Wordpress Planet

Subscribe to Wordpress Planet feed
WordPress Planet - http://planet.wordpress.org/
Updated: 1 day 23 hours ago

Dev Blog: WordPress 5.1 Release Candidate

Fri, 02/08/2019 - 02:22

The first release candidate for WordPress 5.1 is now available!

This is an important milestone, as the release date for WordPress 5.1 draws near. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.1 is scheduled to be released on Thursday, February 21, but we need your help to get there—if you haven’t tried 5.1 yet, now is the time!

There are two ways to test the WordPress 5.1 release candidate: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the release candidate here (zip).

What’s in WordPress 5.1?

Inspired by Archie Bell & The Drells, WordPress’s theme for 2019 is to “tighten up”, and WordPress 5.1 focussed on exactly that.

With security and speed in mind, this release introduces WordPress’s first Site Health features. WordPress will start showing notices to administrators of sites that run long-outdated versions of PHP, which is the programming language that powers WordPress.

Furthermore, when installing new plugins, WordPress’s Site Health features will check whether a plugin requires a version of PHP incompatible with your site. If so, WordPress will prevent you from installing that plugin.

The new block editor has kept improving since its introduction in WordPress 5.0. Most significantly, WordPress 5.1 includes solid performance improvements within the editor. The editor should feel a little quicker to start, and typing should feel smoother. There are more features and performance improvements planned in upcoming WordPress releases, you can check them out in the Gutenberg plugin.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.1 and update the Tested up to version in the readme to 5.1. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.

The WordPress 5.1 Field Guide has also been published, which goes into the details of the major changes.

WordPress 5.1 Field Guide How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! This release also marks the hard string freeze point of the 5.1 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

This is my release
candidate. There are many
like it. This is mine.

WPTavern: Gutenberg 5.0 Adds New RSS Block, Amazon Kindle Embed Block, and FocalPointPicker Component

Thu, 02/07/2019 - 18:32

Version 5.0 of the Gutenberg plugin was released yesterday with a new RSS block. Riad Benguella, the project’s technical lead for phase 2, published a demo of the block and its settings. Users can set the number of items displayed and also toggle on/off the author, date, and excerpt.

RSS is still relevant today as one of the linchpins of the open web and Gutenberg makes it possible to easily place a feed inside a post or page. (This feature was previously limited to widgetized areas.) The creation of this block is part of a larger effort to port all of WordPress’ existing core widgets over to blocks.

Version 5.0 also introduces a new Amazon Kindle embed block, providing an instant preview from an Amazon Kindle URL. WordPress already has oembed support of Amazon Kindle URLs but it was missing from the Embeds section of the accordion in the block inserter.

One of the most exciting additions in this release is a new FocalPointPicker for the Cover block. It allows users to visually select the ideal center point of an image and returns it as a pair of coordinates that are converted into ‘background-position’ attributes. The result is that the user has more control over how the image is cropped. This feature solves so many problems users have experienced in cropping and displaying images in their WordPress themes and content. The FocalPointPicker was created as a reusable component so that developers can use it to build other blocks with the same capabilities, providing an experience that is consistent with core.

The changes included in Gutenberg 5.0 are immediately available for those running the plugin on their sites but only for WordPress 5.0+. This release drops support for earlier versions of WordPress. The updates in Gutenberg 5.0 are planned to be rolled into WordPress 5.2.

Post Status: Building Multidots, with Anil Gupta

Thu, 02/07/2019 - 17:04

Welcome to the Post Status Draft podcast, which you can find on iTunesGoogle PlayStitcher, and via RSS for your favorite podcatcher. Post Status Draft is hosted by Brian Krogsgard.

In this episode of Draft, I talk to Anil Gupta, the founder of Multidots. Multidots is a 100+ person company, and Anil has established a very people-first environment there. We discuss his journey and what he’s learned about building a company.

I met Anil at CaboPress. We had a great chat there, and we did again at WordCamp US, where we recorded this episode. Anil has a great story and a lot of insight. I hope you enjoy it.

Sponsor: Jilt

Jilt offers powerful email marketing built for eCommerce. Join thousands of stores that have already earned tens of millions of dollars extra sales using Jilt. Try Jilt for free

WPTavern: Transcript of WordPress Weekly Episode 344

Wed, 02/06/2019 - 23:04

Based on requests from listeners, I purchased a transcription of episode 344 of WordPress Weekly where we discussed the WordPress Governance Project. I purchased the transcription from Rev, a well-known service devoted to captions, subtitles, and audio transcriptions.

For an 87 minute podcast, the turn-around time was 25 hours and cost $87. The transcription came out better than I expected considering the way I speak.

The following is a sample of the conversation that took place during the show.

The WordPress Governance Project is an effort that we booted up to surface all the conversations that are happening behind the scenes around WordPress Governance. If you’ve been around the WordPress Project for more than a couple of months, you would know there’s a lot of ongoing conversations internally in the community around who makes decisions, how are decisions made, who are the leaders, who appoints leaders, where is the direction going and who decides on the direction of this project and so on and so on.

And both Rachel and I have been part of this community for awhile and we’ve seen these conversations crop up repeatedly, and they never go anywhere, but they are really important conversations. And here’s a need in our community to surface those conversations because we are in a position now where we need to start acting, taking on the responsibility of being 34.7% of the web and actually using that responsibility for something other than just saying it as a marketing campaign.

