This Week in WordPress #142

Nathan Wrigley: [00:00:00] It's time for this week in WordPress episode, number 142 entitled auto update. All the things. I'm joined as always by my cohost, Paul Lacey, but also this week by Sabrina Zeidan and Leo Mindel, there's an awful lot to talk. What about WordPress itself? Got an update to 5.6 this week and it brought some new features like application passwords.
We talk about that. We talk about the auto updating and whether or not we would be making use of that as WordPress developers, we share a poll in our Facebook group, which seems to suggest that many of us would probably switch this off. There's also the state of the word address modern week on the 17th of December will be sharing his thoughts about the last year in WordPress.
And you can submit to your questions and join a few watch parties going on throughout the WordPress community, black Friday pricing. Did you do anything unusual this week? Did you buy anything unusual during that week? there's a plugin called. Grid builder, which did something a little strange. And we talk about that male poets, the plugin, which helps you deliver your emails has been bought by woo commerce.
What's it all about? Why have they bought such a product and element or have released their cloud version element or cloud? You can find out all about this in this week in WordPress coming up next. This weekend. WordPress is brought to you this week by AB split test. Do you want to set up your AB split tests in record time?
Like in a couple of minutes, use your existing pages and test anything against anything else? Buttons, images, headers, rows, anything. And the best part is it works with element or Beaver builder and the WordPress block editor. Check it out and get a free demo at AB split. test.com.
Leo Mindel: [00:01:49] Hello. Hello.
Nathan Wrigley: [00:01:50] Good afternoon, Monday afternoon, 2:00 PM. UK time, Monday. I means it's this week. What breasts? Today, I'm joined
Leo Mindel: [00:01:58] as always, let's
Nathan Wrigley: [00:01:59] go in the usual order if you'd cause I always start with Paul, but he's controversially in the bottom right-hand corner of my screen. But anyway, there he is Paul Lacey from the Nicky boat studio.
I'm also joined by Leo Mindell from the septic agency based out at Cardiff, but who knows where they're based at the moment with COVID and all. And finally last but not least, we have Sabrina Zedong from speed guard. How are you all
Leo Mindel: [00:02:21] doing very well?
Paul Lacey: [00:02:23] Very well. Good.
Nathan Wrigley: [00:02:24] Thanks. Yeah. Yeah. You're welcome. We are, we gather this time every Monday to talk about WordPress, mostly WordPress, occasionally some nonsense crops up, but, we try to stick by pressing.
There's actually a column of WordPress news. This week was absolutely lobes. That's happened. 5.6 has been released with a few controversial inclusions and so on. We'll get stuck into that in a moment. Before we do. I'm just going to tell you about us. We are WP builders. You can find [email protected] a bit like a WordPress network.
We've produced podcasts and webinars and things like that. here it is the next link that I want to show you is how to actually find this stuff. And if you go to the archive section, this is it here, we record them live on this Monday, and then we repurpose them, strip out the audio. And make it into a podcast episode, which comes out Tuesday morning, along with the text version that we are cribbing from.
So we're not just making this up, I've put together a newsletter and we're going to go through the bits and pieces from that newsletter. So you can find that here last, but by no means, least
we've
Leo Mindel: [00:03:24] got this deals page black
Nathan Wrigley: [00:03:25] Friday is over. I know you're all gutted. The black Friday is over and that you've tightened up your wallet, but there's still a deals page over at WP builds.
It's over here and it's. It's there all the time. These deals, as far as I know, would not remove one. So thus far, so get a few quid off. You can search and filter over there, but let's get stuck into the news because I'm joined each week by Paul Lacey. It's apropos that he, he's taking the helm on quite a lot of these articles now.
I think Paul I'm handing the reins to you right at the beginning. If that's all right.
Paul Lacey: [00:03:57] that's absolutely fine. And we've got a lot to get through this week. We've got lots of tubs in our browser, so you can read the different articles and everything, but yeah. So start with WordPress 5.6 was released and actually it wasn't really last week.
Wasn't it. I'm not making this up. It was released. In-between last week and this week, wasn't it
Nathan Wrigley: [00:04:20] like the ninth? I think so. Yeah. Earlier this week. Sorry, last week. Yeah, you're right. Yeah.
Paul Lacey: [00:04:29] Yeah, and it's called Simone. And so I guess that's named after someone called I'm pretty ignorant to everyone in the world.
So somebody called Nina Simone, who was an American performer and civil rights activist.
Nathan Wrigley: [00:04:42] You've never heard of Nina Simone.
Paul Lacey: [00:04:43] I've never heard of anyone
Nathan Wrigley: [00:04:45] for me,
Paul Lacey: [00:04:46] basically. If someone hasn't taught it to me directly at school, I don't know it.
Nathan Wrigley: [00:04:51] Yeah. She's very famous. Yeah.
Sabrina Zeidan: [00:04:54] Links to her songs.
Nathan Wrigley: [00:04:56] yeah, can do, is it on the page?
Leo Mindel: [00:04:59] Anybody wants to send us the links while we're here to educate Paul, please send them over.
Paul Lacey: [00:05:03] Yeah, I'd really need some education there isn't like a kid's version that I think a kid's history book that tells me about this. So I don't know. It. She
Nathan Wrigley: [00:05:10] had a very troubled life. Let's just say a very fulfilling
Paul Lacey: [00:05:14] check this out.
I'm going to go. Yeah. I'm trying to educate myself because I'm so ignorant about anything other than things on directly interested in. but yeah, so this is the, the new version of WordPress Simone. It is the version that has, an all women or all identifying as women core release squad and looking through the list of people.
It was nice to see a few names that we've had on this show as well. So Michelle Frechette is in the marketing and communication lead team, and also Anshen LaRue. Is also in there somewhere I saw. And so she's been a regular on this show as well, and I'm pretty sure that Kirsty again, we're going, but going, is in some way involved, but isn't in the core team.
So that was cool to see that, going into, yep. Sorry. Did you say something? Nope. the, some of the core features that probably the headline items on this particular release there's a lot. but there's a lot of block editor enhancements. They don't really, there's nothing majorly game-changing other than the lots and lots of small updates that we've covered over the various weeks and months leading up to this release.
I know that there was. Originally it was penciled in that they hoped they would get the full site editing into this particular Reese release man, possibly as a beater. they decided to pull back on that because it was nowhere near ready. again, I think we covered that on this show and then we were quite pleased that they were starting to pull back on things that weren't quite fully baked.
So there's a lot of block editor enhancements. Generally. It's more a case that you will probably just notice that everything is. Smoother and better. And those kinds of things that you don't really notice, there is a new theme, 2021, which is completely using, not, I don't think there's a full block as in the nav and the photo and all that kind of stuff, blocks.
But the new theme is using blocks and block patterns to a great, great effects. And it's got lots of nice pictures, I think from. which artist is it in the, I think it's
Nathan Wrigley: [00:07:13] only, I'm guessing by
Paul Lacey: [00:07:15] Vango. I think
Nathan Wrigley: [00:07:16] of Angus.
Paul Lacey: [00:07:17] Yeah. Oh, there's maybe it's a few different ones, but he's got some lovely pictures that help make it look beautiful because there isn't actually that much to it.
But I think it's the right kind of theme to launch with this particular version to make use of the blocks and to say, Hey. This is all about blocks. Check it out. The theme is very basic, but you can see what you can do with blocks that you could never do with the old traditional editor.
So I think they're really trying to bring that to the front. we've got, one of the, there's a couple of controversial additions to this that, I in the name of progress, one of them is something called application passwords for the rest API, for anyone who doesn't know the rest API.
Was built in, I think around 2015 or something like that. And it was, it promised a lot and would allow lots of integrating with third party systems and all that kind of stuff. It's never really massively taken off. whenever you hear people who know what it is, which I don't really understand what it is, talk about it.
A lot of people say, it's a little bit half-baked has it. Isn't doing this. Isn't doing that. Now this feature like put in there called application passwords is something that apparently is. Pretty critical to the future of the actual rest API, being able to easily integrate with third party systems.
But at the same time, it's come with a slight down point, that we'll come to in a minute that it opens up a new security loophole within WordPress. So there's a little bit discussion going on in the community about, should it be a turn on an offerable thing? Should it be turned off by default? And then you turn it on when you need that.
