This is an old article by Nacin (2011) and is about reducing options by having good defaults. Its been 4 years since in the evolution of WordPress and my opinion is that we havent really moved.
Dave Winer tweeted a photo of a weird, verbose, and confusing Android options screen. I love Android, but like most open source projects, it falls victim to the proliferation of options, rather than making decisions for its users. When explaining this to developers at conferences, I generally mention the preference panels in Adium, a Mac OS X chat client. It practically has an Advanced tab for the Advanced tab. Stuff everywhere. Problem is, when there are too many options, your users can’t find any of them.
Open source doesn’t need to be this bad. One of the tenets of the WordPress philosophy is Decisions, Not Options:
When making decisions these are the users we consider first. A great example of this consideration is software options. Every time you give a user an option, you are asking them to make a decision. When a user doesn’t care or understand the option this ultimately leads to frustration. As developers we sometimes feel that providing options for everything is a good thing, you can never have too many choices, right? Ultimately these choices end up being technical ones, choices that the average end user has no interest in. It’s our duty as developers to make smart design
An interesting piece about how we can enable and use front-end like styles in WordPress text editor at the back-end.
Though WordPress is increasingly on the verge of becoming a fully-fledged application framework, the humble post editor remains the area of the interface users spend most of their time in. It’s a part of the backend that’s seen significant improvements over the last number of years – the recent move to version 4.0 of TinyMCE in WordPress 3.9 being a highlight – but there’s still plenty of room for improvement.
One of the most common problems users have with the editor is the need to constantly switch between editing and preview modes to see how content will actually look live.
In this article we’ll tackle that exact issue and break down how to customize the WordPress text editor to look and function like your front-end design.
Why Would I Want to Customize the Editor?
When you’re busy bashing out an initial draft of a post or page, the final look and feel of the text is the last thing on your mind. What matters is getting your thoughts down and – as Steven Pressfield so elegantly put it – covering the canvas.
As you move on to the serious business of editing and revising however, the fact that your content exists in a context becomes ever more important. Typically, this manifests itself
The new version of WordPress is now available named after Bud Powell.
Version 4.2 of WordPress, named “Powell” in honor of jazz pianist Bud Powell, is available for download or update in your WordPress dashboard. New features in 4.2 help you communicate and share, globally. An easier way to share content
Clip it, edit it, publish it. Get familiar with the new and improved Press This. From the Tools menu, add Press This to your browser bookmark bar or your mobile device home screen. Once installed you can share your content with lightning speed. Sharing your favorite videos, images, and content has never been this fast or this easy.
Extended character support
Writing in WordPress, whatever your language, just got better. WordPress 4.2 supports a host of new characters out-of-the-box, including native Chinese, Japanese, and Korean characters, musical and mathematical symbols, and hieroglyphs.
Don’t use any of those characters? You can still have fun — emoji are now available in WordPress! Get creative and decorate your content with
I've helped publish a plugin on WordPress.org that lets you declutter the WordPress backend by removing unwanted sidebar and dashboard widgets. IMHO this is a must-have for every client site.
WordPress ships with a default set of about a dozen different widgets. Most of them are rarely used, like the Meta widget that displays a link to the WordPress admin and the RSS feed. Combine that with the amount of widgets added by installed plugins, like Jetpack. It quickly gets messy. Luckily, there’s a new plugin on WordPress.org called WP Widget Disable that helps you disable not only sidebar widgets, but also dashboard meta boxes. It provides a simple user interface available under Appearance -> Disable Widgets that allows you to completely remove unwanted widgets.
The plugin, which was built by Silvan Hagen and myself, was sitting around on GitHub for a long time. Now it has been polished and submitted to the WordPress.org plugin repository, where you can download it for free.
This is a great plugin that helps declutter the WordPress admin and is definitely something I think you should install on every client site right now.
Most WordPress commercial plugins use a “one-time purchase” model. But is that the best way? Here’s an in-depth analysis to persuade you to start leveraging recurring revenues for your commercial plugin.
In an interview for WPSchool, Matt Mullenweg mentioned that one of Automattic’s BIG and “silly” mistakes during their first years was not adding automated renewals to WordPress.com. After adding renewals, they started to double their revenues. “We had subscriptions… but they didn’t actually re-new! So you had to come back every year and re-buy everything. Which naturally has a higher churn rate than if you renew it, which every company in the entire world does, it turns out that every company does because our revenue pretty much started doubling! as soon as we did renewals. As I think about all the years we didn’t do renewals, I feel a little silly”
If Matt feels silly, why shouldn’t we, plugin developers, feel silly as well?
