Wordpress Planet

Subscribe to Wordpress Planet feed
WordPress Planet - http://planet.wordpress.org/
Updated: 4 days 19 hours ago

WPTavern: Mark Davies Joins Automattic as Chief Financial Officer

Wed, 10/16/2019 - 15:49

Automattic, the company behind WordPress.com, WooCommerce, and various other products, announced earlier today that Mark Davies has joined the team as its Chief Financial Officer (CFO). This news comes fresh off the heels of Automattic’s acquisition of Tumblr in August and a $300 million Series D investment from Salesforce Ventures in September. The investment round gave the company a $3 billion valuation after the funding.

Davies graduated from Western Washington University with a bachelor’s degree in accounting and earned his MBA in finance at Arizona State University. He has since worked for large companies in key roles. Prior to taking the position with Automattic, Davies served as the CFO at Vivint, a North American smart home technology company.

Vivint was founded in 1999 and claims over $1 billion in annual revenue. In 2012, The Blackstone Group purchased the company for over $2 billion. Davies came on board in 2013 and would have played a large role in growing the company’s annual revenue.

Vivint announced on October 15 that Davies was leaving the company. “Mark has created a talented and experienced finance team with a solid track record of growth and financial discipline,” said Todd Pedersen, co-founder and CEO of Vivint Smart Home. “We thank him for his six years with the company and wish him the best in his next role.”

Before joining Vivint, Davies served as president of global business services with Alcoa. He was also a member of the Alcoa Executive Council. Prior to that position, he spent 12 years at Dell Inc. in various roles. His most recent position was as the managing vice president of strategic programs. He earlier served as the CFO of Dell’s Global Consumer Group, which is a $14 billion enterprise with operations across the world. He held positions with Applied Materials and HP earlier in his career.

Davies should play a key role in helping Automattic grow beyond its current levels of revenue. He has the credentials and experience to do so.

“Automattic is creating the operating system for the web, from websites to ecommerce to social networks,” said Matt Mullenweg, founder and CEO of Automattic and co-founder of WordPress. “As we zoom past 1,100 employees in over 70 countries, we wanted a financial leader with experience taking businesses from hundreds of millions in revenue to billions and even tens of billions, as Mark has. I’m excited about working alongside such an experienced leader day-to-day to build one of the defining technology companies of this era.”

Mullenweg if often cited saying that he would like to see WordPress have an 85% share of the web. Currently, WordPress runs over 34% of the top 10 million websites. Automattic would certainly play a role in pushing the platform toward that lofty goal. He and David Heinemeier Hansson discussed the dynamics of power in open source communities and whether such a goal was healthy for the web earlier this month. In the discussion, Mullenweg clarified that 85% was a “trailing indicator” rather than a goal.

Stuart West served as Automattic’s CFO for the last seven years. He will continue working within the company, but there is no word on what that new role is. “I want to thank Stu for his significant contributions to Automattic during his seven and a half years as CFO,” said Mullenweg. “He built a talented finance team during a period of 10x growth in staff and revenue and played an essential role in the success of our company.”

Matt: New Automattic CFO

Wed, 10/16/2019 - 15:28

As Venturebeat has picked up, Mark Davies will be leaving Vivint and joining the merry band. Automattic is creating the operating system for the web, from websites to ecommerce to social networks. As we zoom past 1,100 employees in over 70 countries, we wanted a financial leader with experience taking businesses from hundreds of millions in revenue to billions (Vivint) and even tens of billions (Alcoa and Dell), as Mark has. I’m excited about working alongside such an experienced leader day-to-day to build what I hope will become one of the defining technology companies of the open web era.

WordPress.org blog: WordPress 5.3 Release Candidate

Tue, 10/15/2019 - 21:18

The first release candidate for WordPress 5.3 is now available!

This is an important milestone as we progress toward the WordPress 5.3 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.3 is currently scheduled to be released on November 12, 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time!

There are two ways to test the WordPress 5.3 release candidate:

What’s in WordPress 5.3?

WordPress 5.3 expands and refines the Block Editor introduced in WordPress 5.0 with new blocks, more intuitive interactions, and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers complete control over the look of a site.

This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the Block Editor.

In addition, WordPress 5.3 allows developers to work with dates and timezones in a more reliable way and prepares the software to work with PHP 7.4 to be release later this year.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.3 and update the Tested up to version in the readme file to 5.3. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.

The WordPress 5.3 Field Guide will be published within the next 24 hours with a more detailed dive into the major changes.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! This release also marks the hard string freeze point of the 5.3 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

WordPress.org blog: Responsible Participation In Online Communities

Tue, 10/15/2019 - 19:41

In our first article in this series, we highlighted the WordPress mission to democratize publishing. WordPress introduced a tool to independent and small publishers who did not have the resources of the larger publishing platforms. Access to a free content management system to create websites has empowered thousands of people to find their voice online. People have been able to share their enthusiasm for hobbies, causes, products and much more. Through these different voices, we can encourage understanding, spark creativity, and create environments where collaboration can happen. But as we build more digital communities, it’s easy to forget that online safety is a group effort.

Digital literacy is also part of being a good digital citizen, but it’s more than just being able to do basic actions with your mobile device. Digital literacy refers to the range of skills needed to do online research, set up web accounts, and find solutions for fixing devices among other things. But to be able to enjoy more of the digital world safely and responsibly – to be a good digital citizen – we need to be able to: 

  • navigate vast amounts of information without getting overwhelmed;
  • evaluate a variety of perspectives;
  • connect with people with respect and empathy;
  • create, curate and share information.

We will need our offline analytical and social skills to make that happen. 

Here’s some best practices our community members have shared! Online or offline, let empathy be your compass

The hardest part about all of this is the anonymity of online interactions. Without that face-to-face feedback of saying something mean to another person’s face, it’s easy to upset the people you’re trying to communicate with.

In our daily lives in the offline world, comments may be more tempered and slow to anger  in disagreements. Visual cues will help us determine how a remark is perceived. That, in turn, helps us adjust our behaviour Action, reaction, it’s how we learn best.

Online, however, the experience is different. A keyboard does not protest if we type angry, hate-filled messages. A screen does not show any signs of being hurt. The lack of physical human presence combined with the anonymity of online alter-egos can be a formula for disrespectful and unfriendly behavior. It is good to remind ourselves that behind the avatars, nicknames and handles are real people. The same empathy we display in our in-person interactions should apply online as well.

Critically evaluate your sources 

We all have times when we consume information with limited research and fact-checking. For some of us, it feels like there’s no time to research and compare sources when faced by a sea of online information. For others, there may be uncertainty about where to start and what to consider. But, without a bit of skepticism and analytical thinking, we run the risk of creating narrow or incorrect understanding of the world. With a little effort we can curb the sharing of fake news and biased information, particularly on topics that are new to us or that we’re not familiar with.

Misinformation can spread like wildfire. Ask these simple questions to evaluate information online: 

  • who is the source of the information?
  • is it plausible?
  • is the information fact or just an opinion?
Own our content

In this day and age, it’s never been easier to just copy, paste and publish somebody else’s content. That doesn’t mean that we should! Publishing content that is not truly ‘yours’ in wording and tone of voice is unlikely to build a connection with the right audience. But, just as important, using someone else’s content may breach copyright and potentially intellectual property rights. 

For more information about intellectual property, visit the World Intellectual Property Organization website.

Don’t breeze past terms and conditions

Have you ever signed up for an online service (to help you distribute published content or accept payments) that was offered at no cost? In our fast-paced digital lives, we tend to want to breeze past terms and conditions or warning information and often miss important information about what will happen with our data. 

When we are given a contract on paper, we tend to read and re-read it, giving it a greater priority of our time. We may send it to other people for a second opinion or seek further review before signing. Remarkably, we rarely do that with online agreements. As a result, we may be putting our online privacy and security at risk. (WordPress uses a GPL license, and only collects usage data that we never share ever.).

Keep your website safe and healthy

If you would like to own your voice online, you also need to protect your reputation by securing your publishing platform. Websites can face security attacks. Hackers may seek to obtain access through insecure settings, outdated plugins and old software versions, and in extreme cases can try to scam your visitors. And leaking customer data, may even lead to legal consequences.