Again, I'm ignorant to how these things kind of work. So I don't know, much too much about that, but we'll cover that in a minute. And another controversial one, which we're going to cover next is the WordPress core, major updates that. We'll be able to update automatically within WordPress. So when there's a new release of core WordPress 5.7, for instance, I don't know if it goes that far as in the entire version, w there will be a possibility for it to auto update, but Sabrina, a lot more about that one.
So could I Chuck this one over to you to S for what you, for your thoughts on that?
Sabrina Zeidan: [00:09:24] Sure please. yeah. my name got into core contributors this term as well. Cause I was working on covering in questions and answers for this automatic updates.
Nathan Wrigley: [00:09:34] hang on. Can we hear here? You can't hear me? No,
Leo Mindel: [00:09:42] just your name.
There is,
Sabrina Zeidan: [00:09:44] in, release where the all names
Nathan Wrigley: [00:09:48] I
Sabrina Zeidan: [00:09:48] haven't checked this page.
Nathan Wrigley: [00:09:50] that's amazing. Thank you slightly guilty. When, when in the presence of people who make the effort. So thank you. I
Sabrina Zeidan: [00:09:59] didn't write any code, so it's a little bit cheating, right? I was writing text. yeah. So these auto updates, feature, it was in a WordPress for years since.
3.7, I think, but it was enabled, by, constant in WP conflict before. So this you feature what it does. It just adds, user, interface. So that, administrator can check the box, check the check box and updates for major
Paul Lacey: [00:10:30] versions
Sabrina Zeidan: [00:10:31] will be,
Paul Lacey: [00:10:32] held,
Sabrina Zeidan: [00:10:33] to medically this was available before as well, but only for developers.
And now it has, user interface. I think it's really a nice thing to have, but also all nice things. It has like downside for those who are not aware what they are doing.

for example, they administrate and on to develop a chicken, this box, and then they have everything updated, automatically.
they don't surely, prepared if they're not truly prepared for this may cause issues. So like any you features just like for, you mentioned about rest API, I'm a huge fan of rest API, but it should be used with, some knowledge.
Nathan Wrigley: [00:11:15] Yeah. Yup. I was, I was cute. It was curious to me that a, that this kind of option, hadn't got a tick box already, that you couldn't already take this and say yes, please.
But also, there was a, an article that I don't know if it was in the piece that we just read on WordPress Tavern. or if it was on a piece that we're going to come to in Wordfence in a moment, but they were making the point that really from now on, it's going to be incumbent upon. Plugin developers, especially to really make sure that they have upped their game to the point where if 5.7 comes out or 5.8 or 6.0 or whatever it might be, they re they really need to be sure that they've done their due diligence and ticked all the boxes and made sure that they've prepared because the public backlash is going to be Swift and severe.
Isn't it. At the moment you can hide under a blanket a little bit, because I think a lot of people won't update. I, for example, Which we'll come to in a moment, haven't updated everything at all. I'm just waiting and seeing how the dust settles. But if the majority of people tick this box, I don't know what the default will be ticked or unticked updating or not
Sabrina Zeidan: [00:12:18] for newly equates to websites.
It will be ticked by default.
Nathan Wrigley: [00:12:21] yeah. and in most cases I think probably WordPress is administered by people who don't often return to the settings and, just set it up once and then forget about it. that could be interesting. and you can imagine the stories in WordPress diamond in the years to come with exactly this problem, just white screens and people screaming that things have gone wrong.
And it was something that they didn't themselves do. They just woke up to find that their website was broken and that's difficult, but if you can just on ticket. I think I might go in and on ticket because I'm always looking at WordPress. So it doesn't matter to me. Sorry, LIGO, take over.
Leo Mindel: [00:12:55] w I know I've discussed this with you before Nathan, but my view is that this is the right movement along the path, because the worst you may say that, waking up to widescreen is bad.
I'd say waking up to a hack site is
Nathan Wrigley: [00:13:07] worse. Okay.
Leo Mindel: [00:13:08] The reason this is happening is that there are people out there who are leaving WordPress versions that are vulnerable and just leaving them and leaving them. And we have to move forward from that. Now that's a difficult situation. The ideal optimum situation will be that every single site will automatically update.
We're not going to get there straight away. What we're going to get. There is a gradual process, a new sites, as Sabrina said, we'll have this ticked and other sites will have it. And eventually, probably in some point in time, it will be the default. This screen will be removed and you'll have to change it.
If you really have to change it, you'll have to change it in the code. But that's a good way you look at, The mobile phone environment and how that updates or even the desktop environment. yes, occasionally windows updates do cause you problems. And we all are. Some Macs will know that the current big Sur was, a lot harder update, than some others, but you can't keep leaving these things out there.
And I think the vulnerability issues are the ones that we have to
Nathan Wrigley: [00:14:14] cover. Yeah.
Sabrina Zeidan: [00:14:17] Is there anything going?
Nathan Wrigley: [00:14:18] no. Please do him
Sabrina Zeidan: [00:14:20] not on the vulnerability issues, but also the compatibility issues. everything works better when everything is updated to their latest, versions, right? Plugins, you have the theme, the core, everything like there are less opportunities.
For something to go wrong when you have everything, with, within the latest versions.
Paul Lacey: [00:14:39] And
Sabrina Zeidan: [00:14:40] this all is part of the biggest issue. We had one of those early days ago, We had this auto updates for themes and plugins. Then these, then I think it will be likely, I would just have said that it will be that we won't see that screen at all.
And at some point, at some point we will see the picture where everything is going smoothly in the ground, and we have no idea what's going on there. It just works in that's fine. But I wonder why when.
Nathan Wrigley: [00:15:09] It's interesting because if you're using a SAS based solution to build your website, Wix or Squarespace or something, they must go through release cycles, but presumably they just click a button at some point don't I don't know if they inform anybody.
I don't know if there's a version number in those platforms, but they just do it and yeah,
Leo Mindel: [00:15:25] but they typically roll it out. there is some of those systems will roll out to every single customer, lots of them, or roll them out to certain customers. And then they will keep rolling out to the end, but they have a huge advantage that after a set period of time, they're no longer supporting old things.
And I don't know if Paul's got it on his next list, but one of the other changes in here is there's a change to J query, right? Paul?
Nathan Wrigley: [00:15:50] Yeah. That's coming up
Paul Lacey: [00:15:52] two or three. Yeah. And it's a big process.
Leo Mindel: [00:15:55] I don't know if you've got this on your list of the discussion, but part one didn't exactly, sail cleanly, but it was mainly because of incompatibilities that Sabrina's talks about, and that supporting of things, which, you're having to go back and support things that you really don't want to support long term.
And this is maybe a warning to say, it. I've got it on my Mac. Every time I reboot my Mac, it tells me about various different things on here that aren't going to be supported in a later revision of the operating
Nathan Wrigley: [00:16:29] system. Yeah. And that's happening a lot on the market at the moment. Isn't it?
There's an awful lot of change going on around there. Yeah. Interesting. I th I think you're right there. I think it's the right direction to go in. I'm just curious how we get through the next couple of cycles. And obviously the point releases the big ones, especially where things change in a major way.
It's going to be really interesting.
Paul Lacey: [00:16:48] I'd say, I wasn't, I was. Before, Sabrina and Leo enlightened me to the bigger picture. I was probably in the camp of, Hey, this is crazy. why would anyone do this? But I think it's quite listening to the two of you. It's quite a pragmatic future thinking, thing to do.
And I, I imagine, WordPress grew so quickly in the last few years that the core team, it's a, it's almost like a blur. for them to try and figure out what's happening in the future and to figure out what possible problems would happen if they didn't start they didn't start, but if they didn't up their game on the maturity of how they think about the releases of the software and the environment that, so if you are creating a product that sits on top of WordPress, then you need to know what the environment of environment that you're working in.
And it's not that some people will turn up on. Some people would turn them off. It's that by default there's a movement towards, we release WordPress every in a specific cycle. Plugin developers, fin developers know when that's coming. There's lots of documentation. There's lots of talk and your products might break because we're making it more your problem than our problem.
And that's where it should be.
Leo Mindel: [00:18:03] And I think if you look at what we're talking about, we're talking about a major release of PHP, a major release of G major releases of various different things. you're talking about saying we're not in PC terms, we're not going to support 16 bit. Apps, we're not going to support 32 bit.
