A new core gallery widget is planned to ship with WordPress 4.9.
The Core Media Widgets feature plugin introduced a gallery widget in the 0.2.0 release this week. WordPress 4.8 added the new audio, image, and video widgets from this feature plugin. The gallery widget is targeted for merge into the upcoming WordPress 4.9 release. In testing the new feature I found it to be a simple, straightforward implementation of a gallery widget that could easily replace many plugins that are currently filling this need for users. The option to edit or replace a gallery is immediately available and users can easily rearrange or randomize the images included.
On the frontend the gallery displays neatly in a thumbnail grid. I was able to change the number of columns while editing the gallery, but the preview in the admin did not match the the way the gallery looks on the frontend. The number of columns is correct on the frontend but not in the admin preview. This might cause some confusion for users if it isn’t fixed before landing in core. Contributors to the plugin are looking at this issue.
Overall, the implementation is user-friendly and similar to adding galleries in posts and pages. However, the widget could still use some testing, especially with different
Ionut tells the whole story of how the company retreats started, why they're doing them, what they're doing during the retreat, what the value is, and more.
Welcome to the 31st edition of the monthly transparency report (for August 2017). This series is all about sharing what’s been going on in the company from an organizational and business point of view. Click here to see the previous reports. I want to touch upon a lot of things in this report, so here’s a quick TOC just to keep things organized (and in case you’re not interested in all of it, which is fine):
1. On being transparent | 2. Why you need company retreats | 3. Working from home and the problems with it | 4. The value in vacation days for all team members | 5. How we’re improving team management and performance | 6. Auto-renewals and how they’ve been working for us | 7. Conferences coming up – let’s meet!
Overall, we experiment quite a lot as an organization. We try to learn from other business in the same niche and outside of it, and then fit new methods and approaches into our own workflows, mission, etc. Sometimes, this leads to reinventing the wheel (unfortunately), but, other times, it leads to innovation and making our work a lot easier and effective on a daily basis.
Below, I want to share a couple of such things that we tried
Security has been on the minds of many lately, with Equifax, CCleaner, and Display Widgets all happening within the last 10 days or so. So what do you do when your client asks you about security in WordPress?
Security has been on the mind of a lot of people lately. Most prominently there’s there Equifax news. But a story today about CCleaner broke, the Display Options plugin for WordPress was compromised and subsequently banned from the WordPress Plugin Repository, and there’ve been many high profile security issues in the last few years. To compound the issue, you have organizations like Equifax using WordPress for parts of their online presence and then blaming open source software’s shoddy security. This could lead our clients to ask: Are there security issues with WordPress? How should we handle that?
There are Security Issues with all Software
The most important thing to remember is that this can and does happen to anyone. It’s not specifically a WordPress problem. For example, CCleaner is specifically a Windows application.
WordPress is software runs on millions of websites, and updates to those websites are not consistent (another common software problem). So yes, there are security issues with WordPress, like there are with everything. But that’s not exactly what you should tell your clients to put them at ease, or to sell them on a new project.
Is WordPress easy to use for everyone? Scott shares his experience from an eCom conference about how UI/UX can make a lot of difference for the users!
I just got back from an eCommerce conference called Content and Commmerce Summit. It was very different from the WordPress conferences I usually go to, and it gave me a lot of perspective.
I go to the same events every year, and talk to the same type of people. I love WordPress, and so do everyone at these events. We do things a certain way in the open source tech community, and we think our way is the best way.
We get into this echo chamber about how WordPress is used way more than any other publishing platform, open source is the greatest, and let’s sell more plugins and themes. I don’t think there’s anything wrong with that, but it’s important to get out of the bubble once in a while.
It really opened my eyes going to an event where no one even said the word WordPress once. The audience at this conference was non-technical, mostly marketers selling stuff online. I watched a presentation where the presenter had slides with 20+ different recommended tools on them, and not a single mention of WordPress.
This is an eCommerce conference, WooCommerce is 41% of all eCommerce stores, and not a single person said the word WooCommerce. All I heard about was Shopify
I watch changelogs like a hawk. Nuggets of gold to be found in there. Or sharp knives.
