+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: Gutenberg to Offer New Approach to TinyMCE in WordPress 5.0, a Plugin to Bring Back Old Interface Will be Available

WPTavern: Gutenberg to Offer New Approach to TinyMCE in WordPress 5.0, a Plugin to Bring Back Old Interface Will be Available
photo credit: Sergey Zolkin

The WordPress community is currently knee-deep in Gutenberg takes, as the new editor is poised to impact nearly every corner of the ecosystem when it ships in WordPress 5.0. With billions of dollars flowing through the WordPress economy, tensions are high, as many people support themselves and their families with the revenue earned from products and services that have been built on the existing editor.

First impressions range from outright rejection of the new editor to those who embrace it and are hopeful for what it will bring to WordPress. For the past several years, most major new features added to WordPress have come through the feature plugin/feature project process where release leads and other contributors decide whether a proposed feature is ready for merge. The Gutenberg project is taking a somewhat different path to core in that Matt Mullenweg has already confirmed that Gutenberg will ship with WordPress 5.0, but the release will come out when Gutenberg is ready. This approach is part of Mullenweg’s new strategy for core development that makes releases more project-based instead of time-based.

One of the most common concerns that developers and agency owners have about the plan to include Gutenberg in 5.0 is that they may need to hold back some of their sites from updating. The most vocal opponents have called for a way to “opt out” of Gutenberg so that it isn’t forced on their users.

In a post titled “WordPress is about to have its New Coke moment,” Nate Hoffelder shared his first impressions of the new edidtor after taking it for a test run. He said he appreciates the changes it promises but was unable to figure out how to create the blocks in the demo and worries about the “average non-techie” trying to use the interface.

Hoffelder referenced Coca-Cola’s attempt to introduce New Coke in April 1985, which quickly ended in consumers calling for a return of the original flavor.

“My gut feeling is that if users share my frustrations with Gutenberg, they will demand the return of the old interface,” Hoffelder said. “But the official release is months and months away, so it is entirely possible that a UX (user experience) expert will force the Gutenberg developers to make Gutenberg easier to use before it is inflicted upon an unsuspecting public.”

WordPress Users Will be Able to Restore the Old Editor with a Plugin after Gutenberg Lands in Core

WordPress will move forward with the Gutenberg editor as the default experience in the 5.0 release, but Matt Mullenweg confirmed in a comment on his blog that a plugin will be available for users who want to restore the old editor.

“Gutenberg uses TinyMCE, so a better way to think of it is that Gutenberg is a new version of our approach to TinyMCE,” Mullenweg said. “It will be the default experience of WP, for people that want to use something more like what’s currently there we’ll have a plugin they can use.”

This should bring some relief to developers who will not yet have updated their extensions to work with Gutenberg, as well as agency owners who are not ready to give their clients access to the new editor.

In his post, titled We Called it Gutenberg for a Reason, Mullenweg shared his vision for how the new editor will will re-imagine TinyMCE and the advantages it will bring for plugin editors:

Plugin developers will be able to completely integrate into every part of WordPress, including posts, pages, custom post types, and sidebars without having to hack TinyMCE or squeeze their entire feature behind a toolbar button. Today, every plugin that extends WordPress does it in a different way; Gutenberg’s blocks provide a single, easy-to-learn entry point for an incredible variety of extensions. Some folks have already begun to port their plugins over, and are finding that they’re easier to build and have a much improved UI.

For developers who are worried about the compatibility of their metaboxes, Mullenweg said a plugin will be available for providing the legacy edit page for metaboxes. One commenter, whose sites are heavily dependent on Advanced Custom Fields (ACF), asked if there is going to be a version of WordPress that will get long-term support for sites that can’t be upgraded to 5.0 without breaking.

“There won’t be a version of WP like that, but there will definitely be a plugin that gives you the legacy / old edit page. Make sure to let ACF know that Gutenberg compatibility is a top priority,” Mullenweg said.

Scott Kingsley Clark, lead developer of the Pods plugin, said this support for legacy PHP meta boxes is welcome news for the project but that Pods is also looking to get on board with Gutenberg once the project’s engineers have a solution for metaboxes.

“I’m very excited to start using the new meta boxes from Gutenberg once the API supports it and gives us more to utilize,” Clark said. “As soon as that’s available, count us in for immediate adoption.”

Despite assurances that a plugin will be available to restore the old interface, some are still concerned about how Gutenberg will impact the WordPress ecosystem. The average WordPress user has never heard of Gutenberg and its inclusion in 5.0 will be a major change.

In a recent article on WPShout Fred Meyer contends that Gutenberg doesn’t go nearly far enough towards giving users what they really want, which he identifies as front-end editing and the ability to create layouts within post content.

“Gutenberg doesn’t go nearly far enough,” Meyer said. “It won’t make WordPress’ core content editor competitive with hosted builder solutions, or even with WordPress’ own themes and plugins (including badly built, bad-for-the-community solutions like Visual Composer.)”

