How to secure your WordPress Site from Hackers
sujoydhar.in – WordPress is one of the most used website platform available for any website. WordPress has endless possibilities as CMS ( Content Management System), and can be used as either a CMS for the website,…
Source: WP Newspaper
While there haven’t been any major events or big new developments in the WordPress world this past month, a lot of work has gone into developing a sustainable future for the project. Read on to find out more about this and other interesting news from around the WordPress world in August.
The Global WordPress Translation Day Returns
On September 30, the WordPress Polyglots team will be holding the third Global WordPress Translation Day. This is a 24-hour global event dedicated to the translation of the WordPress ecosystem (core, themes, plugins), and is a mix of physical, in-person translation work with online streaming of talks from WordPress translators all over the world.
Meetup groups will be holding events where community members will come together to translate WordPress. To get involved in this worldwide event, join your local meetup group or, if one is not already taking place in your area, organize one for your community.
WordPress Foundation to Run Open Source Training Worldwide
The WordPress Foundation is a non-profit organization that exists to provide educational events and resources for hackathons, support of the open web, and promotion of diversity in the global open source community.
In an effort to push these goals forward, the Foundation is going to be offering assistance to communities who would like to run local open source training workshops. A number of organizers have applied to be a part of this initiative, and the Foundation will be selecting two communities in the coming weeks.
Follow the WordPress Foundation blog for updates.
Next Steps in WordPress Core’s PHP Focus
After last month’s push to focus on WordPress core’s PHP development, a number of new initiatives have been proposed and implemented. The first of these initiatives is a page on WordPress.org that will educate users on the benefits of upgrading PHP. The page and its implementation are still in development, so you can follow and contribute on GitHub.
Along with this, plugin developers are now able to specify the minimum required PHP version for their plugins. This version will then be displayed on the Plugin Directory page, but it will not (yet) prevent users from installing it.
The next evolution of this is for the minimum PHP requirement to be enforced so that plugins will only work if that requirement is met. You can assist with this implementation by contributing your input or a patch on the open ticket.
As always, discussions around the implementation of PHP in WordPress core are done in the #core-php channel in the Making WordPress Slack group.
New Editor Development Continues
For a few months now, the core team has been steadily working on Gutenberg, the new editor for WordPress core. While Gutenberg is still in development and is some time away from being ready, a huge amount of progress has already been made. In fact, v1.0.0 of Gutenberg was released this week.
The new editor is available as a plugin for testing and the proposed roadmap is for it to be merged into core in early 2018. You can get involved in the development of Gutenberg by joining the #core-editor channel in the Making WordPress Slack group and following the WordPress Core development blog.
- On the topic of Gutenberg, Matt Mullenweg wrote a post to address some of the concerns that the community has expressed about the new editor.
- A new movement has started in the Indian WordPress community named JaiWP — the organizers are seeking to unite and motivate the country’s many local communities.
- Merlin WP is a new plugin offering theme developers an easy way to onboard their users.
- Ryan McCue posted an ambitious roadmap for the future of the WordPress REST API — many contributions from the community will be needed in order to reach these goals.
- Want to know what you can expect in the next major release of WordPress? Here’s a look at what the core team is planning for v4.9.
- To help combat the difficulties that Trac presents to WordPress Core contributors, Ryan McCue built an alternative platform dubbed Not Trac.
- v1.3.0 of WP-CLI was released earlier in the month, adding a whole lot of great new features to the useful tool.
If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.
The 4th edition of WordCamp Grand Rapids was held last weekend at Grand Valley State University’s downtown Pew Campus. After a brief hiatus following previous events in 2012, 2013, and 2014, the WordCamp is back in action with first-time lead organizer Cate DeRosia at the helm.
Tickets sold out shortly before the event and the vast majority of them were local to Michigan. DeRosia estimates that 40% came from Grand Rapids and 60% of attendees were within an hour radius. She published the camp’s details with a local events webpage and set up a Facebook page to increase local awareness. Organizers also received contacts from the WordPress dashboard events widget and the local MeetUp announcement.
Despite being a relatively small WordCamp with 144 attendees, organizers had enough speaker submissions to fill three tracks with topics ranging from development and design to freelance best practices and scaling a business. Attendees characterized the organizers as “connectors” who have a natural gift for helping people and businesses get to know each other. DeRosia said one of the unique things about the lower Michigan WordPress community is its dedication to helping each other succeed with WordPress.
“The core group in Grand Rapids, and really across the lower half of Michigan, is highly experienced and sincerely dedicated to helping people,” DeRosia said. “No one is fighting to be top dog on the pile. No one’s gloating. Meetups and WordCamps are ways to give back, to encourage and grow others in the community. The focus is on the opportunities that WordPress can provide anyone and a willingness to share their years of hard earned experience to help others succeed.”
DeRosia said the organizing team’s goal was to provide a little something for everyone and “an opportunity to learn what can be done and take that home to foster and grow at each individual’s own pace.” The event was marked by the friendliness and enthusiasm of the volunteers and provided several breaks and social times for attendees to exchange ideas and build relationships with others in the industry.
— Kyle Maurer (@MrKyleMaurer) August 27, 2017
WordCamp Grand Rapids had 13 volunteers who gave up their Saturday, including all of the organizers, and all of them were hands on the day of event. DeRosia’s teenage daughter Sophia, who has been volunteering at camps for years, also joined by contributing the event’s wapuu design and helping with operations. In the short interview below she describes how she came up with the idea for the wapuu and why she enjoys getting involved in WordPress events.
