Last September WP Site Care invested heavily in user tests for users who are new to SquareSpace, Wix, and WordPress. We wanted to see what WordPress was doing well, where it struggled, and what we could possibly learn from other platforms.
I was incredibly refreshed when Rob sent me a link to Helen’s Hou-Sandí’s blog post on Tuesday. Helen is leading the WordPress 4.7 release cycle and she’s looking at tackling a challenge that has been working against WordPress for quite a while. The fact that WordPress has gone from simple blogging platform to a full feature CMS and web application framework in such a short period of time means that, just by the sheer nature of software, the user experience has fallen behind other modern platforms.
I’m thrilled to see Helen taking this initiative. Be sure that you read her post on Theme Disconnect and Discontent to learn more about the gargantuan task she’s spearheading.
Stay in the Loop ( GET IT?!)
The brightest minds in WordPress will be LIVE at LoopConf in Florida this October. Get ready, it's gonna be sweet.
Earlier this week I threw a tantrum on twitter about my frustration with the theme setup process, so it feels like kismet that everything is coming together at the same time.
Jokes aside we can't really expect users to do this can we? Or can we?
— Ryan D. Sullivan (@ryandonsullivan) July 27, 2016
(P.S. Helen’s approach to solving
This notice is alread been sent to all WOrdPress.org plugin developer, who has commit access. Here Mika emphasis on having the correct email address for all developer on .org profile. If that email address is not correct they will even close the plugin. A must read for Plugin developers.
The email went out last night to everyone with commit access to a plugin. After testing your plugins and ensuring compatibility, it only takes a few moments to change the readme “Tested up to:” value to 4.6. This information provides peace of mind to users and helps encourage them to update to the latest version.
For each plugin that is compatible, you don’t need to release a new version — just change the stable version’s readme value.
Looking to get more familiar with 4.6? Read this roundup post on the core development blog to check out the changes made to register_meta(), native fonts, persistent comment cache, Customizer APIs, WP_HTTP API, and much, much more: https://make.wordpress.org/core/2016/07/26/wordpress-4-6-field-guide/
Thank you for all you do for the WordPress community, and we hope you enjoy 4.6 as much as we do.
Also, as we’ve been warning for the last two cycles, some plugins have been closed. It’s a requirement that we be able to contact you. We’ve also been pushing back on auto-replies, since they make it impossible for us to tell if there’s a human reading. Frankly, based on the content of the auto-replies, this
The plugins review team has announced that WordPress frameworks are no longer allowed in the official plugins' repository. So we created IncludeWP.
Earlier this year (March 2016), the plugins review team issued a statement on make.wordpress.org that frameworks are no longer allowed in the official plugins repository. We decided to take it upon ourselves to create a worthy repository for WordPress frameworks and created IncludeWP. A home, or rather, a leaderboard, to display all open-source frameworks for WordPress plugin & theme developers. A one-stop-shop for developers to evaluate what’s currently out there in the market.
It had started as a fun & refreshing weekend side-project that the team had decided to pull together three weeks ago, and the plan was to release it right away. But, during the years I adopted a habit of not releasing anything before getting some feedback on it from people whose opinion I trust, so I decided to poke a few of my friends from the WordPress community first.
We got great feedback and some UI suggestions, but one comment drew most of my attention: Luca Fracassi from Addendio said: “Vova, it would be super-cool if I could click on a framework and see what plugins & themes are actually using it.”
“Hell yeah! That would be amazing.” I thought to myself. But
WordPress plugin that adds icons to customizer preview that open to respective sections. Neat!
A WordPress plugin that adds small icons to the customizer preview that open the respective section in the sidebar. Installation
Visit the Releases page and download the latest release. Save the zip file into the wp-content/plugins directory in your WordPress installation and then unzip the file. It will create a directory called customize-direct-manipulation.
Enter the WordPress admin page for your site and navigate to the plugins page, eg: http://YOUR WEBSITE HERE/wp-admin/plugins.php
Click "Activate" next to the "Customize Direct Manipulation" plugin.
Load the customizer for your site, eg: http://YOUR WEBSITE HERE/wp-admin/customize.php
Click the small icons to activate the appropriate controls in the sidebar.
Clone this repo and install it on a WordPress site. You can either clone the repo directly into your /wp-content/plugins directory, or use copytotheplace by adding a .env file with your target directory and running grunt copytotheplace.
To start a watcher process for development, run npm start (this will also run copytotheplace if you have a .env file set).
I firmly believe that there is no sustainable growth without mentorship. The article hits the nail on the head on an important topic in the community.
