With WordCamp Europe coming up in June, as well as the Community Summit and the release of WordPress 4.8, there is a lot happening in the WordPress world that is leading up to all of that. This has made May a particularly busy month, so there’s a lot to read through and catch up on from most areas of the WordPress project. I can guarantee you that it is all super interesting and well worth reading 🙂
Security issue, HackerOne and bug bounties
After a security issue regarding the password reset email function in WordPress was uncovered, the WordPress security team stated that, due to this issue only appearing on a relatively specific server infrastructure, the issue would be fixed in a future release. Shortly after all this came to light, it was coincidentally announced that WordPress is now included on the popular bug hunting platform, HackerOne. HackerOne is a platform for security researchers to responsibly disclose security concerns to the relevant team and you can find the WordPress page for it here. To make it even more enticing for people to find and report security issues, the WordPress team are also offering bug bounties (i.e. cash payouts) to people who safely and effectively disclose issues to the security team. This is a big step forward for WordPress security as it means that more people will be able to work on fixing security issues (and be motivated to do so), which will allow for much faster iteration when it comes to patching bugs that could pose security threats.
Reflecting on a WordCamp name change
The general rule for WordCamps is that they must be city-based and not country-based, with regional camps like Europe and US being notable exceptions for a number of reasons. Unfortunately, due to flexible implementation of this rule in the past, there have been a few country-wide WordCamps occurring regularly. Those camps are now being brought in line with the rest of the global community and some organisers have taken issue with that fact. One community that did originally take issue with it, and had plenty of fears of how their WordCamp would be affected, are the team behind WordCamp Helsinki (formerly WordCamp Finland). After their recent WordCamp, one of the organisers wrote a reflective post highlighting their major concerns with changing the name of the WordCamp and how fearful they were of the change. The post went on to say how much of a success the first WordCamp Helsinki was – something that is a very positive and hopeful indicator for other communities who are going through the same transition. I like posts like this as they share real experiences from people who took a chance, rather than simply theoretical ideas about what terrible things people think will happen when they make a change like this.
WordPress 4.7.5
On 16 May, WordPress 4.7.5 was released and it fixed six separate security issues that were present in v4.7.4. As always, most WordPress sites would have automatically updated, so there isn’t much more to do here other than take note of what was fixed in this release.
WordPress 4.8
With 9 June being the target release date for WordPress 4.8, work is well under way with many new features having been completed and made available for testing. The release is now in the Release Candidate phase, which means that the proposed features are frozen and only fixes for existing work will be added in before v4.8 drops. It also means that the text strings in core are in soft freeze, so they are ready for translation, which anyone can contribute to here. There’s a lot of exciting stuff coming out in this release, so I thought it was worth giving a bit of an overview and summary here. Aside from the general fixes, additional hooks and minor improvements that always go into a release like this (more on that here), these are a few of the significant features that we can all look forward to:
Nearby community events in the dashboard
WordPress 4.8 will display WordPress events that are happening near your location alongside the existing news widget. You can read more about that here and here – I’m very escited to see how this will help grow local communities.
New widgets
Adding any kind of markup or images to a sidebar widget has always been a pain in WordPress, but that is all set to change with two significant improvements – firstly, the current text widget is going to be enhanced with TinyMCE for a rich text editing experience and, secondly, new media widgets for adding images, videos, and audio files will be included. This will make adding rich content to sidebars far more practical and easy to accomplish.
Accessibility improvements
For the past couple of years, WordPress core has been steadily improving its accessibility with more and more features being made fully accessible. This trend is continuing in v4.8 with admin screen headings being improved as well as the ever popular tag cloud widget being given the correct HTML attributes for screen readers to make use of.
Responsive Customiser sidebar
If you’ve ever worked with the Customiser on a high resolution display, you’ll know the pain of the sidebar being so small that it’s almost unusable. In WordPress 4.8, however, that is set to change – the Customiser sidebar will now grow larger depending on the size of the display.
Editor improvements
Some great work has been done recently on improving the text editor in WordPress core and, while much of that work is not yet complete, part of it will be brought into WordPress 4.8. You can read more here and here (the second link being more technical in nature), but the most noticeable improvement will be the new link boundaries that allow you to see and edit your links for more easily while crafting your content.
Multisite improvements
Multisite users will be happy to know that there a number of improvements on the way in WordPress 4.8 – including new hooks, more refined capabilities and better network-specific controls.