Looking at the WordPress plugins market today, the most widely used monetization model is “support + unlimited premium updates”, for a period of a year. And if you want to keep getting updates and support, you’ll have to purchase a license for another year. In fact, everyone is actually selling recurring-payments license but without the automated renewals. Developers don’t admit it, or probably do not acknowledge that, but that’s exactly what it is! I’ve talked
Losing options when switching to a child theme is the topic at hand. I suppose the solution is to not set options on the parent to begin with, but I can see the point being made.
Earlier this week, Theme Review Team at WordPress.org made an important announcement about Theme Customizer. Theme authors are now required to use Theme Customizer for all theme options. References: This is excellent for users, whether it’s a beginner or an expert, none of them will need to search for theme settings/options. Having it placed in customizer will make it much easier to get started.
For developers, they will be able to make most out of the WordPress core, we will see new options and extensions for theme customizer soon. Above all, this will make it easier for theme reviewers to follow a standard pattern. With varied range of theme options that were being used earlier, it was little difficult to check for data sanitization and validation. But, with standardization of customizer, it will be much easier. Theme customizer’s settings and validation check have already been added to Theme Check plugin.
At IdeaBox Themes, we have been using Theme Customizer from the first day and there was a problem that I found while building the themes.
To use the Live Preview feature, we need to use 'type' => 'theme_mod' and then bind it with the customizer js. Now, the problem is theme_mod
Good stuff IMO. Standardization helps everyone be on the same side, and I assume that the theme review made a careful pick what side it is.
Good stuff IMO. Standardization helps everyone be on the same side, and I assume that the theme review made a careful pick what side it is.
Some tips on what to upsell if you are selling WordPress services
Granted, WordPress rarely breaks down by itself … like a car does, or your fridge. But every once in a while, new security issues or bugs get discovered, some plugins start acting wonky and even the database itself needs some spring cleaning. So as great as WordPress is, it’s not a maintenance-free product.
And the issues tend to add up over time. The most common indication that something is not right, and the easiest one to spot, is site speed going down. This is always a wake-up call for the webmaster to do some maintenance.
However, what if the webmaster isn’t that WordPress-savvy? What if it’s a client of yours who just wants their damn site to work properly(!) and doesn’t care that much about doing the administrative work.
Well, this is where you can step into the picture and offer them a WordPress check-up package for a monthly fee.
Therefore, here’s what I will be covering in this post:
how to introduce a WordPress check-up package into your offering,
how to make it a safe recurring income on your bottom line,
how to set things up in a way that will also allow you to make extra money further down the road,
and above all else, how to make the client happy along the way.
Story.am A hosted storytelling platform now available to all completely free.
Nick Haskins launched Story.am earlier this year as a hosted storytelling platform that offers all the features of Aesop Story Engine. Initially, the platform was only available to paying customers, but this week Haskins announced that Story.am is now available to everyone for free. The platform had not received much feedback in the several months it has been open to customers, so Haskins decided to remove all barriers to account creation.
“We really want feedback on Lasso, our visual web editor on Story.AM,” he said. “By making it free, we hope to garner a lot of feedback, even if that feedback isn’t good. Often times, that type of feedback is the best.”
In our recent review of Lasso, Jeff Chandler found that the product wasn’t quite polished enough for prime time but that it has potential. Haskins is hoping to build a broader network of Lasso users who will offer the feedback he needs to improve the editing experience.
Immediately following his announcement that Story.am accounts are now available for free, Haskins was averaging one signup a minute.
Newsletter out, story.am now averaging one signup a minute for the last few minutes. The power of free.
— Nick Haskins (@nphaskins) April
It's going to be a busy few days with an awful lot of plugins wanting to update.
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.
To date, this is the list of affected plugins:
Google Analytics by Yoast
All In one SEO
Multiple Plugins from Easy Digital Downloads
Multiple iThemes products including Builder and Exchange
There are probably a few more that we have not listed. If you use WordPress, we highly recommend that you go to your wp-admin dashboard and update any out of date plugins now.
This issue was first identified by Joost from Yoast in one of his plugins (he did
The latest version of WordPress 4.2 Named Powell is now ready to download
WordPress 4.2 “Powell” has arrived and is now ready for download. It is named for Earl Rudolph “Bud” Powell, an American jazz pianist. This release, led by 10up engineer Drew Jaynes, offers a balanced mix of front-facing features that users will enjoy, as well as improvements for developers. Here is a tour of the highlights. Press This Overhauled
WordPress 4.2 contributors have brought the Press This feature back to life with a completely revamped interface that makes it easy to share content from any website. It allows you to grab text, images, and videos, quickly add your thoughts, and publish. Any media is automatically added to your media library during the process. Add the bookmarklet from the Tools screen to your browser’s bookmark bar or your mobile desktop to jump start your publishing.