There have been several high profile plugins lately that have been found to be posting spam and deceptive links on user’s blogs lately. One such is the “Display Widgets” plugin. You can read Wordfence’s detailed breakdown of the spam. It turns out the original developer of the plugin sold it, and the new owner started to place spammy backlinks and other bad code into the plugin. This gave this “developer” access to tens of thousands of blogs and the site owner’s never knew it was happening.
I was checking the WordPress that runs this blog today to see if there were any plugin or system updates for me to do, as is good practice. I noticed one today had an update, a no-follow plugin I’ve been using for a few years. Today, I saw that plugin had an update, and I looked at the changelog to see what was new, which is also a good thing to look at instead of blindly trusting plugins.
I saw this, which set off my Spidey sense.
No offense to this new maintainer person, but seeing a plugin go to a new person, one that has no other active plugins in the WP repository, has no mention of this plugin on his blog, and whose Twitter feed is mostly links
A security release but also containing 6 maintenance fixes. Get your upgrade a-going people!
WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues:
$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco
A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the
Interview with Augustin Prot CEO of the Weglot plugin. Earlier this year they've raised VC money which is not a common thing in the WordPress ecosystem.
You can find Augustin on LinkedIn or Twitter. This is our recent interview with him, as part of our Kinsta Kingpin series. Q1: What is your background, & how did you first get involved with WordPress?
I have very complementary backgrounds with Rémy (co-founder and CTO of Weglot). He’s an engineer, graduated from Supéléc (French) and Columbia (US) with a background in software (financial and online ad) and a first startup experience as a co-founder and CTO. I graduated in Economics (from Dauphine) and spent 3 years in the financial services (Merger and acquisition advisory).
We first got involved with WordPress in the end of 2015/early 2016 when we were trying to find users to test Weglot. Some of the people we contacted asked us if we had a WordPress plugin. We did not know WordPress at this time. But as we heard the questions several times, we thought we should definitely try to do a plugin. Then, one month later we were at the Paris WordCamp 2016 to officially launch Weglot and meet the community, such a great time and amazing people!
That’s how we entered the WordPress world.
Q2: What should readers know about all the stuff you’re doing
Evan You shares couple of reasons why Vue.js could be a good fit for the WordPress core.
After last week’s news that WordPress is abandoning React due to its unfavorable patents clause, the discussion regarding the selection of a new framework is heating up again. As Vue is once again among the leading contenders, I reached out to Vue.js creator Evan You to get his perspective on the possibility of WordPress adopting the framework. “Yes, I had a conversation with the WordPress team mostly answering questions they had about Vue,” You said. “The discussion happened before Matt’s announcement of moving away from React. It was mostly intended for filling the team in with the state of Vue and there was no particular conclusion made from it.
“To be honest, I got the feeling that the team had already decided to go with React and simply wanted to explore other options before they make the final call. I was a bit surprised by Matt’s post, but also understand the concerns behind that decision. I think React is a technically sound choice, and the whole patent issue is unfortunate.”
Vue is back in the mix alongside Preact.js and other libraries WordPress core contributors are considering adopting. You has been active in the comments on
An easy-to-use local testing server is one of the most important tools in a WordPress developer’s utility belt. Developing in a local environment lets you make changes to dev sites quickly and easily without having to transfer files anywhere and greatly reduces the risk of making breaking changes on a live server. This week, Jeff goes over a few of the best apps available for quickly and easily setting up and managing development sites on your local machine.
An easy-to-use local testing server is one of the most important tools in a WordPress developer’s utility belt1. Developing in a local environment lets you make changes to dev sites quickly and easily without having to transfer files anywhere and greatly reduces the risk of making breaking changes on a live server. While many computers are capable of hosting a WordPress site without needing to install any extra packages, there are a few advantages that a dedicated local development environment can offer. For example: most devs work on more than one project, so it’s extremely helpful to be able to quickly spin up new environments with dedicated urls.