On top of that, websites ‘flagged’ for security issues, can lead to high bounce rates and eventual loss of search rankings. This can all affect how search engines rate or even block your site. 

Good practices to keep your website safe include changing your safe password regularly, installing security software, an SSL certificate and keeping the core software, plugins and themes up to date. This will not guarantee that you will keep hackers out, so always keep several backups of your site, ideally both offline and online.

That is just website security in a tiny nutshell. If you would like to learn more about keeping websites safe, you may want to check out some of these resources and many more videos at WordPress.tv.

Join in and help make the web a better place!

As part of Digital Citizenship Week, we would like to encourage you to learn and share skills with your colleagues, friends and family members. That way, we all become more informed of potential issues and how to reduce the risks. Together we can make it easier to navigate the web more effectively and securely!

Additional resources Site health check

WordPress 5.2 introduced pages in the admin interface to help users run health checks on their sites. They can be found under the Tools menu.

Security and SSL  Contributors

@chanthaboune, @yvettesonneveld, @webcommsat, @muzhdekad @alexdenning@natashadrewnicki, @oglekler, and Daria Gogoleva.

WPTavern: Kioken Blocks Partners with Gutenslider Plugin

Tue, 10/15/2019 - 19:03

Kioken Blocks creator Onur Oztaskiran is teaming up with Niklas Jurij Plessing, a Berlin-based developer and author of the Gutenslider plugin, to improve both products under the same roof. Oztaskiran said the partnership is not an acquisition but rather a unification of efforts that may eventually result in combining under the same name.

“Our short term plan is to work on each other’s plugins to improve them according to our individual areas of expertise (me in design, marketing and user happiness, him in development and more technical stuff where I fall short), and then fully collaborate on plugins and themes,” Oztaskiran said.

Gutenslider will remain a standalone plugin and will not be merged into Kioken Blocks. Both products will share similar resources in terms of functionality and support. The team plans to work on porting their products to be ready for WordPress.org’s upcoming Block Directory. Pro users of Kioken Blocks will be able to use the pro functionalities of Gutenslider and the team plans to make Gutenslider work like an extension to Kioken Blocks.

“Gutenslider is pretty extensive at it is, and we thought it deserves to keep going as a standalone block and plugin, since it will be also available in the upcoming Block Directory for Gutenberg,” Oztaskiran said. “We will handle it as another product even though it is under the same roof as Kioken Blocks. We will continue adding new features to that block and improve the experience and Kioken Blocks will gain new blocks as well, but not as extensive as Gutenslider. There’s a possibility we could rename the block but that’s not the case at the moment.”

Oztaskiran said he sees a lot of possibilities in Gutenslider, because it is not just an image and video slider but capable of adding different types of block content on top of the slides, such as paragraphs, headings, images, galleries, products, and more.

“Since the future of Gutenberg, as we see it, is going to be shaped around the Block Directory in the editor, our plan is focusing more blocks on that directory, with the Kioken Blocks as a builder on top of them as a plugin,” Oztaskiran said. “The final goal is building an ecosystem for WordPress users who have adopted the new editor – products, plugins and themes with a streamlined interface and experience. Dev partnerships are the first step of it.”

Oztaskiran could not confirm if the product catalog will be combining under one company name. The final decision has not yet been made but he said it is likely that they will combine under the Kioken branding sometime in the future for marketing their WordPress products.

WPTavern: WordPress 5.2.4 Release Addresses Several Security Issues

Tue, 10/15/2019 - 15:52

The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure.

Like any security release, users should update immediately to the latest version to keep their sites secure.

For those with automatic updates enabled, the new version is already rolling out to sites. All major branches of WordPress from version 3.7 to 5.2 received the new security fixes. If automatic updates are not enabled, users should update from the “Updates” screen under “Dashboard” in the WordPress admin. Otherwise, users can download WordPress from the release archive and manually run an update to make sure their site is not at risk to what are now publicly-known vulnerabilities.

In the release announcement, the following security issues were noted. They were corrected in all updated versions.

  • Stored cross-site scripting (XSS) could be added from the Customizer screen.
  • An issue that allowed stored XSS to inject JavaScript into <style> tags.
  • A bug that allowed unauthenticated posts to be viewed.
  • A method to use the Vary: Origin header to poison the cache of JSON GET requests (REST API).
  • A server-side request forgery (SSRF) with how URLs are validated.
  • Issues with referrer validation in the WordPress admin.

For developers who want to dive more into the code changes, the changeset is available on GitHub. Most changes should not affect plugins or themes. However, it is worth noting that the static query property was removed in this release. This removal affects both the WP and WP_Query classes. Developers should test their plugins against this version to make sure nothing is broken if their projects rely on this property. It is unlikely that many plugins rely on this query variable.

WordPress 5.2.4 also includes a couple of other bug fixes. One removes a line of code that makes an extra call to the wp-sanitize.js script in the script loader. The second fix addresses an issue where the directory path wasn’t normalized on Windows systems, which led to the wp_validate_redirect() function removing the domain. This fixes a bug created in WordPress 5.2.3.

WPTavern: Meetup.com Introduces RSVP Fees for Members, WordPress Meetup Groups Unaffected by Pricing Changes

Tue, 10/15/2019 - 04:12

Meetup, a subsidiary of WeWork, has announced a significant change to its pricing structure that will require members to pay a $2 fee in order to RSVP to events. The change will go into effect in October, ostensibly to distribute meetup costs more evenly between organizers and members. Some meetup organizers have received the following message:

Meetup is always looking for ways to improve the experience for everyone in our community. One of the options we are currently exploring is whether we reduce cost for organizers and introduce a small fee for members.

Beginning in October, members of select groups will be charged a small fee to reserve their spot at events. The event fee can be paid by members or organizers can cover the cost of events to make it free for members.

Organizers have the option to subsidize the $2 fee for members who RSVP so that it is entirely free for those who attend, but for popular groups this can become cost prohibitive. If 1,000 members RSVP for an event, the organizer would owe $2,000 to host it.

The new pricing does not apply to non-profit groups or Pro Networks. WordPress community organizer Andrea Middleton has confirmed that Meetup’s pricing changes will not affect groups that are part of the official WordPress chapter. In 2018, WordPress had 691 meetup groups in 99 countries with more than 106,000 members. According to Meetup.com, groups in the official chapter now number 780 in 2019. Middleton encouraged any outlying WordPress meetup groups to join the official chapter by submitting an application.

Meetup organizers and members who are affected by the pricing hike are unhappy about the changes. If the angry responses on Twitter are any indication, people are leaving the platform in droves. Many organizers have announced that they are cancelling their subscriptions and looking to migrate to other platforms, such as Kommunity or gettogether.community, an open source alternative for managing local events.

No competitor has the reach or brand recognition that Meetup has. Some groups will inevitably resort to using Eventbrite or Facebook to manage local meetups but neither of these are focused on promoting or growing these types of local events. Discovery and new meetup marketing are Meetup.com’s forte, but the platform has been fairly stagnant when it comes to improving the user experience.

“This new move is quite onerous on users, and WP is lending support to the platform, which is proprietary and for-profit,” Morten Rand-Hendriksen said. “The optics and messaging are not great. When tools we use start to act in problematic ways, and we keep using them, we are tacitly agreeing to and even promoting that behavior even if it is not directly affecting us.”

Andrea Middleton responded, acknowledging that WordPress’ use of certain platforms will sometimes involve compromise.

“It’s true that WordPress contributors use various proprietary and for-profit tools to help us achieve various outreach and coordination goals,” Middleton said. “I think we strive for a balance between expediency and idealism, but of course any compromise results in a loss of one or the other.”

Given the immediate backlash following Meetup.com’s announcement of the pricing changes, it would not be surprising to see the decision reversed. The company characterized the move as an “exploration” and plans to roll it out gradually to more meetups. For organizers who are looking to charge more on top of the fee to cover event costs, Meetup said this feature is coming soon.

WordPress.org blog: WordPress 5.2.4 Security Release

Mon, 10/14/2019 - 21:54

WordPress 5.2.4 is now available! This security release fixes 6 security issues.

WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.

Security Updates
  • Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
  • Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
  • Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

For more info, browse the full list of changes on Trac or check out the Version 5.2.4 documentation page.

WordPress 5.2.4 is a short-cycle security release. The next major release will be version 5.3.

You can download WordPress 5.2.4 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.2.4:

Aaron D. Campbell, darthhexx, David Binovec, Jonathan Desrosiers, Ian Dunn, Jeff Paul, Nick Daugherty, Konstantin Obenland, Peter Wilson, Sergey Biryukov, Stanimir Stoyanov, Garth Mortensen, vortfu, Weston Ruter, Jake Spurlock, and Alex Concha.

WPTavern: AMP Project Joins OpenJS Foundation Incubation Program

Mon, 10/14/2019 - 20:52

Last week at the AMP Contributor Summit 2019 in New York City, the AMP project announced that it will be joining the OpenJS Foundation incubation program. OpenJS was formed by a recent merger between the JS Foundation and the Node.js Foundation. AMP will join webpack, jQuery, Mocha, Node.js, ESLint, Grunt, and other open source projects that have OpenJS as their legal entity.

Over the past year, AMP has been evolving its governance, moving to an open, consensus-seeking governance model in 2018, similar to the one adopted by the Node.js project. One of the primary objectives of changing AMP’s governance and moving to a foundation was to foster a wider variety of contributions to the project and its technical and product roadmap. The incubation process will address AMP’s lack of contributor diversity and inclusion, as only past or current Google employees have commit rights on the code base.

In recognition of how the project’s connection to Google has been problematic for adoption, the company is transferring AMP’s domains and trademarks to OpenJS, which is a vender-neutral organization, as outlined in the FAQs of OpenJS’ announcement:

The OpenJS Foundation prides itself on vendor neutrality. Our vested interest resides solely in the ecosystem and the projects that contribute to that ecosystem. The OpenJS Foundation’s Cross Project Council is committed to supporting AMP in addressing these issues and ensure continued progress. During onboarding, AMP will also go through a multi-step process including adopting the OpenJS Foundation Code of Conduct, transferring domains and trademarks and more to graduation from incubation. AMP has made incredible strides by adopting a new governance model and by joining the OpenJS Foundation, they’ve made their intentions clear-AMP is committed to its vision of “A strong, user-first open web forever.”

Google is, however, a Platinum member of the OpenJS Foundation with annual dues of more than $250K per year. This membership guarantees the company direct participation in running the Foundation, a guaranteed board seat, and have a direct voice in budget and policy decisions. Google plans to maintain its team of employees who contribute full time to the AMP project.

According to Tobie Langel, a member AMP’s advisory committee, one of the changes in moving to the OpenJS Foundation is AMP’s governance model will no longer be under the purview of Google and the ultimate goal is that Google will cease funding AMP directly. Instead, the company will direct funds through the foundation and work to remove the project’s Google dependencies for its infrastructure and tooling.

OpenJS Aims to Disentangle AMP Runtime from Google Cache

Gaining full infrastructural independence from Google will be no small feat for AMP contributors. The OpenJS Foundation’s announcement states that one of the long term goals in moving the project over is to disentangle the AMP runtime from the Google AMP Cache:

The end goal is to separate the AMP runtime from the Google AMP Cache. The Project is currently in the incubating stage and Project leaders are still determining the next steps. Ideally, hosting and deployment of the AMP runtime to the CDN would fall under the purview of the OpenJS Foundation, much like the foundation is handling other projects CDNs, such as the jQuery CDN.

Untangling the runtime from the cache is a complex endeavor requiring significant investments of time and effort which would be planned and implemented in collaboration with the foundation and industry stakeholders during and after incubation.

The OpenJS Foundation CPC is committed to having a long-term strategy in place to address this issue by the end of AMP’s incubation.

AMP is used on more than 30 million domains. While many see this news as a positive move towards AMP’s eventual independence from Google, it doesn’t remove Google’s power to compel publishers to support the AMP standard by prioritizing AMP pages in search results. The news was received with skepticism by commenters on Hacker News and Reddit, who deemed it “mostly meaningless window-dressing,” given how aggressively Google is pushing AMP in its search engine. AMP remains deeply controversial and moving it to a foundation that is heavily financially backed by Google is not enough to win over those who see it as Google’s attempt to shape the web for its own interests.

WPTavern: Inside Look at GoDaddy’s Onboarding Process for Managed WordPress Hosting

Mon, 10/14/2019 - 20:30

The Tavern was provided access to test GoDaddy’s onboarding process, which is a part of its managed WordPress hosting service. The company has revamped its system since we covered it in 2016. The web host has had time to garner feedback since then and build an easy-to-use, headache-free way to launch WordPress sites.

GoDaddy has been making waves in the WordPress community over the past few years and is quickly becoming one of the most dominant businesses in the ecosystem. Several of the company’s free WordPress themes consistently rank in the theme directory’s popular list. Most of them are child themes of their popular Primer theme, which boasts 40,000+ active installs when not counting child theme installs. The real count should be north of 200,000.

GoDaddy provided access to its Pro 5+ tier, which is its highest level of managed WordPress hosting. They have three lower tiers, each at different price points and with fewer features. Regular pricing for the tiers range between $9.99 and $34.99 per month. All levels include automatic backups, security scans, caching, and a slew of other features that are not always easy to figure out for new users.

Aaron Campbell , GoDaddy’s head of WordPress Ecosystem & Community, said that their hosting service is growing quickly. “We were among the largest WordPress hosts when we launched our Managed WordPress Hosting in 2014,” he said. “Within 2 years our offering became the largest Managed WordPress platform in the world and remains so to this day.”

GoDaddy launched its basic onboarding process later in 2014. They iterated on that version through 2018. “When Gutenberg went into core in WordPress 5.0 we saw an opportunity to redefine the WordPress onboarding and imagine what a ‘Gutenberg native’ experience would look like,” said Campbell. “Meaning, do what Gutenberg uniquely enables us to do over what was possible before–things that couldn’t be done by making existing themes Gutenberg ‘compatible’ we had to build from the ground up.”

Based on my experience with the product, I would have no qualms about recommending it to new or even more experienced users. Even those with no experience running WordPress can create a new site without trouble in far less time than it’d take to go through the normal, more complex process.

How the Onboarding Process Works

One of the hardest things to know prior to signing up for a service and handing over your credit card number is how the service works. For this reason, I snagged a few screenshots and will do a quick walk-through of the process.

Once you are ready to build your new website, the service provides a “Set up” link that sends you to GoDaddy’s onboarding screen. There are three paths to choose from. The first and most prominent is to view the available templates, which is the path that new users would choose. You can also manually set up WordPress or migrate an existing site.

When selecting to view templates, the service presents over 50 options to choose from. The templates are further grouped by category based on the type of site a user might want to create. I chose the “Beckah J.” option because it worked for my idea of creating a life-wellness site.

Each of the templates are created from GoDaddy’s new Go WordPress theme, which is currently available via GitHub and awaiting review for placement in the official WordPress theme directory.

After selecting a template, the process moves to a preview screen, which has buttons to switch between desktop, tablet, and mobile views. From that point, you can choose to use the template or go back and select another.

This was the first point of the process that felt like it needed polishing. The preview frame was too small to get a feel for what the site would look like on desktop or tablet. This is a fixable problem. There’s plenty of screen real estate GoDaddy could use to make the preview nicer.

The next screen allows users to enter information about what type of site they want to run. Depending on which of the following checkboxes are ticked, GoDaddy will set up the site differently.

  • Provide information
  • Write blog posts
  • Display my portfolio
  • Sell physical goods to my customers
  • Sell digital goods to my customers to download

After completing the final form, GoDaddy begins creating the site. The host sets up the site with one or more of several plugins based on the choices made in the previous form.

The site installation process was slower than I had expected. We live in a fast-paced world where users expect things to happen nearly instantly. I admit I was antsy while waiting for the process to complete, in part because everything else happened so quickly. I wondered if I had time to grab a sandwich. In reality, it was much faster than manually setting up a WordPress install, but the setup did take a few minutes of waiting. My experience may have been an anomaly too. Sometimes these things take time.

