This weeks WordPress news – Covering The Week Commencing 1st April 2019:
WordPress 5.2 to Make Gutenberg Block Editor Use Mandatory for All WordPress Sites
“Since its initial release in WordPress 5.0, WordPress fans have used the new Gutenberg block editor to publish billions of posts on millions of websites. Third-party developers have also latched onto that success to create hundreds of plugins and themes that further build on the power of Gutenberg…”
Minimum PHP Version update
“Beginning in WordPress 5.1, users running PHP versions below 5.6 have had a notification in their dashboard that includes information to help them update PHP. Since then, the WordPress stats have shown an increase in users on more recent versions of PHP…”
Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses
“In the days since we published that report, Pipdig has taken a series of increasingly questionable steps in their attempts to mitigate the fallout of their actions. Their team has issued baseless accusations that facts have been fabricated, collusion between their competitors had taken place, and that no wrongdoing of any sort had occurred…”
WordPress says iOS app bug exposed account tokens to third parties
“WordPress said it has fixed a bug in its iOS app that inadvertently exposed account tokens to third-party sites…”
Malware Campaigns Sharing Network Resources: r00ts.ninja
“We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the various malicious domains used in a recent WordPress plugin exploit wave…”
Automattic Launches Happy Tools Product Line for Distributed Teams
“Automattic has released Happy Schedule, the first in a new line of products called “Happy Tools,” created to solve problems for distributed teams. The products have grown out of internal tools that Automattic uses with its distributed team of more than 850 employees in 68 countries…”
WordCamp Asia Proposed for 2020 in Bangkok, Thailand
“The organizers of WordCamp Asia, a brand new regional WordCamp, have published a proposal for making Bangkok, Thailand, the host city for a 2-3 day event in early 2020. They are currently planning for February or March to avoid clashing with other regional WordCamps (WCEU, WCUS). The camp has been informally discussed since 2015 while organizers focused on growing new city-based WordCamps across the region…”
ProjectHuddle 3.2.0 Beta
“We are just wrapping on a slew of new features coming soon to ProjectHuddle! Here’s a summary of what’s in store: PDF Support, Multi-page PDFs, Zero Configuration, Versions Support, Mix PDFs and Images…”
Brizy – Keyboard Shortcuts are Here
“Starting today you’ll be creating client websites with Brizy even faster if that’s possible. We’ve added a bunch of keyboard shortcuts that will improve the speed you work with Brizy and make your life much easier when it comes to copy-pasting styles, duplicating content and more…”
Beaver Builder Updates
“Check out what’s new with Beaver Builder…”
Introducing Tour feature in the Hotspot module for Beaver Builder!
“Imagine you are Interior Designer and have wonderful case studies that you want to showcase on your site. Let’s say you have designed this beautiful interior for the hall and highlight every part of it along with some lines of information…”
Performance Improvements in WooCommerce 3.6 to Speed Up Stores
“Alongside the new product blocks available in WooCommerce 3.6, we made a series of performance improvements in the front and back end to speed up performance…”
and this article…
Jetpack Is Promoting Paid Upgrades on Plugin Search Screen, WordPress Plugin Team Says it “May be a Violation” of Directory Guidelines
“Yesterday the discussion surrounding Jetpack’s implementation of feature suggestions in the plugin search screen became heated after developers pointed out that Automattic is also using these suggestions to promote paid upgrades. You can test this by searching for “backups” where you find that Jetpack’s commercial offering takes the place of the first result, pushing all other results further down one slot…”
Is our marketing all wrong?
