WPTavern: New Merlin WP Onboarding Wizard Makes WordPress Theme Installation and Setup Effortless
ThemeBeans founder Rich Tabor released Merlin WP on GitHub in public beta this week. The project provides a beautiful experience for installing and setting up WordPress themes with all of their plugin dependencies, Customizer settings, widgets, demo content, and more.
âI was inspired by David Bakerâs Envato Theme Setup Wizard and was working to add it to my own themes but pivoted after realizing I was just putting a band-aid on the onboarding issues surrounding themes in particular,â Tabor said. âIt wasnât a particularly grand experience and didnât take care of the essentials the way I was looking for.â
Tabor said he wanted to make the onboarding experience much friendlier than what WordPress products are typically known for and needed a way to get his customers started on the right foot.
âOver the years Iâve had countless âhow do I get this page like your demoâ and âwhere do I even startâ questions â and my themes arenât even particularly confusing/difficult to use.â Tabor said.
Ordinarily, users have to hop from screen to screen to install a theme, recommended plugins, and apply Customizer settings. Even an experienced WordPress user often has to refer to documentation to get a theme set up with the right customizations to match the demo. The video below shows an example of Merlin WP in action as it guides a user through setting up York Pro, a fork of one of ThemeBeansâ commercial themes that is included in Merlin WPâs GitHub repo.
Merlin WP makes the process of setting up a theme nearly effortless for users. It also leaves less room for error or confusion.
Developers can add Merlin WP directly to their theme files. It includes a configuration file that allows for customization of any text string in the wizard. Theme developers add the Merlin class (merlin/merlin.php) and the merlin-config.php file, along with any demo content (included in the demo directory location specified in the merlin-config.php file):
- content.xml â Exported demo content using the WordPress Exporter
- widgets.wie â Exported widgets using Widget Importer and Exporter
- customizer.dat â Exported Customizer settings using Customizer Export/Import
Merlin WP was also developed to work seamlessly with TGMPA, a PHP library that many WordPress developers use to require or recommend plugins for their themes and plugins. It will automatically pull the recommended plugins into the wizard.
Tabor said his targeted distribution channel is commercial themes, though he believes Merlin WP could also be useful for themes hosted on WordPress.org.
âIâm honestly not sure if it would be allowed,â Tabor said. âI guess thatâs where getting more eyes on the project and more input from the Theme Review team comes in handy. I have had a lot of feedback from authors who are eventually considering adding Merlin WP as an âup-sell featureâ for their lite offerings currently on .org.â
Tabor estimates that Merlin WP will be in beta for another two weeks. There are a few issues he wants to resolve before bringing it out of beta. He is testing the wizard in his own products at ThemeBeans, which is what he built it for originally. The shop has more than 40,000 customers and Tabor plans to push the wizard live across his entire theme collection once the last few issues are resolved.
Merlin WP is GPL-licensed and available on GitHub for any developer to use in open source projects. Tabor said he is considering creating a pro version but is not currently interested in pursuing an add-on model.
âIâm considering having an advanced version, with different developer-level capabilities, such as EDD Software Licensing support (where theme users can enter their license key issued from the developer in the onboarding process),â Tabor said.
Tabor anticipates one of the main benefits for theme shops using Merlin WP will be a decreased support load where questions about initial setup and âhow do I do this like the demoâ become less common.
âCustomers will have what theyâve purchased right off the bat (instead of installing plugins, installing a child theme, importing content, setting menus, widgets, etc),â Tabor said. âThey will likely appreciate the ease-of-use and share that experience with others.â
Post Status: Building a healthy remote company, with Tom Willmot â Draft podcast
In this episode, Brian is joined by Tom Willmot, the CEO of Human Made. Human Made recently released an employee handbookÂ as an open source document for anyone to use, copy, or learn from. Tom and Brian discuss several elements of the handbook, and how they approach these things at Human Made:
- Employee onboarding
- Remote work processes
- Employee feedback and mentorship
- HR policies
- And more!
This was a fun episode. Human Made has some of the lowest turnover in our industry and it was educational to hear from Tom.
OptinMonster allows you to convert visitors into subscribers. You can easily create & A/B test beautiful lead capture forms without a developer. Be sure to check out their new Inactivity Sensor technology.
WPTavern: User Experience Tests Show Gutenbergâs UI Elements Can Benefit From Better Timing
Over the past few months, reviews for Gutenberg have trended towards a love/hate relationship without much in between. To figure out why this is, Millie Macdonald and Anna Harrison of Ephox, the company behind TinyMCE, analyzed the feedback and concluded that many of the issues likely stem from timing.
âIn short, the nuances in the micro-interactions and timing of UI elements in Gutenberg are a little out of sync with what the user is doing at a point in time,â Harrison said. âFor example, a user typing in a new paragraph is distracted when the decoration of the previous paragraph turns on.â
A common piece of feedback is that Gutenbergâs UI is clean but also cluttered. Harrison recorded a video of users copying and pasting paragraphs into Gutenberg and Medium.
In the video, toolbars and UI elements are displayed in Gutenberg during the writing process creating a cluttered look and disrupting the writing flow. In Medium, the formatting toolbar doesnât display until text is highlighted and the + symbol disappears if itâs not interacted with.
