B.J. Keeton goes through Freemius' highlights as he sees them so you can make an educated decision about whether or not it is worth integrating into your WordPress plugin or theme.
Freemius may sound like a background character from Game of Thrones, but alas. Freemius is a WordPress plugin service with a really neat concept: you can sell your plugins and themes through the WordPress dashboard instead of using an external marketplace. You can also collect data about usage, activation, and deactivation that may help development decisions. Give Me Freemium or Give Me Death
It’s should not be surprising that Freemius is aimed at–drumroll, please–freemium apps. (Get it? Freemius…freemium? Hilarious.) Freemium is the catch-all for those apps that have a somehow-limited demo that you get for free and are prompted to upgrade to unlock its full potential.
Freemius’s whole shtick is that it offers free and freemium developers a toolset that not only gives them data on users’ activation and deactivation habits, and software usage and versions, but also has an integrated sales component within the plugin itself.
It’s a pretty neat concept, but does it work? And as a plugin or theme developer, is it worth the integration?
That depends. But I’ll do my best to go through the highlights as I see them so you can make an educated
Holly Molly! React is back in the business. WordPress did that? Not sure! It's 3 AM and I am super excited about this! What about you!
Next week, we are going to relicense our open source projects React, Jest, Flow, and Immutable.js under the MIT license. We're relicensing these projects because React is the foundation of a broad ecosystem of open source software for the web, and we don't want to hold back forward progress for nontechnical reasons. This decision comes after several weeks of disappointment and uncertainty for our community. Although we still believe our BSD + Patents license provides some benefits to users of our projects, we acknowledge that we failed to decisively convince this community.
In the wake of uncertainty about our license, we know that many teams went through the process of selecting an alternative library to React. We're sorry for the churn. We don't expect to win these teams back by making this change, but we do want to leave the door open. Friendly cooperation and competition in this space pushes us all forward, and we want to participate fully.
This shift naturally raises questions about the rest of Facebook's open source projects. Many of our popular projects will keep the BSD + Patents license for now. We're evaluating those projects' licenses too, but each project is different and
BLOG POST: My brain dump at 4 AM about everything React under MIT License and why I am supporting it.
Facebook just announced that they are relicensing React under MIT license and I think this is huge for so many reasons. “Next week, we are going to relicense our open source projects React, Jest, Flow, and Immutable.js under the MIT license. We’re relicensing these projects because React is the foundation of a broad ecosystem of open source software for the web, and we don’t want to hold back forward progress for nontechnical reasons.
This decision comes after several weeks of disappointment and uncertainty for our community. Although we still believe our BSD + Patents license provides some benefits to users of our projects, we acknowledge that we failed to decisively convince this community.
In the wake of uncertainty about our license, we know that many teams went through the process of selecting an alternative library to React. We’re sorry for the churn. We don’t expect to win these teams back by making this change, but we do want to leave the door open. Friendly cooperation and competition in this space pushes us all forward, and we want to participate fully.
This shift naturally raises questions about the rest of Facebook’s open source projects.
The search for a JS framework for WordPress continues. Sarah Gooding reports on discussions regarding a JS framework neutral option that would allow developers to use the framework of their choice.
“I’m really not joking when I say that this decision doesn’t matter, even for people contributing to Gutenberg,” Pendergast said. “In #2463, the library is treated entirely as a utility library, much like we use lodash, for example. It performs a handful of tasks, and it can be relatively easily pulled out and replaced with something entirely different, with no
Once again, another plugin has been purchased from the original owner, and the new owner has dropped malicious code into it. The plugin has been pulled from the repo, but as usual, if you are using this plugin, you won't be notified that it is f*#ked up! Hope you see this and delete it if you use it.