Morten Rand-Hendriksen

The transcript is in .txt format for maximum compatibility and includes the speaker’s names.

EPISODE-344-Introduction-to-the-WP-Governance-ProjectDownload

HeroPress: WordPress Saved My Life

Wed, 02/06/2019 - 08:00

This probably is the first time I will be telling my story because I have always lived a fairly secret live.

I am from Nigeria where I was born and still live in. I know we are all stereotyped as scammers and thieves but trust me, a lot of us own and operate legit (online) businesses. Just like in every country, there are good and bad people and we are no exception.

I had a great childhood. Everything was fine and rosy until I lost my Dad which meant I had to shoulder the responsibility of my family as the first child. I manage to finish secondary school and was awarded the best Math student.

Introduction to The Internet / Web

Back then in secondary school, I had a rich friend who owned a Nokia phone (that could browse the internet) he brings to class which he uses to play games and do fun stuff online even though we weren’t allowed to bring nor use a phone in the class. (Funny right? :D)

I have always been a football lover (called soccer in the U.S). I still play very well and support Chelsea FC. So each time I have the opportunity to use his phone, I always visit Goal.com to read football news especially concerning my team Chelsea FC of England.

Being a very inquisitive person, I wanted to learn how the web works as well as have my own website. I was able to buy a Nokia 3120 classic phone via the menial jobs I did after school.

I visited Google and search how to create my wapsite. We refer to mobile phones optimized sites as “wapsite”. The result of my search were filled with site builders like xtgem.com and wapzan.com.

I chose the xtgem.com and discovered I needed an email address to sign up. Didn’t know what that means so I googled it and eventually created a Yahoo email address. Finally registered and built my first website. Sadly, the site is no longer online but I was able to get a screenshot of the site thanks to Wayback Machine.

I had to learn HTML and CSS from w3schools to build the site and it came out well didn’t it?

I later moved on to wapka.mobi site builder which allows you to build dynamic websites such as a social network or forum using its own programming language called “wapka tags”. I was able to build a community/forum, sms collection and a file sharing site.

I later came across simple machine forum and MyBB, I learned them deeply and used them to build forums and community sites for interested people.

Meeting WordPress

I came across a Facebook group called BloggersLab and discovered I could make money blogging. Two prominent platform at the time to create a blog was Blogger.com and WordPress. I chose WordPress because WordPress blogs were always pretty.

From my savings, I bought the cheapest hosting plan from a local web hosting here in Nigeria and installed WordPress using Softaculous included in cPanel and started writing wapka.mobi tutorials. See https://w3guy.com/?s=wapka.

I did all this with my Nokia phone.

Here’s how I publish a new post: first I write it on a notebook before publishing on my blog. I was also building mobile sites for people for small amount of money.

I couldn’t go to the university because of my precarious financial situation. I continue to do menial jobs during the day and started learning PHP in the evenings and at night using my mobile phone via w3schools.com. I later was able to get a cheap old IBM Thinkpad laptop which I used in getting eBooks from torrent sites because I couldn’t afford them at the time and also to practice coding. Mind you, I was also blogging about the stuff I was learning on w3guy.com

I later took up a job teaching children at a school primarily because I got tired of the menial jobs and wanted to earn enough to take care of my internet data plan. After a while, I became fairly proficient in PHP and even took up a job to build a school management system which was really slow and ugly.

WordPress Saved My Life

I needed to start making money with the PHP, HTML & CSS skill I had because my blog wasn’t making any money via AdSense. I think I got to the $100 payout on my second year of blogging.

I came across a post on Sitepoint.com that they were looking for writers. I applied and got in. I started writing PHP and WordPress development tutorials and got paid few hundreds of dollars per article. In Nigeria, that’s quite a lot of money. I was able to improve the life and well-being of my family and I. I also wrote for Smashing Magazine, Designmodo, Tuts+ and Hongkiat.

I later got admission into a polytechnic to study computer science and decided to stop writing and try to make and sell WordPress plugins for a living.

I discovered my tutorial on building custom login form on Designmodo was popular with lots of comment so I decided to make a plugin out of it. That was how my first premium plugin ProfilePress was born. I wanted to sell it on Codecanyon but it was rejected so I decided to sell it myself. It was and still hard doing development and marketing at the same time.

Thankfully, after a year, it started making enough revenue for me to live pretty comfortably here in Nigeria because the cost of living here is little.

Few years later, I came across a payment processing library for PHP called Omnipay which included support for many payment providers like Stripe, PayPal. I use 2Checkout as my payment gateway to sell my plugins via EDD and discovered the driver for 2Checkout in Omnipay was old and unsupported so I built one. I figured I could make money building EDD and WooCommerce payment gateways base on the Omnipay and I did and place them on Codecanyon for sale. They didn’t do well sales wise and I had to stop selling them and moved the 2Checkout gateway for WooCommerce to omnipay.io. I have since built an EDD Paddle gateway which I now sell alongside.

My latest product is MailOptin, a WordPress optin form and automated newsletter plugin. I initially built it for my own need. I figured there might be interest in it so I made a free version and a paid version.

I currently live on the revenue from my plugins.

Wrap Up

I am thankful for WordPress because without it, I’m really not sure I would have been able to live a decent life. Who knows what would have become of me.

