photo credit: Night Moves – (license)

There’s a lot of great WordPress content published in the community but not all of it is featured on the Tavern. This post is an assortment of items related to WordPress that caught my eye but didn’t make it into a full post.

Revolution Slider Possible Cause of Data Breach

Wordfence analyzed the Mossack Fonseca website and discovered that it was running a vulnerable version of Revolution Slider, a popular image slider plugin for WordPress. The vulnerability allows a remote attacker to place a shell on the web server. Whether this is the point of entry for the data leak remains to be seen. While I enjoyed the article, some people on Hacker News ripped it apart.

State of the Woo

The second annual WooConf took place this week where Matt Mullenweg gave the State of The Woo address. Marie Dodson of Torque has a great post with highlights from his session. The biggest take away is that Automattic plans on releasing a Jetpack like plugin for WooCommerce to handle complicated tasks like payments, shipments, taxes, and more.

It’s incredible how many WooCommerce plugins are submitted to us for review. It seems like there’s a plugin that handles any nuance of WooCommerce you can think of. It’s turned into quite a cottage industry and one every product developer should consider getting into.

WordPress Importer Progress Bars

In addition to his work on the WordPress REST API, Ryan McCue is also leading the efforts to improve the WordPress Importer. A few days ago, he published an image on Twitter showing off status indicators. Click the play button to see the progress bars in action.

This is a huge improvement considering it’s currently impossible to know the status of an import. What’s nice about this is that each item in the import file has its own progress bar. Also read the discussion on Twitter as the possibility of using this UI for other plugins like BuddyPress comes up.

New WordPress Importer UI, coming soon. pic.twitter.com/wM6cZY6BSk

— Ryan McCue ⍨ (@rmccue) April 6, 2016

WordPress 4.5 OMG WTF BBQ Post

Before every major WordPress release, the support team publishes a post on the support forums that contains important information users and developers need to be aware of. The WordPress 4.5 edition is available and is considered a work in progress. Once 4.5 is released, common issues reported by users are added to the thread like plugin and theme incompatibilities.

WP Lift is For Sale

WPLift, a site dedicated to WordPress created by Oli Dale is up for sale. According to the listing on Flippa, the bidding price has reached $55K. The auction has 13 bids with 19 days left. Dale explains why he’s selling the site:

Quite simply, I have been writing about WordPress now on WPLift since 2010 – I have posted just about every week day in that period and the site now contains over 990 posts, I have been finding it more of a struggle to keep up with running the site alongside ThemeFurnace and the addition of 2 children to my family! I would like someone fresh to takeover WPLift who can dedicate more time and fresh ideas to the site.

Over the years, I’ve linked to quite a few articles and discussions on the WPLift site. Whoever purchases the site, I hope they continue the great reputation that WPLift has established.

What Do Video Games and WordPress Development Have in Common?

John James Jacoby published a great series of Tweets using video game images to relate to software development. Here are a few of my favorites.

When a great WordPress plugin doesn't have very many downloads or active installs: pic.twitter.com/S0GF0p71Bg

— John James Jacoby (@JJJ) April 4, 2016

Open-sourcing WordPress plugins, and receiving and reading negative feedback: pic.twitter.com/cakym9ATiB

— John James Jacoby (@JJJ) April 3, 2016

Oh no! My demo is showing. pic.twitter.com/WVbXJZ3ULK

— John James Jacoby (@JJJ) April 4, 2016

Admin Theme Review

Jose Castaneda who is a volunteer on the Theme Review Team published a YouTube video that highlights what he looks for when reviewing themes. The video should help developers consider things they may have missed before submitting it to the directory.

A Small Woorld

WooCommerce is a powerful force in the eCommerce industry and it’s reached a point where entire sites and magazines are devoted to the platform. One such digital magazine is A Small Woorld, a publication by the folks over at ProsPress. Small Woorld features in-depth interviews with entrepreneurs using WooCommerce.

A Small Woorld Front Page

One of my favorite interviews from their latest issue involves Honest Brew, a company that utilizes WooCommerce to deliver craft beer to people all over the world. I highly recommend subscribing to A Small Woorld if you want to know how every day people are using WooCommerce to run their businesses.

8-Bit Wapuu

In what is a traditional part of this series, I end each issue by featuring a Wapuu design. For those who don’t know, Wapuu is the unofficial mascot of the WordPress project. This week, it’s 8-bit Wapuu by Melissa Sartor representing WordCamp Sunshine Coast in Australia.

Eight Bit Wapuu

That’s it for issue seven. If you recently discovered a cool resource or post related to WordPress, please share it with us in the comments.

photo credit: Padlock – (license)

WordPress.com announced today that it has turned on encryption for custom domains. The network’s subdomains have been HTTPS-enabled since 2014 as part of the Reset the Net campaign against mass surveillance. Today Automattic expanded HTTPS coverage to more than one million custom domains hosted on the network.

Last April the company joined Mozilla, Cisco, EFF and several other organizations to sponsor Let’s Encrypt, a new free certificate authority for the public. The project gave WordPress.com an automated way to roll out an SSL certificate to each custom domain it hosts. Users do not need to adjust any setting – encryption has been turned on automatically, which is indicated by a green lock in the browser’s address bar.

According to the Electronic Frontier Foundation, encryption offered via the new initiative will help users defend against surveillance of their content and communications, cookie theft, account hijacking, cookie and ad injection, and other forms of internet censorship.

WordPress.com representatives said sites may see a performance boost and better Google rankings as a result of the switch to HTTPS. Two years ago Google announced it would begin using HTTPS as a lightweight ranking signal as an incentive for website owners to switch to HTTPS. With the help of the Let’s Encrypt initiative, many of the technical barriers to adding encryption have been removed. WordPress.com’s move to provide free HTTPS for all customers helps make the web more secure as the network powers a large chunk of the world’s websites.

After six months in the theme review queue, Silk Lite was approved for the WordPress.org directory and also passed the extra requirements to be counted among the accessibility-ready themes. This magazine theme was designed with fashion bloggers in mind and features a masonry style grid of posts on the homepage.

The basic color scheme for the design is black, peach and marsala (the Pantone color of the year in 2015). Marsala, according to Pantone’s color experts, “translates easily to fashion, beauty, industrial design, home furnishings and interiors.”

Silk’s typography selections combine Google Fonts “Playfair Display” for headings and Merriweather for paragraph to create elegant, readable posts. The theme also has built-in styles for intro text, highlighted text, drop caps, and a two-column text layout.

You will need to install Jetpack to take advantage of the theme’s custom logo feature, although this will need to be updated when site logos are introduced in WordPress 4.5. The theme also has support for Jetpack’s Infinite scroll module to load more posts on the homepage and archive pages via the “View More Articles” button. The unique sharing button design on single posts are powered by Jetpack’s sharing module.

Silk offers a menu location at the top of the header for adding links to your social network profiles. It also includes a custom sidebar widget for adding an “About Me” section with an image background. With Jetpack’s Subscription module active, the widget that allows visitors to subscribe to your newsletter will have a custom design to match the theme.

Silk includes support for four post formats: Standard, Quote, Image, Gallery, Image. It also supports Jetpack’s tiled and slideshow galleries.