Meyer believes Gutenberg has the opportunity to defragment WordPress’ ecosystem of page building tools, but only if it moves towards providing “a feature-rich, developer-friendly, front-end page builder and content editor.”

In responding to feedback from the community, Gutenberg design lead Tammie Lister has said that the project is currently focusing on editing before tackling the page building experience. The team has also been working with the authors of page builder plugins ahead of the next focus on customization.

“It is still a little early to say what will happen to plugins and builders,” Lister said. “Initially, Gutenberg is focusing on the editor. The next stage is for the Customization focus (the building of pages). One thing that will need to happen is a lot of testing of existing plugins with Gutenberg. That’s how we can ensure things do work and limit issues. Ultimately, more and more plugins won’t be needed – or at least not so many together to achieve simple things. This benefits users and creates a better, more unified experience for all.”

If users’ first impression of Gutenberg is that it is unable to deliver on all of the lofty promises of the project, they may return to the old interface en masse. WordPress will then have a battle to convince users to give it a another chance as the experience improves to include customization.

Multi-column layouts, which are the gateway to page building, are not currently within the scope of the first official version coming to core. Gutenberg’s one-dimensional, vertically stacking approach to designing pages isn’t very inspiring. This may frustrate average users whose expectations have not been tempered with the understanding that a future version will include an expanded page building experience. A plugin that allows users to opt out until it is an improvement over their current tools is going to be crucial for keeping the community happy.

Source: WordPress


WPTavern: “The Final Word” Plugin Extends O2 to Pin a Highlighted Comment to the Top of a Thread

WPTavern: “The Final Word” Plugin Extends O2 to Pin a Highlighted Comment to the Top of a Thread

The Final Word” is a new plugin that extends O2 to highlight a comment at the top of a thread. O2 is the plugin successor to P2, Automattic’s group blogging theme that introduced quick posting from the front page with real-time comment updates. The code was released on GitHub in 2015 and it powers the make.wordpress.org blogs.

If you use O2 as a WordPress contributor or within another organization, then you have likely been a part of lengthy conversations that require a decent chunk of time to read and comprehend. Hugh Lashbrooke created The Final Word for use on the WordPress Community Team blog so that long discussion threads could be summed up in a single comment. He likened the new feature as something similar to the “accepted answer” function on Stack Exchange or other support forums where the best answer floats to the top. Discussions in the Community P2 often involve decision making, and the plugin is useful for highlighting the team’s conclusion on a matter.

The Final Word gives users who are able to edit the post the ability to mark a specific comment as the “top comment.” Other features include the following:

  • The top comment is displayed at the top of the comment list with a ‘view in context’ anchor link
  • The top comment is also highlighted in context in the thread
  • Only one comment can be selected as the top comment
  • The top comment flag can be removed
  • Includes basic styling for top comments
  • ‘Top comment’ label can be translated and/or filtered

The plugin currently will not work without 02 enabled because of its specific way of handling comments, but Lashbrooke said it may be updated in the future to work without O2. (While O2 is not theme-dependent, the plugin is also not guaranteed to work with every theme and is recommended to be used in combination with the p2-breathe theme.)

The Final Word is now active on the WordPress Community team’s blog and is available for other teams to activate as well. With the number of O2 blogs that many contributors are subscribed to, there is a massive amount of information and discussion to keep up with. This plugin gives thread authors and team leaders the ability to summarize conversations and keep them more manageable for readers and participants. The Final Word is available on both WordPress.org and GitHub.

Source: WordPress


WPTavern: Equifax Launches WordPress-Powered Site for Consumers Affected by Security Breach

WPTavern: Equifax Launches WordPress-Powered Site for Consumers Affected by Security Breach
photo credit: Lock(license)

Equifax has launched a WordPress-powered website to connect with consumers affected by its recent security breach, which compromised 143 million customers’ personal data. The exposed data includes names, birth dates, social security numbers, addresses, credit card numbers, driver’s license numbers, and other sensitive financial information.

The equifaxsecurity2017.com site was launched shortly after disclosure to give consumers information about the security incident. Equifax reports that the company has found no evidence of unauthorized activity on its core consumer or commercial credit reporting databases but is offering free identity theft protection and credit file monitoring services to U.S. consumers who enter their last names and last six digits of their social security number into its form.

Consumers are rightfully wary of the website, as the company is asking for more personal information in order to sign people up for another one of its products. Various news outlets are decrying the fact that the site is built on WordPress.

“What’s more, the website which Equifax created to notify people of the breach, is highly problematic for a variety of reasons,” Ars Technica Security Editor Dan Goodin said. “It runs on a stock installation WordPress, a content management system that doesn’t provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number.”

Goodin also referenced the output of https://www.equifaxsecurity2017.com/wp-json/wp/v2/users/ which earlier in the day exposed the username for the site’s administrator before the page was protected.

WordPress’ handbook has a section on reporting security vulnerabilities that explains why disclosures of usernames or user IDs is not a security issue:

The WordPress project doesn’t consider usernames or user ids to be private or secure information. A username is part of your online identity. It is meant to identify, not verify, who you are saying you are. Verification is the job of the password.

