The WordPress news from the last week which commenced Monday 20th March 2023
Another week, and we’re bringing you the latest WordPress news from the last seven days, including…
- Should AI code generators be allowed to submit code into WordPress plugins?
- WordPress has launched its 20th anniversary sway.
- If you’re an experienced WordCamp speaker and think that you could mentor a speaker at WordCamp Europe, there’s a program for that.
- Is it okay for WordPress products to make it hard to cancel your subscription?
- If you’re a developer, then the new WordPress Developer Blog is for you.
- There’s a really critical vulnerability in the WooCommerce Payments Plugins, you need to update ASAP.
- What does the oldest song in the world sound like? You can find out this week…
Another week, and we’re bringing you the latest WordPress news from the last seven days, including…
This Week in WordPress #246 – “Where did the 4th guest go?”
With Nathan Wrigley, Mark Westguard and Rob Cairns.
Recorded on Monday 27th March 2023.
If you ever want to join us live you can do that every Monday at 2pm UK time on the WP Builds LIVE page.
Plugins / Themes / Blocks
Not WordPress, but useful anyway…
The WP Builds podcast is brought to you this week by…
Omnisend is the top-rated email and SMS marketing platform for WordPress. More than a hundred thousand merchants use Omnisend every day to grow their audience and sales. Ready to start building campaigns that really sell? Find out more at www.omnisend.com
The home of Managed WordPress hosting that includes free domain, SSL, and 24/7 support. Bundle that with the Hub by GoDaddy Pro to unlock more free benefits to manage multiple sites in one place, invoice clients, and get 30% off new purchases! Find out more at go.me/wpbuilds.
It’s like Black Friday, but everyday of the year! Search and Filter WordPress Deals! Check out the deals now…
Transcript (if available)
These transcripts are created using software, so apologies if there are errors in them.
[00:00:00] Nathan Wrigley: It's time for this week in WordPress, episode number 246 entitle. Where did the fourth guest go? It was recorded on Monday, the 27th of March, 2023. My name's Nathan Wrigley, and I'll be joined this week by two fine guests. I'm joined by Mark West Guard and Rob CAIRs. It's a WordPress podcast, so that's what we talk about.
Mostly WordPress, but quite a lot of AI as well. First off, we talk about the use of code generators and whether or not that is going to be allowed in WordPress plugins. Long story short, it probably is. We also talk about some swag that you can get for WordPress's 20th anniversary. And a little icon wampoo maker that you can use thanks to a project started at cloudfest.
Word Camp Europe are looking for people to mentor speakers. If you've done speaking in the past and you think you could help people who need that help, there's a page for that. What's the problem with awesome motive? This was the article name that was produced this week by Matt Madeiros, and we talk about how that whole controversy got started.
The FTC in North America, they would like to ban the ability for any online product maker to make it difficult for you to opt out of a subscription. How will that affect WordPress? There is a new developer blog. We talk about that. We also talk about the Give hackathon, which Stellar WP are running, and how if you're a nonprofit organization, you can get involved in that.
We spend a bit of time talking about WP Turbo and the fact that those snippets can now be downloaded by inexperienced WordPress users as a plugin. Woo Commerce had a very nasty critical vulnerability affecting over half a million users this week. The long story short, there is you need to make sure that your Woo Commerce payments plugin is updated, and we also talk extensively about AI and three and a half thousand year old songs.
It's all coming up next on this week in WordPress.
This episode of the WP Builds podcast is brought to you by GoDaddy Pro, the home of manage WordPress hosting that includes free domain SSL and 24 7 support. Bundle that with The Hub by GoDaddy Pro to unlock more free benefits to manage multiple sites in one place, invoice clients and get 30% off new purchases. Find out more at go.me/WPBuilds.
Hello? Hello. Good morning. Good afternoon, good evening. Yeah. Any other good? That you can think of. There's that as well. Good today. There you go. And yeah, you're on episode number 246 of this week in WordPress by WP Builds.
I'll tell you what, before we introduce the guests, it would be really nice if we gathered a big audience around the campfire, join us around the campfire of WordPress, if you like . And and the only way you're gonna do that is by hollering to people that you know, and I've got a suggestion.
Why don't you go to WP Builds.com/live, copy that url. You know that thing at the top of the browser, which always changes when you go to a different webpages. Go and copy that URL and then stick it in a social network platform like Twitter or something like that, and see if you can persuade people to join us.