WordPress is growing. It’s a tool used to build enterprise-level websites, not just cat blogs, and it is increasing its market share daily. I believe that a growing platform cannot scale unless the community that supports it also scales. How can a community scale unless there are mentorships both formal and informal? The Organic WordPress Community
The WordPress community is amazing. The people in the community are generous, friendly, and accepting. Just go to any tech conference and I’m sure you’ll notice the difference between those events and WordCamps.
Most local WordPress communities support meetups, too. These are great places to share knowledge, learn, and meet friends. There are Facebook Groups, Slack Channels, and many ways to collaborate on a global scale. Rapidly growing over the last thirteen years, WordPress as a tool, code base, and, yes, platform, has a firm foot in the early majority. But at what point will self-learning and organic friendships, need to scale? Or will they on their own?
Has the premise that building websites is easy changed our idea of apprenticeship?
Is mentorship on the decline?
Can a community grow and sustain itself
Here Konstantin Obenland is giving us update on their take on community feedback. Much discussed feature like too much read more, and hiding the main description or hiding some key plugin stat came into this discussion.
The Past The meta team kicked off the new version of the plugin directory at the end of February. Some of the initial desired improvements included: moving to WordPress, open-sourcing the codebase, improving search, feature parity, and making the plugin review process more scalable.
One aspect that was looked at were taxonomies. An outline of the challenges was posted on make/plugins and followed up by a proposal on how these can be met. Another aspect was the design itself, with prototypes published (#1, #2) and feedback gathered, before they were converted into a theme.
Finally, I spoke at WordCamp Europe about the work done so far, providing more details about some of the decisions made, and asking the community for feedback on the prototype during an open beta phase.
The Present (and Feedback)
We’ve received a lot of feedback about the plugin details page and some improvements that could be made. A number of people mentioned that too many “read more” links can make it hard for users to find relevant information, blending the sections together, and that content may not be indexed properly by search engines. Others were concerned about the effects of partially hiding
Make sure you are not using the Form Lightbox plugin.
This is a roundup of recent vulnerabilities in WordPress plugins that you should be aware of. This morning we published details of a reflected cross site scripting vulnerability in Easy Forms for MailChimp versions 6.1.2 and older. One of our own researchers discovered this vulnerability and notified the author who released a fix Tuesday. Upgrade immediately if you run this plugin.
The following notable plugins have had vulnerabilities reported in the past week. If you use any of these plugins, upgrade promptly:
Contact Form Email version 1.1.47 and older contains an authenticated reflected XSS vulnerability. Upgrade to 1.1.48 as soon as possible.
Code Snippets 2.6.1 and older contains an authenticated reflected XSS vulnerability. Upgrade to 2.7.0 as soon as possible.
Lazy Load contains a stored XSS vulnerability in version 0.6 and earlier. Upgrade ASAP.
The Form Lightbox plugin has been removed from the WordPress repository. However it contains a vulnerability that allows an attacker to update any option in the WP database, thereby gaining admin access to a site. If you use this plugin we recommend that you remove it.
The most recent version of this plugin was version 2.1 and it had
"If you contribute to one release, there is a 46% chance you will contribute to the next release. "
I posted a graph of new WordPress contributors per release and Brian Krogsgard had some questions that I decided to look into. Mostly he wanted to know how well WordPress did at maintaining contributors. So I made some more graphs. In general, past contributions as a predictor of future contributions are pretty consistent across releases. If you contribute to one release, there is a 46% chance you will contribute to the next release. Overall, 44% of individuals who have contributed, have contributed at least twice. While on its head, that means 56% of people only contributed once, digging in I was able to find that from 3.2 to 4.3, if you contribute, there is a 70% chance you will contribute again.
A total of 12 individuals contributed to all 14 versions analyzed and 57 contributed to 10 or more versions.
What does this mean? Mostly that we need to continue watching for change in this regard. Outside of 4.4, WordPress has remained consistent. Adding the git mirrors didn’t change anything. Switching to including the build tools and tests in the repo didn’t either. As the WordPress contribution process continues to evolve, it will be interesting to see what if anything moves
100+ Hours spent in the research + data + 6 months of research + how I got 10,000+ downloads, 4,000+ active site installs, 3,800+ Newsletter subscribers, and got featured at ProductHunt with more than 200 votes. User experience has been ignored far too long in case of WordPress Products. I have started writing a 6 part series to address this issue to some extent.
The WordPress community is getting more and more transparent as far as the business aspect is involved. Business folks have started to disclose the financial status of their WordPress businesses. One particular statement that we keep hearing goes something like this: “I created a WordPress product and it generated xx amount during the first month or year of its launch.” We’ve all heard it before . As entrepreneurs, we are all struggling to come up with a product that not only pays for itself but also gets adopted and admired by the masses.
