WP Builds Newsletter #56 – WordPress 5.2 Beta 1, Elementor motion effects and security updates

WP Builds Newsletter #56 – WordPress 5.2 Beta 1, Elementor motion effects and security updates

This weeks WordPress news – Covering The Week Commencing 25th March 2019:

WordPress Core

WordPress 5.2 Beta 1 Released: Help Test New Blocks, Block Manager, and Improved Fatal Error Protection
“WordPress 5.2 beta 1 was released this evening with an exciting lineup of new user-facing features that are ready for testing. The upcoming release introduces new blocks for RSS, Search, Calendar, Tag Cloud, and Amazon Kindle embed…”
and this too…

How Will Gutenberg Phase 4 Impact Multilingual Solutions for WordPress?
“During the 2018 State of the Word address, Matt Mullenweg announced that Phase 4 of the Gutenberg project would be aimed at developing an official way for WordPress to support multilingual sites. There are no technical details available yet for what approach core will take, because it’s still in the experimental stage. The site building objectives in Phase 2 are currently the primary focus of the Gutenberg team…”

Premium WordPress hosting for everyone, small or large

Security

Announcing disallow pwned passwords
“Admins know it’s key that WordPress users have secure passwords to keep web security watertight. But do you know if your WordPress users are accessing your CMS with insecure ‘pwned’ passwords? And do you know the risk…?”

Stored XSS Patched in WordPress 5.1.1
“WordPress recently released an update, 5.1.1, which patches a stored XSS vulnerability in the platform’s comment system. Even 10 days after the release of this security patch, around 60% of all WordPress sites scanned by our services didn’t have this fix applied. We are not aware of any exploit attempts using the vulnerability currently…”

Recent Social Warfare Vulnerability Allowed Remote Code Execution
“In posts last week, we detailed a vulnerability in the Social Warfare plugin, and discussed the attack campaigns against it. These issues were reported widely as Cross Site Scripting (XSS) flaws, due to an unexpected disclosure and proof of concept released by an unnamed researcher. Our Threat Intelligence team quickly released a firewall rule to mitigate impact for our customers, and the plugin’s author issued a patch shortly thereafter. Attackers have issued persistent exploit attempts against this flaw, which are primarily connected to injected JavaScript redirect activity…”

WP Builds Deals Page - Find Deals on WordPress Plugins

Community

Gutenberg Cloud Team Advocates for Making WordPress.org’s New Block Directory a CMS-Agnostic Library
“Frontkom‘s presentation at WordCamp Nordic introduced the audience to the Gutenberg Cloud project, which allows developers to share JS-only blocks across CMS platforms. Marco Fernandes and Thor Andre Gretland, representatives of the 45-person agency based in Europe, are also part of the Drupal Gutenberg project that brings WordPress’ open source editor to Drupal via an optional module…”

A New WooCommerce Alternative – Hello BigCommerce
“WordPress is the most widely used content management system on the planet. In fact, it powers over one-third of all websites on the internet. In the past, if you wanted to incorporate an e-commerce store into your site, the most popular option was typically WooCommerce…”

Codecademy Launches New Free PHP Course
“Codecademy introduced a new free course today called Learn PHP. The company, which offers free coding courses, is rebuilding its PHP education after removing all of its PHP courses in 2017…”

New Gutenberg Playground Offers a Standalone Version of the Editor for Testing Outside the WordPress Admin
“The Gutenberg team merged a pull request three days ago that adds a local “playground” development environment for testing outside of the WordPress admin. Riad Benguella, the technical lead for Gutenberg phase 2, said that the playground could grow over time to contain “more than just a standalone version of the editor” and could become a way for developers to test out components in isolation…”

rtCamp Releases GitHub Actions for Automated Code Review, Deploying WordPress, and Slack Notifications
“rtCamp, a 60+ person agency and WordPress.com VIP service partner, has released three new GitHub Actions that handle automated code review, WordPress deployment, and Slack notifications. The PHPCS Code Review action takes advantage of GitHub’s pull request review feature. It performs an automated code review on pull requests using PHPCS. This Action is based on WordPress.com VIP’s GPL-licensed review scripts…”

Pantheon Launches Community and Advocacy Program for Drupal and WordPress
“Pantheon [] today announces the launch of the Pantheon Heroes Community. By helping some of the brightest minds in the Drupal and WordPress communities shine, Pantheon hopes to empower Open Web development…”