I am also thankful for the community. I have made lots of friends that has been very supportive and helpful in my journey.

If you live in a third world country like myself and going through hardship, I hope my story will inspire you to be great.

I tell people, life won’t give you what you want. You demand from life what you want. You make these demands by being determined and never giving up on your dreams and aspiration.

If you are poor perhaps because you came from a humble and poor background, it is not your fault. You can’t go back in time to change things. I implore you to be strong, determined and hustle hard.

I will end with this story.

Two guys had become shipwrecked and were directionless-ly drifting on the vast ocean, desperately holding onto a wooden plank.

A big ship comes along. Elated, one of the guys let’s go of the plank and makes a bold move, using his last strength to reach the ship.

The other guy holds the plank and tells himself: “God will save me.”

A few days later he died and is sent to heaven.

In heaven, he angrily asks God: “Why didn’t you save me?”

“I sent you a boat you idiot.”

No one is coming to save you. You are all alone. It’s up to you to change your fortune.

Do nothing, be nothing.

La fin.

The post WordPress Saved My Life appeared first on HeroPress.

WPTavern: Sending Positive Vibes to Alex Viper007Bond Mills

Mon, 02/04/2019 - 23:53

Alex Mills, the author of several plugins, including the popular Regenerate Thumbnails plugin, published an update on his fight with cancer and it’s not looking too good.

The blood test had been showing a fraction of a percent and then later 3%. That was obviously trending in the wrong direction but the hope was increasing my special medication would keep things in check. It didn’t.

The bone marrow biopsy came back at a spotty 20% (amounts varied by area). This is not good at all as it means the leukemia has morphed into yet some other form that my donor immune system is having trouble keeping in check, either due to a change or being overwhelmed.

Alex Mill

Please join me in sending positive thoughts and vibes to Alex as his battle against Leukemia ramps up.

Dev Blog: The Month in WordPress: January 2019

Mon, 02/04/2019 - 09:17

The momentum from December’s WordPress 5.0 release was maintained through January with some big announcements and significant updates. Read on to find out what happened in the WordPress project last month.

WordPress Leadership Grows

In a milestone announcement this month, WordPress project lead, Matt Mullenweg (@matt), named two individuals who are coming on board to expand the leadership team of the project.

As Executive Director, Josepha Haden (@chanthaboune) will oversee all the contribution teams across the project. As Marketing & Communications Lead, Joost de Valk (@joostdevalk) will lead the Marketing team and generally oversee improvements to WordPress.org.

Both Josepha and Joost have contributed to the WordPress project for many years and will certainly have a much larger impact going forward in their new roles.

WordPress 5.1 Development Continues

Immediately after the 5.0 release of WordPress, work started on version 5.1 with some highly anticipated new features coming out in the first beta release. Since then, the second and third betas have been made available.

One of the core updates in this release — a feature to improve the way in which WordPress handles PHP errors — has been pushed back to version 5.2 due to unforeseen issues that would have caused significant delays to the 5.1 release.

Want to get involved in testing or building WordPress Core? You can install the WordPress Beta Tester plugin, follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

Akismet: Version 4.1.1 of the Akismet WordPress Plugin is Now Available

Thu, 01/31/2019 - 18:56

Version 4.1.1 of the Akismet plugin for WordPress is now available. It contains the following changes:

  • We updated the “Setup Akismet” notice so that it resizes to fit all screen sizes.
  • We improved the Akismet settings page so the “Save Changes” button is only highlighted when a change has been made.
  • We fixed a bug that could have been causing the count of spam comments displayed on the dashboard to be up to an hour old rather than the current count.

To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.

Dev Blog: WordPress 5.1 Beta 3

Thu, 01/31/2019 - 03:34

WordPress 5.1 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Testerplugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the beta here (zip).

WordPress 5.1 is slated for release on February 21, and we need your help to get there!

Site Health Check

One of the features originally slated for WordPress 5.1—the PHP error protection handler—will target WordPress 5.2 instead. Some potential security issues were discovered in the implementation: rather than risk releasing insecure code, the team decided to pull it out of WordPress 5.1. The work in #46130 is showing good progress towards addressing the security concerns, if you’d like to follow development progress on this feature.

Additional Changes

A handful of smaller bugs have also been fixed in this release, including:

  • TinyMCE has been upgraded to version 4.9.2 (#46094).
  • The block editor has had a couple of bugs fixed (#46137).
  • A few differences in behaviour between the classic block and the classic editor have been fixed (#46062, #46071, #46085).
  • When adding rel attributes to links, ensure the value isn’t empty (#45352), and that it works as expected with customizer changesets (#45292).
Developer Notes

WordPress 5.1 has many changes aimed at polishing the developer experience. To keep you informed, we publish developers’ notes on the Make WordPress Core blog throughout the release cycle. Subscribe to the Make WordPress Core blog for updates over the coming weeks, detailing other changes in 5.1 that you should be aware of.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! The beta 2 release also marks the soft string freeze point of the 5.1 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

In just a few weeks
WordPress Five-One will be here.
Your testing helps us!

Matt: 39 Books in 2018

Mon, 01/28/2019 - 17:38

Here’s what I read in 2018, in chronological order of when I finished it, as promised in my birthday post. I’ve highlighted a few in bold but in general I was pretty satisfied with almost all of my book choices this year. I’ve put a lot more time into the “deciding what to read” phase of things, and have also had some great help from friends there, and have been trying to balance and alternate titles that have stood the test of time and newer au courant books.