“When you sell your WordPress websites to your clients, do you push the logical or the emotional? Do you talk about technical details or how easy and beautiful it will be? It’s so easy to go down the route of the technical details, the SEO and caching that you’ll put in place – this will all be good, but maybe your clients want to hear about cool it’s going to look and how it’s going to make people stop and marvel at the design. David has a problem and we try to solve it…”
How Lifter LMS and WordPress can power your online course
“Have you ever wanted to launch your own online course? You’ve got something that you want to share with the world but did not know how to get started? In this live webinar replay the founder and CEO of LifterLMS will show you how you can use WordPress (the #1 system on the planet for creating websites) and LifterLMS to do just that…”
Not WordPress, but useful anyway…
Take your passwords everywhere – Firefox Lockbox
New password manager from Firefox
Sitting down for too long may be causing 70,000 UK deaths a year
“Extended sitting or lying down in daytime increases risk of heart disease, type 2 diabetes and cancer – and costs NHS £700m – says study…”
Transcript (if available)
These transcripts are created using software, so apologies if there are errors in them.
Nathan Wrigley: 00:00 Hello and welcome to this, the WP Builds newsletter number 57. It was published on Monday the 8th of April, 2019 and it covers the WordPress news for the week commencing the 1st of April, 2019. Just a couple of things before we begin head over to WP Builds.com forward slash subscribe, there's a couple of newsletters you can sign up for. Their one just alerts you that we've brought out this news on a Monday and it also will alert you to the podcast coming out on a Thursday. And there's also um, a deals form and I will send you a very short text based emails if I hear about a WordPress deal. You can also join us on iTunes or Google play music. There's also our Facebook group, youtube channels and so on and so forth. So yeah, if you're interested in finding out about what we do, go and check out forward slash subscribe forward slash deals to avail yourself of loads of deals.
Nathan Wrigley: 00:54 Lots and lots being added all the time. So if you're buying WordPress products, go and check that out. Forward slash of webinars. We've got a couple of webinars coming up this coming week. We've got Mor Cohen talking about design class io and how to, how to make beautiful websites simply and we've got our Arindo Duque talking about is WP admin pages pro, which is a WordPress plugin which enables you to modify the admin interface of WordPress with a page builder of your choice forward slash contribute. If you want to come and talk to me and we'll make a little youtube video about something that you've done in the WordPress space and finally WP build.com forward slash advertise if you would like to advertise on WP Builds. We've got audio inserts and we also have banner ads as well. And if you've got a product or a service and you'd like to see it mentioned on WP built and get it in front of a wider audience, feel free to go to that page.
Nathan Wrigley: 01:48 Forward slash advertise. Speaking of which today's newsletter is brought to you by Kinsta, are you tired of unreliable or slow hosting? If so, check out Kinsta who takes managed WordPress hosting to the next level? Powered by the Google cloud platform. All their plans include PHP seven ssh and 24 seven experts support migrate today for free at Kinsta Dot Com and we sincerely do thank Kinsta for their support of the WP Builds podcast. Okay, let's go to the news. We've got a couple under the banner of WordPress. Call it, start there. Now, bearing in mind it was April the first this week. This article is very interesting indeed. It's called WordPress 5.2 to make Gutenberg block editor use mandatory for all WordPress websites. It's on WP lift and yes, it tells the sad tale of the fact that after receiving so many stellar reviews in the WordPress.org Repo Gutenberg in 5.2 is going to become completely mandatory.
Nathan Wrigley: 02:54 Any trace of the classic editor will be a oblit... No, it's a, it's an April fool's joke, but I thought it was fun, so I've included it. No, thankfully it's not true, but I was suckered in, so I thought I'd include it here because it was just a bit of fun. Okay, let's get some real new, shall we? This is on the WordPress.org website. It's called minimum PHP version update. We talked about this, uh, over the last few weeks. PHP 5.6 0.2 is going to be the minimum. When WordPress 5.2 rolls out very, very soon, you will not be able to update WordPress if you have anything less than that. So for example, if you've got, oh I don't know, five point something, then it's simply not going to update. You won't be able to do it through the admin interface equally. You won't be able to do it by FTP and into your site.