If you’re developing something like a WordPress theme or plugin, it’s also often necessary to make sure that your code runs well on different servers, under different versions of PHP and MySQL. Being able to switch those on the fly or at least select different configs for different dev sites is extremely helpful.
Most of all though, you shouldn’t have to be a sysadmin in order to be able to spin up, maintain, and tear down development environments on your local machine, so we need something that’s easy
Scott Bolinger's piece on why you should set up your own site to sell your products and avoid marketplaces. Interesting figures on what authors can expect to earn from Envato and others.
If you are thinking of selling WordPress products, you have two options: list on a marketplace, or sell through your own site. I’d highly encourage you to sell on your own site, here’s why. Giving Up Control
Listing on a marketplace means that you are totally dependent on them for your traffic and sales.
This is tempting in the beginning because if you don’t have any traffic they can provide it for a fee. 50 percent of a few sales is better than 100 percent of no sales, right? This is short-term thinking.
Consider three years from now when you’ve built your brand on their platform, and sales are coming in regularly. You’ve hired a team to help you with support and development.
Now you and several others are depending on this revenue for their livelihood, which can be taken away at any minute. If the marketplace changes their rules, which happens all the time, your livelihood is at risk. For example, Envato recently changed their rules so that exclusive authors cannot sell related products on their own site.
If you are an exclusive author, you have no choice but to comply, giving up, even more, control over your brand. What if they decide to change the way
Getting the view on Gutenberg from Andrew Roberts, CEO of Ephox and member of the development team.
As you may have heard, WordPress is currently working on a brand new content editor named Gutenberg. Currently available as a plugin and set to ship with WordPress 5.0, the editor is radically different from what WordPress users are accustomed to. The changes it brings go beyond just adding and editing standard post content, though. Gutenberg presents challenges to theme and plugin developers, as it affects Custom Meta Boxes. This means that utilizing WordPress Custom Fields, for example, may look and function differently than expected. Or, at least that’s the fear many have expressed.
This project has produced an incredible amount of debate within the WordPress community. And, with recent news that WordPress has scrapped the idea of using the React library with Gutenberg because of potential licensing issues, there’s now even more uncertainty surrounding the editor.
With all of the confusion and controversy swirling about, we wanted to hear from someone on the inside of the Gutenberg project. Thankfully, Andrew Roberts stepped up and agreed to answer a few questions for us. Mr. Roberts is the CEO of Ephox – the company behind the TinyMCE Editor.
Of course, TinyMCE
If you're a developer, then Tom's words on understanding before coding is worth it. These days, it seems like the culture wants to push out code before thinking about it.
Whenever you aim to blog about a series of different things all seeking to help out people write quality code (or write anything, really) to help improve their workflow, you’re bound to get feedback, right? Don’t get me wrong. I welcome it. I think it helps to make for better writing in the future (that is, I ask, what can I do better).
And at the risk of looking like I’m “calling someone out” (which I am not), I want to share an [unattributed] tweet that I received last week:
your title “high-quality code” got me pumped for some hardcore stuffs, but dude ~99% narrative vs ~1% code?? drops dead on his keyboard
And I get it. There’s very little code in a post that is aiming to talk about code. But there are reasons for this, and it comes from a few years of both reading articles, writing articles, reading code, and writing code.
So I thought for others who have the same thoughts, it might be worth explaining why I take the approach I do.
Understanding Before Coding
To be clear, nothing here is meant to single anyone or anything out. If anything, it’s my generalist on the topic and why I think talking about, writing, and sharing posts
Elementor now adds another functionality to fully customize quote boxes that have a click to tweet button.
Introducing Blockquote - the easiest way to get your readers to click to tweet and share your best lines on Twitter. Two weeks ago we introduced several new Facebook widgets dedicated to boost your site social engagement.
Now, it's Twitter's turn to get a dedicated widget.
Introducing Blockquote, a highly customizable quote box that comes with Click to Tweet functionality.
If you're a blogger, or you publish content on a regular basis, this is a great tool to let your readers share your best lines with a simple Click to Tweet.