Community Summit taking place next month
The regular-ish WordPress Community Summit will be taking place right before WordCamp Europe this year on 13 & 14 June in Paris. After each contribution team spent loads of time considering who to invite and making sure that everyone can attend, as well as discussing and selecting their topics for the day, all of this info was announced (attendees and topics) to keep the process as open and transparent as possible. The Summit is a safe place for people to discuss sensitive issues regarding their area of contribution to the WordPress project as well as for people to come together and make important decisions for the future of the project as a whole.
New JavaScript framework for core
There has been a lot of talk lately about JavaScript in WordPress core – the current discussion is what JavaScript framework to use across all of the WordPress codebase. This is a particularly important discussion as it is a decision that will have a significant impact on core development for the foreseeable future. The final decision has not yet been made, but the notes from this week’s heated JavaScript in core meeting are somewhat telling, as well as a post from WP Tavern that covers much of the same ground and offers some additional perspective too. The two main frameworks being considered are React and Vue – both of which have their pros and cons. React is the one that is more clearly favoured by most of the core team and it is the one that is already being used by Gutenberg (the new text editor UI project), Calypso and the REST API. Those who do not favour React cite its high barrier to entry as well as the fact that it is owned by Facebook as major stumbling blocks for a project like WordPress. Ultimately, it looks like the final decision on this will be made at the Community Summit and the WordCamp Europe Contributor Day.
It’s worth nothing that there has also been a suggestion from various people that WordPress should build its own JavaScript framework. While that idea has some merit, it is a distinctly unlikely outcome given the huge time commitment it would involve.
New podcast hosting service for WordPress
As the original developer and owner of Seriously Simple Podcasting, I have a strong personal interest in this story of course, but it’s still objectively great news for podcasters using WordPress. The new owner of the plugin, Craig Hewitt of Podcast Motor, has launched a companion service dubbed Seriously Simple Hosting that aims to take the difficulty and complexity of podcast audio hosting. The service seamlessly integrates with your WordPress dashboard and automatically pushes all of your podcast audio files to a central S3 instance for storage and streaming. With many people struggling with knowing how to store and manage their podcast files, this service essentially turns the plugin into a one-stop shop for all of your podcasting needs and arguably the best solution for anyone wanting to use WordPress as a podcasting platform.
Plugins on WordPress.com
Earlier this month, WordPress.com enabled the use of third-party plugins for all Business plan users. Even though there wasn’t a formal announcement about the change, WP Tavern picked up on it. Aside from being a great thing for the service’s users, this move really does change the nature of the WordPress.com offering and puts it in more direct competition with regular managed WordPress hosts. It’s a great move and one that I’m sure will see some interesting developments in the near future.
Proposal for a WordPress community code of conduct
After spending plenty of time planning things out, a couple of active community members (initiated by Jenny Wong and Morten Rand-Hendriksen) have put together a proposal for a community-written code of conduct for the WordPress community as a whole. This would not be the same as the code of conduct that is posted on WordCamp websites (although that would be the starting point for it), but rather a broader one for the community in its entirety that all members and contributors could reasonably agree to. This would obviously be a great thing to have in place as it would more readily define how members of the community should be interacting with each other and give everyone a framework for how to be a part of the large and ever growing community that is WordPress.
Further Reading:
True to form for this month, there’s a lot of additional content down here, so enjoy!
- Eric Mann has started a fresh (and surprisingly healthy) discussion about the differences & conflicts between WordPress and WordPress.com – Matt Mullenweg weighed in with a balanced and informative comment that helped to inform both sides of the discussion.
- Hasty is new service that generates code snippets for WordPress.
- WordPress Core will no longer be supporting HHVM infrastructures and users are encouraged to use PHP 7+ instead.
- Human Made’s Out of Office remote conference-type event took place on 30 May and was, by all acocunts, a success.
- The team behind the popular WordPress security plugin, WordFence, have released a free scanner for malware and security threats on websites called Gravityscan.
- Leo Gopal, a Cape Town WordPress community member, has launched WPHugs – a site focussed on helping WordPress professionals with their mental health and emotional well-being.
- Brian Krogsgard has announced the details for the second Post Status Publish event.
- The WordCamp Europe team is working on making their WordCamp theme into one that can be used by any other WordCamp – I really like this way of giving back to the community as it’s natural, organic and based on actual work that has already been done.
- Human Made released their employee handbook for public reading as a way of giving back and sharing their internal workings with the world.
- As of v4.8, WordPress core will no longer support the embedding of WMV and WMA files by default.
Any relevant stories that I missed? Any interesting articles from the past month that you feel are worth reading? Link them up in the comments!