The customizer offers a limited number of controls, with checkboxes to enable/disable the following:

• Display single column posts on front page and archives
• Display the featured image on single posts
• Hide search button in top header bar

The theme is translation-ready and is also compatible with WPML. Translations for the following languages are already available: German, Spanish, French, Portuguese, Norwegian, Turkish, Hebrew, Persian and Japanese.

Silk Lite was created by PixelGrade, a Romania-based theme shop. The team specializes in magazine themes – in fact, the PixelGrade product portfolio has more magazine themes than any other type. Full documentation for all the theme’s features is available on the PixelGrade website. You can download Silk Lite from WordPress.org or via your admin themes browser.

The New York Times food section has decided to “proclaim Houston one of the great eating capitals of America” and highlighted four great restaurants in town. Houston is really such a great city, it’s good to see it getting some love.

Back in March, I explained how to connect WordPress powers sites to Apple News. After three weeks of being in the system, here is what I experienced.

Stuck in Limbo

After configuring the plugin and successfully getting WP Tavern approved on Apple News, I thought that articles published on the site would automatically publish to Apple News. It didn’t work out that way, at least, not at first.

When checking the status of those articles in the WordPress backend, the Publish to Apple News plugin listed articles as Pending. Apple’s News publisher also didn’t show any drafts from WordPress or published articles.

Based on some Google searches, I created and published a new article within the Apple News Publisher app. Unfortunately, it didn’t show up as a published article and because it was the first one, it had to be approved by Apple News.

Apple News Publisher First Submission

The first article published in Apple News was on March 21st. Between March 21st and March 31st, I was stuck in limbo. I had no idea when the article would be approved or at what point in the process I was in.

With the lack of communication, I started troubleshooting the Publish to Apple News plugin thinking that something was wrong. In the plugin’s settings, there’s an option to turn debugging on which sends emails to a specified email address each time an article is published, updated, or deleted with a detailed API response.

Apple News Publisher Debug Options

I didn’t receive any emails when articles were published leading me to believe there was a potential communication issue between the Tavern and Apple News. A few days passed by when all of a sudden, I received two emails with debug information.

I checked the Tavern’s Apple News channel and discovered that the first article I published using Apple’s publishing tool was approved. Had I not checked the channel, I wouldn’t have known that it was approved. I disabled debug mode in the Publish to Apple News plugin and noticed articles published on the Tavern after the approval appeared as expected.

Published Articles In Apples News Publisher

Apple should send an email notification when the first article is approved along with details that future articles will be published automatically.

What Articles Look Like in the Apple News App

I kept the default style settings provided by the Publish to Apple News plugin. As you can see, the articles don’t look that bad with the exception of the WordCamp Central article. For some reason, the image splits up the first sentence of the post. I’m looking into why this happens but I’ve seen it on other posts as well.

One thing I don’t like is that if an image is used at the beginning of an article, the Apple News App displays the HTML code of the image on the article listing page instead of article text. It would be more beneficial to readers if the listing page displayed text from the article and not HTML related to images.

Apple News Publisher Analytics

According to the analytics dashboard in Apple News Publisher, some of you have subscribed to our channel. The dashboard includes stats like, unique viewers, total views, article shares, and more.

Apple News Analytics

You can even dive into analytics on a per post level to determine why some articles do better than others. To view stats in a different program or to back them up, Apple News publisher allows you to download up to 30 days worth of data at once in CSV format.

The Experiment Continues

There’s not enough data to determine if publishing articles to Apple News is worth the effort. Three months from now, I’ll look at the data and publish a follow-up post with our findings. It will also include reviews from readers who are subscribed to our channel to find out what they like and dislike about consuming WP Tavern’s content through Apple News.

Although the process could use some improvement, especially around communication, once the approval process is complete, the system runs automatically. Let us know in the comments what your experience has been like connecting your site to Apple News Publisher.

The team behind AffiliateWP is celebrating its second anniversary today. The plugin and its suite of add-ons has rapidly become one of the most successful products in the WordPress ecosystem under the leadership of Pippin Williamson and his team.

Williamson, who is known for his yearly transparency reports, shared that AffiliateWP was the fastest of his products to reach $100,000 in annual revenue. It took just nine months for the plugin to reach that goal and in 2015 it passed $30,000 in monthly revenue.

“Our first month to break $30,000 was April, 2015, when we brought in $32,904.90,” Williamson said. “Since then, we have had only 3 months that were below 30, and they were only just barely below the 30 mark.”

They say that necessity is the mother of invention, and this was certainly the case with the creation of AffiliateWP. Williamson said that his customers were always asking for recommendations on affiliate plugins but at the time his team could not confidently recommend any of the existing solutions. They found most to be “unreliable, unpleasant to use, and generally not a good fit.”

“After a particularly painful support ticket where it was discovered that one of our customers had paid (or not paid) thousands of dollars to the wrong people due to a bug in their affiliate tracking plugin, we decided to do something about it,” Williamson said.

He worked in his spare time and late at night to develop AffiliateWP while supporting EDD and Restrict Content Pro during business hours. The product’s revenue now supports a full-time team of six people.

“It humbles me to think that my little side project could go from an after-hours project to providing for the full time jobs of an entire team,” Williamson said.

AffiliateWP’s Business Model Helped it Grow Faster than EDD

Easy Digital Downloads, Williamson’s first venture, is touted as having pioneered one of the most wildly successful business models in the WordPress ecosystem, but AffiliateWP was not built on the same model. EDD offers a free base plugin with commercial add-ons available a la carte. AffiliateWP does not have an official free product and is not directly supported by commercial extensions.

Pricing for the product starts at $49 and ranges up to $449, with different packages that include varying levels of support and Professional add-ons.

“Utilizing this business model is without any doubt one of reasons AffiliateWP accelerated at the rate it did,” Williamson said. “This model has not only been lucrative for us, I personally think it’s superior in many ways to other models common throughout the WordPress ecosystem.

“I like it enough that we recently chose to migrate Restrict Content Pro to the same model,” he said. “If I had the opportunity to start over with Easy Digital Downloads, I would almost certainly opt to use the same model there as well instead of selling each add-on individually.”

AffiliateWP’s total revenue for 2015 was $379,078 and Williamson projects that figure to be in the neighborhood of $420,000-$450,000 for 2016.

The fact that AffiliateWP is also available for free on GitHub has not compromised the product’s success. In fact, Williamson believes it has only enhanced it. The open source plugin has received contributions from 49 different developers.

“This is a stat I’m particularly proud of considering AffiliateWP is a commercial product, a category of WordPress plugins that tends to get very little development from anyone outside of the core development team of the product,” Williamson said. “We chose to make AffiliateWP 100% open on GitHub with a public repository specifically to help facilitate contributions from other developers. I believe firmly that this was a good decision that has worked out quite well for us.”

Williamson’s transparency about his plugin revenue serves as an inspiration to other entrepreneurs in the commercial plugin space. AffiliateWP’s success is an example of what’s possible in the WordPress product space with hard work, high quality code, and the right team.

In this episode of WordPress Weekly, Marcus Couch and I discuss the news of the week, including a big move for VersionPress as it transitions into an open source project. We provide an update on the development status of bbPress and BuddyPress. We also share details of a critical security vulnerability that was patched in a popular user role management plugin. Last but not least is Marcus’ plugin picks of the week.

