WP Builds Newsletter #94 – WordPress 5.3.2, 2019 reviews and NGINX raided

WP Builds Newsletter #94 – WordPress 5.3.2, 2019 reviews and NGINX raided

This weeks WordPress news – Covering The Week Commencing 16th December 2019:

Just to say that we’re taking a couple of weeks off during the holiday season. The way that the days align means that we’d be putting content out on days that, most likely, most people will be doing other things instead!

I would like to say “thank you” to anyone who has contributed to, listened to or even thought about WP Builds during 2019 – it really does mean a lot.

Premium WordPress hosting for everyone, small or large

So, if you’re having a holiday, I hope that you get a chance to relax and recharge.

See you again in 2020!

WordPress Core

WordPress 5.3.2 Maintenance Release

WP Builds Deals Page - Find Deals on WordPress Plugins

WordPress 5.3.2 Addresses a Handful of Bugs

Community

We Messed Up, But We’ve Learned Our Lesson!

CobaltApps – The Twelve Days Of Coding

One-Time vs. Recurring Payments for WordPress Products

Scaling Kinsta to a Global WordPress Hosting Platform in 2019

The 2019 WordPress Year in Review

Plugins / Themes

Elementor – Meet the Table of Contents Widget

Customizer Reset – Export & Import

Inserting Special Characters Into the Block Editor

Deals from this week

20% off all Astra plans

Security

Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager

WP-VCD Evolves To Remain Most Prevalent WordPress Infection

WebARX – WordPress Vulnerability News, December 2019

WP Builds

My nephew makes websites too

Win WPForms Pro License in the WP Builds Giveaway

Jobs

Nothing this week!

Not WordPress, but useful anyway…

20 VPS providers to shut down on Monday, giving customers two days to save their data

Russian police raid NGINX Moscow office

Google Serves 11 Million Fact Checked Articles Per Day

Nathan writes posts and creates audio about WordPress on WP Builds. He can also be found in the WP Builds Facebook group.

The WP Builds podcast is sponsored this week by…

Kinsta

We thanks them for their support of WP Builds.

Transcript (if available)