We'd really. Really like that. The more comments, the better. Just a thing about that, if you're joining us and you are on WP Builds.com/live, if you're on that page, then you need to be logged into a Google account because the comments come via YouTube. But if you are on Facebook you're in our Facebook group or something like that, then there's a little extra step you've gotta go to chat.restream.io/fb chat.re, restream io slash fb and give your permission.
Otherwise, you'll just come through as an anonymous avatar, which is fine. If you want to be anonymous, that's totally fine. But joining us today, two fine people. Maybe a third. We don't know , not sure in the advertising that went out for this. We do have somebody else who we are expecting to come, but they haven't managed to make it yet.
So fingers crossed that all is well with them. If they don't show up, we'll carry on with the three of us, but I'm joined by Rob Cairns. How are you doing,
[00:04:35] Rob Cairns: Rob? Doing well, Nathan, how are
[00:04:37] Nathan Wrigley: you? Yeah, really good. You're in you're in Toronto, sunny Toronto, Chile, Toronto. What's it like there?
[00:04:44] Rob Cairns: Two degrees Celsius, cloudy and rainy.
[00:04:49] Nathan Wrigley: the perfect pithy comment about the weather. We haven't got any comment from Pete Inusal yet. Maybe he's not joining us today, but usually by now we've got a comment about the weather. But Rob is . Rob's had his comment, his little show notes intro, his bio has been hijacked this week and it said, Rob is not an AI bot. I is the real Rob. Rob is the c e o founder and chief creator of amazing ideas that stunning digital marketing. He's the co moderator of the WordPress global community on LinkedIn. And in his spare time, he loves sport technology and traveling, watching sport or play in sport
[00:05:28] Rob Cairns: watching sports.
Yeah, so basketball f. Formula One for, oh believe it or not, professional cycling, baseball, hockey,
[00:05:38] Nathan Wrigley: any sport. If it involves the word sport, then it's for you. That's, yeah, that's right. That's cool. I used to be a massive Formula One fan. Like I, I went to quite a few of them and really into it, and that was in the days of Alan Prost and it and Center and that great rivalry.
And then some reason the sort of introduction of the technology in it at that point, it became so predictable. For me that I lost interest and I never went back. So I never managed to figure out whether they, the technology was overcome by rules and it became interesting again. What, obviously you like it.
[00:06:16] Rob Cairns: still like the technology. I think it's a better sport on TV because of the incar cameras and things like that. But I do go to the races. We have an indie race in Toronto every year, which is not formula mil, which I go to. It's about the experience going. Yeah. And what I'll tell you is anybody who's watched Formula E, which is EV vehicles, it's just awful
[00:06:40] Nathan Wrigley: because it's so weird cuz it's just silent.
Just Yeah. Whereas the the Formula One, if you've been to a Formula One race, not only is it definitely loud, it also stinks because of the petroleum being burnt off at the rate that it's being burnt off. But also you basically do this. Yeah. You don't actually see anything. It's just going 150, 80 miles an hour.
Anyway, sorry, we're not here to talk about that. We're here to talk about other things, but a pleasure to have you with us, Rob, once again. Great to be, thank you. And we're joined by Mark, west Guard from WS Forum. How are you doing, mark? I'm doing good. How are you? Yeah, I'm good. Tell us actually about the weather way you are.
Cuz it's quite fruity today, isn't it? ?
[00:07:26] Mark Westguard: It's terrible today. , yeah, we sadly had some very bad tornadoes go past just the west of us and we fared better, but yeah, very wet and windy and branches and debris everywhere. So
[00:07:41] Nathan Wrigley: it's been actually made the news over in the uk the weather where you are, I dunno if it's made it to everybody else, but just to show what a bit of a luxury can be.
A few. To the left or to the right and life could have been a very different
[00:07:53] Mark Westguard: experience. Yeah. It's like these tornadoes are like a laser pointer. They just scar through. Through the the neighborhood. Yeah we are lucky. Yeah. It went on hours last night, so
[00:08:08] Nathan Wrigley: I'm glad that you Yeah.
Glad you got through. And also that you still got the power with you. Yes. Yeah. Cause yeah, all of our lives come to an end if the electricity goes off, don't they? Marcus, the founder at WS four, we'll talk about them in a minute. It's a powerful form builder plugin for WordPress. Check out the recent WP Builds demo episode.