Stories Discussed:

VersionPress Transitions Into a Free Open Source Project
Outdated and Vulnerable WordPress and Drupal Versions May Have Contributed to the Panama Papers Breach
BuddyPress 2.6 Development Kicks Off, David Cavins to Lead Release
bbPress 2.6 Expected Later This Year, Two Major Features Pushed Back to 2.7
WP REST API Team Aims for WordPress 4.7 for Merge Proposal
User Role Editor 4.25 Patches Critical Security Vulnerability
Europe Tops WordCamp Growth in 2015 with 70% Increase in Events

Plugins Picked By Marcus:

Query All The Post Types provides a quick and easy way to view a list of all the post types registered in a WordPress installation.

GoWorks Styler adds new buttons to the WordPress visual editor, allowing you to enhance posts and pages with custom colors, opacity, borders, padding, and more.

Chronological Posts reverses the default post order throughout your site to be chronological instead of reverse-chronological.

WPWeekly Meta:

Next Episode: Wednesday, April 13th 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #229:

Last year WordCamp London introduced “Wapuunk,” its 1970’s punk style wapuu, to the world, igniting a new wapuu craze for WordCamps held in the Western hemisphere. The 2015 event had commemorative stickers printed along with a Wapuunk-embroidered scarf for attendees. Shortly thereafter, nearly every WordCamp organization team began designing their own custom wapuu mascots.

WordCamp London 2016 will take place this weekend at the London Metropolitan University. The event’s official wapuu will be printed on stickers and may be incorporated into other vintage London-inspired WordCamp swag.

Wapuu collectors in attendance this weekend will want to arrive at the event early, as a limited edition R2-Wapuu has also been designed in honor of the WordCamp. UK-based designers Gemma Garner and Scott Evans collaborated on the R2-D2-inspired wapuu and printed a small batch of 100 stickers. Approximately 600 people are expected to attend this year’s event, so only the lucky few who hunt down Garner or Evans will receive an R2-wapuu sticker. An .svg file of the design will be sent to the official wapuu archive on GitHub if you want to print your own.

WordCamp London 2016 will kick off in less than 48 hours. A film crew will be creating a documentary about this year’s event, bringing the camera behind the scenes to capture footage that doesn’t usually make it to WordPress.tv’s educational archive. The event is nearly sold out. Last minute WordCampers hoping to attend should purchase their tickets ASAP, because there are only 45 spots remaining.

photo credit: Lock – (license)

Authorities have not yet identified the hacker behind the Panama Papers breach, nor have they isolated the exact attack vector. It is clear that Mossack Fonseca, the Panamanian law firm that protected the assets of the rich and powerful by setting up shell companies, had employed a dangerously loose policy towards web security and communications.

The firm ran its unencrypted emails through an outdated (2009) version of Microsoft’s Outlook Web Access. Outdated open source software running the frontend of the firm’s websites is also now suspected to have provided a vector for the compromise.

In initial communications with German newspaper the Süddeutsche Zeitung (SZ), an anonymous source offered the data with a few conditions, saying that his/her life was in danger.

“How much data are we talking about?” the SZ asked.

“More than anything you have ever seen,” the source said.

The Panama Papers breach is the largest data leak in history by a wide margin, with 2.6 terabytes of data, 11.5 million documents, and more than 214,000 shell companies exposed.

Forbes has identified outdated WordPress and Drupal installations as security holes that may have led to the data leak.

Forbes discovered the firm ran a three-month-old version of WordPress for its main site, known to contain some vulnerabilities, but more worrisome was that, according to Internet records, its portal used by customers to access sensitive data was most likely run on a three-year-old version of Drupal, 7.23.

This information is partially inaccurate, however. While looking at the site today, I found that the firm’s WordPress-powered site is currently running on version 4.1 (released in December 2014), based on its version of autosave.js, which is identical to the autosave.js file shipped in 4.1. Since that time WordPress has had numerous critical security updates.

The main site is also loading a number of outdated scripts and plugins. Its active theme is a three-year-old version of Twenty Eleven (1.5), which oddly resides in a directory labeled for /twentyten/.

The Mossack Fonseca client portal changelog.txt file is public, showing that its Drupal installation hasn’t been updated for three years. Since the release of version 7.23, the software has received 25 security updates, which means that the version it is running includes highly critical known vulnerabilities that could have given the hacker access to the server. This includes a 2014 SQL injection vulnerability known in the Drupal community as “Drupalgeddon,” which affected every site running Drupal 7.31 or below.

Investigators have not confirmed if the open source software vulnerabilities were used to access the data, but it is certainly plausible given the severity of the vulnerabilities in both older versions of WordPress and Drupal.

“They seem to have been caught in a time warp,” Professor Alan Woodward, a computer security expert from Surrey University, told WIRED UK. “If I were a client of theirs I’d be very concerned that they were communicating using such outdated technology.”

If these open source software vulnerabilities provided the access point for this massive leak, then this company’s global fiasco was entirely preventable. Although many people welcome the uncovering of corruption and dirty money transactions of famous people and world leaders, the reality is that these kinds of exploits can also be carried out on well-meaning organizations that exist to protect people’s health records, financial data, and other sensitive information.

This leak is not a measure of open source software’s reliability but rather underscores how low a priority some companies place on their tech departments and web security. With the rampant software vulnerabilities in this age, not updating software for years constitutes abject neglect of customers.

The bottom line is that software needs to be updated. This kind of routine maintenance is as foundational to a company’s business as brushing teeth or showering is for one’s health. Law firms and companies with such a lax approach to security are either ignorant or unwilling to spend the money to maintain technology that they don’t fully understand. The Panama Papers serve as a reminder that having a competent, skilled tech department is critical for any company that deals in sensitive information.

Version Control Featured Image

Borek Bernard and Jan Voráček, creators of VersionPress, announced that they’re transitioning the plugin into a free, open source project hosted on GitHub. In addition, they are releasing VersionPress 3.0 Beta, the first version released under the new model.

Open Source Is the Way Forward

In a post on the product’s site, Bernard explains that the only way for the project to be successful is to open up development to the public.

“Towards the end of 2015, we started feeling it was the right time to convert the project to a fully open-sourced one,” he said.

“The project started to be in good shape – had a clear direction set, most of the technical groundwork was laid, and we moved to GitHub. While we had most of WordPress core covered pretty well, there was still this huge ecosystem of WordPress plugins and themes that could cause trouble to VersionPress in millions of different ways.

“In the long run, the project had to turn into OSS should it be successful, and fortunately, in 2015, we met investors who understood this and supported our vision,” Bernard said.

The transition involved quite a bit of work migrating from Bitbucket and JIRA to GitHub. Old Wiki documents and other assets were migrated as well. In addition to the migration, old issues were translated to English and Daniel Bachhuber, who maintains the WP-CLI project audited the code. The project’s website also received a facelift.

By transitioning to a public development model, Bernard hopes to tap into new resources to solve challenging problems.

“We’ll need your bright minds to solve some of the more difficult issues later this year, like how to integrate with complex plugins with custom DB structures,” he said.

Despite being GPL licensed, free, and open source, the plugin will not be hosted in the WordPress plugin directory anytime soon.