DeRosia had just four months to get the event organized and said she relied heavily on information and resources from other WordCamp organizers in Michigan. She stayed with the same venue from previous camps, which she said met her criteria for making things convenient for attendees: lunch was easily available, parking was easy to find (and free), and it was within a reasonable walking distance of hotels and the after party. The camp had no issues getting local sponsorships.
“Our sponsors were amazing,” DeRosia said. “We came in late to the schedule and still had the sponsorship we needed with out any problems. It helps that as an organizing group we’ve created friendships in the community, but most of our sponsorship was local or regional which really helped cement the idea that another WordCamp in the area has value.”
DeRosia said with the number of people who left talking about the next event, she anticipates there will be another WordCamp Grand Rapids in 2018 and she hopes to help again as lead organizer.
“I knew tackling the ‘unknowns’ of this first one (and doing it in a short time frame) was going to be emotionally difficult for me personally, but I also realized that most of what I was planning for this year would simply be able to move over into next year,” DeRosia said. “In a sense, I was planning much of the next camp while planning the first.”
As a first-time organizer, DeRosia said she was impressed by the volunteers, speakers, and attendees’ positive attitudes and their willingness to help given the short time frame.
“Aside from being terrified of what I didn’t know, it was actually a very positive experience,” DeRosia said. “I had tons of encouragement from our organizing team and the community at large. I was really able to build on the success of the first three Grand Rapids WordCamps, WordCamp Ann Arbor, and the newest area WordCamp in Jackson (MI). I had serious doubts that the community would even care about having another WordCamp (Was I just wasting my time?), but they proved that it’s a wanted commodity.”
Gutenberg 1.0.0 was released this week as another iteration in the beta period that will continue on with 1.1 next week. Design lead Tammie Lister said the team decided “not let numbers set expectations” and will carry on at the same pace with weekly releases.
One of the most visible UI updates in version 1.0 is the new ability to add image blocks by dragging and dropping them into the editor. They can be placed directly within the content (between blocks) and also onto the image block placeholder. Gutenberg includes a blue line indicator for dropzones where users can place an image.
After testing I found this feature works smoothly but is a little slow. The slight delay of uploading the image after placing it may leave the user confused about what is happening. However, feedback on this particular pull request indicates that the team is working on displaying an immediate reaction to the image having been dropped, instead of waiting for the upload to finish.
This release also merges the paragraph and cover text blocks. Contributors agreed that the two blocks could be easily combined and the colors and font size options from the previous cover block have now been added to the block settings sidebar.
A few other improvements in this release include the following:
- Reworked color palette picker with a “clear” and a “custom color” option
- Further improvements to inline pasting and fixing errant empty blocks
- Added thumbnail size selector to image blocks
- Added support for url input and align and edit buttons to audio block
- Restored keyboard navigation with more robust implementation, addressing previous browser issues
- Added align and edit buttons to video block
- Show “add new term” in hierarchical taxonomies (including categories)
Overall, the experience of writing within Gutenberg is improving, and the 1.0 release announcement includes an animated gif to demonstrate a user typing in the paragraph block:
The editor is getting better at staying out of the way when a user is writing, but the slightest mouse move within the paragraph block will slide all of the block’s surrounding controls into view. This experience can be a bit jarring, but it may be inevitable unless more of the UI can be buried under the inspector. The paragraph blocks currently display the most commonly used controls for writing text content, but I could see plugins hooking into this to create different types of writing experiences that either add more controls or pare it back to something more minimalist.
Although WordPress core currently maintains backwards compatibility with PHP 5.2.4+, plugin and theme authors are not required to do so. When developers include features that require more recent versions of PHP, it can break sites or cause otherwise unexpected behavior. As part of a larger effort to encourage users to upgrade their PHP versions, WordPress.org now allows plugin authors to specify a minimum PHP version requirement in the
readme.txt file with a new Requires PHP header. It is displayed to users in the sidebar of the plugin’s description:
This addition to the readme.txt file has been well-received by developers who are already updating their plugins in the directory with minimum PHP version requirements. It also complements WordPress’ Core PHP team’s recent efforts to educate users about the benefits of upgrading PHP, as the minimum supported version was released 10 years ago and hasn’t received security patches for nearly seven years.
“As a plugin developer (who maintains my plugins in my spare time), it is becoming increasingly difficult to build new functionality that works in older versions of PHP,” Paul Gilzow commented on the announcement. “There are some things that simply cannot be done in the older versions, and in those cases, I have to build out functionality to check PHP versions and disable those features. That takes time and energy away from building out other new features.”
WordPress Core Committer Sergey Biryukov said the next step is exploring the possibility of displaying a notice to users when they cannot install a theme or plugin due to their installations not meeting the required criteria. Ideally, these notices would include host-specific instructions to assist users in getting their sites upgraded to a newer PHP version. This particular move could make a significant impact on the wider WordPress community, if popular plugins start triggering notices requiring newer versions of PHP.
Akismet is used on millions of WordPress sites, but it isn’t only used with WordPress. In fact, Akismet can be integrated with any CMS, and more than 30 Akismet libraries and plugins are available for non-WordPress systems.
The Drupal CMS has had an unofficial Akismet integration available via the AntiSpam module since 2009, but it hadn’t been updated since 2012, and thousands of sites were still using it despite some significant bugs. In the interest of providing the best experience possible for Akismet customers, we’ve contributed some time and code, and we’re happy to announce that a new stable version of AntiSpam for Drupal is available.
Version 7.x-1.6 can be downloaded from the AntiSpam project page on Drupal.org. Please let us know about any issues you may encounter by leaving a comment below or by opening a ticket at the issue tracker for the AntiSpam module.