Oh, thank you, mark. Check out the recent WP Builds demo episode about WP Form, and you can get 20% off. I'll show you that in a minute. Actually, we're gonna talk about that in just a moment. But yeah, thank you for joining us today as well. We've got word pressy stuff all the way down, including some WordPress dramas that have been happening during the course of this week.
, this is the website and in fact, although we won't get to it right now, on the right at the front there, you can see. If you click on this image, there's Mark's face once again. It's all about Mark, isn't it? Rob ? Just there is, honestly, it's Mark all the way down. It's taken over. Yeah, exactly. Yeah.
Luckily though, I have the power button. Look, I can, oh, it's not about Mark anymore. Like he's got Oh, brought him back. For those listening, I just took him off the screen. If you go to WP Builds.com right on the front is the demo you can find of Mark's plugin he did with me. And actually, it spawned another idea, isn't it?
In the near future, we're gonna do like a 4, 5, 6 part. Haven't quite settled it down yet. We're gonna do a full deep dive on what your pluggin can do over many weeks, aren't we? Yeah. Yeah. I'm looking forward to that. Yeah, that would good. Okay, so that's our website. We're sponsored by GoDaddy. So applause and thanks to them.
Really appreciate their support of the podcast. If you're into what we do, then click on this little subscribe button here. Put your email address in and we'll send you a couple of emails a week telling you when we got new content. Let's get stuck into it, shall we? So this is the first thing. We don't normally get to the GP t stuff, the AI based stuff until the end.
But here we are. It actually collides with WordPress this week because over the last few months, more and more people seem to have been creating, not just chat and pictures and all of that fun stuff, but they're actually starting to create computer code usable. Computer code. And so people for example, like me, who really don't have any business creating plugins, I genuinely could create a plugin.
But it brings up the question a, am I really the right person to do that? Can I, in all good conscience, look at the code that chat g p t has created, or whatever AI program has created it. Can I, in all good conscience look at it and say, this is actually deployable, this is safe. This is something that people could put on their websites and hand on heart.
For me, the answer is no. If I ever produce a plugin, don't install it. Frankly, it will be harmful and probably be the end of your WordPress career. But there are people who've been doing this, and Mika Epstein has got an article this week on the mate dot WordPress website, and it's called Use of Code Generators Must Remain GPL Compatible.
And so the position it appears in the WordPress community at least, is this, it's not against the rules. You can do this, but you must be responsible for what you put out there. Now, obviously the team that review plugins, they're going to hopefully catch all of the bits and pieces that your plugin you, your, let's say you've got something that's insecure in there.
You haven't done something correctly. Let's hope the team will pick that up. But do they really wanna be using up their time, looking at thousands and thousands of AI generated pieces of code, finding that there's a problem with them, then sending back to the author who still really doesn't know how to fix that?
So there's one question there, but also the question of, if, let's say, mark, in your case, you've spent a lot of time creating your plugin, it's G P L, right? We get that. But if some plugin slips through the net with aspects that were taken from your plugin, what are your thoughts on that? .
[00:12:02] Mark Westguard: It's gpl, so they're allowed to do that.
So if they find that there's some code within my plugin that they want to use in theirs, they can, I think there's a moral aspect to it. We have had in the past some other people completely copy sections of our code and the even the way it functions, which is annoying, but at the end of the day, it is gpl.
I think, the plugin review team, they're a wonderful team. I've worked with them on security reviews and all kinds of stuff, and they don't have time to go through reams and reams of code. They have tools that they use to go through, pass it, make sure there's, any glaring security errors with it.
Sometimes obviously they'll look through it in more detail. But I think with anything AI related right now, you've gotta take it with a pinch of salt. You've gotta. Maybe use it, but you've got to appreciate the code and understand the code and make sure it's correct before you put it in there cuz who knows what's gonna come down.
Code wise even like the image generation like Dolly which is part of the open a AI api, I was doing some searches on that the other day and I was just getting completely random images back that were com not related to what I was typing in. So that could very well happen with code, right?
And I, I've done some code generation stuff with open ai and there can be artifacts in there that shouldn't be there. So yeah, I think you've gotta be careful about the code that you're putting up. And I think they're right. You've gotta be responsible for where the source of the source code is in your plugin from anywhere.