Plugins

MultiLive – Multiple Live Stream Broadcaster Plugin for WordPress
“MultiLive – Multiple Live Stream Broadcaster Plugin for WordPress is a streaming website live video streaming tool which allows you to go live on multiple streaming websites (even SIMULTANEOUSLY), with pre-recorded videos. You can go live directly on your streaming website’s channel, to increase views…”

Google Ads for WooCommerce
“Google Shopping Ads are the most effective way to advertise your Woo store and increase sales and revenue. In a few simple steps, generate a fully optimized Google Shopping Ads campaign. Select what categories you want to advertise and we automatically generate smart Google Shopping feeds, automate bidding to maximize your return on advertising spend, and measure conversions and sales for your marketing…”

Elementor motion effects
It’s a display of what the new motion effect in Elementor can do.

WP Builds

Automate your social postings using Social Web Suite with Tina Todorovic
“Do you post your content to multiple social platforms? If you do, I’m almost certain that this task is a little bit on the dull side. Is it isn’t it? It takes time and is repetitive. Social Web Suite is a WordPress plugin that hooks into your social media accounts just waiting for your to publish something. As soon as you do, it gets to work making the social media posting nightmare evaporate – it does it all for you. Check it out…”

Not WordPress, but useful anyway…

Ahrefs Announces Plan for New Search Engine
“Ahrefs CEO Dmitry Gerasimenko announced a plan to create a search engine that supports content creators and protects users privacy. Dmitry laid out his proposal for a more free and open web, one that rewards content creators directly from search revenue with a 90/10 split in favor of publishers…”

The WP Builds podcast is sponsored this week by…

Kinsta

We thanks them for their support of WP Builds.

Transcript (if available)

Read Full Transcript

Nathan Wrigley: 00:00 Hello there. Good morning and welcome to this. The WP Builds WordPress weekly newsletter number 56 this newsletter covers the WordPress news for the week commencing the 25th of March, 2019 and it was published on Monday the 1st of April, 2019 just before we begin, a couple of things I'd like to say if that's okay. First of all, if you could go to WP Builds.com forward slash. Subscribe. We've got a couple of forms on there. Number one is a form to get you updates about this, the weekly news and our podcast, which comes out on a Thursday and the other one is about getting on our alerts email, which is a plain text email which we'll send out to you as soon as we hear about deals on WordPress products. On that page. You can also subscribe to the podcast on Itunes, Google podcasts, and so on, and you can join our Facebook group youtube channel.

Nathan Wrigley: 00:55 You can get messenger updates and join our slack channel. The next URL is WP Builds.com forward slash webinars we've got a lifter LMS webinar. We've got a design class Webinar and we've also got an WP admin pages pro webinar. Go and sign up. If you don't show up on the day, we'll send you a recording. The next one is WP build.com forward slash contribute. If you've got something that you would like to share with us, I'll join you on a live video stream and we can share it to our community, something that you've done recently that you think is cool that you think is worthy of note. I'll happily do that with you. The next one is forward slash deals. If you go over to that page, you'll find a whole host of WordPress plugins with 20% off, 25% off and so on and so forth.

Nathan Wrigley: 01:43 There's a whole load over there, Project Huddle, Social Web Suite, Groundhogg if so, WP Ultimo and a whole bunch more main WP. So if you're thinking of buying a plugin bonnet, check out that page to see if it's on offer there. And lastly, WP Builds.com forward slash advertise. We really do enjoy working with our advertisers to promote their products and services. We've got banner ads and audio ads and fill out the form and hopefully we can get you on the podcast and get your product or service noticed.

Nathan Wrigley: 02:14 Speaking of which the WP Builds newsletter is brought to you today by Kinsta are you tired of unreliable or slow hosting? If so, check out Kinsta who takes managed WordPress hosting to the next level powered by the Google cloud platform. All their plans include PHP seven ssh and 24 seven experts support migrate today for free at Kinsta Dot Com and we do sincerely thank Insta for their support of the WP Builds podcast.

