WP Builds Newsletter #63 – Gutenberg 5.7, Plugin updates and Windows Linux Kernel

WP Builds Newsletter #63 – Gutenberg 5.7, Plugin updates and Windows Linux Kernel

This weeks WordPress news – Covering The Week Commencing 13th May 2019:

WordPress Core

Gutenberg 5.7 Adds New Block Appender for Group and Columns Blocks

Site Health Tool Manager Provides A Convenient Way to Disable Unnecessary Site Health Check Tests

Premium WordPress hosting for everyone, small or large

Community

Follow Marcel on His Epic 465 mi. Trek on Foot to WordCamp Europe

HostCamp: An Unconference For Advancing the WordPress Infrastructure

Matt Mullenweg Launches New Blog and Podcast on Distributed Work

WP Builds Deals Page - Find Deals on WordPress Plugins

Speaking at Your First WordCamp? Here’s What You Need to Know!

Why WordSesh 2019 Is Worth Your Time

WordPress Translation Day 4 Successfully Hosts 77 Local Events in 35 Countries, Recruits 183 New Translators

Beaver Builder Forum

Security

Persistent Cross-site Scripting in WP Live Chat Support Plugin

WordPress Plugin Give – Stored XSS for Donors

Multiple Vulnerabilities in the WordPress Ultimate Member Plugin

Announcing 3 New Login Security Features

WordPress Vulnerability Roundup – Mid-May 2019

Plugins / Themes

Block building without JavaScript: Testing ACF, Block Lab, and Lazy Blocks

WP Engine Launches Cloudflare Stream Video Plugin For WordPress

How to Make Your Website Accessible With Elementor

Slack App for WooCommerce Reports: A Slack Slash Command That Goes Beyond Real-Time Events For Your WordPress Store

Storefront 2.5.0 Introduces a Custom, Block-Based Homepage

Yoast SEO 11.2: Schema enhancements and more

Instant IDE 1.5.0 Adds Next-Level Features And Refinements

Optimize Your Brizy Images With ShortPixel Native Integration

3 Cryptocurrency Wallet Plugins for WordPress

WP Builds

Getting content from clients – podcast

Not WordPress, but useful anyway…

Microsoft will ship a full Linux kernel in Windows 10

54% of Podcast Listeners Likely to Buy From Brands They Hear Advertised

Google Lets Users Shop Directly From Search, Images, and YouTube

Adobe Tells Users They Can Get Sued for Using Old Versions of Photoshop

San Francisco is first US city to ban facial recognition

Firefox send – simple file sharing

The WP Builds podcast is sponsored this week by…

Kinsta

We thanks them for their support of WP Builds.

Subscribe to the WP Builds YouTube Channel

Transcript (if available)

Read Full Transcript

Nathan Wrigley: 00:01 Hello there. Good morning and welcome to this, the WP builds weekly WordPress news letter. This is number 63 and it covers the news for the week commencing the 13th of May, 2019 and it was published on Monday the 20th of May, 2019 just a few very brief things before we begin. Head over to WP builds .com use the links at the top to navigate to some notable things. So for example, if you use the subscribe link, you'll be taken to our subscribe page. There's a couple of forms to fill out to get on some newsletters. You can use it to find our podcast on iTunes or Google podcasts. Join our Facebook group. We've got over 2000 members there now and we've got to our youtube channel as well where we just post everything. The other thing to mention is the WP builds deals page over at wpbuilds.com forward slash deals and if you're in the market for some plugins or themes, go and check it out there.

Nathan Wrigley: 00:56 You never know. We might have something for you. And the last one I suppose is WP builds .com forward slash advertise. If you would like to advertise your product or service on the podcast and get it noticed in front of a of a larger audience than you have at the moment, speaking of which this podcast was brought to you today by Kinsta, are you tired of unreliable or slow hosting? If so, check out can stow. Who takes managed WordPress hosting to the next level powered by the Google cloud platform? All their plans include PHP seven ssh and 24 seven experts support migrate today for free at Kinsta Dot Com and we do thank them for the supporting WP builds. Okay, we've got quite a lot of news today, so I will deal with things in a fairly brief manner because there's so many things to get through.