We're going to 64 and eventually that's exactly what's happened on the other environments. And as Sabrina was saying, to support. That old technology is actually more work than turning around and saying, you've got a broken website. You're out of date because you have a broken website. You failed now, could you please state your website and come back into the world?
And it's better to do that, then just pretend you don't have a fault. Which is what, as long as there's a good enough warnings. And we're not suggesting you turn this on instantly, I'm suggesting there's a path to getting to it. It will make the WordPress environment and more skill one.
But I know I've parked on the ballot before.
Nathan Wrigley: [00:19:05] Yeah, the, it was interesting. I was listening to a security podcast earlier this week and although it's a CMS, I no longer use, Drupal, this week. I say this, we could have been last week, but the point being, they had a major. they had a major security breach in their core.
and there is no method for doing this. In fact, that process last time I updated Drupal, which was several years ago was quite cumbersome yet to actually go in and overwrite files and then Roman update script by going to it in a browser. So it, but WordPress in that sense will be far in advance.
If something catastrophic really bad is discovered in core, which one day I'm sure it will. Then the guys over at automatic, presumably can just update everybody overnight. The moment they find the solution or the patch for it. yeah, it's a good idea. Isn't it? It's just, I'm just nervous at the minute and I'm gonna stay away from it and just see how it goes.
And then I'll tick the box in a little while. Paul, we're back to you. We're on, Run this word fence. If you finished with this one from
Paul Lacey: [00:20:01] Sonia, I think we should shuffle them around just slightly, because we've got the Facebook poll that you did in bill, which is all about, do you update your site straight away when 5.6 or 5.5 or, the last couple of versions come out and it seems like this is a good one to talk about now to say, for people who.
this thing, Nathan did a poll in the Dorothy builds a Facebook group and it says 5.6, just the ride. I'm curious to know who has updated all the sites. Some of the sites were none of the sites. there was, I noticed the,
Leo Mindel: [00:20:34] in all the sites,
Nathan Wrigley: [00:20:35] I noticed
Leo Mindel: [00:20:36] that and she was right. I'm looking at the pictures.
A patient is in the none of the sites
you start getting used to seeing these avatars.
Paul Lacey: [00:20:49] Yeah, LaRue, who is in the core release team release updates, some of the sites. but this is exactly what we're talking about is that I think if you did this poll. Maybe two years ago, I reckon you'd have a lot more people updating straight away.
but now the environment changes. It's more volatile when you do updates. So the current environment is people don't completely trust, hitting updates straight away because the winner out of approximately a hundred votes was none of the sites with 60 votes. Some of the sites was next week 34 votes.
a few people updated, a test site and, and then some people, David McCann, Sabrina. I can see in the pictures, where some of the 11 people out of approximately a hundred that updated all their sites. So obviously some people have got a lot more sites than others. And so there's a bigger risk factor there, but it was interesting that the confidence isn't quite there.
And maybe if, what happens with these auto update, things that all of the plug-ins and the themes really pull their socks up and go, do you know what I mean? Or I'm out, some of them are just going to go. This is just too much problems. Now I'm a thing developer, it's too difficult, I'm out. But the ones that decide to go for it need to make sure that their reputations are intact.
And hopefully in a year's time, we would do this poll again. And people would be all ticking, all the sites because the environment had changed and we're all a lot more confident in it.
Leo Mindel: [00:22:21] Can I comment on this,
Nathan Wrigley: [00:22:22] please do
Leo Mindel: [00:22:23] very quickly. Paul, the F one of the, it's always the issue with statistics and information like this is your sample poll are all
Nathan Wrigley: [00:22:32] texts.
Leo Mindel: [00:22:35] So if you had asked an end-user or an in person, how do they think their site gets automatically updated by their people who run it? I think they would say yes all the time. And we'll. To that provide there that supposedly NOLs decide not to update their site.
Nathan Wrigley: [00:22:55] it's interesting. I've just done the math and there was actually 123 people in the poll.
I took this was on the site about 10 minutes ago. So the numbers are right, 123 people, a full 94 out of that hundred and 23 South 76, nearly 77% are in the non of the sites. Or some of the sites is very few. And
Leo Mindel: [00:23:13] if you're a WordPress, black hat hacker, you'll go. No. Looks like they're never going to listen.
So I'm, I've got a pocket audience.
Nathan Wrigley: [00:23:21] Yeah. Yeah. That's
Leo Mindel: [00:23:22] true. Really with it, really people are doing the business or doing the industry of disservice. You've got to think about it.
Nathan Wrigley: [00:23:30] Oh, isn't it. This conversation is often framed or at least the reply often comes about who's updating to 5.6 and I often see the exact same reply, which is I'm waiting for 5.6 0.1, which
Leo Mindel: [00:23:41] typically comes around.
That's fair enough, but it's, maybe the question is because you actually framed it as just arrived is the,
Nathan Wrigley: [00:23:51] the point.
Leo Mindel: [00:23:51] I cannot believe she can't be watching our inboxes would be full from,
Nathan Wrigley: [00:23:57] but the,
Leo Mindel: [00:23:57] when, when you hear real experts on their site, Tim talk about the fact that the percentage of sites that white screen after updates are such a small percentage, that the reality is that updating your more, your bigger risk is to not update right then to take the risk of the white screen and then repair.
And it's just finding the right windows because I've been in this situation where people go is to, I can never update this. I can never update this. Can never update it. And then you're left with a box that you can't migrate. Can't do anything it's too late.
Nathan Wrigley: [00:24:33] The interesting thing about this is it's one of the, it's one of the key pillars of like care plans.
Isn't it is the updating. We will update things slowly but surely, automatic as well, made it. automatic. And, and so the core is going to update the plugins and the themes are going to update what aspect of that is left in the care plan? It's a, it's an interesting thought, but yeah, very conservative bunch.
We are,
Paul Lacey: [00:24:57] you can say that you can buy a care plan of us and we will. Stop your website update what an amazing service we will. We'll do. We'll do things to make it go backwards and get more insecure for you. And we will charge you
Nathan Wrigley: [00:25:11] in a year from now. Sorry to interrupt any air from now. They'll only be two options in this poll and that'll be.
did you tick the box or did you leave the box on tech then? That's really all that healthy. Anyway, curious poll. It was really enjoyed the feedback. There was actually loads of people that participated in that. It's one of those posts where you put it out and you think four people respond and 123 people.
So thank you for your feedback, who responded to that? Paul, are you ready for your word fence one now?
Paul Lacey: [00:25:37] yeah, sure. Oh, by the way, Leo mentioned someone called Tim and I'm assuming the expert so that he gets full credit. Is Tim Nash from 34 SP
Leo Mindel: [00:25:47] you're right until you said from, yeah,
Paul Lacey: [00:25:53] for me,
Leo Mindel: [00:25:53] I'm not an expert on his own.
Yeah.
Nathan Wrigley: [00:25:57] He releases a Monday newsletter, by the way, if you don't know Tim Nash, just go and Google Tim Nash, WordPress, and sign up to his newsletter. It's very good. I got the latest copy this morning and it was thoroughly enjoyable read. It's great.
Paul Lacey: [00:26:09] Yeah. Apparently, if you get the chance to, attend one of his talks, they're really funny and really entertainment
Nathan Wrigley: [00:26:16] entities.
Yeah. And you're very, self-deprecating in fact, I'm going to find his webpage cause there's a. There's a wonderful bit on his webpage. Let me just see if I can Google it. I'd probably won't need to Google it. Every active nash.co.uk. That was fairly straightforward on that. Let's see if it'll
Leo Mindel: [00:26:31] suddenly it's a Google.
you couldn't type anything into Google half an hour ago.
Nathan Wrigley: [00:26:36] No Google went down. Didn't it. Now I just love this self-deprecating yeah, he's lining himself up on his homepages. I like to scare people at conferences. And then he's got a quote from Simon who's obviously it's a testimonial of, it says we were desperate.
Really? He just glad he showed up. Not too many people
Paul Lacey: [00:26:53] complain.
Nathan Wrigley: [00:26:56] Wait till this thing's lovely. He's a total expert and he's a really funny guy. yeah, Tim national COVID UK go and subscribe to his newsletter. It's fabulous. right Paul we're back to Wordfence.
