WordPress Planet

October 07, 2022

Post Status: What Can We All Do to Better Support Our Plugin Developers?

The recent discussions around the Active Installs data being removed from the WordPress Repo prompted a couple of questions I think we need to answer as a bigger WP community and particularly our members at Post Status.

As someone who lived in the WordPress product space for 10+ years and had free and paid plugins (found this from 2010), I resonate with the issues and concerns being brought up particularly by plugin developers.

In the spirit of Mark Zahra's “let's work together, not against each other,” what I want to do here is continue a constructive conversation and help us all make progress together — for the good of WordPress, plugin developers, and users.

My intention is asked in the spirit of Mark Zahra's sentiment of “let's work together, not against each other” and is simple:

To give voice to those awesome people and the countless others building WordPress plugins around the world, to help frame the conversation to be clear and constructive, in order to help us all move forward.

So to our WordPress plugin developers ….

What worries, concerns, problems, obstacles, challenges do you have creating, building, maintaining WP plugins?

What are 1-3 initiatives would you prioritize that would create a better, more sustainable environment for you in WP?

As always, keep it about the work, never personal. Talk about and share your experiences, not blame.

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Cory Miller</span> at October 07, 2022 03:10 PM under Plugin Repository

Post Status: Post Status Excerpt (No. 70) — Trust and Distrust: Microagressions, Active Install Growth Data for Plugins, and Open Source Security

In this episode of Post Status Excerpt, Dan and Ny take on three issues in the WordPress community that can threaten or impair trust while also revealing how foundational trust and healthy communication are: 1) racism and microaggressions, 2) the sudden removal and uncertain fate of the active install growth chart in the WordPress.org plugin repository, and 3) open source and security. Briefly discussed: emerging US federal policy that aims to secure open source software. Zero-trust architecture might work well for networked machines, but human relationships and communities need trust.

Estimated reading time: 0 minutes

In this episode of Post Status Excerpt, Dan and Ny take on three issues in the WordPress community that can threaten or impair trust while also revealing how foundational trust is, especially in open source.

First, they talk about Ny's article at MasterWP, “Enough with this woke stuff: and other racist speech you can unlearn,” which explains microaggressions and received a significant number of macroaggressions in reply — but also far more positive support from the community.

Next, “How do we rebuild trust when it's harmed?” is a question that leads into the biggest WordPress story of the week — Matt Mullenweg's apparent decision to shut down access to active install data at the WordPress.org plugin repo due to an unspecified security breach and/or privacy concern. The way communication has happened — or hasn't happened — about this decision is clearly damaging trust in the WordPress community, particularly among business owners with a product in the plugin repository. Ny points out how this all looks to a newcomer to the WordPress community — again, trust takes a beating. But while we lack clarity about the po. ssible return of install data in some form, Dan suggests asking why this data is trusted and valued by many plugin owners. What business decisions can it helpfully inform? Are there alternative and possibly better sources of data about a plugin's users?

Finally, Dan briefly talks about the emergence of draft legislation in the US Senate: the Securing Open Source Software Act. It seems likely that in the near future, US security agencies will be getting people, dollars, and new organizations involved in assessing risk in open-source software. Are WordPress auto-updates critical supply chain infrastructure? When should individual freedoms be exchanged for collective security? When do we need to know what our machines and software are doing? When don't we? Zero-trust architecture might work well for networked machines, but human relationships and communities need trust.

Trust can be betrayed in so many ways or failed even with the best of intentions.

Dan Knauss

🔗 Mentioned in the show:

🙏 Sponsor: A2 Hosting

A2Hosting offers solutions for WordPress and WooCommerce that are both blazing fast and ultra-reliable. WordPress can be easily deployed on ANY web hosting plan from A2: Shared, VPS, or Dedicated. A2 also offers Managed WordPress and WooCommerce Hosting. Take a look at a2hosting.com today!

A2 Hosting

👋 Credits

Every week Post Status Excerpt will bring you a conversation about important news and issues in the WordPress community and business ecosystem. 🎙

You can listen to past episodes of The Excerpt, browse all our podcasts, and don’t forget to subscribe on Spotify, Amazon Music, Google Podcasts, iTunes, Castro, YouTube, Stitcher, Player.fm, Pocket Casts, Simplecast, or by RSS. 🎧

Transcript

Dan Knauss: [00:00:00] Good morning Ny.

Nyasha Green: Good morning, Dan. How are you?

Dan Knauss: Okay. I think! We've got quite a few things cover here, but I think today, the first — the first is probably a topic all onto itself. Something you could spend a lot of time on!

I feel like I'm in the role of like bringing, bringing someone to the family Thanksgiving dinner and having to explain like… Oh yeah, Uncle

They said that.

Nyasha Green: Oh yeah, So , I wrote an article at Master WP about microaggressions. Mm-hmm. . And you know, usually when I do my social commentary, I do tie it to tech. And I mean, the reason I wrote it was tie it to tech issue, Twilio and claims of reverse racism and hiring and [00:01:00] things like that. And affirm of action and.

What I saw the conversation around this tech conversation was that, you know, a lot of microaggressions, which I talk about is like, you know, unconscious bias and basically racism. Um, so I was like, you know what, this seems like something that the community really needs to learn about and hear about. So, took my wonderful African American studies degree in research background, , and um, you know, did a good article on microaggressions.

Mm-hmm. , which led to more microaggressions. That let this hate mail led to me taking a little break from Twitter. But, um, I guess that's addressing the elephant in the room. But I mean, I look at it as something as I still don't regret writing it. I don't regret what led up to writing it because we have a good number of people in the community who are very informed and they are very.

You know, resp receptive to information like this. I got a [00:02:00] lot of support. I got more support than hate. Okay? So I want to do, I do wanna acknowledge that, but there are quite a few people in the community who actually, you know, they need this information and they ignore it. But you know, that's not going to stop me.

And although I'm taking a break from Twitter, you know, it's because, you know, I have a lot of other things going on. Um, yeah. So I'm perfectly fine and I can't wait to get back on Twitter cuz I'm really gonna argue. Yeah. I'm ready to argue with people. , I'm just kidding. But I, no, I do miss Twitter. It's.

It's nice connecting with people of the community. Yeah. Be in a meaningful way. And like I said, there were lots of people who were like, you know, I really needed to hear this. Like, this actually changed my perspective. I think I might buy a book, one of the books you recommended, Things like that. So, Oh good.

If I can help one person, like that's all, that's all I need. I don't need a, A group.

Dan Knauss: I think it was really good article. I, I haven't heard all of the, the stuff that you covered and you did have a, a bibliography at the end, so Yeah. Mm-hmm. , people [00:03:00] wanna read, click through and, and, and get into some more. Um, I thought it was pretty generous and even handed things.

It's interesting people. Triggered about it because you were pretty clear that microaggressions are, are things almost anyone can do to anybody else for any number of of reasons. Um, but, um, I don't know. I'm, I'm always, I'm surprised, not surprised at the kind of reactions that you, you get, um, when you touch these, these subjects.

I know it's, it seems pretty much that women. are the, the targets of, of that when, when there's equity and inclusion and justice type subjects that come up. Um, and that kind of bothers me. We talked about that a bit before. Mm-hmm. , the kind of, what I wouldn't say it even approaches hate mail and we get the kind of angry I'm leaving, [00:04:00] I'm unsubscribing it, you know, you shouldn't talk about this stuff.

It's always anonymous. Um, that comes to me. The, the stuff I've seen, um, that post status gets, Um, I, I think your experience is quite a bit different and that kind of concerns me that, um, people getting, I think a, a pretty, even, even handed and calm, even like calmer than , a very tolerant response to. Some tough issues where there's, there's definitely kind of abusive things going on out out there.

Um, the reaction is more of the same a as you said, directed very personally from people who are using their work accounts to do it. And they're not hiding their identity at all with you. I don't know what they're afraid of. They don't do that with, with us, but it [00:05:00] kind of, That doesn't speak to anything good if they feel confident.

Um, just cutting loose on, on you, on, on women who write, um, something that they don't want to hear. And it is, it is exclusively men as far as I've ever heard.

Nyasha Green: Yeah. Um, As, as you said, as we talked about people, as you saw on Twitter, people are writing from their Twitter accounts with their WordPress information in it.

Yeah. They're sending it from their business address that. Their business, their business, email addresses that have their addresses and phone numbers and stuff. Mm-hmm. , that's what's, uh, . It's interesting to me because even if you, I, it's a disrespect thing, honestly. Let me, let me go back. They do it because it's, they know like, I can say this to you with my chest, and there's no repercussions.

Or they think, they think that, right. And, um, it's a disrespect issue. It's always amusing to me. Going back a little further to what you said, you were like, you wrote it very like, you know, without emotion. Objectively, I've, I've seen a [00:06:00] lot of people say that. A lot of people said this to me. Mm-hmm. , they were like, this was written like a research paper.

Yeah. Because, you know, one, it was. Two. The biggest thing that I want people to know is that I don't have the luxury of being able to be emotional in writings like this. When I write about my race and my gender or things that I have experienced, and the moment I show any sign of emotion, I'm the wrong person.

It doesn't matter what the other party did to me, right? Because there's this big, uh, I don't know what you would call it. It's this big theory with people discount your experiences and they say it's because you're emotional. It's because you're looking to be a victim like you in, like, I enjoy stuff like this.

I don't enjoy racism or racist people. I prefer to pretend they don't exist. That if I could do that, that's what I would do. But, um, I just couldn't show emotion. And it's been a while since I've written like that. Um, I've been able to show emotion for a while, but I knew with this I couldn't. And you see with that, we still got hate mail

So, uh, I got told I was being a victim of, I was like, Of what? [00:07:00] No response. I was like, What am I a victim of? I'm like, I'm, this is, I have. Micro aggress against people. I've used ables language, you know, not knowing I've said things, um, toward people that I didn't know was harmful. And it was important to me to unlearn that I don't care if I didn't do it on purpose.

And I'm like, Doesn't everyone feel like this? No, they just rather not be told that they're doing anything bad at all, ever, even if it's unintentional and even if it hurts people, but you know, that's them. But for everybody else who wants to learn, I'm always here .

Dan Knauss: Yeah, it's, uh, definitely worth checking out if, um, if you haven't seen it enough with this woke stuff and other racist speech you can unlearn, which I think is very inviting.

Um, uh, and yeah, that, uh, it, it can be unlearned that's a, a positive. Um, yeah, I've seen mail come in about that, complaining that we don't want to hear anymore [00:08:00] of this. Change your thinking, change your mind. Woke stuff. Too bad. Yeah, too bad. Uh, everyone who has that kind of reaction is just a voting for doubling down on, on bigotry or the idea that they have nothing to learn.

Um, and yeah, I know, I think that's a pretty honest and good generous starting point that we're. There's, there's not really any way through life and relationships without stepping on people's toes, and sometimes intentional, sometimes unintentional. And if you don't learn from that, you're, you know, that's, uh, at some point it's not ignorance anymore, it's intentional damage you're doing.

Um, but I'm, I'm glad you wrote it and I hope more, more people. Engage with it, read [00:09:00] it and think about, think about it. Um, I, I think, uh, it's a tough one. Cause you, you also tackled the myth of meritocracy, which will die hard in, in tech. Um, , you know, I, everyone's a victim who hasn't earned their way up or, you know, proven their worth or, or mm-hmm achieved something that I consider, you know, notorious. Yeah, that's, there's a lot, there's a lot more going on in here than I imagine people think who just dismiss it at the title. So that's, uh, it's definitely worth, worth going through. And honestly, it's not in my time. I, I don't think this is something we've talked about a lot.

I don't think it's come up, um, a ton in, in just let's talk about. Kind of, um mm-hmm. conversations. [00:10:00] Yeah. In reaction to bad events. Un unfortunately in problem individuals and, uh, conflicts that come up. So it's, it's worth, it's worth having that conversation as a running one. And I hope the, um, diversity inclusion, um, equity approach to.

To the, to not just events, but um, to, um, to help people, um, look at each other and relate in general will. We'll make that more of just, this is, this is just normal, right? . There's, there's a lot of different cultures and perspectives and age groups represented in a large, large community like WordPress and having an open door and open conversation on it.

It's good. Um, anything else you wanted to [00:11:00] get into? About that. I know there's, there's so many big things looming behind it, but yeah, you need some time to rest, recover, and.

Nyasha Green: Um, not many big things for me. Um, I just want people to, I, I was worried people were thinking, um, especially the first few days I was off Twitter that I was like somewhere crying. I'm not,

Dan Knauss: Oh geez, , no.

Nyasha Green: This man could not ever in a million years make me cry, baby. But , um, it has encouraged me to keep talking.

Like, if, if the reception was a little more tame, , I definitely probably would've said, You know what? Okay. People heard and they understood. The pushback has made me want to talk about it even more. Mm-hmm. , So I'm, I'm cooking up some things and we had Ally, uh, Neon's workshop on how to be an ally, which, um mm-hmm.

talked a lot about microaggressions and a lot of things we were experiencing cuz Ally's been through the re, through the wrong. Is that the expression? Thank you.

Dan Knauss: Through the [00:12:00] ringer.

Nyasha Green: Through the ringer. Especially when you talk about, you know, racism in Europe and, you know, Yeah. You can't even talk about racism in Europe according to Twitter.

So, um, and I'm going to talk about it. So, and I'm going to Word camp. I, I don't care if no one has Christmas, I'm going to work Europe next year. But, um, Yeah, we're, we're gonna keep talking about it. I, I hope to see more workshops. I may do one I don't know yet. Um, I'm gonna keep, I'm gonna keep talking about it.

If, like I said, if I'm only reaching one person out of all the people that this goes out to, that's fine. Yeah. ?

Dan Knauss: Yeah. Good. No, um. I, I, I think, uh, anyone who thinks that you were off Twitter for any of those reasons is just out of , out of touch. No. Yeah. Pin pinned your flow foot to the floor with a steak knife.

Got bigger. wasn't a steak knife, but was a Japanese, a big

Nyasha Green: shift [00:13:00] knife.

Dan Knauss: The sword.

Nyasha Green: It was a Santo chef knife. It was very sharp. I sharpen it every week. It was an, it was a beast. Let's, let's embellish this story. Oh. And then, Yeah. I don't, I know.

Dan Knauss: Jump me. I told you I don't, I don't want to talk about sharp needles, knives every, you know.

Oh man, we won't, We've been through that. I've been upset when that happened. I was like, Oh, oh, oh,

Nyasha Green: oh. But I just wanted it to be known. It was not a state knife I could have handled.

Dan Knauss: No, it was huge. A state knife. Yeah. Yeah. It was. Uh, well, I, I hope that that recovery. Goes really well and admire your, your spirit, but it, it is good to get off.

It is good to get off of the social media and I'm glad for the supports you've got and the team that is always seems to be a hundred percent behind you and is good with disagreement and, and some amount of, of [00:14:00] tussle and stuff. And, and that's. That's probably a good move in a good way to move into the, the bigger, the bigger topic in most people's minds for this week.

But, um, yeah. Um, I, I really think the macro microaggression and how people teach, uh, how, how they treat each other. . Um, it's just a huge thing on onto itself and it really affects, it impacts trust and I think that's the theme, the theme here. And it's, it's always one in open source and in communities and in relationships.

How, how healthy is our level of trust? Um, For each other. And this, uh, this active install growth chart issue going away has certainly touched a lot of people's nerves and confidence or, or trust for, um, their relationship with.org and how things work there. [00:15:00] Have, have you, uh, what are, what are your, what are your thoughts on that?

It's, I guess nothing's really changed in a week as far as I can tell this morning.

Nyasha Green: That's a spicy topic. I don't know. I don't wanna say the wrong thing. I'm just kidding. You know? Nah. Um, , no. Um, that was a very interesting topic. Um, I have not jumped a lot into plugin developing. Plugin development. I've wanted to, that's something I have on my to-do list for the future.

Um, there's so many different aspects of WordPress I want to kind of jump into cuz it's very interesting. I don't, and I'm, I'm being honest, like I don't really know how to feel because I've seen both sides of it. Um, you sent me some good information. We had a very good article. Um, I don't wanna Bri pronounce his name.

Dan Knauss: Mark Zara. Mark. He's a great guy. He's, um,

Nyasha Green: he is, he is awesome. Um, he had a article by him. Oh, go ahead.

Dan Knauss: Oh yeah, he, he brought [00:16:00] it to everyone's attention first, I believe. Um, yeah, so for those. Have been under rock or, or new to all this , I think it was late Thursday night, um, a week ago. Um, uh, uh, someone who works for, for Audrey Capital, um mm-hmm.

So you would assume like directly. Responding to, to something Matt had re requested, took down the, uh, re reverted the changes in an old track ticket that in 2017, introduced the active install charts that are in the advanced section on plugins, um, in the WordPress DO org plugin repository. So, Plugin owners and really everyone can go in there and see a somewhat obscured, rough estimate of, um, how many sites appear to have your plugin installed on it at the, within the last 24 hours and.[00:17:00]

And then over time, how that needle moves. Is it, is it going up or down? And, and if there's a, a growth or decline trend, what's that line averaging out to? So that's been there for a while and, and people really, a lot of people have really relied onto it. And that just went away with a ticket that just said it's insufficiently obfuscated data.

So clearly there's, there's sort of an implication and then further things, there's definitely a security issue. The attempt to put out, to make some data public and not all of. Um, completely exact and comprehensive and available to everyone. That wasn't the attention, but some, some entity, um, with the capacity or more.

I know a lot, there's a lot of services and people who scrape that, who pull that data in some way. Um, To get a fix on the market, on to offer it as a service to look at other, [00:18:00] your plugins, your competitors, how things are going. Um, that was just pulled and there's co, the, the primary code involved, um, is not public, is not out in the open, and it's what would be receiving the, the pings from all the sites and interpreting them.

As, Okay, does this count as a live site? If so, score one and then making that available through some kind of API where you can pull, um, pull out your current active installs. That too, that's the part that apparently has a security privacy issue and needs attention and, um, that has not been formally, officially.

Clearly publicly stated, there's a discussion in meta slack, uh, mechan and WordPress slack, where this, you know, if you wanna read through, read between the lines and [00:19:00] people unofficially, but who I think are, uh, uh, totally trustworthy and, and know enough about what's going on. You can figure out what's happened.

And that's the article I put together. Uh, trying to take that as at face value. Um, that appears to be what's gone on. And you see the, the reaction if you were a plugin owner. In the,

Nyasha Green: I wanna pause on something you said. You said, Well, if you know that these people are reliable, the right people are telling you the right things.

What if you're a newbie like me right to this and you don't know these people not saying they're not true. Exactly. I don't, You know, I, I.

Dan Knauss: My thought, Who is Triple J? Why should we trust him?

Nyasha Green: No, I wouldn't say that. I'm just like, I'm going off what you're saying. You're like, Well, these are the right people.

And I'm like, Well, you know that. How would I know that? You know? Yeah. That's me not playing devil's advocate. Cause I think that's stupid, but I, that's me just like waiting in, like I, I don't really [00:20:00] personally know these people. I, I get. , I get the side, I get both sides. Again, because one, I, I looked at it when I was deciding on plugins that I didn't really have a lot of information a on because, you know, the more people that seemed to be using it mm-hmm.

the more reliable it seemed. And so, I mean, I definitely get that as a consumer. I'm definitely like, Okay, I'm gonna do a little bit more research and, you know, I'm lazy. So, you know, that's on me, that's on them, that's on me. But I, I get where plugin owners are panicking over that. Like, it's, it's their money, it's their business.

Like I, I get that. And then like, it does not seem to be a lot of clarity on it. Like especially when it went down, like it just went down like, ugh, you know, we need to fix this. Mm-hmm. . And it was kind of like, that's it. And it. , Right? What can we get an explanation? And it's like they have to dig, dig, dig.

And I'm, I know speculation is bad in general, especially when you don't have all the facts. Um, so I know there's been a lot of speculation on what's really going on and why it was really taken down, you know, outside of the few statements we got. But [00:21:00] do you blame them? Can you blame them? Like, if you're in the dark, all you can do is guess, I guess.

Dan Knauss: Yeah. And that's not helpful from the, from the, um, from a normal corporate communications or community management standpoint. Mm-hmm. not having, not having an internal PR arm, not having some means of, of communicating to stakeholders in ways that calm things and, and spread correct information. Um, is it just.

Who does that? So I think a lot, a lot of people feel disrespected, but this isn't a new thing. Um, they should know that it's, it's that way. It's been that way for a while and I would assume it's wanted to be that way. Um, but if, if you were expecting or wanting something a little more standard, that is not, not the [00:22:00] case.

And it does lead to people getting wound up. Speculating wildly and, and, uh, with distrust, uh, is spreading a good deal with distrust. And I think that's, that's what people are going to do every time.

Nyasha Green: I mean, and I'm, I'm with you on that. It's been this way for a long time, so people are pretty much, um, You know, a lot of people pretty much expect it.

So they're like, Well, you know, these things happen. That's one way to look at it, but I would like to quote the Great American Television Show The Wire. Oh yeah. And say the thing about the old days. Is they The old days, ,

Dan Knauss: Was that bunk who said that? I think

Nyasha Green: he did. Yeah. It wasn't, Yeah. So, um, This is the thing, like, again, me just looking at this from my perspective as a newer person, if I'm, if I don't know to expect these things, how can I expect them?

Right? Like, that's a lot, a lot of things happen in community, even outside of this, where it's like, well, that's how things have been done. And it's like mm-hmm. . [00:23:00] Yep. What am I supposed to do? , Like, I, I, Okay. Like I have to, There's no onboarding to how things are done. We've talked about,

Dan Knauss: That's a big issue.

This is your onboarding.

Nyasha Green: Yeah. So it's like, Trial by baptism. Trial by fire. Yeah, that's what I mean. But you know, and I know some people, some people who are still having these conversations, they've been in the community and they're used to this, but I mean, it could be, they could be tired of it. They could want change.

But I, I do agree with you saying like it's, it's gonna spread a lot of disinformation. No, you didn't say disinformation. It's gonna spread a lot of disagreement and we really don't need that. At all. You know what hashtag WP Drama. Um, but I mean, people also need answers. It's like I don't have a clear answer for what they should do because when I'm confused and I feel like I'm in the dark and nobody's giving me answers, I'm definitely going to complain.

And sometimes when you complain, it turns into hashtag WP Drama .

Dan Knauss: Oh yeah. That's almost inevitable. And so seeing it both ways, [00:24:00] Um, it, it shouldn't be Mark coming into Post Slack and in Twitter and saying, Hey, did anyone notice this ticket that just kind of crept in there and late Thursday night and, Hey, look, this chart's gone.

Um, that's. At once, kind of highly irregular. But then again, is it, is it really to me for this, for this family?

Nyasha Green: To this family, I guess not like I'm the, I'm the, the, the daughter-in-law, I guess I'm married into this family. Yeah. I'm at Thanksgiving. Like, Huh, ?

Dan Knauss: No, I feel like, yeah. Well, sorry you married into the mob.

Um, . I apologize for uncle over here. . Um, well, yeah, I, I think trying, I always try to see things multiple ways and, and look for what's the most. [00:25:00] Most productive way forward that will align the most people in a understand productive way And what can be learned here? Um, I, I'm willing to, because John James Jacoby stepped in and is a real long timer and is on the Medi and the ME team's a bunch of.

Good people. Mm-hmm. who, um, were not apparently in the decision making about this, but have some degree of knowledge and oversight or independent, um, takes on. On the non-public code in question and have made it, and I see no reason to, to distrust any of that. So what, what has come out short of it? Not a press release, not something on even the taverns not, you know, being, being quite critical and not not getting any special, um, quotes from.

Inside explaining this, um, what we've got is what's come out on the, on the [00:26:00] ticket and it, they're saying it's a security issue that the either privacy, security, the, the way the data, um, was being pulled and used was over line that they were. Not willing to tolerate going on, and they want to change how that data access works.

And I also trust them that it's gonna come back at some point. But what's muddied the waters is Matt has, um, disregarded the um, The desire for the, the, the crowd that calling for like a full explanation and, and just kind of leading it going forward with the discussion of, well, what is this data that you want?

Um, what would, what helps the most? Um, and trying to kind of move things i I, in this direction of competition, how do we promote cooperative competition, Cooper competition, Um,

Nyasha Green: ooh, let's make that [00:27:00] a word. .

Dan Knauss: So it's a tough pivot to not to say, Hey, don't, let's not give you any kind of, we can't give you any full, There's not even official statement saying, We can't officially disclose what's going on here, but we're trying to remedy it in the meantime.