Read Full Transcript

Hello there. Good morning and welcome to this. The WP Builds weekly WordPress newsletter. This is number 94 it covers the WordPress news for the week, commencing the 16th of December, 2019 and it was published on Monday the 23rd of December, 2019 a few bits of housekeeping, one of them slightly out of the ordinary.
It is just to say that we are taking a couple of weeks off for the holiday season. Just so happens that the dates that we publish our content are probably the exact . Dates when everybody's going to be busy doing other things with their family and so on. So I hope that's okay with you. So we'll be back in January, so a couple of weeks with no news or podcasts and yeah, but please come back and join us in January.
I hope that's okay with you and enjoy your holiday. The other housekeeping is much more ordinary. It's things like they subscribe Lincoln, so-and-so, WP Builds.com forward slash subscribe over there. You'll be able to find out all of the places where we put our content. So there's our Facebook group, which I would love you to join.
YouTube channel, and you can subscribe to us on your favorite podcast player over there as well. Another URL is WP Builds.com. Forward slash win over there. We're giving away a WP forms pro license, so go over there and see if you can, when that WP Builds.com forward slash deals. it's a little bit like black Friday, but every day of the week, a whole bunch of coupon codes where you can get some money off, no matter what day of the year it is.
And finally, WP Builds.com forward slash advertise. If you would like to put your product or service in front of a WordPress specific audience, a bit like Kinsta have done, are you tired of unreliable or slow hosting? If so, check out Kinsta who takes managed WordPress hosting to the next level, powered by the Google cloud platform.
All their plans include PHP seven SSH and 24 seven experts support, and you can migrate today for free at dot com. And we really do think kin stuff are helping us put on the WP Builds weekly WordPress newsletter. Okay, let's get stuck into the new shower. Every single week we divide our news up into various sections and if there is any, the first section is always WordPress core, so let's get stuck into that.
Two pieces of news under WordPress core, and they both relate to the exact same thing, which is to say that WordPress 5.3 0.2 a maintenance release has been released. The first one I'm linking to is on wordpress.org and it's the much more technical and short explanation, and it goes into talk very, very briefly about what the main issues are.
So go and check that. If you just want a brief summary. the slightly longer version is over on WP Tavern, just in Tadlock writes an article entitled WordPress 5.3 0.2 addresses a handful of bugs, and he goes on to explain. Exactly what these bugs where there's no security releases. But it's interesting to note that it's only a week, rarely since the 5.3 0.1 security update.
So it's quite a rapid release cycle. And he says at the end of the article, maybe, maybe this is kind of a nice idea of doing minor, minor updates much more frequently, perhaps not once a week. That may be a bit too much, but something a little bit more frequent every couple of weeks or something like that.
Anyway, very quickly. I'll just go over what the, the fixes are in this maintenance release. The first priority fix addressed an issue with a modified post objects that have an invalid date. The fixed ensures that get feed bill date function handles. This scenario. The second one was all to do with unique file names.
If you had an exact same file name, but one was case sensitives, that is to say one was in application, one was in lower case, they could actually save and cause a clash. The other one was WP unique file name function. When a destination directory for an up noted file was on, it would throw a PHP warning.
And also they fixed the problem with the.active class. which was. In the admin area showing buttons, especially in the permalinks admin screen. They, apparently the bottoms were unreadable because it was a light gray background with white text. And this is if you are on a non-default admin color. So as you can see, all pretty minor stuff.
But anyway, yeah. Nice. The next section is all about community, and the first piece I've got is over@thewpblog.com website and article entitled, we messed up, but we've learned our lesson on the 10th of December. The guys at WP blog posted a list of top of WordPress influences in the industry and there.
Basically apologizing for that list because it really, by the looks of it, it wasn't that well-researched. What I like about this article is the fact that they've clearly done a, a quick post throwing together a list of people and then quite humbly when the, when the feedback came and the tidal wave of problems occurred, they really did own up to it and I quite like that.
The problem largely is that the list appears to have been kind of horridly put together. Not only was the list of 44 people only, including. Eight women, but apparently some of the links to the people's websites was wrong, and they apparently didn't know that. Justin Tadlock now writes for the WP tab, and so it still feels a bit horrid, but they owned it.
They're going to rewrite the post, do it to more properly, put a whole bunch of different people in by the sounds of it. And so, yeah, I just think that's quite a nice, a nice resolution to this. Hopefully the next post will be a little bit more well thought through. Next stop. We're on the cobalt apps.com website, an article written by Eric ham entitled the 12 days of coding.
Eric's got a really nice initiative here. He wants everybody to kind of, as he says, step out of the page, build the comfort zones, and use this little downtime that we might have to, to refreshing our experience to get a little bit more knowledge under our belts of CSS, HTML, JavaScript, and PHP, and so on.
in order to realize. The Maxim of code is poetry. So what he's doing in order to help, he's producing an article, one for every 12 days in the run up to Christmas, and he's just putting a little tutorial together. So for example, one day it's supposed entitled customizing block editor styles using custom classes and CSS.