It doesn't matter whether it's AI or whether you copied it from somewhere else. You've gotta make sure that what. submitting to the plugin repo is open source is gpl and that you're allowed to use it. Now, yeah, obviously with open ai that's open to discussion. Cause no one knows where that's coming from.
There's no source or anything. It's, supposedly completely we're not random, but generated without need for source. But
[00:14:09] Nathan Wrigley: yeah. The GPL does, it really asks you to abide by, and I forgot the word before we started the show, and I've forgotten the word now, where you have to honor, you have to mention out loud who Yeah.
At attribution. That's the word I'm after. Yeah. Yeah. And so I guess there's that problem. You may mistakenly fall into the trap of not attributing. Which needed to be attributed because it's GPL code and that's, they're the rules that you're playing by. So there's that. And I don't know if that's a, if that's an offense, which means that whatever plugin you put in the repo, for example, if that would make it something which would be taken down until you mended that.
But also just the idea that potentially we're gonna swamp the plugin team. Little plugins that want to go onto the repo. , where the authors are not really familiar with what the WP coding standards are. They've just asked a, an AI to create a WordPress plugin. They've seek, sought some guidance about how to get that on the WordPress repo.
So they've submitted it in the regular way, but then, somebody has to go through that with a fine tooth comb, make sure it's all legit, and that is potentially a real problem. That team could get very swamped. Rob, any thoughts? ,
[00:15:22] Rob Cairns: my biggest concern with AI generated plugins is the security and the code for those plugins.
So I find that I'm not a coder anymore. I don't want to be. So I lead that to guys like Mark and his bots because they do a better job and I'll ever do. But the reality of it is the AI generates pretty basic code and we know about vulnerabilities and any of the experiments I've run the code seems weak from a security perspective.
So , that's where I sit and I sit there because one of the big parts of my business is I lock down Insecure website. So this really, from a customer support perspective concerns me in a great way. So that's my position. .
[00:16:09] Mark Westguard: Yeah. The code that I've had come back with some of the stuff I've done has definitely not been secure.
There, there's no. Filtering of codes, sanitizing of any inputs. It will literally just if you ask it, give me a value from the query string in a web address, it will literally get it. It won't check it, it won't, pass it to make sure it's secure. And that's good. Like we're saying, that's gonna be put more work on the plug-in review team, cuz they're gonna have to say, look, this isn't secure, go back and do it again.
But if someone has just generated it from AI and doesn't really understand the. , it's not gonna get anybody anywhere.
[00:16:46] Nathan Wrigley: So yeah. And it's, it is an unexpected consequence of things like the ability to create plug-ins quickly is that no, nobody, a couple of years ago thought maybe the little team that we've got of humans can cope with the amount of humans creating plug-ins. We've got that balance about right. , sure enough, there's always a delay, but if you then 10 x that amount because somebody creates a script which can not only create the plugin but package it up and, for send it off to the WordPress repo on your behalf it's a bit of a problem and nobody really saw that coming.
So I guess. . We'll have to see how that goes. There was another article, by the way, which I just thought was worth mentioning in the context of this. So the first one I should just illustrate again, just for reference, that was called Use of Code Generators must Remain GPL compatible. And that was Mika Epstein on make.wordpress.org.
Sarah Gooding had a slightly longer post. She referenced the Mika Epstein Post quite a lot. And she goes into a bit more detail about some developers who've actually tried this. Obviously you've heard now from Mark. Given that a go. But so there's different horses in the race as well now because during the course of the last week or so, chat, G p t now has a new little brother it feels like called Bard.
, Bard is Google's variant. And it appears that anybody who's trial or certainly in this article, the people who tried having success creating plugins with Bard it had been less successful. But we'll just have to see, really just have to see how this goes. So again, it's not against the rules.
You're allowed to do this, but I guess maybe we need some guardrails on what the standards are, how we go submitting things, not Deluging, the plugin review team, and so on and so forth. Yeah.
[00:18:36] Mark Westguard: I think the Plugin Review team have already provided all of these guidelines. They tell you what needs to happen with these plugins.
So I guess it's just a case of whether or not people are using ai. Reviewing the code that they're submitting, or if they're just literally submitting this code, that would be a real
[00:18:53] Nathan Wrigley: problem. . Yeah. And that's I think probably what will happen. It's the reason we need captures. , because people created bots just to fill in.