Nathan Wrigley: 03:45 Just going to show a bit of a warning saying, look, sort yourself out, get yourself onto a modern version. And frankly, there's no excuse. Pretty much all hosting companies are following these guidelines and really we want you all on PHP 7.3. So if you've got any old stale sites lying around that you haven't used or updated for clients in a while, might be worth checking it out because they might be going hitting the button and figuring, Ooh, something's broken. I can't seem to update and I want to update so there we go. The next few items are under the banner of security and sadly it seems that the security section of this news bulletin just seems to get longer and longer. This is what I can only describe as a horrible article on the third offense website. It's called pin dig, update, dishonest denials, erased evidence and ongoing offenses.
Nathan Wrigley: 04:35 So there is a plugin called pin dig power pack or p3 for short. Now I won't really go into what's going on with that plug in and what he does, but essentially the authors of this plugin had done all sorts of really dodgy stuff. They'd included a kill switch in the plugin which would enable them to completely wipe your database and they weren't telling anybody about this, which is, I mean it's completely unconscionable. They also took the additional steps of removing all of the evidence of this from their bitbucket repo and kind of try to rewrite history because when they were found out doing this, they, they wanted to remove any evidence of it. Fortunately for us, people are taken screenshots and things, but they'd also installed within this plug in the ability to leverage people's websites too, to perpetrate denial of service attacks on their rivals.
Nathan Wrigley: 05:36 So my advice would be for the future, these people, I don't think it'd be trusted. If you've got this p3 plugin, I'm going to suggest get rid of it right away and don't go anywhere near anything that these guys do in the future. I think really they've, they've squirmed and obfuscated and replied fairly dishonest lead to the responses from Wordfence on. I don't think that to be trusted. If you're interested in this story and the kind of shenanigans that people can get up to and the dishonesty that can be perpetrated. There you go. I've got a bit hot under the collar that I didn't, I apologize about that, but that article really did annoy me. This next one is actually on the techcrunch website, but it's entitled WordPress says iOS app bug exposed account tokens to third parties. If you've been using the iOS WordPress app, then the way that it was fetching images from third party vendors for example, like flicker or something, it was releasing tokens which might have enabled somebody on flickers end to look at their logs and use your authentication tokens to log in without actually having to log in.
Nathan Wrigley: 06:43 So in other words, they could become the administrator and you use your sessions. It appears that the android app never suffered from this vulnerability and the, the precaution is just going to make sure that you've updated the android, sorry, the iOS app because it's been dealt with. But there we go. It just goes to show how difficult these things are. This next one is on the security.net website and it's all about, um, uh, a website called roots.ninja. It's zero zero ts.ninja and the article is talking about how these guys have leveraged the easy SMTP plugin vulnerability that happened several weeks ago to get themselves into people's websites and to upload their own scripts once they've become administrators. And then to start doing crypto jacking campaigns. It would appear that a couple of weeks ago coin hive went out of existence, which was a website which allowed you to monetize by doing things like mining Minero crypto coin that went out of existence because the business model no longer stacked up and it would appear that these guys are really lost, possibly a revenue stream from that.
Nathan Wrigley: 07:55 And so now they've decided to commandeer all sorts of other people's websites. But again, horrible. Um, lots and lots of lots and lots of security news. I apologize about it but there we go. The next few come under the banner of community. Now this felt like it was going to be an April fool's joke because automatic on the 1st of April this year announced something called happy tools and it all looked very, very jolly and happy and colorful and bright and happy tools are going to be a suite of things that automatic are going to release over the coming months, weeks to, to the community. Now these are going to be available to everybody. They're not specific to WordPress and the first happy tool is called happy shed. You'll automatic itself is a distributed company, 850 employees in 68 countries and they've put, put forward this tool which anybody can download, which enables you to shed, you'll all have your workforce into 15 minute blocks.
