Development News

Hook 42: Hook 42 Earns Five Stars in First Review on Clutch

Main Drupal Feed - Fri, 10/25/2019 - 17:00
Hook 42 Earns Five Stars in First Review on Clutch Lindsey Gemmill Fri, 10/25/2019 - 17:00

1xINTERNET blog: 1xINTERNET with three nominations for the Splash Awards

Main Drupal Feed - Fri, 10/25/2019 - 12:41
1xINTERNET with three nominations for the Splash Awards hadda Fri, 10/25/2019 - 14:41

The third international Splash Awards are taking place next Monday night in Amsterdam. This night we will celebrate the best Drupal projects from 2019 with our colleagues from all over Europe. We are very happy at 1xINTERNET to be nominated for three of our projects and grateful at the same time for our amazing clients. 

Srijan Technologies: Create Once Publish Everywhere with Drupal

Main Drupal Feed - Fri, 10/25/2019 - 09:00

Long gone are the days, when cellphones were used just for calling purposes and desktops were switched on to browse the web. Today, information and entertainment can be accessed from anywhere and from any device.

Mark Shropshire: Understanding Progressive Web Apps and Why You Should Care

Main Drupal Feed - Fri, 10/25/2019 - 03:40

I had the pleasure of presenting on PWAs (Progresivei Web Applications) at DrupalCamp Atlanta 2019. I focused on the overall benefits of PWAs and how to set them up with GatsbyJS and Create React App. It turned out that Drupal PWAs were completely covered in the presentation Meet the Progressive Web App module by Christoph Weber and Alex Borsody. It was great to see so much attention given to the importance of PWAs!

I hope you checkout these PWA talks and related implementation techniques. There are big wins around making sure all of our websites and web applications utilize PWA related technology.

Below you will find my DrupalCamp Atlanta presentation deck and video:

Blog Category: 

Consensus Enterprises: DrupalCamp Ottawa 2019: Automate All the Things

Main Drupal Feed - Fri, 10/25/2019 - 02:55
On Friday, October 18th, I presented at DrupalCamp Ottawa 2019. That’s the annual gathering of the Drupal community in Ottawa, Ontario, Canada. Session information: Ever heard of infrastructure-as-code? The idea is basically to use tools like Ansible or Terraform to manage the composition and operation of your cloud systems. This allows infrastructure to be treated just like any other software system. The code can be committed into Git which allows auditability, and reproducibility.

WPTavern: Mark Davies Joins Automattic as Chief Financial Officer

Wordpress Planet - Wed, 10/16/2019 - 15:49

Automattic, the company behind WordPress.com, WooCommerce, and various other products, announced earlier today that Mark Davies has joined the team as its Chief Financial Officer (CFO). This news comes fresh off the heels of Automattic’s acquisition of Tumblr in August and a $300 million Series D investment from Salesforce Ventures in September. The investment round gave the company a $3 billion valuation after the funding.

Davies graduated from Western Washington University with a bachelor’s degree in accounting and earned his MBA in finance at Arizona State University. He has since worked for large companies in key roles. Prior to taking the position with Automattic, Davies served as the CFO at Vivint, a North American smart home technology company.

Vivint was founded in 1999 and claims over $1 billion in annual revenue. In 2012, The Blackstone Group purchased the company for over $2 billion. Davies came on board in 2013 and would have played a large role in growing the company’s annual revenue.

Vivint announced on October 15 that Davies was leaving the company. “Mark has created a talented and experienced finance team with a solid track record of growth and financial discipline,” said Todd Pedersen, co-founder and CEO of Vivint Smart Home. “We thank him for his six years with the company and wish him the best in his next role.”

Before joining Vivint, Davies served as president of global business services with Alcoa. He was also a member of the Alcoa Executive Council. Prior to that position, he spent 12 years at Dell Inc. in various roles. His most recent position was as the managing vice president of strategic programs. He earlier served as the CFO of Dell’s Global Consumer Group, which is a $14 billion enterprise with operations across the world. He held positions with Applied Materials and HP earlier in his career.

Davies should play a key role in helping Automattic grow beyond its current levels of revenue. He has the credentials and experience to do so.

“Automattic is creating the operating system for the web, from websites to ecommerce to social networks,” said Matt Mullenweg, founder and CEO of Automattic and co-founder of WordPress. “As we zoom past 1,100 employees in over 70 countries, we wanted a financial leader with experience taking businesses from hundreds of millions in revenue to billions and even tens of billions, as Mark has. I’m excited about working alongside such an experienced leader day-to-day to build one of the defining technology companies of this era.”