Last year, I developed an add-on plugin for the Contact Form 7 called the CF7 Customizer, which helped users customize and style their contact forms intuitively and directly from the WordPress customizer. During its development, I explored a new side of a WordPress products’ user experience. That’s what I intend to share with you through this series. So, let’s get started.
How It All Began
Note that when I refer to a “WordPress Product” that I am actually referring specifically to a WordPress plugin or theme.
Like I said, I was toying around with my plugin CF7 Customizer. And, since it is an add-on,
Nearing ever closer to a release! If things go well, WordPress 4.6 will ship on August 16.
The release candidate for WordPress 4.6 is now available. We’ve made a few refinements since releasing Beta 4 a week ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.6 on Tuesday, August 16, but we need your help to get there.
If you haven’t tested 4.6 yet, now is the time!
Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.
To test WordPress 4.6, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).
For more information about what’s new in version 4.6, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog posts.
Developers, please test your plugins and themes against WordPress 4.6 and update your plugin’s Tested up to version in the readme to 4.6. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release – we never want to break things.
Be sure to read the in-depth field guide, a post with all the developer-focused
W00t W00t! A leaderboard of the top open-source frameworks for WordPress plugin & theme developers.
After the plugins review team made a statement disallowing frameworks in the repository last March, Co-founder of Freemius Vova Feldman decided to find them a new home. With help from Luca Fracassi from Addendio, Feldman and his team created IncludeWP, a hub to display all open-source frameworks for WordPress. IncludeWP uses the WordPress.org APIs and SVN to automatically identify which .org frameworks plugins and themes are using, which empowers developers to see who exactly is using their product. Moreover, it also enables them to start a new product with a strong foundation. The work behind the project is all open-source and can be found on GitHub.
As Feldman said in the release “Code reusability is awesome!” That is the whole idea behind the project. Sharing code is the foundation of WordPress.
Having foundations for a theme or plugin already available will make your workload smaller. It doesn’t make sense to continue to rewrite the same functionality over and over, so check with IncludeWP before you begin to see if there’s a framework that suits your needs.
How To Pick The Right Framework
In the release, Feldman included tips for making sure
WordPress has a reputation of being an insecure software, mainly because of the number of vulnerabilities that were reported in the last few years. Though how does it fare, security wise when compared to other software typically used in web environments?
Since the beginning of WordPress, security researchers and developers have found gazillions of vulnerabilities in both the WordPress core and in many of the WordPress plugins and themes. These vulnerabilities has to some extend destroyed WordPress’ reputation, and are one of the main reasons why many shy away from using WordPress for their websites. Those who do not use WordPress are led, or better misled to believe that WordPress is insecure. And those who use WordPress are told to use the least possible plugins so their WordPress website is not vulnerable to some zero-day exploit a script kiddie discovered. Is WordPress and its ecosystem of plugins and themes really as bad as its reputation? As in, what about the other software ecosystems, don’t they have the same problem? What about Joomla!, Drupal and other software that is typically used in web hosting? Let’s dig deep into the history of some of the most popular software used in web hosting to better understand if the WordPress project is really in a bad shape from the security point of view or not.
What is a WordPress Core or WordPress Plugin Vulnerability?
First things first, for those who do not know a WordPress
Are there differences between design and art? Cameron says yes, and explains what they are and why they matter when designing your site.
Design is a solution to a problem. Art is a question to a problem. —John Maeda
Have you ever called your designer “a creative,” or asked them to just “use their imagination” when discussing new designs? Maybe you even came to them with a solution to a problem you hadn’t defined yet and asked them to make it look pretty. If any of those are true, it’s time to discuss the key differences between art and design, and why it matters to you and your company. Although art and design can look like the same thing, when you’re looking for someone to build your site with effective design, do the differences between design vs. art matter?
Art is open for interpretation
Art is subjective. Twenty people can look at a painting and give you twenty unique explanations about what it means, drawing upon their personal experiences and how the piece speaks to them.
Design is not subjective. Of course, one person may prefer the green button over the red button, but if the purpose of the button is to delete all of your photos, red would be a clearly better choice than green. There are hard facts based on data that support design choices and help inform these
We just released a new feature: hover animations, as well as increased the speed of the plugin by 30%. Check out what else we have updated.
Another week of hard work here in Elementor has led to some amazing improvements in the user experience, as well as some cool new features. I know you're all eager to find out what we've managed to accomplish, so let's get started. One of the key advantages of using Elementor, which we've been boasting about since the launch, has been that Elementor is the fastest page builder in the market.