Nathan Wrigley: 01:48 The first few bits fall under the domain of WordPress core and the very first article this week is on WP tavern entitled Gutenberg Five Point Seven adds, new block append or for groups and column blocks. If you've been using the block editor, you'll know that you've got these group and column blocks and before you didn't really know how you could well essentially what kind of a block you were dealing with and now you've got a little tiny little thing which floats up next to the appender which is the plus button that you get in those blocks and it just says group upon it that that's all there is to that. Plus we've now got column blocks. Um, the same sort of feature has been added to those. Um, you've now got the ability to set the widths of those blocks with the little percentage with slider over to the right to, and apparently in coming releases we're going to have the ability to sort of drag the widths rather like you would find in a, in a page builder as well.

Nathan Wrigley: 02:43 Also good to know that in Gutenberg 5.7, you can now drag images onto image blocks just from the, the finder or windows explorer and it will update that image all in the background. And apparently in future releases we're going to have the capability to do this for audio, video files and so on and so forth. So there we go. Some nice features in Gutenberg, 5.7 the next one is called site health. Tool manager provides a convenient way to disable unnecessary site health check tests. And this again is on the WP tavern websites. When we got WordPress 5.2 last week, we have this new site health check and essentially it will run a batch of tests and give you some feedback. Well maybe some of those tests are not important to you and it would be nice to have a way to, to get rid of some of the tests that you don't want, especially if it pops up warnings, which might be something that would alarm a client even though there's absolutely no good reason for them to be alarmed.

Nathan Wrigley: 03:41 So this plugin allows you to do exactly that. Basically it's a series of tick boxes and so you can, you can untick checking for WordPress versions, untick checking for plugin versions, and the list goes right down. It's about 15 different items and that's all it does. The idea, the developer says basically, please don't use this if you're just trying to hide things from clients that you could update. And that's not the purpose of this. It's really to hide things where you've got a jolly good reason not to be showing it to clients. So anyway, I just thought that was quite a nice addition. The next section is called community. And the first article I want to draw your attention to is over on the Kinsta dot com website. It's called follow Marcel on his epic 465 mile trek on foot to WordCamp Europe. Well this is fascinating.

Nathan Wrigley: 04:30 We highlighted this story a little while back, but it's now underway. It started yesterday, the 19th of May, Marcel Bootsman, what a suitable name is going to be walking from um, the Netherlands to Berlin in time for WordCamp Europe. Essentially he's raising money, but if you go to the website, you can find out all about this initiative and there's a link near the bottom so that you can actually donate funds, uh, donate to WC. So great. I mean, just a nice and interesting quirky story about somebody's going the extra mile. Boom, boom. Okay. The next one is called host camp, an unconference for advancing the WordPress infrastructure on WP tavern. If you're in any way connected with a hosting company, this might be for you. It's happening directly before WordCamp in Europe. So it's in Berlin and it goes back to back. So you could attend this if you're a hosting company and then go straight onto WordCamp.

Nathan Wrigley: 05:26 Essentially it's for people who are really in the hosting industry because all of the talks are very specifically about that and, and it's an invite only thing. So you need to apply, get accepted and then turn up. Basically it's about the hosting industry, knocking their heads together and seeing if they can come up with innovations where, you know, opportunities to make the WordPress infrastructure better. Um, so you know, if that's you, this is worth looking at the next one, quirky. This one, Matt Mullenweg, the cofounder of WordPress has launched a new podcast on distributed work. I had to listen to the first two episodes. The first one is only a very short, it's basically saying this is what it is, and then I listened to the second one, um, which is along with the founder of, well, sorry, not the founder, the CEO of upwork, and he talks about basically distributed work, how they manage this at Automattic and what it is that they do and why distributed work might be the future.