Um, There's a couple of paths, how this could come back and how it could look, what's your feedback and input on that. Um, that's kind of what's being attempted, but the room temperature isn't really conducive to the most, um, helpful feedbacks, but just for me, just in watching, I'm, I'm, I haven't seen a lot of people explain why that one number is so important the way they think it.

Um, and it makes me think like if you're that fixed on this thing, that could come and go, that wasn't there before. And none of the really big businesses are, [00:28:00] um, they're, they're not living and dying by this, and I'm not sure anyone really is, you know, eggs all in one basket. Like really, Um, this is a, a wake up call I would think that if, if that's how you're running your business or you, you think it works that way, maybe you need some other.

Other ways to analyze your success or, or, um, decline in with your customers.

Nyasha Green: Okay. I, I can't agree with you there, , but can I cannot, can't, cannot. I cannot.

Dan Knauss: Oh. Oh, really? What do you, what what, I mean, what about it?

Nyasha Green: Like you said, that's, that's all fine and dandy for the bigger corporations, but for the smaller person, it's like, Whatever, Figure it out.

Find another method. Oh, well I, again, you said this is how it's been done, but it's like, how many times can you do that to people? Honestly, [00:29:00]

Dan Knauss: I, Yeah, I think that's a separate thing, right? If you kind of put that aside, this isn't a great way to, this isn't a great way to handle a community. Um, it's not a great way to handle business community.

Um, It is what it is. It's happening. We put that aside. That's happening. Why do, why do you, you know, even if this hadn't happened, why is that? People saying that they go to that chart multiple times every. It only updates every 24 hours. And like the, the, it's general, it's kind of shotgun analysis. So I would say like maybe a week's worth of data would give you, it's just kind of a thumbs up, thumbs down on what, on install activity.

And that's, that's for your free plugin. So if you're trying to make, um, if you're, your revenue stream is coming elsewhere from a premium product or, or something else, um, this is just people who are trying you out or using. The free [00:30:00] version and it's, it's just a general pool of, um, not, um, Well actually you can, you couldn't, um, you may, it may include, I guess it would include both, but once you have paying customers, I would pay attention to them.

You have direct, you have a bit more direct, um, access to them and focus groups. There's a lot of things you could, you could do to, um, to get better. Data on how your, your product's being used and there's other ways to distribute.

Nyasha Green: You don't think that would be a lot on smaller business owners, people, you know?

Dan Knauss: Sure. It's a lot. Um, and I, it's always kind of surprised me though, how, um, how. There's, there's just, Well, you know, everyone wants an easy, an easy way forward, But does that really, does that really substitute for, um, real business intelligence, for real customer [00:31:00] feedback from real contact and relationships?

Um, the people I've seen who seem to effectively build a, um, a small plug-in business who in intentionally are, you know, they're not trying to build. Thing at scale. They're, they're trying to do a company of one. Um, they promote it from the beginning on their, on their own channels. They know more or less who they're talking to.

They're soliciting feedback. Maybe they have the, the code on GitHub, um, or wherever it is. They're engaged with a lot of people using it. I just, I don't see why a single measure as vague as that one is. Such, such an obsessed over, um, detail. I mean, I, I understand, I hear what people are saying about it. I get that mm-hmm.

but it, when you actually literally analyze it as like, is, does that make good business sense? I haven't, I haven't seen that. [00:32:00] The only, the only good one is, and I think it's, it's kind of a painful scene, but, um, Matt said about this, the same thing people. See it as a thumbs up if they see it going up, it's a motivation to keep working.

It's like, okay, that's valid. Like that. That's good feedback to give. Um, but what, there are all these other reasons people talk about why this is a, an important business metric to them. And I just, I think almost all of those are highly, highly questionable or at least, you know, you could probably get better information Another.

And the

Nyasha Green: independent, like, so I, I've never ran a plug-in business. I don't know if you have, you have a lot more experience than me. So, I mean, well we aren't we just speculating on what they can do. Like, you know, I, I trust Mark, Mark said that was one of the only tools they had, so it's going to make it a lot more difficult.

I mean, like, I think that's worthy of them [00:33:00] complaining. I think if that was their only tool, like I, I don't know. I can't, I can't like jump in and say, Well they can do this, they could do that. They could go do this cuz I don't know.

Dan Knauss: Well, but it's their, It's their only tool. Cause they've allowed that.

They've allowed that relationship to exist.

Nyasha Green: So it was the easiest. And they like just kind of, I. It's, it's the easiest tool. So they kind of, it was easier for them to latch onto that instead of doing like alternate things, which they can do now. Is that what you saying? If it's,

Dan Knauss: yeah, if it's really true that, that you put your, your business in the hands of a freemium type of product and the free versions in the repo, and this is the only measure you have of, of your potential market size.

That's choices you made. I, I . I mean, there are a lot of other, And you went in someone's house and, and this was here once and, and some years ago it wasn't there. And, um, I, I understand why that, that feels like a, a breach of trust. [00:34:00] But no one ever had a contractor understanding. To the other one, to anything different that this is, that they have a right to this.

Um, I,

Nyasha Green: uh, I think the analogy is, you know, you went into someone's house and they said, Hey, it's an open. And you can use this thing right here. And they're like, Okay. And they use it for years and then they walk into the house one day and it's gone. And the person's like, Well, it's gone. Oh, well tell me why you needed it.

Dan Knauss: Well, it wasn't quite that, It was more like someone, someone's been coming in the back door in the kitchen and they took the beer cooler.

Nyasha Green: Yeah. Someone else has been like sneaking in and doing bad stuff and now everybody, we can't pay forward.

Dan Knauss: We gotta go to the, Yeah, we gotta shut this down and, and go and address this.

And,

Nyasha Green: but there was no communication on that. I found out about the, the communication is cut that through somebody.

Dan Knauss: There's, there's two levels. If you look at it, there's a, there's a much higher level thing here with how much bigger entities are using this data. Mm-hmm. and potentially abusing it, and the need to get everyone on the same page, and [00:35:00] everyone has the same data and even has the ability to hide it.

If you don't want your business exposed or your dad exposed that maybe that you can, you can put a privacy control on it. Mm-hmm. , but the, the rank and file the small. Smaller business entities that are upset because they've really been relying on this. Um, totally understand that. But it, it does raise questions of why you have that level of dependency and does this number really do all that for you?

Is your business truly going to, to tank or suffer in some way with without this and could having it taken away, whether are your options, do you. Are there any kind of creative ways forward then? Um, I, I would think that there, there are, having watched that space enough and how different businesses operate partly in using the repo, not using it, um, and how they do their marketing, how they do their relationship with their [00:36:00] customers.

Um, I, I think it. It's something that matters a lot to people, like you're saying, who are, who are small and maybe don't have the capacity, um, or it's a part-time thing or a side part project. Mm-hmm. , and they're leaning heavily on this rather than other things that maybe they don't have time to be doing.

But it raises questions about what's ineffective, um, business model, what, what's good data and how do you get it? And, I think that there's, from above, there's a bit of an attempt to push that question on that part of the business community. And I don't know if that's an effective way to do it, but it doesn't seem

It's not nice, it doesn't build trust. Uh, but I don't know, I don't know given enough, uh, pain points maybe. I don't know. We'll see where. Where it goes and the people caught in between on it, I, I feel for them. But, um mm-hmm. , [00:37:00] I don't have any, any reason to, to distrust those who have tried to be mediators and I, I think they're, I'm glad they're, they're there putting, putting in their 2 cents.

Nyasha Green: I feel bad that they've had to be mediators. This is a, a lot to push on someone. It is, but I am interested to see where this goes. And I'm glad people are talking about it. I, I, I know communication is a bit as of a doozy sometimes, but I'm glad people are talking about it. Um, I'm, I think we need to revisit it.

Listen, visit this cuz what if it just blows over?

Dan Knauss: I don't think it'll blow over. I, I think it's, I don't, I don't either. It's like a watershed,

Nyasha Green: I don't think at all. . Yeah. But I'm interested to see where it goes. ,

Dan Knauss: but it, there is, there is some sense of, um, a desire to redefine that part of the ecosystem, that culture there.

Yeah. Definitely not wanting a [00:38:00] leaderboard of winners and losers or top 10 or something like that, but have some kind of helpful metric that motivates people that, um, is useful to them and isn't something that can be gamed and that someone higher up isn't pulling out and trying to figure out how can we game these stats or.

Aggregate enough of this to, I don't know, build an even bigger secondary market for plugins, like a Zillow of plugin and that number is over your head as your business value and, and you wanna flip, you know, you wanna sell. Like this is, things have been moving in that kind of direction. I, yeah, call it financial, a financialized market.

And I don't, I don't think that's really in most people's interests when, you know, it's like, When the housing market isn't people's houses anymore and or their homes or community or neighborhood, it's just, what's the number on this here today and what can I get for it if I were to sell it? Give me a number.[00:39:00]

You know, there was a bit, there's been a bit of a movement in that direction. I question the, the health of that, but it's really a question of pH kinda economic. Culture, open source culture philosophy. What kind of market ecosystem do you want to have? And I think from above they're being pretty clear that they want something more cooperative down there, which is tough for people to swallow because on a higher level, these are, they're the corporate entities that are playing full bore, um, corporate capitalism, you know, on a, on a higher level.

Mm-hmm. , um, where. No one's suggesting co-opetition between hosting entities. Entities I love, but maybe they should, you know, I mean, in a way, um, it is, it is throughout open source. I mean, there has to be some level.

Nyasha Green: I'll suggest that on Twitter. Yeah. You'll be breaking with me. I, I think

Dan Knauss: I'm really like the cons really in, in [00:40:00] favor of that.

I think I'm not a, I'm not a unrestricted market person and I, I don't think the idea of a commons. works with that. You do need limits and at least a culture with some kind of consensus on, hey, we don't overly extract this here and there. And, but that's right. That's, that's not a conversation you can have in normal corporate America.

Um, Oh no, But it isn't, it is an open source thing and, um, how do we help each other grow? While in the midst of some degree of competition, um, that's a really worthy discussion. And uh, it's unfortunate. I think that the trust issues are high and the confusion and eventually misinformation may be high and we can't have that appropriate conversation.

I hope we can, but mm-hmm. . [00:41:00] Yeah. Well enough said about that one. I'm not gonna speculate where it's gonna go, but it's been a weekend. It's been a season,

Nyasha Green: Yeah. Oh,

Dan Knauss: The um, the last thing I was gonna ta I don't think we'll really tackle it too much. No one's looking, no one's looking at this. Have you? Um, I haven't found a single person. I'm, I'm start. Poke around and mm-hmm. more technical sources. And I'd really love for feedback from, from anyone who has, um, closer familiarity with government policy that's emerging around security.

Um, there's a, there's finally, this stuff goes back a few years, but there's a senate bill, um, that's very specifically targeting open source and security and how we can, how things can be changed. [00:42:00] to, I think ultimately is, you know, it's about mitigating risk that, um, the US federal government, really any go, any government's always concerned with risk.

They're highly invested in open source. Um, and it's not open source in particular, Most people will point out software across the board. Um, how can this be exploited and hacked has gotten into the public eye and into. , the, uh, the eye of people in, um, in government whose job is to focus on things like supply chain, security, that, you know, things that are considered public infrastructure, um, in a national interest that we need to secure and can't just have people hacking through, exploiting, you know, whatever they think is going on.

But , there have been plenty of examples and there always will. Will be some. [00:43:00] So we just, we haven't really seen that, um, that come down before and I think we will soon. So have you, have you seen anyone talking?

Nyasha Green: Not really. Um, it seems like something Rob would tackle, um, top Yeah, I think you'd be interested, but, um, I'm, My input is as someone who has worked for the state and federal government in a tech capacity, I don't have a lot of faith in this.

Right? Can I say that?

Dan Knauss: Why? Get in trouble? I don't think you'd be,

Nyasha Green: Will they come snatch my microphone? Yeah. bust through my window in the back.

Dan Knauss: Um, you aren't gonna quote the giver, are you?

Nyasha Green: Oh, I got other quotes, but I, One per episode. It's all get, um, Oh God.

Dan Knauss: I'm from the government and I'm here to help.

Nyasha Green: Please. No. Um. I, [00:44:00] I understand. Okay. The big, uh, the big hacks that have been going on, like the, having the Uber , um, you know, there are a lot of con security concerns out there. I get it. But I don't see, I guess I just don't know enough about this bill to see what they're going to do to help. I just feel like it's more government regulation.

I feel like I found very, I feel like I found very. Pro Capitalism this episode. Hmm. I'm thinking

Dan Knauss: on the one hand. Yeah, but on on the other. Yeah.

Nyasha Green: Ah, stop me when you see, when you hear stuff. I'm just kidding. I'm kidding. Um, dang. I do now I have to, I have to sit with my thoughts now. Um, no. I get the security issues, but I really don't see what they're gonna do to help, is basically what I,

Dan Knauss: Well, it is, I think everyone does have a common problem.

It's mostly. D updates. . Mm-hmm. , The, and how they get. Um, so if you have unup updated, the, the largest problem, you have a really, really big [00:45:00] attack surface. Like the log four j log four shell thing was under the auspices of Apache Project. Uh, it wasn't that something wasn't unmaintained and, but there was, um, uh, a, a security vulnerability that was discovered that had been around a long time.

Just no one had noticed it. And then you needed to patch it quickly and, and distribute. All around something that's very widely used, and that is the, the tricky spot. How do you get mm-hmm. , you can't. So in terms of, of WordPress, there's all these really old installs out there. Mm-hmm. , Um, and some are so old, I, you can't push an update too.

Mm-hmm. , you'd have to have anyway. Forced updates have become more of a, a less controversial thing. There was a day, oh probably. Not too long ago, year or two, um, when it was, it was controversial for, uh, again, a decision [00:46:00] made by through unknown processes and deciders to we're just gonna push a forced update on an insecure plugin or some core thing, um, that's emerged and, and that can be done just pushed down.

And I think that's just becoming more of, of the norm for security. Reasons and how that, there hasn't been a really discussion of that, how that fits in the ethics of open source. Um, if I choose to use this software, can you push changes to it against my, um, consent or without my consent and change my client's sites and stuff like that.

Um, yeah, I think we've kind of moved into a place where, It's kind of like getting a vaccination, like, like, Oh Lord, please, you wanna opt out? You wanna opt out to this? Um, there's a real problem, um, to doing that, but it, I mean, I, that too. I, I, These are, these are [00:47:00] two sides to the openness and, and freedom and rights, Individual rights versus collective.

Um,

Nyasha Green: I will not be hopping into the vaccine debate. You know, I'll debate anything that is scary to me. , I'll still debate it, but people are scary when we talk about vaccines. I get scared. Um, but I, I think that to me, where it goes to me in my mind is for security updates. We don't talk enough about, about how computer illiterate, I guess is how you would.

Mm. A lot of society is getting, especially when you think about the younger generations who are dependent on their phones and tablets and they don't really know how to use computers anymore. Sure. It's like, um, you have older people who, you know, have struggled with that, and now we have a younger generation and then it's like us in the middle.

So I think, I think that's going to be an issue because we're forcing people to. It's update and they don't know, You know, they know one version they [00:48:00] can't learn, or not that they cannot learn newer versions, but there is not a lot of adequate education out there to learn newer things. And I'm not just talking about WordPress kind that's in my mind, but that goes through a whole host of other software.

I just, I think we need more literacy before we do stuff like that. I mean, I'm not opposed to it at all. Um, I.

Dan Knauss: It would certainly help for trust again, like, um, if you, I think more and more people are just expecting and, and vaguely, maybe they don't even understand that their devices are being updated all the time.

Yeah, I monitored all the time.

Nyasha Green: Definitely. Don't they? Definitely. Don't you remember when they said 5G was like causing covid? Did you hear that?

Dan Knauss: Um, that okay.

Nyasha Green: Conspiracy theory. That was one. Yeah. Yeah. And I was like, What? And like it was, people were send me stuff, they were like, You're in tech. Is this true?

And I'm like, What? And I'm like, Why would you even begin to believe [00:49:00] this? Where is the correlation? It's like people really don't. Anything . And it's like, you know, I'm not calling people stupid or ignorant. Please, if you're listening and you sent me a covid conspiracy theory, I am not attacking you. Um, I, it's just that people are, there's too much lack of information.

I feel like that's the theme of this, uh, of this episode. If you don't give people enough information and literacy, they'll speculate. They'll create their own narratives and then they'll spread them. Right? And then we have all this what? And then we'll hear stuff when we say what. Yeah. What I do that like 16 times a day, so Right.

It's, they, they have so much more to do than just force updates, but I don't have the faith that they will do that. That's me.

Dan Knauss: Well, there, there's a lot, there's a lot that can be done in, in testing and and security practices to make more secure product, but there's always gonna be stuff that just needs a hot fix.

It needs enough to push to it. Dependencies that aren't even within the project, but that we use and that some other project [00:50:00] uses. Everyone's got to be able to, um, verify what they're using, what version it is, maintenance status, and how do you, how do you quickly update a lot of stuff across the network.

I think that's all good, but yeah. What, what you're saying with a highly, with something, um, as ubiquitous as WordPress or. Apps on your phone. Um, people aren't, it's better if you can get them educated enough to trust that, okay, this is how this is done and mm-hmm people are trying to keep this secure and here are the risks and so on.

And, um, maybe there's some kind of catchall consent. If you know you're using this, this is what's gonna happen. It would be great if, as a community, talked more about those things too, and then mm-hmm. , um, informed people of, of what to expect about security with client work. It's totally, [00:51:00] absolutely necessary to, to explain about the importance of updates, maintenance, and security issues, and, and that being a constant ongoing process.

But when, when people don't understand and then something happens, you get what? The demonn haunted world. I keep thinking of this essay that that's a Carl Sagan book. And Corey doctor wrote a great essay a few years back when, when Volkswagen was uh, uh, gaming their catalytic converters or what, whatever that was when they, whoever hooked the hook, the cars up for testing to emission standards.

Um, it. The computer would realize, ah, we're being tested, so let's cheat. And we go into cheat mode and give a different output than, um, when you're on the road, you want more power delivered to the user and it's actually over emission standards. They got caught for that, but it was a sophisticated software [00:52:00] thing.

BMW did this to, uh, I wanna pronounce these in German way, Ba a. I, I don't know how many did this, but I was talking to a friend of a friend musician who bought one of their sprinter vans. He's really, uh, fancy bmw, um, vans, and they got, they had to do a recall on all their, Their catalytic converters, um, because they had a cheat system in it too, I think.

And they had agreed to some, you know, there was a, there was litigation and they just agreed to replace it all. Not that they had done anything wrong or something like that. And, and he was in the states, he's Canadian, bought this thing in, in Canada and it was in the States and the computer on the car, and his van started saying, You have 10 more starts.

You gotta get this to a dealer, Do the recall, have the part swapped out, and if you don't and, and you need to do that in 10 more starts, you start, you stop and start 10 times this thing's not gonna, it's [00:53:00] gonna be towed, you know, It will not, your, your vehicle will no longer function. Um, so it's like ransomware built into thereby the, the manufacturer of your vehicle.

Um, huge. Shift from . I don't think you knew that that was even possible. They left the thing running.

Nyasha Green: Well, , that reminds me. I do. Because that reminds me of the, the, I don't know if I've never had it, but I've known people who've had these type of cars. If you don't make a payment on your car, you miss a payment, they cut.

They really just lock your car and then you can't crank your car up. Yeah, you can't use your car. You've never heard of that?

Dan Knauss: Like they do remotely through the card. They do it remotely disabled.

Nyasha Green: I'm, I'm, I thought that happened to many people. Like I've had people go to pump gas and then they can't crank their car up and they'll say, Oh, you owe it's money.

Dan Knauss: My car is older than my oldest kid. I have a 1997 crv. Like the early years were, were really good. I have a Honda [00:54:00] guy, um, who um, yeah, like, yeah, I'm an old tech person, , so you couldn't Yeah,

Nyasha Green: that's, but that's like, that was kind of old. That's like, I learned of that when I was like a teenager and that was like, oh my.

I am about to turn 32. I was around 15. That was, I'm doing math 17 years ago, .

Dan Knauss: So yeah, I think that's, I stuff should be built to last some things and maintain. Oh yeah, definitely. And I don't like the idea of. Of being surveilled and controlled remotely. Oh, yeah. Um, and that's, um, that's the world we're moving into.

Mm-hmm. and to some extent there, you know, well there's real abuse and ethics issues and uh, personal autonomy. And I don't think that kind of car system is at all what anyone in open source wants or, or just coming. But there's always a trade off to, uh, with security, how do we, how do we protect. [00:55:00] Ourselves, Um, the most people efficiently.

And it's, it's by overriding, you know, anyone who might individually say, Wait a minute, I wanna evaluate this update code before, you know, most people are just gonna sit on an unup updated thing and mm-hmm not know what's going on. And that's, um, ultimately you have authorities saying that's just not okay cuz it's a security risk to.

Much more, much more significant higher level interest than, you know, Bob Smith with his whatever software he is running. Mm. Well, I think that's a, that's just a fascinating, ethical, intellectual thing, and I, I hope, I hope that we can find a few people to kind of dig more into that as, as that goes along.

But, um, yeah, trust. Everything's about trust.

Nyasha Green: You [00:56:00] made me think about trust falls. Trust. Trust falls when someone like stands on a chair and you all hold hands. Oh, that,

Dan Knauss: Yeah. I've never done that. Uh, no. I didn't

Nyasha Green: want, I was scared. Yeah. I didn't trust, I did not trust those people. But, but no, you're right.

Trust is, is that today's word? That's a big word for Elmo. .

Dan Knauss: Yeah. Just cause people are being, just cuz people are being nice and communicating well with you doesn't, you know, you assume good intentions, but I mean, trust can be betrayed in so many ways or failed, um, even with the best of intentions. And I think how we recover from it, there's no ideal state, you know, no human group is gonna have pure trust unless they're completely in denial, like a cult or something about how everything is awesome.

There's always damage. In and histories of, of um, reasons not to trust each other in any long relationship. [00:57:00] And you kind of have to find a way to be resilient through that and recover from it and reassure each other. Yeah, we're aligned. We want the same things, pretty much. Um, I'm not, I, you know, and I've got your back and that's what we need.

It's hard to come by.

Nyasha Green: I agree. Trust in communication.

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Olivia Bisset</span> at October 07, 2022 02:16 PM under WordPress.org

Post Status: Diversifying Revenue, the 50% Coding / 50% Marketing Lifecycle, Active Install Clawback, and Turbo Admin

WordPress Design & Development Around the Web for the Week of October 3

Here’s a glimpse of what’s going on in the world of design and development in the WordPress space this past week. As I look around the Post Status Slack and the chatter on Twitter, this week has been filled with conversations emphasizing the struggle of running a business as a solo devpreneur.

Estimated reading time: 0 minutes

Diversifying Revenue Streams as a Solo Devpreneur

Web Developer, Entrepreneur, Organizer, and The Man in the Arena Carl Alexander has shared his journey creating Ymir, writing a book, freelancing, and how much he actually makes from all that to live each month. TL:DR; Not as much as you’d think. This kind of transparency into the entrepreneurship side of WordPress can be so valuable and helpful for everyone to see. I suspect many of us can relate to this, especially in the WordPress space where our abilities as developers, designers, and builders are often taken for granted or undervalued. Carl’s answer is creating a Github sponsored page, which is a great way to show appreciation for a developer's work, especially the free plugins that they maintain. Aurooba Ahmed has made a list of developers you can sponsor as well.

The 50% Coding 50% Marketing Lifecycle

We see it all the time: some application or website comes out with half the features of a similar idea you’ve been toiling away on for months, maybe years, but they get all the traction because they market the heck out of their brand. Chances are they also probably hired a small marketing team or agency to help them, and for many of us, we don’t have that luxury. Enter the 50:50 concept from Jon Yongfook of Bannerbear. It sounds like it would be complicated but it’s really simple.

Oh Look, Somebody Took Something Away and Didn’t Communicate About It Well, That Tracs

This week’s #WPDrama has surrounded the abrupt removal of the install growth charts for security reasons on WordPress.org and the Trac ticket created in response to that from Post Status member Mark Zahra which highlighted the frustration felt across the plugin community. I cannot stress enough that all of these frustrations could have been avoided by good communication with the community right after the removal. Instead, everyone was left to piece together different conversations on Twitter and Make WordPress Slack to understand what might be the future for getting similar or even better analytics into the Plugin Directory. As of this writing, there still is no response from the team that removed this feature or what a process might look like for future analytics improvements. Again, an open-source project the size of WordPress should have a team just to help write a synopsis of major changes so anyone can understand the why, when, where, and what’s next.

Cool Tool

Each week we feature one cool tool that can help make your life easier as a WordPress builder.

