Loading...

Follow WordPress Tavern | Wordpress Dev Blog on Feedspot

Continue with Google
Continue with Facebook
or

Valid

WordPress has officially ended support for PHP 5.2 – 5.5 and bumped its minimum required PHP version to 5.6. The plan announced last December was to bump the minimum required version in early 2019 and, depending on the results, bump it again to PHP 7 in December 2019. Sites on PHP 5.5 or earlier can still get security updates but will not be able to upgrade to the latest major WordPress version.

Today only 2% of WordPress sites remain on PHP 5.2. Roughly 20% are on versions 5.5 or earlier. Nearly half of WordPress installs are on PHP 7.0+.

One might wonder why WordPress’ approach isn’t to just bump it all the way up to PHP 7. With its influence and dominant market share, this requirement would inevitably force users to get on board. However, WordPress contributors believe in supporting users who, for whatever reason, need more help upgrading PHP. Steamrolling this requirement has not been the WordPress way, despite years of immense pressure from the developer community.

“Leaving users behind for technical reasons creates a two-folded web with only few being able to leverage its power,” WordPress Core Committer Felix Arntz said. “Collaborating with and supporting these users gives that power to everyone in the long run.”

Gary Pendergast shared a few stats about how effective WordPress 5.1’s PHP update notice has been in prodding site owners to get on newer versions of PHP:

For WordPress 5.0, sites updated their PHP version from PHP

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Gutenberg 5.3 was released today with basic block management, a feature that will be included in WordPress 5.2. It is a new modal that can be launched from the vertical ellipses menu, inspired by Rich Tabor’s CoBlocks implementation. Users can turn individual blocks on/off or even entire sections, such as Common Blocks, Formatting, and Embeds. Block management should help users avoid the bloat that happens when installing block collections with more blocks than they need.

This version’s updates to the Cover Block make it possible to nest other blocks inside of it. Users can now add buttons, paragraphs, and headers to easily create a call to action. It’s not immediately evident that nesting blocks is possible, despite the floating inserter. It takes a little bit of time to discover that it is available. There are still some quirks with this feature, but overall it makes the Cover Block much more useful than previous versions.

A few contributors commenting on the Cover Block’s nesting PR said that it seems like the work on this iteration is essentially a light version of a section block. They questioned if it might be better to finish the work on the Section block (#4900) and build from there. Many developers and designers are eagerly awaiting the addition of a Section block to core, which will provide a standard for the plugin and theme industries to build on.

“I think the cover block has very specific functionality that the section may not have like the focal point selector,” Automattic JavaScript engineer Jorge Costa said. “It is also important to note that the adjustments we make here to the way nesting works will also benefit a future section. This also allows us to test nesting a little bit more, before going to the section block. I expect the section block to be widely used in the community and will probably serve as a basis for many things being built in the future so it is important that we get it right. Exploring in cover will contribute to that.”

Gutenberg 5.3 adds an experimental Legacy Widget Block that allows existing WordPress widgets to be added as Gutenberg blocks. It offers a dropdown of available widgets. After selecting one, the block populates that area with the widget’s settings.

This version also improves block outlines for the hover and selected states for a more accessible UI with less distraction. Performance benchmarks show a slight decrease in performance with Gutenberg 5.3. Check out the release post for a full list of enhancements and bug fixes. This is the last plugin release that will be rolled into the upcoming WordPress 5.2 release.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The 11th edition of WordCamp Miami was held this past weekend, a three-day event that featured multiple learning workshops and six different tracks. The speaker ratio was 50% male and 50% female, and nearly half of the speakers were new to WordCamp Miami.

Another great year of amazing, diverse speakers! #WCMIA #WordPress pic.twitter.com/e2smmCpPAF

— WordCamp Miami (@wordcampmiami) March 17, 2019

One of the highlights of this year’s event were the WordPress stories coming out of the Kid’s Panel. WordCamp Miami has been hosting learning experiences for kids since 2014 and for the past four years has included a two-day Kid’s Camp along with a Kid’s Panel. More than 100 children (not including parents and guardians) attended this year’s event. Some of the kids who are more experienced with WordPress shared their experiences during the Kid’s Panel.