Nathan Wrigley: 06:25 It's really interesting if you've got an agency in your encountering this problem, I would suggest this podcast might be one that you want to listen to just just for ideas about why there's value in it and in this case about how to go about finding employees. Okay. This next one is over th thewebdevedstudios.com website. I know that a few people who are listening to this are actually going to be speaking at WordCamps in the near future. This is an article simply entitled speaking at your first WordCamp. Here's what you need to know. I'm not going to go into it, but essentially if you're anxious about the kinds of things that you could talk about, this is a beautifully laid out article saying what kind of topics to cover, how to present it, how to deliver it, how to do the practice and so on and so forth.

Nathan Wrigley: 07:10 So I know that this is nervous point for some people. Speaking of WordCamp, there's a kind of rival to WordCamp. No rival is entirely the wrong word. There is word sash, which is an online version. And again, I know that people who listen to this will be speaking at that. Um, this is Tom McFarlin, tommcfarlin .com is his take on why going to word says is a good idea. It may be that you kind of passed this one by, because it's not a, in inverted commerce, proper WordCamp, you don't actually get to go. Well, he makes the exact opposite point. You know, there's loads of opportunities here to listen to great speakers. There's lots of opportunities provided on the platform for you to have the whole way tracks that you can chat to people. There's even an opportunity to get things like swag in the competitions that are running.

Nathan Wrigley: 07:56 I've signed up for it. It starts on the 22nd of May and I'm going to attend as many of the sessions as I can. I might even have it on in the background while I'm doing other things, but nevertheless, I just think this is fabulous. It's, you know, we live in this computer industry, why not put this together and why not support it? So yeah. Brilliant. Okay. We have translation days in WordPress. If you didn't know, and WP tavern in the article type entitled WordPress Translation Day for successfully how 77 local events in 35 countries recruits 183 new translators. Well, this article tells us basically exactly that. The last, the last day was translation day four. It was held a little maybe a week ago. And by the time you're listening to this and an awful lot of people contributed, it's really fascinating actually, the communities that turn up this article is quite long, largely because it's full of so many pictures because loads of people from different parts of the world have got together, hosted their own little event on their own collaboration, sitting a table together, and then contributed it back to the, the core of WordPress.

Nathan Wrigley: 08:59 And obviously as WordPress grows, we need to make sure that all the translations and all the new text strings are exactly as they should be in their local languages. They make particular mention of the fact that the Bhutan Group, they've got a new WordCamp coming up, and this was their sort of first contribution. So lovely, lovely, nice community spirit going on there. Speaking of communities, beaver builder have got quite a large community, but quite a while ago they decided to mothball their forum, but they've brought it back. So now it's no longer just the Facebook group. If you go to community dot WP beaver, builder.com they've got a new piece of forum software up and running and all of your beaver builder needs can be accessed to there. I think this is great. It's already getting quite a lot of action. Lots and lots of people posting lots and lots of content and it's a, I don't know what the platform that it's running on is, but it's very, very, very straightforward and simple to you.

Nathan Wrigley: 09:54 So if you're a beaver builder fan and you're running into problems, this might be a great first place to start. Next step, we've got the security section and we've got a few posts today from the security blog. I'm going to take the approach from now on when I deal with security that I'm not really going to try and explain the internal workings of the of the problem because essentially it takes too much time, but I'm just going to highlight what the problem is. So the first one is called persistent cross site scripting in WP live chat support plugin and it says during a routine research audit, how are for our security firewall? We discovered an off unauthenticated persistent cross site scripting effecting 60 plus thousand users of the WP live chat plugin. So basically this has been fixed. Go and fix it. And if you really want to know more because you've got sites running it, go to the security blog or click on the link that I've provided in the in the notes.