Move Around The WordPress Admin Faster and Cleaner

Let me introduce you to Turbo Admin, from Post Status member Ross Wintle. This little tool makes the WordPress Admin feel more like using the Siri or Alfred bar by giving you a command palette and a few wp-admin improvements like being able to hide all notices. Turbo Admin is packaged primarily as a browser extension for Chrome, Edge, and Firefox, but it also comes as a plugin. What’s really cool about the extension is that you can use it on any site you have wp-admin access to with no need to install the plugin. This makes it very useful on client sites without adding another plugin to their stack.

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Daniel Schutzsmith</span> at October 07, 2022 01:45 PM under WordPress.org

Akismet: New API Endpoints to Keep Track of your Akismet Usage

We’ve recently deployed, and documented, two new API endpoints that can help you automate keeping track of your Akismet usage, as well as of which sites are querying our API using your Akismet key.

  • Usage Limit: an endpoint to keep track of your Akismet API usage for the current month.
  • Key/Sites Activity: an endpoint to keep track of the sites that are using your API key.

We’re Here to Help

If you need help integrating with these, or any other of our API endpoints, please don’t hesitate to get in touch.

by Stephane Daury at October 07, 2022 01:41 PM under Releases

Do The Woo Community: WooBits: The Future HQ of Do the Woo in Porto, Portugal

I haven't talked much about our move to Porto, Portugal and what this means to Do the Woo and its next iteration.

>> The post WooBits: The Future HQ of Do the Woo in Porto, Portugal appeared first on Do the Woo - a WooCommerce Builder Community .

by BobWP at October 07, 2022 10:01 AM under WooBits

October 06, 2022

WPTavern: Registration Now Open for WP Accessibility Day, November 2-3, 2022

WP Accessibility Day 2022 is taking place next month on November 2-3. The one-day virtual event features 24 hours of talks on building accessible websites in WordPress. It is independently organized by volunteers from WordPress’ Accessibility Team and other community members.

The schedule for the event is currently a password-protected page but should be available soon. The YouTube recordings for the 2020 event offer a good example of the kind of topics attendees can expect – building accessible menus from scratch, Gutenberg’s accessibility with screen readers, how to use ARIA in forms, essential HTML tweaks for accessible themes, and more. A single track will run approximately 26-28 presentations during the course of the event.

WP Accessibility Day would be remiss without accessibility accommodations in place. Organizers are endeavoring to provide the most accessible experience possible with the resources they have, including the following:

  • Videos will stream via YouTube with closed captions.
  • Transcripts will be available through StreamText.
  • Slido will be used for chat and submitting questions to the speakers.

Opening remarks will begin at 14:45 UTC (11/2/2022 at 10:45 AM America/New_York) and attendees are welcome to join for any sessions throughout the 24 hours. Registration is now open and it’s free to attend. There is also a $150 microsponsorship option. WP Accessibility Day has 16 corporate sponsors who will provide attendees with virtual swag and prizes.

by Sarah Gooding at October 06, 2022 09:33 PM under accessibility

Post Status: WordPress 6.1 Beta 3 • Active Install Growth Chart

This Week at WordPress.org (October 3, 2022)

Help test WordPess 6.1 Beta 3! 🧪 Check out the latest features that are coming in the 6.1 release. 📦 Follow updates about bringing back the Active Install Growth chart. 📈

News



Thanks for reading our WP dot .org roundup! Each week we are highlighting the news and discussions coming from the good folks making WordPress possible. If you or your company create products or services that use WordPress, you need to be engaged with them and their work. Be sure to share this resource with your product and project managers.

Are you interested in giving back and contributing your time and skills to WordPress.org? 🙏 Start Here ›

Get our weekly WordPress community news digest — Post Status' Week in Review — covering the WP/Woo news plus significant writing and podcasts. It's also available in our newsletter. 💌

Post Status

You — and your whole team can Join Post Status too!

Build your network. Learn with others. Find your next job — or your next hire. Read the Post Status newsletter. ✉ Listen to podcasts. 🎙 Follow @Post_Status. 🐦

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Courtney Robertson</span> at October 06, 2022 03:40 PM under WordPress.org

Do The Woo Community: Open Source, Pushing eCommerce Businesses to Succeed

Arthur shares his thoughts on the impact WooCommerce and open source has brought to his clients and his community.

>> The post Open Source, Pushing eCommerce Businesses to Succeed appeared first on Do the Woo - a WooCommerce Builder Community .

by BobWP at October 06, 2022 09:28 AM under DevLife Snippets

WPTavern: WordPress.org Plugin Developers Demand Transparency Regarding the Removal of Active Install Growth Data

Frustrations are mounting, as WordPress.org plugin developers plead with WordPress leadership to restore access to the active install growth data for plugins after it was removed last weekend without any public discussion. A ticket calling for bringing back the charts is home to a heated discussion on the matter but so far the developer community has not been able to get any clear answers on why access to the data was cut off.

In his first response on the ticket, Matt Mullenweg asked developers to explain their reasoning for bringing the stats back, without communicating why they were removed in the first place, asking them to present “that side of the argument.” No decision makers have confirmed this to be a security issue.

Mullenweg’s second response on the ticket evades the questions plugin developers are asking and instead states that the availability of an API for this data was never promised:

As has been pointed out, there was never an API made for public use or with any promise of availability, people just reverse engineered and exfiltrated the data to create the chart.

I definitely think we can show some more stats to plugin authors about their own plugins, and I’m hearing that for newer plugins every new install can be a motivator. Feedback loops are important. It will take some work but it’s doable.

While he seems open to finding a way to show more stats, Mullenweg did not promise the return of the active install growth data, the most important metric for plugin authors tracking the trajectory of their user bases. Many businesses rely on this data to make product decisions.

“I think that one of the main things (from my perspective) is that this change has made us feel vulnerable and powerless,” WordPress plugin author Ross Morsali said.

“I’m about to change a repo based on three years of work, and I won’t even know how it does until I lose or gain at least 10,000 users. Feels kind of insane, not a good foundation for my business.”

Morsali commented on the ticket to explain the importance of the data:

It is literally the only way to know how your plugin is doing – which in itself, is pretty bad – the removal of it just put blindfolds on everyone – so we have to wait until the next tick of install growth (up or down) to get any idea – it’s not reasonable – this can take 6 months or more in some cases, and literally forever if your plugin is neither going up or down in active installs.

Participants in the discussion on trac were so inflamed that one suggested plugin developers should strike by offering no more support, updates, or new plugins to the directory unless WordPress brings back the growth charts. This simply isn’t possible for the many people who make a living from their plugins.

“As someone who is in the early days of trying to grow a freemium plugin, I’m incredibly frustrated,” Equalize Digital CEO Amber Hinds said. “We were using that as one way to gauge the efficacy of our marketing efforts and now it’s just gone. Also, in investor conversations being able to show growth is vital.”

George Stephanis, an Automattic employee who was not involved in the decision, claims that, “This chart was removed due to a Security or Privacy concern,” and speculates that it hasn’t been disclosed yet because it can’t be shared without putting users at risk.

“It was never explicitly stated it was removed for a security or privacy concern,” Earle Davies said in response to this claim. “It was removed due to ‘due to insufficient data obfuscation’ which to me does not mean security or privacy. Privacy is PII which this chart did not include. The obfuscation is because ‘we’ (whoever we is) did not want people to be able to see ‘exact’ stats.

“Framing a summation of this as a privacy or security update isn’t accurate. What may be most useful is if Matt stops flying by with 1-2 sentence non-answers and finally addresses in detail and plain language WHY this was removed. Short of that it should be reinstated ASAP and work on better charts in the future.”

WordPress plugin developers may never know the details behind this chart’s removal. If it is in fact a security issue, this could have been confirmed in a transparent way by the people involved. Instead, plugin developers have been set on edge by the demand that they present their side of the argument for bringing back the stats.

Mark Zahra, the author of the ticket to bring the stats back, tweeted to bring attention to how many people are following the ticket and invested in its outcome.

“Even if 10,000 people commented and appeared to agree that would still be a small fraction of the wider WP community,” Mullenweg responded. “That’s one of the hardest things to navigate in open source, and product and community development generally.”

This reaction drew the ire and frustration of those hoping for some real answers. It also makes it exquisitely clear who has the power in this situation, whether to withhold information or turn off access to data. Despite overwhelming consensus on the ticket from the people impacted the most by this decision, 10,000 wouldn’t be enough to wield any influence over the outcome.

At this point, the protracted lack of transparency in this matter has further damaged trust in WordPress.org as the best distribution channel for free plugins.

“The way that this has been dealt with has made me seriously question if WordPress is the right platform for me, for the first time in years – it’s made me and my business feel vulnerable,” Morsali said.

by Sarah Gooding at October 06, 2022 04:13 AM under Plugins

October 05, 2022

WPTavern: #45 – Alex Ball on Customizing Core Blocks for Clients

Transcript

[00:00:00] Nathan Wrigley: Welcome to the Jukebox podcast from WP Tavern. My name is Nathan Wrigley. Jukebox is a podcast which is dedicated to all things, WordPress. The people, the events, the plugins, the blocks, the themes, and in this case, making it easier for clients to use the block editor.

If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast, player of choice, or by going to WPTavern.com forward slash feed forward slash podcast. And you can copy that URL into most podcast players.

If you have a topic that you’d like us to feature on the podcast, I’m very keen to hear from you and hopefully get you, or your idea featured on the show. Head over to WPTavern.com forward slash contact forward slash jukebox, and use the form there.

So on the podcast today we have Alex Ball. Alex is a lead software engineer at Mindgrub, a digital agency in Baltimore, Maryland. He’s been there for over three years, during which he’s worked on headless implementations, multinational multi-site installations, and much more.

Prior to joining Mindgrub, Alex worked in-house for a company handling a suite of internal intranet type sites, and external marketing lead generation sites. He spent seven years at Baltimore magazine on the editorial staff, before managing their website.

His website leadership experience continues to inform his decision making today. Especially for training clients and making the block editor as easy to use as possible. And that, in essence is the subject of the podcast today.

During WordCamp US 2022, Alex gave a lightning talk in which he laid out some suggestions on how the block editor can be made more straightforward for clients.

Most regular WordPress users have become accustomed to the way that the block editor works. Over time, we’ve understood how things work and where we need to go in the UI to alter things. For many clients, this familiarity simply does not exist. The editor is new and perhaps confusing.

As the block editor is under constant revision, this can create confusion, and lead to mistakes. Add to that the fact that more and more of the website can now be modified inside the editor, and it’s easy to see how mistakes can be made.

Alex talks about solutions to this problem, and he comes at it from different angles. Maybe you lock certain features down so that only certain users can achieve specific tasks. Or it might be that you need to take some time to educate your clients more about the block editor and how it works.

Typically when we record the podcast, there’s not a lot of background noise, but that’s not always the case. Over the coming weeks, I’ll be bringing you recordings from a recent trip to WordCamp US 2022, and you might notice that the recordings have a little echo or other strange audio artifacts. Whilst the podcasts are more than listable, I hope that you understand that the vagaries of the real world were at play.

If you’re interested in finding out more, you can find all the links in the show notes by heading over to WP tavern.com. Forward slash podcast. And you’ll find all the other episodes there as well.

And so without further delay, I bring you, Alex Ball.

I am joined on the podcast by Alex Ball. How are you doing, Alex?

[00:04:07] Alex Ball: Very well, thank you for having me.

[00:04:09] Nathan Wrigley: We are at WordCamp US 2022. We’re sitting in the media room, and Alex has joined me today to have a little bit of conversation about block patterns and blocks and locking blocks and all of those kind of things.

We’ll get into that in a moment, but Alex, just give us a little bit of background. Tell us about yourself, your journey with WordPress. How is it that you’re at a WordCamp, talking to a bunch of people in your presentation.

[00:04:31] Alex Ball: Sure. So I started with WordPress probably in 2007 or so. And at that point I was not a developer, I was an English major. I had been on the editorial staff of our city magazine in Baltimore, Baltimore Magazine for seven years, and people knew what the internet was at that time and we didn’t have a very good site and we needed one. And I somehow talked leadership into letting me take over the site without any of that development experience that was probably critical.

But, I dove right in and got used to it and followed some tutorials for building a WordPress theme from scratch, and just took off from there. So I, I was there for another four years. I worked at another company that had quite a few websites, both internal and external.

And they were across a number of different states in the US, and so working with those, using WordPress on quite a few of them. Landing pages, some internal intranet type things. And then I found Mind Grub, and I’ve been with Mind Grub for three and a half years, and we do all sorts of things from really large enterprise scale things hosted on WordPress VIP.

We do headless installations with a React single page app front end. We do more structured data sort of things where Gutenberg is really not a consideration because of all the structured data that’s going on there. And we have a pretty excellent WordPress team, and so it’s been really beneficial for me to try to carve out that path within our team and help us move forward with Gutenberg because we’ve heard from Matt Mullenweg more than once that Gutenberg is the future of WordPress. That you’re going to need to know JavaScript to work with WordPress in depth, and that when people ask him at WordCamp about the sites that they still have with the classic editor plugin running, and what they need to do about that and when they’ll need to switch those over, he says you’re going to need to switch those over at some point,

[00:07:02] Nathan Wrigley: At Mind Grub, is that a decision that you made more recently, or are we going back several years? You’re exclusively using Gutenberg with a variety of different blocks?

[00:07:11] Alex Ball: We are, no, I would not say we’re exclusively using Gutenberg. It still depends on the site, and we still do raise the prospect of it with a client at the beginning of a project. We find that some clients are aware of it, and really don’t want to use it. We’ve had that reaction so we just go with that and we use the classic editor plugin and we move on.

We have found that most of the time they’re not familiar with it, and so they don’t care one way or another. And when we tell them it’s a more enhanced, what you see is what you get editing experience with more ability to move things around and know what you’re doing before you hit save, that they like the sound of that.

We occasionally have people who say that they’ve heard of it and do want to use it. And I guess those are the three real possibilities there. So, in large part it is we’re moving forward with it and doing that because we know it’s the future, it’s going to be better for the client and they do not have a strong preference.

[00:08:20] Nathan Wrigley: So you are here and you are giving a presentation. I say giving, maybe you’ve already given.

[00:08:25] Alex Ball: I have given it, yes. It was about an hour ago.

[00:08:28] Nathan Wrigley: How did it go?

[00:08:29] Alex Ball: I thought it went well. It was a lightning talk and it was about modifying or customizing core blocks for clients. And I used a metaphor about setting guardrails for clients, that I believe was also recently spoken on your podcast with another guest who used the same phrase, and I heard that one after I had made my submission. But I thought it went well.

It was a lightning talk and so it was really focused on the nitty gritty of using a few blocks as examples, core blocks that are probably the most used blocks. Heading, paragraph, image, button, and talking about the specific options that they present for modifying their output and their appearance. And how to go about doing that. And in some cases it was using PHP to do some things. In some cases it’s enqueuing some admin scripts. And in a lot of the cases it’s using the theme dot json file, which not everyone is totally familiar with at this point.

[00:09:41] Nathan Wrigley: Okay, so it was called customizing core blocks for clients. And forgive me, I was not present at your talk, I may be ill prepared with this question, but it felt from the show notes that you shared with me, the things that you thought it would be good to talk about. The principle of the talk was how to lock things down in a website, so that you could build things and then be fairly sure that when you hand it over, there’s not gonna be that moment where they phone you 24 hours later to say, it no longer looks the same. We’ve had a bit of a play. We thought we knew what we were doing, and sadly we need you to fix what we just broke. That’s the principle, right?

[00:10:20] Alex Ball: Right, Exactly. And you find that the nice thing about working with WordPress is that someone on the client team, when you start the project is already familiar with it. Someone has worked with WordPress in the past. Maybe the site that they’re replacing is a WordPress site. So they’re somewhat familiar with it, even if they’re not familiar with the block editor yet.

And before I even get into developing and writing the theme, there’s already been a large process with our design and UX teams designing the site, and those stakeholders, the client, are sitting in these meetings reviewing those designs, exploring design ideas early on to establish things that they like and don’t like.

There’s a lot of time spent on that design, and there’s a lot of thought that goes into it. From a design perspective, the colors that they choose to compliment one another, the fonts that they choose, the UX decisions for what type of menu it might be, how this might look with this. And so all of that work is being done, and the client is obviously paying for that. So it’s important to make sure that that is consistent throughout the development process and after you’ve handed the site off.

Hopefully when we do a project, we are creating a relationship with this client and not just simply handing over a site and waving goodbye to them. So, it’s important to make sure that they feel like they have the control that they need to do what they want to do on the site, but not to feel like anything they touch is going to break something or look bad or go way outside the bounds of this design system that has been carefully crafted for them.

[00:12:14] Nathan Wrigley: I’m pretty sure that 99% of the people listening to this podcast will know exactly what the Gutenberg UI looks like. They can drop paragraph blocks in and they can drop various other bits and pieces in. But in your presentation, the summary of your presentation, you make this point, which is borrowed from somewhere else, I’m sure.

And you said with great power comes great responsibility. And I guess if you were back in the days of the what we’re now calling the classic editor, you really didn’t have any options there. You were just pasting text. There might be some shortcodes being dumped in. And now of course in the era of Gutenberg, there’s a whole load of things that every single person dropping into a default install of WordPress can change.

You know, there’s options to change the color of the text, and there’s options to increase the padding and the margins, and a whole myriad of things in the right hand column. And I guess this is the piece. You’re trying to make it so that there are constraints in what the clients can alter in the Gutenberg UI?

[00:13:15] Alex Ball: Exactly.

[00:13:16] Nathan Wrigley: Okay. You also have called your presentation, well you use the phrase customizing core blocks. Why just core blocks?

[00:13:24] Alex Ball: Well, the reason I went with core blocks is because they’re obviously present in WordPress at this point, and there’s no extra work to be done. Everyone has probably seen them in WordPress, even if you have decided to go a different route and install a plugin that gives you some other blocks that you feel you might want some sort of carousel or gallery or something like that, that you like the look of or does what you needed to do. You’ve still got those core blocks there.

So everyone is working with those, that’s a sort of common denominator. And also because when we talk about being as efficient as possible when building this site and giving the client as much of what they want as we can give them. It makes more sense to start with those core blocks, which are already there. We don’t have to do any extra work.

We don’t have to waste any other time either creating a custom block that’s essentially reinventing the wheel. They are there, and if there are good ways, and not necessarily easy, but ways to customize them, that makes the most sense for getting these things off the ground.

[00:14:41] Nathan Wrigley: If we go back several years, it feels like it’s quite a long time now, when Gutenberg initially launched, there was a real kind of schism in the community. Many people felt that it wasn’t fit for purpose at that time. You know, there were limited options. It was all very confusing and so on. I feel like we’ve crossed that Rubicon now. We’ve come to the other side and, most people here are familiar with it and working with it.

That being said, the reason that these third party plugins come along, which drop in the carousel and drop in the accordion and all the other different things, is because there are some fairly big limitations to what core blocks can do. You know, there aren’t all of the different options and those third party suites are there to fill in that gap. What are your feelings about your ability to create almost any layout with core blocks? Is that now possible?

[00:15:30] Alex Ball: Whew. My gut is telling me no. And I think that this was part of that recent controversy that I’m sort of surface familiar with, where they released a new design on the wordpress.org site for the homepage and the downloads page. And again, referring to something that Matt Mullenweg said, he talked about how it could have been done more quickly than it was.

And he also referred to like Wix and Squarespace and page builders. And it generated obviously a lot of feedback. I think some people were in agreement, and others did not agree. I think that a lot of the sentiment out there was that you could still, with the core blocks available to you, not necessarily go ahead and just do this as easily as people were making it seem.

I think that I had seen something on WP Tavern about a YouTuber who is very, very good with the block editor, and like whipped through in one of his videos, the building that homepage design through the block editor alone, and feeling like he got 95% of the way there pretty quickly.

So, speaking to what I’m most familiar with, which is our projects and the designs that we put together. There has not been a project in the last couple years where we have come up with designs for it and been able to do even more than half of it with just core blocks. I do like to use the core blocks as much as possible for the reasons that we already discussed, but it usually involves quite a bit of custom work.

Now, our designers also know that, and they’re certainly designing for things. There’s always that interplay of design and development, and getting a design and explaining why something is a little difficult or might not work with this or that, and going back and forth and collaborating. The main thing I think is that the core blocks have a lot of these options and it’s sort of like, I think it was the Abraham Lincoln quote, which is, you can please all of the people some of the time, or you can please some of the people all of the time, but you can’t please all of the people all of the time. And so it just can’t be all things to all people.

[00:18:02] Nathan Wrigley: I guess the nice thing about Gutenberg blocks is that they nest. You can put in a block and then inside of that, let’s say, I don’t know, it might be a group block or something like that, and then you can nest things. And one of the nested items could be a core block, and then you are going to unlock the ability to modify that core block. Let’s say it’s a paragraph block or a heading block or something like that.

So it may be that you’re doing custom work with the parent blocks, but the bit that you are trying to open up to the client, if you like, may just be a core block, which is a child of that. Have I kind of got where you were describing there?

[00:18:40] Alex Ball: Yes, that’s exactly right. And that inner blocks element that you can use either if you’re building a custom block in React, or if you decide to go the route, we tend to use ACF on a lot of sites, and ACF has a very easy method for creating blocks as well.

But you’re not constrained to just using ACF fields on those. You can use that inner blocks element in an ACF block to include a core block or core blocks. And we’ve definitely done that because again, sometimes you have a core container block, like a columns block that’s going to give the user a slider that lets them choose the number of columns.

And we don’t necessarily want that. I wanna use the paragraph block within that, but I don’t want the ability to slide that thing all the way to the right and, insert a six column layout, because that’s not gonna look good anywhere.

So I think that you nailed it. I think that there is always that combination of some of that custom work, and some of the core blocks that we’ve already got that make it easier to bootstrap things.

[00:19:55] Nathan Wrigley: I have a feeling that if we were to have this conversation, I’m gonna say 24 months. I think if we had the same conversation in 24 months, I’m imagining that some of the things that you can not achieve at the moment with core blocks, that will have gone, and the layout will be almost entirely possible with core blocks. I certainly know that that’s the intention.

We’re not quite there yet, but some third party things, I’m thinking of things like GenerateBlocks and so on at the moment. They’ve really got the whole, the grid layout and all of that really well defined and sussed out. And I just think it’s a matter of time, so maybe it would be a moot point in 24 months and we might just be able to skip over that.

[00:20:32] Alex Ball: I think that you’re right. I agree with that. I don’t know if there is an equivalent to Moore’s law about, you know, how quickly Gutenberg is going to double or whatever to make itself kind of the next version of it. I know that they, well, I think that they think of it in phases. And this imminent third phase, whether it’s already begun or it’s about to begin, I’m not sure, but that’s sort of the workflow phase, and the emphasis is going to be on collaboration, I believe.

And then after that I think there’s a roadmap for looking at things like multilingual stuff. So, your framing it like that, looking at it in the future, and some of these issues we’re talking about today, being obsolete at that point is correct. And I think is hopefully captured by that phased approach that they are talking about

[00:21:27] Nathan Wrigley: In your presentation notes, you mentioned that you are essentially, you are handing over your work to clients. They’ve paid for their website and you want to mitigate them and you use the word breaking or break. Are the tools for allowing clients to modify this thing, but not this thing. Do they exist in core already? Can you deploy those things or is that custom work?

[00:21:52] Alex Ball: The answer to that is a hearty, confident, it depends. It would be really nice to be able to get very granular with some of these things and let different roles control different things. There is a little bit of that now. We’re starting to scratch the surface with that, as I understand it. Since version six, we’ve got this block locking feature. Now to clarify, before version six, you have the ability to set a template and use that template lock attribute to determine whether the entire template that you’ve defined is locked down and nothing can be added or moved around, or whether things could be moved within it. That existed already.

Now what we’ve got is on the block settings itself, a little lock icon and the ability to do those same things with that block. I wanna lock this block so it can’t be moved. I want to lock this block so it can’t be removed. I wanna do both. You can do both of those things now and, I think it is the can lock attribute. I may be wrong on that.

There’s an attribute that will let you specify whether a user, based on their role, is able to access that lock setting. Now, that lock setting itself is a little bit rudimentary. We’re talking about this and we’re going, Oh man, so only administrators can add the drop cap. We’re not there yet, as far as I know.

[00:23:27] Nathan Wrigley: Yeah. I think at the moment it’s a case of, and I could be wrong about this, maybe things have moved on. I think it’s merely a function to lock it for now. It is locked, but I think almost anybody can go and unlock it. The principle, I think, is to lock it just so you don’t accidentally do something.