Kids reported that they using WordPress for blogs, science projects, and robotic competitions. One fifth grade student, who has been using WordPress for three years, said she plans to continue using it to document her life and share her future educational experiences:

“I plan to be using it later in my life when I go to college, so I can be talking about what my life journey was and what I’m going to be studying, which is software engineering.”

Listen to how a 4th grader explains why she likes using #WordPress. #WCMIA pic.twitter.com/Zd5cRP3Afg

— David Bisset (@dimensionmedia) March 17, 2019

Miami to Host New One-Day WordPress Event for Kids and Teachers

The growing popularity of WordCamp Miami’s kids events has inspired organizers to host a new one-day event for kids and teachers. The date has not yet been set but the plan is to have it scheduled for summer 2019.

The event will be divided into two tracks, one for kids aged 6 to 18 and another for teachers and educators. The kid’s track will include talks on WordPress, MineCraft, STEAM/STEM activities, and ways they can improve their coding skills. Teachers and educators will have a dedicated track with talks that will help them incorporate coding, WordPress, and broader STEAM/STEM activities into their curricula.

In their announcement, WordCamp Miami’s organizers said they believe the next generation of WordPress users are “vital to the growth of the open web.” They are looking for sponsors to cover the costs of snacks and lunch for approximately 100 students, volunteers and speakers to give presentations on various subjects for kids and teachers, and people to spread the word to schools in the Dade/Broward area.

Kids engaging with WordPress is one of the most inspiring things happening in the community right now. It’s the spark of a new generation of users who are embracing the concept of sharing their ideas on the open web. WordPress’ Community team also has a new Kids Event Working Group that kicked off last month to support the growth of these kinds of events around the world. They are currently working on documentation, training guides, legal documents, supply lists, and other resources. This is another way to get involved if you don’t live near a local kid’s event.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

WordPress contributor teams have shipped several new tools for theme developers in the past couple weeks, which have the potential to raise the quality of new themes coming into the ecosystem. The Theme Sniffer plugin is a new effort from the Theme Review team that uses custom sniffs for PHP_CodeSniffer to test a theme against WordPress coding standards and check for PHP version compatibility.

The plugin is useful for both theme reviewers and developers who want to get their themes approved for the WordPress.org directory. It includes several optional standards to test against beyond the ruleset for theme review requirements. Passing the Theme Sniffer checks is not required for themes entering the directory but reviewers can use the plugin to speed the process up.

The Accessibility Team also published a new tool called WP Theme Auditor that runs Axe tests against a theme for automated accessibility feedback. Axe is an open source library and testing engine created by the accessibility experts at Deque. The WP Theme Auditor package can be installed into a theme’s root directory. Developers can then add test cases. Examples are available in the project’s README file. The tests are run against http://one.wordpress.test by default but developers can specify a different test environment URL.

The Accessibility team plans to expand the test cases in the tool to include all the content from the current Theme Unit Test Data package. In the most recent team meeting, they decided to recommend WP Theme Auditor as a WordPress testing tool and plan to post more details about it on the make.wordpress.org/accessibility blog.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

At WordCamp Nordic’s contributor day I had the opportunity to chat with Andrey “Rarst” Savchenko about WordPress’ Date/Time component, the code that manages date, time, and timezone functionality. Savchenko is one of the maintainers of this lesser-known component, which includes code that dates back to PHP 4 times. After volunteering for years in the WordPress Stack Exchange forums, he encountered some of the worst Date/Time bugs, eventually spurring him on to get involved improving the code.

“From there it was a slow descent into the madness of the component,” Savchenko said. “Much of my experience ended up in my WpDateTime library. By last year I was, at last, confident I had a good grasp on the extent of the problem and a way forward for core.”

Date/Time issues affect both developers and users. Savchenko said most of the problems, by volume, are related to an incorrect output of localized time by `date_i18n()`. These things can trickle down to users and affect post scheduling, querying, and other operations.