Nathan Wrigley: 08:54 So rather than all being in a UTC or you know, a time in the u s it just shows you the slots and it manages everything for you. I'm not entirely sure the, um, you know what the use case of this is outside of a distributed company. I don't think it probably has any, it's not free. It's $60 per month for 12 users. So we'll see what automatic bring out over the coming months. But uh, Matt Mullenweg certainly into his distributed companies and this seems like a way of monetizing the software that they've built for their internal teams. Okay. WordCamp Asia Proposes 2020 WordCamp in Bangkok, Thailand. Not a lot more to say really. The guys at WordCamp Asia, we've been running successful WordCamps for ages, have decided that they're going to run a two to three day event in early 2020 in Bangkok. I know that there's an awful lot of people who like to go on holiday to Thailand.
Nathan Wrigley: 09:55 So perhaps if you get your calendars right, this could be a new one for you. It's hopefully going to be organized so it doesn't interfere with some of the other larger WordCamps. For example, word can be you, but there we go. Lovely. More community news and a new WordCamp in that part of the world, right? There's loads and loads of little bits of plugging new. So I'm going to do these very, very quickly. The first one is to say that project huddle has got a new 3.2 0.0 Beta. They've got pdf support, you can put multipage PDFs in, you don't have to configure anything. Um, and they all works with their versioning system. So if you're using project huddle, they've got a nice new dashboard as well, but some significant updates largely surrounding pdf support, which might be important for you if you're using that to get feedback from your clients about their website.
Nathan Wrigley: 10:44 The next one is over on the breezy page builder website and it's all about the fact that they've released a whole bunch of shortcuts, keyboard shortcuts so that you can do a whole load of the actions that you would traditionally do with the mouse, with the keyboard. If this is your thing and you really enjoy keyboard shortcuts, you're going to be all over this. If you're a breezer user, they have lots of demonstrations, for example, you can highlight certain sections of the page and then you know command c and then Command v. You can duplicate things and essentially it's just a massive time saver. It looks like a really nice implementation. So if you using breezy and you're into keyboard shortcuts, this will be right up your street. Beaver builder, the page builder has updated a couple of days ago, just a couple of things. They've added a missing debounce dependency for the post grid module and they fixed an issue where deleting a global saved module affects the other globals in a layout.
Nathan Wrigley: 11:39 But speaking of beaver builder, the guys over at to brainstorm force who have ultimate add ons for beaver builder have come up with this lovely new hotspot tore module. Um, essentially you get an image, you put some little dots on it to highlight things in the image and now you can make a tall. So instead of it just being hotspots, which you've got to click on, you can play at all. So the first one is first and then the second and the third. And you can structure the order and you can have it so it auto plays or you click on icons to go from one to the next would be really good for, I think probably things like real estate websites where you want to point out certain parts of houses or possibly, I don't know, technical technical things like cars and things like that.
Nathan Wrigley: 12:21 So yeah, really interesting stuff. Couple of things. WooCommerce has been updated to 3.6. They're emphasizing the fact that there's lots of speed improvements or 62% improvement in the load time reduced overall low time by bypassing active work web books. Lots and lots of positive stuff there. Lots and lots of speed improvements, but seems to be a bit of a crisis in the community because the WP tavern have an article called WooCommerce 3.62 ad marketplace suggestions. Despite overwhelming negative feedback from the developer community seems that they're going to in blank spaces on a WooCommerce website, they're going to be putting in suggestions for marketplace products that you could buy. Now. Seems fine. Nobody asked for these suggestions. Maybe they should be limited to where WooCommerce settings are, but they're going to appear in all sorts of areas where, for example, where there's a blank product and you're going to be able to dismiss it and you've got to do it five times before it goes away, which is a bit infuriating for people, especially if you've built a website and handed over to a customer.
Nathan Wrigley: 13:31 You don't really want them going exploring a whole load of other things that they might then want to have, um, and get sort of disgruntled that they don't have certain features. But after a month it comes back again and you've got to do the five clicks again. So this seems, was this a mistake? Was this rolled out? Did this get put out? Just to see if it would annoy people? Nobody really knows, but there will be no doubt a plugin. There is a, an ad filter that you can apply, which gets rid of this thing permanently. No doubt somebody will write a plug into to get rid of this, but uh, it's annoyed. Certain people, speaking of annoying certain people, WP tavern, again, jet pack is promoting paid upgrades on plugging search screen WordPress plugin team say's it may be a violation of directory guidelines. Well, the article reads yesterday, the discussion surrounding jetpacks implementation of feature suggestions in the plugin search became heated after developers pointed out that Automattic is also using these suggestions to promote paid upgrades.