Paul Lacey: [00:27:06] Yeah. again, I'm fairly ignorant about this, but, this is so there's two articles.
one is there is on wordpress.org on the make.wordpress.org. There is a guide to how to use this new application. Passwords things, how to use that, how to integrate it. I can see Cameron in the comments was glad to see this feature come in. As for me, I'm like, what does this do? I don't know. and so there's a guide there for people who want to check it out by someone called George Stephanas.
And then there is another article on the Wordfence blog, which is probably for the rest of us who hear that there is this new application password thing, and there is a potential risk to security. So this is a nice guide by Wordfence to, talk about what the risk is and what you can do to stop it. Now, I know that because we use various security solutions with all of our sites that we look after in my agency that, the solutions that I've done, that I use have.
Blocked this anyway. So a lot of people who use, something like Wordfence, that will be a, an option now to block the application passwords. If it's just something completely irrelevant to you, there is also a plugin released by, Jeff star, who is, fairly famous in the world of WordPress security.
He's got a couple of security, plugins and firewalls and bots killers and stuff like that. He's released a one line plugin that you can install that. Disables application and passwords. th the, really the news here is that word fence has produced a guide on a little bit about what it is and what you can do.
And it seems that it's pretty easy to negate this risk, as long as you're aware of it. What, I don't know, I'd be interested if anyone else in the panel knows, is that okay? If you didn't read the article about Wordfence or your stance on WordPress updates was you do all the updates to keep it simple, but you don't use any plugins or anything like that.
I'm wondering if you're at risk, if your site is more at risk than it was before as a result of 5.6. And if that is a yes, should the way that they've launched a application passwords be slightly different so that it was turned off and then you would turn it on with a UI, something like that. Now I'm totally ignorant.
And someone might say that it's fundamentally wrong, Paul. That's not how it can be done. but I'm just interested to know, If this is a security risk, should it be rolled out slightly different? And I think Sabrina, you probably know more than I do on this one. So I'm definitely looking towards you.
Sabrina Zeidan: [00:29:34] I think that this highly depends on who has the excess to press the button. You see it. So if there is a team, same for about 30 people working on the website and five of them are administrators, I would definitely would like to hide
Paul Lacey: [00:29:52] the option for
Sabrina Zeidan: [00:29:53] them to let any application to access the website because someone, at some point would.
Occasionally, press the button. And some bad things might happen. But if you're the only administration, you know what you are doing, you won't just be like, my mom won't be clicking random buttons, and then what's happened. I never clicked it. no, it wasn't me. I think it makes a lot of sense for some teams that give, capabilities.
Paul Lacey: [00:30:19] To
Sabrina Zeidan: [00:30:20] a number of people, maybe not the best thing to do, but for knowing developers, why would you worry about that?
Nathan Wrigley: [00:30:30] They ident you're saying on the Wordfence article, the kind of the most likely scenario that they paint is an actual social engineering. a tech, not a car, like a brute force attack or a code based attack.
it's literally somebody, I don't know, via email or a spear phishing attack or something like that. Or literally just walking up to somebody and asking them, this is the most likely scenario they think. And just for, cause Paul said something a moment ago about Wordfence. I think they've enabled this by default.
If you've got work, I think this is on it on the screen right now as a. Is a list of check boxes, which we can see. And this was one of them where you can disable this feature if you need this password. But sorry, I felt like I was interrupting you there earlier.
Leo Mindel: [00:31:12] Okay. There's lots to unpack on this. but I'll try and be brief.
There's a few things in here. First of all. The whole reason we need passwords in here is that we have an API that has a huge potential to expand how we use WordPress. So whether that means that you're talking about headless CMS is it means that you've got publishing coming from social media sites back into WordPress, that you're building a.
A mobile phone app that enables your, publishers or content creators to work remotely. There's lots and lots of reasons that there is that you would want to use the API. And at the moment the API didn't have any security. So the, you need to come up with this, I agree that by default, I would argue the, a site should be, are you a wholly contained WordPress environment?
Yes. Then that should be set to, no, you do not enable this it speak. You've only enable, application passwords. If you have the addins, if you're on, if you have external community comms. So by default, I would expect that this. Feature, et cetera, is turned off the way they've done it. Wordfence, that's my understanding.
Yeah. Yeah. But long term, but examples of why and how, other people who get around a similar issue. I have access to many people's Google accounts or to their more particular than their YouTube accounts as manager. And when you enable somebody else as a manager or the other managers get informed that somebody has been giving access to that account.
And I would expect that enabling this should inform all the admins via some methods that somebody has enabled a, an application to have access, because it is quite powerful, but it does need management and control. And also maybe we're coming back to that classic problem. The. Not enough sites have got granular user permissions.
In other words, there's too many admins out there with full admin access when it should have been somewhere between moderator and something. And by default, you go, here you go. Here's admin. because half the plugins don't seem to want to work unless your admin.
Nathan Wrigley: [00:33:28] Apparently the way it works at the moment, at least I, if memory serves from reading this Wordfence article is that if you are an admin and you set up a, an API password, sorry, an application password, then it will inherit the permissions of the person who sets it up.
our mitigation here is to. Simply create a user with the minimum amount of permissions possible that would satisfy whatever it is that needs to be done. And then it's a bit esoteric. It's a bit convoluted. Isn't it? Nevertheless, go in, sign in. As that user sets up the application password, you feel, this is begging a UI of tick boxes of.
here's a, here's an application, password screen. What permissions do you want this password to inherit? And then we create a password and it's done, how long is it?
Leo Mindel: [00:34:13] How long does it keep?
Nathan Wrigley: [00:34:14] yeah. Is a good one
Leo Mindel: [00:34:16] missions for what does it do? And where do you flag it? it's very easy, I'm, I have quite, I have two factor authentication virtually on everything that I can, it still worries me that you can, that isn't the default in a lots of environments.
Yeah, to me, it feels like this shouldn't be allowed, to be able to be enabled on users that don't have. They shouldn't be able to act and enable this out. Yeah, approve it without some sort of two factor authentication.
it sounds don't trust Sabrina's mom.
Nathan Wrigley: [00:34:54] If you need it, you should go and find it and tick the box. It'll be in a setting somewhere and it will take you three seconds. If you don't need it, maybe switch off. Know, let's see. Maybe the developers have got a very strong cases. Leah was mentioning earlier about the jQuery update. or maybe Paul was can't remember somebody was anyway, it's in this article and again, Sabrina not to put you on the spot for the third time.
Sorry. I'm wondering if this is of interest to you, the idea that we've got to beater compatibility with PHP eight. Now I'm not a great follower of WhatsApp in PHB and what separates seven X from eight. Do you know anything? Have you got any insight? is it security? Is it speed related?
any thoughts?
Sabrina Zeidan: [00:35:34] Isn't that fun that in this release of WordPress, we have kinds of philosophical question rather than like developers question sticking to what? When no, go into what we. really wants to have, yeah, that's eat about everything that we have right now going on. And the same with BHP eight, shall we make WordPress more, compatible with new versions?
Shall we abandon? 5.6. finally, this is the same thing, when PHP eight was just released, I think it was said ground who made an use? Wait, let her say, now our servers, support PHP, eight and some people, would go to the, panel and
Paul Lacey: [00:36:21] check the box.
Sabrina Zeidan: [00:36:23] To have PHP eight on their websites without knowing that WordPress at current version doesn't support PHP eight.
And gets in trouble for this, and it's going to be more and more, of such situation. Future. If situations in the future, if force press, won't be able to support PHP eight as
Paul Lacey: [00:36:43] soon as possible. Can
Leo Mindel: [00:36:45] I ask you Sabrina and other way round to look at that? There's a lot, there's a lot of core basics that appear to be changing in one release.
not only are we changing a release of jQuery, we're also changing or supporting other on PHP and maybe I'm reading this wrong. That sounds a lot to be doing in one release and a lot of things which are pointer. My plugin doesn't work because, which one of these, because of what it sounds a huge amount to be changing all at once.
Sabrina Zeidan: [00:37:16] Yeah. It seems like this bus, all these changes, they were not like, they were not prepared just now. They were prepared long time ago and it just happened. Oh, we'll sneak on. I think.