Mullenweg if often cited saying that he would like to see WordPress have an 85% share of the web. Currently, WordPress runs over 34% of the top 10 million websites. Automattic would certainly play a role in pushing the platform toward that lofty goal. He and David Heinemeier Hansson discussed the dynamics of power in open source communities and whether such a goal was healthy for the web earlier this month. In the discussion, Mullenweg clarified that 85% was a “trailing indicator” rather than a goal.

Stuart West served as Automattic’s CFO for the last seven years. He will continue working within the company, but there is no word on what that new role is. “I want to thank Stu for his significant contributions to Automattic during his seven and a half years as CFO,” said Mullenweg. “He built a talented finance team during a period of 10x growth in staff and revenue and played an essential role in the success of our company.”

Matt: New Automattic CFO

Wordpress Planet - Wed, 10/16/2019 - 15:28

As Venturebeat has picked up, Mark Davies will be leaving Vivint and joining the merry band. Automattic is creating the operating system for the web, from websites to ecommerce to social networks. As we zoom past 1,100 employees in over 70 countries, we wanted a financial leader with experience taking businesses from hundreds of millions in revenue to billions (Vivint) and even tens of billions (Alcoa and Dell), as Mark has. I’m excited about working alongside such an experienced leader day-to-day to build what I hope will become one of the defining technology companies of the open web era.

WordPress.org blog: WordPress 5.3 Release Candidate

Wordpress Planet - Tue, 10/15/2019 - 21:18

The first release candidate for WordPress 5.3 is now available!

This is an important milestone as we progress toward the WordPress 5.3 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.3 is currently scheduled to be released on November 12, 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time!

There are two ways to test the WordPress 5.3 release candidate:

What’s in WordPress 5.3?

WordPress 5.3 expands and refines the Block Editor introduced in WordPress 5.0 with new blocks, more intuitive interactions, and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers complete control over the look of a site.

This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the Block Editor.

In addition, WordPress 5.3 allows developers to work with dates and timezones in a more reliable way and prepares the software to work with PHP 7.4 to be release later this year.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.3 and update the Tested up to version in the readme file to 5.3. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.

The WordPress 5.3 Field Guide will be published within the next 24 hours with a more detailed dive into the major changes.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! This release also marks the hard string freeze point of the 5.3 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

WordPress 5.3 Release Candidate

Wordpress News - Tue, 10/15/2019 - 21:18

The first release candidate for WordPress 5.3 is now available!

This is an important milestone as we progress toward the WordPress 5.3 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.3 is currently scheduled to be released on November 12, 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time!

There are two ways to test the WordPress 5.3 release candidate:

What’s in WordPress 5.3?

WordPress 5.3 expands and refines the Block Editor introduced in WordPress 5.0 with new blocks, more intuitive interactions, and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers complete control over the look of a site.

This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the Block Editor.

In addition, WordPress 5.3 allows developers to work with dates and timezones in a more reliable way and prepares the software to work with PHP 7.4 to be release later this year.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.3 and update the Tested up to version in the readme file to 5.3. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.

The WordPress 5.3 Field Guide will be published within the next 24 hours with a more detailed dive into the major changes.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! This release also marks the hard string freeze point of the 5.3 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

WordPress.org blog: Responsible Participation In Online Communities

Wordpress Planet - Tue, 10/15/2019 - 19:41

In our first article in this series, we highlighted the WordPress mission to democratize publishing. WordPress introduced a tool to independent and small publishers who did not have the resources of the larger publishing platforms. Access to a free content management system to create websites has empowered thousands of people to find their voice online. People have been able to share their enthusiasm for hobbies, causes, products and much more. Through these different voices, we can encourage understanding, spark creativity, and create environments where collaboration can happen. But as we build more digital communities, it’s easy to forget that online safety is a group effort.

Digital literacy is also part of being a good digital citizen, but it’s more than just being able to do basic actions with your mobile device. Digital literacy refers to the range of skills needed to do online research, set up web accounts, and find solutions for fixing devices among other things. But to be able to enjoy more of the digital world safely and responsibly – to be a good digital citizen – we need to be able to: 

  • navigate vast amounts of information without getting overwhelmed;
  • evaluate a variety of perspectives;
  • connect with people with respect and empathy;
  • create, curate and share information.