And on another day it's using theme approach to create and explore the files and folders of the Genesis sample theme. He's obviously very reliant upon his own tools. So he'll be leveraging those things. Instant ID and so on and so forth. But anyway, very nice in the run up to Christmas, I believe the last one is coming out on Saturday, December the 28th.
But, if you've got any interest in that, then go and check out the link in the show notes. Back on the WP Tavern. Again, this time, an article by Justin Tadlock entitled onetime versus recurring payments for WordPress products. Now, if you're a product owner or indeed the consumer of WordPress products purchasing products, you'll know this dilemma should you, should you be allowed to have a product for a one time fee in the way that it was done in the good old days of themes may be in sort of like 2010.
You could probably pay just once. However, more and more products are going over to a recurring payments fee. Very often that recurring payment is kind of automatically taken. So you sign up at the beginning and it just keeps taking it until you cancel it. So it's an interesting article from the perspective that Justin is a product owner and has in the past used recurring fees, but he also makes the point that he'd rather pay.
A single fee right at the beginning, simply because that's, I guess, is kind of human nature in a sense. You just want to pay once and pay as little as possible. But he's also drawing attention to the fact that there is possibly a third way, which is basically never used as far as I can make out. And that is the idea that when you have a point release or a significant release, you ask for some more money.
So let's say for example, in his case, he's using a Scrivener, which is an . Mac app, which you can use to write novels, and you pay for it once, and should you wish to just keep using that version of Scrivener, you'll get updates and support for that until they get to their next version. So for example, you might go from version two to version three and then that you'd be asked to pay again and significantly less, but you'd pay for updates.
Now he says, this is a good option because you feel like you're getting a load of new stuff thrown in with it, whereas if it's just a recurring model, you might not see any updates or any kind of engagement from the plugin owner or what have you. And so he feels this might be a third way. However, obviously you can go your own way if you have a product.
but yeah, just, certainly an article worth reading and food for thought. At this time of year, we seem to have a lot of articles doing, they're kind of like yearly review. So the yearly review for X plugin. How of, how's it gone in the year 2019 and I've just cherry picked one and that is Consta can sta has an article entitled scaling Kinser to a global WordPress hosting platform in 2019 and the reason I picked this one is two fold.
Number one, it is a hugely long article and they, they go on in great detail about everything that they've done, all the performance improvement. All of the things that they've added into the platform. And there's a whole gigantic section about their staff and how they've restructured and all of the different meetups and events that they've been to and so on and so forth.
And then all sorts of things looking at the bottom as well. So things that they've been on. And one of the, one of the nice things is that WP Builds got a mentioned Brian Jackson did actually come on for an episode. It was episode number 150 and you mentioned that. But anyway, it's just a nice article. I think it's just a cracking way.
If you're thinking of doing a year in review, this is certainly, certainly an exemplary example of how to go about doing it. This next piece is a very, very similar piece. This one's in by specky boy, and it's entitled the 2019 WordPress year in review. And the reason that I've picked this one is because it's a much shorter and yet quite good example of how to do that.
So it's not about anything that they themselves have done. It's just a very quick read of what's happened in 2019 for WordPress. So for example, we get . The one year milestone for Gothenburg. We also get a version of WordPress, 5.1 called Betty, and we got 5.2 Jacko and 5.3 Kirk. And yeah, just very quick resume a, and if you, if you have any interest in following WordPress and what it's done this year, this might be a very quick radar.
I can, they'll take you no more than two minutes. The next section is all about plugins and themes. It's a bit of a slow week this week, probably because of the run up to the holiday season, but I've got three pieces for you. The first one is from elemental.com and the article is entitled the meats, the table of contents widget.
So elemental. Pro 2.8 brings you this widget, which enables you to add a table of contents. So you get the idea, you write a long piece of content, and this widget, which is appearing on that post or page, enables you to simply click and get to the appropriate part of the article. This is good for a whole variety of reasons.
You know, if it's a very long form piece, then you can simply skip. The bits are of no interest to you. But also, I suppose it gives some sort of SEO value. It enables Google to index little individual parts of the article, which is quite a nice idea. So this article explains exactly what it does and that it explains sort of seven key advantages of how this table of contents widget can be done.
it says you've got absolute control over which subtitles get listed. You can make it sticky so that it just sort of floats in a fixed position on the page and it's got the ability to kind of switch. Off and on, or collapse on a mobile screen. You can select the kind of style of those lists, and you've also got customization and design options as well.
So yeah, it looks really nice. Apparently it's been a much requested feature. Many people that I saw commenting on it appearing were very relieved that it had appeared, and they can now use this in elemental. Friend of the podcast, David Vaughn, Greece has released a plugin into the wordpress.org repository.