Generally speaking, people do not consider usernames to be secret, often sharing them openly. Additionally, many major online establishments — such as Google and Facebook — have done away with usernames in favor of email addresses, which are shared around constantly and freely. WordPress has also moved this way, allowing users to log in with an email address or username since version 4.5.

WordPress Core Security Team Lead Aaron Campbell clarified this section of the handbook to confirm that the users endpoint is intended to be an open API endpoint that serves public data.

“It does in fact include usernames and user IDs (among other things) for users that have published posts in a post type that is set up to use the API, but all the data is considered public,” Campbell said.

Campbell also said he is wary of entering personal data into the equifaxsecurity2017.com website, but not because it is using WordPress.

“I don’t think the fact that it runs on WordPress is a concern from a security standpoint, with the caveat that I don’t know what ELSE it’s using,” Campbell said. “‘Equifax’ is a trusted brand, but it’s not the official Equifax domain and the SSL certificate doesn’t verify ownership. So you know your data is encrypted, but not necessarily who it’s being sent to since you don’t know who owns the site.”

It’s not clear why Equifax simply didn’t build out the information site on its own domain. According to security investigator Brian Krebs, the company appears to have hired Edelman PR, a global PR firm, to handle its public response to the data breach, citing the username publicly displayed by WordPress’ API. Edelman PR opted to use a free Cloudflare certificate to secure the site.

Consumers were also off put by the verbiage of the arbitration clause included in the terms and services of the free credit monitoring, which appears to force those who sign up to waive their rights to participate in class action lawsuits against the company.

“I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived,” Krebs said.

Kenneth White, a security researcher and director of the Open Crypto Audit Project, said on Twitter that he was amazed the site was running stock WordPress but that his comments specifically referenced the sloppy implementation of the site.

Due to how the site was set up, it appeared to many consumers and researchers as Equifax’s way of stalling or perhaps even scamming those who may have been affected by the breach. Various browsers flagged it as a phishing threat, and some consumers found they were given different answers from the form based on whether they checked with desktop or mobile devices. In responding to the incident with a website that appears to have been hastily implemented for its own convenience and corporate interests, Equifax has missed an opportunity to reclaim any remaining consumer confidence from the public.

Source: WordPress


WPTavern: SWFUpload Will Officially Be Removed From WordPress

WPTavern: SWFUpload Will Officially Be Removed From WordPress

SWFUpload is an open-source library that was used by WordPress in 2011 and earlier that allowed users to upload files. The library was abandoned and replaced with Plupload in WordPress 3.3, released in 2011. Despite being replaced, WordPress continued to bundle the library for plugins that didn’t migrate to Plupload. In 2013, the core team forked SWFUpload and maintained the project, applying security fixes submitted by contributors.

After six years of deprecation, the core team has announced that SWFUpload will officially be removed from WordPress core. The team searched the WordPress plugin directory and compiled a list of plugins that contain references to swfupload in their code. According to Weston Ruter, the list includes 128 themes and plugins.

Some of the most popular plugins include:

The team is working on a way to provide enough backwards compatibility to ensure there are no JavaScript errors and an upload form is displayed instead of embedded Flash. Andrew Ozz also apologized to plugin authors noting that the list likely contains some false positives. If you use one or more of the plugins mentioned above, please get in touch with the author and ask if it will function without SWFUpload in core.

Source: WordPress


WPTavern: WordCamp Ann Arbor to Host Second WordCamp WarmUp

WPTavern: WordCamp Ann Arbor to Host Second WordCamp WarmUp

WordCamp Ann Arbor, MI, is set to take place October 13-14 and for the second year in a row, organizers will host a secondary event called WordCamp WarmUp. WordCamp WarmUp provides an environment for attendees to break the ice and meet new people before the main event.

Janelle Reichman is co-organizing WordCamp WarmUp. “I’ve been running my own WordPress business for about eight years,” Reichman said. “However, I attended my first WordCamp just last fall. I’ll never forget it – I was pretty much terrified.

“But then, I got an invitation to a WordCamp WarmUp. I couldn’t believe my luck. I couldn’t believe there was an event made exactly for people like me, who were shaking in their boots at the prospect of showing up at a conference and not knowing anybody.

“I attended the WarmUp, made friends, saw them all the next day at WordCamp, and ended up having an amazing and unforgettable time”

Unlike last year’s WarmUp, details for this years event will only be announced to WordCamp Ann Arbor ticket holders. The event is maxed out to fifty people and is available on a first come, first serve basis. Appetizers and beverages will be provided.

Rebecca Gill, founder of Web-Savvy-Marketing, organized the event last year and considered it a success. “Not only did most WarmUp guests arrive right on time, we had a full room of WarmUp attendees and even had a few unexpected friends show up,” Gill said.

Ticket holders can expect to see an email with event details within the next few weeks.

Source: WordPress