Nathan Wrigley: 02:44 Okay, let's get stuck into the news proper. The first few articles come under the title of WordPress core. This on the WP tavern website entitled WordPress 5.2 Beta one released help test new blocks, block manager and improved fatal error protection. Well, we're up to 5.2 Beta one and we need some testing done because we've got some new blocks. The RSS Block, the search bloc calendar tag cloud and rather strangely I think the Amazon kindle embed block, they need testing out for this Beta release. Also we've got the ability within the block manager to organize your blocks because there are so many blocks. All the things are blocks that it can become a little bit untidy and so now we've got the ability to nest certain blocks underneath parent blocks so that you click on one and many more are revealed and a little dropdown. Also, the fatal error protection, which I've been mentioning was targeted for 5.1 is now been put into the Beta for 5.2 because of some security updates that needed to be done and also now developers can say what the minimum PHP version is for their plugins and so on and so forth, so very nice release if you're into testing that, that's worth checking out if not to wait for a few days and usual get this as 5.2 proper.

Nathan Wrigley: 04:07 Okay. The next one is also on the WP tavern website. It's entitled how will Gutenberg Phase Four impact multilingual solutions for WordPress during the state of the word in 2018 Matt Mullenweg said that multilingual sites was going to be phase four of Gutenberg. That's mooted for 2020 at the moment, you're going to be using a whole variety of different rival plugins to achieve multilingual functionality. Well, that's going to be put into core in phase four of Gutenberg. And this article is from, well it's written by Sarah Gooding, but it's the opinions of Robert Windage who is the c I o of inside, which is a agency in Germany and they've got the multilingual press plugin and it's all about his thoughts on what this is going to do. He's fairly bullish. He's thinking that in the same way that Gutenberg didn't kill off a page builders, perhaps the multilingual site functionality in Gutenberg won't be killing off multilingual plugins because it won't do everything.

Nathan Wrigley: 05:13 So if that's your thing, go and check that article out. The next couple of articles come under the banner of security and over on the itinerary Stock Co. Dot. UK website too. You'll find an article entitled announcing disallow pawned passwords. You probably know that hackers have been stealing passwords for the longest time. And you might also know that there is a database put together by various, uh, white hat security experts who have decided that it would be good idea if all of those passwords were available to the public if they're prepared to jump through the hoops of retrieving them. So that in the future if you sign up to various services, uh, you could call via an API this password database and see if a password has been used elsewhere. Now the idea really with passwords is that their absolute pseudo random noise, you know, you're not writing monkey one, two, three.

Nathan Wrigley: 06:08 It's just a whole load of jibberish. And if it's Jibberish in theory that should never have appeared as a password in a leak anywhere else before. So this database has been put together and the idea of being with a new plugin, um, you'll be able to check out whether or not to passwords have been used before and then prevent people from using those passwords. Obviously it's a good idea. It prevents your site potentially from being hacked because if the password is in use, quite likely it might be associated with an email address and therefore you might be under attack and somebody might be able to get into your WordPress website. So this plugin, the alerts, the user that this password has been used before and prevents them using it and it also works with WooCommerce and I think it's quite a nice initiative in all honesty.

Nathan Wrigley: 06:58 I can see this being quite a useful tick box in core to switch on or off. I can't see any downside to it at least. Anyway, so there we go. Nice new plugin. The next one is on the security.net blog and it's called story x s s patched in WordPress 5.1 0.1 and it says WordPress recently released an update 5.1 0.1 which packaged a stored xss vulnerability in the platforms comment system. Even 10 days after the release of this security patch, around 60% of all WordPress sites scanned by our services didn't have this fixed supplied. It's not being exploited in the wild, but it is something which you should be aware of. This website goes into the details of what's can happen and you know how it can be, um, how it can be leveraged. What I would say as always is go and update your WordPress website, but if security is your thing, this is possibly worth reading.

Nathan Wrigley: 07:55 Okay. The next one also under the banner of security last week we mentioned the social warfare vulnerability. Well, the word fence guys have come out with a new article because it would appear that the vulnerability was slightly deeper than they originally thought. Although they knew about it and created, um, a firewall rule in their, in their premium product, they didn't release it into the wild because they hadn't noticed any behavior actually leveraging the exploit. But the article goes on to say that somebody else discovered it and notified the public about it. And so they disclosed what they'd found out. If you use Wordfence, you are secure. If not, then update the plugin because the plugin update did actually fix this entire problem again. But it appeared that the, there were two attacks leveraged against this plugin, not just one attack, as was previously thought. As always the advice, go and update everything as soon as possible.