But I feel that the things that you’ve described, that’s a real nice roadmap, isn’t it? The ability to be able to lock things in the UI based upon roles. Who knows, even based upon particular users. And so, almost everything comes into play. So as an example, you are an editor, you can do anything more or less, you know, we’ve given you real wide scope to move things up and down, change the colors, change the font, change the text, whatever, depending on which block you’re using.

But you are a different role. Created a new role for some other person in the organization, and all that they can do is move things up and down. Just that, there’s no other capabilities. And I feel that all of that is going to come and we’ll be able to lock people in and out. And at the moment, as you said, it’s all possible if you are a developer, but the day will come, I’m hoping that that’s all possible by non-technical users with the necessary permissions to do that in some kind of UI.

[00:24:39] Alex Ball: Yeah exactly. I feel the same way. And in my talk there’s a bit of a constraint with time. And so I think it comes off a little bit as feeling like I’m referring to this sort of monolithic, the client, as this singular entity and it’s the same everywhere. And obviously it’s not. Every site is different, every client is different, every client team is different.

But even beyond that, you could be talking about situations where you had your stakeholders during the project. They loved the designs. They understand what they’re getting. They understand how to use it. They understand what sort of control they have when they are adding blocks and creating content. And then you have a relationship with them and maybe a maintenance agreement or something, and six months later, they’ve hired someone new, who was not present to hear about why the designers chose this over this. To hear the rationale behind choosing these button styles over these button styles, and getting all of that background on the design and why it works so well.

But they do have some assignment to add a CTA to the website, by tomorrow. And they want it to stand out. And the controls are right there on this button block to choose any color they want for the text and any color they want for the background. And they go ahead and do that. And then you hear from the supervisor, the person that you’ve been working with, who says, we establish this color palette. How were we able to go so far outside that with hot pink. And also, this person didn’t choose an accessible contrast ratio between the button text and the button background colors.

So you can imagine all these different situations where even though you accounted for some of these things, and even though there was a bit of that uncertainty and agreement with the client that you can do this, but you shouldn’t. There are still situations that maybe you didn’t account for that will allow them to go outside the bounds of what was really intended.

And then the counter argument, I suppose, is probably it is their website, and they did pay for all this and it’s theirs. And if they decide they wanna do that, they can. And I guess the only real response to that is that that is fine. It is your site and we’re happy to help you with it. But when you run into these issues that occur because of all that control and your willingness to change these things, then there’s only so much we can do. And if you decide that you want us at that point to put some limitations on there, then we will be happy to.

[00:27:32] Nathan Wrigley: Yeah, there really is no perfect answer to this question is there? There is just what that particular client is willing to negotiate. And it may be that a particular client just wants nothing to do with it and wants to write you email. Every time they want to make a modification, the email comes in and you do it. So they don’t need any permissions of any kind.

There are gonna be the others who are gonna want everything available to them and potentially do a wonderful job, but potentially really be on the phone a lot, asking you to fix things. And I guess there’s a job of figuring out the contracts, and working out, okay, if I give you this permission, that’s fine, but, I don’t know, here’s our hourly rate when things go pear shaped.

[00:28:13] Alex Ball: Yes. and we are not the HOA president who is out here to walk the neighborhood and point out the mortar color in their bricks, that is not an HOA approved mortar color. That’s not us. So I would go back to what I said before where it’s, I hope we are establishing a relationship with the client and that part of that is that collaborative nature and that understanding with them of what they’re getting and what can be done.

And we do tend to have projects regularly where there is training with the client built in, and that is really helpful. Because we’re able to do a walkthrough with them and explain these things, and have them point out things that maybe they’ve already been in there doing content management, and we’re running into something with this or that. And then we’re also able to provide them with documentation that they can continue to refer to. And that is obviously a great opportunity to discuss all of these things.

[00:29:14] Nathan Wrigley: How granular have you gone with this in the past? Have you handed over websites where there’s been literally dozens of users or user roles where they’ve got, this particular user role can do these myriad of things and this other user role can just do far less? Have you really explored this a lot and found it to be fruitful?

[00:29:31] Alex Ball: I wouldn’t say that we have had, or at least that come to my mind right now, too many sites where we have many, many different user roles. You certainly run into sites where there needs to be some sort of editorial workflow and approval process. And I think that that, for the most part, handles those sorts of things.

And I also think that, where we are right now with the block editor, in the future we are more likely to be able to handle some of these things on a role by role basis. Whereas right now it is a little bit more difficult.

[00:30:12] Nathan Wrigley: You mentioned training and that’s a big part. How to describe it? I think it can be quite a tiresome thing to create the training because, on some level you just want the website to be finished and you want to hand it over. But I guess if you are handing over a website based on Gutenberg, and the clients have never seen this before. Creating training materials, being on hand, going to their premises and demonstrating it to them, or creating videos and putting those somewhere. I guess that’s an important part in this puzzle.

[00:30:39] Alex Ball: Yes, yes. We tend to record those training sessions, those, uh, Zoom calls where we’re walking through it and screen sharing. And we did recently go through the documentation, that sort of, starter framework of that documentation, and revise it and go through some of the things that we’ve got in there.

And then obviously every site gets a few different, not even appendices, but main sections. There’s a table of contents and you go through some of the basics of WordPress, but then you delve into some of those custom blocks and sometimes they really need some extra documentation over exactly what each feature does.

You know, you’ve got the different fields labeled and you’ve got descriptions on those labels. But it really helps them to have that documentation to refer to as well, explaining why this happens. Why when I click this, this other conditional field disappears. And it’s because if you do it this way, you’re not going to have access to this or vice versa.

The documentation and the training is not part of every project, but when it is, a lot of the things that we’ve talked about can come up and be worked through, and for the most part solved, or at least established what lines are where.

[00:32:04] Nathan Wrigley: You mentioned at the beginning that you weren’t a developer. You’ve sort of grown into that role. And I imagine there’s several people listening to this who have played with blocks in the UI. They’ve dragged things in and they’ve modified what’s available to them there and, that’s great. But if they want to start tinkering with blocks and they want to alter what the capabilities are with the blocks, the core blocks, whichever block it may be. What are the kind of things that they need to be interested in? Where do they need to be going? What are the documents that they need to read? What are the technologies they need to understand?

[00:32:35] Alex Ball: That’s a very good question. I, a few years ago at WordCamp, did another talk where I talked about coding like a writer, and it was trying to give those non-technical content people more confidence in diving into the code a little bit.

Whether it’s modifying the attributes on a short code. You know, you’ve cut and pasted from documentation from the plugin that provides that short code. But you’re starting to look at that and realize that these different little attributes within those brackets do different things. And what happens if I do this?

Delving into the html behind the scenes a little bit. Getting your feet wet and all that. And I used principles that you would adhere to in writing and also try to adhere to in coding, to get them to feel more comfortable doing what I think you were describing, which is getting into that code a little bit and not simply staying on the surface with just the UI.

And it was things like don’t repeat yourself, which is obviously a massively important axiom in engineering. It was things like, get to the point as quickly as possible. It was things like writing good documentation. Commenting the things that you are adding to the code so that other people know what it means.

That’s the closest thing to that sort of pure editorial writing that I touched on. And, so I think that hopefully people felt a little bit empowered by that to go, Oh, okay, well, right. So this is the way I would approach the lead in my story. And so this is how I’m going to approach the template on this page or the way I structure these blocks.

[00:34:33] Nathan Wrigley: When you began your work on blocks, were there any places that you found to be particularly useful that helped you understand the technologies behind? Because it is a big, it is a big change. If you’ve been working with PHP for the last 20 years, not really wanted to stray away from there, there’s, there’s a lot to be learned.

And I’m imagining that you’ve found better places than others, shall we say. What are some of the resources that you have enjoyed using that you would recommend to others, should they be interested in this?

[00:35:00] Alex Ball: The first one that comes to mind that I think I hit on pretty regularly as I was learning was Bill Erickson’s website. He’s got a lot of good information and it appears pretty high up in most Google results. So it shouldn’t be too difficult to suss out his information on it. But obviously going to his site and looking through things tagged as Gutenberg should do the trick as well.

Well, and I mean obviously Stack Overflow, so much information on there. There is a trainer online named Zach Gordon, who does a lot of JavaScript based training, which is what you’re going to need to deal with, if you are starting to create those custom blocks and you’re not going to use some sort of scaffolding or use that Advanced Custom Fields approach to building them.

I remember using one of his courses to dive into some of that and get a lot of good information from him. And, along the way we started modifying that starter theme that we use for projects to make it easier to build it into a, a block theme.

[00:36:14] Nathan Wrigley: Alex Ball, thank you so much for joining us on the podcast today. It’s been a real pleasure chatting to you about blocks and locking them down and so on and so forth. Thank you.

[00:36:22] Alex Ball: No, thank you. It has been my pleasure.

On the podcast today we have Alex Ball.

Alex is a Lead Software Engineer at Mindgrub, a digital agency in Baltimore, Maryland. He’s been there for over three years, during which he’s worked on headless implementations, multinational multisite installations, and much more.

Prior to joining Mindgrub, Alex worked in-house for a company handling a suite of internal intranet-type sites and external marketing lead-generation sites. He spent seven years at Baltimore magazine on the editorial staff before managing their website.

His website leadership experience continues to inform his decision-making today, especially for training clients and making the block editor as easy to use as possible, and that, in essence, is the subject of the podcast today.

During WordCamp US 2022, Alex gave a lightning talk in which he laid out some suggestions on how the block editor can be made more straightforward for clients. Most regular WordPress users have become accustomed to the way the block editor works. Over time, we’ve understood how things work and where we need to go in the UI to alter things.

For many clients, this familiarity simply does not exist. The editor is new and perhaps confusing. As the block editor is under constant revision, this can create confusion and lead to mistakes.

Add to that the fact that more and more of the website can now be modified inside the editor, and it’s easy to see how mistakes can be made.

Alex talks about solutions to this problem, and he comes at it from different angles. Maybe you lock certain features down so that only certain users can achieve specific tasks. Or it might be that you need to take time to educate your clients more about the block editor and how it works.

Typically, when we record the podcast, there’s not a lot of background noise, but that’s not always the case. Over the coming weeks, I’ll be bringing you recordings from a recent trip to WordCamp US 2022, and you might notice that the recordings have a little echo or other strange audio artefacts. Whilst the podcasts are more than listenable, I hope you understand that the vagaries of the real world were at play.

Useful links.

Code like a writer – Alex’s talk at WordCamp US 2019

Bill Erickson’s website

ACF Blocks

Zac Gordon’s courses

by Nathan Wrigley at October 05, 2022 02:00 PM under podcast

Do The Woo Community: devlife_snippet: Partnership > First Win >Talk About It

A lot of founders constantly struggle with WooCommerce and WordPress product growth. Jonathan's loop gives a new perspective on a growth strategy.

>> The post devlife_snippet: Partnership > First Win >Talk About It appeared first on Do the Woo - a WooCommerce Builder Community .

by BobWP at October 05, 2022 09:00 AM under Product Growth

WPTavern: Gutenberg 14.2 Improves Writing Flow, Adds Kerning Controls for Headings in Global Styles

Gutenberg 14.2 brings some important changes to the writing flow in the block editor that simplify the experience and remove unnecessary obtrusions.

One small but significant change is that the sibling and line inserters have been updated to use a more natural animation effect with a slightly increased delay to minimize accidental triggers. This release also improves selection of multiple blocks, making it smoother and more consistent.

One of the most impactful improvements to the writing flow is that the editor now hides all floating block UI while the user is typing. Gutenberg engineer Michal Czaplinski demonstrated these updates in a video:

Version 14.2 adds support for kerning controls in the Global Styles panel, making it possible for users to adjust the letter spacing with live preview in the editor. Gutenberg contributor Robert Anderson, who submitted the PR for this feature, advocated for getting it into the upcoming 6.1 release.

“It isn’t technically a ‘bug’ (more ‘missing functionality’) but it (along with #44067) does make global styles feel less broken,” Anderson said. 15 days ago the feature was cherry-picked and added to the wp/6.1 branch to have it included in the next release.

video source: Gutenberg PR #44142

A few other notable improvements in version 14.2 include the following:

  • New Calendar block settings for adding the background, link, and text color
  • “Banners” and “Footers” added to block pattern categories
  • Autocompletion for links is now available in any block using the [[ shortcut to trigger it in the editor

Gutenberg developers also discovered that they recently introduced a bug when improving the List block to use inner blocks, where it would re-render for each level of nesting. Fixing this problem brought significant performance gains for the initial load of the editor. This improvement has also been cherry-picked for inclusion in the upcoming WordPress 6.1 release.

 

by Sarah Gooding at October 05, 2022 03:30 AM under gutenberg

October 04, 2022

WordPress.org blog: WordPress 6.1 Beta 3 Now Available


WordPress 6.1 Beta 3 is now available for download and testing.

This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended that you test Beta 3 on a test server and site. 

You can test WordPress 6.1 Beta 3 in three ways:

Option 1: Install and activate the WordPress Beta Tester plugin (select the “Bleeding edge” channel and “Beta/RC Only” stream).

Option 2: Direct download the Beta 3 version (zip).

Option 3: Use the following WP-CLI command:

wp core update --version=6.1-beta3

The current target for the final release is November 1, 2022, which is about four weeks away. 

Additional information on the 6.1 release cycle is available.

Check the Make WordPress Core blog for 6.1-related developer notes in the coming weeks detailing all upcoming changes.

Keep WordPress bug-free – help with testing

Testing for issues is critical for stabilizing a release throughout its development. Testing is also a great way to contribute. This detailed guide is an excellent start if you have never tested a beta release before.

Testing helps ensure that this and future releases of WordPress are as stable and issue-free as possible. Anyone can take part in testing – especially great WordPress community members like you.

Want to know more about testing releases like this one? Read about the testing initiatives that happen in Make Core. You can also join a core-test channel on the Making WordPress Slack workspace.

If you have run into an issue, please report it to the Alpha/Beta area in the support forums. If you are comfortable writing a reproducible bug report, you can file one on WordPress Trac. This is also where you can find a list of known bugs.

To review features in the Gutenberg releases since WordPress 6.0 (the most recent major release of WordPress), access the What’s New In Gutenberg posts for 14.1, 14.0, 13.9, 13.8, 13.7, 13.6, 13.5, 13.4, 13.3, 13.2, and 13.1.

This release contains more than 350 enhancements and 350 bug fixes for the editor, including more than 300 tickets for WordPress 6.1 core. More fixes are on the way in the remainder of the 6.1 release cycle.

Some highlights

Want to know what’s new in version 6.1? Read the initial Beta 1 announcement for some details, or check out the product walk-through recording.

What’s new in Beta 3

Nearly 100 issues have been resolved since Beta 2 was released last week.


A Beta 3 haiku for thee

Beta time done soon
Gather up your WordPress sites
RC then we ship

by Dan Soschin at October 04, 2022 05:55 PM under releases

Donncha: How to “remember me” on the WordPress login page

If you’re like me:

  1. You’re the only one who logs into your WordPress website.
  2. You only do it on your computer at home.
  3. You lock your computer every time you step away, even when there’s nobody at home.
  4. You have a 2FA plugin which adds a new field, and means checking your phone on each login.

You might have become annoyed from time to time when you forget to check the “Remember me” checkbox on the login page. You know that you will have to log in again tomorrow or whenever the login session expires, rather than in 2 weeks time. Just because of an empty checkbox.

There’s very valid reasons for not checking this box. If you use a public computer, or one in an office and don’t lock your computer, then you want to be logged out. For the rest of us, it’s a bonus if you don’t need to login again so soon.

Here’s a tiny little script that will check the “remember me” checkbox. Create a php script called remember-me.php in wp-content/mu-plugin/ with the following:

<?php
function remember_me_on_login() {
    $_POST['rememberme'] = 1;
}
add_action( 'login_init', 'remember_me_on_login' );

Then logout and visit wp-login.php and “remember me” will be checked for you!

If you want more control, there’s the Remember Me plugin, but it does the basic job in a similar way.

Source

by Donncha at October 04, 2022 05:25 PM under WordPress

Post Status: Going from Agency to Products: The Story of Barn2 — Post Status Draft 125

From client services and agency work to a successful product business — Katie Keith tells Cory the Barn2 Plugins story in this episode of Post Status Draft.

Estimated reading time: 0 minutes

Katie and Andy Keith started out as a WordPress agency almost a decade ago and then tried to break into WordPress products, first with themes and then plugins. Challenges arose with reliable project management on the agency side while they tried to establish a foothold in the WordPress plugin market after a first attempt with themes. The WooCommerce Extensions Store is where their business took off. With niche extensions that had no competition, they ranked very quickly. Other ideas for plugins solved problems in custom development projects for clients. Eventually, the Keiths developed a formula for evaluating new plugin ideas. Learn from their challenges and successes — there are a lot of interesting details that only come from experience.

🔗 Mentioned in the show:

🐦 You can follow them on Twitter:

The Post Status Draft podcast is geared toward WordPress professionals, with interviews, news, and deep analysis. 📝

Browse our archives, and don’t forget to subscribe via iTunes, Google Podcasts, YouTube, Stitcher, Simplecast, or RSS. 🎧

Transcript

Cory Miller: [00:00:00] So, hey everybody. I'm talking to one of our great post status members, Katie. Keith. I got to meet her in person a couple weeks ago at work camp US in San Diego, and got a little bit about her story there and she's got so many compelling things to part of her story that's gonna be valuable to our audience and our membership.

Um, particularly how do you go from client service and agency? To successful plug-in business, particularly, you're gonna hear all those stories about, um, Katie and her work and her team's work at Barn two. But Katie, thank you for, um, coming on, uh, post draft today and being willing to share your story.

Yeah. Thank you for having me. Okay, so tell us a little bit about yourself. You're the co-founder of Barn Two, but I want to give you an opportunity to just kinda say a little bit about yourself.

Katie Keith: Um, yeah, so I'm Katie. Um, kind of one of the two directors at Barn, two plugins. I run [00:01:00] the company with my husband Andy.

Um, we're English, but last year we moved to, uh, New Yorker, Spain, um, because of the flexibility you get with this industry, which is amazing. Um, So that's kind of what's new with me at the moment and new country to live in. And we have a kind of a team around the world. So, um, we were able to work from anywhere.

That's

Cory Miller: awesome. Um, and we could talk about New York all the time cause I remember you mentioned that and I love that, uh, story. But I'm gonna stay the topic here today. Well, so tell us about, Okay. Currently today, um, Your business is primarily around plugins, but WooCommerce plugins, and I wanna get to that, but I wanna talk about the story of the beginning.

Um, mm-hmm. , you, you and your husband started in 2009, but could you tell us the story about how you started in web design and development and WordPress and all that?

Katie Keith: Yeah, sure. So, um, Most of the [00:02:00] time when in, when we were in our twenties, we had normal jobs, um, both in the public sector in England, and we would always talk about we wanting to run a business together and we never did it for ages and ages and, um, just kept taking our salaries and not doing it.

And then eventually, um, Andy in particular was, um, quite fed up with his job and so we thought, Right, we're gonna take the plunge and do something. And we couldn't afford for us both to do it. So he quit his job and I kept my job and we started freelancing together, basically building websites. Uh, we thought that was a fairly easy thing to get into because, um, you can attract quite small clients and work your way.

So, um, he's a software developer and did the technical stuff and I have a marketing and project management background, so I managed the clients and did their SEO and content and everything. So it worked quite well as, um, something we could do together. So we started freelancing, um, fairly quickly. We [00:03:00] discovered WordPress as being the best way to build a website.

So all our projects were built on WordPress. Um, it wasn't something the clients were asking for, that was just our decision. And then after about a year, I thought, Well, what if I actually advertised this as WordPress specialists? So this was in late 2010. So I ran a Google AdWords campaign focusing on keywords like WordPress experts and things like that, and it was amazing.

We. I think I spent 3000, uh, probably pounds, and we got within couple of weeks, more than 10,000 pounds worth of work out of it. I realized it's not that easy now because there's a lot of WordPress specialists, but back then there was a gap that we kind of fell on, and so the agency grew from there.

Cory Miller: Okay, so then you're, and then you were able to come full time at some point, of course.

And, uh, what, what happened? So you, you found WordPress, you started to build this, and how did the next [00:04:00] couple of months, years or whatever until, um, the plugins go, what were you, you were just, you were building websites and all the things around it. Did it get, did it broaden out to anything specialization wise, or?

How did that grow? Grow from there?

Katie Keith: Yeah, we specialized in doing more bespoke, uh, client projects in WordPress because we'd found this gap that there was at the time. And we recruited a team of freelancers, um, from websites like Upwork, which wasn't called Upwork then, and people per hour and found good people and, you know, we thoroughly vet them and things.

And so we managed to build a freelance team. We didn't have any employees or anything. Everybody was just freelance. And that way we could increase capacity. We were really pleased at first that we were running our own business. We quit our jobs, and that was really great. And then we started to think, actually, it's still kind of not the perfect lifestyle because clients work, [00:05:00] as I'm sure all your listeners know, can be quite demanding.

They want things done straight away. They have problems with their website, which you have to sort out immediately and you don't really get any time. So we have that in the back of our minds that what is the ultimate sort of lifestyle type business where we can be successful and have that flexibility.

And being in the WordPress industry, we could see that WordPress products and the growth of that. And, um, at the time you could see how well people were doing with themes, particularly, um, on theme forest. So in about 2013 we spent like literally a year building a theme, which we were gonna spend on sell on theme forest, and it was rejected, so that was disappointing.

Um, we spent so long building this product that in the time we were doing so that market changed and it became very competitive with the big themes like Avada and Jupiter coming out, uh, which were huge [00:06:00] pieces of software, uh, with tons and tons of features, which we. Possibly do, um, ourselves. So we kind of gave up on that idea for a while.

Um, and then in, but in 2016, we thought, let's go down the plugin route because plugins can be small and very niche, or do I have to say niche, um, . Um, and so we launched our first plugin, um, and um, it went from there.

Cory Miller: Okay, so let's back up just a second. So, started themes, what was the, was the desire there to kind of diversify income, explore this?

Did you have, you obviously had some time to be able to, like your, your agency work is going well and start to, Okay. Hey, how, how did the product and the themes, uh, idea kind of get started and, and what were your thoughts around that? Like,

Katie Keith: We found the capacity to develop it, um, through the freelance team so that [00:07:00] they didn't do the theme.

Um, they did the client projects and that freed up Andy as the technical director to work on the side projects. So because we had people that we could outsource the technical side of projects, Two, he was able to do that. And then I was able to take over the marketing when things were launched. And so that was, um, if it was just him doing all the client projects, that would've been very difficult because he, you get dragged onto those.

Of course, whenever something urgent happens or he, you need some money, then you'd end up doing the work yourself. So through the, um, freelance team, that was helpful.

Cory Miller: I feel like I hear a lot of stories where it's, you get up to kind of cruising that altitude and you're able to have just a little bit more time and space to go, Huh?

What else would we like to do? Um, you mentioned lifestyle in a second ago, but what was the spark that goes, Okay, maybe if this is true, we had one more time in space where [00:08:00] Andy, for instance, in this scenario, Do that more. What was the spark that led to that? That initial theme product? The

Katie Keith: spark was that we reached a ceiling in the growth that we were realistically able to achieve.

If we had taken on a lot more risk and full-time staff and gone down a much more traditional company model, then we could have continued to grow. But basically the limit we faced was project management. So we found good people that could do design websites and plugins for us, for our clients more specifically.

Um, but whenever we tried to find project managers, it didn't work. And I spent a long time training some freelance project managers and they just didn't have the WordPress experience, the relationship with the clients as I did in. Managing myself. Um, so, and the clients were less happy. Um, and one time [00:09:00] in 2015, um, it, our daughter was just about to start school.

And as you will know, that holidays get very expensive when your child's at school. So before that, we decided to take a month off. And we hired a motor home and drove around France for a month, and that meant we had to take a step back from work. And I got one of my project managers to handle everything, and it was a disaster.

The clients were unhappy, projects failed. It just didn't work. And it became clear that that was the ceiling I had to manage all the project. Um, I obviously didn't have the skills to recruit and train project managers. I know some people are good at that, but I wasn't. And, um, so we couldn't grow any further because I couldn't manage any additional projects.

And so then we started thinking, how can we grow, uh, products?

Cory Miller: I see. I, I love how you described it as ceiling, cuz I can totally see that, you know, you get to a point where, kind of a fourth in road too of what do you, [00:10:00] what do you wanna do? And we feel like we're right here. So that's, that's, that's inspiring too.