  1. Hot Seat: The Startup CEO Guidebook by Dan Shapiro
  2. The Unbearable Lightness of Being by Milan Kundera (audio)
  3. A Higher Standard by Ann E. Dunwoody
  4. Extreme Ownership by Jocko Willink and Leif Babin (audio)
  5. The Boat by Nam Le
  6. Charlotte’s Web by E. B. White
  7. Nonviolent Communication by Marshall B. Rosenberg
  8. How to Say Goodbye by Wendy Macnaughton
  9. When Things Fall Apart by Pema Chödrön
  10. Soul of an Octopus by Sy Montgomery
  11. Poor Charlie’s Almanack by Charlie Munger and Peter Kaufman
  12. Sam the Cat by Matthew Klam
  13. The Prophet by Kahlil Gibran
  14. The Vegetarian by Han Kang
  15. The Paper Menagerie by Ken Liu
  16. After On: A Novel of Silicon Valley by Rob Reid
  17. The Conquest of Happiness by Bertrand Russell
  18. How to Write an Autobiographical Novel by Alexander Chee
  19. Ficciones by Jorge Luis Borges
  20. Black Box Thinking by Matthew Syed
  21. Darkness Visible by William Styron
  22. Tin Man by Sarah Winman
  23. Sapiens by Yuval Noah Harari
  24. Let My People Go Surfing by Yvon Chouinard
  25. Pachinko by Min Jin Lee
  26. Homo Deus by Yuval Noah Harari
  27. The Lessons of History by Will & Ariel Durant
  28. Stories of Your Life and Others by Ted Chiang
  29. So You Want to Talk About Race by Ijeoma Oluo
  30. Three Body Problem by Cixin Liu
  31. How to Fix a Broken Heart by Guy Winch
  32. Sum: Forty Tales from the Afterlives by David Eagleman
  33. Exit West by Mohsin Hamid
  34. Tiny Beautiful Things by Cheryl Strayed
  35. Farsighted: How We Make the Decisions That Matter the Most by Steven Johnson
  36. Severance: A Novel by Ling Ma
  37. On the Shortness of Life by Seneca
  38. It Doesn’t Have to Be Crazy at Work by Jason Fried and David Heinemeier Hansson
  39. Notes of a Native Son by James Baldwin

Post Status: An Interview with Ernst-Jan Pfauth of De Correspondent

Fri, 01/25/2019 - 23:00

Stressing subscriptions over scale, De Correspondent launched in 2013 with €1.7 million from 18,933 members. Membership has grown over fourfold since then. Subscriptions and book sales are De Correspondent‘s primary revenue sources. Today The Correspondent is closing on its first 50,000 subscribers with $2.6 million raised in pre-launch funding.

Ernst is a long-time WordPress user, but his vision for journalism led to the creation of a technology company built around a proprietary CMS called Respondens for De Correspondent and now The Correspondent. Respondens’ unique design reflects an ethic where subscribers are treated as a community of people who want to be involved in the production of the news they read. In the future, Ernst hopes to market Respondens to support its development and spread the practice of what we might call “responsive journalism.”

Ernst and his colleagues intend to avoid the churn of breaking news by taking a structural focus on the issues they cover, working in the tradition of constructive, problem-solving, or “solutions journalism.”

9/ Not just the problem, but what can be done about it. In Europe, they call it "constructive journalism." In the US, solutions journalism. The idea: Your report is incomplete — lacks depth — unless it includes what we can do: as individuals, as a society or political community.

— Jay Rosen (@jayrosen_nyu) February 20, 2018

Finding solutions as journalists means listening, engaging, and collaborating with readers. In his predictions for journalism in 2019, Ernst told Harvard’s Nieman Lab,

“To really be a reader-driven organization, every journalist that works there should be open to the knowledge, ideas, and concerns of their readers. You can’t outsource that interaction to an engagement editor.”

This approach to journalism slows down and deepens communication by focusing issues around the people and the communities they concern. The constructiveness of this approach may have a lot to do with its calming and humanizing effects.

Ernst has written several Dutch best-sellers, including a Thank-You Book or “gratitude” journal that came out of his efforts to overcome anxiety about public speaking. In his reflections on work, overwork, and gratitude for TEDx, Ernst emphasizes that resistance to “the burnout society” where “creativity is crushed” is a collective task: everyone needs to make daily space for their close relationships where work and media do not intrude.

I am grateful Ernst took some time after the holidays to talk about his experience with WordPress, collaborative online communities, and democratized journalism. Here is the conversation we had.

DK: What are your thoughts about WordPress today? Have you made any connections or maintained relationships with the WP community in other ways?

EP: I started using WordPress in 2006 when I launched my personal blog ahead of an internship at a press agency in the United Nations HQ in New York. The fact that I then, as a twenty-year-old, could start a publication in such an easy way, has been crucial in my career and something I will be the WordPress community eternally grateful for. Since then, I have started several sites, most of them running on WordPress. In 2007 I co-founded the blog of The Next Web Conference, now known as thenextweb.com, in 2009 I started a news blog for the Dutch daily nrc.next, and in 2010, as head of digital at the Dutch quality newspaper (NRC Handelsblad), I switched their main site from ‘Escenic’ to WordPress. The fact that we could so easily build our own plugins (for example, a liveblog feature to cover the Arab spring) was crucial in the success of that news site. Also, the developers enjoyed their work more, since they could give back to the community.

