WPTavern: New Merlin WP Onboarding Wizard Makes WordPress Theme Installation and Setup Effortless

ThemeBeans founder Rich Tabor released Merlin WP on GitHub in public beta this week. The project provides a beautiful experience for installing and setting up WordPress themes with all of their plugin dependencies, Customizer settings, widgets, demo content, and more.

“I was inspired by David Baker’s Envato Theme Setup Wizard and was working to add it to my own themes but pivoted after realizing I was just putting a band-aid on the onboarding issues surrounding themes in particular,” Tabor said. “It wasn’t a particularly grand experience and didn’t take care of the essentials the way I was looking for.”

Tabor said he wanted to make the onboarding experience much friendlier than what WordPress products are typically known for and needed a way to get his customers started on the right foot.

“Over the years I’ve had countless ‘how do I get this page like your demo’ and ‘where do I even start’ questions — and my themes aren’t even particularly confusing/difficult to use.” Tabor said.

Ordinarily, users have to hop from screen to screen to install a theme, recommended plugins, and apply Customizer settings. Even an experienced WordPress user often has to refer to documentation to get a theme set up with the right customizations to match the demo. The video below shows an example of Merlin WP in action as it guides a user through setting up York Pro, a fork of one of ThemeBeans’ commercial themes that is included in Merlin WP’s GitHub repo.

Post Status: Building a healthy remote company, with Tom Willmot — Draft podcast

Welcome to the Post Status Draft podcast, which you can find on iTunes, Google Play, Stitcher, and via RSS for your favorite podcatcher. Post Status Draft is hosted by Brian Krogsgard.

In this episode, Brian is joined by Tom Willmot, the CEO of Human Made. Human Made recently released an employee handbook as an open source document for anyone to use, copy, or learn from. Tom and Brian discuss several elements of the handbook, and how they approach these things at Human Made:

• Employee onboarding
• Remote work processes
• Communication
• Employee feedback and mentorship
• HR policies
• And more!

This was a fun episode. Human Made has some of the lowest turnover in our industry and it was educational to hear from Tom.

https://audio.simplecast.com/a0dd5349.mp3

Direct Download

Sponsor: OptinMonster

OptinMonster allows you to convert visitors into subscribers. You can easily create & A/B test beautiful lead capture forms without a developer. Be sure to check out their new Inactivity Sensor technology.

Source: WordPress

WPTavern: User Experience Tests Show Gutenberg’s UI Elements Can Benefit From Better Timing

Over the past few months, reviews for Gutenberg have trended towards a love/hate relationship without much in between. To figure out why this is, Millie Macdonald and Anna Harrison of Ephox, the company behind TinyMCE, analyzed the feedback and concluded that many of the issues likely stem from timing.

“In short, the nuances in the micro-interactions and timing of UI elements in Gutenberg are a little out of sync with what the user is doing at a point in time,” Harrison said. “For example, a user typing in a new paragraph is distracted when the decoration of the previous paragraph turns on.”

A common piece of feedback is that Gutenberg’s UI is clean but also cluttered. Harrison recorded a video of users copying and pasting paragraphs into Gutenberg and Medium.

In the video, toolbars and UI elements are displayed in Gutenberg during the writing process creating a cluttered look and disrupting the writing flow. In Medium, the formatting toolbar doesn’t display until text is highlighted and the + symbol disappears if it’s not interacted with.

Based on user testing, Harrison suggests refining the timing of when visual elements pop up in Gutenberg. “Right now, menus pop up when we are trying to type,” Harrison said. “They ought to pop up when we are trying to do something to words that have already been typed.”

Harrison presented their findings and suggestions to Gutenberg’s development team. Tammie Lister, design lead for Gutenberg, agreed that getting micro-transactions right is important. “I see this as the type of refinement post version 0.9/1 can bring,” Lister said.

“A few things I am slightly obsessed with is having an animation pace, story and consistency to interactions. Just something to throw in when looking at micro-interactions. I’ve also been doing some self thinking about what the ‘feel’ of emotion of Gutenberg should be. The one I keep coming back to is ‘calm’ and ‘supporting’. Just another thing to throw in when looking at these smaller details.”

Developers thanked Harrison and Macdonald for collecting, analyzing, and sharing data with the team. Does Gutenberg feel heavy to you? Let us know what your experience is like writing content in Gutenberg.

Source: WordPress

WPTavern: WordPress Support Team to Host Free Workshop August 23 on Supporting Themes

Over the past few months the WordPress Support Team has been brainstorming ways to improve support across various aspects of the community. One new idea they are pursuing is hosting workshops where WordPress.org theme and plugin authors can present how they approach supporting their free, open source products that have been released to the community.