Um, okay, so we had the same product and that didn't go well. We, you sp said you spent about a year doing that. Um, and then we get over to plugins. I think you said two. 16. But I, I hear from a lot of, um, agencies that have transitioned or offer products that often they start as, uh, client work and you go, Oh, it's a discovery of there's a need here.

So how did the plugins and I wanna talk about, and actually talk about what the plugins are, but how did that, uh, spark get started there too with the plugin?

Katie Keith: Um, well, we launched two plugins very early on. One of them we got the idea from the WooCommerce Ideas forum, where you can publicly see where the gaps in the market are.

So we just went through the list by the number of votes and found the idea that was, had the most votes. That was realistic for us to develop. So, um, that was our first [00:11:00] plugin, which was called WooCommerce, Password Protected Categories. So it was very simple. It loads of people wanted it, there was nothing at the time that did it.

And it just lets you password protected category for your store. Like if you wanna create a, a hidden area in your shop for members or wholesalers or. So we launched that and our other initial plugin, we got the idea from a client. So this client, uh, hired us to create a searchable table for his blog. So he had hundreds of blog posts about this spiritual leader that he followed, and they wrote all these things about his teachings and things, and there was this massive blog and he wanted a much more searchable, filterable, indexable way.

Than a normal WordPress blog where you just have the posts in reverse chronological order. That wasn't how he wanted it to be. And so we built this j query table plugin for the client, which he obviously paid us for. And then [00:12:00] independently we built it into a sellable plugin. So we, uh, added a lot more features.

We added settings, pages, the kind of things that you wouldn't realistically do on a client level project. So we put a lot more into. But the original idea came from this client. Um, we actually released that as a free plugin, which is still available on webpress.org now. It's called Post Table with Search and Sort.

And that's basically the, um, bells and whistles version of what we did for the client. Um, but then once we'd released the free plugin, we started to get feature requests. As you do when you put something out there. So people started asking for two key things. One was the ability to create a searchable table of custom post types.

So that might be documents or members or articles, videos, audio, all these sorts of custom post types. Um, And the other was specifically W commerce products. So later in 2016 we built our [00:13:00] post table pro plugin, which lists custom post types in a searchable table and our product table plugin W Commerce product table, which takes your W Commerce products and puts them in like a.

Table, which is basically a one page order form. So that works really well because you've got your variations and your quantity boxes and add to cart buttons all on this one page order form. So it's, even though it looks the same as the original table of blog posts. So it's actually a totally different purpose because it's an eCommerce order form.

Um, but the idea all came from that one client. And both of those projects have always been, those plugins have always been amongst our most successful. And WooCommerce product tables sold something like 1.2 million worth over its lifetime. And it is our biggest, um, lifetime selling plugin.

Cory Miller: Oh, that's excellent.

And I, I never asked revenue numbers, but thank you for sharing that, cuz I think that's, uh, inspired people to see how [00:14:00] you've come and how it, you know, evolved as a framework for how they can do that in their own world. Um, the back to, so I, I love that kind of little mini story of how that post search table, I've gotta look this up by the way.

Um, cuz I think we might need to post that, um, from, From that product came on our client. I hear that a lot and you gave such an amazing, um, example of how something can. Birth out of client work WooCommerce marketplace. You said the other one came from an idea on the Mark WooCommerce ideas place, but did, how did you get to WooCommerce?

Were you doing WooCommerce type projects for clients or did you say, did you just see that this thing called WooCommerce was coming, this big, big thing, or how did. Has it lead you to the marketplace to find that idea?

Katie Keith: We just knew that we commerce was big and we had also heard or felt, I don't remember that.

Um, people are more inclined to buy premium [00:15:00] products, premium plugins, when that will make them money. Which makes sense, doesn't it? Mm-hmm. . So, uh, we particularly wanted to sell plugins for e for eCommerce because they would be easier to go premium.

Cory Miller: Yeah, I, So for my time at Ithe, um, we built, mostly, we ended up building, we meandered in the path to plugins and then we kind of found our niche was utility plugins.

And I always said, um, Hey, we're saving people money, time, and things like that. That's the stuff you think about, like insurance. I go, I gotta have insurance. Um, but it's not sexy. What sexy is making. You know, and, uh, we never got to this part of the making money part. We felt like we were helping people by extension make money and build their business.

But it's, it's so neat to hear you all saw, okay, this is something that people, if you help make them money, it's a really good thing. Cuz I said, Hey, nobody grabs about the bill of something that, like if you have your [00:16:00] PPC campaign or whatever going and it's convert. . Nobody complains much about that Bill, but you complain.

I complain about our, our house insurance bill. You know, we gotta re up our house insurance bill because I don't think about like, well I don't want a fire to burn the house. I want to take care of itself. But on the other side to make money part is, is always felt easier to make that self. Cuz you're not a cost item per se.

You're more like, No, this is essential to helping us keep making the money.

Katie Keith: Okay. And not just for the initial sale either, but for ongoing renewals because obviously most plugin companies now sell annually. And if the customer sees that value coming in from the product, they're more likely to keep paying as well.

And we do quite a lot of analysis of our pricing to see what, um, is the best balance between sales. A cost per product and, and the W commerce versions always will justify a higher price than a general WordPress plugin. So, W Commerce Product Table and [00:17:00] Post Table Pro are good examples. Post Table Pro has never been able to justify the same price tag as product table because people are displaying information in a useful way rather than selling something.

Cory Miller: Okay, so were, Was there a point. After these two plugins start to have success and maybe others that you do, where you said we're, we're gonna, we're gonna thin down client work and we're gonna focus on, um, our, just our product and our plugins side of the business. And how did that, Yeah, how did you get to that decision?

Katie Keith: It happened surprisingly quickly. So we launched our first paid plugin in early March, 2016. And by August we were making decisions, Let's stop taking on new clients. So we'll follow through on existing projects, ex if existing clients want a new website, we'll do it. So we kind of slowed it down gradually.

So by then the plugins were probably making, I dunno, [00:18:00] $5,000 a month or something, which was less than the client business, but enough to live on. Um, so we could feel fairly confident. And we also had the safety net of a large number of clients that we were hosting and maintaining their websites. So we kind felt that we could take that risk and not be, keep taking up our time building new client projects surprisingly quickly.

Cory Miller: So I'm sure looking back, it feels like a magical time. It was for me when you go, Okay, this thing that we did, Is working and there's another opportunity here to, uh, you mentioned lifestyle in, in the beginning here is, and, and that's what motivated me too, is always to have this, Oh, this is working. Where could it lead?

And it feels, it feels magical to me, but how, how does that, reflecting back in 2016, those six months or so, from. Wow, this could actually be a thing. Oh, this is, oh, we should make these [00:19:00] decisions to do this. Reflecting back, how does that whole time period, uh, feel and how do you think about it?

Katie Keith: Well, the first sale was amazing cuz we just, so we used our existing website, which was@thetimebantu.co uk.

We eventually went to bantu.com but that took years. Um, so we had quite good SEO from the client business, so we didn't want us. Start again with a new domain or anything. So we put up a, a plugin section on our agency website. So we were advertising web design services and plugins on, you know, different menu tabs, basically, um, added some blog posts.

And because our first plugin, we commerce password protected categories was unique in the market, uh, there was no competition and we ranked very quickly. Which was amazing. And so, um, it actually was literally a few days before the first sale came and we were like, What? We saw this email, new plugin sale.

That's not one of our [00:20:00] tests. That's a real person. Oh my God. And we didn't even know it would ever sell. Um, so the first sale was really interesting because that's the first kind of evidence that people might actually find our website that way and buy things on it.

Cory Miller: That's awesome. Okay, let's fast forward a little bit to today.

What do you, what do you offer and what are you doing with Barn two? Let's see, what if I'm doing my math? Six plus years later, almost six years later, you're kind of coming up, You're already past your anniversary of that big decision. Now what? What are you doing at Barn two? Um,

Katie Keith: so kind of more of the same really.

So we've taken what worked and kept doing it. Um, we now have 19 premium plugins, plus maybe four or five free ones. And we have a team of about 14 people, um, who are all, um, working independently around the world. Um, [00:21:00] so from their, their. Uh, so we've got like a support team and a development team and a marketing team, which is amazing.

Um, but ultimately we are just trying to kind of replicate what we started and scale it up cuz it works.

Cory Miller: Yeah, it, it for sure did. Congratulations on your success and what you built so far today. Um, it's uh, I think a lot of people dream, Oh, I'd like where Katie is now. That's where I want to be. And how do you get there?

And I think you've shared so many key parts to the story. Definitely resonate with me, um, about building product, business. And I go back to what you. Find what works, keep doing it and if it stops working, find something else that's working and doing that. Um, I know we talked about some of the original ideas that came from Woo Marketplace looking in, seeing, seeing an opportunity there, and the other side was clients.

Any other thoughts about how, how you go about, or how someone else could go about finding the opportunities for [00:22:00] products as they're building their.

Katie Keith: Just keep it in mind really, the information, the insights are probably there. If you are in the WordPress industry, you're doing projects, you're building websites for people.

I would be surprised if you weren't coming across gaps in the market. And, um, if you do a bit of research, you can find out if other people are looking for the same thing that your client has found that doesn't exist. Maybe you've recently done some custom code and customization for, I dunno, the events calendar or something that what, there wasn't a feature built in.

And so you've written something bespoke that might be a plug-in idea for an extension you could sell. Um, there's tons of things like that in all the major plugins, um, like eCommerce. Easy digital downloads, gravity forms and so on. There's all these gaps. So if you are using these tools and customizing them, there's then to have a think about whether that's a product idea,

Cory Miller: it, it's part of your experience, part of your expertise, and seems [00:23:00] like a good place to start for me.

Um, when we started, I think we started with themes. And, uh, eventually we got into plugins because it was, it was definitely part of conversations I was having, uh, seeing that there was this opportunity with plugins, but it came out of a need for us in those, Just listening to customers, like you're saying, is just.

What are the things that people are bumping into that are problems that probably are valuable if you can solve those problems, Like your, um, your custom posts searched and organized plugin came out of that one person with this massive site. And then did you start asking like, what were the questions you started asking for me with, for instance, back, but when that, that was not my idea.

It came from our team and I go, Oh, a backup. Click in. My first question was, everybody needs a backup of their web WordPress website that came out of our own pain. Um, but where were some of those questions you started asking as you determine like, this [00:24:00] is feasible for us to take time, resources, energy, You know, I, we'll talk about like getting things off the ground to, from a marketing side.

I know, um, too, because I want to tap into that experience you have and expertise. But, um, what were some of those questions you asked when you're like, How do I. How do I determine, make this decision? This is worth some time.

Katie Keith: Well, to be honest, we did had a lot of randomness and luck and instincts. We weren't brilliant at establishing that data.

Um, we've worked a lot with ellipses to reduce randomness. Um, you know, the marketing company for WordPress, uh, product companies, sis, and, um, because we. Checking that it didn't exist. So we were checking, there was a gap, but we weren't establishing the, the demand. Sometimes we would just do it because it was new and have a go.

Um, so that, yeah, we probably [00:25:00] wasted some resources there. Uh, and um, so that has been an ongoing challenge and not something we've always been brilliant at, but the data is there and if you hire an SEO company or something, you can find out about search volumes or, or just go on Google Trends yourself and see.

Cory Miller: I love your authenticity though to say that because that's so reflective of my own experience and I think of many others. We don't just look into it crystal long. Go. There it is. Sure. Maybe that that's out there. I have this great idea. I think it would work, but there's probably so much backstory to it.

The story I tell often, and so much of this is experiments and over time I tried to make my experiments, uh, cost less and less and less because I made some very expensive. Experiment, failures, you know? Yeah. But I just love your genuineness of saying like, it, we didn't have it all together and neither did we, by the way.

Um, when you're starting and you start to hone that process, like that laboratory process, [00:26:00] I read a book called Little Bets and I back in the day and I go, Oh, I shouldn't just go. Um, see an opportunity. Let's run for it. Maybe there's some nuance there. Uh, one of the mistakes that we made that I often say when people ask me about my failures, particularly in product, I say, uh, I call it, I think it's exchange.

Back in this day, we were seeing the WooCommerce market really grow and explode and, um, it seemed very complex to me, and our opportunities started at, or the, the thought started. There should be a simpler way to do e-commerce for the person actually running the site, putting their products on the site.

And so we started, I think, exchange with that kind of premise, but we didn't do a lot more thought past that. And it ended up costing us probably 400,000, $500,000 fixed cost. Not to, not to mention opportunity costs. So I use that as my thing. It's like, okay, why did I. Why did that fail? Where did we go [00:27:00] wrong?

But I'd say that like there's so many failures that get to like, you know, get to, Oh, this is it. But I just keep anchoring back to your client's story when they birth out of either your experiences, like you said, or a client that see and like, Oh, could other people use this? How much do they value those things?

And I sometimes probably get thought, get paralyzed in that over analysis. But there is some here of. Those basic questions of like, is this something that we think could go and going from hunch to actually, let's put it out there and test it. Do you have any thoughts around that too? Um,

Katie Keith: yeah. I've never been a big risk taker and I like small risks, um, that aren't like gonna break the bank if they're not successful.

Uh, so. The, you know, where we haven't established the market first, it wasn't a huge amount of development time to get the product out there, for example. Um, we now have a formula which [00:28:00] we use to evaluate new plugin ideas, which looks at factors such as, uh, search volume. Other searches for that, um, concept going up or down, competitiveness, um, difficulty to develop that kind of thing.

So we've got this, this whole spreadsheets that we plug new ideas into with some data, so that helps. But yeah, I, I've always been scared of themes because I perceive them as being really huge and a big risk to develop. But you were very brave starting with

Cory Miller: themes. It was much more complex in two thou. I mean, I'm sorry.

Much more simple in 2008, by the way, than it is today. Um, for for sure.

Katie Keith: Yeah. Yeah. Cause it was about 2013 that it changed, which is when we were trying to build a theme and suddenly these multipurpose themes flooded the market, didn't they?

Cory Miller: Yes, absolutely. And, and that's the other part I think you even mentioned in there is competition is seeing what other people are doing out there in the space.

When we did backup Buddy, there wasn't really [00:29:00] anything that, what we felt was a holistic backup plugin to do backups, migrations, restoring of websites. And so, but, but again, it was early enough where there wasn't a lot. Now, today, totally different story. If we're going, we want do a backup plugin, well, There's, look at the landscape.

It's pretty competitive. The other side, and I love your input on this too, is that so many people, as we the theme market, got so competitive. And people would say, Do you think you could build start, Someone could build, Not even me, just someone could build a theme company. And early on in my, uh, naiveness, I said, um, I don't think so.

I think it'd be really, really tough. Well then probably right as, as I say that companies like Beaver Builder come out and I'm. Wow. Even the competitive, what I viewed as a competitive market, they saw a way to innovate that changed the game. Now they would say, I think [00:30:00] it's a plugin versus a theme, but I, But to me, they had a different perspective and they looked at some of what I was buried in complexity and go.

No, there's this, and then, then this whole page builder market starts. Um, and so that's always interesting too, is just when I, I, I always say never because when I have said, I don't think so, someone ever else goes but here, and it's so cool with the innovation that you can do in market. And

Katie Keith: that's an interesting example cuz I think a lot of the, uh, Beaver Builder diehards are developers and people that are quite, uh, into WordPress.

And, and I know that's not their whole market, but I think they go more in that direction in terms of their fan base. So they kind of found a bit of a gap as well from say the visual composer types who are very much not that group at.

Cory Miller: Um, well, okay, so let's, we've talked about kind of getting plugin, evaluating it and all the story that goes a part of that where [00:31:00] Barn two is today.

Um, the other compelling question that we talked about before, uh, before we had this, we started recording, was the whole marketing of plugins. Um, and. Particularly, I know this was something that you started with, with the agency back in the day, was your emphasis on marketing too, but how do you think about marketing plugins?

Okay, we've gotten past decision, we're building it, we've got it ready to go. And then just that big, broad question of how do you market plugins?

Katie Keith: Well because I'm not a big risk taker, I try to keep it small, but fi cuz with WordPress, in particularly with commerce, small, is a huge market because even the tiniest things there are loads of people searching for.

So if I was going to launch, An events plugin or a membership plugin, I don't think I would be that successful, to be honest. Uh, because it's so competitive. How are you going to rank for WordPress membership plugin? Never gonna happen, or you'd have to be very, very good. But [00:32:00] to rank for something really specific that doesn't exist in the market is actually quite easy, particularly if you already.

Say an agency website that you can start selling your products on and blogging on about your products and that you've got some domain authority built up. So my advice, um, if, if you've not got a huge budget and massive marketing skills is to go for the niches and find something specific that you have got a reasonable chance of success.

Cory Miller: As you're looking back to, do you think there were, where were the catalyst moments when. You know, you're, you're starting to get a flow in of customers that's kind of growing. Um, and like, oh, this point here, when this happened, things started to take off from marketing or customer, you know, incoming customers or things like that, that you think made the difference that you think about quite a bit today in terms of the marketing and growth of [00:33:00] the products that you offer.

Katie Keith: Um, it's funny cuz what we do now is kind of the same things that we always did, which is finding content opportunities that fill a gap that isn't already catered for and a bit of ads and things like that. So it was just about really getting, there wasn't really a catalyst moment because we did that from day one based on experience of marketing the agency business, it's more.

Reducing the randomness as I talked about earlier, and fine tuning that process so that you can predict the chance of success more before you start throwing things out.

Cory Miller: Yeah, I, The first month, that first eight months of item I tell people a lot is that I was doing support cuz I was the only person and um, oh yes, but I cannot take that experience back.

I would never want to because I learned so much about the who I thought. For, for the tenure, I [00:34:00] was, uh, part of Mythe. I always thought I'm our, I'm our base user. I'm not very technical. I'm technical enough. I can take a plugin, I can use it, um, but I'm not gonna get into PHP or anything like that. And that helped us maintain our cut or who we were and what we did.

But that first eight months was so interesting, just like when I've talked to our agency owners at post status. Um, you, you said this from the beginning, I just kind of assumed, if you like, from the agency mindset, um, you'd start. And then you'd hire a full-time person. That's a wrong assumption. I've, I've heard over and over you started with contractors or freelancers that helped you with your capacity of the work, and I've heard that so many times.

That was a nuance because I haven't been an agency owner that I learned, but those eight months that I themes, I realized. Um, a couple insights that now in reflection, you know, a long time past, it drove all of our key values because I was getting to understand the actual customers. They were freelancers, [00:35:00] solar printers out there, just kind of doing Lance web, WordPress web design on the side.

And eventually it would birth into something like you all did too. Um, and. Just knowing that helped me. And then just seeing the customer. We had a forum at the time. Everybody's asking about CSS customization. We would do a theme with the right sidebar. Now remember, don't make, this is 2008. So like they'd, we'd release a theme with the right sidebar and they'd say, Well, they wanted on the left, and we'd help 'em with the css.

And it was this thing of just noticing and observing what people were actually asking for and putting the head their headset. Headset on and saying, Okay, I wanted to be able to have this flexibility that helped us figure out what next products and what next features we would do because we kept really close to the customer.

Yeah. Are there things that in your experience, you've seen too or kind of, It doesn't have to be that, but I was trying to give an example to say, I know some of those [00:36:00] things were critical to our success, staying close to the customer, but there are other things that Jesus go, This happened, we learned from.

We're gonna do that over and over and over. Yeah.

Katie Keith: Um, there's a few things to unpick there. We've definitely listened to the customers, not just our initial clients. So I did the support myself for much longer than I should have done until it basically just became unmanageable because it was so many tickets.

And, but that gave, as you said, that gave me. Such a unique insight into our products and how people are using them so that then I could use that to inform new product decisions, new features, that kind of thing. But even now, we have a support team, which I think is six people as of a couple of weeks ago.

Um, we have a very comprehensive feature request list for each product where they put things on every days and that we, you know, We got formula again to say, uh, the demand and the difficulty and the impacts and stuff like that, and how [00:37:00] many people are waiting so that I can go in there and see what people are asking for.

Uh, and we have quite a loose interpretation of what makes a feature request. They may not be explicitly asking for something, but if that would meet their need, then we put it on the list, if that makes sense. Um, so we try to be quite, um, open. That so we've got more feedback, um, recorded. So that really helps because you get that insight to, as you say, reduce randomness and know what to build that will work.

Um, so for example, tons of our eCommerce product table customers were asking for quick view buttons in their table and they were asking for us to add that to their plugin, which makes sense. Can you add quick view? And we thought, hang. Quick view is not just for product table, that is for any store. You don't have to be using the product table layout to want quick V buttons in order to, uh, view more information and add to the cart without [00:38:00] visiting the separate product pages.

So we built a WooCommerce Quick View plugin, which again is still available today, uh, and integrated it with product Table. So when we buy Product Table now, you can either buy it on its own or there's like a bundle with Quick View, which quite a lot of customers go for. Um, and you can buy Quick View as a standalone.

So you would kind of look at what the customers are asking for and then make business decisions around that. Uh, but the other side of what you were saying was about building a team and, um, hiring staff straight away. And because I've always been a bit risk averse, I've waited until we're making money, um, until committing, um, particularly big commitments like staff.

And rather than freelancers. But it's interesting seeing more and more at the moment WordPress companies with the more of the startup model where they're seeking funding and so on. Cause that's something I've got no experience of personally and I've, we just [00:39:00] bootstrapped it, done the work ourselves until we can afford to hire people.

Um, and that's worked for us. So I watch with interest people with a different model because it's like bringing. Big business into WordPress. And you see that more and more the last couple of years, don't you?

Cory Miller: Oh yeah. And, and that was one of the primary drivers for us selling. Um, And being, being acquired is that there is a lot of money, big money coming, coming, continually coming into the space.

Um, okay. So Katie, I, we've talked about this past, thank you so much for just sharing that cause I think that's so inspiring and helpful for others trying to do. Even just the agency part, you know, And then get to a, what you said, the ceiling and going, Okay, what's next? What do we do? And oh, there's, there's these things that come out and, uh, then the present we're born to is now, but what is exciting about you and Barn to in the future?

What's getting you revved up about what you're doing, where you're going and [00:40:00] want to share with others about barn? Um,

Katie Keith: I think kind of keeping going and, uh, it's working, um, doing more, We are getting more ambitious with the sorts of plugins that we will release now. Our SEOs better and we know what works.

Um, I still don't think I'd have the confidence to do something really generic like a membership plugin. Um, but we are trying to have a ban to version of all of the Major W. So, for example, last month we launched a filter plugin. Um, actually there isn't a major version of that. There's a, There wasn't, Yeah, that's a bad example because there wasn't a major, major competitor.

But, um, that was quite a, it was our most complex plugin that we'd built. So, um, we were ambitious in that. Sense. And, uh, in the next week or so, we're going to launch a, uh, product option plugin. And there is a very strong, um, official version of product add-ons and we, but we've looked at what the gaps are and um, in what ways that plugin is not [00:41:00] like, and, uh, fix that in our own.

So that's exciting to see how that does, um, and just keep, um, doing what we're doing. All right.

Cory Miller: Well Katie, can you tell the, tell, tell listeners where we can find more about you and also Barn two in your work?

Katie Keith: Um, well the best place is our website, barn two.com. Um, and you can also find us, um, on Twitter at Barn two plugins.

Cory Miller: Excellent. And, and also I'm post out a slack. Um, but I don't want people bombarding you, but I know you're so generous with your expertise and your success story and everything like that. Katie, thank you so much, uh, for coming along and sharing your story. We need more like this, more willing to kind of share the story as inspiration, and you've been so generous and kind to share.

These parts that others can look at and go, Gosh, I need to think about this part that you shared. So thank you for sharing your story and thank you for your time today. And I'll see you in post at Slack.

Katie Keith: Yeah. Well, [00:42:00] thanks a lot.

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Olivia Bisset</span> at October 04, 2022 02:15 PM under WooCommerce Extensions

Do The Woo Community: The Evolution of WooCommerce and WordPress Hosting

In this DevChat Till, Zach and Carl have a lively discussion on the evolution of hosting with both WooCommerce and WordPress.

>> The post The Evolution of WooCommerce and WordPress Hosting appeared first on Do the Woo - a WooCommerce Builder Community .

by BobWP at October 04, 2022 09:00 AM under Woo DevChat

WPTavern: WordPress.org Removes Active Install Growth Data for Plugins

Over the weekend, WordPress.org meta contributors removed the active install growth charts for plugins, a key metric that many developers and a handful of services rely on for tracking. “Insufficient data obfuscation” is the cryptic reason cited for the charts’ removal, but the decision-making process was not transparent.

In a ticket titled “Bring back the active install growth chart,” RebelCode CEO Mark Zahra contends that this data is useful for gaining a long-term perspective on a plugin’s changes in installs.

“These stats are actually very useful for plugin developers and it’s really and truly one of the only indications of the growth or decline of a plugin over time,” Zahra said. “These graphs at least give us an idea of the performance of a plugin before and after we make certain changes, helping us get a better idea of how helpful they are for WordPress users.”

Plugin developers were left to speculate on the reasons for the removal and took to the #meta Slack channel in search of more information. Feedback from plugin developers indicates this was an unpopular decision and a failure of communication.

“I want to echo disappointed in that chart being removed,” Equalize Digital CEO Amber Hinds said. “I hope we’ll hear something soon. In an ideal world this commit should be rolled back pending community discussion.”

Zach Tirrell, product manager at Liquid Web, said, “We get very limited metrics from the plugin directory and this one was very important to plugin authors.”

WordPress Executive Director Josepha Haden-Chomphosy joined the discussion in the channel but had very little information to offer about why this change was made without any public discussion.

“The data shared is always a bit obfuscated so that it’s harder to ‘game the system’—the same reason we don’t have running leaderboards for contributions,” Haden-Chomphosy said.

“Suggestions are welcome for how to get some data for you all while doing our best to stick with a ‘co-opetition‘ mindset.”

Co-opetition is a term coined to meld the concepts of cooperation and competition to create a system where different vendors cooperate for the benefit of the system while still competing. Haden-Chomphosy did not elaborate but it seems that obfuscating data had been deemed a necessary sacrifice for the sake of co-opetition.

Audrey Capital-sponsored meta contributor Scott Reilly, who committed the change, said “the implementation made it possible to deduce the stats we were looking to obfuscate.”

Not all plugin authors agree that these stats need to be obfuscated, nor do opaque decisions like this one inspire trust in those who are cutting off access to the data.

“The real data exists,” Yoast founder Joost de Valk said. “Automattic is one of the companies buying plugins and has access to the exact data and now even more than before, others do not.

“The whole coopetition nonsense is all interesting, but I would say this is an unfair advantage. Literally every other open source system out there just opens these numbers publicly, and so should we.”

It has still not been confirmed whether this decision was rooted in a security issue, but de Valk and others are imploring WordPress.org’s decision makers to bring the data back until a suitable alternative in available. Participants on the ticket have also urged WordPress’ leadership to open a discussion with the plugin developer community about what would data would help them in the creation of an alternative.

“Thank you for the feedback, and I do realize that there were a number of third party commercial and free services scraping these data en masse and using it,” Matt Mullenweg commented on the ticket.

“If someone has reasons to bring it back that haven’t been presented above already, please add it to this thread so we have the best possible presentation of that side of the argument to consider.”

After a 10-month hiatus from his WP Trends newsletter, Iain Poulson returned today with an issue titled “Second-Class Third-Party Developers” that identifies this clawback of active install growth data as “a symptom of the wider issue that WordPress doesn’t really want to support third-party developers who build freemium plugins.”

“Because of this, the data insights for developers is severely lacking and it’s one of the reasons I created Plugin Rank and why other solutions like wpMetrics exist and both will be impacted by this change. That’s not to say other platforms and marketplaces are perfect, but they don’t seem to work against developers like WordPress.org does. As a plugin developer trying to grow a business, data is everything and the data from the directory is poor and requires a large overhaul to improve what is collected.”

Poulson contends WordPress.org could even go beyond the previously offered data and add new installs per day/month, how many existing sites updated per day/month, and the search terms leading to the download.

“Freemium Plugin developers shouldn’t be treated like second-class citizens in the ecosystem,” Poulson said. “Even developers with just free plugins should be able to see decent statistics. There’s no incentive to keep developing plugins if you don’t know people are using them.”

Beyond the lack of meaningful data for developers who are trying to monitor the trajectory of their free plugins, the non-transparent decision from the meta team seems to be the greater issue at hand for many participants in the resulting discussions. The sting of another closed-door decision cannot easily be explained away with a fancy portmanteau that promotes cooperation without adequate communication.

If plugin developers cannot be trusted to act “co-opetively” with this data, will WordPress continue collecting it? Who has private access to it? Why weren’t alternatives explored before silently removing access? These questions need to be answered in the process of finding a way forward for improving plugin data after this decision.

by Sarah Gooding at October 04, 2022 03:15 AM under Plugins

October 03, 2022

Post Status: Open Source Communities: You May Not Be Interested in CISA, But CISA is Very Interested in You

United States national security interests are poised to become more invested in and engaged with open source projects classified as public infrastructure. From Log4j to the Securing Open Source Software Act, how did it all come together in 2022, and what may lie ahead?

Estimated reading time: 0 minutes

Back in 2016, the White House officially promoted open source software in the federal government and beyond. The Office of Management and Budget (OMB) issued memorandum M-16-21 then, which required that all federal agencies open all new custom code for reuse by all other agencies and release 20% or more of any new custom code as free and open source.

Things have changed, but not the importance of open source software in government and critical infrastructure.

It is risk tolerance, which is never high in government, that has diminished greatly.

At the same time, open source software is increasingly associated with risk, if only because it has become so successful. It's a huge attack surface in the middle of a seemingly permanent and escalating cyberwar, a cold war that never ended, or what is more commonly seen now as fifth-generation warfare.

It's logical for government to step in to try to reduce that risk. Since the Apache Log4j/Log4shell vulnerability (Base CVSS score of 10) became public in December 2021, those big wheels have started to turn.

“There was a pretty big government response”

A critical vulnerability in the widely used Java logging tool (Log4j, specifically a Log4j 2 dependency, Log4shell) turned out to have been exploitable for about a decade, giving potential attackers “easy access to internal networks,” according to The Guardian. (It even touched WordPress, through Openverse, but was quickly handled as Chloe Bringmann later reported.)

Often described as the most serious vulnerability in a decade (if not all time), the US government response it motivated was recently summarized in The Washington Post. The Cybersecurity and Infrastructure Security Agency (CISA) led that response and will be leading new initiatives regarding open source in the near future.

Initially, “CISA briefed industry leaders, issued an emergency order for federal agencies to patch the issue and jointly published an alert with the FBI, National Security Agency and governments around the world.”

After that, all attention turned to future risk mitigation.

Like CISA in the US, the Canadian Centre for Cyber Security already distributes a vague and clumsy “WordPress security advisory” from time to time. Expect it to improve — there's a lot of money and jobs for it in the federal pipeline.

Who shows up when decisions are being made?

In January this year, the Federal Trade Commission (FTC) warned companies to remediate the Log4shell flaw or face potential legal action. And the White House brought in leaders from major tech companies to discuss what might be done about widely used and under-maintained open source software. Only three organizations represented open source at that meeting, including the Open Source Security Foundation, a project of the Linux Foundation.

WordPress was not publicly represented in these proceedings or any that have followed. In January, Lesley Sim and others in the WordPress community asked, “Who represents our open source commons?” And the question keeps coming up. 🦗

Tech Security Experts and Foreign Policy Interests Converge on Software Supply Chains

The Senate Homeland Security and Governmental Affairs Committee held a hearing on Log4Shell and open source security in February. The speakers involved, the discussion that took place, and subsequent legislative development indicate federal funding and involvement in open source is coming. It's just a matter of when and how much. GovTech did a nice summary of the event, but there are some things on the speakers' prepared statements worth singling out. The Q&A; is also worth watching.

David Nalley, Apache Software Foundation

David Nalley, President of the Apache Software Foundation, was the first to speak. The words “non-profit,” “charity,” and “contributors” figured early and prominently in Nalley's brief statement. (Later “free riders” came up in the Q&A.;) He emphasized a need for government investment in software supply chain security and the problem of getting updates out to vulnerable systems.

Brad Arkin, Cisco Systems

Brad Arkin, Senior Vice President, Chief Security and Trust Officer for Cisco Systems, also emphasized the need to be able to see the maintenance status of all software in use and make rapid upgrades — without overly focusing on Log4shell or regarding open source as being especially risky. Architecting systems with the “necessary separation inside” them to limit any damage and “providing transparency about
software components … through a software bill of materials (SBOM)” capped off his recommendations.

A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. An SBOM is a nested inventory, a list of ingredients that make up software components.  The SBOM work has advanced since 2018 as a collaborative community effort, driven by National Telecommunications and Information Administration’s (NTIA) multistakeholder process

CISA <https://www.cisa.gov/sbom>

Jen Miller-Osborn, Palo Alto Networks

Jen Miller-Osborn, Deputy Director of Threat Intelligence at Palo Alto Networks, went into greater technical detail with similar recommendations for containment, SBOMS, zero trust network architecture, etc. One item of note to software engineering teams stressed the value of Development Security Operations (DevSecOps):

Impressive work is already being done in this arena, but the community would be
well-served by increasing adoption of existing development tools to control access to open source components. These tools can scan all of the open source packages for both integrity and security before they are approved and allowed for engineering teams to use in products. Our recently released State of Cloud Security Report 2022, which surveyed over 3,000 IT professionals, found that organizations with tightly integrated DevSecOps principles were more than seven times likely to have strong or very strong security posture. They were also more than nine times more likely to have low levels of security friction.

<https://www.hsgac.senate.gov/imo/media/doc/Testimony-Miller-Osborn-2022-02-08.pdf>

Trey Herr, The Atlantic Council

Dr. Trey Herr, Director of the Cyber Statecraft Initiative at the Atlantic Council, was the last to speak. An academic and lobbyist, he was the only member of the panel not from the tech industry. Notably, the Atlantic Council promotes Atlanticism and has historic ties to NATO as an advocate for NATO interests. Dr. Herr took a slightly more alarmist view of open source as especially risk-prone. In his very goal-oriented, politically savvy statements, he called for DHS through CISA to fund and directly involve itself in the open source community:

This office should further encourage collaboration among the United States and allies in supporting the security of open source projects identified as critical by the office and act as a community liaison/security evangelist for the open-source community across the federal government.

<https://www.hsgac.senate.gov/imo/media/doc/Testimony-Herr-2022-02-08.pdf>

Further, “Open-source security should be part of mainstream supply chain security policymaking, and this office would be charged with supporting those efforts while acting as the single point of contact for external stakeholders.”

Deep Pockets Ready to Spend

Herr also pointed to:

a proposed amendment to HR 4521, the America COMPETES Act of 2022, that would authorize the creation of a set of Critical Technology Security Centers inside of DHS [through CISA], including one focused specifically on open-source security.

<https://www.hsgac.senate.gov/imo/media/doc/Testimony-Herr-2022-02-08.pdf>

He then urged the Senators present to support this legislation “when it reaches the Senate, with the understanding that a substantial portion of moneys appropriated for these centers, on the order of $20 to $30 million a year, is dedicated to this open-source mission.”

In subsequent years, Herr predicted hundreds of millions would be spent on open source security by the federal government — all with the goal of:

…focusing on secure developer tools and “foundational” infrastructure for the open-source ecosystem, to incentivize rebuilding codebases in memory-safe languages, to support audits and volunteer labor to identify and patch vulnerabilities, and to support efforts to drive security talent into this space and towards the most impactful libraries and packages in open source.

In May, a second Open Source Software Security Summit was held in Washington, DC when “the Linux Foundation and OpenSSF gathered a cross-section of open source developer and commercial ecosystem representatives along with leaders and experts from key U.S. federal agencies.” Their goal was to build a mobilization plan — “a consensus on high-impact actions to take to improve the resiliency and security of open source software.” They came up with 10 areas of focus to improve OSS security and called for immediate funding from the tech industry in the ballpark of USD 150 million.

The Securing Open Source Software Act

In late September, Senators Gary Peters (D-Mich.) and Republican Rob Portman (R-Ohio) introduced legislation that directs CISA to:

  • “Hire open-source experts.”
  • “Publish a framework on open-source code risk” within a year and then regularly “perform an assessment of open-source code components that federal agencies commonly use.”
  • Study, within two years, whether their risk assessment framework “could be used in critical infrastructure outside the government and potentially work with one or more critical infrastructure sectors to voluntarily test the idea.”

The Washington Post noted, “Other agencies would have roles as well, such as the Office of Management and Budget publishing guidance to federal chief information officers on the secure use of open-source software.”

Open Source Software as Public Infrastructure

Trey Herr was very positive about the Peters-Portman Act, saying:

“This important legislation will, for the first time ever, codify open source software as public infrastructure. If signed into law, it would serve as a historic step for wider federal support for the health and security of open source software.

While it may not be possible to rush through Congress before it's out of session this year, it seems very likely the Act will drive greater self-regulation in open source — and bring in new government requirements to comply with. Parallel developments are happening in Europe where investment in open source as a public good has advocates arguing it leads to nearly a hundredfold return. Opportunities will surely emerge from new sources of funding and jobs for open source, but national and regional geopolitics may complicate the nature of contribution within truly global and international projects.

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Dan Knauss</span> at October 03, 2022 07:22 PM under Trey Herr

WordPress.org blog: WP Briefing: Episode 40: All Things Testing with Special Guests Anne McCarthy and Brian Alexander

In the fortieth episode of the WordPress Briefing, Josepha Haden Chomphosy sits down with special guests Anne McCarthy and Brian Alexander to discuss the Testing Team and how to get started with testing in the WordPress project.

Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording.

Credits

Editor: Dustin Hartzler
Logo: Javier Arce
Production: Santana Inniss
Song: Fearless First by Kevin MacLeod

Guests

Anne McCarthy
Brian Alexander

References

WordPress 6.1 Testing
Testing Reports w/ Template
Week in Test Series
Reporting Bugs Handbook Page
Fullsite Editing Outreach Program
FSE Outreach Experiment Slack Channel
make.wordpress.org/test
WordPress.org/news
Learn.wordpress.org
#WPDiversity Speaker Workshop for Women Voices in Latin America

Transcript

[Josepha Haden Chomphosy 00:00:00] 

Hello everyone. And welcome to the WordPress Briefing, the podcast where you can catch quick explanations of some of the ideas behind the WordPress open source project and the community around it, as well as get a small list of big things coming up in the next two weeks. I’m your host, Josepha Haden Chomphosy.

Here we go. 

[Josepha Haden Chomphosy 00:00:42] 

So I have with us today on the WordPress Briefing a couple of special guests. I have Brian Alexander, as well as Anne McCarthy. I’m gonna ask you both to tell us a little bit about yourselves, if you can tell us what you do with the WordPress project, maybe how long you’ve been with WordPress, and if there are any particular teams that you contribute to, that would be great. 

Brian, why don’t you get us started?

[Brian Alexander 00:01:02] 

Hi, I’m Brian. I work on the WordPress project as a full-time contributor, sponsored by Automattic. And I am one of the Test Team reps, so I help promote testing across the project. And that’s not just in Core, but it could be for Themes, Performance, feature plugins, what have you. So try to make that stuff move forward and wrangle as many people as we can to get on board and help.

[Josepha Haden Chomphosy 00:01:32] 

Excellent. All right, and Anne, what about you?

[Anne McCarthy 00:01:36] 

I spearhead the Full Site Editing outreach program. I am a sponsor contributor for Automattic as well, and so I contribute across a couple of different teams depending upon what the outreach program needs as well as various release squads I have been a part of. So for 6.1 coming up, I’m one of the co-Core Editor triage leads. 

Brian is also on the squad as the co-Test lead, which is very exciting. So it’s been fun to work with him and be on the podcast. And I’ve been around the WordPress project since about 2011. But this is, the last couple of years, the first time I’ve been able to be sponsored by Automattic and be a part of giving back to the community that’s given me so much.

[Josepha Haden Chomphosy 00:02:13] 

Amazing. All right. For folks who’ve been listening to the WP Briefing for a while, you know that I’ve been saying for like a full year that I think that testing is one of the best onboarding opportunities we have. And then also I really like to bring in our co-creators of WordPress through that testing program. Because we don’t know whether we’re right or not unless people tell us that we’re right or not. And we would like to hear so much from the users who, you know, use it and don’t necessarily have an opportunity, that privilege to kind of build on it or build the CMS itself.

So I just have a few questions since I’ve got a couple of our strong testing wranglers here. The first thing I have is what are you doing? Or, do you have any advice for getting people outside of our active contributor base and the community to participate in testing?

[Anne McCarthy 00:03:03] 

I can kick this off. Just thinking about the Full Site Editing outreach program model. So just for context, there are various calls for testing in different formats. So everything from really procedural where you’re following exact steps to follow, to very open-ended calls for testing, as well as we recently did usability testing.

And one of the things that come to mind immediately just for getting different contributors is to have very specific, fun, engaging, relevant tests that can draw people in. So if you have a call for testing that really speaks to someone, they might be more willing to participate. As well as just different formats.

So someone may not want to, you know, follow 30 steps, but they might want to follow something more open-ended. They might want to answer a survey rather than opening a GitHub link. And so I think a lot of facilitation with the outreach program has served us really well to bring in different folks as well as explicitly reaching out.

So I’ve done a number of talks in different WordPress related spaces and non-WordPress spaces to try to tell people about what we’re up to and really go meet them where they are. Because I think that’s ultimately, especially with Covid and the pandemic, there was a really unique opportunity to do that and to join the random online meetup that was happening and talk about the program and talk about ways that people could get involved and feel heard. 

[Anne McCarthy 00:04:12] 

And the last thing I’ll mention is translations. The program that’s culture testing that I write is written in English, but I’m very fortunate to have people who translate those. And so that’s a huge way that I cannot contribute but that other people have. And so I really want to highlight that and call that out because it’s been hugely impactful to have these calls for testing in a way that people can more readily access. 

[Josepha Haden Chomphosy 00:04:32] 

Yeah, absolutely.

[Brian Alexander 00:04:35] 

Yeah, I was going to add in, in addition to the calls for testing that are, as Anne said, structured such to isolate so that someone can just kind of go through a list of steps to do rather than just being exposed to Trac or GitHub and have kind of snow blindness with, with everything that’s happening.

We also have a Week in Test series of posts that goes out about every week. And what we try to do with that series is to curate a list of posts that might be a good starting point. So we try to find one that, in each type of testing example, is something that would, a more novice contributor might be able to start with. Things for more intermediate and then also advanced ones that, for testers who may need to have a development environment and the ability to make some pretty deep or type of customizations to their WordPress project in order to test a patch or reproduce a particular issue that might be happening.

So that’s a good springboard for someone to come in where there’s just a small thing that they can kind of look at and then dive into the larger process.

[Josepha Haden Chomphosy 00:05:46] 

Absolutely. That’s very smart. It’s hard to figure out how to get started in WordPress at all, let alone as a contributing by testing things sort of area. That feels new to WordPress even though the team has been around for a long time. And so I think that’s excellent. 

Brian, you mentioned in your note about who you are and what you’re doing that you’re helping with testing not only in the test section in the Test Team but then also across the project. So, I have a follow-up question for you. What can developers do to create better tests for their software?

[Brian Alexander 00:06:18] 

There are sections within the Core handbook that kind of go into detail about the types of tests that should accompany individual contributions. A lot of those require kind of an extra step, and some developers maybe don’t have as much experience there. So hopefully, the Core handbook can provide a little bit of that guidance.

We also have a lot of contributors who are interested in things such as unit testing, E2E testing, which is end-to-end testing, and testing in JavaScript or in PHP. So there’s a wide variety of the types of tests that you can actually contribute to. And I would say maybe about 50% of the tickets that I’ve triaged, personally, the contributor who brought in the patch was unable to or was not familiar with providing unit tests. So that is a very good opportunity for someone to come in who maybe is not as well versed in the depth of what the patch was involved with. But by contributing a user test, they get an opportunity to look very focused at a particular piece of code, what was modified, and then create unit tests based on that.

[Brian Alexander 00:07:40] 

And then once that unit test has been submitted and starting to be reviewed, other reviewers, Core contributors, or Core committers, I would say, they’ll start looking at that and if there are additional details that should be there, expanding the tests or little modifications. Then that also is feedback to that test contributor so that the next time they come in, they’re more prepared for it. They’re learning more about Core, and eventually, maybe they’ll also become a Core contributor.

[Josepha Haden Chomphosy 00:08:07] 

Excellent. We will include links to these handbook pages and documentation in the show notes if you’re listening to the podcast on your favorite podcasting platform, Pocketcasts, or it’s somewhere else. I don’t know where people listen to podcasts, but if you’re listening to it somewhere that’s not on the website, you can come to get that on wordpress.org/news.

Okay, the next question that I have, and I think this is for both of you, Brian, it sounds like you partially answered it, but I bet there are more answers from Anne as well. What advice do you have for those submitting bug reports?

[Anne McCarthy 00:08:38] 

I’ll chime in to start, and then Brian, I’d love to hear your unique take because I also think you do an excellent job whenever I’ve engaged with you in various places of providing really good replication steps. And so I love that, and I wanna offer things specific to WordPress itself and something that I’ve noticed that’s more cultural rather than necessarily like steps to follow.

And one of the things I’ve noticed that I think has started to come up partially with Covid is people, you know, you start talking at WordCamps or at a meetup, and a bug comes up, and you find someone who knows where to put it, and that kind of connection is has been frayed in the last couple years.

And so one of the things I feel like I’ve been saying to a lot of different people at this unique point in time is that it doesn’t need to be perfect. Don’t let perfect be the enemy of good. And so if it means you just need to drop it in a Slack channel and you just are like, I don’t know where to put this, that’s huge.

We need to hear from people across the project. And I just really encourage anyone, even if you don’t have the complete information or you’re not a hundred percent sure you’re afraid it’s been reported 10 times before, like, please still report it because we need those reports and also if 10 people reported it and it’s still not fixed, that also means we need to iterate.

[Anne McCarthy 00:09:40] 

And so that’s one of the things, especially with the Full Site Editing outreach program, I feel people will message me saying, hey, I’m sure you’ve heard this a bunch, but… And sometimes I’ve never heard it at all. And I shudder to think of all the people who have not reached out or have not posted in GitHub or Trac or wherever.

So yeah, share, and write blog posts. I think that another great way that people can give feedback is if you don’t know how to get into the depths of WordPress, writing a post and talking about it and sharing it on social media is also a great way to get attention. I read a lot of those. But as much as possible, getting to, if you can, if you’re comfortable, getting to the source where we’re able to see it in Github or Trac goes a really long way.

And share as much as you can. And don’t worry if you can’t spend hours writing the perfect bug report, we still wanna hear from you.

[Brian Alexander 00:10:21] 

Yeah. Building off of what Anne said, just the fact that you’re speaking out and raising an issue is a huge step for many, many people. And once, once you’ve actually done that, as Anne said, it doesn’t need to be perfect. There are a lot of other people who are going to be looking at these bugs, trying to figure out the replication steps used.

So even if you can’t provide all this detail up front, someone will help. On the back end, they’ll help kind of fill in those gaps. If you do have the time to actually get deep into providing a very detailed bug report, then there are some key aspects of the bug report that make it very helpful for contributors, not only testers, who should be able to reproduce the issue to validate and make sure that this isn’t something that’s unique, unique to a plugin, to a custom theme or snippet that you dropped into your functions PHP. 

But, also for the actual Core contributors, who then need to be able to understand what is happening so that they can fix the right thing. And some of those items are the information about your testing environment.

[Brian Alexander 00:11:34] 

So that could be your browser, your server, the type, whether it’s Apache, Nginx, et cetera, the operating system you’re running, what version of PHP you’re running, the version of WordPress, very critical, and… 

[Josepha Haden Chomphosy 00:11:49] 

Super important.

[Brian Alexander 00:11:51] 

Any themes and plugins that you’re using. And that kind of information helps set the stage, and then other people will be able to set up their environment similarly if they’re going to try to test it.

After you have provided the environmental information, the steps required to reproduce the issue should be as detailed as possible. You may not have realized that clicking this caused such and such to happen, so just try to remember, or maybe even walk through if it’s something you can repeat multiple times, walk through a couple of times and write down everything that you’re doing.

[Brian Alexander 00:12:30] 

So that you’re sure, hey, this is the way that I can reproduce this bug. And then those steps will be very helpful for other contributors when they’re reviewing it. And then it’s also very helpful if you have video, screenshots, debug logs, any of those other kinds of resources that you could refer to because not all bugs are easy to explain.

And we tend to… Trac and GitHub issues for the Gutenberg project, everybody’s writing in English. And maybe your main language is not English, and it might be a little bit challenging to do that. So providing a video, it’s worth a thousand words in any language. So, if you can provide those types of assets, that’s also very important.

[Josepha Haden Chomphosy 00:13:22] 

Yeah, and I’ll share a little bit of a you’re-not-alone-in-it sort of anecdotes from the first few bugs that I ever filed for WordPress. I sort of had this feeling that if I were to file a bug, everyone would know that I wasn’t a developer. And like everyone knows, I’m not a developer, but a little bit I was like, they’ll know now. And so if that’s where you are also,  Anne said it, and Brian said it as well, like, we can’t fix things that we don’t realize are broken. And just because you’ve run into it 15 times, which obviously should never happen, you should run into it once, and then we know, but it happens.

If you run into it 15 times, probably other people have as well. And if it’s still not fixed, it might be because no one has thought to themselves I should tell someone that’s broken. And so if that’s your primary hurdle, folks out there in our listening space, I was once there too. And honestly, knowing that it’s a problem is as valuable as knowing the solution to it most of the time. 

[Brian Alexander 00:14:23] 

Yeah, and those are, I wanted to add, there is a lot to that to remember. That’s a lot to remember in terms of what you should be submitting, what, or I should say, what would be ideal in what you’re submitting. But luckily, in the test handbook, there’s a test report section, and it includes a description, it goes everything from, it starts with why we do bug reports to examples of the types of testing, whether it be for bugs or enhancements, which also need testing, and it has templates in there that you can copy and paste directly into Trac. And that’s very helpful.

[Josepha Haden Chomphosy 00:15:03]

Yeah,, we will have links to those in the show notes as well. Since we’re right there at that moment, what do you think we could do as WordPress to make reporting problems easier?

[Brian Alexander 00:15:15] 

I know that this has been something that’s come up during our weekly meetings, discussions on the Core test channel, as well as in contributor day test table discussions. And the test documentation that’s on the website is a little bit fragmented. I believe that the current test handbook was originally written for a type of flow analysis and feedback testing that is not the norm today. So it’s a little bit confusing. The terminology is a little dated, and the most recent updates that have been provided on there relate solely to Gutenberg, which is very important that that also be represented, but, in order to find information about testing and Trac or PHP unit tests, you have to go over to the core handbook.

So we could definitely make things improved by consolidating, bringing everything into one area so that if you are interested in testing, you’ll have everything in one place and not be split between that and not have outdated methodologies that are asking you to submit videos that nobody’s going to really look at because we’re not doing the flow tests anymore. So I think that that would be a benefit to future testers.

[Josepha Haden Chomphosy 00:16:41] 

Anne, any thoughts?

[Anne McCarthy 00:16:43]

Yeah. I’ll also add that I think there are like two things we can do. One is, there’s so much happening in the WordPress project in such a cool way that I think the more we can write targeted tests and talk to people about, like, hey, here’s this new thing coming. This is a high-impact area to test. It’s under active iteration. You’re gonna get a lot of engagement. People are really thinking about this and pulling people into that where you kind of get the momentum of getting the feedback in right when someone needs it. 

I think we could do that a bit more to make reporting problems easier because it’s kind of like you’re in the thick of it with a lot of people rather than maybe exploring an area where someone hasn’t looked at it in a minute.

So that’s the thing that comes to mind is just the more we can take the time. I think this release cycle has been really good with that, where there’s been a call for testing for fluid typography. There’s also been one for using block template parts and classic themes. And there’s a ton of stuff that’s been happening where we can kind of make these both developer and more end user testing experiences easier and better.

And Brian has done a great job continuing the tradition of, you know, helping test this latest release cycle. And he’s taken those posts and done an amazing job of helping, having specific testing as well. Tied to this, I think just this has always been a thing but better, easier testing environments for developers and for quickly setting up more WordPress sites to test things for end users.

[Brian Alexander 00:17:56]

Yeah. Another thing that we have been discussing in Slack in the Core and Core Test channels is the possibility of pre-populating the Trac tickets. With a template based on what it is that you’re reporting. So similar to copying a template for a test report out of the handbook. Instead, you would hit a button to say the type of bug you are submitting, and then it would pre-populate that, and then you could fill in the gaps for that. This already happens over in Gutenberg. There, there are templates, and I find that that is very helpful. And so being able to do that in Trac would be useful. 

And then for reporting problems on the user side, I thought that it would be interesting to have like you have for any other modern app, a button that says Report Bug in WordPress that could capture some intelligence data for your installation, the page that you’re on and have a simple text box where you could provide a little description and then submit that.

[Brian Alexander 00:19:08] 

Now, these wouldn’t be the types of things that would just go straight into Trac, most likely. However, it would be an opportunity to allow end users to just send something in, and start having it looked at, rather than looking and saying, okay, I found a bug in WordPress. Now, what do I do?  And then not reporting. 

So that would be the worst case is that the bug just doesn’t get reported. So that would be information that is already harvested if you go to your site health screen and your WordPress installation. A lot of that information that would be useful is there. In this type of bug report, we would want to anonymize and strip a lot of that information out.

There’s a lot of private stuff you don’t wanna share, but there is that data there that’s available that could potentially help in doing a bug report.

[Josepha Haden Chomphosy 00:19:57]

Brilliant. All right. Question for everyone in the room: what opportunities are there currently to help with testing? Anne, I know, and you already mentioned a few, we can just bombard everybody with links to the tests if we want. But yeah, what opportunities are currently out there?

[Anne McCarthy 00:20:13]

Yeah, I’ll mention the Full Site Editing outreach program. I’m very biased, but we’re always looking for new folks. We just crossed, I think, 600 people, which was unbelievable. So even if you’re not necessarily always able to help join the calls for testing, you can always pop into the FSE outreach experiment channel, which we’ll also add a link to.

And that’s just a great way when you have time to join because I flag stuff all the time, whether it’s about the outreach program or just in general across the project. Brian does really good weekly round-up testing posts as well. So make.wordpress.org/test is also a great place to get started.

And then right now, I think when this comes out, will be a great time to be helping test WordPress 6.1. So check out that post. I kind of wanna just shove everyone in that direction currently cause I think that’s the most high-impact thing to get involved with and one of the great ways to give back to the next version of WordPress to make it really delightful and easy to use.

Yeah, I’m just gonna leave it there, even though there are so many ways you can help.

[Josepha Haden Chomphosy 00:21:11]

WordPress 6.1 coming out on November 1st if you haven’t yet heard about it. Brian, what else have you got out there?

[Brian Alexander 00:21:16] 

In terms of the online stuff, Anne covered that pretty well. I would say if you have a local WordCamp, sign up for their contributor day or if there are any local WordPress meetups. When Covid ended up hitting and lockdowns were rolled out, a lot of this stuff started to really slow down. So I think now is a good time to maybe introduce the idea for, hey, let’s have a local meetup, and for a couple of hours, we’ll just do some testing, and look at some stuff in WordPress. 

So it might be a good way of getting people re-engaged. It’s a little bit lighter weight if you’re doing testing versus trying to actually provide a patch to fix an issue. So, might be a good way of bringing in some new faces and re-engaging people who we lost over the lockdown.

[Josepha Haden Chomphosy 00:22:09] 

Yeah, and if you all have never done a testing party for WordPress before, and it sounds like it’s maybe a really boring thing, it’s actually not, she said with strong authority and opinions. But also, I have never had a more successful learning experience with the WordPress CMS than when I was trying to figure it out with other people.

They see things that you don’t see, they know things you don’t know, and it really covers a lot of the bases for unknown unknowns when you’re trying to learn something. And then also you have all these people that like, we’re really in it with you, and everyone’s really pulling for each other, and it’s actually a bit more fun than it sounds like when you’re just like, a testing party. It turns into just like jointly solving a puzzle together, which I think sounds like a lot of fun.

It’s like a party, but for technology, I would feel this way. I am a mad extrovert, and we all know it, but. Now you two know it as well.

[Josepha Haden Chomphosy 00:23:08] 

I have a final, just like a fun question for you both, and if you have an answer, great. And if you don’t have an answer, I would be surprised.

So here we go. Last question of the day. If five more volunteers suddenly appeared to help on the Test Team, what would they do? Just, I waved a magic wand. I guess that’s what made it fun. I don’t know why. I was like, fun question and then I’m, like, assigned tasks that, Yeah, I waved a magic wand. That’s what made it fun.

[Brian Alexander 00:23:38] 

Yeah, I would say I would probably point them to FSE outreach program posts because…

[Josepha Haden Chomphosy 00:23:45] 

Woot woot. 

[Brian Alexander 00:23:47]

…the outreach program does a great job of outlining steps. You’re isolating testing in one particular area. It’s got a lot of tests. There’s examples of the types of feedback that you’re looking for, et cetera.

That’s a really good introduction to it, and most FSE testing does not require a local dev environment. Which is probably the biggest hurdle for a new tester coming in. If you do have developers with more experience, then they could start–and they wanted to look into Trac tickets or GitHub issues– then it does take a little bit of setup and you may spend the next few hours configuring your development environment.

So instead, I would recommend that you start with something like FSE outreach program posts.

[Anne McCarthy 00:24:37]

I did not pay Brian to say that. 

[Josepha Haden Chomphosy 00:24:42] 

We’re just all partial to it here. That’s all.

[Anne McCarthy 00:24:45] 

No, we really are. Yeah, no, this is, I love this question, and I actually find it really fun cause I think about it a lot. And we’ve talked about some of this stuff too, and it’s something that when I think about five more people suddenly appearing, makes me giddy.

Because we have folks, who have helped with like, I think I’ve mentioned like translations and group testing and even responding to questions that come from the channel and like, I just wish if we had five folks full time dedicated to that, I could see way more hallway hangouts where we casually talk about stuff and actually go on a call and talk live.

I could see folks, someone dedicated to helping translations and translating even more places. We have an Italian contributor who does it regularly, and a couple of Japanese contributors every once in awhile we get Spanish translation. But I’d love to see more translations to bring more people in, more facilitating group testing, more types of testing, helping me be more creative because sometimes I get a creative wall.

But more than anything, if I really think long term about the project and thinking about this outreach program model, which I don’t think I fully appreciated how new it was, Josepha, when you introduced the idea, I think it would be so neat to bring in more folks to actually create new outreach programs.

[Anne McCarthy 00:25:52] 

So maybe there’s an outreach program for theme authors or block theme authors, or maybe there’s an outreach program around collaborative editing. Like what does this look like, and how can we expand this to bring more people in? And I think a lot of that will prove the resiliency and lessons we’ve learned from Covid in the WordPress community. 

We can’t necessarily always rely on the meetup groups, so how can we meet people where they are? And I think there’s something really interesting and almost serendipitous that the outreach program started literally, I think it was like May 2020, like a couple of months into the pandemic.

And I, like, I want to see it in a position of strength where we both have the in-person community alongside this outreach program model that can intertwine work. And I’d love to see the model expand to different types. And right now, maybe part of that is we use the outreach program model, the full site editing outreach program group itself, to experiment more and to keep that level of experimentation.

That’s something I feel really strongly about is continuing to find what works and what doesn’t. And so if we had five more people, I could just, I’d probably go wild and have all sorts of cool, cool things and spinoffs, but I’m more introverted than Josepha, so there’s limitations to this.

[Josepha Haden Chomphosy 00:26:56] 

Well, you heard it here first. If you’re one of my 6,000 listeners. I only need five of one of you. Five of the ones of you to come and make Anne’s whole life an exciting joy for the next 12 months. So, I only need five of you and I know that you’re out there. There are 2000 or something, 6,000. I have no idea.

I’ve got more than 1000 of you listening, and I know that you wanna come and help Anne cuz she’s a delight. I know you wanna come help Brian cuz he’s a delight. Both of you. This was such a fun conversation. Thank you for joining me today.

[Brian Alexander 00:27:29] 

Thank you, Josepha. Thank you, Anne.

[Anne McCarthy 00:27:31] 

Yeah. Thank you.

[Josepha Haden Chomphosy 00:27:33]

And there it is a bit of a deep dive on the Test Team and how to get started on it. Like I mentioned, we’ll have a ton of links in the show notes over on wordpress.org/news. And I wanna remind folks that if you have questions or thoughts that you’d like to hear from me about, you can always email us at WPbriefing@wordpress.org.

[Josepha Haden Chomphosy 00:27:58] 

That brings us now to our small list of big things. First and foremost, we are counting down the days to the WordPress 6.1 release. We are within a month of the target release date. So if you have not tested the latest version with your plugins or themes, now is the time. 

Secondly, we are seeing translated tutorials being submitted on learn.wordpress.org. I’m delighted to see that happening, and I encourage any polyglots out there who feel called to consider translating one into your language and help other people feel empowered to use WordPress. 

And then the third thing is that the WordPress Speaker Workshop for Women Voices in India just concluded, so to celebrate, we’ve opened registrations for the WordPress Speaker Workshop for Women Voices in Latin America. Unlike the last one, this event takes place in person on October 29th. And so I’ll include a link to registrations for that in the show notes as well. 

And that, my friends, is your small list of big things. Thanks for tuning in today for the WordPress Briefing. I’m your host, Josepha Haden Chomphosey, and I’ll see you again in a couple of weeks.

by Santana Inniss at October 03, 2022 12:00 PM under wp-briefing

Do The Woo Community: How to Translate a WooCommerce Store Without Fuss or Friction

Translating a client website is essential. Given the reach of the web, there is value in making sure your client's shop is accessible to any visitor who visits.

>> The post How to Translate a WooCommerce Store Without Fuss or Friction appeared first on Do the Woo - a WooCommerce Builder Community .

by BobWP at October 03, 2022 09:43 AM under Tutorial

Post Status: Active Install Charts Removed from Plugin Repo

In reaction to as yet unpublicized details about the abuse of active install data in the WordPress.org plugin repository, the charts displaying that data have been removed from plugin pages in a move expected to be temporary. Important (and some familiar) questions are emerging as this story unfolds: how to balance the values of openness, security, and privacy as well as cooperation and competition at WordPress.org — still the central hub for WordPress plugin businesses.

Estimated reading time: 0 minutes

On September 29, changesets 12097 and 12098 were committed to the Meta Trac repository for wordpress.org by Scott Reilly (Audrey Capital). These changes remove the Active Install Growth chart from the plugin repository's “Advanced” section on individual plugins. The only explanation given by Scott is “insufficient data obfuscation.”

These changes are simply a reversion of the code that Alex Shiels (Automattic) added to create the section with active install data back in 2017. Alex's ticket for improvements to the “Advanced” view (#3106) includes other additions to public plugin data that were never implemented due to concerns over the potential for them to be “gamed.”

Plugin Owners Respond

On September 30, Mark Zahra opened Trac ticket #6511 “Bring back the active install growth chart” to express its importance to plugin owners and to request improvements rather than deletion. Discussions were already taking place in Make WordPress #meta, on Twitter, and in Post Status #business, where Mark shared his ticket. At Post Status, a discussion was already happening about the challenges of entering the plugin repo and succeeding there since Vito Peleg had just launched Atarim's freemium Visual Collaboration plugin at wordpress.org.

Abuse Comes to Light But Details Aren't Clear Yet

For some time now, it's been a common and reasonable assumption in the WordPress business community that some of the bigger plugin owners have very accurate data on their plugins' usage as well as their competitors — enough to create a “leaderboard” to assess the effectiveness of sales campaigns or to see a buying opportunity in others' declining install figures.

Abuse of the active install growth chart has been an issue in the past. Barış Ünver's article, The Decline of Speed Booster Pack, touches on an incident where several hundred plugins had their install stats artificially inflated, mostly to mask the perpetrator.

Abuse seems to be an issue again but of a different type.

Josepha Haden Chomphosy joined the #meta discussion and said Marius Jensen was approximately correct in guessing “the active install growth could be (was being?) used to determine near exact numbers, making the intended obfuscation pointless.”

The data shared is always a bit obfuscated so that it’s harder to “game the system” — the same reason we don’t have running leaderboards for contributions.

Josepha haden Chomphosy <https://wordpress.slack.com/archives/C02QB8GMM/p1664559896577109>

Security or Privacy? Or Security and Privacy

In reply to Mark's ticket, John James Jacoby affirmed there had been, in Michael Nelson's words, a “closed-door security or privacy decision taken by a larger group.” The active install growth charts were not pulled on a whim by a single individual.

Sponsored by Awesome Motive, John is a full-time contributor to the Core, Documentation, and Meta teams. He says he independently reviewed the code generating the data for the active install chart which he noted “is outside of the Meta repository” with other “code responsible for keeping WordPress.org running.” None of this code is “publicly available,” but he “independently identified precisely why these charts were removed the way that they were,” and he “would not have made any different decisions had [he] been in on the decision-making process.”

John added he doesn't “have any doubts that [improvement and not removal] is the long-term goal” for the active install growth chart. Further, he added that fast, private action was called for and “is not intended to hurt your community of users.” Instead, the intention is to “[exclude] many people to protect them from some people.”

Later, in #Meta, John specified two future options for the return of Active Install data:

Private by default, and optionally made public by plugin authors on a per-plugin basis.

A GUI could be invented to allow plugin authors to add usernames with access to the stats, similar to how it works for the support forums.

Why Active Install Data Matters

Active installs are the only way plugin owners can estimate the number of sites that are using their free plugin — and assess growth or decline over time. As Joost de Valk noted on Mark's ticket, “The trends in this data are super important for plugin developers, as seen by the many many people that have responded to this in [WordPress] Slack.”

By monitoring many plugins across the repo, market trends can be assessed as well. Doing this work manually for even a single plugin is quite a chore. Iain Poulson, who is now at WP Engine, automated and improved on that process for Plugin Rank, which is now an Awesome Motive product. wpMetric offers a similar analysis. So does WPDesk's Active Installs.

For some time now, it's been a common and reasonable assumption in the WordPress business community that some of the bigger plugin owners have very accurate data on their (and their competitors') plugins' usage — enough to create a “leaderboard” to assess the effectiveness of sales campaigns or see a buying opportunity in others' declining install figures. Josepha and John are clearly opposed to that happening, certainly in a public way.

Healthy Co-opetition Is Not a Leaderboard

Reflecting on some early BuddyPress history, John shared how that project's “original primary concern” had been:

…revealing active install charts & graphs for all plugins & themes may not actually be healthy for the entire community, because it is impossible to resist using that single number to speculate about things those numbers may or may not imply – quality, security, performance, earnings, success, etc… and when that scales to inevitably comparing data across multiple plugins & themes, is any of that actually healthy, positive, or a real goal?

John also addressed Joost's sharpest criticism that “Automattic has an unfair competitive advantage because they have access to more accurate stats,” while everyone else is now fully in the dark. (Joost made this claim on several channels, and it's a continuing thread in #meta.)

I will go one step farther and say, that if a goal with any data is to be fair to each other with it, that includes a responsibility to serve up the same data with the same interface to everyone, and to prevent people from accessing it in any way that is unintended or unfair.

…which is essentially what has happened, here.

JJJ <https://meta.trac.wordpress.org/ticket/6511#comment:5>

Open to all — for all who want to be open — seems to be the way the issue will be resolved, probably to a near consensus.

But will enough data be available to satisfy those who feel like “Second-Class Third-Party Developers,” as Iain Poulson put it in his WP Trends newsletter this morning?

The deepest issues will likely remain divisive — perceived competitive advantages, the definition of healthy competition in an open source ecosystem, and who gets to referee these things.

Josepha emphasized that “suggestions are welcome for how to get some data for you all while doing our best to stick with a ‘co-opetition‘ mindset.”

Reply on Mark's ticket if you have helpful contributions to make toward that goal.

Worthwhile questions that (re-)emerged in these events:

  • Can active install data collection be improved and explained sufficiently to indicate what it measures and how accurate it is — without revealing too much information that could be abused? What is the best balance of care, openness, and awareness that abuse will always happen, sooner or later?
  • Can decisions like pulling active install data (along with the people and processes involved in those decisions) be more transparent and publicly defined to avoid the confusion, injury, and distrust that often results? As a matter of internal public relations, could there be people tasked with explaining delicate issues that can't (immediately) be explained fully in a public way? (As opposed to hints and guesses in Slack.)
  • Same question for WordPress.org #forum policies on moderation, reviews, replies to reviews, and other things plugin owners care about. Without being too open (due to the risk of “gaming”), can clearer guidance be given to onboard new plugin owners at .org? E.g, how reviews are validated, why they may be removed, and how to appeal their removal? Or how plugin owners and their support staff should avoid or deal with being put under moderation?
  • What are winning growth strategies for plugin owners that aren't dependent or overly focused on single measures of success — whether they use the .org repo or not? What are the best ways to go all-in with .org? Or is that simply a mistake?
  • How does/doesn't the inclusion of all wp.org plugins in the new wp.com marketplace affect active install stats? Are these combined or separate numbers? What data is available from wp.com to free and commercial plugin owners about their installs there?

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Dan Knauss</span> at October 03, 2022 05:01 AM under Yoast

October 01, 2022

Gutenberg Times: Content-only editing for patterns, Learn to use Data Layer in WordPress and more – Weekend Edition 231

Howdy,

Thank you for the check-ins after Hurricane Ian aimed for Southwest Florida, and made landfall on Wednesday. Some areas of Florida experienced major destruction, via the storm surge and flash floods. My husband and I were lucky. We have no damage to our house, and we were only without power and internet for 28 hrs. We are both back at our desks working.

And bringing you the news on block theme building, custom blocks and more.

Enjoy and have a great weekend.

Yours, 💕
Birgit

PS: If you want us to share your block-theme, your latest block plugin or your tutorial, feel free to email pauli@gutenbergtimes.com. If you have questions about any of the topics, comment below and I answer within a day or two.

PPS: On Monday, I will be a guest on Nathan Wrigley’s This Week in WordPress together with Kathy Zant and Bob Dunn. Join us via YouTube at 9 am EDT / 13:00 UTC

Developing Gutenberg and WordPress

Gutenberg 14.2 was released. Release lead Michal Czaplinski, posted about What’s new in Gutenberg 14.2? (28 September). He highlighted the following features:

Anne McCarthy published another post in the series of Core Editor Improvements, titled Catalyst for creativity and control. “This post goes through each category of design tools, what blocks they are available in, the progress made, and some fun examples showing off what you can now do. The result is a catalyst for creativity, with more to come on the horizon. ” she wrote. The design tools listed are:

  • Typography Controls
  • Dimensions and Spacing
  • Color Controls
  • Layout Support
  • Border Controls
Blocks with Typography Support from the post Core Editor Improvement: Catalyst for creativity and control

Joen Asmussen posted an update from the WordPress design team: Design Share: Sep 12 – Sep 23. The team explored how it would look if the Documentation Outline would be integrated into the List View. There is quite some overlap between the two features that could be simplified. There is ongoing work done on the placeholder designs for the Site editor. New inserter preview and features are explored and many more updates. They could all user your input on how things could be improved for the content creator and site builder. Check out a proposed refresh of the patterns that come bundled with the Query Loop block.

Proposed Query Loop pattern seen Design Share: Sep 12 – Sep 23

🎙️ New episode: Gutenberg Changelog #73 – Gutenberg 14.1, next default theme, design Tools in WordPress 6.1 with special guest, Channing Ritter, and host Birgit Pauli-Haack

Plugins, Themes, and Tools for #nocode site builders and owners

Nick Diego built his Slidedeck for WCUS entirely out of blocks. He now wrote a post about the Why and the How Diego also mentioned he used 724 blocks in his slide deck.


Jamie Marsland explains that Custom Post Designs are easy with WordPress Block Themes – no plugins needed! in his latest YouTube Video. In this 9 min-video, you’ll learn

  • How to create a custom post design
  • How to create a custom post category page
  • How to use the Custom Post Type UI plugin
  • Use Custom Post Type UI plugin with a WordPress Block Theme
  • How to create a custom archive with Custom Post Type UI plugin

Kevin Batdorf published his new plugin Code Block Pro. It provides you with an editor that runs your code directly through the same rendering engine that is used by the popular VS Code editor.

Theme Development for Full Site Editing and Blocks

Nick Diego’s WCUS talk is now available on WordPressTV: Let’s Build a Custom Block in 15 Minutes

Carolina Nymark posted a tutorial on Creating templates for custom post types, as “several theme developers have reached out asking how to create full site editing templates for custom post types.” In this lesson, Nymark explains:

  • How to create templates for custom post types in the Site Editor
  • How to add file-based templates in your theme
  • How to add default blocks to the post type templates
Building a Block-Based Header Template in a Classic Theme
Thisstep-by-step tutorial teaches you how to build a block-based header template in a classic theme in WordPress, including CSS tweaks, template parts, pattern creation, and more.Theme authors who are considering adopting block template parts, especially those with classic themes and existing user bases, this tutorial is for you. It touches on a few different features and how they come together. Read more.

Rich Tabor wrote a guide on How to simplify WordPress patterns with content-only block editing, coming to WordPress via the version 6.1. “When applied to a block pattern, all content blocks nested within continue to be editable, but moving and removing is disabled, and all design controls are hidden” Tabor explained.