Mark, just so that they can fill in forms. N nobody in the beginning of the internet thought, okay, so we'll put a form online, but in the future they'll be robots, which you'll just maliciously go around filling 'em up. Yeah. It's just what happened. Yeah. And I feel this might happen.
Somebody will figure out a way to just create a thousand plug-ins a day. And what do you micro plugins. So it was all, do you do call? What do you do with that? Yeah, exactly. Yeah. So the second piece, On the tavern. This was Sarah Gooding. She wrote on the 23rd of March, it was called Navigating the New Era of AI Assisted Co-Generation in WordPress.
So go and take a little bit a look at that. I'll give you some more context. Hello to a few people who've tuned in. Really appreciate it. Peter joined us right at the start. She said hi. And then coming back from three weeks between London and Copenhagen, where yesterday had zero degrees in rain. , I love this weather thing.
This pm and am in Valencia with blazing sunlight. Oh, a lovely sea breeze in 23 degrees. And then we're joined by aif. Hello. He says he's joining us for the first time. It looks like we popped up. YouTube's algorithm has given us a new viewer, so that's really nice. He's in cold London by the looks of it.
And he's been trying out Bard. He said he tried, he got access to Bard this week. No, literally today in fact. And he's having very mixed results, but you should really know what the code you generate does and more how to troubleshoot if it breaks. Yes, exactly that. Exactly that point. Yeah.
Which is why I shouldn't be trusted anywhere near it . But somebody like Mark should , but also why it's a problem cuz the te the theme, sorry, the plugin review team don't know whether you've got that before you submit it. Yeah. Their life easier. Exactly. Courtney's joining us. Hi Courtney. She's been to Word Camp Phoenix.
I confessed the social media. That I saw on World Camp Phoenix. There was a lot of that actually. , there was loads and loads of nice pictures, so I'm hope you had a nice time there. Learned a lot and so on. That's really great. What, so she written, I wonder if WP Cody might have solutions in place to ensure G P L and standards as well.
So this is Courtney making a comment about a plugin by Avik. And he's got this thing called WP Cody, which essentially is your WordPress chat. G P t. You ask it in English. I believe it's English only. I could be wrong about that. And it tries to create a plugin for you, presumably based on chat G P T or some equivalent technology.
And I don't know, that's a really interesting point. It would be really, it'd be really interesting if it came along with some guidelines about how it was complying with various standards. That's, yeah. Absolutely fascinating. And Max is joining us. Hi Max. Nice to have you with us. , and one again from Atif, he says, I agree with Mark that care needs to be taken.
I have u I used to help speed up some proce. Oh, I used it to help speed up some processes, but need to check over the code, especially sanitizing it and so on. Yeah. , interesting point. Yeah. Okay. All right. So there's the beginnings of the AI piece, but not quite because I don't know anything about this mark through this in our direction.
What is this Mark? This is, I'll just read the URL out. It's platform.openai.com. What is it? It, so
[00:22:17] Mark Westguard: OpenAI right now, which is, what Powers Chat, G p T that data is limited up to a certain point in time. So I think one of them was like up to September, 2021 or. . So one of the issues they've got with it is that data's just not real time.
It's up to a certain point and then they stop it and then you then query that. So this basically enables you to create plugins for OpenAI. It's on a limited alpha right now, so you can sign up and join the wait list to actually be able to develop for this, but it's gonna enable when you do a search and check G P T for it to pull back real time.
So if you wanted to search for, okay, what were the sports scores last week? It'll be able to go off and get that data and basically make this more of a realtime thing. It's a bit like when Google all of a sudden became realtime. You had realtime news coming into your feeds. So this is, it's interesting I found it at the weekend.
I don't know how long it's been available for, but I just discovered it. I actually signed up for the wait list cause I thought it would be interesting. One of the things I thought might be interesting to do with this would be to maybe query some open APIs that are out there and make those part of chat g p t.
So this, yeah, just a new thing. You can see a few. Use cases there. So put in sports scores, stock prices, latest news booking a flight, ordering food. So this could really open up the floodgates with chat. G
[00:23:49] Nathan Wrigley: p t, Rob was all in on sports scores. All that was it. That was all it took. I'm deep in
I I was listening to a podcast before this began and it's it's by a comp they were featuring. It was, it's like a news, a tech news podcast, and they were featuring a company called Radio g p t, that might not be the name of the company, but that was the product on offer. And they are using something like this already because they had an AI-based radio station.