Switch Themes in the Customizer
WordPress 4.2 makes it possible to switch themes in the customizer. Users can now browse through themes that have already been installed and activate a new one without ever leaving the frontend. This further streamlines the UI for customizing your site and paves the way for the theme installation process to be added to the customizer in the future.
Important update. Please check your plugins if they aren't effected with it. It is recommended to update all your websites to WordPress 4.1.2.
Important update. Please check your plugins if they aren't effected with it. It is recommended to update all your websites to WordPress 4.1.2.
Blackfire is a fantastic new PHP app profiler. Here is an example of it in action with WordPress. Some seriously cool stuff.
Blackire is still in beta and we are working hard to make it better everyday. In order to exercise the UX as much as possible, we decided to profile several widely used Open-Source projects. This is the first blog post of a new series on this topic. When you don't know the inners of an application, run Blackfire on it and you're going to see how its internals work. That's what we've done with Wordpress; and we found out one hotspot that can be fixed easily.
As you can see on the screenshot below, the impact of the Wordpress translation sub-system is quite significant (with more than 40ms per page):
We looked at the WordPress Plugin Directory for plugins able to mitigate this issue, and we found three of them: MO Cache, 001 Prime Strategy Translate Accelerator and WP Performance Pack. They all use the object cache API to store the translations. Enabling one of them gives impressive results: the .mo translation file isn't parsed on every single page anymore, saving 40ms per request:
Unfortunately, these plugins lack visibility and popularity (only ~20,000 downloads for any of them) even if they allow great performance improvements for any non English Wordpress installations. But now that
Guest post on the trusty CSS Tricks walking through the framework of a custom JSON API for managing multiple different front ends for a single multisite install. Pretty cool!
The following is a guest post by Eduardo Bouças. We all know WordPress is a CMS, but here Eduardo thinks about using it only as an API for content. No front end at all, just URL endpoints that return JSON for use anywhere else. This doesn't detail a comprehensive solution to doing this, it's food for thought with some example code to get you going on a custom solution. If you want to get started developing on a system like this right away, WP REST API is the most robust project with the most momentum. I was recently asked to choose and implement a CMS solution for a digital agency to manage multiple websites in a single installation. For a huge number of reasons, the prime candidate was WordPress. It's free and open-source, has a huge user community, it's easy to use, and has a multisite feature. It's unquestionably a commercially-proven and mature product. But, I had my reservations.
Using WordPress in a conventional way means making an installation, creating a theme (or modifying an existing one) and accepting that every further customization will have to find its place in the ecosystem created by the CMS: the programming languages and technologies (PHP and MySQL) as well as the clever
A planned and coordinated security release today comes from many of the top plugins in the repo.
A coordinated plugin update occurred this morning between many popular WordPress plugins to address a common security vulnerability that allows for XSS cross-site scripting attacks. The common vulnerability that triggered a coordinated plugin update of many popular plugins this morning is caused by a lack of escaping of two WordPress functions, add_query_arg() and remove_query_arg().
It appears it was a common misunderstanding that the functions needed additional escaping when in use, and the WordPress Codex documentation for the functions did not show proper escaping in the example use cases for several years.
The exact number of plugins affected is unknown, but a number of the most popular WordPress plugins are affected.
The vulnerability was originally disclosed to the team at Yoast by Johannes Schmitt of Scrutinizer CI. Joost de Valk took the issue to their security partner, Sucuri, and together they understood that the issue could affect far more than plugins than WordPress SEO and Google Analytics by Yoast.
They worked with WordPress lead developer and WordPress.org plugin team member Dion Hulse to evaluate how many other top plugins may be vulnerable. Combined, Joost notes in
How to create SEO-friendly permalinks for WordPress posts using the permalinks settings, or for every single post type using Caldera URL Builder
Creating SEO-friendly permalinks for your WordPress site is one of the most important steps in the larger process of search engine optimization. WordPress makes creating SEO-friendly permalinks for posts in your blog fairly easy, though the system could be more intuitive.
Of course, WordPress lets you add any number of custom post types. That’s where its real power as a content management system lies. But the more customized your site is, the trickier creating multiple, seo-friendly permalink structures gets.