I am the original author of Fast Secure Contact Form. This plugin had a new owner in June 2017 with a WP user profile name “fastsecure”. The new owner attempted to put code in several of his newly acquired WordPress plugins that would connect to a 3rd party server he also owned and place spam ads for payday loans and such in the WP posts. The new owner put spam code in versions 4.0.52 4.0.53 4.0.54 and 4.0.55 but it failed to display any spam because he put the code in the secureimage.php file. The malicious code required WordPress libraries to also be loaded to execute. The reason the spam code did not do anything at all is because the secureimage.php file is not included in the WordPress run time environment. The secureimage.php file is included from another file securimage_show.php that loads the captcha image directly from html img src outside of the WordPress run time. The spam code in this plugin was never activated, it would not have corrupted your posts or changed anything in the WordPress database. I am sorry for any inconvenience this has caused. The plugin was taken off the WordPress repository by WordPress staff until this can be sorted out. Perhaps a new version
Ionut tells the whole story of how the company retreats started, why they're doing them, what they're doing during the retreat, what the value is, and more.
Welcome to the 31st edition of the monthly transparency report (for August 2017). This series is all about sharing what’s been going on in the company from an organizational and business point of view. Click here to see the previous reports. I want to touch upon a lot of things in this report, so here’s a quick TOC just to keep things organized (and in case you’re not interested in all of it, which is fine):
1. On being transparent | 2. Why you need company retreats | 3. Working from home and the problems with it | 4. The value in vacation days for all team members | 5. How we’re improving team management and performance | 6. Auto-renewals and how they’ve been working for us | 7. Conferences coming up – let’s meet!
Overall, we experiment quite a lot as an organization. We try to learn from other business in the same niche and outside of it, and then fit new methods and approaches into our own workflows, mission, etc. Sometimes, this leads to reinventing the wheel (unfortunately), but, other times, it leads to innovation and making our work a lot easier and effective on a daily basis.
Below, I want to share a couple of such things that we tried
A new core gallery widget is planned to ship with WordPress 4.9.
The Core Media Widgets feature plugin introduced a gallery widget in the 0.2.0 release this week. WordPress 4.8 added the new audio, image, and video widgets from this feature plugin. The gallery widget is targeted for merge into the upcoming WordPress 4.9 release. In testing the new feature I found it to be a simple, straightforward implementation of a gallery widget that could easily replace many plugins that are currently filling this need for users. The option to edit or replace a gallery is immediately available and users can easily rearrange or randomize the images included.
On the frontend the gallery displays neatly in a thumbnail grid. I was able to change the number of columns while editing the gallery, but the preview in the admin did not match the the way the gallery looks on the frontend. The number of columns is correct on the frontend but not in the admin preview. This might cause some confusion for users if it isn’t fixed before landing in core. Contributors to the plugin are looking at this issue.
Overall, the implementation is user-friendly and similar to adding galleries in posts and pages. However, the widget could still use some testing, especially with different
A security release but also containing 6 maintenance fixes. Get your upgrade a-going people!
WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues:
$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco
A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the
Justin Tadlock has released a much updated version of his Widgets Reloaded plugin. This plugin takes a number of the core widgets - and makes them a lot more flexible.
One of my favorite plugins that I’ve ever worked on just got a shiny, new coat of paint. Admittedly, I haven’t kept Widgets Reloaded as updated as I should have, primarily because I’ve been in a bit of a “no sidebar” phase for the past couple of years. When you’re not building too many themes or sites with sidebars, your widget plugins take a backseat at times.
I’m excited about this release.
Since I last updated the plugin, I’ve moved onto semantic versioning, so we’re making the leap from 0.6.0 to 1.0.0. That’s in case you were wondering what’s up with the version number.
What does the Widgets Reloaded plugin do?
If you’re not a current user of the plugin, you may be in for a treat. I encourage you to install the plugin and give it a go.
Widgets Reloaded gives you alternative versions of many core WP widgets. For example, there’s a Reloaded – Archives widget that’s a super-awesome take on the core Archives widget. Basically, you get a whole lot of additional widget options to play around with.