Nathan Wrigley: 10:51 The next one again on security WordPress plugin give stores xss s for donors. So give a WordPress plugin which allows users to set up a donation page on the website. Currently has 60,000 installs. We found a severe vulnerability which allows donors to inject arbitrary code on an administrative page. Again, it has been patched version 2.4 0.7 if you're using that plugin, go get it fixed right away. Another one on the security blog, they've had a busy week, multiple vulnerabilities in the WordPress ultimate member plugin, and it says this version 2.0 0.45 and lower is affected by multiple vulnerabilities. Among them is a critical vulnerability, allowing malicious users to read and delete your WP config file, which as you probably know can lead to complete takeover of your site. Again, it has been patched in version 2.0 0.46 which was released on the 10th of May. But just be mindful if you've got any recollection of that being installed anywhere, go and get it patched and announcing three new login security features.

Nathan Wrigley: 12:03 If you're a Wordfence user, they now have three new features. They've got a completely rebuilt two factor authentication feature. You know what that means? You basically have to enter a code often with something on your mobile phone. It will provide you with a code and you feed that back into the site. They've also got login page capture and improved XML RPC protection. So the the, some of this is rolled out to the free users. So the two factor authentication is available for free users. I'm not sure about the other two features, but basically they've hard their login protections. So go on update or it's probably updated automatically for you. And finally, this is one that I didn't know existed. This is the ithemes roundups so they do a monthly WordPress of vulnerability roundup, um, may not be monthly. It might be fortnight because of this one's titled Mid May, 2019 and it lists out a whole bunch of vulnerabilities that have been discovered during the last couple of weeks, including the ones that I've mentioned just now and some other ones, which I mentioned on previous week.

Nathan Wrigley: 13:07 So maybe if you click on that link, you could probably subscribe in some way to that feed and keep yourself abreast of the security news in WordPress. The next section is entitled the plugins and themes, and there's a fair few bits of information in here, so we'll rip through these as quickly as we can. Last week we talked about Elliot Condons, ACF version 5.8 which enables you with PHP and a little bit of copying and pasting of some code to create your own blocks. Well, on the WP tavern website, we've got an article today which compares three different ways of doing it. It compares ACF block lab and lazy blocks and basically it's, they're trying to achieve the same task with these three different plugins and it explains how you do it in each case and what the, what the customization capabilities are. Um, and you can then make up your own mind about which one you want to pursue.

Nathan Wrigley: 13:59 So it's a really nice article if you're getting into making blocks without deep knowledge of javascript WP engine on their site this week, how I've launched a new plugin, it's entitled WP engine launches, cloudflare stream video plugin for WordPress. I did not know that cloudflare had a streaming video platform. It's called cloudflare stream. While they do, and apparently quite a few people have started to use it. Obviously, you know, this is the sort of thing, if you are not not prepared to put up with youtube adverts and related posts that come after a youtube video is finished, you can host it somewhere and stream it, but it's probably not a good idea to do it on your own infrastructure unless you really know what you're doing. So WP engine have joined forces with cloudflare to make it so that you've got a plug into enable all of this to happen seamlessly.

Nathan Wrigley: 14:51 If that sounds like your thing, go check it out. The next one is on the element or.com website and I just found this to be a useful article. It's called how to make your website accessible with elemental. Obviously in this day and age we're trying to make things as accessible as possible, so this article shows how you can do that in lementor or and just gives you some guidance if that's confusing to you. So it talks about things like font sizes and font families, proper color contrast. It talks about image alt attributes and a r I a labels, semantic html, five elements and all of that good stuff and basically just shows you how you can do all of that with the elemental Ui. So really nice. The next one is all about creating your own slack app for WooCommerce reports. It's over on the deliciousbrains .com websites.

Nathan Wrigley: 15:42 If you, you slack, then you'll probably know that you can do forward slash something. You can create your own commands to do certain things. Well this article is a tutorial on how you can get to WooCommerce to integrate with your slack, how to build automation so that a lot of the things that will commerce does not just, you've got a sale but a whole bunch of other stuff. How you can build that so that slack will uh, you know, keep you informed. It's absolutely fascinating and you know, if you're a woo commerce user and you are hanging out in slack all the time, this might be something that you could, you could possibly offer this to your clients as well. Okay. The next one is a very brief update to the storefront theme, which is the woo commerce flagship theme. They've rolled over to version 2.5 and the WP tavern article tells us about this.