Because we are dedicated to the goal of giving you the best possible page builder, we have not stopped trying to improve performance even further, and have now made Elementor even faster. In fact, it's now at least 30% faster, and a lot leaner on memory consumption.
This sets a new standard of speed for page builders on WordPress. It also affects the live page editing, which is even more smooth and seamless.
Last week we introduced the Entrance Animations feature, that allowed you to choose from 37 different animations, and set them for your widgets and page elements. Today we are adding the Hover Animations feature, that includes 27 different hover animation effects you can choose from.
To watch these cool animation effects, hover over the following images:
We have added a cool new feature to the
When you push the code to GitHub or Bitbucket, a webhook pings gitpull.io and after authenticating the request, we push those works in a job queue.
You push your code to GitHub or Bitbucket, we execute git pull for you. Oh, and it's FREE!
We're changing the way we do Five for the Future! Brad is here to share how and why we're shifting the way we give back to WordPress.
For almost two years now, WebDevStudios has been participating in the Five for the Future movement. During that time we have contributed thousands of hours to the WordPress community across various projects. Contributing to the WordPress community, and open source in general, is at the core of what we do at WDS. We have always been thankful to WordPress for allowing us to do what we love day in and day out, and contributing 5% of our company time back to the project is our way of officially giving back to this awesome community.
When we started participating in Five for the Future, we scheduled two hours per week for each employee. Our standard contribution time was every Monday, from 9 – 11 AM. Overall, this schedule worked great and allowed our team to start the week in a very positive and fun way. We still felt like we could do better, so we have decided to make a change.
Starting this Friday, WebDevStudios will dedicate one full day–the last Friday–of each month as our Five for the Future day!
Dedicating an entire day to #5FTF, instead of just two hours per week, will allow our team to dive deeper into their contribution. We are also forming teams around specific
When to use redirects, when not to use? This article collects the most important thing you should know about the topic.
The WordPress core is designed with helpful redirection features built-in. When an incorrect URL is requested, WordPress tries to locate the correct URL and will redirect the visitor to the correct URL if it can find it. For example, a visitor to your site can either include or drop the www subdomain from your site’s URL and WordPress will redirect them to the proper URL. The same thing happens when the path that should appear before the page slug URL is dropped. So if you have a page that resides at http://www.example.com/parent/page. Try typing in http://example.com/page and see what happens. In most cases, WordPress is smart enough to locate the correct page and redirect you to it.
The situation gets more complex if you set up your website to resolve using https. If you do that, you’ll usually want to force all traffic to be redirected from http to the https prefixed URL. That can make the redirection process really messy. Imagine this redirection mess:
A visitor attempts to access the webpage https://www.example.com/parent/page by typing http://example.com/page into the address bar.
First, the visitor is redirected from http to https>.
Second, the visitor is redirected
Upps. That must have been a scary morning for everybody in TechCrunch. They use WordPress VIP, and this was just because of weak password by a contributor, who most likely getting fired! Use strong password people, can't urge more.
TechCrunch is the latest victim in OurMine’s summer hacking rampage. The site, which is powered by WordPress and hosted via WordPress.com VIP, was hacked this morning and defaced with a message from the attackers who identify themselves as an “elite hacker group.” TechCrunch’s news ticker was updated to display: “Hello guys it’s OurMine Team, we are just testing TechCrunch Security, don’t worry we never change your passwords. Please contact us.” OurMine gained access to a contributor account and posted a similar message.
According to a report from Engadget, TechCrunch’s sister site, the hackers gained access via a contributor’s weak password, not by exploiting a vulnerability in WordPress or the site’s plugins. TechCrunch was able to regain control of the site within minutes and delete the content created by the attackers in the admin.
OurMine is the same group that hacked Mark Zuckerberg’s Twitter, Pinterest, and LinkedIn accounts after he used the same password for multiple sites. Bad password security can make even the most secure websites vulnerable to these types of attacks. Although OurMine is primarily targeting
We launched a pretty cool feature that I am sure will be a game changer for anyone managing WordPress websites. And completely free too.
Little vulnerabilities are usually more dangerous than the big ones, they go by unnoticed until they get taken advantage of. It’s easy to miss them, unless someone points them out to you very obviously. That’s now our job, with the new Vulnerability Updates, in your Orion dashboard you will be notified which plugins are vulnerable to security breaches and urged to get them updated as soon as possible. We’ve partnered with fantastic team behind the WPScan Vulnerability Database to bring you real time information about what plugins are vulnerable so you can act accordingly. Oh, and the best part, it’s completely free (we’ve absorbing the cost of the vulnerability database license and enabling this amazing feature for free on all your websites)!