A Website Ready to Go

Out of the box, my newly-created site had five custom pages ready based on my choices during the onboarding process.

  • Blog
  • Get in Touch
  • Home
  • My Account
  • My Cart

It was nice to see WooCommerce ready and a contact form set up with my email (handled by the CoBlocks plugin). I would rather have seen contact, account, and cart page slugs for their respective pages, but that’s a personal preference.

The site came with seven plugins installed, five of which were activated.

  • Akismet (deactivated)
  • CoBlocks
  • Gravity Forms (deactivated)
  • Sucuri Security
  • WooCommerce
  • WP101 Video Tutorials
  • Yoast SEO

CoBlocks along with theme integration for the block editor is what made the process of working with the website a breeze. GoDaddy acquired the CoBlocks plugin in April. At the time, the plugin had 30,000+ active installs. It has since grown to 80,000+ in the few months since GoDaddy has taken over.

The Onboarding Process Provides a Nice User Experience

I’ve been critical of GoDaddy over the years. I am a customer of one of their other hosting products that launched years ago. That particular site is stuck on PHP 5.6, which has given me the feeling that the company is not focused on its older projects. However, Campbell said they are in the process of moving users on legacy hosting products to a newer platform.

I’ve been cautiously optimistic about the work GoDaddy has been doing within the WordPress community. They’ve more than shown their commitment to the WordPress platform over the past few years.

Despite a couple of minor hiccups, the onboarding process the hosting giant has built is one of the best experiences I have ever had launching a WordPress site. Even as an old pro, I’d consider using it for future projects, particularly when setting up sites for less tech-savvy family and friends.

WordPress.org blog: Becoming Better Digital Citizens Through Open Source

Mon, 10/14/2019 - 07:31

The WordPress Project is on a mission to democratize publishing. As WordPress empowers more people to participate in the digital space, we have the opportunity to make sure that everyone can participate safely and responsibly. Today marks the start of Digital Citizenship Week. We are going to share how open source can be used as a tool for learners (regardless of age) to practice and model the essential parts of being a good digital citizen.

What is digital citizenship?

The digital landscape constantly changes and this affects the way we use the internet. New platforms emerge, people find different ways to spread information, communities form, grow and fade away every day. The concepts and practice of promoting civil discourse, critical thinking and safe use of the internet still remain central. And that is exactly what digital citizenship is about.

“Put simply, digital citizenship is a lot like citizenship in any other community — the knowledge of how to engage with digital communities you’re part of in a way that is thoughtful, safe, and makes appropriate use of the technology.”

Josepha Haden, Executive Director WordPress Project Who is a digital citizen?

Digital Citizenship is for all age groups. Anyone who uses the internet on a computer, mobile device or a TV is a digital citizen. You don’t have to be tech-savvy already, maybe you are taking your first steps with technology. Digital Citizenship Week is a chance to reflect together on our impact on the digital world. It can help us to make our consumption more considered and our interaction friendlier. It enables us to make a positive difference to those around us.

All of us can strive (or learn) to become better digital citizens. It can be affected by the access those teaching have had to digital skills and good practice. Adult education classes and community tech hubs play a part in basic tech skill development. Unfortunately, these are not always accessible to those in less populated geographic locations. 

Open source communities like WordPress already make a difference in encouraging the principles of digital citizenship, from sharing tech skills to improving security knowledge. They give people an opportunity to learn alongside their peers and many of the resources are available regardless of location, resources, or skills.

  • WordPress Meetups — locally-based, informal learning sessions — typically take place monthly on weekday evenings.
  • WordCamps are city-based conferences that take place in cities worldwide. These events usually last 1-3 days and are organized and run by volunteers.
  • The talks are also recorded and made available on the free, online library WordPress.tv. These can be watched from the comfort of your own home, office or during informal get-togethers.
What can we do as part of the WordPress community?

Digital citizenship skills, like many other skills needed in this tech-focused world, should be kept up-to-date. Open source communities offer unparalleled opportunities to do this and are available in countries across the world. As part of our role as members of WordPress and other communities, we can pass on such skills to others. For instance by working alongside people who have had limited experience of digital skills. Or by finding new ways of making this knowledge sharing fun and accessible. 

Here are just a few of the ways we do and can make an even greater difference:

  • as bloggers and writers, we can be more aware of how to write content responsibly.
  • as designers, we can think more about how different people will view, understand and respond to the designs and visuals we create or use.
  • as developers, we can build systems that make it easier for all users to find information and accomplish their goals, to be secure while visiting our sites, and to model good security and practice.
  • as community members, through organizing events like WordPress Meetups and WordCamps, we are helping equip those who may not have had access to digital literacy or who lack the confidence to put it into place or share with their family and colleagues. Through these events, the online videos and other resources on WordPress.tv and through the Make WordPress teams, we are already making a difference every day.
  • as individuals, the way we communicate in the community and listen to each other is equally important. This is a vital part of how we grow and model positive digital citizens. Through growing our positive digital skills and a better understanding of online etiquette and challenges, we can make our immediate and wider digital world a more positive and useful environment.
  • making it easier to document and share knowledge.
  • emphasizing how skills learned within the community can be used in other parts of our digital lives.
  • creating and becoming ambassadors for Digital Citizenship.

You can also get involved with specific events that have grown out of the wider WordPress project, championed by enthusiasts and those wanting to improve specific digital skills and bring wider benefits to society.

Community-driven Events

For example, WordPress Translation Day in 2019 had 81 local events worldwide. Running for 24-hours, individuals with language skills translated aspects of the platform into multiple languages with a total of 1181 projects modified. An amazing 221 new translators joined on the day. In addition, there was a live stream with talks, panel discussions, interviews, and sharing of tips and skills to help others learn how to translate. Volunteers are now planning the event for 2020!

Stories of how people came together for WordPress Translation Day

Interviews with some of the participants from a previous WordPress Translation Day giving a flavour of how volunteers developed this event.

Do_action days are WordPress events organized in local communities to help give charities their own online presence. Each event involves members of the local WordPress community, planning and building new websites for selected local organizations in one day. Some take place in a working day, others on weekends. 

Volunteer Tess Coughlan-Allen talking about how people came together for the first do_action in Europe to help local charities.

Find the next do_action hackaton nearby your home town.

Improving digital skills through WordPress
In this video clip, Josepha talks about the Digital Divide and what current technological trends mean for it in the future. She explores what it takes to be literate in the digital landscape and how WordPress can be used to build and perfect those skills. Contributors

Thanks to @webcommsat for researching and writing this article and @yvettesonneveld for her supporting work in this series.

WPTavern: Edit Flow Future in Flux: Here Are 5 Alternative Plugins

Fri, 10/11/2019 - 21:21

After years of unpredictable development and support, it seemed the Edit Flow plugin had finally given up the ghost last week when an Automattic support representative confirmed that it is no longer being actively developed and recommended users switch to an alternative. Nick Gernert, head of WordPress.com VIP, has since commented on our post to clarify the company’s intentions. He said Automattic is “in no way dropping support for Edit Flow:”

I’ll start by saying we are in no way dropping support for Edit Flow.

We do see a difference between active feature development and maintenance updates to a plugin and this post tends to use these things interchangeably. It is correct that we are not currently pushing new features for Edit Flow. However, we are committed to maintaining this and other plugins so that those who depend on them are able to continue to do so.

We face the same challenge that many in software face when it comes to supporting existing work while looking to the future and where to invest energy. I hope folks can understand the delicate balance here. We accept that we have fallen short at times when it comes to maintaining our existing work and appreciate the community holding us accountable.

Gernert also said the company’s VIP service is “seeing demand for WordPress in the enterprise market like never before.” The team is doubling down on its commitment to product development for this market and Gernert said outlook for Edit Flow and other Automattic plugins should improve:

VIP is more committed than ever to product development for the unique needs of this space. We have recently brought on a new Head of Product and Engineering. With the addition of this role, there is a commitment to focused product development and that includes ensuring key plugins like Edit Flow are maintained. Presently, that maintenance includes security updates, critical bugs, ensuring compatibility with new versions of WordPress, and directly supporting VIP customer use. Going forward the VIP Product and Engineering teams are committed to allocating time to regularly review and address issues and provide regular updates to the plugins. As we stabilize on maintenance, new feature development will pick up in areas where we see unique opportunity.