I still run my personal site on WordPress, and even though I don’t publish there anymore, I love to stay in the loop of new WordPress releases and the ever-increasing user-friendliness of the software. In lost moments, I enjoy reading the developers forums and checking their discussions about new releases (I admire the distributed, self-organizing and voluntary efforts of the community) but I’m not in touch with one of the members. I’m just an admiring bystander.

DK: Can you explain when and why you came to see community and membership features as essential to a CMS? What does it look like when the idea of membership/audience inclusion is integral to the software architecture and vision? How are you doing this in Respondens?

EP: The main consideration was focus. We wanted a CMS that only had features for our writers that we deemed important. We didn’t want to create any distraction by having other options available — both to our developers as to our writers. If we build it ourselves, we force ourselves to make conscious decisions about every new feature we add. I.e., we wouldn’t just switch a ‘like’ button on in the comment section, simply because it’s already there. Forcing ourselves to do this made sure we built a laser-focused CMS and publication. The focus and the calm that follows makes it unique. (See “Cultivating calm: a design philosophy for the digital age.”)

Also, our approach to reader interaction — as you mentioned — is a unique asset of our CMS. I elaborate on that in this Medium post, “Reinventing the Rolodex: Why we’re asking our 60,000 members what they know.” We believe in the democratization of the journalistic research process. Anyone could be a source, anyone has expertise and knowledge to share within a specific niche.

1/ THREAD: There’s a great untapped resource in journalism, and it’s available to every journalist right now.

It’s the experience and expertise of your *readers*.

Giving them the opportunity to share what they know, could fundamentally transform journalism.

— Ernst Pfauth (@ejpfauth) December 11, 2018

DK: How does your model of membership-based journalism change at scale, when you have potentially the largest possible national and international audience? Will you still ask your journalists to spend 30-50% of their time reading and responding to member comments and other feedback? Is this essential (or even possible) to sustain at scale?

EP: The thought that you see your readers as sources of knowledge and expertise is crucial. It works for the local examples you mentioned, but it can also work for global topics. For example, we interviewed Shell employees from all over the world — who we found through our Dutch members forwarding a call-out. (“How reader engagement helped unearth the Shell tape.”) We also created the position of “conversation editor” to help journalists with the scalability of their reader interaction.

Yes, there are scale challenges. We see our journalists as conversation leaders and our members as contributing experts. We notice when a journalist gets more feedback from their sources (their readers), they need a research assistant to keep up — for example by highlighting interesting contributions to them or taking over some interviews. These are tasks that can be easily outsourced, as long as the correspondent remains the main point of contact in the comment sections and guides the conversation.

I don’t see the 30 and 50 percent as time to spend on ‘responding to comments.’ The comments are just a means to an end. The end goal is to involve your audience, so you can get a wider set of sources, become more inclusive and publish richer journalism. We estimate it takes 30 to 50 percent of your time to live up to that mission.

DK: On the other end of the spectrum, does your model have things to teach small, local journalism and other membership-focused businesses that they don’t already know? In the new membership-based local journalism I’ve been watching in the US and Canada — local media startups where there’s no history or expectation of a printed product or advertising — there’s a definite limit on the subjects that can be curated and written (or spoken) about in a deep and penetrating way. Is this a low or slow-growth model that simply must be accepted?

EP: It starts with being open about your mission as a journalist (all our new correspondents publish a mission statement when they start working with us) and then telling your audience what you expect from them. It’s about that personal relationship. The CMS, practices, technology and resources all follow. But it’s the being open to your audience input and being open about your shared goal with them that’s crucial. Anyone can do that. And when you start, it might even be easier to do it on a small scale, but it’s more intimate, and you can scale up as you get better at it.

The Correspondent team browses their unbreaking newspaper. From left: Zainab Shah, Jessica Best, Rob Wijnberg, Baratunde Thurston, and Ernst Pfauth.

DK: What do you do to keep sane and whole amid the busyness and stress of work? Are you still a practitioner of journaling and daily gratitude? Have your thoughts on that changed or deepened? 

EP: I still write in a gratitude journal every night and noticed this three-year habit has really made me more aware of ordinary but beautiful moments in life, and also taught me to enjoy the process instead of the end goal. I save my evenings and (80% of) my weekends for family and friends — and always have my phone on DND in those hours. Also: I don’t check my email before I have left my apartment. Setting these clear boundaries and turning them into routines have really helped me to stay sane in the busyness of the campaign.

WPTavern: WPWeekly Episode 344 – Introduction to the WordPress Governance Project

Fri, 01/25/2019 - 01:32

In this episode, John James Jacoby and I are joined by Morten Rand-Hendriksen and Rachel Cherry to discuss the WordPress Governance project. We discover why it was created, its goals, and how it aims to help govern the systems and processes that make up the WordPress project.

Stories Discussed:

WPML Alleges Former Employee Breached Website and Took Customer Emails

The Era of “Move Fast and Break Things” Is Over

WPWeekly Meta:

Next Episode: Wednesday, January 30th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #344:

WPTavern: WordPress Names Josepha Haden New Executive Director, Joost de Valk Marketing and Communications Lead

Wed, 01/23/2019 - 22:23

During the 2018 State of the Word address, Matt Mullenweg acknowledged lessons learned in the process of releasing WordPress 5.0. One of those was the need for various teams across the project to work together better. The friction during the 5.0 development cycle was beneficial in that it surfaced areas where the project can grow and sparked conversations that are already leading to improvements.