Nathan Wrigley: 16:34 Basically it's just a minor release but it's, it's got a few little minor updates, which I'm not going to go into. But as with always with ecommerce websites, do make sure that you've tested things. And they say that there are a few discrepancies with our full width templates are displayed. So just preview things before you roll into live. Yoast has also updated this week. They're now on Yoast SEO 11.2 schemer enhancements and more. Um, the takeaways of this are they've made image improvements. They made it so that you can tailor the Schema output and that's about it really. It's a little minor release but it's 11.2 again, probably just check before you update, but there's a, there's an update waiting for you as there is for instant ide. Instant ide is a PHP based id that you install in the, the root of your web server and it allows you to interact with all the files are in your WordPress installation.

Nathan Wrigley: 17:34 It means that you could, I don't know, for example, you could carry around a chrome book and do all of your id work directly from Your own infrastructure, which is quite nice. The updates include a live file tree view of folder feature complete save a state functionality and resizeable windows amongst some other things. But if you're an instant id user than a yeah, go get it updated. Very nice improvements, more improvements to the Brizy page builder. They've now integrated with the short Pixel SaaS App so that when you upload images you can have them, um, squashed and corrected so that they don't use too much space. This is a great choice. I think short pixel is a great service and it will squash your images on their infrastructure, put them back into the media library. But until now you weren't able to do this natively in Brizy and now you can.

Nathan Wrigley: 18:31 So if you upload images into Brizy, so long as you filled out your short Pixel Api keys, you can now do all that in Brizy natively. Also they've got rid of their random image names so that they're more SEO friendly as well. So some nice little minor improvements. They're throwing this one in just as a bit of a curve ball. I never use cryptocurrency, I've never really bought anything with it. But if you are increasingly getting into cryptocurrency, here are three cryptocurrency wallets plugins for WordPress. This is on the WPsolver .com website. And it allows you to make payments, take payments and so on, and there's three rivals to choose from. So it's just fascinating stuff. Okay. One thing from me on the WP Builds .com website, we did a podcast number 128 this week called getting content from clients. It was David and I having a chat about how we get content or don't, as the case may be on our clients from our clients, all the things that we've tried in the past and things that we might try in the future.

Nathan Wrigley: 19:35 I would say f from the WP builds point of view that we put these news episodes out now on a Monday at two o'clock in the afternoon we do a live summation of what's what's been spoken of in this news article. And this week I'm going to be joined by Paul Lacey veto power leg and Chris budget. So that's at 2:00 PM UK time on the, well, Monday the 20th of May. So if you want to join us, hang out in the Facebook group or go to the youtube channel and you should be seeing it streamed live. Okay. The last little section is entitled, not WordPress, but useful. Anyway. The first one appears on the verge.com and it says Microsoft, we'll ship a full Linux kernel in windows 10 and goodness me, I mean I'm just falling off my chair. They're going to ship a full open source version of the Linux kernel including um, updates via Microsoft update channels, um, from now.

Nathan Wrigley: 20:36 So quite amazing. I mean, obviously if you realize what the capabilities are for this, it's very impressive and kind of feels like a new Microsoft. They've also announced a windows terminal today. A new command line up for windows is designed to be the central location for access to environments like powershell command and the windows subsystem for Linux or w s l. So, wow, great news for great news I should say for open source advocates. Here's an interesting one. This is the search engine journal telling us that 54% of podcast listeners are likely to buy from brands they hear advertised. It's, uh, an interesting article because it basically, if you're listening to a podcast by choice, you've, you've given some level of trust over to that podcast. And if there are adverts on that podcast, the likely location for you is your at home and you're probably not doing anything particularly special.