Leo Mindel: [00:37:29] It wasn't adding to the conversation anyway. It's fine. we can keep going without him. I think he walked out last week.
Didn't they, try and chase down a postman.
Paul Lacey: [00:37:39] there was, there was a man in his house and then his
Leo Mindel: [00:37:41] house, maybe a man would come back and that's it. So I think it's, I think the question really Sabrina it's like everything is, should we always. What is the objective and how do you make sure? Cause you've been involved in releases.
How do you make sure that what you include moves to so long, but you don't jump too far forward. Is, do you ever have that thoughts?
Sabrina Zeidan: [00:38:04] I do. Yeah. I think the other members of team do have as well, but you never can predict actually, And all these updates they were prepared for longer time, it's just happened that they were shipped in this release because some of these updates, they were planned for 5.5 and they just didn't manage to get
Leo Mindel: [00:38:24] there.
Sabrina Zeidan: [00:38:25] I don't know which is to go. We need to go.
Leo Mindel: [00:38:29] Yeah, I think we do. I think we do apparently according to Cameron, Nathan has gone to reboot Google service for
Nathan Wrigley: [00:38:35] them. my internet just died. that's the first time that's happened in years and it just blipped out for about two minutes, but I blame, I am thoroughly blaming Google.
If that was the conversation you would do. Yeah. but yeah, it's certainly what it
Paul Lacey: [00:38:51] is. Sabrina's mom pulls your plugins things again,
Nathan Wrigley: [00:38:57] press the button.
Paul Lacey: [00:38:58] Always messing Crescent
Leo Mindel: [00:39:00] has gone into tier six lockdown, which is when they really,
Nathan Wrigley: [00:39:04] even the buttons don't work. Yeah. The, did you manage to finish up on that piece?
So where you
Paul Lacey: [00:39:10] want it to just briefly go back to what we were talking about. With, the, how many people you often have as administrators in WordPress. And then there's another thing that I imagine is on the core teams. think list is that from my memory, if you're an administrator, you have access to widgets and menus in the appearance section, but if you're an editor, the next level down, you don't have access to widgets and menus by default.
So that's why I think you often get so many administrators on a website because it gives you access to some site controlling things that someone might not know. You can use a plugin to change all the levels. So it makes me wonder, when they're moving towards full site editing, whereby menus and the equivalents of widgets will be.
In the front I'm noticing, will those features, I wonder be locked down in the Gutenberg plugin or locked down in the, in WordPress, in general to only administrators, or will there be a shift to editing sites means editing sites, anything you can see you're ready getting. And I think that kind of screams really for a kind of super admin.
Level by default in WordPress as an, the person that installs WordPress and all the people that then ask per se, it might be a good time for the core team, with the plans that they've got, the security updates, the UI changes, the things that you can do to revisit the core permissions of WordPress in some kind of way to give more to editors or have a super admin level.
that's that was in my mind throughout the whole conversation. And we did that one night.
Nathan Wrigley: [00:40:46] Oh, did you, so you've mentioned that there is this comprehensive guide. That's brilliant. Okay. Thank
Paul Lacey: [00:40:50] you so much. the next thing we've got on the list is the state of the word, actually. So
Nathan Wrigley: [00:40:56] this is sorry.
Say it again.
Sabrina Zeidan: [00:40:58] on 17th,
Paul Lacey: [00:40:59] isn't it?
Nathan Wrigley: [00:41:00] Yeah, it's on, it's an interesting thought. Matt Milan, like if you don't follow WordPress, you know how it all does the structure of the politics behind it and so on. And the, the organization of automatic, Matt Mullenweg typically delivers his state of the word address.
It WordCamp us, which for obvious reasons didn't occur this year. And so they've decided to take it online. And you can, if you like, join, I know that, Dan maybe, and maybe Leo is involved with this. I don't know. They're doing like a watch party, with a sort of social after the fact, a long
Leo Mindel: [00:41:32] time, Dan spent a long time current at the name and it's called steak of the word.
Nathan Wrigley: [00:41:37] That's it's good. I like it.
Leo Mindel: [00:41:40] I it's been led by some American, so I'm assuming it's going to be like a 48 pound thing on the grill.
Nathan Wrigley: [00:41:46] Okay. Okay. It's going to be in pounds, not grams. The, but the principle is he's going to do it. I'm guessing it's going to be in some way, prerecorded, I don't know whether it's going to be actually live or whatnot, but you can see on this page, wordpress.org forward slash news.
If I'll put the link in the show notes, don't worry about that. And, and this is what you can do. You can join and watch. However, if you want to have the opportunity to ask a question, it says down here, you can do that. The simple way to do that is to submit a video. I think they're asking for questions to, could've done that you could, Oh, is it gone?
yeah. 14th year, right? Yeah. Okay. Too late, if you didn't ask you a
Paul Lacey: [00:42:20] question on that, this service to the millions of viewers of this weekend,
Leo Mindel: [00:42:25] to the, to the, big orange heart stake of the word one, then we'll be more than welcome to have your questions or comments as we'll be running the work, the, the, a watch party.
and there's, as I say, there's a number of people doing it.
Nathan Wrigley: [00:42:37] So we'll give you a link. And then, so you're all watching it together, making comments, chatting and so on. And then after the fact, just a bit of a hangout and the idea is, obviously, maybe you cook something in this case, a steak or something, but just hanging out, right?
Yeah.
Leo Mindel: [00:42:54] there will be a link. I will, dig out the link and I'll send it to Nathan and thank you.
Nathan Wrigley: [00:42:59] Yeah. Yeah, that'd be fine. I will post it on the screen or at least read it out loud. Okay. So that's done. thank you.
Paul Lacey: [00:43:06] state of the word. first thing I'll just quickly mention is they don't have a uppercase w and P in their official graphic, so that's naughty.
Nathan Wrigley: [00:43:17] I want to zoom right in on that. Yeah. You're right. Paul Case spelling that.
Paul Lacey: [00:43:23] Yeah. But the, the thing about state of the word is it's a little bit like a trailer to a sequel of a film, last year this happened and this year this is going to happen. And so it's it's always like a great.
Slightly rose-tinted look on last year and next year. And then I don't know if you're on YouTube. You ever watched those, honest trailers of what if they really knew what it was going to happen, this is what the trailer would say, but I'm interested to see, I do think Matt does Matt Mullenweg does tackle tough questions when he's asked those questions.
And I think he deals with them really well. So I don't. I'm wondering how much he's going to address, these fundamental philosophical changes in WordPress. Like what Sabrina was talking about. I wonder if those will be addressed and. It's definitely one. I don't want to miss it's the highlights anyway.
Nathan Wrigley: [00:44:17] Yeah. So in WordCamp Europe last year, which Leo and I were at am Sabrina. You were there weren't you Sabrina, in Berlin, the, ma it doesn't really have anywhere to go. whoever manages to get to the microphone first, obviously it's not the state of the world. it's his address to the conference in that case, but he's a, he's got nowhere to go and there was some really peculiar.
questions. One, one chap stood up and gave him a grilling about the Invitae marketplace, which I think people in the end would asking him to just finish his question. Cause it sounded, it was very bizarre. Let's put it that way, but I'm in this case with the video submissions, you've got to wonder how easy it would be to avoid the difficult questions and only to surface the questions, which.
Directly linked to what you would wish to talk about, or perhaps ask question in such a way.
Leo Mindel: [00:45:04] this will end up naturally being sanitized, which you can't help, but think it will do because the questions will be asked in advance is true. may one, you could argue that when the one you were talking about Nathan, when we were in Berlin, it became very, it almost became quite personal.
Some of the questions. Yeah. yeah. And counterproductive.
Nathan Wrigley: [00:45:27] Yeah. That's a good point.
Paul Lacey: [00:45:30] Yeah. So
Leo Mindel: [00:45:30] I post it to Nathan. I posted you in the private chat. If you can just go into the, if you can post that out on the,
Nathan Wrigley: [00:45:37] yeah, I will do that. I'll try to put it in into a comment. for some reason my Mac just went select that link.
There we go. A copy of that. I'll tell you what I'll do that later. I'll put it into the Shannon as well. Still talking on the next one. I'll introduce the next one. And then I'll post it on the screen. Yemen. Okay, Okay. Stay with the word. Good job. The next one is a bit of a weird one and Leo and Sabrina.