Last week Mullenweg announced that WordPress is expanding its leadership team to include Josepha Haden in a new Executive Director role and Joost de Valk as the Marketing and Communications Lead. These new roles better distribute project leadership to more individuals who have demonstrated the ability and judiciousness to guide large, diverse teams towards success. Haden will be overseeing WordPress’ contributor teams and de Valk is leading the marketing team and overseeing improvements to WordPress’ websites and other outlets.

The Executive Director role is particularly critical for the health of the project, as contributor and community feedback pours in across so many different mediums. Tracking all of this information and taking it into consideration amounts to a full-time job. In her first week in the new role, Haden is seeking feedback regarding the challenges contributors face when working on the project. She identified seven challenges which seem to resonate with many who have commented:

  • Coordinating on collaborative work between teams
  • Aligning our work better to project goals/values
  • Understanding team roles, leadership structures, and decision making
  • Clarifying the differences between open source and open commit
  • Tracking conversations and progress across the project
  • Raising project-wide concerns more easily
  • Improving how we recognize and celebrate success

Responses from contributors have so far revolved around a similar theme – the desire for more clearly-defined projects and goals for teams, along with more communication from leadership.

“Define goals and deliverables for each project deliverable,” Daniel Bachhuber suggested. “Once these are defined, it’s much easier to estimate the level of effort and resources required. Distinguish between full-time sponsored, part-time sponsored, and completely volunteer labor. Each of these three do not work at the same pace. It’ll be much easier to estimate a team’s velocity if you know what type of labor you have to work with.”

Meagen Voss offered some valuable insight from a newer contributor’s perspective. She said the leadership of the project is very unclear and that people could benefit from that information being more prominently published. She also suggested that WordPress explore the idea of having ambassadors for each team to facilitate communication and collaboration across projects.

You get to know your team very well, but no so much other teams. I’ve met some great folks in Slack and am getting to know the two groups I’m involved in super well. But if I have an issue or a question that needs to be addressed to another group, then I would have to hang out in that team’s channel for a while to figure out who the right person is to get in touch with. Identifying “ambassadors” or points of contact for each group could be a quick and helpful way to address that.

The conversation is still open for contributors to jump in and share their own challenges and suggestions. Haden plans to follow up with the next steps after gathering more feedback. Action born out of these conversations has the potential to greatly improve contributors’ experiences working together, resulting in fewer people burning out on communication struggles or losing momentum from lack of clearly defined objectives.

Matt: Thich Nhat Hanh on Tea

Wed, 01/23/2019 - 21:27

Drink your tea slowly and reverently, as if it is the axis on which the world earth revolves – slowly, evenly, without rushing toward the future.

— Thich Nhat Hanh in The Miracle of Mindfulness

WPTavern: WooCommerce Launches New Mobile Apps for iOS and Android

Wed, 01/23/2019 - 05:35

This week marks the first public release of WooCommerce’s new mobile app for Android and the improved version for iOS. WooCommerce began beta testing the Android app late last year and the original iOS app has been updated to offer the same features.

This first release should be considered a basic start that is mostly useful for tracking store performance with detailed stats and getting alerts for new orders and product reviews. Users cannot add or edit products and the app does not yet allow for switching between stores. The first release offers basic order management and fulfillment but does not include the ability to change order status. The mobile apps don’t yet live up to their tagline of “Your store in your pocket,” but it’s a good starting place.

According to the Google Play Store, the WooCommerce app has been installed more than 10,000 times and the response from users has been mixed. The app is averaging a 2.5-star rating after early reviews from 45 users. The iOS app has received similar responses. Many of the negative reviews are due to connection/login issues and the requirement for stores to use Jetpack.

“This has promise, but get rid of the need for Jetpack,” one reviewer wrote. “There are other secure ways of syncing up. Other apps have done it for years. This app has been long overdue, but is poor in execution when you need to install a plugin that tends to bog down your site and that most don’t need. Give an alternative means of syncing and allow us to edit at least the basics of a product on the go.”

WooCommerce marketing representative Marina Pape explained the Jetpack requirement in a post announcing the mobile apps’ launch:

The Jetpack plugin connects your self-hosted site to a WordPress.com account and provides a common authentication interface across lots of server configurations and architectures.

Both Apple and Google only allow a single trusted sender for pushes for security reasons (read more), making Jetpack the best way for us to give you modern mobile app features like push notifications.

In order to connect sites with the app, Jetpack creates a shadow site on WordPress.com’s servers and syncs quite a bit of data. Although this list of data is transparently outlined, the Jetpack requirement is a deal breaker for some users. They either object to sharing their data or believe the plugin will slow down their stores. Until the app’s features are more compelling than the detriments users perceive in Jetpack, it may lose a few users based on this requirement.

According to BuiltWith, WooCommerce is now the most popular shopping cart technology used by 22% of the top 1 million websites, with competitors Shopify and Magento not too far behind at 17% and 13% respectively. Having a new mobile app should help WooCommerce remain competitive, but the team needs to keep iterating on the app to make it more useful for those managing stores on the go.