So you were just, it was audio. The voices sounded a little teeny, tiny bit synthetic, but that, not really tremendously bad, but they were doing things like handing over to the weather present. Who would read out the weather in your local area. And the idea is they would syndicate this weather to all the stations throughout the world.
They can then sack everybody, which is of course great. That's a really good outcome. And and then you get this slightly robotic radio station to listen to. Seems like it's all a win. But that's a real implementation of this, isn't it? You mentioned weather forecasting and things like that.
Presumably they were getting the data somewhere reasonably recently up until now. What has it gone up to, like 2021 or something?
[00:25:02] Mark Westguard: I think so, yeah. I, and I know, I'm not sure with G P T four, how recent that is. But
[00:25:10] Nathan Wrigley: That's till 2020 sometime in 2020. .
[00:25:13] Mark Westguard: Okay. Still 2021. Yeah. . Yeah, so this will be interesting to see how this goes.
And then, see
[00:25:21] Nathan Wrigley: what comes of it. Thank you for your ongoing comments. Appreciate that. WP. Cody, just to clarify, max said is based on G P T three in brackets Da Vinci. , it was switched over to G P T Turbo 3.5. Okay. Yeah. Thank you for that. And he also says chat G P T plugins is a game changer as it essentially, as it is essentially an app store by open ai, it as an AI with different endpoints, the query end points will be the most used, allowing adding any documentation.
Honestly, I feel. , I feel I'm no longer needed. I'm just gonna sink into oblivion. Get the radio g p t show going.
[00:26:04] Mark Westguard: No, please stay. We want you instead. .
[00:26:07] Nathan Wrigley: Yeah, I'm not sure about that. You say that and yet you took a cardboard cut out of my face, to Asia. Yeah, it's AI gone crazy, isn't it? I've still got it over here.
I might go and get it in a minute. That'll be funny.
[00:26:21] Rob Cairns: Ok. Andrew wrote my bio too. ,
[00:26:25] Nathan Wrigley: that's, it's all about Mark. Okay. If you like WordPress swag and who doesn't, it's a frivolous, but fond bit of the community, right? When we attend Word camps and all of that kind of stuff, you may not really, from an environmental p point of view, want the T-shirt, but there's a bit of you that wants the t-shirt anyway because it's just a nice thing to have, pick up all the mugs and all of those kind of things.
The Mercantile, which I confess, I didn't know this had previously existed. Apparently it was going as an official WordPress merchandise store a little while ago, and then it stopped and now it's been resurrected. The Mercantile is offering official WordPress swag around, especially in the run up to the 20th anniversary.
Of WordPress. The cost of the items is not that steep to be perfectly honest. You can see things on the screen here, but it's things like t-shirts for 18 bucks hoodies and what have you. The other alternative is to go and find a, an AI based printing company and drop your sticker logo in.
But here we are in all seriousness, you can get all your stuff. It's just mercantile.wordpress.org. I dunno if I'll be buying any of this kind of stuff, but I do enjoy showing up to Word camps and seeing everybody in all their swag. It's like a, a nice thing and slightly in.
In the same ballpark. This is fun. The guy, quite a few of the the experience coders I dunno who the team was that got involved in this, but apparently last time at cloudfest they started off this project and they completed it during a hackathon session at this project. This is the wpa Gotcha.
It's hard to say. The WPA Gache project where if, there's this mascot for WordPress and he's called Wpu and I don't even know what kind of creature he is. He's like an armadillo, meets a stokes, meets a squirrel or something. And he's typically curled around a WordPress logo and now you can make your own.
They built a web , which allows you to make your own. So a little bit of fun. I dunno if either of you have got anything about the mercent. and the wci. If not, I
[00:28:40] Mark Westguard: like the mercantile site. It's nice, isn't it? Yeah. I like the coders, poetry, tshirt. I might get one of those. And yeah the Wpu GCI and whatever it is.