Based on user testing, Harrison suggests refining the timing of when visual elements pop up in Gutenberg. âRight now, menus pop up when we are trying to type,â Harrison said. âThey ought to pop up when we are trying to do something to words that have already been typed.â
Harrison presented their findings and suggestions to Gutenbergâs development team. Tammie Lister, design lead for Gutenberg, agreed that getting micro-transactions right is important. âI see this as the type of refinement post version 0.9/1 can bring,â Lister said.
âA few things I am slightly obsessed with is having an animation pace, story and consistency to interactions. Just something to throw in when looking at micro-interactions. Iâve also been doing some self thinking about what the âfeelâ of emotion of Gutenberg should be. The one I keep coming back to is âcalmâ and âsupportingâ. Just another thing to throw in when looking at these smaller details.â
Developers thanked Harrison and Macdonald for collecting, analyzing, and sharing data with the team. Does Gutenberg feel heavy to you? Let us know what your experience is like writing content in Gutenberg.
WPTavern: WordPress Support Team to Host Free Workshop August 23 on Supporting Themes
Over the past few months the WordPress Support Team has been brainstorming ways to improve support across various aspects of the community. One new idea they are pursuing is hosting workshops where WordPress.org theme and plugin authors can present how they approach supporting their free, open source products that have been released to the community.
Some users approach WordPress.org plugins and themes with realistic expectations regarding the support they might receive on tickets. Others approach these free products as if they were all built with large teams of professional support behind them, which is rarely the case. This often results in frustration, one-star reviews, and ultimately a bad reputation for products hosted in the official directories. It is also one of the primary reasons developers forgo putting products on WordPress.org and simply opt to host them on GitHub.
The new workshops will offer concrete strategies for bridging the chasm of expectation regarding support that exists between developers and users. WordPress.org theme and plugin authors will share the tools and ideas they have implemented to offer support while creating a positive experience for everyone involved.
Kathryn Presner, who supports hundreds of themes at Automattic, will be leading the first workshop titled âThe Developers Guide to Supporting Your Themes:â
Providing support for your themes offers tremendous opportunities to educate WordPress users, from explaining how to make a child theme to offering simple CSS customisations. It also presents challenges, like figuring out how to help people who arenât tech-savvy or need support beyond the scope of what you can provide. While many developers dread doing support, with some concrete strategies and techniques in hand, helping users doesnât have to be a chore â and can even be fun! This session looks at how to make your themesâ users happy while feeling a sense of satisfaction from your own support efforts â a winning combination in the world of theme development.
WordPress.org theme authors will want to mark their calendars for Wednesday, August 23 at 11 AM CDT. The workshop will be broadcast live as a Zoom teleconference and will last for an hour, including time for a Q&A at the end. Zoom can run on desktop and also offers apps for mobile devices. The session will be recorded and available on WordPress.tv at a later date.
WPTavern: WPWeekly Episode 285 â Not Every WordPress Is the Same
In this episode, John James Jacoby and I open the show by discussing our observations of social media lately. Our feeds are filled with anger and for me personally, Twitter is becoming less useful.
We discussed the news of the week, including a lengthy conversation about Automattic opening up the WordPress.org ecosystem of plugins and themes to Business plan customers. Near the end of the episode, we share the features weâd like to see in a syntax highlighter for the built-in plugin and theme editors.
Picks of the Week:
WPisNotWP by Caspar HĂŒbinger, is a tiny progressive web app that outlines the differences between WordPress the open-source project and WordPress.com. Contributions to the app can be made on the projectâs GitHub page.
A deep dive into the WordPress user roles and capabilities API by John Blackbourn.
Next Episode: Wednesday, August 23rd 3:00 P.M. Eastern
Subscribe To WPWeekly Via Itunes: Click here to subscribe
Subscribe To WPWeekly Via RSS: Click here to subscribe
Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe
Listen To Episode #285:
WPTavern: Gravity Forms Stop Entries Plugin Aims to Help Sites Comply with the EUâs GDPR
photo credit: AJ Montpetit
Wider Gravity Forms Stop Entries is a new plugin that helps website owners protect the privacy of form submissions by preventing entries from being stored in the database. The plugin was created by UK-based web developer Jonny Allbut for internal use at Wider, a company he set up for handling WordPress clientsâ needs.
One aspect of complying with the EUâs General Data Protection Regulation (GDPR) is ensuring that contact forms do not store any personally identifiable data on the server. The regulation becomes enforceable in May 2018 and sites that serve EU citizens are preparing for the deadline with audits and changes to how they handle privacy.
Gravity Forms doesnât offer a built-in option to stop entries from being stored on the server but GF co-founder Carl Hancock says there are a variety of ways to accomplish this.
âIf all you want to do is simply email the contents of the form and not store the data in the database as part of the route youâd like to take for GDPR compliance, this plugin would be one method of doing so,â Hancock said. He also referenced Gravity Wizâs commercial Disable Entry Creation plugin. Developers can also delete entry data after submission via a hook.