“Some of them are outright bugs and some are easy to break due to incompatibility with Unix timestamps,” Savchenko said. “But many other parts of the core have problems related to time – most often around time zones and daylight savings time. Posts can end up with the wrong time, not published when needed, sorted in the wrong order, and so on.”

The requirement for backwards compatibility makes progress slow but Savchenko and fellow contributors shipped some of their work in the most recent release of WordPress. They will have more solutions available to pursue when the minimum required PHP version is bumped.

“In WordPress 5.1 we had shipped a set of important fixes for documentation and some of the worst bugs in `date_i18n()`.

“At the moment we continue to work on outstanding issues and get ready to implement a set of major new API functions. The work on the component has also revitalized the discussion of introducing user timezones. However I think those need a lot of UX work to reach workable proposal.”

Check out the video below for a quick overview of the work being done on the Date/Time component and find out how you can get involved at the #core-datetime channel in WordPress Slack.

A Quick Introduction to WordPress' Date/Time Component - YouTube

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

GitHub users may soon be able to contribute to projects on behalf of an organization. This feature has often been requested by developers who are contributing on behalf of their employers.

“Corporate contributions to the third-party open source projects can still be a source of friction and ambiguity,” GitHub Product Manager Ben Balter said. “We’re beta testing a new platform-agnostic commit pattern we hope can help you contribute on behalf of your employer.”

Committers who are members of an organization can add a commit trailer in the following format:

On-behalf-of: @ORG <ORG CONTACT EMAIL>

The committer must use an email that matches the organization’s verified domain and sign the commit. Committing on behalf of an organization can also be done via the command line.

Balter posted a demo of how the organization’s badge appears next to the committer’s. The feature is now in public beta:

It will be interesting to see how well this is adopted among individuals and organizations committing to open source projects. Some projects have more overt contribution from commercial entities than others. Having individuals commit on behalf of their employers makes it easier to track contributions funded by organizations. It may also provide project owners a more accurate picture of how deeply companies are invested in a project, especially in scenarios where the lines between individual and employer contributions are blurry or unclear.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

10up has released a GitHub Action that enables developers to deploy to the WordPress.org Plugin repository by tagging a new version on GitHub. Helen Hou-Sandí, 10up’s Director of Open Source Initiatives, explained how it works:

You’ll be able to manage your entire development lifecycle in GitHub—no more futzing with local Bash scripts or controlling commit/push access in multiple places. You reference our action in your plugin repo’s workflow file, filtered to only run when a tag is pushed, and set your username/password secrets. After that, each time you tag a new version on GitHub, whether by pushing a Git tag from the command line or making one using the GitHub releases interface, your plugin will be deployed to WordPress.org.

Developers who want to use this Action will need to sign up for beta access to GitHub Actions in order to create their own Actions-enabled repo for pushing plugin releases to WordPress.org. Check out 10up’s release post and the README file for instructions on how to use and customize the WordPress.org Plugin Deploy action.

Reception from the WordPress development community has been enthusiastic, as anything that removes WordPress.org’s requirement to use SVN qualifies as a little piece of magic. 10up is working on more WordPress Actions that they plan to release soon.

This project makes me want to make a plugin again https://t.co/aTtTpu6562

— Jeremy Felt (@jeremyfelt) March 14, 2019

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

WordCamp Miami (WCMIA) is heading into its 11th year running this weekend, making it one of the longest running non-profit tech conferences in South Florida. Known for its many learning opportunities and workshops, the event spans three days from March 15 – 17 at Florida International University.

For the vast majority of the WordPress world that cannot make it to Miami, the next best alternative is tuning into the free livestream. WCMIA will be broadcasting a selection of workshops and sessions from the schedule, beginning with the Freelancer’s Workshop on Friday, March 15. The main event features six different tracks, and Saturday’s live broadcast will include sessions from “WordPress & The Web” and the “Design & Community” tracks. Sunday’s livestream will broadcast sessions from the Business track.