In this post I will start by showing you how to use WordPress’s built-in tools to make SEO-friendly permalinks for your blog posts. Then I will show you how to do the same for any post type, all without writing a line of code.
SEO-friendly permalinks for blog posts
The established standard, which works well for SEO and making your site easy to navigate, is using a “/category/post-slug” format for your URLs. For example, if the post with the slug “fall-events” is in the category “news” it’s URL should be “/news/fall-events”.
For blog posts this is something that is a fairly easy to accomplish via WordPress’ permalink settings. In the permalink settings you can use a custom structure
One of the easiest ways to speed up your website is to learn how to manage images.
Website speed optimization can be a complex and technical practice, but the non-techies out there will be happy to learn that one of the biggest problems is actually easy for the layperson to solve. The Problem With Images
Images are typically the one of the biggest drains on page load time. Even with caching and a CDN, an unoptimized image will still drag down your page loading time. But, as the website owner, images are completely under your control, so if you can get a handle on how to work with and optimize images, you can have a great impact on the speed of your site.
Based on the websites that I look at during my WP Rocket customer support duties, I see that images contribute, on average, about 30% of the total page load time. Often this is the single largest factor of the loading time. In extreme cases, it could be closer to 60% of the loading time.
Here’s an example of what un-optimized images will do to your site:
The load time is 12 seconds and the size of the page is 8MB. Of those 8MB, images account for 6.7MB. This is out of control!
The number of http requests is commonly cited as a factor in load time, and while it is important, ultimately it’s the page size that is the
If you visit WordPress.org regularly you might have noticed some changes around the place. If you don’t, now’s the time to check them out! We’ve been working hard to improve the site to make it more useful to everyone, both developers and users, and we hope you like what we’ve done. Since WordPress 3.8, you’ve been enjoying improved theme management in your WordPress admin, and in WordPress 4.0 plugin management was refined. We’ve brought these experiences from your admin and re-created them right here on WordPress.org.
If you visit WordPress.org regularly you might have noticed some changes around the place. If you don’t, now’s the time to check them out! We’ve been working hard to improve the site to make it more useful to everyone, both developers and users, and we hope you like what we’ve done. New Theme and Plugin Directories
Since WordPress 3.8, you’ve been enjoying improved theme management in your WordPress admin, and in WordPress 4.0 plugin management was refined. We’ve brought these experiences from your admin and re-created them right here on WordPress.org.
The Theme Directory has a better browsing experience, with handy tabs where you can view featured, popular, and the latest themes. As with the theme experience in your admin, you can use the feature filter to browse for just the right theme for your WordPress website.
Click on a theme to get more information about it, including shiny screenshots, ratings, and statistics.
Konstantin Obenland posted a good overview of everything involved with the theme directory overhaul and followed up with a post on improved statistics.
The Plugin Directory has a brand new theme that mirrors the experience in your WordPress
This plugin side project seems to be taking on a life of its own as fabulous plugins need a new home. It's giving me an amazing opportunity to meet site developers and get to know the community.
My little WordPress plugin side project is taking on a life of its own. As you know, last month I adopted two plugins: Seamless Donations and Better Recent Posts Widget. Seamless Donations is an important plugin doing great work for worthy causes and I’ve been a long-time user of Better Recent Posts Widget as part of the ZATZ Archive site. Together, all ten plugins have been downloaded more than 215,000 times.
To those plugins, I’m adding eight more adoptions. Old-school radio guy Jon Pearkins was the creator of eight very cool plugins. Personal issues are requiring him to step back from maintaining and supporting them. Together, they are known as the “jonradio” plugins and, in fact, each plugin name began with “jonradio”.
Like the other plugins I’ve been adopting, these are plugins I’ve used (with one or two exceptions). They’re excellent and users (as well as some of my own sites) rely on them. There are two major plugins:
My Private Site: turns a site private, only for logged-in users
Multiple Themes: allows you to assign different themes to different parts of your site
Additionally, Jon created a number of helpful support plugins:
Shortcodes Anywhere or Everywhere: lets you use
Some tips on troubleshooting WordPress plugin upgrades - including the old White Screen of Death.
You have to love the fact that you can automatically update your WordPress plugins from within the admin. It turns what used to be a chore (uploading the updated files via FTP) into a nice neat process. Just a few clicks and you’ve got the latest and greatest versions installed. Except that, sometimes, a new version of a plugin may have an undesired effect on your site. Those effects could be as small as a slight display issue that requires you to adjust some settings or CSS. They can also be so bad as to give you that dreaded "White Screen of Death" when trying to load your site.