The plugin currently includes 9 reloaded widgets:
Reloaded – Archives
Reloaded – Authors
Security has been on the minds of many lately, with Equifax, CCleaner, and Display Widgets all happening within the last 10 days or so. So what do you do when your client asks you about security in WordPress?
Security has been on the mind of a lot of people lately. Most prominently there’s there Equifax news. But a story today about CCleaner broke, the Display Options plugin for WordPress was compromised and subsequently banned from the WordPress Plugin Repository, and there’ve been many high profile security issues in the last few years. To compound the issue, you have organizations like Equifax using WordPress for parts of their online presence and then blaming open source software’s shoddy security. This could lead our clients to ask: Are there security issues with WordPress? How should we handle that?
There are Security Issues with all Software
The most important thing to remember is that this can and does happen to anyone. It’s not specifically a WordPress problem. For example, CCleaner is specifically a Windows application.
WordPress is software runs on millions of websites, and updates to those websites are not consistent (another common software problem). So yes, there are security issues with WordPress, like there are with everything. But that’s not exactly what you should tell your clients to put them at ease, or to sell them on a new project.
Is WordPress easy to use for everyone? Scott shares his experience from an eCom conference about how UI/UX can make a lot of difference for the users!
I just got back from an eCommerce conference called Content and Commmerce Summit. It was very different from the WordPress conferences I usually go to, and it gave me a lot of perspective.
I go to the same events every year, and talk to the same type of people. I love WordPress, and so do everyone at these events. We do things a certain way in the open source tech community, and we think our way is the best way.
We get into this echo chamber about how WordPress is used way more than any other publishing platform, open source is the greatest, and let’s sell more plugins and themes. I don’t think there’s anything wrong with that, but it’s important to get out of the bubble once in a while.
It really opened my eyes going to an event where no one even said the word WordPress once. The audience at this conference was non-technical, mostly marketers selling stuff online. I watched a presentation where the presenter had slides with 20+ different recommended tools on them, and not a single mention of WordPress.
This is an eCommerce conference, WooCommerce is 41% of all eCommerce stores, and not a single person said the word WooCommerce. All I heard about was Shopify
Evan You shares couple of reasons why Vue.js could be a good fit for the WordPress core.
After last week’s news that WordPress is abandoning React due to its unfavorable patents clause, the discussion regarding the selection of a new framework is heating up again. As Vue is once again among the leading contenders, I reached out to Vue.js creator Evan You to get his perspective on the possibility of WordPress adopting the framework. “Yes, I had a conversation with the WordPress team mostly answering questions they had about Vue,” You said. “The discussion happened before Matt’s announcement of moving away from React. It was mostly intended for filling the team in with the state of Vue and there was no particular conclusion made from it.
“To be honest, I got the feeling that the team had already decided to go with React and simply wanted to explore other options before they make the final call. I was a bit surprised by Matt’s post, but also understand the concerns behind that decision. I think React is a technically sound choice, and the whole patent issue is unfortunate.”
Vue is back in the mix alongside Preact.js and other libraries WordPress core contributors are considering adopting. You has been active in the comments on
I watch changelogs like a hawk. Nuggets of gold to be found in there. Or sharp knives.
There have been several high profile plugins lately that have been found to be posting spam and deceptive links on user’s blogs lately. One such is the “Display Widgets” plugin. You can read Wordfence’s detailed breakdown of the spam. It turns out the original developer of the plugin sold it, and the new owner started to place spammy backlinks and other bad code into the plugin. This gave this “developer” access to tens of thousands of blogs and the site owner’s never knew it was happening.
I was checking the WordPress that runs this blog today to see if there were any plugin or system updates for me to do, as is good practice. I noticed one today had an update, a no-follow plugin I’ve been using for a few years. Today, I saw that plugin had an update, and I looked at the changelog to see what was new, which is also a good thing to look at instead of blindly trusting plugins.