“It stays in the ‘Early Access’ phase where it works well in certain scenarios but there are still many incompatible plugins, themes and hosts,” Bernard said. “There’s no magic solution to this, unfortunately, and more and more plugins and scenarios will be supported over time.”

Early Access Program Discontinued

The Early Access Program, which provided initial funding to develop VersionPress beyond its crowdfunding campaign, is being discontinued.

“EAP was of great help but couldn’t really fund the project, by far,” Bernard told the Tavern. While the team doesn’t have a replacement for the revenue provided by EAP, Bernard plans to build exceptional value around the core of VersionPress which he says will remain free forever.

How to Follow the Project

VersionPress 3.0 beta marks the first major release in more than five months. It includes bug fixes and a number of enhancements. You can follow the project’s progress on GitHub where you can also receive support, browse documentation, and find access to their Gitter room for real-time communication. Pull requests from the community are welcomed.

Keeping up and monitoring the progress of WordCamps in and around your area is now a lot easier thanks to a new WordCamp Application status page. The page indicates a WordCamp’s city, applicant’s name, recent milestone, status, and the last time it was updated.

WordCamp Central Application Status Tracking

The application status page is the result of efforts by Ian Dunn and Konstantin Kovshenin who are improving the sites and tools organizers use to coordinate events. On the Make WordPress Community blog, Andrea Middleton explains the changes and what deputies can expect.

Deputies are WordCamp Central volunteers who respond to WordCamp/meetup applications, conduct organizer orientations, and mentor organizers. They work behind the scenes to ensure events are run smoothly and adhere to the WordPress Foundation’s guidelines.

It’s interesting to see how WordPress is helping the team organize submissions and streamlining the process. According to Middleton, incoming applications automatically create draft listings on WordCamp Central and receive the status “Needs Vetting.”

WordCamp Central Application Processing

As the team moves through the process of vetting, orientation, tools, budget reviews, etc, deputies make notes in the post editor which are attached to the application. The site makes use of custom post statuses which are applied based on the application’s progress. It also adds accountability by saving a change log to each WordCamp listing that indicates when the status is changed and who changed it.

While this information is specific to those who work with WordCamp organizers, it provides a glimpse into the tools and processes volunteers use to coordinate events. It’s also a neat look into how handy custom post statuses are.

With all of the improvements to the backend, WordCamp and event organizers should experience fewer delays in response times. If you’re a deputy or frequent browser of WordCamp Central and have a suggestion or request to improve the site, you can share it by leaving a comment on the announcement post.

By the way, community deputies are an excellent way to contribute to the WordPress project without knowing how to code. To learn more about what deputies do and how you can join the program, read the community deputy handbook.

Burgers and fries have nearly killed our ancestral microbiome.

I’ve loved reading microbiome stuff lately, here’s a good one in Nautilus, How the Western Diet Has Derailed Our Evolution. For an older look from the New Yorker, check out this older one about the fascinating journey of helicobacter pylori.

Today GitHub announced a new feature that allows project owners to block abusive users from public repositories. Users who are blocked will no longer be able to open or comment on issues or pull requests, nor will they will not be able to add or edit any of the project’s wiki pages. Blocked users are also prevented from forking any of the organization’s repositories. Blocking goes beyond a simple warning and is a serious capability for project owners to use at their discretion.

Many WordPress plugin authors opt to host their work on GitHub because of the burden of support on WordPress.org. When entitled users have unreasonably high expectations of the free support forum, they sometimes resort to abuse to try to force developers to assist them. At the very least, many abuse the star rating system and use it to communicate disappointment.

While GitHub caters to a different type of user (usually developers), the site is not immune to abusive users. The new blocking capabilities were added to help project owners encourage positive contributions. One foul user who abuses contributors can poison the well and rob a team of its forward momentum.

Open source projects often bring together a surprisingly varied array of personalities with differing opinions that can result in heated debates. On occasion, these kinds of conversations can devolve into ad hominem attacks and other unsavory comments. The definition of abuse will vary from project to project, but a definition in the project’s contributing file may help for the sake of transparency when blocking users. A record of which users have been blocked is added to the organization’s audit log, so this information is open and available to project contributors.

photo credit: Huasonic – cc

During the 2015 State of the Word address, Matt Mullenweg shared a few stats that demonstrate the growth of the global WordPress community. A total of 89 WordCamps with 21,000 attendees were held across 34 countries in 2015.

This week WordPress community organizer Andrea Middleton published a more thorough breakdown of 2015 stats. She noted that while WordCamps have been steadily growing over the past five years, the increase is due to more numerous, smaller events. This kind of growth seems more in line with the intended purpose of WordCamps. Although a few camps stand out as large international events, most are meant to be low-key gatherings that bring together local communities.

“We saw a huge jump in WordCamps held in Europe this year — from 17 in 2014 to 29 in 2015,” Middleton said. “And a whopping 18 WordPress communities organized their very first WordCamp last year.”

In 9 months, the Italian #WordPress community grew from 0 to 10 meetups and a WordCamp. Standing ovations. #WCTRN pic.twitter.com/mgXpFV22GS

— Petya Raykovska (@petyeah) April 2, 2016

With a 70% increase in European WordCamp events, it no surprise that WordCamp Europe 2016 had to expand its attendee capacity to 2200. The event will be the largest WordCamp to date.

In 2015, many of the largest WordCamps were held in the US but Europe and Japan also have events ranking in the top five. The ten largest WordCamps (based on number of tickets sold) in 2015 were as follows:

• WordCamp US
• WordCamp Tokyo
• WordCamp Europe
• WordCamp Kansai
• WordCamp NYC
• WordCamp London
• WordCamp Miami
• WordCamp Atlanta
• WordCamp Orlando

The overall number of tickets sold for WordCamps worldwide is also steadily rising, from 13,000 in 2011 to 21,000 in 2015.

As the global WordPress community continues to expand, the burden on WordCamp Central grows. Overseeing WordCamps and meetups is a full time job. In 2014, the WordPress Community Team established a deputies program to share the load and expanded the number of volunteers to 30 during 2015.

In the first quarter report for 2016, Middleton reported that the community team helped facilitate nine WordCamps with a total of nearly 4,500 tickets sold. WordCamp Central also signed Pantheon and GoDaddy as global sponsors.

There are already 24 WordCamps on the calendar for the April-June period and 14 more scheduled for the remaining quarters. Middleton also reported that 31 additional WordCamps have been approved are now in the pipeline at the pre-planning stage.

“With WordCamp applications coming in at an average rate of 13 per month, it’s very likely that we’ll see more than 100 WordCamps in 2016,” she said.

Hello WordPress users! Version 5.2 of the WordPress for Android app is now available in the Google Play Store.

In version 5.2, you may notice a difference in font in the app: we replaced the Open Sans font in the UI with Roboto, the default Android font. For those with a sharp eye, you also might notice that we’re still using the Merriweather font for user-generated content, like reader comments and the content in your post editor. (For the typographically curious, take a look at the WordPress.com Design Handbook.)

Version 5.2 also comes with an updated Account Settings screen. You can change your email address, primary site, and web address in your app:

• Email address: This is your primary email address associated with your account, which is not publicly displayed. If you update your email address, you will receive an email to confirm it.
• Primary site: Your primary site is typically the one you most commonly use. You can update your primary site from a popover display with a list of all of your sites.
• Web address: This is the URL that is shown publicly when you comment on blogs.