Users and developers seemed wary of this response, given the plugin’s history and more recent experiences of trying to contribute to its upkeep. James Miller, a developer who was using Edit Flow on a client project, shared his experience trying to submit a PR for a bug fix.

“It doesn’t seem like it’s even being given a level of attention at the most basic level of what could be considered ‘maintained,'” Miller said. “This plugin was breaking functionality of other plugins on a client site.

“I forked the repo, fixed the issue, and submitted a PR on January 26. After several months of periodic commenting and asking if anybody was even maintaining the repo, it finally got merged just last month. This doesn’t seem to me like a commitment to maintaining the plugin.”

What Does this Mean for Edit Flow Users?

If you’re not currently experiencing any critical bugs and you don’t require additional features beyond what it offers, Edit Flow may be still be a good option if Automattic is able to improve its maintenance. As previously predicted, any new features coming to this plugin will be those that “directly support VIP customer use.”

Support for the plugin has not improved over the last week, so users may still be waiting for updates and fixes for awhile. The support forums indicate that multiple users continue to report issues with both the block editor and the classic editor, as well as conflicts with other plugins. This is likely why Automattic support representatives recommend users fork Edit Flow or switch to another solution.

In support of smaller WordPress-powered publications that have an immediate need for editorial tools, we have compiled a list of alternatives that offer more frequent maintenance and support. Edit Flow’s primary features include a calendar, custom statuses, editorial comments, editorial metadata, notifications, story budget, and user groups. One of the alternatives below may be a suitable replacement, depending on which features are most important to your editorial workflow.


PublishPress is the plugin that Automattic recommended as an alternative, and it is the closest one to matching Edit Flow’s features. It has 7,000 active installs and is used by companies, non-profits, educational institutions, magazines, newspapers, and blogs.

In the free plugin, PublishPress provides an editorial calendar, notifications, editorial comments, custom statuses, content overview, and the ability to create custom metadata for posts. Its creators also offer commercial add-ons for things like a content checklist, Slack notifications, multiple authors, WooCommerce checklist, and more.

Since PublishPress is actually a fork of the Edit Flow plugin, users can migrate seamlessly from Edit Flow without losing any data or settings using the plugin’s built-in migration utility.

The PublishPress team has also created several other publishing plugins that may also be useful for different editorial needs, including PublishPress Revisions, PressPermit, and Capability Manager Enhanced.

Oasis Workflow

Oasis Workflow is a plugin that allows site admins to create custom workflows for content review. It includes three process/task templates for assignment, review, and publishing actions with role-based routing. Workflows can be configured using a drag-and-drop interface. The plugin supports custom statuses, process history, task reassignment, due dates, and email reminders.

Oasis Workflow is often used in healthcare, law and financial firms, universities, CPA firms, non-profits, news outlets, and other organizations that require a formal review process for publishing. A commercial version of the plugin includes features like multiple workflows, auto submit, revisions for published content, with add-ons for editorial contextual comments, teams, groups, and more.

Nelio Content

Nelio Content is a plugin with 6,000 active installs that includes an editorial calendar, editorial comments, tasks, and a content assistant. It also helps users schedule and automatically promote content on social networks. The plugin integrates relevant metrics from Google Analytics and social media accounts to assist users in promoting content.

Editorial Calendar

If the editorial calendar feature of Edit Flow is the only one you need, then the Editorial Calendar plugin might be a good alternative. It is used on more than 40,000 WordPress sites. The plugin provides an overview of when each post will be published, supports multiple authors, the ability to rearrange the schedule with drag-and-drop capabilities, and edit posts directly in the calendar.

WP Scheduled Posts

WP Scheduled Posts is another editorial calendar plugin that makes it easy to manage multiple authors from one place. It includes a visual calendar that can be manipulated via drag-and-drop, allowing users to easily add posts in the queue or create new posts inside the calendar. The plugin has a dashboard widget that displays post statuses for single or multiple authors.

The commercial version of WP Scheduled Posts is targeted at the scheduling aspects of publishing. It offers an auto-scheduler where users can create rules to publish content automatically, as well as a missed schedule handler for automatically publishing posts that didn’t go out on schedule.

WPTavern: Meta Box Settings Page Extension Adds Support for Customizer, Network-Wide Settings

Fri, 10/11/2019 - 17:58

The team behind the Meta Box plugin updated their MB Settings Page add-on to include support for the customizer and multisite. The customizer feature allows theme authors to integrate their custom settings into the customizer using framework-specific code. The multisite integration allows plugin authors to create a network settings page.

The new features come on the heels of an update to the core Meta Box plugin that improves performance for users who have thousands of objects such as posts, terms, or users.

The primary Meta Box plugin originated as a custom fields framework for plugin and theme authors to create meta boxes. It has since grown to handle settings across taxonomies, user profiles, options pages, comment forms, and other areas that have form fields. The plugin offers a unifying API for developers to code over 40 field types without the need to learn each of the internal, field-related APIs in WordPress. At the moment, the plugin has over 400,000 active installations.

Framework-style plugins such as Meta Box, Advanced Custom Fields, and others have filled a gap left open by core WordPress, which does not have a single API for handling fields. Over the years, developers have been left to code against dissimilar APIs and in different languages (PHP and JavaScript). This new feature from the Meta Box team will further extend its usefulness to a large number of developers who need to build out options for their users quickly and without learning additional APIs.

The MB Settings Page add-on is a premium extension that allows theme and plugin authors to create custom settings pages.

The purpose of its customizer integration is for theme authors to map settings pages to customizer panels. However, the feature also allows for sections instead. All of the Meta Box’s field types carry over to the customizer except for its file and image field types due to limitations with how the customizer works. However, other file and image-related fields will handle most needs.

Customizer integration isn’t an all-or-nothing thing. Developers can choose to keep both a custom settings page and panels in the customizer. They may also opt for one screen over the other based on their needs.

The Meta Box team released a video showcasing the new customizer support with some mood music. To be honest, I’m just chilling out and listening as I write this article. I’ve got a little head bob going too.

There is currently no word on whether the customizer fields support live preview. Based on the video, when a user updates an option, the preview panel performs a full page refresh. If live preview is not currently a feature, it would be a welcome one in a future update.

Along with customizer integration, the MB Settings Page update provides the ability for developers to create network-wide settings for multisite.

For some developers, network-wide settings are a bit of an afterthought or something they don’t consider at all for their plugins. Not all plugins need options on the network level. For those that do, authors can start using their custom Meta Box fields directly in the WordPress network admin with a single line of code.

WPTavern: WordPress 5.3 Improves Large Image Handling

Thu, 10/10/2019 - 19:46

WordPress 5.3 Beta 3 was released this week and RC 1 is right around the corner, expected October 15. Core contributors have been publishing developer notes on new features landing in this release. One exciting enhancement that hasn’t received much attention yet is WordPress’ updated handling of large images.

Many WordPress users don’t consider the size of the images they are uploading to their sites, and modern smartphones are capable of producing very high quality images at very large file sizes. WordPress 5.3 will automatically detect large images (with a default threshold of 2560px) and generate a “web-optimized maximum size.” The threshold is used as the max-height and max-width value to scale down the image for use as the largest available size. A new big_image_size_threshold filter is available for developers who want to change the threshold size or disable the new feature altogether.

WordPress will store the original image size so that it is still accessible and a new function is available for fetching its path: wp_get_original_image_path(). It is also used to generate all the image sub-sizes.

More than two million WordPress users rely on plugins like Imsanity, Smushit, and EWWW Image Optimizer to optimize images. They often include additional features for bulk resizing previously uploaded images. WordPress’ new large image handling should not interfere with image optimization plugins, because it doesn’t affect the default settings that they often hook into and use to perform additional optimizations. The new core enhancement may be suitable to replace these plugins for some users who only require the bare minimum optimization on upload.