WPTavern: Gutenberg Phase 2 to Update Core Widgets to Blocks, Classic Widget in Development

Tue, 01/22/2019 - 21:11

Gutenberg phase 2 development is underway and one of the first orders of business is porting all existing core widgets to blocks. This task is one of the nine projects that Matt Mullenweg outlined for 2019, along with upgrading the widgets-editing areas in wp-admin/widgets.php and adding support for blocks in the Customizer.

Contributors on phase 2 are also developing a Classic Widget, which would function as a sort of “legacy widget block” for third-party widgets that haven’t yet been converted to blocks. There may be many instances where plugin developers have not updated their widgets for Gutenberg and in these cases their plugins would be unusable in the new interface without the option of a Classic Widget. This block is still in the design stage.

The widgets.php admin page will need to be completely reimagined as part of this process. Mark Uraine, a designer who works at Automattic, created some mockups to kick off the discussion about what this screen might look like.

These mockups are just explorations of where widgets may be headed next, and they do not take into account everything that will be required of this screen.

Nick Halsey, one of the maintainers for WordPress’ Customize component recommended abandoning this screen altogether in favor of showing widget block areas in the Customizer:

The widgets admin screen has a fundamental disconnect with the way that widget areas actually work – with different areas showing in different parts of the screen and potentially on different parts of the site. It will be very difficult to clearly reflect the frontend page structure on this screen in a way that users will be able to understand. Experimenting with contextual approaches to this experience in the customizer offers numerous opportunities for this fundamental problem to be solved. Starting with the visible edit shortcuts that are already in core, revamped widgets could be edited directly on the frontend (of the customize preview) or in an overlay that is more directly related to the display on a particular screen. The ability to navigate to different parts of the site within the customize preview solves a problem that this screen will never be able to address.

Getting blocks to work in the Customizer is also part of phase 2, but conversation on the ticket related to wp-admin/widgets.php indicates the team is not going to abandon this screen just yet.

“While this screen will eventually be deprecated in the future, especially as more of the site is built in Gutenberg, it’s a necessary “baby step” to get us all there together,” Uraine said. “Maybe the best thing is to keep the existing layout, but just allow the use of all blocks within the accordion content areas? This will keep our resources and investment minimal on this particular piece with just a few suggested tweaks to the mockup in the initial post. It will also allow us to move to the Customizer more quickly.”

Gutenberg accessibility contributor Andrea Fercia encouraged contributors to address accessibility before creating visual mockups by designing the information architecture first. He encouraged them to organize the required information and controls while thinking about how someone might navigate them in a linear way.

“The customizer is not fully accessible,” Fercia said. “The admin widgets screen is the only place where persons with accessibility needs have a chance to manage widgets without having to face big accessibility barriers.”

Discussion on the future of the widget management screen continues in the ticket and contributors are looking to get more input during this exploration stage. There’s also a project board where anyone can share a blog post with their own explorations.

Porting widgets to blocks has its own project board if you want to follow along or jump in on an issue. Most of the core blocks are already finished and a handful are still in progress.

Updating the widgets management page and bringing blocks into the Customizer is a major overhaul but will further unify WordPress’ interface for editing and previewing content. Widgets have served WordPress well over the years, making it easy for users to customize their websites without having to know how to code. The feature has also survived many evolutions, eventually making its way into the Customizer five years ago in WordPress 3.9. One of the limitations with widgets is that they can only be used in “widgetized” areas. Transforming widgets into blocks removes that limitation and makes it possible to use widgets in posts and pages as well.

Dev Blog: WordPress 5.1 Beta 2

Tue, 01/22/2019 - 01:01

WordPress 5.1 Beta 2 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the beta here (zip).

WordPress 5.1 is slated for release on February 21, and we need your help to get there!

Over 110 tickets have been closed since beta 1, many of which are documentation and testing suite improvements. Here are the major changes and bug fixes:

  • Several refinements and bug fixes related to the Site Health project have been made.
  • The pre_render_block and render_block_data filters have been introduced allowing plugins to override block attribute values (#45451, dev note coming soon).
  • get_template_part() will now return a value indicating whether a template file was found and loaded (#40969).
  • A notice will now be triggered when developers incorrectly register REST API endpoints (related dev note).
  • Bulk editing posts will no longer unintentionally change a post’s post format (#44914)
  • Twemoji has been updated to the latest version, 11.2.0 (#45133).
  • A bug preventing the Custom Fields meta box from being enabled has been fixed (#46028).
  • The treatment of orderby values for post__in, post_parent__in, and post_name__in has been standardized (#38034).
  • When updating language packs, old language packs are now correctly deleted to avoid filling up disk space (#45468).
Developer Notes

WordPress 5.1 has many changes aimed at polishing the developer experience. To keep you informed, we publish developers notes on the Make WordPress Core blog throughout the release cycle. Subscribe to the Make WordPress Core blog for updates over the coming weeks, detailing other changes in 5.1 that you should be aware of.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! The beta 2 release als marks the soft string freeze point of the 5.1 release schedule.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Do you enjoy bugs?
I don’t. So, we fixed them all.
Well, not all. But close.

WPTavern: WPML Alleges Former Employee Breached Website and Took Customer Emails

Mon, 01/21/2019 - 16:21

Over the weekend, many WPML customers received an unauthorized email from someone who claimed to have hacked the company’s website and gained access to customer emails. WPML founder Amir Helzer suspects that the attacker is a former employee.