We also dropped the “auto-share” and “post signature” settings from this screen.

We’re working hard on new features for the next versions, and you can track development progress for the next version by visiting our 5.3 milestone on GitHub.

Thank you

@aforcier, @daniloercoli, @hypest, @khaykov, @kwonye, @maxme, @mzorz, @nbradbury, @oguzkocer, @tetra2000 and @tonyr59h.

Vladimir Garagulya, developer of the User Role Editor has patched a critical security vulnerability. User Role Editor is used to edit, manage, and create user roles and capabilities and is active on more than 300K sites.

User Role Editor Interface

User Role Editor 4.24 and below allows any registered user to gain administrator access. Wordfence, a popular security plugin for WordPress has more details and explains why the plugin was vulnerable:

The author was checking if users have access to edit another user using the ‘current_user_can’ function and checking for the ‘edit_user’ (without an ‘s’ on the end) capability on a specific user ID. A user can edit themselves, and so sending data to the plugin that supplies the current user’s ID to this access check would bypass the check.

Users should immediately upgrade to 4.25 to protect sites from this vulnerability.

The WP REST API team released version 2.0 beta 13 of the feature plugin today. This release includes a couple of breaking changes, JavaScript client updates, and many other fixes and improvements.

Developers who use the plugin in their projects can expect it to follow a more stable release cycle in the future, as beta 13 marks the last of the breaking changes. According to project lead Ryan McCue, the team plans to add new features to minor releases in the 2.x series and bugfix releases in the 2.0.x series.

“Along these lines, we’re going to release a 2.0 final version in the coming months,” McCue said. “This will be a completely stable release with guaranteed backwards compatibility for the foreseeable future. This backwards compatibility ensures that your sites can remain up-to-date with minimal maintenance or issues with upgrading.”

The beta release post also included an updated roadmap for the project. The team is not planning to put forward part two of their merge proposal, which would add the core endpoints, for WordPress 4.6. They will be holding off until WordPress 4.7 in hopes of gaining more users with the stable 2.0 release.

We believe endpoints for the main WordPress objects (posts, users, comments, terms, and taxonomies) are not enough to garner the support needed for the proposal to be accepted. Our hope is that with a stable version 2.0 release, we will attract our community members that have been waiting for the endpoints to be available in core, and submit a merge proposal for the WordPress 4.7 release cycle.

Although the greater WordPress development community is excited about the potential of the REST API, the contributor base remains relatively small and spread thin for the task of keeping pace with core. McCue, speaking on behalf of the team, said they are looking to get more help from WordPress core component maintainers as well as outside developers.

“Moving forward, the API team sees our role as advisory over the API itself, with the API treated as an integral part of the component rather than maintained by a separate team,” McCue said. “We’re also going to continue to work on our feature plugins (metadata, site/multisite, menus/widgets, and authentication) in parallel, and are looking for help on these as well.”

With the plugin approaching its 2.0 final version on a more stable path, it is a good time for new developers to get involved. The WP REST API team plans to allocate more time for mentoring and helping developers use the API. If you want to get involved, jump in on the comments of the release post or join the team in the #core-restapi Slack channel.

Last month WordPress contributors approved accessibility coding standards for the core handbook. All new and updated code will need to conform with WCAG 2.0 level AA guidelines.

With WordPress core moving firmly in the direction of accessibility, its new guidelines set the bar for themes, plugins, and websites built on top of the platform. Text and background contrast, an important factor in readability, is one of the easiest places to get started. WCAG 2.0 color requirements recommend a contrast ratio of 4.5 for small text or 3 for large text, which is 24px or 18px bold.

Color Safe is a handy web app that helps designers select color combinations that will meet WCAG 2.0 guidelines for those with different visual capabilities. You enter the background color, font family, text size and weight, and the tool generates a palette of safe options for your text color.

The palette can be sorted by general color groups and selections can be previewed at the top of the screen. By default, the generator uses AA level guidelines. If you’re building for a company or government website that requires AAA specifications, you can select it from the dropdown and all colors generated in the palette will be in compliance.

Color Safe was built by Salesforce UX engineer Donielle Berg and product designer Adrian Rapp to help designers include accessibility as part of the design process. The tool takes the guesswork out of complying with WCAG guidelines and makes it easy to visually explore accessible color combinations.

photo credit: Night Moves – (license)

There’s a lot of great WordPress content published in the community but not all of it is featured on the Tavern. This post is an assortment of items related to WordPress that caught my eye but didn’t make it into a full post.

Jen Mylo Moves on From Automattic

Jen Mylo, formerly known as Jane Wells, announced she has left her position at Automattic after eight years to pursue other opportunities. Normally, people switching or leaving jobs isn’t news but Mylo is an exception to the rule because of the impact she’s had on the WordPress project and community over those eight years.

From leading the effort to redesign the WordPress 2.7 “Coltrane” backend which was code-named Crazyhorse, to helping WordCamp organizers behind the scenes, to the Kim Parsell travel scholarship. She also facilitated and helped many WordPress lead developers.

Thanks Jen for everything you’ve done and contributed to the WordPress project and its community. I wish and hope for the best for you in your future endeavors.

Generous in Spirit

Carrie Dils reminds us that the WordPress community is generous of spirit. If you haven’t experienced it yet, get in touch with her and she’ll introduce you.

The #WordPress community is so generous of spirit. If you feel disconnected from it and want to be a part, message me & I'll introduce you.

— carrie dils (@cdils) March 31, 2016

How to Protect a GPL Licensed Plugin from Being Copied

There’s a post on the Advanced WordPress Facebook group that asks, what are the best ways to protect a GPL licensed plugin from being copied? The thread has more than a dozen responses with many explaining that copying is at the core of the license. The simple answer is that you don’t.

Comparison: Working from Home vs In an Office

The Onion compares what it’s like to work from home as opposed to working in an office. I think the humorous comparisons ring true for many.

Working From Home Compared to Working In an Office

WordPress 4.5 Field Guide

Everything you need to know to prepare for WordPress 4.5 is in the field guide. Thanks to Aaron Jorbin for putting the guide together as it’s a great resource for those not able to keep up with development.

Jumboji

The only thing better than emoji in core is jumbo emoji. Thankfully, there’s a plugin available that turns emoji into almost larger than life emoji.

I am delighted to unveil Big Emoji Comments (Jumboji) for WordPress: https://t.co/AcEBzmvjCV pic.twitter.com/3g6Ii8AsUg

— george stephanis (@daljo628) March 24, 2016

Gianuu or Italian Wapuu!

In what is a traditional part of this series, I end each issue by featuring a Wapuu design. For those who don’t know, Wapuu is the unofficial mascot of the WordPress project. Gianduu is the official mascot of WordCamp Torino 2016. Gianduu is a mix between Gianuja, a famous carnival mask and Gianduiotto, a Turin confectionery tradition.

Gianduu

That’s it for issue six. If you recently discovered a cool resource or post related to WordPress, please share it with us in the comments.

photo credit: Office Pranks – (license)

Last year, I identified key factors that suggested the features-as-plugins first model was falling apart. A lack of communication, direction, buy-in from core developers, and synchronized development between plugins on Github and WordPress.org were some of the contributing factors highlighted.

