

WordCamp is about diversity, this is not a catch phrase, it is not just a moment. It is about real people, doing real things, in the real world across gender, generation and culture. WordCamp embraces the world. #WordCamp #WordPress @WordCamp #WCUS pic.twitter.com/GdcCDNJYed

— WordCamp US (@WordCampUS) May 2, 2019

WPTavern: WordCamp Central America Organizers Prepare Proposal for 2020 Event in Managua, Nicaragua

Wordpress Planet - Fri, 07/26/2019 - 18:46

Managua, Nicaragua – image credit: CostaRica.org

WordCamp Europe’s continuing success has inspired other parts of the WordPress world to work towards getting their own regional camps off the ground. With a little help from WCEU mentors and inspiration from WordCamp Nordic’s proposal, WordCamp Asia is now officially on the schedule for February 21-23, 2020, in Bangkok, Thailand. WordCamp Central America is on deck to be the next new regional WordCamp with a proposal targeting 2020 for an inaugural event in Managua, Nicaragua.

Members of the Central American community began discussing the possibility of a larger event at the most recent WordCamp Managua 2019. For the past five years, Central America has been home to a growing number of local WordPress communities, with 12 meetups across five countries and a total of more than 4,000 participants as of July 2019. Meetup organizers have hosted more than 230 events since 2014, averaging four events per month.

In the working proposal, a document that was forked from the Nordic and Asian WordCamp proposals, organizers outlined why the timing is right for a regional camp in Central America:

The local WordPress communities have also experienced an exponential growth. In the last five years the local WordPress Meetup groups have increased fivefold. Moreover, the collaboration between the Central American communities is more active than ever; sharing experiences and resources, members attending events in neighboring countries, giving talks and volunteering in WordCamps.

This can be explained not only by the relative closeness of our countries, but also by the shared culture, values and identity of the Central American people.

We believe that hosting a Central American WordCamp will further strengthen the bonds between the local communities and give birth to new initiatives and collaborations between the local WordPress Meetup groups.

San José, Costa Rica, has the largest local WordPress community with more than 2,000 meetup members and 750 attendees at recent WordCamps. Managua, Nicaragua, the second largest community, was selected as the first host city due to its central location, direct flights from all major cities in the region, and wide availability of bus services. It is also one of the most affordable capital cities in the region and does not require visas for citizens of other Central American countries.

Organizers are planning a three-day event, beginning with Contributor Day, with four tracks during the main conference days. They are eyeing early October 2020 to avoid conflicts with other WordCamps that are frequently attended by the local community.

WordCamp Central America’s proposal has not yet been officially submitted but if it is approved, the event would be a strong addition to the region’s growing technology sector. It also has the potential to expand and amalgamate the local communities through shared knowledge and experience.

If you want to get involved, check out the proposal in progress and join the dedicated Slack workspace to participate in discussions.

WPTavern: WP Super Cache 1.6.9 Patches Security Issue

Wordpress Planet - Fri, 07/26/2019 - 00:25

There’s a new release of WP Super Cache (1.6.9) available that patches a security issue discovered in the debug log. The vulnerability can only be exploited if users have debugging enabled.

It’s highly recommended that all users upgrade to 1.6.9 to patch the security issue. Details of the vulnerability will be published after users have had time to upgrade. In addition to patching the security issue, this version also improves the debug log by hiding data such as the ABSPATH directory of the WordPress install and login cookies.

“Unfortunately in the past users have copied the log file data into forum posts. A warning message has been added asking the site owner not to publish the debug log,” Donncha Ó Caoimh said.

Also worth noting is that after updating to 1.6.9, existing debug logs will be deleted.

WPTavern: Learn How to Build a Headless WordPress App with WPCasts’ Free Crash Course

Wordpress Planet - Thu, 07/25/2019 - 20:07

Alex Young, creator of the WPCasts video tutorials site, has published a free crash course that offers a brief introduction to using WordPress as a headless CMS. The 28-minute tutorial covers the basics of setting up a bare bones React application that uses WPGraphQL to query ACF data.

Young begins by installing four plugins: WPGraphQL, WPGraphiQL, Advanced Custom Fields, and WPGraphQL for ACF. He demonstrates how to use WPGraphiQL, which provides a GraphiQL IDE inside the WordPress admin, to test GraphQL queries before adding them to the app and check to ensure ACF data is being queried.