Nathan Wrigley: 21:30 You're probably at home sitting on a sofa or something. Or at least that's what the statistics say, which makes you an ideal person to, to pitch at. So a bit why television adverts I suppose are so essential. But the other thing is you've probably got a device in your hand and so that's fascinating. So with that in mind, um, I'm just going to draw your attention to our sponsor this week, which is consider, so there you go. The next one is all about the fact that Google is going to be allowing shoppers to actually put things in a cart directly from searches, images and youtube. Again, on the search engine journal, you can see some screenshots that they've taken of the Google Search Ui, the serps results, and you can click an add to cart button. This, this persistent cart will be there. So let me, if you don't clear it out so you can just keep roaming around Google for days, weeks and months and keep adding things to cart and then and then click buy.

Nathan Wrigley: 22:25 But I mean the idea that also in youtube videos there's going to be the option to buy things that are mentioned in those videos is quite fascinating. eCommerce taking a new direction there. Adobe this week got uh, got people a bit annoyed because as it says on the vice.com website, Adobe tells users they can get sued for using old versions of Photoshop. Adobe would like you to be on the latest version, but even if you don't wish to update to the latest version of creative cloud. And then they issued a letter this week saying, please be aware that should you continue to use the discontinued version, you may be at the risk of potential claims of infringement by third parties. Now to be clear, some of the, the Twitter comments that came after this, we're saying these are fully paid up members of the creative cloud, but they're still being told you can't use out of date versions.

Nathan Wrigley: 23:19 You even though you're paying for them and you know, paying the bill regularly, you can't use them. So you've got people a bit riled. I don't know if you're still using the, the Adobe software suite, but uh, that's certainly worth now and off updated. We might be sued. San Francisco, the BBC tells us this week are implementing for the first time a face recognition bands. So facial recognition software is being banned in San Francisco and it's the first time this has happened. So they're saying, you know, essentially from now on all of the, if there's any software being used by law enforcement or transportation authorities or anything like that, it's got to be passed by the city administrators. I don't know what your thoughts on this are, but it seems like, uh, maybe this technology is, has gotten a little far without us having oversight in it. And San Francisco law makers have decided to take action.

Nathan Wrigley: 24:13 Firefox send. My final piece today, Firefox send is a very simple drag and drop file, upload and share platform. You go to send .firefox .com and if you are signed into Firefox, you cannot blow 2.5 gigabytes and if you're not, you can upload one gigabyte dead simple. And I know that a lot of us are sharing very large files, so this seems like a nice way to do it and it's completely encrypted and it looks like it's a little bulletproof service. So if you've got a need to share some big files, send.firefox.com might be the answer. Thanks for joining us for the WP builds news. Once again, I hope you got some value out of it and that there was something in there that you found useful. The WP Builds newsletter is brought to you today by Kinsta. Kinsta takes managed WordPress hosting to the next level, powered by the Google cloud platform.

Nathan Wrigley: 25:07 Your site is secured like Fort Knox and runs on speed obsessive architecture. You get access to the latest software and developer tools such as PHP seven ssh and staging environments. And the best part are expert team of WordPress engineers are available 24 seven if you need help and you can migrate today for free at Kinsta Dot Com and we do thank them for supporting the WP Builds podcast and keeping the lights on over here. Thanks so much right to maybe we'll see you today later today. If you're listening to this Monday, 2:00 PM UK time, join me, Paul Lacey, Chris Badgett and Vito Peleg cause we discuss all of the things that have just been talking about join us. We're going to be doing that every week. So please feel free to, you know, come and check out. It's going to be going into our Facebook group and on the Youtube Channel. So please check it out. And if not, we'll maybe see you on Thursday for the podcast. And if not that, heaven forbid, we'll see you back here next week for next week's news. Okay, bye bye for now.

RECOMMENDED STUFF

These are affiliate links and the small amount of income we derive from affiliate income allows us to pay the bills and keep the lights on

SUBSCRIBE TO GET DEAL UPDATES

WP Builds WordPress Podcast

Join us on

SUBSCRIBE TO OUR

NEWSLETTER

WP Builds Podcast

WELCOME,

Enjoy luxury, exclusivity and discretion

NOW TREAT YOURSELF!

Get 25% Off & Free Shipping On Your First Order. Enter Code WELL25SPE