You've got no insight into what's coming because this was an email thread that I had. And this is prompted by, a plugin which was on sale during black Friday. And. Obviously Sabrina is a plugin owner. no commercial, to that as yet, but, I'm interested this guy, I got into an email exchange with them because I was really interested in his pricing, So he has this plugin, he put it out on black Friday and he offered a lifetime deal. fairly ordinary stuff. Now, the tears were one site for, I think it was, let's say it was $49, three sites for $99. And then a hundred sites for, let's say it was 214. I can't remember the numbers, but the point was, it went from one to three to a hundred.
And I'm just curious. I was just thinking, what is that? Why would you price it like that? What would you buy if you have that? And basically if you doubled your money, you've got a hundred instead of three. What would you do, Paul, would you be suckered into that or would you be circumspect? Would you open your wallet for those extra 97 licenses that you may or may not use?
Paul Lacey: [00:47:08] yeah, probably I would go with it. just in case, I don't know if you mentioned it. It's grid builder, WP. Thank you. And I think the website is grid builder.com. Is it WP
Nathan Wrigley: [00:47:18] builder.com even though on the logo. It's the other way around it's group builder,
Paul Lacey: [00:47:23] like facet, WP search and filter pro it's similar to those kinds of plugins.
Yeah. yeah, I think what was interesting and probably what prompted you to speak to the chap at Greenville to WP about this was that we'd covered a few articles that on the weeks coming up to black Friday, one from pixel grade who, fundamentally against the concept of flash sales and that kind of stuff.
and for them, that was completely the right, the way to think about it. And then there was at the same time, obviously there was. hundreds of WordPress plugins and SAS apps and stuff, doing a lifetime deals for black Friday. And it was a kind of a, why do people do to lifetime deals on the black Friday?
Do you don't do it because everyone else does and they're pressured into it. And I think our assumption definitely mine was like, yeah, a lot of these companies are doing this because they're pressured into it because everyone else is doing it. But I think the answers that you got from the chat from grid builder, it showed a deeper reason and a really strong business case why you can do a lifetime deal and why it makes a lot of business sense if you're, if you've got a strategy behind it.
And I don't remember all the things Nathan that he said, but, he'd done the muffs. He'd done. the, he'd taken into account exposure for black Friday. He'd taken into account the typical types of customers that he will get on lifetime deal, and he'd completely done the maths and the result of it was, it totally works as a business point of view.
It definitely wasn't falling into the category of you will get completely overwhelmed with too many customers and you won't have any money for the next few years. And it worked for him completely. I'd
Leo Mindel: [00:49:07] say if you put it in the other way round and not look at the number of sites, but look at the type of people.
You've got a site owner, you've got somebody who builds a couple of sites and you've got a web development company. Yeah. It, I know. And I know what he's saying is I am slicing my clients according to that. And really what you don't want to be doing is saying, I'll pick my. Top 35 clients or my top 12, or that I might as well go for the whole lot.
And if I'm going to use it, I'm going to use it across everybody. Once you, I don't know if he had another terror above a hundred.
Nathan Wrigley: [00:49:47] No, but he does as a regular pricing. If you pay annually, he's got unlimited, which I think is limitless. there is no upper amount, but it was just really curious to me that I've never seen that pricing before.
I should also say that. I did ask him if we could talk about this and I could discuss the content of his email. So I'm not just discussing, if you send me an email, I won't talk about it on this site, in this forum. I did ask him, but just curious one, three and a hundred. Wow. Yeah, but
Leo Mindel: [00:50:15] it's almost that same argument when you have things like, unlimited, you have a ticket for the train, you get one journey, you get a weekend pass or you get an old or eat as much as you like.
And at a hundred, you're not quite giving them everything, but you're nearly there.
Nathan Wrigley: [00:50:32] Yeah. I'm curious. What do you think sold the most?
Leo Mindel: [00:50:39] I spent the hundred.
Nathan Wrigley: [00:50:40] it was, and it was not just a bit more it out outweighed all the other things combined. So the woman, the three, if you added up the number of times he sold those licenses equal less than the number of times a hundred licenses were sold, which was fascinating to me.
I've just opened up the Facebook comments in Facebook and it would appear that some of them aren't coming through, because I just saw a comment from Chris Hughes in Facebook itself saying that he, yeah. he had bought this, but I can't see it coming through on string. Not so either. I can't see it. No.
Yeah. So apologies if you've made a comment today and we've ignored it,
Leo Mindel: [00:51:17] be going through Google services.
Nathan Wrigley: [00:51:18] yeah. I bet it is. I'll bet. You're right. Some of them are coming through. We can see some,
Leo Mindel: [00:51:24] apparently you can run around now and break into anybody's house. Cause all their rings are broken.
Nathan Wrigley: [00:51:29] Yeah, that's true. Did you, I'm going to go totally off tangent, right? This is none of this is rehearse. We haven't mentioned the store. Have you heard about, Amazon's sidewalk project? Because Leo mentioned that if you have a, if you have an echo device, Oh, don't say the word. If you have a, an Amazon device that starts with an a, they're going to start by default using your Wi-Fi.
and share it in the neighborhood. So you can use your internet of things, devices in a much bigger area. And now why you would want to do this. I don't know. but it's just curious that Amazon have taken this step. They're basically piggybacking other people's internet connection to allow you to use your IOT devices in your neighborhood.
So you could, I don't know, on lock the door from the park or whatever it might be. very strange, but, apparently is really skilled.
Sabrina Zeidan: [00:52:20] It doesn't seem a real nice
Paul Lacey: [00:52:21] thing to do.
Nathan Wrigley: [00:52:22] Yeah. I listened to a podcast where a guy talks about it for about an hour, the security implications of it, and it's rock solid.
Apparently the security model is rock solid and the amount of data passing over the wire is. Tiny. So it's not like it's gonna eat up your, you're not sending video. it's not that kind of thing. It's just allowing you access to your internet of things. Devices anyway. Sorry. Totally off message.
Sidewalk is naughty. Yeah, go and listen. We are visually, we are vision this year. put a comment in and go and listen to the twit network. TW it this weekend TAC, they've got a podcast called security now. It's the latest one with Steve Gibson, episode number 700 and something. He explains it all and it's pretty good.
I like it. I don't have it. I won't use it, but okay. Next big piece of news. This is probably the biggest piece that we haven't managed to get to outside of WordPress core, male poets, which is a email. I'm going to say delivery service. It's not, is it? it's a service to construct email. And then I think you piggyback off something like Amazon SES or something to actually send the email it's been bought by woo commerce.
I don't know if anybody's got any thoughts on this. Is this a big thing or nothing don't know
Paul Lacey: [00:53:34] is this slightly misguided, which is understandable. but so there's a few things, first of all, just. Talking about the lifetime deal before Malpais has just been acquired by weave commerce as we've just said, but it also male poet was on a lifetime deal on AppSumo and might still be on a lifetime deal on up.
just a couple of weeks ago. And, I got that as well, and I'm really pleased with Valpo poet, but essentially what malware does do it does do. MailChimp type newsletters from within your WordPress, system, which a lot of people would immediately be thinking, Oh, that doesn't seem right, but that's not the true power of it.
And that's not why we're commerce. I bought it. One of the really super amazing things that it does do. Is, it does integrate directly with commerce. So you can have it automatically sending things like ban cart emails when people haven't finished on the checkout. For whatever reason, you can have things like if it's their first purchase, you can have it detect that it's their first purchase and send them a particular email about making another purchase straight after.
and there's also, and so there's also all sorts of automations directly related to e-commerce for instance, If you have purchased a product in this category in a week's time, send an email to that user say, Hey, you might also be interested in this. And I think that this makes total sense for WooCommerce to be buying a product like Malpass because it's fairly unique ish in the marketplace.
And if you look at were commerce, trying to compete with something like Shopify, I don't know if I'm, again, I'm ignorant. I feels like a lot this week, but I don't know if I'm. Shopify has something like this, or Shopify says integrate with your MailChimp or something like that. But this definitely feels like a very smart move by route commerce too, to be buying this.
Because if you look at the majority of people who set up an online store, They take the absolute lowest common denominator box, which is they get the score there and they put the products then, and then they start advertising it. The majority of independent online stores do not do things like personalization on the front end of their stores.