We will need our offline analytical and social skills to make that happen. 

Here’s some best practices our community members have shared! Online or offline, let empathy be your compass

The hardest part about all of this is the anonymity of online interactions. Without that face-to-face feedback of saying something mean to another person’s face, it’s easy to upset the people you’re trying to communicate with.

In our daily lives in the offline world, comments may be more tempered and slow to anger  in disagreements. Visual cues will help us determine how a remark is perceived. That, in turn, helps us adjust our behaviour Action, reaction, it’s how we learn best.

Online, however, the experience is different. A keyboard does not protest if we type angry, hate-filled messages. A screen does not show any signs of being hurt. The lack of physical human presence combined with the anonymity of online alter-egos can be a formula for disrespectful and unfriendly behavior. It is good to remind ourselves that behind the avatars, nicknames and handles are real people. The same empathy we display in our in-person interactions should apply online as well.

Critically evaluate your sources 

We all have times when we consume information with limited research and fact-checking. For some of us, it feels like there’s no time to research and compare sources when faced by a sea of online information. For others, there may be uncertainty about where to start and what to consider. But, without a bit of skepticism and analytical thinking, we run the risk of creating narrow or incorrect understanding of the world. With a little effort we can curb the sharing of fake news and biased information, particularly on topics that are new to us or that we’re not familiar with.

Misinformation can spread like wildfire. Ask these simple questions to evaluate information online: 

  • who is the source of the information?
  • is it plausible?
  • is the information fact or just an opinion?
Own our content

In this day and age, it’s never been easier to just copy, paste and publish somebody else’s content. That doesn’t mean that we should! Publishing content that is not truly ‘yours’ in wording and tone of voice is unlikely to build a connection with the right audience. But, just as important, using someone else’s content may breach copyright and potentially intellectual property rights. 

For more information about intellectual property, visit the World Intellectual Property Organization website.

Don’t breeze past terms and conditions

Have you ever signed up for an online service (to help you distribute published content or accept payments) that was offered at no cost? In our fast-paced digital lives, we tend to want to breeze past terms and conditions or warning information and often miss important information about what will happen with our data. 

When we are given a contract on paper, we tend to read and re-read it, giving it a greater priority of our time. We may send it to other people for a second opinion or seek further review before signing. Remarkably, we rarely do that with online agreements. As a result, we may be putting our online privacy and security at risk. (WordPress uses a GPL license, and only collects usage data that we never share ever.).

Keep your website safe and healthy

If you would like to own your voice online, you also need to protect your reputation by securing your publishing platform. Websites can face security attacks. Hackers may seek to obtain access through insecure settings, outdated plugins and old software versions, and in extreme cases can try to scam your visitors. And leaking customer data, may even lead to legal consequences.

On top of that, websites ‘flagged’ for security issues, can lead to high bounce rates and eventual loss of search rankings. This can all affect how search engines rate or even block your site. 

Good practices to keep your website safe include changing your safe password regularly, installing security software, an SSL certificate and keeping the core software, plugins and themes up to date. This will not guarantee that you will keep hackers out, so always keep several backups of your site, ideally both offline and online.

That is just website security in a tiny nutshell. If you would like to learn more about keeping websites safe, you may want to check out some of these resources and many more videos at WordPress.tv.

Join in and help make the web a better place!

As part of Digital Citizenship Week, we would like to encourage you to learn and share skills with your colleagues, friends and family members. That way, we all become more informed of potential issues and how to reduce the risks. Together we can make it easier to navigate the web more effectively and securely!

Additional resources Site health check

WordPress 5.2 introduced pages in the admin interface to help users run health checks on their sites. They can be found under the Tools menu.

Security and SSL  Contributors

@chanthaboune, @yvettesonneveld, @webcommsat, @muzhdekad @alexdenning@natashadrewnicki, @oglekler, and Daria Gogoleva.


Responsible Participation In Online Communities

Wordpress News - Tue, 10/15/2019 - 19:41

In our first article in this series, we highlighted the WordPress mission to democratize publishing. WordPress introduced a tool to independent and small publishers who did not have the resources of the larger publishing platforms. Access to a free content management system to create websites has empowered thousands of people to find their voice online. People have been able to share their enthusiasm for hobbies, causes, products and much more. Through these different voices, we can encourage understanding, spark creativity, and create environments where collaboration can happen. But as we build more digital communities, it’s easy to forget that online safety is a group effort.

Digital literacy is also part of being a good digital citizen, but it’s more than just being able to do basic actions with your mobile device. Digital literacy refers to the range of skills needed to do online research, set up web accounts, and find solutions for fixing devices among other things. But to be able to enjoy more of the digital world safely and responsibly – to be a good digital citizen – we need to be able to: 

  • navigate vast amounts of information without getting overwhelmed;
  • evaluate a variety of perspectives;
  • connect with people with respect and empathy;
  • create, curate and share information.

We will need our offline analytical and social skills to make that happen. 

Here’s some best practices our community members have shared! Online or offline, let empathy be your compass

The hardest part about all of this is the anonymity of online interactions. Without that face-to-face feedback of saying something mean to another person’s face, it’s easy to upset the people you’re trying to communicate with.

In our daily lives in the offline world, comments may be more tempered and slow to anger  in disagreements. Visual cues will help us determine how a remark is perceived. That, in turn, helps us adjust our behaviour Action, reaction, it’s how we learn best.

Online, however, the experience is different. A keyboard does not protest if we type angry, hate-filled messages. A screen does not show any signs of being hurt. The lack of physical human presence combined with the anonymity of online alter-egos can be a formula for disrespectful and unfriendly behavior. It is good to remind ourselves that behind the avatars, nicknames and handles are real people. The same empathy we display in our in-person interactions should apply online as well.

Critically evaluate your sources 

We all have times when we consume information with limited research and fact-checking. For some of us, it feels like there’s no time to research and compare sources when faced by a sea of online information. For others, there may be uncertainty about where to start and what to consider. But, without a bit of skepticism and analytical thinking, we run the risk of creating narrow or incorrect understanding of the world. With a little effort we can curb the sharing of fake news and biased information, particularly on topics that are new to us or that we’re not familiar with.

Misinformation can spread like wildfire. Ask these simple questions to evaluate information online: 

  • who is the source of the information?
  • is it plausible?
  • is the information fact or just an opinion?
Own our content

In this day and age, it’s never been easier to just copy, paste and publish somebody else’s content. That doesn’t mean that we should! Publishing content that is not truly ‘yours’ in wording and tone of voice is unlikely to build a connection with the right audience. But, just as important, using someone else’s content may breach copyright and potentially intellectual property rights. 

For more information about intellectual property, visit the World Intellectual Property Organization website.

Don’t breeze past terms and conditions

Have you ever signed up for an online service (to help you distribute published content or accept payments) that was offered at no cost? In our fast-paced digital lives, we tend to want to breeze past terms and conditions or warning information and often miss important information about what will happen with our data. 

When we are given a contract on paper, we tend to read and re-read it, giving it a greater priority of our time. We may send it to other people for a second opinion or seek further review before signing. Remarkably, we rarely do that with online agreements. As a result, we may be putting our online privacy and security at risk. (WordPress uses a GPL license, and only collects usage data that we never share ever.).

Keep your website safe and healthy

If you would like to own your voice online, you also need to protect your reputation by securing your publishing platform. Websites can face security attacks. Hackers may seek to obtain access through insecure settings, outdated plugins and old software versions, and in extreme cases can try to scam your visitors. And leaking customer data, may even lead to legal consequences.

On top of that, websites ‘flagged’ for security issues, can lead to high bounce rates and eventual loss of search rankings. This can all affect how search engines rate or even block your site. 

Good practices to keep your website safe include changing your safe password regularly, installing security software, an SSL certificate and keeping the core software, plugins and themes up to date. This will not guarantee that you will keep hackers out, so always keep several backups of your site, ideally both offline and online.

That is just website security in a tiny nutshell. If you would like to learn more about keeping websites safe, you may want to check out some of these resources and many more videos at WordPress.tv.

Join in and help make the web a better place!

As part of Digital Citizenship Week, we would like to encourage you to learn and share skills with your colleagues, friends and family members. That way, we all become more informed of potential issues and how to reduce the risks. Together we can make it easier to navigate the web more effectively and securely!

Additional resources Site health check

WordPress 5.2 introduced pages in the admin interface to help users run health checks on their sites. They can be found under the Tools menu.

Security and SSL  Contributors

@chanthaboune, @yvettesonneveld, @webcommsat, @muzhdekad @alexdenning@natashadrewnicki, @oglekler, and Daria Gogoleva.


WPTavern: Kioken Blocks Partners with Gutenslider Plugin

Wordpress Planet - Tue, 10/15/2019 - 19:03

Kioken Blocks creator Onur Oztaskiran is teaming up with Niklas Jurij Plessing, a Berlin-based developer and author of the Gutenslider plugin, to improve both products under the same roof. Oztaskiran said the partnership is not an acquisition but rather a unification of efforts that may eventually result in combining under the same name.

“Our short term plan is to work on each other’s plugins to improve them according to our individual areas of expertise (me in design, marketing and user happiness, him in development and more technical stuff where I fall short), and then fully collaborate on plugins and themes,” Oztaskiran said.

Gutenslider will remain a standalone plugin and will not be merged into Kioken Blocks. Both products will share similar resources in terms of functionality and support. The team plans to work on porting their products to be ready for WordPress.org’s upcoming Block Directory. Pro users of Kioken Blocks will be able to use the pro functionalities of Gutenslider and the team plans to make Gutenslider work like an extension to Kioken Blocks.

“Gutenslider is pretty extensive at it is, and we thought it deserves to keep going as a standalone block and plugin, since it will be also available in the upcoming Block Directory for Gutenberg,” Oztaskiran said. “We will handle it as another product even though it is under the same roof as Kioken Blocks. We will continue adding new features to that block and improve the experience and Kioken Blocks will gain new blocks as well, but not as extensive as Gutenslider. There’s a possibility we could rename the block but that’s not the case at the moment.”

Oztaskiran said he sees a lot of possibilities in Gutenslider, because it is not just an image and video slider but capable of adding different types of block content on top of the slides, such as paragraphs, headings, images, galleries, products, and more.

“Since the future of Gutenberg, as we see it, is going to be shaped around the Block Directory in the editor, our plan is focusing more blocks on that directory, with the Kioken Blocks as a builder on top of them as a plugin,” Oztaskiran said. “The final goal is building an ecosystem for WordPress users who have adopted the new editor – products, plugins and themes with a streamlined interface and experience. Dev partnerships are the first step of it.”

Oztaskiran could not confirm if the product catalog will be combining under one company name. The final decision has not yet been made but he said it is likely that they will combine under the Kioken branding sometime in the future for marketing their WordPress products.

WPTavern: WordPress 5.2.4 Release Addresses Several Security Issues

Wordpress Planet - Tue, 10/15/2019 - 15:52

The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure.

Like any security release, users should update immediately to the latest version to keep their sites secure.

For those with automatic updates enabled, the new version is already rolling out to sites. All major branches of WordPress from version 3.7 to 5.2 received the new security fixes. If automatic updates are not enabled, users should update from the “Updates” screen under “Dashboard” in the WordPress admin. Otherwise, users can download WordPress from the release archive and manually run an update to make sure their site is not at risk to what are now publicly-known vulnerabilities.

In the release announcement, the following security issues were noted. They were corrected in all updated versions.

  • Stored cross-site scripting (XSS) could be added from the Customizer screen.
  • An issue that allowed stored XSS to inject JavaScript into <style> tags.
  • A bug that allowed unauthenticated posts to be viewed.
  • A method to use the Vary: Origin header to poison the cache of JSON GET requests (REST API).
  • A server-side request forgery (SSRF) with how URLs are validated.
  • Issues with referrer validation in the WordPress admin.

For developers who want to dive more into the code changes, the changeset is available on GitHub. Most changes should not affect plugins or themes. However, it is worth noting that the static query property was removed in this release. This removal affects both the WP and WP_Query classes. Developers should test their plugins against this version to make sure nothing is broken if their projects rely on this property. It is unlikely that many plugins rely on this query variable.

WordPress 5.2.4 also includes a couple of other bug fixes. One removes a line of code that makes an extra call to the wp-sanitize.js script in the script loader. The second fix addresses an issue where the directory path wasn’t normalized on Windows systems, which led to the wp_validate_redirect() function removing the domain. This fixes a bug created in WordPress 5.2.3.

WPTavern: Meetup.com Introduces RSVP Fees for Members, WordPress Meetup Groups Unaffected by Pricing Changes

Wordpress Planet - Tue, 10/15/2019 - 04:12

Meetup, a subsidiary of WeWork, has announced a significant change to its pricing structure that will require members to pay a $2 fee in order to RSVP to events. The change will go into effect in October, ostensibly to distribute meetup costs more evenly between organizers and members. Some meetup organizers have received the following message:

Meetup is always looking for ways to improve the experience for everyone in our community. One of the options we are currently exploring is whether we reduce cost for organizers and introduce a small fee for members.

Beginning in October, members of select groups will be charged a small fee to reserve their spot at events. The event fee can be paid by members or organizers can cover the cost of events to make it free for members.

Organizers have the option to subsidize the $2 fee for members who RSVP so that it is entirely free for those who attend, but for popular groups this can become cost prohibitive. If 1,000 members RSVP for an event, the organizer would owe $2,000 to host it.

The new pricing does not apply to non-profit groups or Pro Networks. WordPress community organizer Andrea Middleton has confirmed that Meetup’s pricing changes will not affect groups that are part of the official WordPress chapter. In 2018, WordPress had 691 meetup groups in 99 countries with more than 106,000 members. According to Meetup.com, groups in the official chapter now number 780 in 2019. Middleton encouraged any outlying WordPress meetup groups to join the official chapter by submitting an application.

Meetup organizers and members who are affected by the pricing hike are unhappy about the changes. If the angry responses on Twitter are any indication, people are leaving the platform in droves. Many organizers have announced that they are cancelling their subscriptions and looking to migrate to other platforms, such as Kommunity or gettogether.community, an open source alternative for managing local events.

No competitor has the reach or brand recognition that Meetup has. Some groups will inevitably resort to using Eventbrite or Facebook to manage local meetups but neither of these are focused on promoting or growing these types of local events. Discovery and new meetup marketing are Meetup.com’s forte, but the platform has been fairly stagnant when it comes to improving the user experience.

“This new move is quite onerous on users, and WP is lending support to the platform, which is proprietary and for-profit,” Morten Rand-Hendriksen said. “The optics and messaging are not great. When tools we use start to act in problematic ways, and we keep using them, we are tacitly agreeing to and even promoting that behavior even if it is not directly affecting us.”

Andrea Middleton responded, acknowledging that WordPress’ use of certain platforms will sometimes involve compromise.

“It’s true that WordPress contributors use various proprietary and for-profit tools to help us achieve various outreach and coordination goals,” Middleton said. “I think we strive for a balance between expediency and idealism, but of course any compromise results in a loss of one or the other.”

Given the immediate backlash following Meetup.com’s announcement of the pricing changes, it would not be surprising to see the decision reversed. The company characterized the move as an “exploration” and plans to roll it out gradually to more meetups. For organizers who are looking to charge more on top of the fee to cover event costs, Meetup said this feature is coming soon.

WordPress.org blog: WordPress 5.2.4 Security Release

Wordpress Planet - Mon, 10/14/2019 - 21:54

WordPress 5.2.4 is now available! This security release fixes 6 security issues.

WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

Security Updates
  • Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
  • Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
  • Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

For more info, browse the full list of changes on Trac or check out the Version 5.2.4 documentation page.

WordPress 5.2.4 is a short-cycle security release. The next major release will be version 5.3.

You can download WordPress 5.2.4 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.2.4:

Aaron D. Campbell, darthhexx, David Binovec, Jonathan Desrosiers, Ian Dunn, Jeff Paul, Nick Daugherty, Konstantin Obenland, Peter Wilson, Sergey Biryukov, Stanimir Stoyanov, Garth Mortensen, vortfu, Weston Ruter, Jake Spurlock, and Alex Concha.

WordPress 5.2.4 Security Release

Wordpress News - Mon, 10/14/2019 - 21:54

WordPress 5.2.4 is now available! This security release fixes 6 security issues.

WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

Security Updates
  • Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
  • Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
  • Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

For more info, browse the full list of changes on Trac or check out the Version 5.2.4 documentation page.

WordPress 5.2.4 is a short-cycle security release. The next major release will be version 5.3.

You can download WordPress 5.2.4 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.2.4:

Aaron D. Campbell, darthhexx, David Binovec, Jonathan Desrosiers, Ian Dunn, Jeff Paul, Nick Daugherty, Konstantin Obenland, Peter Wilson, Sergey Biryukov, Stanimir Stoyanov, Garth Mortensen, vortfu, Weston Ruter, Jake Spurlock, and Alex Concha.

WPTavern: AMP Project Joins OpenJS Foundation Incubation Program

Wordpress Planet - Mon, 10/14/2019 - 20:52

Last week at the AMP Contributor Summit 2019 in New York City, the AMP project announced that it will be joining the OpenJS Foundation incubation program. OpenJS was formed by a recent merger between the JS Foundation and the Node.js Foundation. AMP will join webpack, jQuery, Mocha, Node.js, ESLint, Grunt, and other open source projects that have OpenJS as their legal entity.