Some users approach WordPress.org plugins and themes with realistic expectations regarding the support they might receive on tickets. Others approach these free products as if they were all built with large teams of professional support behind them, which is rarely the case. This often results in frustration, one-star reviews, and ultimately a bad reputation for products hosted in the official directories. It is also one of the primary reasons developers forgo putting products on WordPress.org and simply opt to host them on GitHub.

The new workshops will offer concrete strategies for bridging the chasm of expectation regarding support that exists between developers and users. WordPress.org theme and plugin authors will share the tools and ideas they have implemented to offer support while creating a positive experience for everyone involved.

Kathryn Presner, who supports hundreds of themes at Automattic, will be leading the first workshop titled “The Developers Guide to Supporting Your Themes:”

Providing support for your themes offers tremendous opportunities to educate WordPress users, from explaining how to make a child theme to offering simple CSS customisations. It also presents challenges, like figuring out how to help people who aren’t tech-savvy or need support beyond the scope of what you can provide. While many developers dread doing support, with some concrete strategies and techniques in hand, helping users doesn’t have to be a chore – and can even be fun! This session looks at how to make your themes’ users happy while feeling a sense of satisfaction from your own support efforts – a winning combination in the world of theme development.

WordPress.org theme authors will want to mark their calendars for Wednesday, August 23 at 11 AM CDT. The workshop will be broadcast live as a Zoom teleconference and will last for an hour, including time for a Q&A at the end. Zoom can run on desktop and also offers apps for mobile devices. The session will be recorded and available on WordPress.tv at a later date.

Source: WordPress

WPTavern: WPWeekly Episode 285 – Not Every WordPress Is the Same

In this episode, John James Jacoby and I open the show by discussing our observations of social media lately. Our feeds are filled with anger and for me personally, Twitter is becoming less useful.

We discussed the news of the week, including a lengthy conversation about Automattic opening up the WordPress.org ecosystem of plugins and themes to Business plan customers. Near the end of the episode, we share the features we’d like to see in a syntax highlighter for the built-in plugin and theme editors.

Stories Discussed:

WordPress Foundation to Sponsor Open Source Educational Events

WooCommerce Forks select2, Releases selectWoo as a Drop-In Replacement with Improved Accessibility

Gutenberg 0.8.0 Introduces 5 New Blocks: Categories, Text Columns, Shortcode, Audio, and Video

WordPress.com’s Business Plan Gives Subscribers a Way to Tap into WordPress.org’s Third-party Ecosystem

WordPress 4.9 to Focus on Code Editing and Customization Improvements, Targeted for November 14

Picks of the Week:

WPisNotWP by Caspar HĂŒbinger, is a tiny progressive web app that outlines the differences between WordPress the open-source project and WordPress.com. Contributions to the app can be made on the project’s GitHub page.

A deep dive into the WordPress user roles and capabilities API by John Blackbourn.

WPTavern: Gravity Forms Stop Entries Plugin Aims to Help Sites Comply with the EU’s GDPR
photo credit: AJ Montpetit

Wider Gravity Forms Stop Entries is a new plugin that helps website owners protect the privacy of form submissions by preventing entries from being stored in the database. The plugin was created by UK-based web developer Jonny Allbut for internal use at Wider, a company he set up for handling WordPress clients’ needs.

One aspect of complying with the EU’s General Data Protection Regulation (GDPR) is ensuring that contact forms do not store any personally identifiable data on the server. The regulation becomes enforceable in May 2018 and sites that serve EU citizens are preparing for the deadline with audits and changes to how they handle privacy.

Gravity Forms doesn’t offer a built-in option to stop entries from being stored on the server but GF co-founder Carl Hancock says there are a variety of ways to accomplish this.

“If all you want to do is simply email the contents of the form and not store the data in the database as part of the route you’d like to take for GDPR compliance, this plugin would be one method of doing so,” Hancock said. He also referenced Gravity Wiz’s commercial Disable Entry Creation plugin. Developers can also delete entry data after submission via a hook.

“However, the GDPR doesn’t preclude storing form entries in a database and is entirely dependent on the type of data you are storing and the other safeguards and functionality you have put in place,” Hancock said. “It’s a complex issue and I’m not entirely sure the EU fully understands the burden and implications that may come with it.”

Ultimately, the requirement of compliance falls upon website administrators who are the ones collecting the data. It is their responsibility to select tools that will protect their users’ privacy.

“While it won’t provide GDPR compliance on its own, Jonny’s extension is a much-needed step in the right direction,” digital law specialist Heather Burns said. Burns consults with companies that need assistance in getting their sites GDPR compliant. “GDPR requires adherence to the principles of privacy by design and part of that is data minimization and deletion.”