They're not doing this automation like this. They're not doing split testing. They're just putting it, they're putting their products out and then saying adverse to that. And to me, this is It means that, I don't know how this will, what this will mean for WooCommerce customers. They probably won't get it free, but it's going to be pushed a lot.
And I think that it will help people understand that there is a bit more to launching an online shop than just putting it there and then sending adverts and hoping for the best. So I think it's a really. Great feather in the cap for e-commerce in my opinion. Oh no, I love this tool as well. What was this?
Nathan Wrigley: [00:56:18] they basically buying the people here. If they didn't read the article too closely with it, they bought
Paul Lacey: [00:56:22] your team and the product from what I understand, also I think it does have. I don't think you hook it up to something like Amazon SES. I think you can, you want, but by default Malpais has its own sending serviced, which may be part of it might be using Amazon.
I don't know what it's using, but, one of the things we actually use it for is simply for transactional emails in general, and we, so we use it and we hardly use any of the settings, but for anyone who's serious about using woo commerce, This is the kind of thing that allows you to build those super amazing, email funnels straight from your WordPress integration, which is nice.
Do
Nathan Wrigley: [00:57:02] you know? Sorry, carry on. Sorry.
Leo Mindel: [00:57:05] I think that's a really, w Paul sums up very well. we've got to look at this since about the transactional emails and transactional means people that haven't. Necessarily completed a transaction and people who have completed a transaction and how you follow up.
If you look at how things happen in big commerce, for example, eBay, you'll just search through a few things. And about 14 minutes later, you'll get in your mouth. We found some things that looked like you were interested in them. just don't search for the wrong things on the wrong computer.
and, you will have all of this all the time. This is where. a product like male poet comes in very well. And as Paul said, we're not e-commerce is getting smarter. Not only do in terms of technology, I also mean that in terms of look and feel sending somebody that looks like a half baked email that comes out of the back of nothing, isn't the way to transact anymore.
People are expecting to see a proper transaction path. And this is where things like mail poet come out. plus they got the wonderful Laura. So you can on the marketing side
Paul Lacey: [00:58:11] follow up.
Nathan Wrigley: [00:58:12] Yeah, that's true. I'd forgotten that. Do you know if, Paul or anybody? Sorry. do you know if we've commerce or intending to rebrand it on the WooCommerce space?
Paul Lacey: [00:58:22] No, I don't. I don't know if anyone knows that. Yeah. I actually don't think that they will. although hang on a minute, didn't they. Recently, acquire that CRM, the no, be a CRM and they
Leo Mindel: [00:58:34] did
Paul Lacey: [00:58:36] so on that basis, maybe they might be maybe that will
Leo Mindel: [00:58:39] another interesting point there, Paul, bringing a CRM together with an email delivery
Nathan Wrigley: [00:58:48] is quite powerful.
Leo Mindel: [00:58:50] And also I don't, I, you said, I don't know, because I'm looked to see what mail poet use. But sending emails is not trivial. You need
Nathan Wrigley: [00:58:59] real
Leo Mindel: [00:59:00] SMTP sending services. I don't know if this is using something that power MTA or something like that behind the bar in the background, because you do need things like that to do multiple volumes.
Nathan Wrigley: [00:59:11] Will be interesting to see if this is a bolt on that you've got to pay for, or if it just gets consumed inside the word, the WooCommerce ecosystem and everybody just gets the benefit of it, benefits of it from now on. I don't know. And also Paul, last question about this one. do you know if the people who weren't lucky enough to step onto the lifetime deal, do you know if they.
Get grandfathered in or
Paul Lacey: [00:59:29] everyone's fine, basically. no difference. they've addressed that. And, it's lower Nelson who works with Mel poet who, if anyone, we probably all know Laura to some extent or another, cause she's very active in definitely in the UK. Word press community. And she used to work for an agency in Brighton and I think now she's moved to Melbourne and I did email her and she said she will come on the panel next year to, to come on this show.
So that'll be nice.
Nathan Wrigley: [00:59:57] Nice. That will be nice. Thank you for doing that, Paul. That'd be great. Okay, we'll get this full skinny at that point. So presumably she now works for automatic.
Paul Lacey: [01:00:05] Yeah. Interesting. Sabrina. Did you want to say something then you look like you going to say something. Yeah.
Sabrina Zeidan: [01:00:10] Thanks. I just wanted to mention the two. We were talking about these from WooCommerce and WooCommerce users, point of view, but also it's interesting to me to see how male poets as a plugin made their way from I'm a long-time user of male poets from, I don't know, five years ago. First time. And they started as a simple notification for newly posted, content on the website.
So you post a new blog post and they will send a notification to someone who subscribed. That was the main reason for them to start in the beginning. And then they leave it their way. To these transactional, it's not like long time feature having these transactional emails in WooCommerce, like quick, like newsletters, them edit and a bunch of other features.
But it's interesting how they, as a plugin yeah. Team like a product, they made their way to be like, useful for a big chunk of users that they don't have, at the moment. So they couldn't be reaching, lots of WooCommerce users half a year ago. But now they will have access to so many users, right?
Leo Mindel: [01:01:23] So
Nathan Wrigley: [01:01:23] many users, millions of users, max in the comments. Thank you for this. he says they're using the Gothenburg like builder. I presume to construct the actual email itself. And there is an assurance, as Paul said, that lifetime deal. We'll be honored and the pricing apparently is going to stay the same in the immediate future.
Okay. That's good to know. Thank you very much. And the other big news, which happened this week, possibly even more, more people affected by this one than the previous one is this piece of news now? let me just put it on the screen. We had, we had Matt Madeira Ross, and Amitai GATS on this news about, Oh, I dunno.
Probably about six months ago now, something like that. And Matt Madeira said to Amatiz who is from element or when is the cloud version coming out and, clearly, Amatiz was probably had his hands tied at that point was unable to answer the question, but here we are, we, the date has arrived element or the enormously successful page builder have moved well, not the entire product, but are hoping to.
Excuse me shift to proportion of their customers over to what I can only imagine will be a more profitable venture for them. It's called element or cloud. the page that we're [email protected] forward slash cloud. And it's a wait list at the moment, but basically you are going to have a cloud based version of elements or they say fully hosted by Elementor and they keep talking about the element or servers.
I'm assuming that's humbled. I, in fact, I think it's humbled by Google. So that would have been an interesting day. I think it was under budget. If anybody in the comments actually knows the skinny on that, please let me know. so basically I think it's $19 a month. Something like that. You get your WordPress, you get your element or pro license.
You get all of the elements or add ons, 20 gigabytes of storage, 50 gigabytes of bandwidth. It's exactly what you've seen elsewhere. But you've got elemental locked in and all the support and whatnot that comes with that, but who didn't see this coming and I'm sure we all did, but fascinating. I, at the moment, if you have one site on other mentor, what is that?
99 a year? Is it, is that the current pricing they have and on this model? Yeah. Is that right? And on this model, we can pull this off. You're looking at $240 a year. I don't know how many people will jump ship to this. How many people think this is of interest to them? Because obviously for a $19 price point, if you're into the WordPress community, you can get some cheap digital hosting, DigitalOcean hosting, something like that.
For far less money, you can pay for the license for elements, or you can do all this yourself for less money. I'm assuming this is a total stab at the Wix and Squarespace market. I'm guessing that's what they're trying to do.
Paul Lacey: [01:04:01] one comment I'd like to say elements are consistent in producing the best graphics on the web pages that we tend to ever see.
But if we scroll to the top, I feel they've dropped the game a little bit on this one. And the best they could come up with was a dough with some clouds coming out of it. And I feel like that's not up to standard. Apologies. If you are the designer of this page and that affirms you. but I've seen a bit better, although I don't know it does do the job, but the onto a serious note.
I actually, this is not what I expected elemental cloud to be at all. I fought, I thought to be honest, I thought an a mentor would, I don't, if they already did, acquire an SEO plugin, perhaps acquire and make a few of acquisitions and then make a completely closed controlled area. Along the lines of Wix and Squarespace and actually what this is it's definitely marketed as a cloud solution.
So it's marketed in competition to Wix and Squarespace. But actually this is, to me, some people might disagree to say, no, a few people do disagree with me about this. To me, this is a bit more WP M use hosting solution where you buy hosting and it comes pre-installed with a bunch of plugins and it's optimized in that direction because this appears to be, just WordPress pre-installed with Ella mentor, the licenses come with it.