Nathan Wrigley: 08:57 So there we go. That's the end of the security section. Now we're on to community. This one comes on the WP tavern website. It's entitled Gutenberg Cloud team advocates for WordPress.org is new block directory, a CMS agnostic library. Well, a little while ago we talked about this thing called Gutenberg cloud, which is a project which is CMS agnostic. We idea is that it's going to be usable by people, for example, in Drupal and people in WordPress. On the Drupal side of things, it would appear that the Drupal module has been downloaded 9,000 times. Whereas on the WordPress side of things, it would appear it's only been downloaded and in use about a hundred times. So perhaps not so popular with the WordPress crowd as it is with the Drupal clap crowd. But the idea is that there'll be this cloud resource of blocks that you'll be able to use. And this article goes into the, the theory behind that, how the, how the progress is going and um, and if this interests you and it really does deeply interests me.

Nathan Wrigley: 10:03 I can't see, I can't see a downside of, of developing this cross platform then this article might be worth looking at. Okay. This one probably not news to you, but I'm not really a big ecommerce website builder, but I know that there is WooCommerce clearly. And I know that there's a whole bunch of rivals and this article on the WooCommerce dot com website talks about a big commerce, which although I've heard of it plenty of times before, I've never actually used. And what it does is it lays out in, in quite lengthy detail the pros and the cons of using big commerce as opposed to WooCommerce. Now we all know what they are. You know, the, the big commerce side of things is SaaS. So that side of stuff is taken care of and it's automatically updated, but it's not free. And it's not something that you can tinker with the code.

Nathan Wrigley: 10:51 So there are ups and there are downs. But if you are in the position of toying with building a, an ecommerce website and you think that big commerce might be a good alternative to WooCommerce, this article might be worth looking at because it, it paints a fairly lengthy picture of everything that's going on. The next piece is entitled Codecademy launches, new free PHP costs. You'll find this on the WP tavern website. Apparently Codecademy introduced a whole load of PHP courses and then pulled them all in 2017 when they thought that PHP was on the wane and then it's popularity was being overtaken by other things, Java script and so on and so forth. But it would appear that perhaps PHB is having a bit of a resurgence. It's now cording to read monks 2019 language rankings. It's number four in the, in the most desirable language to learn behind Java script, Java and Python.

Nathan Wrigley: 11:53 And so as a result, Codecademy have got a whole new series of learn PHP videos, which you can access. So if PHP is something for you, you're just starting out with it, then this could be a good thing for you to go and check out. Okay. Then last one underneath community is entitled New Gutenberg playground off as a standalone version of the editor for testing outside of the WordPress admin. The article talks about the fact that there's now a stand alone version of the Gutenberg editor and it they speak to Riyadh Benguela, who was the technical lead for Gutenberg Phase Two, and he discusses what's the purpose of having a standalone version of Gutenberg. And he says, now that we're expanding the uses of Gutenberg outside of the edit post and also talking about cross CMS usage and external usage. In the broad sense, we need a way to run the block editor in a context independent way from the WP admin.

Nathan Wrigley: 12:55 This means no WordPress admin styles, no API. This playground could evolve to contain examples of our reusable components. Think storybook. It could also serve as a contributor tool. For example, we could include a way to search for selectors. So there you go. If you have been playing extensively and you want to see how Gutenberg can be used without the WP Admin, that might be worth checking out. Go and have a look for that project. Okay, next up we've got rtcamp releases get top actions for Automated Code Review, deploying WordPress and slack notifications. RtCamp, which is a large agency and with WordPress.com VIP service partner has released three new guitar get hub actions that handle automated code review, WordPress deployment, and slack notifications. The PHP CSS Code Review Action takes advantage of get hubs pull request feature. It performs an automated code review on pull requests using PHP CS. The deploy WordPress get hub action uses the deployer.org tool to deploy code changes using it requires you'll get repo to match our rtcamp WordPress skeleton, which is very similar to the VIP go skeleton and finally rtcamp has also released a get hub action called slack.

Nathan Wrigley: 14:13 Notify that sends a message to a slack channel. It can be customized to notify a channel about deployment status. If any of that sound useful to you, go check out the article. On WP tavern and finally in this section we've got an article on the global newswire.com website, which is a PR release websites, so you know, take this language and the pinch of Salt Pantheon launches, community and advocacy program for Drupal and WordPress. Well, drew pantheon is a platform for Drupal and WordPress and today they announced this initiative called Patheon heroes. It, the idea is to help the brightest minds in Drupal and WordPress community shine to empower open web development. The program will create a repository of Drupal and WordPress best practices and create content to help developers be successful in these communities. If you are and consider yourself to be one of the brightest minds in the WordPress and Drupal space, this might be worth checking out because there might be some, some assistance and help in there for you.