WordPress has dozens of popular contact form plugins, both free and commercial. Many of them store entries in the database in case the recipient’s email has problems, preventing the communication from becoming lost. Site administrators who are concerned about GDPR compliance will want to examine the solution they have selected for forms. Burns advised that contact form plugins need to do the following three things:

• Ensure that personal and sensitive personal data from form entries is not stored in the database;
• Provide configuration options to allow contact form entries to be automatically deleted after a certain period of time;
• Ensure that all contact form data is deleted when the plugin is deactivated or deleted.

“Unfortunately the direction of travel has been the exact opposite: contact form entries tend to be stored in perpetuity on the database regardless of content or necessity,” Burns said. “Contact form plugins with options to automatically delete form submissions after a certain period of time are rare. I’ve even seen contact form extensions which duplicate entries to a separate table, which, all things considered, is madness. We need to be developing towards data minimization and deletion, not retention and duplication.”

Last month JJ Jay published an analysis of how and where popular WordPress contact forms plugins store data. This is a useful reference for site administrators who are not sure how their chosen solution handles data collection and storage. She suggested a few questions for users to ask when examining contact forms:

• Can the option to store data be turned on and off?
• At what granularity?
• Can the data be deleted when the plugin is deleted?
• What personally identifiable data, other than the data from each form, is stored? (i.e. a user’s IP address)
• Is it possible to delete the submissions on an ad-hoc or scheduled basis?

If you’re not sure what could be leftover in your database from other plugins, Jay has also created a “What’s in my database?” plugin that administrators can install and access under the Tools menu. It is read-only and lists every table and its columns, so users can see if there are any surprises.

British Pregnancy Advice Service (BPAS) Hack Highlights the Danger of Storing Contact Form Entries in the Database

In educating website owners about the dangers of storing sensitive personal data, Heather Burns often cites the 2012 British Pregnancy Advice Service (BPAS) hack as one of the worst examples of the consequences of storing contact form entries in databases. The hacker, who was later jailed, stole thousands of records from the charity, which was running on an unknown outdated CMS with weak passwords. The site had not undergone a privacy impact assessment on its personal data collection and storage methods.

“One of the services BPAS offers is access to abortions,” Burns said. “Many of their service users come over from Ireland, where abortion is banned under nearly all circumstances. The site had a contact form where women could enquire about abortions. BPAS thought that messages were merely passing through the site; no one within the organization had any clue that a copy of each contact form submission was stored on the database. Somewhat inevitably, the site was easily hacked by an anti-abortion activist who downloaded the database. He found himself in possession over 5,000 contact form submissions going back over five years containing women’s names, email addresses, phone numbers, and the fact that they were enquiring about abortions. He then announced his intention to publish the womens’ data on an anti-abortion forum.”

The hacker was caught and arrested before he had the opportunity to publish the list. He received 32 months of jail time and BPAS was fined ÂŁ200k for the data protection breaches.

“As well as criticizing the charity for their technical failures, the regulator called attention to the fact that no one on the staff had thought to ask the proper questions about the tools they were using; they were also angry that the site had a legalistic privacy policy which was clearly not worth the pixels it was printed on,” Burns said. “All of these failures were deemed inadmissible and inexcusable by the data protection regulator. It is no exaggeration to say that women could have been killed because of a contact form.”

Auditing contact forms is just one piece of the puzzle for those working towards GDPR compliance. Burns recommends that site administrators conduct a privacy impact assessment of personal and sensitive data that is submitted through forms. Privacy notices should also be clear about how this data is handled and how long it is retained before it is deleted.

The GDPR was written to be extraterritorial and states that the regulations apply to any site or service that has European users. These sites are expected to protect EU users’ data according to European regulations. Many American company owners are not yet convinced that this is enforceable outside of EU borders and have not invested in getting their online entities to be compliant.

“GDPR provides a very useful framework for user protection, which is now more important than ever,” Burns said. “I’m encouraging Americans to work to GDPR because it’s a constructive accountable framework that’s a hell of a lot better than nothing.”

Wider Gravity Forms Stop Entries is currently the only plugin in the official WordPress directory that addresses GDPR concerns for a specific contact form plugin. Others may become available as the May 2018 deadline approaches. Jonny Allbut warns users in the FAQ to test the plugin with third-party GF extensions before adding it to a live site, as some extensions may rely on referencing data entries stored in form submissions.

I asked Carl Hancock if Gravity Forms might make storing form entries in the database an optional feature and he confirmed they are considering it.

“Yes, this is certainly possible,” Hancock said. “We try to avoid conflicts with available 3rd party add-ons for Gravity Forms to encourage their development,” Hancock said. “But unfortunately it is not always avoidable. It is a feature that has been requested numerous times in the past and I suspect with the GDPR it will be a feature that will be requested even more going forward.”

Source: WordPress