Over the past year, AMP has been evolving its governance, moving to an open, consensus-seeking governance model in 2018, similar to the one adopted by the Node.js project. One of the primary objectives of changing AMP’s governance and moving to a foundation was to foster a wider variety of contributions to the project and its technical and product roadmap. The incubation process will address AMP’s lack of contributor diversity and inclusion, as only past or current Google employees have commit rights on the code base.

In recognition of how the project’s connection to Google has been problematic for adoption, the company is transferring AMP’s domains and trademarks to OpenJS, which is a vender-neutral organization, as outlined in the FAQs of OpenJS’ announcement:

The OpenJS Foundation prides itself on vendor neutrality. Our vested interest resides solely in the ecosystem and the projects that contribute to that ecosystem. The OpenJS Foundation’s Cross Project Council is committed to supporting AMP in addressing these issues and ensure continued progress. During onboarding, AMP will also go through a multi-step process including adopting the OpenJS Foundation Code of Conduct, transferring domains and trademarks and more to graduation from incubation. AMP has made incredible strides by adopting a new governance model and by joining the OpenJS Foundation, they’ve made their intentions clear-AMP is committed to its vision of “A strong, user-first open web forever.”

Google is, however, a Platinum member of the OpenJS Foundation with annual dues of more than $250K per year. This membership guarantees the company direct participation in running the Foundation, a guaranteed board seat, and have a direct voice in budget and policy decisions. Google plans to maintain its team of employees who contribute full time to the AMP project.

According to Tobie Langel, a member AMP’s advisory committee, one of the changes in moving to the OpenJS Foundation is AMP’s governance model will no longer be under the purview of Google and the ultimate goal is that Google will cease funding AMP directly. Instead, the company will direct funds through the foundation and work to remove the project’s Google dependencies for its infrastructure and tooling.

OpenJS Aims to Disentangle AMP Runtime from Google Cache

Gaining full infrastructural independence from Google will be no small feat for AMP contributors. The OpenJS Foundation’s announcement states that one of the long term goals in moving the project over is to disentangle the AMP runtime from the Google AMP Cache:

The end goal is to separate the AMP runtime from the Google AMP Cache. The Project is currently in the incubating stage and Project leaders are still determining the next steps. Ideally, hosting and deployment of the AMP runtime to the CDN would fall under the purview of the OpenJS Foundation, much like the foundation is handling other projects CDNs, such as the jQuery CDN.

Untangling the runtime from the cache is a complex endeavor requiring significant investments of time and effort which would be planned and implemented in collaboration with the foundation and industry stakeholders during and after incubation.

The OpenJS Foundation CPC is committed to having a long-term strategy in place to address this issue by the end of AMP’s incubation.

AMP is used on more than 30 million domains. While many see this news as a positive move towards AMP’s eventual independence from Google, it doesn’t remove Google’s power to compel publishers to support the AMP standard by prioritizing AMP pages in search results. The news was received with skepticism by commenters on Hacker News and Reddit, who deemed it “mostly meaningless window-dressing,” given how aggressively Google is pushing AMP in its search engine. AMP remains deeply controversial and moving it to a foundation that is heavily financially backed by Google is not enough to win over those who see it as Google’s attempt to shape the web for its own interests.

WPTavern: Inside Look at GoDaddy’s Onboarding Process for Managed WordPress Hosting

Wordpress Planet - Mon, 10/14/2019 - 20:30

The Tavern was provided access to test GoDaddy’s onboarding process, which is a part of its managed WordPress hosting service. The company has revamped its system since we covered it in 2016. The web host has had time to garner feedback since then and build an easy-to-use, headache-free way to launch WordPress sites.

GoDaddy has been making waves in the WordPress community over the past few years and is quickly becoming one of the most dominant businesses in the ecosystem. Several of the company’s free WordPress themes consistently rank in the theme directory’s popular list. Most of them are child themes of their popular Primer theme, which boasts 40,000+ active installs when not counting child theme installs. The real count should be north of 200,000.

GoDaddy provided access to its Pro 5+ tier, which is its highest level of managed WordPress hosting. They have three lower tiers, each at different price points and with fewer features. Regular pricing for the tiers range between $9.99 and $34.99 per month. All levels include automatic backups, security scans, caching, and a slew of other features that are not always easy to figure out for new users.