The Blockquote widget allows you to add quotes to your site. Each Blockquote can be set to include the content of the quote, the author name and the 'Click to tweet' button.
When you drag and drop the Blockquote widget you'll notice 4 skins that are available for the initial Blockquote design. You might remember the skin option from the Posts widget Cards skin release a few months ago. With regards to Blockquote, these are the skins that are available:
We release a new feature on an almost weekly basis, but it's always thrilling to read the positive feedback from our users. What do you think of our Blockquote widget?
We release a new feature on an almost weekly
Beaver Themer is an addon for Beaver Builder plugin that brings the power of Page Builder to theme development. You can create content layouts, theme parts and do a lot more with Beaver Themer + Beaver Builder.
Beaver Builder is the perfect tool when it comes to drag and drop page builders. It offers significant optimization and freedom to design whatever you want. You can put your design and imagination whatever you can think of on your pages now. Recently an add-on to this was launched called the Beaver Themer.
This addon is launched to extend the functionalities and powers of Beaver Builder. By Functionalities, I mean the ability to alter the Header/Footer and assisting in making default page templates.
Since we are working with the Beaver family, this goes without saying that you do not need to have any coding knowledge to use Beaver Themer.
But first, let’s understand what is Beaver Themer and what are its capabilities?
What is Beaver Themer?
Beaver Themer is basically an addon for the for the Beaver Builder, which is a highly user-friendly drag and drop page builder.
Beaver Themer lets you create layouts for archive pages, template an entire post type, 404 and search pages, and create parts like headers and footers.
With the original Beaver Builder plugin, you can add elements, modules and save them for further use as well but this functionality was limited to the Content area
Edwin on the choice of next WP JS framework, now that React is abandoned. Interestingly the only one that stood the test of time is jQuery.
If you haven't heard the news already, Matt has decided to move Gutenberg, the new WordPress editor, off of React, over people's reaction to the recent response from Facebook's legal team. Some parts of Facebook's response seem odd, but I also have no idea what the legal landscape is like for one of the largest most publicly visible companies in the world. I don't think there is malicious intent in React's licensing, but at the same time I think it is a wise decision from Matt to ease growing tension in the WordPress space over the use of React in Gutenberg. Any company, organization, or project that feels wary of taking on the legal uncertainty surrounding React, is a project that would no longer be able to use WordPress; an unfortunate price to pay for using React.
It is not clear what will be chosen as the replacement for React, and in many ways I wish React did not need to be replaced, because it is awesome. Vue seems to be the chant ringing through all channels of the WordPress community. I have been meaning to learn Vue. The recent news was the final push. After I finished up my tasks Friday, I jumped straight into Vue. It took me very little time to get Vue running,
Matt Mullenweg announces that they are dropping development with React.
Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would "increase the amount of time and money we have to spend fighting meritless lawsuits." I'm not judging Facebook or saying they're wrong, it's not my place. They have decided it's right for them — it's their work and they can decide to license it however they wish. I appreciate that they've made their intentions going forward clear.
A few years ago, Automattic used React as the basis for the ground-up rewrite of WordPress.com we called Calypso, I believe it's one of the larger React-based open source projects. As our general counsel wrote, we made the decision that we'd never run into the patent issue. That is still true today as it was then, and overall, we’ve been really happy with React. More recently, the WordPress community started to use React for Gutenberg, the largest core project we've taken on in many years. People's experience with React and the size of the
I wrote an article on how to start contributing code to WP Core
Today WordPress powers almost 28.6% of websites on the internet And the number is still growing. By far it is the most popular CMS around. What makes it even more special is that it is a free and open source software. And it is built & supported by a very good community. WordPress community has always welcomed anyone who wants to get involved with WordPress. WordPress 4.9 is just two weeks away from its beta launch. And it is a perfect time to participate in WordPress Core Contribution
I recently started contributing to WordPress core. And it feels great to take part in the process which is going to shape the software In this article, I am going to show how you can also get started with WordPress Core Contribution
First of all, let me introduce you to WordPress Trac. It is the place where the development of WordPress takes place. This site consists of a lot of tickets. A ticket is similar to an issue which you create on GitHub repository. A ticket can be one of the following three types.