Young gave a walkthrough of installing Create React App to quickly get a simple app up and running. When asked on Reddit why he didn’t use Next.js or Gatsby, he said he just wanted to present the concept with something that might already be familiar to developers.

“If I were going to launch this into production I would use Gatsby,” he said. “In this tutorial I used CRA since it’s a very simple install and I figured most people have used it before. I’ll eventually do a more in-depth and real-world example in the future. But I hope this video helps people understand the basic concept of using WP as a Headless CMS.”

Young has produced 18 videos since launching WPCasts on YouTube in March 2019. Although the channel has a corresponding website with more videos available for monthly and yearly subscribers, Young said he thinks it is important to release some introductory content for free.

“I am a self-taught developer who relied heavily on YouTube, blogs, and individual developers creating free learning material (Chris Coyier, Wes Bos, etc.),” he said. “So by creating free content, I feel like I can help developers who are just starting out and need those resources just like I did.”

Young’s day job at Clearlink involves managing about approximately 20 WordPress sites with different purposes and features. He said he hopes to move these sites to a headless setup over the next few years.

His WPCasts project is still very new but Young said he has received helpful feedback from the community that he is incorporating into future videos. The headless WordPress crash course tutorial seemed to hit at the right time when these setups are gaining popularity. His tutorial has been enthusiastically received, passing 600 views on YouTube in less than 24 hours.

“I feel like Headless WordPress is the future of WP development,” Young said. “With powerful frameworks like Gatsby and Next, we have the best of both worlds – a fast and extendible frontend, and a CMS that has proven itself year after year.

“With tools like WPGraphQL, ACF, and others, WordPress will be my tool of choice for the foreseeable future. I hope that the tutorials I’ve made and future tutorials will help others see the power of WordPress and break the misconception that WordPress is ‘just a blogging platform.'”

WPTavern: WPWeekly Episode 361 – Introduction to the IndieWeb With David Shanske

Wordpress Planet - Thu, 07/25/2019 - 19:52

In this episode, John James Jacoby and I are joined by David Shanske. David introduces us to a set of philosophies known as the IndieWeb, explains how it’s different from the Open Web, and how he’s been involved in the community. We discuss tools that help people own their data while still being able to take advantage of the benefits that social networks offer. We also talk about WordPress’ role and how capable it is out-of-the-box for participating in the IndieWeb.

Stories Discussed:

Bridgy connects individual sites with social networks

IndieWeb Wiki

IndieWebCamps

IndieWeb WordPress Plugin

WordPress XFN

IndieWebifying Your WordPress – IndieWeb Summit 2019

WPWeekly Meta:

Next Episode: Wednesday, July 31st 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #361:

Donncha: WP Super Cache 1.6.9: security update

Wordpress Planet - Thu, 07/25/2019 - 12:57

WP Super Cache is a full page caching plugin for WordPress.

Version 1.6.9 has just been released and is a required upgrade for all users as it resolves a security issue in the debug log. The issue can only be exploited if debugging is enabled in the plugin which will not be the case for almost all users.

The debug log is usually only enabled temporarily if a site owner is debugging a caching problem and isn’t something that should be left on permanently as it will slow down a site.

If there is an existing debug log it will be deleted after updating the plugin.

This release also improves the debug log by hiding sensitive data such as the ABSPATH directory of the WordPress install and login cookies. Unfortunately in the past users have copied the log file data into forum posts. A warning message has been added asking the site owner not to publish the debug log.

Details of the security issue will be added to this post in time to allow sites to update their plugin.

Related Posts

Source

WPTavern: WPCampus 2019 to Livestream Sessions Thursday, July 25 – Saturday, July 27

Wordpress Planet - Thu, 07/25/2019 - 02:21

WPCampus 2019 kicks off tomorrow at Lewis & Clark College in Portland, Oregon, for its fourth year running. The niche WordPress conference is focused on accessibility and WordPress in higher education. All sessions, with the exception of the workshops, will be live streamed with captioning, beginning at 2PM PDT on Thursday, July 25.