WPTavern: MachoThemes, Modula Parent Company, Acquires Three Gallery Plugins

Thu, 10/10/2019 - 19:21

MachoThemes, the WordPress development company behind the Modula Gallery plugin, has acquired three gallery plugins. The company is currently rolling the first two of the plugins, Final Tiles Grid Gallery Lite and PhotoBlocks Grid Gallery, into Modula. The third plugin, EverLightbox, will remain as a standalone project.

The three plugins were purchased from Diego Imbriani of GreenTreeLabs. This was not MachoThemes’ first acquisition from Imbriani. They acquired the original Modula plugin from him over two years ago. From there, they grew the user base and continued developing the plugin.

At this time, the exact details of the financial terms are not available to the public, but the transaction was in the range of low-to-mid 5-figures.

The acquisition is a part of MachoThemes’ growth strategy for building a larger audience for their Modula plugin, which currently has over 60,000 active installations. “We liked their feature set, their quirkiness, and overall what they stand for,” said MachoThemes owner Christian Raiber of the reasons behind the acquisition.

The merge of Final Tiles and PhotoBlocks affects over 34,000 plugin users. MachoThemes does not plan to continue supporting or developing them as individual plugins.

The team is in the process of building a migration script to allow users to bring their existing galleries over to the Modula plugin. It is important that users migrate to Modula or another option because unsupported versions of their current plugins may not work in the future.

Both plugins are similar to Modula by allowing users to create a gallery separately from the primary post content screen. However, the user interface and experience between all three plugins are nothing alike. Merging the plugins into Modula means that MachoThemes can work on a single interface and experience for users.

Users may be worried about losing features when migrating to a new plugin. “Most of these options already exist in Modula, under a different name, setting or otherwise paid extension,” said Raiber. “There are a few interesting options in these plugins indeed, and they’ve already sparked new ideas for the team to experiment with.”

Raiber said his company would reach out to users. “We’ll have videos, doc entries, and a dedicated page on wp-modula.com,” he said of the transition. The company plans to keep the plugins available for the next six months but may extend that period depending on how the transition for users is going.

The EverLightbox plugin will remain separate for those who want a lightbox feature for the standard WordPress galleries but not a full gallery-editing plugin. “We will continue to support the plugin and work hard to ensure that all users have a smooth-sailing experience with the plugin just as we have been for all of the plugins we’ve been building,” said Raiber.

The company plans to continue developing and supporting EverLightbox for the long term.

WPTavern: ExpressionEngine Under New Ownership, Will Remain Open Source for Now

Wed, 10/09/2019 - 23:11

EllisLab founder Rick Ellis announced yesterday that ExpressionEngine has been acquired by Packet Tide, the parent company of EEHarbor, one of the most successful EE add-on providers and development agencies in the community. A year ago EllisLab, the developers of EE core, was acquired by Digital Locations but Ellis said the company ended up not being a good fit for the future of the CMS:

A year ago, EllisLab was acquired by Digital Locations in order to facilitate the transition of ExpressionEngine from a commercial software application to an open source one. That transition was successful, but it became apparent in recent months that ExpressionEngine didn’t fit perfectly within the goals of Digital Locations, as it seeks to build a business in Artificial Intelligence.

We decided that what was best for ExpressionEngine was to seek a new owner, one that could devote all the resources necessary for ExpressionEngine to flourish.

In November 2018, EE went open source, adopting the Apache License Version 2.0, after 16 years of being locked down under restrictive licensing. EE’s dwindling community of product developers and site builders were hopeful that the new open source licensing would expand EE’s reach and bring back developers who had migrated to alternatives like Craft.

After the acquisition announcement, the EE community was concerned whether or not it will remain free and open source. Although the software’s homepage sports the tagline “The Open-Source CMS that supports YOU all the way,” EE’s new owners have left the option open for reconsidering its licensing further down the road. They plan to stick with the open source license for the time being. When asked directly in the EE Slack, EE Harbor developer Tom Jaeger said, “That is our plan for now, although at this stage we’re looking at everything with a fresh eye towards what’s best.” The company has published a list of FAQs with the same information.

Brian Litzinger, a developer at BoldMinded, who has created more than 36 add-ons for EE, and is also on the EECA (ExpressionEngine Community Association) board that organizes EEConf, said he has confirmed that EEHarbor plans to keep the CMS open source.

“The board spoke to new ownership just today actually, and they have every intention of keeping it open source,” Litzinger said. “I can’t speak for the whole community, but since going open source my add-on sales have not significantly increased or decreased.

“As with any open source project there has been feedback and pull requests from the community, but nothing significant (e.g. large features). The community as a whole is pretty excited about the new ownership and ExpressionEngine’s future though.”

Shawn Maida, founder of Foster Made, a company that also sells ExpressionEngine add-ons, said he has not seen a significant direct change in the economics of EE since the project went open source.

“I think the real question here is what business model best enables the growth and continued support of the CMS itself, and how is that balanced against the growth of the community,” Maida said. “As a business that offers some add-ons for ExpressionEngine, we need to see both continued growth in ExpressionEngine as a platform and growth in the community, so I think the license model that best enables that matters.”

Travis Smith, president of Hop Studios, has been working with EE since its early days. As someone who is deeply invested in the EE community, he said that he doesn’t think a prospective licensing change would impact the broader community as much as having a clear vision for the CMS’s future.

“I think a licensing change per se wouldn’t be good or bad, but a well-articulated and communicated vision for the CMS’s future would be really helpful for a community that feels unsure at the moment,” Smith said.

“I do think that the exposure that going open source gave into the development process overall at EllisLab was an improvement, and that new features and bug fixes were getting added at a decent pace.”

EE may have changed its licensing to be open source but it is not a community-led project where major decisions happen by a consensus of a diverse representation of community leadership.

“I didn’t observe the community gaining (or applying?) much input or influence over the future of ExpressionEngine in the past year,” Smith said. “I think there was still a feeling of ‘EE is EllisLab’s project’ — and that this change of ownership might shake the community’s devs out of that default assumption, which would be a good thing.”

In the FAQs EEHarbor published today, the company confirmed that it will be developing new features and that it will consider feedback submitted from the community:

While we are in the early stages of long-term strategic planning, we already have a lot of thoughts and ideas around where to take ExpressionEngine based on our own experience. However, it’s not just about us. We are also very interested in collaborating with the ExpressionEngine community. Everyone is more than welcome to submit feedback for us to review as we consider the future of ExpressionEngine

After 16 years under a restrictive license, EE is an interesting example of a newly open source, corporate-led project with a community that is rediscovering its place while ownership of the software is transferred from one company to another. Responses to the acquisition are mostly positive, and users seem excited about Packet Tide’s first planned initiative – finishing development on ExpressionEngine 6.0. Ellis described this upcoming release as “an exciting new version we’ve been quietly working on behind the scenes.” It will include a new control panel with a dark theme, along with add-on and service integrations inside the app.

EEHarbor does not plan to merge its add-ons with ExpressionEngine core at this time, and the statement published today reiterates the company’s commitment to “keep the add-on marketplace fair and open to all developers.”

WPTavern: Rosa 2 Restaurant Theme Provides a Frustrating and Satisfying Experience

Wed, 10/09/2019 - 19:47

Rosa 2 is the sequel to Pixelgrade’s best-selling theme, Rosa. The new theme re-imagines its previous incarnation in the context of the block editor (Gutenberg). I was provided a copy of the theme for free to test and provide my thoughts.

The theme sells for $75/year, or you can pay a one-time fee of $95 for lifetime access. The product launch post could make anyone excited about this theme, but is it worth it?

TLDR; Rosa 2 made for a satisfying experience when building restaurant-style pages. However, the early learning curve and basic setup were frustrating. It also lacks some of the polish I’d expect at a premium price.

A Rundown of the Issues

Before I dive into the good things about Rosa 2 (and there are some nice things about this theme), let me dive into the frustrating aspects. There were so many pain points that I nearly gave up on the theme several times. However, I soldiered on in the hopes of understanding why this theme might be worth using.

Install the Required Plugins First

Let me save you some time right now. When the theme says that it requires the Customify and Nova Blocks plugins, it truly requires them. Otherwise, the theme looks and behaves nothing like the demo or screenshots. It may as well not be the same theme.