It's called customize a reset. Very cool. And essentially it allows you to reset, export, and import, customize the settings. So the idea would be that if you want to migrate some customizer settings, you can do that by exporting it and importing it. We might just . Have become a bit lost with the way that you've made amendments to the customizer settings.
You just want to start again and you can do all of that. It's completely free. It was designed to work specifically, I suppose, as a helper plugin for the page builder framework. David Von Greece, theme, but it, apparently will work with just about everything out there. So yeah, just really nice, simple little plugin, but probably going to be used quite a lot.
I feel. If you write content fairly regularly, you may have made use of inserting special characters. You can click the Omega button in the classic editor. The amigo button looks a bit like a horseshoe and it would bring up a sort of modal dialogue where you could select all sorts of different special characters, so arrows and all sorts of different things.
So that however, was stripped out of the block editor when Gothenburg came along, that was no longer available. And 10 up have decided that this needs to be reinstated. So there's the insert special characters plug in. It's gone through a couple of updates and it seems to work well. And I'm linking to it from a WP Tavern article.
So if you need arrows and all sorts of other things. So for example, it might be your, I don't know, maths characters or Latin characters, a whole plethora of different things. You can search and filter and hopefully if you need these, you can now do them back in the. Block editor rather than having to use some sort of, Kluge to make it work.
Every week we linked to the most notable deals that we come across. I've only got one for you this week, and it is to say that the Astra theme has got a sale going on 20% off all new purchases and upgrade. So basically it's 20% off for absolutely everybody. from the time of recording, it's got a couple of days left, so I think it runs out.
Probably on Tuesday or Wednesday of this week. So maybe if you're in the market for any of the things that Astra does, you can go and check that out. So available on just about all of their products. So there's a whole heap of things like it's convert pro schema, pro skilled jet Academy, and so on, depending on which bundle or package you go for.
But I S. The next section is security. We take a bit of a light touch on this, but I've got three articles for you this week. The first one comes from the wordfence.com website and it's entitled critical vulnerability patched in three Oh one redirects, easy redirect manager. If you've heard of that, plug in or got it installed on any of yours or your client's sites, you.
Probably want to get this one checked out ASAP. A 70,000 people or websites are using this plugin and this vulnerability allows any authenticated user, even subscribers to modify, delete, and inject redirect rules that could potentially result in a loss of site availability. Now. Wordfence reached out to the plugin developer and they got it fixed really, really quickly.
But some sites, hopefully not too many out there, allow people to sort of guest post. And so it may be possible for them to escalate their own privileges and in this case, you know, redirect people and make the site completely on available. Wordfence say that it has been patched. So all you need to do if using this plugin is just go and get the latest update.
Staying with Wordfence. We have an article entitled WP VCD evolves to remain most prevalent WordPress infection. This is a very long article talking about a recently discovered vulnerability infection campaign called WP VCD, and according to Wordfence, it's not really going away. They managed to mitigate some of the problems by alerting CloudFlare behind which they, the attackers were hiding.
But since then, they've subsequently moved over to a Chinese DNS provider, and from that they've been able to work out what the IP addresses and from that they've been able to work out the, there's a shell company in Belize, but the servers appear to be in Bulgaria. Anyway, the point is, it's a nice, long, deep dive into article into how Wordfence go about tracking these problems and keeping you up to date.
Really, the takeaway here is. That these back doors are installed because people wish to go off and find cheap or free, should I say, versions of premium plugins. So they go off to these GPL sites, install a plugin, which they believe to be safe. However, code has been injected into there with this WP VCD exploit in, and then it creates havoc.
They can do all sorts, including installing popups and all sorts of ruinous things that they can do to your SEO. But, yeah. Go and read it. if you're into internet security, because it's a nice, like I say, a deep dive into how this stuff is figured out, often just linked to an article which summarizes the previous two weeks or month in WordPress security.
And this month I've decided to go with the web arcs version. It's entitled WordPress vulnerability news December, 2019. And it's like a little digest article, including the thumbnails of the plugins so that you can very easily see a, if any plugin that you've installed has been compromised. So for example, we mentioned things like ultimate Adams for Beaver builder, an element or and so on.
And there's a few more, but. You know, it's the kind of ultimate that you can literally scan through ever so quickly and recognize the icons and, Oh, I ought to stop and have a little look at that. And of course, right at the top is the one we just mentioned, the, the vulnerability and the three Oh one redirects plugin.
Next up we have the blatantly self-promotional WP Builds a bit. Two things. First is that we, this week released an episode with David Walmsley and myself of the podcast entitled while it was 159 and titled, my nephew makes websites too, and we've all been there. We've been sat with a client and the client has given us some bizarre sentence like, ah, and now it's interesting because.
My nephew thinks that the buttons ought to be red or whatever it might be. Well, we're doing a walkthrough through Briony Thomas's watertight marketing book, and this is one of the things that she would like us to be protected against. What can we do to stop ourselves? B, being unaware of who the stakeholders are.