Most likely, if you’ve used WordPress plugins for awhile, something similar has happened to you. If not, you’re either a) very lucky; or b) very careful.
Unfortunately, occasional problems are just part of the deal. WordPress plugins are built by authors who really do want you to have a great experience. That said, they are all human and have limited amounts of time to spend on their plugins. Plus, it’s essentially impossible to make sure that every conceivable configuration a site owner could be running works without a hitch.
But the good news is there are things we can do to fix these problems and even prepare
Interesting move. I like customizer options but some devs go overboard. How will this new requirement be received, I wonder.
We had a meeting today. You can find the archive here. https://wordpress.slack.com/archives/themereview/p1429639190005379
A few things were decided:
@melchoyce and @jami0821 are going to spearhead getting the design section of the recommendations into shape. They will report back within a month.
We have made a new requirement regarding theme options. We are going to be requiring use of the customizer for all options from now. This applies to all new themes (submitted after this post is published). All existing themes have 6 months from today before we enforce this.
Our aim is to have series of posts to ensure education and that people know how to use the customizer. We will also share resources and how tos. We’ve been recommending it for a while, this is just the next step in that process.
The jazz pianist Bud Powell has been honored for WordPress 4.2 named "Powell". Let’s have a look at what’s new in WordPress 4.2
The wait is over. Matt Mullenweg announced yesterday on the WordPress blog is now released and is available for download.
WordPress version 4.2, named “Powell” is dedicated to the jazz pianist Bud Powell. Powell was a jazz pianist born and raised in Harlem, New York City. He was a leading figure in the development of bebop, composer and famous for greatly extend the range of jazz harmony.
Just two days ago a security release was released for WordPress. A critical cross-site scripting vulnerability was discovered. Up close WordPress 4.2 was released with new features we take a closer look at in this article.
WordPress 4.2 were led by Drew Jaynes along with 283 contributors they made WordPress 4.2 happen and released. To update to 4.2, you can download the latest version here or update in your WordPress admin dashboard. So fire up some Bud Powell music and enjoy.
Let’s have a look at what’s new in WordPress 4.2
Switch themes in the Customizer
Browsing and switching installed themes has been added to the Customizer to make switching themes faster and more convenient. Now you can make sure the theme looks perfect and suitable with your content before you make the switch.
Creating membership sites with WordPress just became easy. If you haven't tried Ultimate Member plugin, here is a post to help you get started.
Ever thought of editing your WordPress profile at the front-end? Without using any code? Then Ultimate Member is the plugin you should be using. You can create member-based communities, customize member directories, add custom user roles and custom signup forms. There is a lot more to this plugin though I intend to review its important features only. Ultimate Member WordPress Plugin
Calum Allison(@calumallison) is the founder of this intuitive plugin. Ultimate Member provides an easy and flexible member-based system which is built right inside WordPress. This plugin was released in January, 2015 and till now it has 5,000+ active installs. Pretty impressive! Eh?
Installation and Configuration
I assume you already know how to install a plugin. As soon as you activate it, you’ll find a new menu, in the dashboard, called Ultimate Member. Before exploring this menu, let’s discuss the features of UM (Ultimate Member Plugin).
Ultimate member comes with a pretty big set of features, which are
Font-end User profiles
Custom User Roles
User approval system
Custom Member Directories
Ability to control Content Access
Custom Fields for different forms
WordPress is far more reliable because of Open Source and because of the international collaboration that becomes possible when everyone gets behind the idea that collaboration "lifts all boats". The global collaboration behind this weekend's XSS vulnerability taught me that clearly. This is part of that experience and what I learned.
If you were working on your WordPress website today, or casually reading the latest news about WordPress, you most likely got inundated with news about an XSS vulnerability, inaccurate documentation, and the infamous WordPress auto-update feature. Each of these terms sometimes sound like four-letter words in the context of web security or user experience. The truth is, in fact, the exact opposite. What happened over the last few days and published widely today was a high-point for WordPress security and the Open Source philosophy. Let me explain a bit about how the Open Source philosophy went into full effect this weekend, and why I trust it with web security far more than proprietary philosophies.
Open Source Web Security Means Collaboration not Competition
Without the Open Source mentality a security vulnerability could very easily go unnoticed for months at a time. If the developers were to be notified of it, they very easily could use that to their monetary gain, fixing it on their platform, while highlighting it in others’. Without Open Source, when it comes to security and profits, it’s a dog eat dog world.
On the other hand the Open Source mentality believes that collaborating