Aaron Campbell , GoDaddy’s head of WordPress Ecosystem & Community, said that their hosting service is growing quickly. “We were among the largest WordPress hosts when we launched our Managed WordPress Hosting in 2014,” he said. “Within 2 years our offering became the largest Managed WordPress platform in the world and remains so to this day.”

GoDaddy launched its basic onboarding process later in 2014. They iterated on that version through 2018. “When Gutenberg went into core in WordPress 5.0 we saw an opportunity to redefine the WordPress onboarding and imagine what a ‘Gutenberg native’ experience would look like,” said Campbell. “Meaning, do what Gutenberg uniquely enables us to do over what was possible before–things that couldn’t be done by making existing themes Gutenberg ‘compatible’ we had to build from the ground up.”

Based on my experience with the product, I would have no qualms about recommending it to new or even more experienced users. Even those with no experience running WordPress can create a new site without trouble in far less time than it’d take to go through the normal, more complex process.

How the Onboarding Process Works

One of the hardest things to know prior to signing up for a service and handing over your credit card number is how the service works. For this reason, I snagged a few screenshots and will do a quick walk-through of the process.

Once you are ready to build your new website, the service provides a “Set up” link that sends you to GoDaddy’s onboarding screen. There are three paths to choose from. The first and most prominent is to view the available templates, which is the path that new users would choose. You can also manually set up WordPress or migrate an existing site.

When selecting to view templates, the service presents over 50 options to choose from. The templates are further grouped by category based on the type of site a user might want to create. I chose the “Beckah J.” option because it worked for my idea of creating a life-wellness site.

Each of the templates are created from GoDaddy’s new Go WordPress theme, which is currently available via GitHub and awaiting review for placement in the official WordPress theme directory.

After selecting a template, the process moves to a preview screen, which has buttons to switch between desktop, tablet, and mobile views. From that point, you can choose to use the template or go back and select another.

This was the first point of the process that felt like it needed polishing. The preview frame was too small to get a feel for what the site would look like on desktop or tablet. This is a fixable problem. There’s plenty of screen real estate GoDaddy could use to make the preview nicer.

The next screen allows users to enter information about what type of site they want to run. Depending on which of the following checkboxes are ticked, GoDaddy will set up the site differently.

  • Provide information
  • Write blog posts
  • Display my portfolio
  • Sell physical goods to my customers
  • Sell digital goods to my customers to download

After completing the final form, GoDaddy begins creating the site. The host sets up the site with one or more of several plugins based on the choices made in the previous form.

The site installation process was slower than I had expected. We live in a fast-paced world where users expect things to happen nearly instantly. I admit I was antsy while waiting for the process to complete, in part because everything else happened so quickly. I wondered if I had time to grab a sandwich. In reality, it was much faster than manually setting up a WordPress install, but the setup did take a few minutes of waiting. My experience may have been an anomaly too. Sometimes these things take time.

A Website Ready to Go

Out of the box, my newly-created site had five custom pages ready based on my choices during the onboarding process.

  • Blog
  • Get in Touch
  • Home
  • My Account
  • My Cart

It was nice to see WooCommerce ready and a contact form set up with my email (handled by the CoBlocks plugin). I would rather have seen contact, account, and cart page slugs for their respective pages, but that’s a personal preference.

The site came with seven plugins installed, five of which were activated.

  • Akismet (deactivated)
  • CoBlocks
  • Gravity Forms (deactivated)
  • Sucuri Security
  • WooCommerce
  • WP101 Video Tutorials
  • Yoast SEO

CoBlocks along with theme integration for the block editor is what made the process of working with the website a breeze. GoDaddy acquired the CoBlocks plugin in April. At the time, the plugin had 30,000+ active installs. It has since grown to 80,000+ in the few months since GoDaddy has taken over.

The Onboarding Process Provides a Nice User Experience

I’ve been critical of GoDaddy over the years. I am a customer of one of their other hosting products that launched years ago. That particular site is stuck on PHP 5.6, which has given me the feeling that the company is not focused on its older projects. However, Campbell said they are in the process of moving users on legacy hosting products to a newer platform.

I’ve been cautiously optimistic about the work GoDaddy has been doing within the WordPress community. They’ve more than shown their commitment to the WordPress platform over the past few years.

Despite a couple of minor hiccups, the onboarding process the hosting giant has built is one of the best experiences I have ever had launching a WordPress site. Even as an old pro, I’d consider using it for future projects, particularly when setting up sites for less tech-savvy family and friends.

Pages