So there's obviously like a. I must use plugin that sorting out the, the licenses there's a few plugin restrictions that you can't use, which is the same as any managed WordPress host. And basically apart from that, though, you can do whatever you want. You can install the plugins that you want.
You can edit the code, you can do anything. So this is not what I expected. I really fought elemental. We're going to have a closed off thing that Matt Mullenweg would be really worried about because it's you can't get in there. You can't get to the code. But they've not done that. So I wonder if this is, I wonder if they've decided that doesn't matter to them actually, what matters to them is that it looks like it's a Wix alternative.
It is a Wix alternative, but it's easier to onboard than any other WordPress solution that you can buy from a host. And I think maybe they've gone in that direction. I may have misunderstood what they're doing here, but it's not what I thought a lot of people are going to buy this though.
Nathan Wrigley: [01:06:24] Sabrina. I'm
Sabrina Zeidan: [01:06:25] sorry.
I just wanted to say at the time, cause I'd have to see how it will look like inside
Nathan Wrigley: [01:06:28] as well. You can actually get a glimpse of that, in that they've Dutch board. So the bit where you interact with the websites. not the website, I guess it looks like elemental on the inside, but there are on the screen now is element or.com forward slash helpful slash cloud.
this is how I came about knowing about this. it came haptics. Oh, can you not see, I'm sorry, I'm just showing us a link across the bottom.
Leo Mindel: [01:06:55] Yeah, it's a link.

so my take of this is that the, like anything, the industry moves, we change, what is the, front of where we're, where we're actually having differences at the time.
and I think it's quite an interesting way to go. I expect, I think this is just another nail. In the coffin of those that think that they can host their own stuff on their own servers. because that's just another one of like our, but you've got to host it with me because I've got I'm, I've installed Elementor for you or I've installed this and I'm sure it'd be the same with Devi.
I'm sure it'd be the same would be for builder that they will go around and people go, I don't care anymore because I'm not you're this no nine pounds 99 or one pound 99. WordPress hosting. He's the bit that actually in my own experience or I'm fail is the bit of the industry that needs to slowly move away so that people value what they're actually delivering and deliver it on high quality, infrastructure with the right support levels.
And I'm sure people, I've just gone and reduced my Christmas card intake by about 50% there. My feeling.
Nathan Wrigley: [01:08:10] Down from two way. Oh
Leo Mindel: [01:08:12] yeah. Yeah. I was already off yours. I
Nathan Wrigley: [01:08:16] spied in the docks and I can't now find it, but there's some restrictions. There's the usual one. You can imagine the competitive restrictions.
You're not allowed to install. There's a slew of rival WordPress page builders. So Beaver builder is not allowed element or is allowed obviously, Devi I think, was in the list. Oxygen was in the list, all the other ones that you'd imagine breezy and so on. And then there were a bunch of things that a bunch of normal products, I think like the site ground caching plugin, for some reason it was disallowed.
But, yeah, here it is
Leo Mindel: [01:08:47] fascinating. The next thing that will come out of it, there's, maybe they'll do a deal with another company in the same country, who builds, static websites that are literally just five minutes away from elemental and stuff.
Nathan Wrigley: [01:08:58] yeah. I'm sure you're not wrong,
Leo Mindel: [01:09:01] but yeah, the things that you've talked about there sites like flat site and static, and you can work out what your honor meant in there and do not want you to install certain plugins because they take
Paul Lacey: [01:09:13] control of all of that.
Nathan Wrigley: [01:09:15] Yeah. Yeah. Good point. And obviously if you're on the elemental cloud, they don't want you to experimenting with another page builder. So the price point, I think, yeah, go and have a look. It's 19 bucks. I think it was there's the page cloud elemental.com forward slash cloud. Yeah.
Paul Lacey: [01:09:30] Where is the price?
Because I think the price, like we saw the price in, we in the Facebook group, because someone had a screenshot of the landing page. Yeah, when there was a price, assuming they didn't just Photoshop that just for a joke, but the price doesn't seem to be there anymore.
Nathan Wrigley: [01:09:44] the, the, what, all I can say is last time I looked at the docs, there was lots less of them.
Now there's way more documentation. So it looks like it's a bit of a moving target and maybe they've taken down the pricing, so that, they can adapt it. maybe they've had some pushback and they're gonna lower it. Maybe they're going to make it higher. I don't know if 19 seems like the industry standard though.
Doesn't it for one site on a cloud platform. That seems to be that
Paul Lacey: [01:10:04] let's say if you re, if you took away wordpress.org, as an, as a concept, It just didn't exist, and you could only have hosted solutions. I'd go with this one. Do you know what I mean? This is because it would, because you can do all the things you can do with it, WordPress, but it's just pre hosted.
I would definitely choose this over Wix or something else. I think that some people will run into some trouble. we have some technical stuff, but if they're smart about this, they can lock down a lot of things for the default user and have everything turned off, turn off. By default and then you turn it back on.
but to be honest, anyone who I know who's used Wix and Squarespace and is a DIY they've run into a million problems as well. So I think, yeah. This seems like a good solution. I've also changed my mind on the image. Now. I think it's an awesome image and Welton to the designer.
Nathan Wrigley: [01:10:51] Is that because, I quite liked the other elements or image. Yeah.
Paul Lacey: [01:10:57] Agreed. Yeah. We've we are visual and also I was harsh on the image. I was just kidding.
Nathan Wrigley: [01:11:04] I like it. Anyway. Good luck to them.
Sabrina Zeidan: [01:11:08] I just wanted to mention that this all is coming from the person who .
Paul Lacey: [01:11:13] Yeah. Oh, yes. Yeah. So what I mean is, we've without a wordpress.org BeaverBuilder couldn't exist. So yeah, so I would have to use.
Elemental or Squarespace and definitely all Gary of elemental and that on that basis. No doubt about it, but thankfully wordpress.org exists and Beaver builder exists and I'm sticking with those.

Nathan Wrigley: [01:11:35] There's one more article that what I mentioned before we finished, but I'm not going to dwell on it for too long.
I'm just going to put it on the screen quickly and say, go and explore it for yourself. it's Sarah Gooding talking about WordPress community team discussing a return to in-person events. It just seems just right when this article came out, which was the 3rd of December, it felt like the curve was going in that direction.
I don't know what it's like, where you live, but it seems over the last 10 days since this article was initially published with, It's probably gone in the opposite direction. It feels like at the moment, but
Leo Mindel: [01:12:04] it, from my perspective, this is just crystal ball gazing. Although I think we have to be mindful that we will be going back and there and we do need to put together ideas and thoughts of what that's going to mean.
Nathan Wrigley: [01:12:19] But I think
Leo Mindel: [01:12:20] timing and areas is just so difficult. this is just not something that I think I'm just not even sure why this is. Part of the WordPress community team. Maybe someone else can tell me off for that.
Nathan Wrigley: [01:12:32] No. Nope. I guess like you said, crystal ball gazing somebody in this case, they were good in desiring, just publishing about the fact that the team would like to plan for it.
And I guess that's true, isn't it? Because the lead time on a word camp, let's say WordCamp Europe is massive. And, we're going to be at least another year away from that. And if we don't start planning for it as if it's going to really happen, Then it'll be two years because the planning work have started and all the Pete contributing team.
And what have you worked jumped on board anyway. Interesting piece. Go and check that out. I realized that we've totally run over time as we always did we one hour, 20 minutes instead of one hour, all I can say is thank you for those people who. Attended life. Thank you very much. If you want to watch this, you can go and find it [email protected].
there'll be a link in the main navigation at top. Go to archives. And then it's this week in WordPress. I think it is. I can't exactly remember, but we'll get you ping me somewhere on Twitter or something. I'll let you know. So deepest, thanks to Leo Mendell, the person. Thanks to Sabrina's done. And the Chris, thanks to Paul Lacey.
I really appreciate having you around. If you guys want to stick around. With me for a couple of minutes, we'll have a quick debrief. See how it all went from your perspective, but for the rest of you, who made comments? I appreciate your attendance. Thanks very much. Everybody have a good weekend.
Paul Lacey: [01:13:47] Bye-bye.