People who are hidden in the background invisible to us. How can we make sure that these people don't have too much persuasive power over our clients? So it might. Just be, nephews or nieces or granddads or whatever it might be, might also be bosses or managers or line managers or whatever it might be.
So we talked through some of the things that, that might be possible to mitigate that. And the other thing that we've got going on is the WP forms pro license. It's a giveaway. If you just click on the link in the show notes. You can go and enter to win a WP forms pro license. You just fill out the form and it's one of those viral things.
The more, the more times that you get people to enter it, the more chances that you have of winning. That's all of the WordPress stuff I've got for you, but you always throw in a little bit at the end in titled, not WordPress, but useful. Anyway, I've got three articles for you today, and the first one is on the dizzy D net.com website.
It's entitled 20 VPs providers to shut down on Monday, giving customers two days to save their data. This actually has already happened. It was last week, but there is a list of 20 VPs providers who. Gave their customers basically 48 hours notice. They wrote to them on Saturday saying, we're going to shut our doors on Monday, and after that, you won't be able to get your data.
Obviously this would be an gigantic shock if you had some websites on there, but. Looking more closely at it, it would appear that all these 20 websites are probably owned by the same conglomerate and the the words exit scam are being bandied around. The idea of this is really, these VPs providers are just sort of shells.
They were set up simply to make money during black Friday and cyber Monday, and as soon as that wholesale is over, they just shut themselves down with absolutely no recourse and seemingly very, very blunt. To figure out who they are and, and how you might, in any way, shape or form, get some kind of recompense for the disaster that's occurring to you.
I suppose at the end of the day, the best thing that you can do is always go with a reliable host, one that you've heard of before, and not always rush, you know, for the very cheapest offering. This is an interesting one. This is all about engine X. I can never decide if I've pronounced that correctly.
I know that some people say, and Genex and some people say engine X and all sorts of other ways. Anyway, I'm going to say engine X, Russian police raid engine X, Moscow offices. ZD net, again is telling us, yeah, last week the offices of engine X, which are based in Moscow, were rated. Obviously this is a.
Oh, a significant company. If you're working in the web hosting space, engine X, I think is one of the biggest players. So an open source platform, but the, the chat behind it has been accused by, rambler group of violating their terms. In other words, they're saying that whilst. They were employing him many, many, many years ago.
Igor Saya, Zev, I'm going to say I might have got that pronunciation horribly wrong, created engine X, and therefore this company owned the code because they were employing him at the time. However, he's saying that he built it basically in his spare time. He opened sourced it in 2004 and then founded the company engine X in 2009 in order to kind of have anciliary services attached to it.
But this article, it goes on to show kind of like. The fact that the police were involved and they raided the offices and lots of tweets flowing about, which were then subsequently asked to be deleted by the Moscow police. But yeah, high intrigue. We'll just have to see how the story develops. We hope, of course, that the, the open source version is, is sacrosanct and won't in some way be monetized by the rambler group, but we'll have to wait and see.
Fingers crossed. The last piece I've got for you today is over on search engine journal. It's entitled, Google serves 11 million fact-checked articles per day. I didn't even know that Google did this, but apparently if you go and look for something where there's a possibility that the facts may have at some point been in doubt and something has actually been fact checked, there's a little badge.
I'll say badge, it's more of a text link, which appears in the SERPs results and the pages, you know, the search engine result pages to say, this has been fact checked and we find it to be true, or we find it to be false. I do quite understand who's doing this fact checking. Nevertheless, apparently they're serving up 11 million of these fact checked articles per day, which amounts to something like 4 billion a year.
So just, just interesting to me that Google is getting itself involved with this. And yeah. I just thought it'd be interesting to pass this information on. Okay. I hope you enjoyed that. Hope you found it useful. certainly it do. Enjoy putting these news articles out. If you do find it useful, please let me know.
You can contact me or WP Builds.com forward slash contact and let me know. I always appreciate commentary. Maybe it's too long, maybe it's too short, not entirely sure, but some comments would, would certainly help me. The WP Builds weekly WordPress newsletter is brought to you by Kinston Kinston. It takes managed WordPress hosting to the next level, powered by the Google cloud platform.
Your site is secured like Fort Knox and runs on speed obsessive architecture. You get access to the latest software and developer tools such as PHP seven SSH and staging environments, and the best part, their expert team of WordPress engineers are available 24 seven if you need help, and you can migrate today for free at dot com.
As I said at the top of the show, we are taking a couple of weeks break, so there'll be no news and no podcast for the next couple of weeks just because it coincides with the holiday season and it would appear to me that most people will be doing other things and having a well-earned break. So apologies for that.
I'm, I'm sure you're going to cope and live through it, but all I would say is if you are enjoying the holiday season, I wish you a very, very happy holiday. Bye. Bye for now.

RECOMMENDED STUFF

These are affiliate links and the small amount of income we derive from affiliate income allows us to pay the bills and keep the lights on