When first activating the theme, the front page of your website will become a completely white screen. It is not the dreaded White Screen of Death caused by an error. Instead, the theme is forcibly hiding the content with custom styles.

Why? Yeah, good question.

I see no reason to do so. Outside of changing some code (which I did), users must activate the plugins to make their content appear. There is no technical reason this should be the case when using this theme.

There should be no path in which a user installs a theme only to have their content disappear.

I get it. I was told these were required plugins. The theme even provides easy installation and activation links via the TGM Plugin Activation script. I also get that WordPress lacks any sort of real dependency system for handling this feature. That doesn’t make it any less of a poor user experience.

As a developer, I thought I’d trick the system and test the theme without those plugins installed. I wanted to see what the theme looked like out of the box, which you can see in the following screenshot.

Oh, and that big block of category links in the above screenshot, it never goes away. It just sits there on your blog posts page. It is hard-coded in the posts page template (home.php). Rosa 2 is billed as a restaurant theme, so it might be acceptable if you don’t plan on running a blog.

Header and Nav Problems

The default header looks nothing like the screenshots, demo, or video for the theme. After nearly two hours of using the theme, I was ready to throw in the towel and rule this theme out as a lost cause. Not being able to get the basic nav menu set up for the theme was an exercise in self-punishment that I wouldn’t wish on anyone.

It turns out that the Nova Blocks plugin really is required. Did I mention that you should install the required plugins first?

Stretched images

On blog and archive pages, expect stretched featured images that attempt to fill out the box next to the excerpt for existing posts. There doesn’t seem to be any remedy to this outside of uploading new images.

The theme uses the standard post-thumbnail size but does not define this size in the code. For those unfamiliar with the technical aspects when using this specific size, the theme should ideally define it via the set_post_thumbnail_size() function.

Sticky header

The large sticky header gave me a gut-wrenching feeling that walls were closing in on me. I became light-headed and dizzy. I found it tough to breathe. This is not hyperbole. I’m dead serious.

On a personal note, I’ve had some issues with claustrophobia for the last couple of years. I first had this feeling after being stuck indoors for two weeks while watching over one of my cats who had surgery. I typically work from the porch where I can get fresh air, but that was one of the worst periods of my life.

Since then, I often get this same feeling when sites have large sticky headers. It feels like the walls are closing down. I wonder if others have similar issues.

This feeling could be alleviated if the theme minimized the sticky-header height while scrolling down the page. Fortunately, the theme allows users to choose a static header, which I strongly suggest using. There are some other spacing and sizing options for the header area, which can help shrink some of this down.

Where the Theme Shines

If there is one thing this theme does well, it is making it simple to create pages for a restaurant via the Nova Blocks plugin. Within minutes of creating a custom page, I had a restaurant-style page set up and ready to go.

When coupled with Nova Blocks, the theme beautifully handles the process of creating custom pages with numerous unique outcomes. The integration with the plugin is brilliant. Each block has custom demo content that you can easily modify.

Some of the names of the blocks and block options were cutesy and fun, such as “Hero of the Galaxy,” but they became a slight nuisance when wanting to quickly figure out the purpose of a block. I could see some users becoming annoyed at the names, and they might not be ideal for some professional settings. They were kind of fun though. I have mixed feelings about them.

How Does the Theme Handle Gutenberg?

Rosa 2 is a theme primarily built for the block editor. It wonderfully handled core block output in my tests.

When using Gutenberg-ready themes, I view the pullquote block as sort of the theme designer’s signature. It is one of those blocks where designers can have a lot of fun and put a unique spin on the display. I’m a fan of the pullquote style in this theme (pictured above).

On the whole, it works well. When coupled with Nova Blocks, you have a lot of power at your disposal.

How Does the Code Stack Up?

Rosa 2 is lightweight in terms of custom code. Nearly all of the functionality is within the accompanying plugins. Because this is a theme review, I didn’t dive into the plugin code.

From a purely technical standpoint, the theme does most things according to standards.

There are some things I’d change from an architectural standpoint. For example, the file for its Customify plugin integration is over 1,100 lines of code. I would break that down to more digestible bits, which would help with long-term maintenance and bug hunting.

Some of the editor-related JavaScript code could be more efficient. Repeated patterns should be grouped together to make the code smaller. The editor JavaScript file is not large, but every byte counts in a world where developers assume everyone is running on Gigabit internet connections.

The primary stylesheet is 173 kb, which is OMGBBQ large, especially when you top it off with 100s of kb coming from the stylesheets and scripts loaded by Nova Blocks plugin. Unless you’re a user who is heavily optimizing your site, you can count on some slow page loads.

The Final Verdict

I’d only recommend this theme to people who have more patience than me. While I didn’t follow instructions right off the bat (as a reviewer, I’m trying to push limits and break things), the theme did have some pain points that simply made for a frustrating process.

I’m in the camp of people who believes themes should work out of the box. This theme doesn’t work without some setup. You’ll need to put in some legwork to get it going. However, once you make it over the initial hump, you can build some beautiful page layouts.

I suggest using it strictly for its defined purpose of building a restaurant website. The typography is designed well enough for blogging, but the overall theme isn’t well-suited to it.

WordPress.org blog: WordPress 5.3 Beta 3

Tue, 10/08/2019 - 20:58

WordPress 5.3 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

You can test the WordPress 5.3 beta in two ways:

WordPress 5.3 is slated for release on November 12, 2019, and we need your help to get there.

Thanks to the testing and feedback from everyone who tested beta 2 (and beta 1) over 60 tickets have been closed in the past week.

Some highlights
  • Fixes and enhancements in the admin interface changes introduced in previous 5.3 beta releases.
  • Wording changes in login screen (#43037).
  • Improved accessibility in media upload modal (#47149).
  • Changes in the way the new error handling with images works (#48200).
  • MediaElement.js has been updated from 4.2.6 to 4.2.13 (#46681). The script is now also being loaded in the footer again. This fixes a regression that happened two years ago, so might be worth noting (#44484).
  • Update to the REST API media endpoint to allow resuming of uploads (#47987).

In addition to these, Beta 3 landed a number of small consistency and polish changes to the REST API, including an improvement to the permissions check used when editing comments, a fix for post type controller caching edge cases, and most importantly, the ability to use the _embed parameter to access the full data for a post using the /wp/v2/search endpoint.

Developer notes

WordPress 5.3 has lots of refinements to polish the developer experience. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developer notes tag for updates on those and other changes that could affect your products.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac where you can also find a list of known bugs.

WPTavern: The Evolution of Anonymity in the Internet Age

Tue, 10/08/2019 - 19:20

As a child of the ’90s, I was growing up in one of the largest transitional periods in human history. The Internet Age was upon us.

I was born and raised in a small community in rural Alabama. The country. The backwoods. To give you an idea of how small the place was, my entire school (grades K-12) had around 800 students. While I was fortunate enough that my family could afford to travel for vacation almost every year, I mostly lived a sheltered life.

I rode bikes down the dirt road and explored neighbors’ hunting lands with my best friend in the summer. We’d get up at dawn, grab some provisions, and cycle out for the day’s adventure. We’d race old lawnmowers, build unstable treehouses, and swim in what were likely snake-infested creeks. We’d camp out under the stars. Our parents never asked where we were. As long as we showed up for supper and took a bath a few times each week to scrub the dirt off, we were generally left up to our own imaginations.

There was another aspect of growing up in the ’90s, and that was video games. At 16, I spent most of the summer in the fields picking watermelons or throwing bales of hay onto a trailer. It was hard work, but it kept me supplied with whatever video games I wanted. When not out in the wild, my best friend and I would be glued to a 19-inch television playing the Nintendo 64 (and later the Sega Dreamcast).

I lived in this somewhat country-bumpkin bubble with no idea of the outside world.

Then came the explosion of the internet. My family never had a computer at home. That left me to access this wonderful new thing during school hours or at a friend’s house.

Like pretty much every teen boy I knew at the time, the best use of the internet was logging into adult chatrooms and hoping to chat with a woman. Yeah, the average teenage boy wasn’t doing anything productive with the internet, even in the ’90s. Big surprise there. This isn’t groundbreaking news, folks. Move along.