It's funny, I was actually building one of those myself. what? I
[00:28:55] Nathan Wrigley: forgot to Jamaica. Yeah. You are joking. Literally
[00:28:59] Mark Westguard: that, yeah. And it was had like a color selector and stuff like that. I just never got round to finishing it. I just thought it'd be a fun thing to do, . But yeah. I'm glad they got
[00:29:08] Nathan Wrigley: it done.
Think that's real. Beat you to the punch. Rob, it's not all about Mark, no, it's just cool. There are, there's some other things. Yeah. So yeah, you can go to the it's mercantile.wordpress.org and a whole load of different things you can get there. And wgo is wgo.com and this is the Hello World article.
But yeah, it explains how the people sat down and just created a fun little project whilst they. Speaking of events and all that kind of stuff, an important moment, and I don't know if this is a new thing or if this has been going for ages, but I don't honestly remember seeing something like this before.
This is Word Camp Europe 2023, which is not that far away. Now there's a call for mentors now. Usually we're familiar with Call for sponsors, call for speakers. This is a new one on me at least. They're after people who have experienced being speakers at events like Word camps. I dunno if it's limited to Word camps, but essentially they're saying, are you an experienced Word camp speaker?
Passionate about sharing your knowledge and helping others strengthen their skills. We're currently seeking speaker mentors for Word Camp Europe 2023. You'll be paired with another conference speaker who is looking for guidance and support. Preparing and delivering their presentations. Now, I speak a lot into the camera, but anytime I've done public speaking I literally fall apart.
I am physically, my whole body shakes, e even, in front of a crowd of people that who I know incredibly well. I feel great panic. I don't know what's in that, but I experienced that and so I could well imagine that there'll be a bunch of people out there who've stuck their neck out decided to be a speaker, have been accepted, and then suddenly caught in that dilemma of, oh my goodness, what have I bitten off here?
It's more than I can chew. So I just think this is a fabulous initiative linking people up, one who can help possibly calm the nerves of somebody else, but also give them guidance about what worked well in their presentation, how long to make it, what kind of, what kind of slides to use, and all those kind of things.
So again, Rob and Mark over to you. I think,
[00:31:28] Rob Cairns: This is a great idea coming from a bit of a speaking background. I have debating training going back as far as high school, going back 40 years. It takes a lot to make your craft to speaking better for the audience, for you. And I know that any help that I've ever been able to give any news speakers, I've al at different events.
I've always tried to give because it's hard. It takes a lot to get up in front of a group live and 40 people, 50 people. And I know to this day I still get the butterflies before I take the podium or the stage, and that's 40 years later. So I think it takes a lot. And I think anybody who's giving their time as a speaker, first of all, deserves a lot of kudos in my books because it takes a lot to get up there and let's help those people around.
So I like this initiative so much.
[00:32:26] Nathan Wrigley: Yeah. Yeah. Thank you. I, yeah. You, I saw some pictures recently of you. Was it wasn't a WordPress event, it was like a podcasting event, right?
[00:32:34] Rob Cairns: It was pod camp Toronto in February. I spoke about starting a podcast on a budget. One of my favorite
[00:32:41] Nathan Wrigley: topics. Still butterflies.
Yeah. Every time. Every time. And I
[00:32:46] Rob Cairns: have an old debating coach of mine who's now retired in his eighties. And every time I talk to him, he says, do you still get the nerves? And I say, oh, yeah, he said, and that's because he care about
[00:32:56] Nathan Wrigley: what you're doing. Oh, nice. Turn it around. Yeah. That's great. Mark, any thoughts on this project or whether you Yeah.
[00:33:06] Mark Westguard: I think I'd love to speak. I just need to find a decent topic that doesn't border people to death. . But , no, I th I think this is fantastic. Working Camp EU is a big event. Oh. And the crowds are big. The audience is, are large. So I think there's so much valuable information out there that maybe people aren't talking about because they're nervous.
So I think it's good for them to be able to gain the confidence to be able to speak, but also great for the community, cuz this is gonna open up a lot more voices for us to hear and learn from. So I think, yeah, I think it's brilliant. I remember reading about this and it, made me feel warm and happy.
[00:33:46] Nathan Wrigley: Yeah, that's right. And the kind of people that they're looking for is, I guess it's indicative of where they're seeing this. It's like a counseling kind of role. We are looking for mentors who are patient, supportive able to provide constructive feedback in a he helpful and encouraging.