WCMIA is also hosting a worldwide WordPress trivia contest on Saturday, March 16, at 6PM EST. It is open to both in-person attendees and livestream viewers. Directions for how to sign into kahoot.it remotely for the game show are available on the event’s website. Digital prizes may be awarded to those playing online and winners will be announced on the WCMIA Twitter account.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Last week Automattic published a video titled “A meditation on the open web” that calls out Facebook as the antithesis of the open web:

As you get closer the air gets smoggier and you realize it’s a vast metropolis. It’s surrounded by high concrete walls, completely contained. Inside it’s bustling, lots of honking traffic, people everywhere, the sound is deafening. You see people arguing in bars and chatting on street corners. Billboards and advertisements are everywhere, touting ever kind of good and service. It’s noisy and dense and overwhelming.

This is Facebook.

The video also likens Instagram to a cookie cutter housing development that is actually just a collection of billboards with no one living there.

My expectation before playing the video was that it would enumerate the positive aspects of the open web but I was surprised to find it juxtaposed with Facebook and Instagram in a somewhat jarring fashion midway through. It effectively communicates the stark contrast between the limitations and restrictions of social media silos and the freedom of owning your website.

A meditation on the open web - YouTube

Open Web Meditation was created as a design experiment at Automattic that encourages viewers to look beyond the walls of dominant social media platforms and consider how our experiences on the web differ based on where we choose to share our ideas. The company is looking to gain global exposure for the video by inviting people to create their own versions of it in their own languages.

Automattic’s video is a timely message, as the world pauses to reflect on the 30th birthday of the World Wide Web this week. In his open letter published by the Web Foundation, Tim Berners-Lee urged companies, governments, and the web’s citizens not to give up on building a better web. He identified “system design that creates perverse incentives,” where user value is sacrificed, as one of the most dangerous threats to the web at this time.

“You can’t just blame one government, one social network or the human spirit,” Berners-Lee said. “Simplistic narratives risk exhausting our energy as we chase the symptoms of these problems instead of focusing on their root causes. To get this right, we will need to come together as a global web community.”

Many commercial entities have enjoyed extraordinary and unprecedented opportunities and influence because of the creation of the world wide web. Berners-Lee underscored their responsibility toward the public as stewards of the open web.

“Companies must do more to ensure their pursuit of short-term profit is not at the expense of human rights, democracy, scientific fact or public safety. Platforms and products must be designed with privacy, diversity and security in mind. This year, we’ve seen a number of tech employees stand up and demand better business practices. We need to encourage that spirit.”

In an interview with the BBC, Berners-Lee said that global action is required tackle the web’s “downward plunge to a dysfunctional future.” This 30-year anniversary is a good time to re-examine our complex relationships with centralized services and return to the guiding principles that have made the web a universal, open place of opportunity.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

WordPress 5.1.1 was released yesterday evening with an important security update for a critical cross-site scripting vulnerability found in 5.1 and prior versions. The release post credited Simon Scannell of RIPS Technologies for discovering and reporting the vulnerability. Scannell published a post summarizing how an unauthenticated attacker could take over any WordPress site that has comments enabled:

An attacker can take over any WordPress site that has comments enabled by tricking an administrator of a target blog to visit a website set up by the attacker. As soon as the victim administrator visits the malicious website, a cross-site request forgery (CSRF) exploit is run against the target WordPress blog in the background, without the victim noticing. The CSRF exploit abuses multiple logic flaws and sanitization errors that when combined lead to Remote Code Execution and a full site takeover.

Since WordPress ships with comments enabled by default, an attacker could exploit this vulnerability on any site with the default settings. Auto-updates went out yesterday but administrators who have background updates disabled are advised to update immediately.

The maintenance release also includes the ability for hosts to offer a button to prompt their users to update PHP ahead of WordPress’ planned minimum PHP version bump in 5.2. The “Update PHP” notice can be filtered to change the recommended version.

Version 5.1.2 is expected to follow in two weeks.

Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview