The Month in WordPress: May 2017

With WordCamp Europe coming up in June, as well as the Community Summit and the release of WordPress 4.8, there is a lot happening in the WordPress world that is leading up to all of that. This¬†has made May a particularly busy month, so there’s a lot to read through and catch up on from¬†most areas of the WordPress project. I can guarantee you that it is all super interesting and well worth reading ūüôā

Security issue, HackerOne and bug bounties

After a security issue regarding the password reset email function in WordPress was uncovered, the WordPress security team stated that, due to this issue only appearing on a relatively specific server infrastructure, the issue would be fixed in a future release. Shortly after all this came to light, it was coincidentally announced that WordPress is now included on the popular bug hunting platform, HackerOne. HackerOne is a platform for security researchers to responsibly disclose security concerns to the relevant team and you can find the WordPress page for it here. To make it even more enticing for people to find and report security issues, the WordPress team are also offering bug bounties (i.e. cash payouts) to people who safely and effectively disclose issues to the security team. This is a big step forward for WordPress security as it means that more people will be able to work on fixing security issues (and be motivated to do so), which will allow for much faster iteration when it comes to patching bugs that could pose security threats.

Reflecting on a WordCamp name change

The general rule for WordCamps is that they must be city-based and not country-based, with regional camps like Europe and US being notable exceptions for a number of reasons. Unfortunately, due to flexible implementation of this rule in the past, there have been a few country-wide WordCamps occurring regularly. Those camps are now being brought in line with the rest of the global community and some organisers have taken issue with that fact. One community that did originally take issue with it, and had plenty of fears of how their WordCamp would be affected, are the team behind WordCamp Helsinki (formerly WordCamp Finland). After their recent WordCamp, one of the organisers wrote a reflective post highlighting their major concerns with changing the name of the WordCamp and how fearful they were of the change. The post went on to say how much of a success the first WordCamp Helsinki was Рsomething that is a very positive and hopeful indicator for other communities who are going through the same transition. I like posts like this as they share real experiences from people who took a chance, rather than simply theoretical ideas about what terrible things people think will happen when they make a change like this.

WordPress 4.7.5

On 16 May, WordPress 4.7.5 was released and it fixed six separate security issues that were present in v4.7.4. As always, most WordPress sites would have automatically updated, so¬†there isn’t much more to do here other than take note of¬†what was fixed in this release.

WordPress 4.8

With 9 June being the target release date for WordPress 4.8,¬†work¬†is well under way with many new features¬†having been completed and made available for testing. The release is now in the Release Candidate phase, which means that the proposed features are frozen and only fixes for existing work will be added in before v4.8 drops. It also means that the text strings in core are in soft freeze, so they are ready for translation,¬†which anyone¬†can contribute to here.¬†There’s a lot of exciting stuff coming out in this release, so I thought it was worth giving a bit of an overview and summary here. Aside from the general fixes, additional hooks and minor improvements that always go into a release like this (more on that here), these are a few of the significant features that we can all look forward to:

Nearby community events in the dashboard

WordPress 4.8 will¬†display WordPress events that are happening near your location alongside¬†the existing news widget. You can read more about that here¬†and here¬†– I’m very escited to see how this will help grow local communities.

New widgets

Adding any kind of markup or images to a sidebar widget has always been a pain in WordPress, but that is all set to change with two significant improvements Рfirstly, the current text widget is going to be enhanced with TinyMCE for a rich text editing experience and, secondly, new media widgets for adding images, videos, and audio files will be included. This will make adding rich content to sidebars far more practical and easy to accomplish.

Accessibility improvements

For the past couple of years, WordPress core has been steadily improving its accessibility with more and more features being made fully accessible. This trend is continuing in v4.8 with admin screen headings being improved as well as the ever popular tag cloud widget being given the correct HTML attributes for screen readers to make use of.

Responsive Customiser sidebar

If you’ve ever worked with the Customiser on a high¬†resolution display, you’ll know the pain of the sidebar being¬†so small that it’s almost unusable. In WordPress 4.8, however, that is set to change – the Customiser sidebar will now grow larger depending on the size of the display.