This is a total game changer for your maintenance workflow as knowing that a website has a known vulnerability is hard to ignore. When you log in to your dashboard, you will be able to see which plugin is vulnerable, what the issue is, and on what websites this plugin is active, i.e. what websites can be affected by this vulnerability.
We look for a number of vulnerability updates and address issues like CSRF (Cross-Site
A candid chat that Kevin had with David about his concerns with WPEngine - and the steps WP Engine has taken to handle them
One week ago David Vogelpohl from WP Engine kindly took the time to speak to me via a conference call. The discussion was positive and informative. One of the reasons that I wanted to chat to someone from WP Engine was because I had many concerns about the company in the past. I touched about these issues recently in my article “Why I Haven’t Previously Promoted WP Engine“.
The discussion was not a formal interview. It was pretty casual. David came across as a nice guy who was very passionate about the company he worked with. He was forthcoming in acknowledging the problems the company had in its initial years and the steps they have taken to make things better.
I spent a few days last week reorganising my office so I was surrounded by boxes for days after the call and was not able to publish a recap of the conversation at the time; so I apologise in the delay in posting this recap of the discussion.
A Chat with David Vogelpohl
I was quick to raise the key issues that had concerned me about WP Engine.
The first issue was the deletion of post revisions that had occurred regularly a few years ago. David acknowledged my concerns about post revisions being modified without
Many people want phone support, but Maintainn chooses to rely on email support instead. Why? Lizz shares the benefits over on the Maintainn blog.
In an increasingly automated world, the art of voice to voice customer service has been lost. The frustration and desire to interact with a real person is more acute than ever. And yet, some companies–including ours–only offer support via ticketing system, rather than over the phone. Why not offer phone support when that seems the best way to quell anxieties about technological miscommunication? Let’s take a look at the benefits of email support vs. phone support, and why we’ve chosen the former. Remember playing telephone?
When I was a kid, we used to play the telephone game. A group of kids would line up (or stand in a circle), and one kid would whisper something like, “Pineapple butts,” into the next kid’s ear. That kid would whisper what they thought they heard into the next kid’s ear, and so on and so forth down the line. The last kid would announce to the group what they thought they heard, which would end up being something like, “Purple burps.” We’d all giggle at how what was originally said got miscommunicated, and how something that already started off as silly became, somehow, even sillier.
Must read for developers: the changes in the forthcoming WordPress 4.6
Many of the changes in the forthcoming WordPress 4.6 are developer-focused changes that take place under the hood. Please remember to test your plugins, themes, and sites with WordPress 4.6 before the release. An hour of testing today can save you days of anguish later. Enhanced Meta Registration
register_meta() is getting some updates to enable greater flexibility and features in the future (such as inclusion in the Rest API). Until now, register_meta() took four arguments. In WordPress 4.6, this will decrease to 3, with the third one being an array of arguments. When register_meta() is used with the old signature in WordPress 4.6, it will continue to function but will now return false. Please read the initial post outlining why register_meta() has been updated and the followup detailing further enhancements.
Persistent Comment Cache
Since WordPress 2.6, the comments API has purposefully not used a persistent cache. Over the past 20 releases, changes have been made to purge the problems from the comments API that caused this. If you have a plugin which modifies comment data directly please change them to make use of the various comment API functions or use clean_comment_cache(). You
New editorial plugin in the block. It also has social sharing and scheduling feature. It goes head to head with existing solution like CoSchedule. Looks neat, comes with free package, but pro could be little costly for some user.
blogger or a professional editor, Nelio Content makes your life easier.
Have you used Brackets? It's a lightweight open-source code editor, and Carrie shares how to use it in WordPress (in 2016!).
I have been an avid Brackets user since 2013. It’s a free, lightweight, open-source code editor that is perfect for beginners and experienced developers alike. One of my favorite features of Brackets is the number of extensions available to allow users to tailor their development experience. Today, I’ll share which extensions I use to make my job as a front-end WordPress developer easier. User Experience
As the name suggests, this handy extension provides you with a preview of the colors you’re using in your files in the gutter of the file. I’ve found it can sometimes be a bit buggy if you’re using a Sass variable in partial, but the initial variable declarations work perfectly.
Brackets Icons gives a quick visual cue of the file types in your project. Choose between Devicons or Ionicons.
Brackets Icons with Devicons on the left, and Ionicons on the right.
By default, Brackets doesn’t give you any indication of indents or whitespace. Some may see this as a shortfall, but I love it because it means I get to choose how my tabs and spaces look. Show Whitespace VS displays whitespace the same way Visual Studio does (which I’ve never used!), and