Features-as-Projects

WordPress lead developer Helen Hou-Sandí has outlined a new strategy for the model transitioning from a features-as-plugins approach to features-as-projects.

“Thinking of features as plugins has strapped us in a number of ways, in large part because the ‘plugin’ part implies a functional project from the start,” Hou-Sandí said.

“From observation, experienced and newer contributors alike set their initial goal to be some sort of functional plugin. As a result, by the time something is being proposed in whatever forum, there’s been a fair amount of effort spent – and personal attachment developed – for something that might be headed in the wrong direction. Changing direction at that point is very demoralizing and has led to burn out and less participation.”

A New Page for Featured Projects

Feature projects are listed on a new page which includes a brief explanation of the problems being solved. Active projects include WordPress NUX which aims to remove barriers to entry and Font Natively which switches to system fonts to load faster and provide a more native experience.

Anyone can suggest a feature project but its mission statement must clearly address what problem it’s trying to solve, its goals, and how it fits into WordPress’ core philosophies and objective. The new page also serves as a roadmap for future feature projects.

By changing their approach, the core team hopes to achieve the following individual goals.

• To attract and retain a greater range of skill sets in contributors, for example through being able to more thoroughly engage designers in early stages.
• Implementing methods of collecting usage information and other data.
• Supporting feature projects with resources for user testing and more structured feedback.
• Advance both contributor and general community knowledge around product design and development.

Beginning Tuesday, April 5th, 2016 at 1PM Eastern Daylight Time, in the #core Slack channel, bi-weekly meetings will be held where people can propose and discuss feature projects. These meetings are also where project leaders can ask for help, provide status updates, and maintain direction.

Design and Discovery First

Perhaps one of the most important changes in the process is the focus on discovery and design first. Instead of testing features after they’re developed, this plan focuses on gathering testing and usage data from users before technical implementation occurs.

“Feature design and development should come from interviews with users, developed personas, surveys of those personas, documented flows, and other fairly standard methods,” Hou-Sandí said.

“Proper discovery will allow for testing long before functional development begins using low-fidelity storyboards and walking through potential concepts with users, both verbally and visually. Projects should check in at a meeting when discovery results are available and continue to check in through the design process.”

Even though the discovery and design phase may not lead to a full-fledged feature in core, the process should help discover pain points along the way which can translate into other improvements.

Iterating is Not Just For Software

The new model incorporates many of the suggestions by WordPress lead developer, Ryan Boren from 2014.

• Be present and up-to-date in the plugin directory.
• Be as ready to go on mobile as they are on desktop.
• Have visual records for major flows through all new interfaces on all devices.
• Have mature UI that isn’t going to derail the release train.
• Have a history of posting weekly updates to make/core.
• Have a history of regular plugin directory updates.
• Have a testing audience.
• Publish a merge consideration post on make/core complete with visual records and other diligence.
• Exist for at least one release cycle. Plugins created at the beginning of a release cycle should not be considered for merge until the next release.

It also focuses on establishing a direction for a project early on instead of people aimlessly developing it to see where it goes. It’s worth noting that Boren supports the changes to the model.

Early feedback suggests this is a great move. Michelle Schulp, Founder of Marktime Media, had this to say about the changes:

Love this, not only because it a) treats WordPress more like an actual product where decisions on features should be tested and vetted before they’re built, and b) validates the design and discovery process as ‘important to WordPress’ and saves a ton of unnecessary dev time, but also c) will help encourage those with other important talents like design/ux/ui/user testing (but not core-level development skills) to contribute.

Although I suggested renaming feature plugins to feature experiments, feature projects is pretty good name. It’s nice to see the model evolve and address many of the problems I outlined in 2015. I encourage you to read the full post and let us know what you think of the changes.

There hasn’t been a lot of news about bbPress lately but earlier this week on the project’s development blog, John James Jacoby provided a status update on the progress of 2.6 and what to expect for 2.7.

According to the post, the team has worked hard on 2.6 since 2.5’s release in 2013. Unfortunately, two highly anticipated features that were expected to be in 2.6 have been pushed back to 2.7. Jacoby explains why:

Stephen and I have been steadily improving and readying the next major version (2.6) ever since releasing 2.5.0, and while many huge features and neat little improvements have already landed in the development version, there are 2 features that will likely get bumped to 2.7 so we can call 2.6 done:

• bbPress as Post Comments
• Forums as Taxonomies

These two features are fully architected and planned, but do not have enough progress in code for them to hold up the release of 2.6.

Users can expect to see betas and release candidates of bbPress 2.6 in the coming weeks. Jacoby notes that development on 2.7 will exclusively focus on the two missing features.

As someone who is waiting on the bbPress as Post Comments feature before diving into bbPress, I’m disappointed. I’m grateful for the time and effort Jacoby, Stephen Edgar, and others put into the project but considering its release history, it may be another 1-2 years before 2.7 is a reality. I don’t know if I can wait that long.

Development on BuddyPress 2.6 began this week with a meeting to set the schedule and scope for the release. The BuddyPress project recently moved to adopt release leads as part of the core development process.

“The release lead gets a sense at the beginning of the dev cycle what he/she would like to accomplish, as well as what others want and are willing to contribute,” Boone Gorges said during last week’s development meeting. “Within those parameters, there is likely lots of room for the lead to make decisions about what the focus should be.”

David Cavins was named release lead for the upcoming 2.6 release and @mercime will be on deck for 2.7. During this week’s meeting, Cavins set a schedule for 2.6:

• Beta: May 25
• RC1: June 8
• Official Release: June 15

Cavins said that 2.6 will focus on performance and UI polish, as many of the tickets filed for the milestone fall into those general categories. Contributors chimed in during the meeting to express interest in working on specific goals and tickets:

• A new API to manage single items navigation (#6534)
• Incrementor-based caching for ID queries (#6643)
• Explore implementing Behat to add a functional testing capability to the project
• Extend BuddyPress’ use of caching to group memberships
• Framework for bulk data handling after updates (#6841)

Cavins is also organizing a few “BuddyPress Work Parties” early in the release cycle where contributors can get together to collaborate on tickets, documentation, testing patches, and answering support questions.

In addition to the new release leads concept, the BuddyPress core team is also considering implementing component maintainers, similar to the way WordPress core is organized.

“It gives newcomers a sense of where to look if they have questions about a part of BP, or want to get involved in contributing,” Gorges said. “It also creates a sense of ownership for people who are already doing the practical work of triaging certain kinds of tickets, and encourages people to step up and take a role of responsibility.”

BuddyPress project lead John James Jacoby said that component maintainers has been one of his personal leadership goals for BuddyPress for a long time, with individuals and eventually teams “owning” components to make them shine.

“The main reasons to do it are empowering people to make decisions, and to elevate everyone’s contributions by promoting within and creating goals for contributors to graduate to, to celebrate their value,” Jacoby said.

Specific maintainers and/or teams have not yet been identified but the core team is working towards making this more official to streamline contributions.

Welcome to the Post Status Draft podcast, which you can find on iTunes, Stitcher, and via RSS for your favorite podcatcher. Post Status Draft is hosted by Joe Hoyle — the CTO of Human Made — and Brian Krogsgard.