Nathan Wrigley: 15:13 Okay. The next few come under the banner of plugins. This is of interest. I'm going to be very brief about this one. It's a Code Canyon, a plugin. It's called multi live and I only came across it this week. It just got very limited use case. But if like me, you do live streaming, this multi live plugin will enable you to do all of that inside of WordPress with videos that you've already created. I'm not going to say much more except that there's a new thing over at WooCommerce. They've got this new plugin called Google ads for WooCommerce. It says Google shopping ads are the most effective way to advertise your Woo store increased sales and revenue and a few simple steps generates a fully optimized Google shopping ads campaigns. Select what categories you want to advertise and we'll automatically generates smart Google shopping feeds, automate bidding to maximize your return on advertising spend and measure conversions and sales for your marketing.

Nathan Wrigley: 16:09 So dead simple. You start building a campaign, a campaign, you select the geographical area that you want to target. You select the store category that you want to advertise, stick in a budget and purchase the campaign and everything else is done automatically for you. And as you probably know, Google ads can be very effective, especially in the shopping area. And lastly under plugins, we've got elemental who this week have introduced their motion effects. If you click on the link that I've got in the show notes, you'll be taken to a webpage, which is, I don't really know how to describe it. It's just loads of animation based upon like a theme of being in space and it shows you what you can do if you have elemental motion effects going on, you can make things move around with scroll. It's very impressive. I don't know that I would want to put this into the hands of my clients, but if you have a need for this dramatic kind of effect, it's certainly worth checking out an element or users you'll, you'll just be getting this bundled in.

Nathan Wrigley: 17:10 So that's quite nice. Very, very tasty looking stuff indeed. But I would say use with caution. Okay. Over on the WP Builds website this week we had Tina Todorovich talking about her social web suite plugin. Um, it allows you to automate the posting of content to Twitter and Facebook and all these other platforms when you press publish in WordPress. Very cool. We also did a Webinar with her. So if that kind of thing is your thing, you're a content creator and you need to publish updates to multiple channels that might be worth checking out. And finally, just before we leave, not WordPress but useful anyway, ahrefs announces a plan for a new search engine. This is interesting, I would imagine this is doomed to failure, but the CEO of h Ref, so search engine journal tells us has decided that Google is scraping far too much content to put in their search engine pages.

Nathan Wrigley: 18:09 So much so that sometimes you don't even need to go to the page itself because all the information that you need is presented on the search engine results page. So he's decided that he's going to build a new search engine which will actually share revenues and a 90 10 split with publishers. It's a lovely idea, but the problem is it's all about creators, isn't it? It's designed for creators, not for end users. And I would imagine in all honesty that end users are very happy with the fact that they can go to the search engine results pages. And see all of this, the stuff that they need right there and don't need to click through, so perhaps doomed to failure, but nevertheless interesting that somebody is identified this problem. Okie dokie. That's the end of the news today.

Nathan Wrigley: 18:54 The WP Builds a newsletter was brought to you by Kinsta, takes managed WordPress hosting to the next level, powered by the Google cloud platform. Your site is secured like Fort Knox and runs on speed obsessive architecture. You get access to the latest software and developer tools such as PHP seven ssh and staging environments, and the best part, their expert team of WordPress engineers are available 24 seven. If you need help, you can migrate today for free at Kinsta Dot Com and we thank Insta for their support of the WP Builds podcast.

Nathan Wrigley: 19:30 Thanks for tuning in once more. Really appreciate it. Join us again on Thursday for the regular podcast and go to the webinars page and join up with one of our webinars. That will be great. I don't know if you heard, but just just as I was reading out the kids to run, then a, uh, World War Two fighter plane flew past my window really low, really loud. I don't know if you've heard that, but it was quite, it was quite a pleasure to watch in all honesty. I enjoyed that. Right. That's it. Bye Bye for now.

RECOMMENDED STUFF

These are affiliate links and the small amount of income we derive from affiliate income allows us to pay the bills and keep the lights on

SUBSCRIBE TO GET DEAL UPDATES

WP Builds WordPress Podcast

Join us on

SUBSCRIBE TO OUR

NEWSLETTER

WP Builds Podcast

WELCOME,

Enjoy luxury, exclusivity and discretion

NOW TREAT YOURSELF!

Get 25% Off & Free Shipping On Your First Order. Enter Code WELL25SPE