âHowever, the GDPR doesnât preclude storing form entries in a database and is entirely dependent on the type of data you are storing and the other safeguards and functionality you have put in place,â Hancock said. âItâs a complex issue and Iâm not entirely sure the EU fully understands the burden and implications that may come with it.â
Ultimately, the requirement of compliance falls upon website administrators who are the ones collecting the data. It is their responsibility to select tools that will protect their usersâ privacy.
âWhile it wonât provide GDPR compliance on its own, Jonnyâs extension is a much-needed step in the right direction,â digital law specialist Heather Burns said. Burns consults with companies that need assistance in getting their sites GDPR compliant. âGDPR requires adherence to the principles of privacy by design and part of that is data minimization and deletion.â
WordPress has dozens of popular contact form plugins, both free and commercial. Many of them store entries in the database in case the recipientâs email has problems, preventing the communication from becoming lost. Site administrators who are concerned about GDPR compliance will want to examine the solution they have selected for forms. Burns advised that contact form plugins need to do the following three things:
- Ensure that personal and sensitive personal data from form entries is not stored in the database;
- Provide configuration options to allow contact form entries to be automatically deleted after a certain period of time;
- Ensure that all contact form data is deleted when the plugin is deactivated or deleted.
âUnfortunately the direction of travel has been the exact opposite: contact form entries tend to be stored in perpetuity on the database regardless of content or necessity,â Burns said. âContact form plugins with options to automatically delete form submissions after a certain period of time are rare. Iâve even seen contact form extensions which duplicate entries to a separate table, which, all things considered, is madness. We need to be developing towards data minimization and deletion, not retention and duplication.â
Last month JJ Jay published an analysis of how and where popular WordPress contact forms plugins store data. This is a useful reference for site administrators who are not sure how their chosen solution handles data collection and storage. She suggested a few questions for users to ask when examining contact forms:
- Can the option to store data be turned on and off?
- At what granularity?
- Can the data be deleted when the plugin is deleted?
- What personally identifiable data, other than the data from each form, is stored? (i.e. a userâs IP address)
- Is it possible to delete the submissions on an ad-hoc or scheduled basis?
If youâre not sure what could be leftover in your database from other plugins, Jay has also created a âWhatâs in my database?â plugin that administrators can install and access under the Tools menu. It is read-only and lists every table and its columns, so users can see if there are any surprises.
British Pregnancy Advice Service (BPAS) Hack Highlights the Danger of Storing Contact Form Entries in the Database
In educating website owners about the dangers of storing sensitive personal data, Heather Burns often cites the 2012 British Pregnancy Advice Service (BPAS) hack as one of the worst examples of the consequences of storing contact form entries in databases. The hacker, who was later jailed, stole thousands of records from the charity, which was running on an unknown outdated CMS with weak passwords. The site had not undergone a privacy impact assessment on its personal data collection and storage methods.
âOne of the services BPAS offers is access to abortions,â Burns said. âMany of their service users come over from Ireland, where abortion is banned under nearly all circumstances. The site had a contact form where women could enquire about abortions. BPAS thought that messages were merely passing through the site; no one within the organization had any clue that a copy of each contact form submission was stored on the database. Somewhat inevitably, the site was easily hacked by an anti-abortion activist who downloaded the database. He found himself in possession over 5,000 contact form submissions going back over five years containing womenâs names, email addresses, phone numbers, and the fact that they were enquiring about abortions. He then announced his intention to publish the womensâ data on an anti-abortion forum.â
The hacker was caught and arrested before he had the opportunity to publish the list. He received 32 months of jail time and BPAS was fined ÂŁ200k for the data protection breaches.
Auditing contact forms is just one piece of the puzzle for those working towards GDPR compliance. Burns recommends that site administrators conduct a privacy impact assessment of personal and sensitive data that is submitted through forms. Privacy notices should also be clear about how this data is handled and how long it is retained before it is deleted.
The GDPR was written to be extraterritorial and states that the regulations apply to any site or service that has European users. These sites are expected to protect EU usersâ data according to European regulations. Many American company owners are not yet convinced that this is enforceable outside of EU borders and have not invested in getting their online entities to be compliant.
âGDPR provides a very useful framework for user protection, which is now more important than ever,â Burns said. âIâm encouraging Americans to work to GDPR because itâs a constructive accountable framework thatâs a hell of a lot better than nothing.â
Wider Gravity Forms Stop Entries is currently the only plugin in the official WordPress directory that addresses GDPR concerns for a specific contact form plugin. Others may become available as the May 2018 deadline approaches. Jonny Allbut warns users in the FAQ to test the plugin with third-party GF extensions before adding it to a live site, as some extensions may rely on referencing data entries stored in form submissions.
I asked Carl Hancock if Gravity Forms might make storing form entries in the database an optional feature and he confirmed they are considering it.
âYes, this is certainly possible,â Hancock said. âWe try to avoid conflicts with available 3rd party add-ons for Gravity Forms to encourage their development,â Hancock said. âBut unfortunately it is not always avoidable. It is a feature that has been requested numerous times in the past and I suspect with the GDPR it will be a feature that will be requested even more going forward.â