Today, we answer questions from Post Status community members, who asked us all sorts of stuff on the Post Status Ask page. If you’d like to ask a question, be sure to go there and we’ll see if we can answer it on a future show.

https://audio.simplecast.com/34442.mp3

Direct Download

Questions & Links

We answered the following questions:

Why WordPress?

In a survey I did before my PressNomics talk, the top answer for what’s important to people in regards to the WordPress world was the quality of the community. WordPress’ ubiquity — powering 26% of the web — helps too.

What is the biggest mistake you made learning WordPress? (Or, what would you do differently?)

Joe and I each shared what we tend to do wrong when learning new things. We are fully on opposite ends of the spectrum. Recommended link: Just Build Websites. Also, my post on learning WordPresss holds up pretty well, considering I wrote it in 2014.

Why did a lot of web and WordPress people get upset about the Mandrill pricing changes, when we want people to value the work we’re doing ourselves?

We discuss what made Mandrill’s pricing changes controversial, and why we think some level of “outcry” is understandable here. Basically, Mandrill isn’t differentiated enough to warrant the new pricing, in our opinions. However, it’s obviously their right to change their pricing and structure, and the questioner has a valid point in how we value other services versus our own.

The WordPress REST API clearly has the attention of savvy WordPress developers, but will it really change WordPress as we know it?

It’s hard to know exactly how the REST API will change WordPress. It partly depends on how extensive the core inclusion of the API is. But at a minimum, the WordPress REST API plugin will be maintained and offer a new way of interacting with WordPress for anyone that wants to do so. And efforts into learning the API will definitely be transferable to using other REST APIs on the web.

Why isn’t the WordPress importer being worked on more intensively?

Good question! We talk about the state of the importer, some other options like WP Migrate DB Pro, WP All Import, and WP CLI. We also discuss how to get involved with open source development.

Should taxonomies have the same feature capabilities as posts in the future?

There’s been a lot of interesting work on taxonomies in the last several releases, and you can read more about some of that and find links going back from my release post for WordPress 4.4. However, we think taxonomies and posts should be different. With the introduction of term meta, it is more important to consider architectural choices well in advance. Finally, the Fields API will be interesting in how it affects customizing term edit screens.

How should I use my own domains with Multisite?

This turned interesting! Fortunately, Multisite component maintainer Jeremy Felt came through while we were on the show to point us to tickets that were merged in WordPress 3.9 for enabling simpler domain mapping, and in 4.3, when a better UI was introduced. So, today, it’s much easier to use a custom domain in a network — within the existing WordPress Multisite options interface — versus using a tool like Mercator.

---

In addition to these questions, we also banter on about some other things and answer a few less serious questions we got from funny listeners. And at the end, I make a pretty big announcement…

---

Today’s podcast is sponsored by Design Palette Pro. Design Palette Pro makes it easy to customize pretty much any Genesis theme, without touching code. It’s perfect for when you’re helping a friend with a website, but they don’t have a full service budget and you don’t have time to custom code every element. Get a great website in no time, with Design Palette Pro. Go to GenesisDesignPro.com for more information. Thank you to the team at Reaktiv Studios, who builds Design Palette Pro, for being a Post Status partner.

Version 3.1.10 of the Akismet plugin for WordPress is now available.

This update fixes a bug that could cause comments caught as spam to end up in the Pending queue. It also fixes the History entries for comments caught by WordPress’s built-in Comment Blacklist in WordPress 4.4 or later.

Version 3.1.10 is confirmed compatible with WordPress 4.5, which is coming soon.

To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.

photo credit: Tek F – cc

Jetpack 3.9.5 was released yesterday with compatibilities for the upcoming WordPress 4.5 release and a handful of enhancements/bug fixes. Shortly after issuing the routine maintenance update, the Jetpack team began receiving reports of random, unwanted videos being added to the comments of posts. Any number string in the comments was automatically converted into a Vimeo video.

No, this bug was not an April Fool’s Day prank, although it seemed like it. As a temporary fix, support representatives recommended that users deactivate the Shortcode Embeds module.

We’re aware of an issue with numbers in comments embedding random Vimeo videos and are working to get 3.9.6 out as a fix ASAP.

— Jetpack (@jetpack) March 31, 2016

The Jetpack team scrambled to fix the rather humorous and annoying bug, which had been introduced while fixing another Vimeo bug. A few hours later they shipped 3.9.6 on the heels of the maintenance release. Users who updated to 3.9.5 right away will need to update again in order to avoid running into this bug.

photo credit: Lukasz Kowalewski

WordPress.org is second only to WordPress.com in Google search results for “WordPress,” followed by the project’s download, about, and featured themes pages. Unfortunately, visitors to WordPress.org land on an outdated website that doesn’t accurately represent the vibrance of the WordPress project and its strong community. As the face of the open source project, WordPress.org is in desperate need of a redesign.

Designer Hugo Baeta is currently gathering feedback on the user experience of the site as part of a long-term plan for its improvement. WordPress.org is a slow-moving machine when it comes to updates and design changes, but Baeta’s research is a solid first step towards action.

“As we take on efforts of documenting and creating more polished and art directed design foundations for the WordPress project as a whole, the .org sites need to get some love as well,” Baeta said.

He posted results of a lengthy 55-question survey, summarizing anonymous feedback from 32 of WordPress’ most active contributors – project leads, team reps, and highly active community members. The survey asked open-ended questions to encourage honest feedback on the site’s biggest pain-points.

“This survey will help us get a better idea of the direction we need to go on a long-term plan to make improvements to WordPress.org, building a more solid and thought-out foundation so the community can grow and thrive for years to come,” Baeta said.

For 81% of respondents, the primary reason they visit WordPress.org is to contribute to WordPress. Nearly all agreed that the design feels tired, old, outdated, and inconsistent. It’s not surprising, given the sample’s demographic, that most respondents rarely (if ever) visit the WordPress download page, the themes directory, hosting, or showcase pages.

Overall, the survey’s participants find the current design to be inconsistent and confusing to navigate unless you are an insider. Several responses communicated frustration that the site isn’t 100% WordPress and that its underlying code prevents it from being easily updated.

Survey participants offered both sharp criticism and constructive feedback. If you have the time and inclination, the results are worth a read.

WordPress.org serves two different types of users: contributors and the millions of people who use and the software. Baeta did not indicate his next step in the UX research, but it would be worthwhile to sample some first time visitors and users who frequent the pages that contributors don’t often visit.

While open source software websites aren’t usually known for their cutting edge designs, many inspirational examples can be found at BeautifulOpen.com. Browsing that catalogue, it’s clear that WordPress.org could greatly benefit from a brighter, more user-friendly design.

Companies like Wix and Weebly, some of WordPress’ commercial competitors, could never get away with having websites that don’t demonstrate the quality of their products. If WordPress is going to continue to grow past its current 26% market share, the project’s website should reflect its reputation of being easy-to-use software for creating beautiful websites.

We didn’t have a guest this week so Marcus Couch and I discuss the latest news and events happening in the WordPress community. We update listeners as to the status of the W3 Total Cache plugin. This segues into a conversation on whether caching plugins are necessary considering the improvements in technology in the last decade.