The event includes a mix of general development topics, such as building themes with WP Rig 2.0, managing custom plugin deployments, and building custom Gutenberg blocks with ACF. It also features a variety of sessions on using multisite in higher education, along with topics related to university website design and management, such as mobile accessibility, information security, and using WordPress for individual digital asset management. Check out the full schedule for more detailed descriptions of sessions.

It’s important to note that the schedule references sessions in Pacific Daylight Time. However, a timezone selector on the schedule page will allow you to see the each session’s corresponding time for your location. Visit 2019.wpcampus.org/watch on July 25th to watch live for free. Those watching remotely can also jump in on the #WPCampus Twitter hashtag to engage with others attending and watching the event.

WPTavern: WPGraphQL for Advanced Custom Fields Now Available for Free

Wordpress Planet - Wed, 07/24/2019 - 18:25

The WPGraphQL for Advanced Custom Fields plugin is now available for free on GitHub after a short time as a commercial product. Jason Bahl, creator and maintainer of the WPGraphQL project, released the extension in April 2019 with a pricing tier ranging from $49/annually (for one site’s support) to lifetime subscription options.

Bahl created the plugin with the hopes of generating enough revenue to one day fund his efforts working on WPGraphQL full-time. Now that he has joined the Gatsby team to work full time on WPGraphQL, he has the time and resources to make the ACF extension available for free.

The plugin allows developers to interact with their ACF data using GraphQL queries. It works with both the free and pro versions of ACF and WPGraphQL v0.3.2 or newer.

“When I first started working on the core WPGraphQL plugin, I thought it would be awesome to have meta fields automatically exposed to the WPGraphQL Schema,” Bahl said.

“Since WordPress core doesn’t have a fields API, developers turn to plugins such as Advanced Custom Fields, Metabox.io, CMB2, Carbon Fields, Field Manager, or one of the many other metabox solutions for WordPress.”

ACF is by far the most popular among these solutions with more than a million active installs. (Metabox.io has roughly half the user base with 400,000+ installs and CMB2 is the next most popular at an estimated 200,000 installs). Bahl started working towards supporting ACF a few years ago but didn’t have a production use case for it and left it untouched until demand for the plugin increased.

“In the latter half of 2018 and early 2019 I got many requests via Slack, Twitter, and Github for a quality ACF extension, and I also noticed the top search terms on the WPGraphQL website were ‘ACF’ and ‘Advanced Custom Fields,’ he said.

“I initially wanted to release the plugin as a free plugin, but there’s only so much I can do for free. Maintaining WPGraphQL on the side of my full-time job was already time consuming and I thought if I was making income I could support it better.”

Since the plugin’s initial release on April 19, Bahl reports there have been 85 licenses purchased, which enabled him to devote more time to the project. Now that he is no longer attempting to self-sustain his projects, he and the Gatsby team decided the best course of action would be to make it free so that more of the community can benefit from the project. He anticipates being able to provide the same level of support since the plugin’s launch with more of his time allocated to focusing on the WPGraphQL ecosystem.

Performance is the most common reason that necessitates developers using ACF to implement WPGraphQL on their sites. It offers staggering performance gains over using the WP REST API to query ACF data, as shown in the example below:

Good call. . .I need to market the performance side better. . .here's an example of a REST API call using ACF to REST API and using WPGraphQL for ACF to select specific fields.

*REST:* 24.8 KB, 1.22s
*GraphQL*: 1010 b, 377ms (not even 1kb payload!!!) pic.twitter.com/0qS52bvlEY

— GraphQL for WordPress (@wpgraphql) April 19, 2019

“When developers try to build “headless” applications with WordPress, they often run into pain points with the WP REST API, and they turn to WPGraphQL to ease those pains,” Bahl said.

“Many developers were registering ACF fields to their WPGraphQL Schema by hand, and that can be a tedious process if you have hundreds of fields. A plugin like WPGraphQL for Advanced Custom Fields saves developers a lot of development time, and allows them to take advantage of the features of GraphQL that make headless WordPress development a pleasant experience.”

WPGraphQL for Advanced Custom Fields can be found on GitHub and support and feature requests are handled through Github issues. The plugin is also available on packagist.org for those who want to include it in projects using Composer.

Developers with general questions can join the WPGraphQL Slack workspace or the project’s online community on Spectrum. Bahl is active in both communities, helping developers find answers to their questions about using WPGraphQL to build headless applications.

Pages