I saw this, which set off my Spidey sense.
No offense to this new maintainer person, but seeing a plugin go to a new person, one that has no other active plugins in the WP repository, has no mention of this plugin on his blog, and whose Twitter feed is mostly links
Interview with Augustin Prot CEO of the Weglot plugin. Earlier this year they've raised VC money which is not a common thing in the WordPress ecosystem.
You can find Augustin on LinkedIn or Twitter. This is our recent interview with him, as part of our Kinsta Kingpin series. Q1: What is your background, & how did you first get involved with WordPress?
I have very complementary backgrounds with Rémy (co-founder and CTO of Weglot). He’s an engineer, graduated from Supéléc (French) and Columbia (US) with a background in software (financial and online ad) and a first startup experience as a co-founder and CTO. I graduated in Economics (from Dauphine) and spent 3 years in the financial services (Merger and acquisition advisory).
We first got involved with WordPress in the end of 2015/early 2016 when we were trying to find users to test Weglot. Some of the people we contacted asked us if we had a WordPress plugin. We did not know WordPress at this time. But as we heard the questions several times, we thought we should definitely try to do a plugin. Then, one month later we were at the Paris WordCamp 2016 to officially launch Weglot and meet the community, such a great time and amazing people!
That’s how we entered the WordPress world.
Q2: What should readers know about all the stuff you’re doing
An easy-to-use local testing server is one of the most important tools in a WordPress developer’s utility belt. Developing in a local environment lets you make changes to dev sites quickly and easily without having to transfer files anywhere and greatly reduces the risk of making breaking changes on a live server. This week, Jeff goes over a few of the best apps available for quickly and easily setting up and managing development sites on your local machine.
An easy-to-use local testing server is one of the most important tools in a WordPress developer’s utility belt1. Developing in a local environment lets you make changes to dev sites quickly and easily without having to transfer files anywhere and greatly reduces the risk of making breaking changes on a live server. While many computers are capable of hosting a WordPress site without needing to install any extra packages, there are a few advantages that a dedicated local development environment can offer. For example: most devs work on more than one project, so it’s extremely helpful to be able to quickly spin up new environments with dedicated urls.
If you’re developing something like a WordPress theme or plugin, it’s also often necessary to make sure that your code runs well on different servers, under different versions of PHP and MySQL. Being able to switch those on the fly or at least select different configs for different dev sites is extremely helpful.
Most of all though, you shouldn’t have to be a sysadmin in order to be able to spin up, maintain, and tear down development environments on your local machine, so we need something that’s easy
Now that Page Builders are getting popular, we have a new trend of themes built for Page Builders. The Page Builder Framework is one such theme.
Do you love using WordPress page builders? If so, you’re probably the type of person who’s interested in a WordPress theme that bills itself as “A Page Builder's best friend” Page Builder Framework is a WordPress theme that’s designed to pair well with popular WordPress page builders so that you can build a detailed WordPress site for yourself or your clients using your favorite page builder.
In my Page Builder Framework review, I’ll tell you a little more about what this theme does. Then, I’ll dig in and go hands-on to show you how everything works.
Page Builder Framework is exactly what its name describes - that is, it’s a lightweight, flexible theme specifically designed to work with page builders like Elementor, Divi, Beaver Builder, and Visual Composer.
Basically, Page Builder Framework provides the foundation for your site. Then, you use a page builder to actually build the design for your main pages.
Here’s what makes Page Builder Framework cool:
It’s easy to create full-width pages and remove page titles …both things that make it great for using with page builders.
The theme settings are all in the WordPress
Liz shares a bunch of troubleshooting solutions for print style sheets.
If any of you have played around with a print style style sheet on a complex theme or site you might already be familiar with the fact that print CSS does not always operate the way you would expect or desire. If you have not yet experienced the familiar urge to ram your head through your computer screen, I hope to save you from that experience with a few tips and tricks I picked up while learning to troubleshoot print style sheets. Before we jump in, I want to ensure you’ve got some useful tools right off the bat to help set you up for success.