We congratulate Rian Rietveld on winning the Heroes of Accessibility award and then dive deep into why communication is a key component of success for developers. We provide a status update on WordPress 4.5 and end the show with the plugin picks of the week.

Stories Discussed:

Frederick Townes Confirms W3 Total Cache is Not Abandoned
Versions of WP-CLI Prior to 0.23.0 Are Incompatible with WordPress 4.5
Draft and Save Customizer Changes for Later with New Customize Snapshots Plugin
Modern Tribe Acquires GigPress, Exploring SaaS Events Management Solution
WordPress Contributor Rian Rietveld Wins Heroes of Accessibility Award
A Little Communication Goes a Long Way
WordPress 4.5 Field Guide

Plugins Picked By Marcus:

Flatty – Flat Admin Theme is a new Admin theme based off the flat design trend of 2015. Simply install the plugin and configure how you want the admin area to look.

Scratching Effect allows you to easily simulate a gift card or instant lottery ticket by adding a scratchable area to your site.

Facebook Instant Articles for WP adds support for Instant Articles for Facebook, which is a new way for publishers to distribute fast, interactive stories on Facebook. Instant Articles are preloaded in the Facebook mobile app so they load instantly.

Wapuu Fall plugin allows you to have falling Wapuus, similar to a falling snow plugin.

WPWeekly Meta:

Next Episode: Wednesday, April 6th 9:30 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #228:

photo credit: November Company – Confidence Course – Nov. 18, 2015 – (license)

A Day of REST, the first conference dedicated to the WordPress REST API, was held in London at the end of January 2016, hosted by the events team at Human Made. Attendees offered overwhelmingly positive feedback after the conference finished, with 81% of the 221 participants saying they would attend again.

The event’s organizers announced today that the next WP REST API conference will be held in the UK in late 2016. A Week of REST is being organized as a four-day residential developer bootcamp. As such, the £1,500 (~$2157 USD) ticket price is for an immersive experience that includes all meals, accommodation, and training.

After the first conference, attendees indicated that they would be interested in a longer event that offered more advanced training. Although specific sessions have not yet been announced, organizers are focusing the bootcamp around three main learning objectives: how to leverage the WordPress REST API, creating your own API with custom endpoints, and displaying WordPress data in a frontend JavaScript application.

Developers can sign up at aweekofrest.hm to indicate interest in the event and subscribe to updates from the organization team. Location and exact dates will be announced soon.

Latte is a new parallax style WordPress portfolio theme created by Hardeep Asrani. The 19-year old developer from India already has 17 plugins and four themes to his credit on WordPress.org. We recently featured his work on the Advanced CSS Editor plugin, which allows users to write CSS in the customizer.

Latte follows suit with extensive customizer options for every section of the one-page scrolling theme. It was created for developers, designers, and freelancers who want to feature their work in a visual resume format with a profile photo, short bio, services, newsletter subscription, and more. Each of these sections are optional and can be turned on/off with a simple checkbox in the customizer.

Latte theme users can choose to highlight different skills, portfolio items, blog posts, and/or services they provide. It is geared towards individuals who want to lead with their profile and keep all their relevant information on the home page.

In many one-page scrolling themes, blog posts become somewhat of an afterthought that don’t receive the same design attention. Latte, on the other hand, includes a simple, tasteful single post design that is harmonious with the rest of the site. A blog header image can be set in the customizer to be unique or match the rest of the site.

If you’re not a fan of the preloader or the scrolling parallax animations, you can disable them in the customizer. The theme supports a slide-out navigation menu, which can also be disabled if you plan to keep all the content on the homepage without posting any blogs.

Asrani built 100+ color control options into the theme and prides himself on its customizability. Latte’s homepage states that if you find something in the theme which is not customizable, then he will work on adding it to the theme.

The services, skills, and subscribe sections are widgetized areas where the content is generated by special widgets that are included in the theme. Documentation for setting up the various sections is included in the theme’s zip file. If you want to add pricing tables, a contact form, portfolio section, or a map, you’ll need to purchase the pro version. To Asrani’s credit, the free version is not cluttered by pro version “teaser” controls in the customizer.

Check out the live demo to see each of the available sections in action on the page.

Latte offers a welcome alternative to clunky, confusing page builders or drag-and-drop editors. With everything in the customizer, the user doesn’t have to hunt around for how to edit its many sections. If you want a simple one-page theme to showcase your profile and services, you’d be hard pressed to find one more customizable than Latte. Download it for free from WordPress.org or via your admin themes browser.

photo credit: elycefeliz – cc

Whether you manage WordPress plugins, themes, or a service, a key component to keeping users happy is communication. Users and especially paying customers want to know what’s going on. Going an extended period of time without communicating leads to doubt, a feeling of abandonment, and speculation.

Communicating is not hard and these days, developers have more ways than ever to keep users and customers informed. If you’re experiencing writer’s block or don’t know what to write about, here are a few ideas.

• New Features
• Major Bug Fixes
• White Papers
• User Testimonials/Reviews
• Major Changes or Announcements

The key is to maintain a cycle where you communicate, users and customers provide feedback, and implement the feedback into continued improvements. While it doesn’t always work this way, it’s an ideal strategy that keeps developers and users on the same page.

Controlling The Flow of Information

Ideally, a news site is not the first place users should discover what’s going on with a particular project. Blogs attached to a project’s site are an excellent way to keep insiders and outsiders informed. By utilizing Facebook, Twitter, change logs, and a blog, you control the flow of information and what you want people to know.

Speaking of change logs, last year, I offered advice on what information to include and how to differentiate between the changes. Users read change logs and should be an important part of any developer’s communication strategy.

How Much Communication?

There’s no set rule on how much you should communicate but with all the options available, there’s no excuse not to push out a few updates a week. However, this all depends on how many users you have, how much development activity is going on, etc. Sometimes, there’s nothing to report and that’s fine. When it becomes concerning is when there is a lack of communication after a month or more.

Communication Can Make or Break a Business

Most of what I’ve discussed so far deals with software development. However, there is one aspect of communication that can make or break a business and that’s during a security issue.

If your plugin, theme, or service experiences a security issue, the best thing to do is own it, be as transparent as possible, and inform users immediately. A great example is when iThemes experienced a security breach in late 2014, that affected approximately 60,000 customers.

iThemes CEO Cory Miller could have swept the breach under the rug and fix things behind the scenes but instead, chose to immediately inform customers. In his post, he explains what happened, takes full responsibility, and explains what they’re going to do to make things right.

As the company learned more about the breach, they shared that information with customers and the public. Thanks to Miller’s honest approach of attacking the issue head on, a lot of upset customers pledged their support for the company.

Be Honest

If iThemes chose to keep the breach under wraps for as long as possible, chances are that at some point it would be exposed likely causing the company irreparable damage. Humans are not perfect and security vulnerabilities happen, but it’s how they’re handled that can make or break a business.

Be honest with yourself and to those giving you money. Nothing good happens by ignoring customers or setting unrealistic expectations.

As the user and customer base of plugins, themes, and services increases, so does the impact of communication. You don’t have to write a thesis every week but it’s nice to know that the developers behind a project have a pulse, especially if it’s for something people are paying for.

If communication is something you’re struggling with, let us know in the comments. If you develop a popular theme or plugin, let us know what your strategy is for keeping people informed.