Nathan Wrigley: 14:34 So for example, if you go and perform a search for backups, then the jet pack, it's called jetpack backups and scanning will eclipse everything. It will come out absolutely first. And I don't really know where I stand on this. It feels like it's a bit inexcusable, feels a bit like what they're doing in the WooCommerce. They're pushing their own stuff. There's obviously money to be made in this, but again, don't know if this is intentional. I don't know if this is being, you know, was intended to be rolled out just for a little while to see what people's thoughts are, but you know, I'm not sure. I can't say that I think this stuff is particularly useful. I think better to let everybody have a of a first state, a shake of the stick and this seems like a little bit disingenuous. Let me know in the comments if you disagree with me, but go and read the article because there's a lot more in it than I've just mentioned.
Nathan Wrigley: 15:25 WP Builds news now. Couple of things. David and I did a podcast episode on Thursday, which is just called is our marketing all wrong. David has to make an advert and actual real life poster, which is going up in Palmers Green Tube station and he wanted to know if you know saying negative things in that advert. Like you've got an ugly website we can do better is is that a good thing? Is that good marketing or not? Because apparently most of us buy with our emotions, not with our head, heart overhead. The other thing that we did this week is we had a chat with Chris Badgett from lifter LMS and if you go to WP Build.com forward slash webinars and scroll down to the watch the replay section. You can find the replay that we did all about lifter LMS, how it works, what it does, what the options are, whole load of webinars that we've done now, so that's a growing collection.
Nathan Wrigley: 16:16 Very nice indeed. Okay. Not to WordPress, but useful anyway. If you're a Firefox user, they've got this new mobile app on android and the iOS platform called Firefox Lock Box. Basically it's a bit like a last pass. It'll keep your Firefox passwords on an app so that you can then auto fill them. It seems to be having mixed reviews, but if you're in the Firefox ecosystem and you like the idea of keeping everything within the Mozilla ecosystem, then this might be worth checking out. It's at the URL lockbox.firefox.com and the last one, this may come as a surprise, this is in the Guardian, which is a UK newspaper, and it says sitting down for too long, maybe causing 70,000 UK deaths a year. A remarkable statistic. I'm sure that we're all of us sitting down in our chairs for quite long periods of time.
Nathan Wrigley: 17:12 Maybe you're very good and go out and get plenty of exercise, maybe not. But in the UK, the, the thought is that people sitting in chairs doing their jobs and getting very little exercise. Not only is it causing the deaths of 70,000 people, but it's also costing the National Health Service 700 million pounds a year. Obviously this will be reflected, doesn't matter where you are with or in the UK or anywhere else. This is probably something as a, as a species that we need to address. We're more sedentary than ever. So when I finish recording this, I'm going to go and run around in my garden. I think you should stop this podcast right now and go and run around in the garden and come back when you finished because that is it's we have finished with the news. The WP Builds news was brought to you today by Kinsta.
Nathan Wrigley: 17:59 Kinsta, takes manage WordPress hosting to the next level powered by the Google cloud platform. Your site is secured like Fort Knox and runs on speed obsessive architecture. You get access to the latest software and developer tools such as PHP seven ssh and staging environments and the best part, their expert team of WordPress engineers are available 24 seven if you need help, you can migrate today for free at Kinsta dot com and we really, really do thank and stir for their support of the WP Builds podcast and newsletter. Right. Thank you very much for listening in. I hope you got something out of that. Please leave some comments. Go to the Facebook group and write something on the post. Let me know that you found it useful. That would be great. I always always liked to know whether people listen to this or not, and we'll see you on Thursday for the podcast, and if not, we'll catch you back here for the news next Monday. Bye Bye for now.