Jacob Martella continues his series of Creating a block Theme with this week’s Creating the Archive and 404 Templates. And you can learn it in less than 8 minutes.

 “Keeping up with Gutenberg – Index 2022” 
A chronological list of the WordPress Make Blog posts from various teams involved in Gutenberg development: Design, Theme Review Team, Core Editor, Core JS, Core CSS, Test and Meta team from Jan. 2021 on. Updated by yours truly. The index 2020 is here

Building Blocks and Tools for the Block editor.

New Course to Learn.WordPress: Using the WordPress Data Layer – This course by Adam Zielinski provides a step-by-step introduction to all the data layer concepts, a JavaScript library used throughout the WordPress editor to read and write data. Whenever you save a post, insert a page list block, or select the post author – it’s all powered by the WordPress data layer.


Ryan Welcher explored three new features for developers coming in WordPress 6.1 release. He covered

  • Query Loop block variations
  • Using the render property in a block.json file
  • Block-based template parts in Classic themes

The author team Lindsey Bell, Lax Mariappan and Ximena Kilroe of Webdev Studios published Optimizing the WordPress Block Editor Experience in which they outline how to make it easier for editors to perform their jobs, using ACF, ACF blocks, and other tools.

Need a plugin .zip from Gutenberg’s master branch?
Gutenberg Times provides daily build for testing and review.
Have you been using it? Hit reply and let me know.

GitHub all releases

Upcoming WordPress events

Oct 11 – 13, 2022
WooSesh  A virtual conference for WooCommerce
The schedule is now available. I am looking forward to Darren Ethier’s The Future of Personalizing Your Storefront and what WooCommerce is doing in the era of WordPress Full Site Editing (FSE) on October 12 at 1pm EDT / 17:00 UTC.

Have a look at the schedule of upcoming WordCamps.

Learn WordPress Online Meetups

October 17, 2022, at 4:00 PM EDT / 20:00 UTC
Part 1: Re-Creating Block Designs

Recorded and available on WordPressTV


Featured Image: Buildings, Roads, Bangkok by Kaushik Baroliya, found on WordPress Photos.


Don’t want to miss the next Weekend Edition?

We hate spam, too and won’t give your email address to anyone except Mailchimp to send out our Weekend Edition

Thanks for subscribing.

by Birgit Pauli-Haack at October 01, 2022 05:32 AM under Weekend Edition

Post Status: Drinking from the Firehose

Happy Friday!

We're finding it increasingly tough to get all the best WordPress news and info into a reasonably-sized email, but we're doing it by making lots of cuts.

In the newsletter, you'll see links to the full weekly digests for the Business, Tech, Career, and Community sections we're focusing on now. Plus we've added a new ongoing section focused on WordPress project and contributor news from core and all the teams.

You can read all of this week's newsletter here

And if you want everything without the cuts, head over to poststatus.com/the-week/.

Get some rest and recharge this weekend! (I hope to.) See you next week! 

–Cory Miller

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Cory Miller</span> at October 01, 2022 12:00 AM under Post Status Team Blog

September 30, 2022

Gutenberg Times: Building a Block-Based Header Template in a Classic Theme

WordPress 6.1 will allow classic theme authors to begin using block-based template parts. It is one of the most exciting features of the release and one that has long been on my personal wish-list.

Over the past couple of weeks, I’ve been doing a deep dive into this new feature, wondering how it could fit into real-world projects. My conclusion was:

  • If building a new classic theme from scratch, block template parts should be relatively easy to insert into it.
  • If adding block template parts into a classic theme, there are likely a few hurdles that you’ll need clear, hoops to jump through, and even potential mountains to climb.

The latter is what this tutorial will focus on. There are 1,000s of classic themes out there in the wild, and the most likely use case for this feature will be the developers who are gradually adopting FSE features.

With that use case in mind, I picked a battle-tested classic theme that is still somewhat recent: Twenty Twenty-One. It already had some of the foundational pieces, such as supporting the block-based content editor. However, it didn’t have support for newer FSE features, such as theme.json.

The other goal for this walk-through was to show a more advanced use case rather than only cover the basics. Ultimately, this helped reveal some of the issues theme authors might face as they go on this journey.

In the end, I created hero header for Twenty Twenty-One that provides users a ton of flexibility for customizing its output on the front end:

Hero header built with a block template part.

I invite you to come along with me down this path. I did all of the hard work ahead of time in hopes that it will help those of you who want to give this new feature a try.

If you’d rather skip the walk-through and dive right into the code, no worries. I extracted everything I am covering into this tutorial and put it in a child theme named TT1 Block Parts. Child themes are an easy way to test features without directly changing the parent theme, so I encourage going that route too.

Setting the Groundwork

This feature will be available as part of the WordPress 6.1 release. To test it now, you must either install the WordPress 6.1 Beta 2 or the latest version of the Gutenberg plugin. You will also need a classic theme active on your site. Use Twenty Twenty-One to follow along with each step exactly.

Before building a block-based template part in a classic theme, you must enable the feature via the block-template-parts theme-support flag in your theme’s functions.php file.

<?php add_action( 'after_setup_theme', 'tt1_block_parts_setup' ); function tt1_block_parts_setup() { add_theme_support( 'block-template-parts' ); }
Code language: PHP (php)

This code will create a new Appearance > Template Parts page in the WordPress admin:

Initial template parts screen when no parts are registered.

At this point, it’s empty, but you and your users will be able to customize any existing block template parts from this screen once you’ve created them. Let’s do that now.

The next step is building a header template part, which will live in the theme’s parts folder (this is where all block template parts go). The easiest way to get started is to create an empty parts/header.html file. We’ll build this out from the site editor in the next steps.

Now, we need to replace Twenty Twenty-One’s header with our custom one. Open the theme’s header.php template and find this line of code:

<?php get_template_part( 'template-parts/header/site-header' ); ?>
Code language: PHP (php)

Replace it with the following:

<?php block_template_part( 'header' ); ?>
Code language: PHP (php)

It won’t be that easy with every theme. Fortunately, Twenty Twenty-One already separated its primary template code into a PHP-based template part, so we merely needed to change one function call with another. For other themes, it may require removing large chunks of code. It just depends on the theme itself.

Clearing Those Hurdles

Most classic themes were simply not designed to handle blocks outside the content area. This is even true of Twenty Twenty-One because the block-based template editor didn’t exist when it was created.

Each theme is unique, so there is no way for me to realistically foretell what sort of adventures you might go on to get block template parts to work. However, what I can tell you is what I changed with Twenty Twenty-One.

The goal here is transparency rather than glossing over those very likely hurdles you’ll need to jump, but do not let them scare you away.

Adding theme.json Support

Based on my tests with Twenty Twenty-One and other themes, opting into theme.json was almost a must-have. I had the most most success by configuring settings.layout to support wide/full alignments (I used existing CSS properties from the theme for this). I also needed settings.spacing.blockGap to have control over the spacing between menu items in the Navigation block.

With that in mind, I strongly recommend starting with a simple theme.json file in your theme, assuming it doesn’t already have one:

{ "version": 2, "settings": { "layout": { "contentSize": "var( --responsive--default-width )", "wideSize": "var( --responsive--alignwide-width )" }, "spacing": { "blockGap": true } } }
Code language: JSON / JSON with Comments (json)

Style Overrides

I also had to make a few CSS overrides (editor and front end) so that everything was a bit less wonky. Remember, we’re pushing blocks into a place they have never been before in the theme, so some adjustments are a given.

The following CSS is all that was needed to make the block template part work. The most time-consuming aspect was tracking this stuff down in a theme that I wasn’t particularly knowledgeable of.

.wp-block-navigation:not(.has-background) .wp-block-navigation__container { background: transparent; } .wp-block-cover__inner-container > * { max-width: none !important; } .wp-block { max-width: none; } .wp-block-cover .wp-block-site-title.has-text-color a { color: inherit; } .is-root-container > :first-child { margin-top: 0; }
Code language: CSS (css)

Building a Block Header Template Part

Before we get to the more advanced, media-based version of a header template part, let’s stick with the basics. I promise to cover some of the fun stuff as we move along. For now, let’s learn to crawl before attempting to walk.

Go back to the Appearance > Template Parts screen in the WordPress admin that you created in the first step. Click on the “header” template part, which will take you to the template editor. You should see an empty canvas on which to place your creation.

I started with a Cover block. It’s a simple starting point but one of the most flexible blocks in WordPress, providing end-users with tons of customization options out of the gate.

Adding a Cover block to the Header template part.

I kept my block settings simple and selected the following:

  • Overlay Color: The theme’s default gray
  • Overlay Opacity: 100

Inserting Branding and Navigation

I wanted to keep Twenty Twenty-One’s default header elements in place, which meant recreating the theme’s branding and navigation menu while not going overboard with additional elements.

To achieve this, I added a 50/50 Columns block (the widths of these could be adjusted). In the left column, I inserted Stack with Site Title and Site Tagline. On the right, I placed a Navigation block.

Adding branding and a navigation menu.

The individual settings for these blocks are not particularly important. You can customize them to your liking. The most vital ones are likely justifying the Stack block left and Navigation block right. I also bumped up the block spacing to space out the nav menu items.

This is where you can have a lot of fun, and I don’t want to spoil it with a step-by-step guide on what stylistic settings to choose. Experiment. Go wild!

Extra: Locking Blocks

One of my favorite tools as a theme author is the ability to lock blocks in place with more complex templates or patterns. One of the primary use cases for this is to prevent end-users from accidentally removing an important block, such as the Site Title, or moving things around and being unable to reconfigure them. The site header is one easiest areas to mess up.

For the individual Column block wrapping the Site Title and Site Tagline blocks, I selected all three of the currently-available lock settings:

  • Disable movement
  • Prevent removal
  • Apply to all blocks inside
Locking the header branding Column block and its content.

I also set a lock on the outer Columns block to prevent users from inadvertently moving or removing it.

By default, end-users can unlock a block by clicking the “lock” toolbar icon. The extra step primarily serves as a warning to only take this action if they feel comfortable doing so. It’s possible to even prevent this from the development end, but that’s outside the scope of this tutorial. To go even more advanced with block locking, take a read the the Curating the Editor Experience documentation and its section on the Locking APIs.

Copying the Header Part to the Theme

Because we built this template part within the editor, all of our customizations are stored in the database. If planning to distribute this theme to others, you should copy all of the blocks from the editor to your parts/header.html file.

The final code for my template part was:

<!-- wp:cover {"overlayColor":"gray","minHeight":450,"minHeightUnit":"px","style":{"spacing":{"padding":{"top":"4rem","right":"4rem","bottom":"4rem","left":"4rem"}},"color":{}}} --> <div class="wp-block-cover" style="padding-top:4rem;padding-right:4rem;padding-bottom:4rem;padding-left:4rem;min-height:450px"><span aria-hidden="true" class="wp-block-cover__background has-gray-background-color has-background-dim-100 has-background-dim"></span><div class="wp-block-cover__inner-container"><!-- wp:columns {"verticalAlignment":"center","lock":{"move":true,"remove":true}} --> <div class="wp-block-columns are-vertically-aligned-center"><!-- wp:column {"verticalAlignment":"center","width":"50%","templateLock":"all","lock":{"move":true,"remove":true}} --> <div class="wp-block-column is-vertically-aligned-center" style="flex-basis:50%"><!-- wp:group {"lock":{"move":false,"remove":false},"style":{"spacing":{"blockGap":"var:preset|spacing|30"}},"layout":{"type":"flex","orientation":"vertical","justifyContent":"left"}} --> <div class="wp-block-group"><!-- wp:site-title {"style":{"typography":{"textTransform":"uppercase","fontSize":"1.5rem"},"elements":{"link":{"color":{"text":"var:preset|color|white"}}}},"textColor":"white"} /--> <!-- wp:site-tagline {"style":{"typography":{"fontSize":"16px"}},"textColor":"white"} /--></div> <!-- /wp:group --></div> <!-- /wp:column --> <!-- wp:column {"verticalAlignment":"center","width":"50%"} --> <div class="wp-block-column is-vertically-aligned-center" style="flex-basis:50%"><!-- wp:navigation {"ref":2586,"textColor":"white","layout":{"type":"flex","justifyContent":"right"},"style":{"typography":{"fontSize":"16px"},"spacing":{"blockGap":"2rem"}}} /--></div> <!-- /wp:column --></div> <!-- /wp:columns --></div> </div> <!-- /wp:cover -->
Code language: HTML, XML (xml)

After saving that file to your theme, you also need to clear your customizations from the database. You can do this by clicking on the Template Parts admin menu item and selecting the (vertical ellipsis) button for the Header part and clicking the “Clear customizations” option.

Clearing customizations from the Header template part.

As you can tell from the above screenshot, I have been tinkering with a lot of template part ideas.

Leveling Up With Patterns and Media

A plain ol’ dark gray header background might not be too exciting. As promised, we’ll kick this up a notch by integrating with another block-related featured that classic themes can opt into: patterns. We’ll use this to add a video background (or, image, if you prefer).

Because block template parts are HTML, it means that you cannot do anything dynamic, such as accurately reference media via your theme’s URL path. You need PHP to do this. That’s where patterns come in.

Instead of putting all of the block code into parts/header.html, you now only need one line of code:

<!-- wp:pattern {"slug":"tt1-block-parts/header-video"} /-->
Code language: HTML, XML (xml)

This references a “Header Video” pattern that we will build in these next steps.

WordPress will automatically register any patterns found in a theme’s patterns folder. So, the next step is to create a patterns/header-video.php file with a few lines of info:

<?php /* * Title: Header - Video * Slug: tt1-block-parts/header-video * Viewport Width: 1024 * Categories: header, twentytwentyone * Inserter: yes */ ?> <!-- Replace with block code. -->
Code language: HTML, XML (xml)

When you’ve built out your header, just remove the <!-- Replace with block code. --> and put the block HTML code in its place.

Let’s jump back to the editor. Using the same header from earlier, we can make a few simple changes to the Cover block to liven things up a bit.

  • Click the “Add Media” toolbar button and select a image or video (your preference).
  • Click the duotone toolbar button to put a filter over the media.
  • Remove the overlay color and adjust the opacity settings in the block inspector sidebar to your liking.
Adding a video and duotone filter to the Cover block.

Now, you need to copy the block code from the editor and paste it into your patterns/header-video.php file. However, there is one important step you must take afterward. You need to change any references to image or video files that look like the following (there may be more than one occurrence):

http://localhost/wp-content/uploads/2022/09/header-bg.mp4
Code language: JavaScript (javascript)

Those need to reference the media file wherever it lives within your theme. Because I put my header video MP4 into my theme’s assets/video folder, I changed each reference to the following:

<?= esc_url( get_theme_file_uri( 'assets/video/header-bg.mp4' ) ) ?>
Code language: PHP (php)

My final patterns/header-video.php code became:

<?php /* * Title: Header - Video * Slug: tt1-block-parts/header-video * Viewport Width: 1024 * Categories: header, twentytwentyone * Inserter: yes */ ?> <!-- wp:cover {"url":"<?= esc_url( get_theme_file_uri( 'assets/video/header-bg.mp4' ) ) ?>","dimRatio":0,"backgroundType":"video","minHeight":450,"minHeightUnit":"px","isDark":false,"style":{"spacing":{"padding":{"top":"4rem","right":"4rem","bottom":"4rem","left":"4rem"}},"color":{"duotone":["#000000","#D1E4DD"]}}} --> <div class="wp-block-cover is-light" style="padding-top:4rem;padding-right:4rem;padding-bottom:4rem;padding-left:4rem;min-height:450px"><span aria-hidden="true" class="wp-block-cover__background has-background-dim-0 has-background-dim"></span><video class="wp-block-cover__video-background intrinsic-ignore" autoplay muted loop playsinline src="<?= esc_url( get_theme_file_uri( 'assets/video/header-bg.mp4' ) ) ?>" data-object-fit="cover"></video><div class="wp-block-cover__inner-container"><!-- wp:columns {"verticalAlignment":"center","lock":{"move":true,"remove":true}} --> <div class="wp-block-columns are-vertically-aligned-center"><!-- wp:column {"verticalAlignment":"center","width":"50%","templateLock":"all","lock":{"move":true,"remove":true}} --> <div class="wp-block-column is-vertically-aligned-center" style="flex-basis:50%"><!-- wp:group {"lock":{"move":false,"remove":false},"style":{"spacing":{"blockGap":"var:preset|spacing|30"}},"layout":{"type":"flex","orientation":"vertical","justifyContent":"left"}} --> <div class="wp-block-group"><!-- wp:site-title {"style":{"typography":{"textTransform":"uppercase","fontSize":"1.5rem"},"elements":{"link":{"color":{"text":"var:preset|color|white"}}}},"textColor":"white"} /--> <!-- wp:site-tagline {"style":{"typography":{"fontSize":"16px"}},"textColor":"white"} /--></div> <!-- /wp:group --></div> <!-- /wp:column --> <!-- wp:column {"verticalAlignment":"center","width":"50%"} --> <div class="wp-block-column is-vertically-aligned-center" style="flex-basis:50%"><!-- wp:navigation {"ref":2586,"textColor":"white","layout":{"type":"flex","justifyContent":"right"},"style":{"typography":{"fontSize":"16px"},"spacing":{"blockGap":"2rem"}}} /--></div> <!-- /wp:column --></div> <!-- /wp:columns --></div></div> <!-- /wp:cover -->
Code language: PHP (php)

As you did in the earlier step, clear any customizations from your header template part in the admin for the file from the theme to take effect.

Cleaning Up the User Experience

There is one final task that I must ask of you as a theme author. It’s not required, but it is one of those nice-to-haves that will make the user experience a bit nicer.

Remember that theme.json file that we created much earlier in this walk-through? Let’s add a templateParts section to it and register our custom header. We can add a title for our header template part that can be translated.

The final theme.json file:

{ "version": 2, "settings": { "layout": { "contentSize": "var( --responsive--default-width )", "wideSize": "var( --responsive--alignwide-width )" }, "spacing": { "blockGap": true } }, "templateParts": [ { "name": "header", "title": "Header", "area": "header" } ] }
Code language: JSON / JSON with Comments (json)

Now everything is nice and polished. Pat yourself on the back for a job well done if you’ve made it this far. Block-based template parts can be a lot of fun, and they’ll put a ton of customization power into the hands of your users.

Resources To Learn More

by Justin Tadlock at September 30, 2022 02:46 PM under Themes

Post Status: WordPress Careers Roundup for the Week of September 26, 2022

Craft your origin story • Pointed questions for devs to ask prospective employers • Strategies against Ageism • IBM's a**hole test • Take a pass on a “fast-paced environment.” • WordPress Translation Day • Writing Tips for Engineers • Preventing burnout as a manager

Estimated reading time: 0 minutes

Walt Kania explains why you should craft your origin story over at the Freelancery. Walt has good advice, and most of it applies far beyond freelancing. I've only seen about three truly helpful books about freelancing on the web, and they were all free — once. Walt's is the best, hands-down, for any kind of professional contractor practicing a craft. That's how he approaches copywriting, and so should you — whatever you do. Way Smarter Freelancing: Your Real-World, Hands-On, Field Guide is available for only USD 9.95. READ →

Jussi Pakkanen has some pointed questions for developers to ask a prospective employer during a job interview. Two good ones: Does this or any related team have a person who actively rejects proposals to improve the code base? Explicitly list out all the people in the organization who are needed to authorize a small change, like a typo in a log message. MORE →

Sadly, these “5 Secrets to Getting Hired After 50” from the AARP are mostly about getting past age discrimination, especially the advice to “polish your appearance.” But, “According to some research, once hiring managers were able to interview applicants face-to-face, they were 40 percent less likely to hire older workers than they were to hire a younger applicant with the same skills.” MORE →

Supposedly IBM used to have an a**hole test to see how job candidates behaved in a group that was given an impossible task. Mean, and maybe unfair but also a worthwhile thought experiment or even a fun team-building exercise when no one is being evaluated by HR. How do you think you would behave? MORE →

The Misanthropic Developer casts a cold eye at job listings that mention a “Fast Paced Environment.” Why isn’t this a selling point? “It’s often (correctly) interpreted as code for ‘overworked and understaffed.'” MORE →

Quick Links

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Dan Knauss</span> at September 30, 2022 01:30 PM under Walt Kania

Do The Woo Community: WooBits: Do the Woo, a Community Partner at WooSesh 2022

We are excited to be part of WooSesh 2022 this year as we host end-of-the-day wrap up conversations with speakers from the event.

>> The post WooBits: Do the Woo, a Community Partner at WooSesh 2022 appeared first on Do the Woo - a WooCommerce Builder Community .

by BobWP at September 30, 2022 09:27 AM under WooBits

September 29, 2022

Post Status: Shiny New Things!

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Dan Knauss</span> at September 29, 2022 06:48 PM under WP Tests

Post Status: WordPress Biz Roundup for the Week of September 26, 2022

WordPress Business News and Insights

2022 Web Almanac CMS findings • WP Cloud • Sponsored core contributor and sponsor data • WP Biz Dev • Female-Owned and Led WP Businesses • and more →

Estimated reading time: 0 minutes

2022 Web Almanac CMS Report

According to the CMS chapter of the just-released 2022 Web Almanac from the HTTP Archive, sites using a CMS — and WordPress — are still steadily increasing globally, and 34% of all the sites with an identifiable CMS were using a page builder. WordPress comes in at the bottom of the pack, however, when it comes to non-mobile device performance as measured by Core Web Vitals. For mobile, only Adobe Experience Manager performed worse — and by quite a margin. In terms of Lighthouse performance scores, WordPress was on par with its peers. MORE →

⛅ This week's WordPress Weather Report from Ellipsis: WordPress is up 0.02 to -0.02 under the baseline while WooCommerce holds steady at +0.02. 📈

What is WP Cloud? Who is it for?

WP.cloud has been flying under the radar for a while. At the WP Minute, Matt Medeiros spoke with Jesse Friedman, Director of Innovation at Automattic, to learn more. WP Cloud is a Platform as a Service (PaaS) built on the hosting infrastructure that’s behind WordPress.com, Pressable, and WordPress VIP with GridPane soon to follow. Agencies that want to white label their client hosting are ideal customers for WP Cloud via GridPane. In Post Status Slack, there's been a hearty discussion about where WP Cloud fits in the hosting industry and why you might want (or not want) to use it. MORE →

WordPress Core Contributor Stats: 19.9% Sponsored for 6.0 Release

Chuck Grimmet, who is on Automattic‘s Special Projects team for WordPress.com, “did some data exploration around WordPress core contributors and the companies they work for.” Chuck breaks down the data in detail with several tables on his blog. The results point toward nearly 20% of contributors being sponsored for the 6.0 release, assuming they were sponsored by the same company during that entire time. MORE →

Quick Links

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Dan Knauss</span> at September 29, 2022 06:45 PM under WP Cloud

Post Status: WordPress Core Contributor Stats: 19.9% Sponsored for 6.0 Release

Chuck Grimmet, who is on Automattic‘s Special Projects team for WordPress.com, “did some data exploration around WordPress core contributors and the companies they work for.” Chuck breaks down the data in detail with several tables on his blog.

Notably, the percentage of sponsored contributors has steadily increased to almost 20% for the 6.0 release. However, Chuck notes, “The data gets less accurate the further I go back in terms of release dates because I can only scrape their current profile, not their previous profiles. Some most likely switched employers.”

Core Contributor Marius Jensen noted in Post Status Slack how complicated it would be to get a totally accurate fix on sponsored contributors. Marius has contributed to all the releases in Chuck's survey, but Marius was not with his current employer for that entire period. As well, some contributors may have been sponsored in the past but are no longer sponsored — or vice versa. Others' sponsors may have changed.

Chuck's research was inspired by a good question from David Bisset:

I've been an admirer of Chuck's blog for a while — especially his use of Webmentions. We should all use them.

This article was published at Post Status — the community for WordPress professionals.

by <span class='p-author h-card'>Dan Knauss</span> at September 29, 2022 01:35 PM under WordPress.com

Do The Woo Community: All You Should Know About the WooCommerce Agency Partner Program

Mary Voelker from WooCommerce shares all that you need to know if you have an agency interested in being part of the WooCommerce Agency Partner Program.

>> The post All You Should Know About the WooCommerce Agency Partner Program appeared first on Do the Woo - a WooCommerce Builder Community .

by BobWP at September 29, 2022 10:31 AM under WooWP Chats

Follow our RSS feed: 

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this site, send an email to Matt.

Official Blog

For official WordPress development news, check out the WordPress Core Blog.

Subscriptions

Last updated:

October 07, 2022 03:45 PM
All times are UTC.