For WordPress core contribution, you need to look through the tickets present in Trac. For the beginners, now and then, WordPress Core Committers mark tickets
Nice summary on Matt's thoughts and what could be changing now that React is out the window.
That post won’t be published, and instead I’m here to say that the Gutenberg team is going to take a step back and rewrite Gutenberg using a different library. It will likely delay Gutenberg at least a few weeks, and may push the release into next year.
Mullenweg clarified that Automattic has been happy with React and that the company’s general counsel didn’t think they would ever run into the patent issue. He also commended Facebook on being “one of the better open source contributors out there” and for making their intentions clear. Ultimately, Mullenweg decided
Giving a great talk at an event like a WordCamp is not easy. As someone who's been speaking in front of people for 10+ years, I have some advice on what to do to give a good conference talk.
When Steve Jobs presented the iPhone for the first time, he didn’t get up on stage and say, “Hey this is an iPhone.” Instead, he told a story – specifically the story of Apple. He built up the iPhone in terms that people understood. This made for an excellent presentation. It sucked people in, it made them invested in what it was talking about, and ultimately, he announced the iPhone to huge cheers. Steve Jobs knew how to give a great presentation. Now, I’ve been speaking in front of people for a long time. My first on stage performance was at 7 years old, when I was in 2nd grade. I love being in front of people, whether I’m acting, teaching, or just talking. But giving a good conference presentation takes practice. After professionally speaking for almost 10 years, I know what works and what needs work. Here are my 5 steps to putting together a good conference talk.
Step 1: Tell a Story
My friend Chris Lema knows how to give a good conference talk. He also starts of most of what he says with, “Let me tell you a story.” He then regales us with an interesting, relatable story that grabs our attention. That’s your goal too: start off
Since I believe the community is moving in the right direction here — this issue is where one could...
I shared my views on VueJS and Preact with WordPress core — this also includes the links to resources and threads where the community is voting for and discussing different JS frameworks.
IMHO there are two prominent contenders here.
Just to kick-start the discussion, here’re a few thoughts from the top of my head.
PRO: Beginner friendly.
PRO: Proven track-record of success with Laravel.
PRO: Way more popular as compared to Preact with a great amount of community support.
PRO: More contributors than Preact.
CONS: Key person dependency.
MONETARY BACKING: At the time of writing, VueJS OpenCollective ($9,895) and Evan You’s Patreon page ($8,815) sums up to USD 18,710 monetary backing from the community.
I truly believe that WordPress can do a lot
Elegant Themes spill the beans on which type of content you should invest in creating or publishing.
When you’re creating a content strategy for your business or personal projects, there are a lot of things that you have to take into account. A few of those things are the topics that you handle, the keywords that you choose, the content promotion you’ll apply and the post frequency you want to stay loyal to. Nevertheless, choosing between short-form or long-form articles is a thought that’ll keep you busy as well. In this post, we’re going to explain the difference between short-form and long-form articles. Besides that, we’re also going to show you why long-form content is more useful when we’re talking about articles as one of the types of content you produce.
Difference Between Short-Form & Long-Form Articles
Image by vladwel / shutterstock.com
Short-form articles are obviously easier to create. To create short-form articles, you’ll have to invest less time and energy. The minimum number of words that short-form articles should have (if you want them to rank well in search engines) is 300.
Although that might sound like a big number at first sight, 300 words are usually too little to talk about a certain topic in an as readable
But he said he has changed his mind after seeing Facebook dig in behind the patent clause — which was recently added to the Apache Software Foundation’s (ASF) list of disallowed licenses.
In the ASF’s ‘Category X’ list, where the React patent clause now resides, it writes:
The Facebook BSD+Patents license includes a specification of a PATENTS file that passes along risk to downstream consumers of our software imbalanced in favor of the licensor, not the licensee, thereby violating our Apache legal policy of being
Just your average snitch post showing who the bad guys are.