What you need
First, make sure you’re working on a browser that allows you to turn on a print emulator. This will make troubleshooting go a lot faster. However, be forewarned, while the print emulator shows the elements you will be printing and their style sheet rules, it does not necessarily visually represent perfectly what the printed page will actually look like. Frequently check your changes by either printing or viewing/downloading them as a PDF to confirm you’re getting the desired results. You will be sorely disappointed to get things pixel perfect in an emulator only to discover the printed result is vastly different.
Matt Mullenweg announces that they are dropping development with React.
Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would "increase the amount of time and money we have to spend fighting meritless lawsuits." I'm not judging Facebook or saying they're wrong, it's not my place. They have decided it's right for them — it's their work and they can decide to license it however they wish. I appreciate that they've made their intentions going forward clear.
A few years ago, Automattic used React as the basis for the ground-up rewrite of WordPress.com we called Calypso, I believe it's one of the larger React-based open source projects. As our general counsel wrote, we made the decision that we'd never run into the patent issue. That is still true today as it was then, and overall, we’ve been really happy with React. More recently, the WordPress community started to use React for Gutenberg, the largest core project we've taken on in many years. People's experience with React and the size of the
If you are regretting because you have deleted all the WordPress contents and posts by mistake, then stop worrying. Recover of deleted WorDPress contents and posts from its database is an easy job. You can either use backup plugins like BackUpWordPress and the BackupBuddy or do it manually. Read the complete guideline of content recovery from this blog.
Oh No! all of the blog posts and contents are deleted accidentally! Now, what to do? There are two options – you can either freak out or retrieve all of the lost contents from the WordPress database. If you want to restore the “lost” web page contents, I can show you two easy steps to accomplish this job:
Check the revision date
This is probably the easiest step to retrieve the lost posts or contents. Open the WordPress edit page of the desired content or blog post. Scroll down towards the end and you will find a list of page revision. You just have to click on the revision date. It will take you to the last version of the page. Here you will find a whole bunch of restore dates. Click on the desired and bring back the early contents.
From the Database
2.1 Use Plugins
Restoring database can also help you to recover the deleted or modified data. But, how are you gonna do this? First, you can use plugins / MySql interface or retrieve the database manually. BackUpWordPress is the plugin appropriate for this job. You can also use the BackupBuddy plugin, which is actively protecting half a million WordPress sites since 2010. The use of plugin is similar to the free data
Getting the view on Gutenberg from Andrew Roberts, CEO of Ephox and member of the development team.
As you may have heard, WordPress is currently working on a brand new content editor named Gutenberg. Currently available as a plugin and set to ship with WordPress 5.0, the editor is radically different from what WordPress users are accustomed to. The changes it brings go beyond just adding and editing standard post content, though. Gutenberg presents challenges to theme and plugin developers, as it affects Custom Meta Boxes. This means that utilizing WordPress Custom Fields, for example, may look and function differently than expected. Or, at least that’s the fear many have expressed.
This project has produced an incredible amount of debate within the WordPress community. And, with recent news that WordPress has scrapped the idea of using the React library with Gutenberg because of potential licensing issues, there’s now even more uncertainty surrounding the editor.
With all of the confusion and controversy swirling about, we wanted to hear from someone on the inside of the Gutenberg project. Thankfully, Andrew Roberts stepped up and agreed to answer a few questions for us. Mr. Roberts is the CEO of Ephox – the company behind the TinyMCE Editor.
Of course, TinyMCE
If you're a developer, then Tom's words on understanding before coding is worth it. These days, it seems like the culture wants to push out code before thinking about it.
Whenever you aim to blog about a series of different things all seeking to help out people write quality code (or write anything, really) to help improve their workflow, you’re bound to get feedback, right? Don’t get me wrong. I welcome it. I think it helps to make for better writing in the future (that is, I ask, what can I do better).