“The customer is an ex-employee who left an exploit on the server (not WPML plugin) before leaving. Besides fixing the damage, we’ll also be taking legal actions,” Helzer said Saturday night.

The WPML team worked around the clock over the weekend to secure their systems and sent out an email informing customers of the incident. They also assured customers that the WPML plugin does not contain an exploit and that payment information was not compromised. The company published an announcement to their website, detailing the incident and their response:

We updated wpml.org, rebuilt everything and reinstalled everything. We secured access to the admin use 2-factor authentication and minimized the access that the web server has to the file system.

These are more precautions than actual response to the hack. Our data shows that the hacker used inside information (an old SSH password) and a hole that he left for himself while he was our employee.

This hack was not done via an exploit in WordPress, WPML or another plugin, but using this inside information. In any case, the damage is great and it’s done already.

WPML urges customers not to click on any links in the email the attacker sent out and recommends they change their passwords for wpml.org. The attacker has customer names, emails, and sitekeys, but WPML said the sitekeys cannot be used to push changes to customer websites.

Helzer is convinced that the attack was an inside job and suspects two former employees. He and his team are working to provide evidence to the authorities. He said the the nature of the attack demonstrates that it was likely not an outside hacker:

  • The first time our site was breached was on the day we fired an employee, who had access to our servers. We didn’t identify the breach at that time. However, once we got hacked, we analyzed the original hole and we found in our log when it was placed (yup, he deleted the log, but he didn’t delete the backup). Now that we finished cleaning up the mess, we’re going through all logs and collecting the full evidence.
  • The attacker targeted specific code and database tables that are unique to our site and not generic WordPress or WPML tables.
  • The attacker crafted the attack so that it would cause us long term damage and not be apparent in first sight. That long-term damage is very difficult to guess without knowing our business objectives and challenges. This is information that our employees have, but we don’t disclose.

The idea that a former employee who is known to the company would risk performing these illegal actions is difficult to grasp, even in the case of someone who was fired and may have been acting in retaliation. The risks of being caught seem too great.

“In many jurisdictions including the USA, this is jail time,” Wordfence CEO Mark Maunder said. “So I find it quite incredible that an employee would leave a backdoor, use it to deface their site, steal their data and email all subscribers. This is the infosec equivalent of walking into a police precinct and tagging the wall while the cops watch.”

Helzer said the incident should serve as a wakeup call for companies that employ remote workers. It highlights the importance of having procedures in place for revoking employee access to all systems used as part of day to day operations.

“We have to admit that our site was not secured well enough,” Helzer said. “If someone previously had admin access and stopped working for us, we should have been more careful and avoided this situation.

“This can be a wakeup call for others. We talk a lot about the benefits or remote work and most of the WordPress industry works remotely. This made us realize that we need to be a lot more pessimistic when we allow any access to our system.

“For example, the fact that we’re now coding for ourselves a requirement to login with 2fa, means that we’re not alone in this exposed situation.”

The attacker’s unauthorized email and WPML’s response email went out over the weekend, so many customers will be learning of the incident today when they return to work. Helzer said customers have been supportive so far.

“I think that customers appreciate the fact that we contacted them as fast as we could and we dropped everything and ran to handle this,” he said. “I think that we’ll still have damage. Clients did not run away from us right now but a good reputation is something that you build over years. A nasty incident like this stays ‘on your record.’ This is our livelihood and we take it seriously.”

WPTavern: WPML Website Hacked, Customer Emails Compromised

Sun, 01/20/2019 - 02:32

On Saturday, January 19, WPML customers started reporting having received an email from someone who seems to have hacked the plugin’s website and gained access to customer information.

Got same mail and there is this text on #wpml website visible now. What happened guys? #security #hack #vulnerability #0day or something? #WordPress

— Gytis Repečka (@gytisrepecka) January 19, 2019

The hacker claims to be a disgruntled customer who had two websites hacked due to vulnerabilities in the WPML plugin:

WPML came with a bunch of ridiculous security holes which, despite my efforts to keep everything up to date, allowed the most important two of my websites to be hacked.

WPML exposed sensitive information to someone with very little coding skills but merely with access to the WPML code and some interest in seeing how easy is to break it.

I’m able to write this here because of the very same WPML flaws as this plugin is used on wpml.org too.

The hacker also claims to have exploited the same vulnerabilities in order to send the email to WPML’s customers and has published the same message to the plugin’s website. The text is still live at this time and product pages have also been defaced.

Defaced product features page, for example. pic.twitter.com/MWNZh6g1HQ

— Wordfence (@wordfence) January 20, 2019

The commercial multilingual plugin has been in business since 2009 and is active on more than 600,000 WordPress sites. It is a popular plugin for business sites in Europe, North America, Asia, and South America, especially those with a global audience. Customers are still waiting for an official explanation from WPML.

We contacted the company for comment but have not yet received a response. If you are using the plugin, you should deactivate it until the company pushes an update to patch the security vulnerabilities. This story is developing and we will publish new information as it becomes available.

Update from WPML founder Amir Helzer: “The customer is an ex-employee who left an exploit on the server (not WPML plugin) before leaving. Besides fixing the damage, we’ll also be taking legal actions.”

Pages