There were other uses of chatrooms, such as finding other gamers. That’s where my original love of the internet began. I could talk to people across the world about Nintendo and Sega games. I even started getting pen-pals where we would exchange weekly emails.

At the time, there was this common saying among adults, “You don’t know who you’re talking to on that thing. It could be a fat, 40-year-old man living in his parents’ basement.” Hey, why you throwin’ shade at heavyset men? Just tell me it could be a psycho.

My parents drilled this lesson into my brain. School teachers did the same. Like my peers at the time, I was required to use a pseudonym when going online. The thought of using a real name was almost unheard of. As teens, we’d joke about the basement-dwelling bogeyman who our parents and teachers warned us against. It was all a game to us despite there being legitimate fears, particularly now that I have 20 years of hindsight at my disposal.

That’s where I came up with my username of greenshady, by the way. One day I may even tell what it means. One day. For now, I’ll keep all of you who have asked about it over the years guessing.

I used that username for years because there was always this little voice in the back of my mind telling me to remain anonymous.

Anonymity in the Age of Transparency

I’m not exactly sure at what point attitudes toward anonymity changed. Social networks likely played a huge role transitioning us from silly screen names to using our real-life names on the internet. Otherwise, it’d be harder for our real-life friends to find us on Facebook, Twitter, and elsewhere.

This prevailing attitude toward anonymity didn’t limit itself to social networks. More and more, people shunned the idea of anonymous posts or comments on blogs and elsewhere.

There’s likely some form of stardom attached to using real names as well. Everyone is just one video, one blog post, or one tweetstorm away from their 15 minutes in the spotlight.

Even within the WordPress community over the years, I’ve witnessed a shift toward automatically disliking anonymous comments. The prevailing idea is that a person’s contribution to a discussion has less worth if it’s hidden behind the veil of anonymity, that one’s opinions are invalid if they cannot be backed up by a real name.

It opens the person to attack not based on their ideas but on how they choose to present themselves online. This is a part of the culture that is unhealthy.

In a time when you can effectively be shut out from the modern-day public square for making one wrong statement, anonymity is more important than ever for some. Often, there’s no recourse for missteps after you’ve been taken down by the angry horde over a lapse in judgment. Once your name has been hauled through the mud and back again, there’s little you can do about it.

That little voice in the back of my mind, the one carefully crafted by my parents and teachers, is a reminder that a simpler period during the Internet Age once existed.

There are other pockets of the internet where the pseudonym has persisted. One area is in gaming. You’d be the oddball if using a real name in an online multiplayer match. I suppose “Brett” or “Molly” doesn’t strike fear in the heart’s of enemies. The entire culture of online gaming is built upon anonymity, which is at odds with much of the internet world today. Frankly, I find it oddly satisfying.

I do wonder whether a real name online is important for civil discourse. Quite often, online personas are much different than their real-life counterparts. I mean, have you seen the numerous alpha-male groups on social networks made up of men who all think they’re the leaders of the pack? Hmmm…maybe there was some truth to that basement-dweller theory, after all. Thanks for the heads up, Mom and Dad.

The point is that an online persona, even attached to a real name, is still a persona. It’s not much different than a fake user handle.

I’d wager that the need to see a person’s real name has more to do with knowing exactly who to shun for controversial ideas rather than attaching some sort of validity to it. Usernames can be altered. You’re pretty much stuck with your real name, and mishaps follow your real name around.

As we were reviewing the Tavern’s comment policy last week, one point I brought up is that I believe we should allow anonymous comments. A large reason for this is that people should feel safe to communicate their thoughts within the community. While I won’t get into the specifics of internal discussions, I do hope that it’s something we officially remove from the policy.

Being in favor of anonymity does not mean being in favor of personal attacks or handing over a license to use a vulgar term as a username. It’s about protecting people’s ability to speak freely without fear of becoming an outcast within the community for an unpopular opinion.

Sometimes anonymity provides people the freedom they need to effectively discuss ideas. More importantly, it allows them to be a part of the community in a way that they choose.

Are We Moving back?

With the European Union, Japan, Australia, and other countries passing stricter privacy laws, there’s a growing movement to protect privacy across the world. While this movement has focused more on large corporations and what they do with personal data, there’s an underlying fear that’s likely been there from the beginning.

People are coming to the realization that we gave up too much.

We handed over our names. And, once we handed over our names, it was a slippery slope to handing over everything else about ourselves. If you dig deep enough you can find the names of all my cats and when they were all born.

I’m not sure how I feel about that. I’m in too deep at this point.

My parents from 20 years ago would not have liked the idea too much. My dad just uses YouTube to watch videos on building stuff for the most part today (it took years to stop him sending me email chains), but my stepmom is right there along with everyone else on social networks.

It’s odd to look back on the past 20 years to see how some of our initial fears surrounding anonymity have transformed. In another 20 years, we’ll all be back to using pseudonyms again. Call me out on it if I’m wrong. I do wonder if we’ll look back at this time and think everyone was crazy for using their real names.

I welcome your anonymous comments on this post. Just don’t use “wanker” for your handle.

WPTavern: GNU Project Maintainers Move to Oust Richard Stallman from Leadership

Tue, 10/08/2019 - 04:33

GNU Project maintainers are working to oust Richard Stallman from his position as head of the organization. In a joint statement published yesterday morning, a collection of 22 GNU maintainers and developers thanked Stallman for his work and declared that he can no longer represent the project:

We, the undersigned GNU maintainers and developers, owe a debt of gratitude to Richard Stallman for his decades of important work in the free software movement. Stallman tirelessly emphasized the importance of computer user freedom and laid the foundation for his vision to become a reality by starting the development of the GNU operating system. For that we are truly grateful.

Yet, we must also acknowledge that Stallman’s behavior over the years has undermined a core value of the GNU project: the empowerment of all computer users. GNU is not fulfilling its mission when the behavior of its leader alienates a large part of those we want to reach out to.

We believe that Richard Stallman cannot represent all of GNU.

Stallman’s personal website continues to prominently display his intentions to remain in the leadership role. He added the header to his site, following the publication of remarks he made regarding a 17-year old victim of sex trafficker Jeffrey Epstein, which precipitated his resignation from both MIT and the Free Software Foundation:

The Stallman saga has continued to grow stranger in the aftermath of his resignations, as many were concerned that he would be homeless after his website featured a notice that he was “Seeking Housing,” accompanied by a link leading to his specific requirements for a temporary residence. His personal site was also reportedly vandalized nine days ago with a message that he was stepping down from the GNU.

The defacement with the false GNU resignation message was reverted shortly thereafter on September 30, and replaced with the header saying he continues to be “Chief GNUisance of the GNU Project” with no intention of stopping soon. Stallman has not yet publicly acknowledged the statement from the GNU maintainers. He has also not yet responded to our request for comment.

Yesterday the Free Software Foundation (FSF) published a statement indicating it was re-evaluating its working relationship with the GNU project, which has provided some of its technical infrastructure, fiscal sponsorship, and copyright assignment:

GNU decision-making has largely been in the hands of GNU leadership. Since RMS resigned as president of the FSF, but not as head of GNU (“Chief GNUisance”), the FSF is now working with GNU leadership on a shared understanding of the relationship for the future. As part of that, we invite comments from free software community members.

Stallman responded the next day, indicating he wanted to work with FSF on restructuring the relationship between the two organizations:

I recently resigned as president of the FSF, but the FSF continues to provide several forms of crucial support for the GNU Project. As head of the GNU Project, I will be working with the FSF on how to structure
the GNU Project’s relationship with the FSF in the future.

The FSF maintains some critical responsibilities in that it currently holds the copyrights to enforce the GPL. Stallman has recently called on people to continue supporting the FSF’s work, despite his resignation from the organization.

The small contingency of GNU project maintainers who penned the statement published yesterday seem to be on the same page with FSF in its rejection of Stallman’s leadership. Their message concludes with their intention to overhaul the leadership of the free software movement to be more inclusive of the people who have been alienated by Stallman’s behavior over the years:

“We think it is now time for GNU maintainers to collectively decide about the organization of the project. The GNU Project we want to build is one that everyone can trust to defend their freedom.”