Editor improvements

Some great work has been done recently on improving the text editor in WordPress core and, while much of that work is not yet complete, part of it will be brought into WordPress 4.8. You can read more here and here (the second link being more technical in nature), but the most noticeable improvement will be the new link boundaries that allow you to see and edit your links for more easily while crafting your content.

Multisite improvements

Multisite users will be happy to know that there a number of improvements on the way in WordPress 4.8 – including new hooks, more refined capabilities and better network-specific controls.

Community Summit taking place next month

The regular-ish WordPress Community Summit will be taking place right before WordCamp Europe this year on 13 & 14 June in Paris. After each contribution team spent loads of time considering who to invite and making sure that everyone can attend, as well as discussing and selecting their topics for the day, all of this info was announced (attendees and topics) to keep the process as open and transparent as possible. The Summit is a safe place for people to discuss sensitive issues regarding their area of contribution to the WordPress project as well as for people to come together and make important decisions for the future of the project as a whole.

New JavaScript framework for core

There has been a lot of talk lately about JavaScript in WordPress core¬†– the current discussion is what JavaScript framework to use across all of the¬†WordPress codebase. This is a particularly important discussion as¬†it is a decision that will have a significant impact on core development for the foreseeable future.¬†The final decision has not yet been made, but the notes from this¬†week’s heated¬†JavaScript in core meeting¬†are somewhat telling, as well as a post from WP Tavern that covers much of the same ground and offers some additional perspective too. The two main frameworks being considered are React and Vue – both of which have their pros and cons. React is the one that is more clearly favoured by most of the core team and it is the one that is already being used by Gutenberg (the new text editor UI project), Calypso and the REST API. Those who do not favour React cite its high barrier to entry as well as the fact that it is owned by Facebook¬†as major stumbling blocks for a project like WordPress. Ultimately, it looks like the final decision on this will be made at the Community Summit and the WordCamp Europe Contributor Day.

It’s worth nothing that there has¬†also been a suggestion from various¬†people that WordPress should build its own JavaScript framework. While that idea has some merit, it is a distinctly¬†unlikely outcome given the huge time commitment it would involve.

New podcast hosting service for WordPress

As the original developer and owner of Seriously Simple Podcasting, I have a strong personal interest in this story of course, but it’s still objectively great news for podcasters using WordPress. The new owner of the plugin, Craig Hewitt of¬†Podcast Motor, has launched a companion service dubbed Seriously Simple Hosting¬†that aims to take the difficulty and complexity of podcast audio hosting. The service¬†seamlessly integrates with your WordPress dashboard and automatically pushes all of your podcast audio files to a central S3 instance for storage and streaming. With many people struggling with knowing how to store and manage their podcast files, this service essentially turns the plugin into a one-stop shop for all of your podcasting needs and arguably¬†the best solution for anyone wanting to use WordPress as a podcasting platform.

Plugins on

Earlier this month,¬†enabled the use of third-party plugins for all Business plan users. Even though there wasn’t¬†a formal announcement about the change, WP Tavern picked up on it. Aside from being a great thing for the service’s¬†users, this move really does change the nature of the offering and puts it¬†in more direct competition with regular managed WordPress hosts. It’s a great move and one that I’m sure will see some interesting developments in the near future.

Proposal for a WordPress community code of conduct

After spending plenty of time planning things out, a couple of active community members (initiated by Jenny Wong and Morten Rand-Hendriksen) have put together a proposal for a community-written code of conduct for the WordPress community as a whole. This would  not be the same as the code of conduct that is posted on WordCamp websites (although that would be the starting point for it), but rather a broader one for the community in its entirety that all members and contributors could reasonably agree to. This would obviously be a great thing to have in place as it would more readily define how members of the community should be interacting with each other and give everyone a framework for how to be a part of the large and ever growing community that is WordPress.

Further Reading:

True to form for this month, there’s a lot of additional content down here, so enjoy!

Any relevant stories that I missed? Any interesting articles from the past month that you feel are worth reading? Link them up in the comments!

Leave a Reply