And at the risk of looking like I’m “calling someone out” (which I am not), I want to share an [unattributed] tweet that I received last week:
your title “high-quality code” got me pumped for some hardcore stuffs, but dude ~99% narrative vs ~1% code?? drops dead on his keyboard
And I get it. There’s very little code in a post that is aiming to talk about code. But there are reasons for this, and it comes from a few years of both reading articles, writing articles, reading code, and writing code.
So I thought for others who have the same thoughts, it might be worth explaining why I take the approach I do.
Understanding Before Coding
To be clear, nothing here is meant to single anyone or anything out. If anything, it’s my generalist on the topic and why I think talking about, writing, and sharing posts
Scott Bolinger's piece on why you should set up your own site to sell your products and avoid marketplaces. Interesting figures on what authors can expect to earn from Envato and others.
If you are thinking of selling WordPress products, you have two options: list on a marketplace, or sell through your own site. I’d highly encourage you to sell on your own site, here’s why. Giving Up Control
Listing on a marketplace means that you are totally dependent on them for your traffic and sales.
This is tempting in the beginning because if you don’t have any traffic they can provide it for a fee. 50 percent of a few sales is better than 100 percent of no sales, right? This is short-term thinking.
Consider three years from now when you’ve built your brand on their platform, and sales are coming in regularly. You’ve hired a team to help you with support and development.
Now you and several others are depending on this revenue for their livelihood, which can be taken away at any minute. If the marketplace changes their rules, which happens all the time, your livelihood is at risk. For example, Envato recently changed their rules so that exclusive authors cannot sell related products on their own site.
If you are an exclusive author, you have no choice but to comply, giving up, even more, control over your brand. What if they decide to change the way
Edwin on the choice of next WP JS framework, now that React is abandoned. Interestingly the only one that stood the test of time is jQuery.
If you haven't heard the news already, Matt has decided to move Gutenberg, the new WordPress editor, off of React, over people's reaction to the recent response from Facebook's legal team. Some parts of Facebook's response seem odd, but I also have no idea what the legal landscape is like for one of the largest most publicly visible companies in the world. I don't think there is malicious intent in React's licensing, but at the same time I think it is a wise decision from Matt to ease growing tension in the WordPress space over the use of React in Gutenberg. Any company, organization, or project that feels wary of taking on the legal uncertainty surrounding React, is a project that would no longer be able to use WordPress; an unfortunate price to pay for using React.
It is not clear what will be chosen as the replacement for React, and in many ways I wish React did not need to be replaced, because it is awesome. Vue seems to be the chant ringing through all channels of the WordPress community. I have been meaning to learn Vue. The recent news was the final push. After I finished up my tasks Friday, I jumped straight into Vue. It took me very little time to get Vue running,
Elementor now adds another functionality to fully customize quote boxes that have a click to tweet button.
Introducing Blockquote - the easiest way to get your readers to click to tweet and share your best lines on Twitter. Two weeks ago we introduced several new Facebook widgets dedicated to boost your site social engagement.
Now, it's Twitter's turn to get a dedicated widget.
Introducing Blockquote, a highly customizable quote box that comes with Click to Tweet functionality.
If you're a blogger, or you publish content on a regular basis, this is a great tool to let your readers share your best lines with a simple Click to Tweet.
The Blockquote widget allows you to add quotes to your site. Each Blockquote can be set to include the content of the quote, the author name and the 'Click to tweet' button.
When you drag and drop the Blockquote widget you'll notice 4 skins that are available for the initial Blockquote design. You might remember the skin option from the Posts widget Cards skin release a few months ago. With regards to Blockquote, these are the skins that are available:
We release a new feature on an almost weekly basis, but it's always thrilling to read the positive feedback from our users. What do you think of our Blockquote widget?
We release a new feature on an almost weekly