Wait. Yeah. This is not the hard sales pitch type, is it? It's not how to be successful in webinars kind of thing. You know how to sell 40,000 kilos of your product. Nope. Nope. This is about giving up some time to do the right thing to help people who are concerned and just need a bit of guidance. Yeah.
And you are right. The crowds at Word Camp eu, I'm fairly confident that the crowd themselves are nice bunch of nice people, but there's still potentially a thousand of them just staring at you, waiting for you to drop your pearls of wisdom and Yeah.
[00:34:39] Mark Westguard: There's a lot of people in the event, not just Word Camp, but Yeah.
Find it difficult to approach people. I even noticed that when I'm manning my booth. It's, there's all types of people there, some people are confident, others aren't. So this is a great way to help
[00:34:54] Nathan Wrigley: those people out. You say that there's a quite a few people who don't like to approach your booth.
That's interesting cuz yeah, it's funny, like I, yeah, I've often steered clear of your booth .
[00:35:06] Mark Westguard: I would, no, it's funny, I, this time I actually, even though I have a tiny little booth, but I actually split it in half and I had behind a monitor, I had a bunch of swag bags and it actually enabled people just to come up and take something and I put some pens there as well just come up and I didn't have to interact with me.
And on the other side of my booth, I just had people coming up and talking to me. So Nice. Yeah, it was interesting and that way I got rid of a lot more swag. I didn't have to
[00:35:38] Rob Cairns: Nathan, let me just, since we're talking about Altas had a real quick pro tip for anybody wanting to get into speaking is learn the practice in front of a mirror. It's Oh yeah. The best. My parents when I grew up in Montreal, used to have a full length mirror in the bedroom and they hated competition time because it meant I took over.
, try that. That's the best pro tip. Just to get
[00:36:02] Nathan Wrigley: people going. Yeah, that is really good advice. I've never done this kind of stuff, but I'd honestly become an absolute mess. It's really curious how I can do the podcast and interview people who I've never met before, but as soon as I get in front of people, it's a mess.
Another pro tip, oddly is about the previous article. This is, Money saving tip. Thank you, Courtney. She said if you are thinking of buying something from the Mercantile store and you have a friend in North America, might be a good idea for them to purchase it. And if you are planning on meeting up at Word Camp eu, do an exchange there because the international shipping is steep.
Yeah, I saw that and I didn't really explore into it. Is it steep enough that it's literally like double the price or something? But anyway, thank you Courtney. I appreciate the tip. Bloggers, developer bloggers or people in the developer space, you'll be pleased to know that WordPress is introduced a dedicated developer.
Blog you can find it at this story is about it. It's called Introducing the WordPress Developer blog. It was published on the 22nd of March by Chloe Brigman. And it is imagined what it features. It's gonna be featuring blog posts a new home for developers. It's called I'm almost surprised that this didn't exist in the past, in the, I guess they all just got modeled up with everything else.
But this is where all of those posts in the future are gonna go. And speaking of which, I managed to find one by just in Tadlock. Everything you need to know about spacing and block themes is an example of what it's gonna look like. Introduction, table of contents, and then you get into the meat and the bones.
It's r I've gotta. I really like this design aesthetic. There's just something really simple. There is nothing in the way of me consuming that content. I'm just straight in on the title, tiny little bit of metadata on the left, which is out the way and I can ignore and then right into it. And it's just text, some images, and we're off to the races.
If we look at Justin, slightly longer one. There we go. Clear title, WordPress developer blog at the top into it. Nice, clear table of contents. And then he's into his topic, which is actually really interesting, mark, being the developer that you are just kind of stuff you pleased about this. This is a new playground for you.
[00:38:29] Mark Westguard: Yeah. Another play, another resource to look at. I just wonder how this is different from developer.wordpress.com cuz there's another developer blog there which is developer wordpress.com/blog. So I don't know if there's any slight difference in the tone of the content,
[00:38:49] Nathan Wrigley: but Yeah maybe there's gonna be an embargo on anything to do with specifically a uniquely.com feature or something, but I don't really know.
Yeah, that's a good point. Yeah.
[00:39:01] Mark Westguard: The URL is, I've written some, I've written some stuff for [email protected] and it was quite general, just,
[00:39:07] Nathan Wrigley: Stuff. Would it have fit in here?
[00:39:10] Mark Westguard: That I don't know. I'd need to read this a bit more and learn the context of it, but yeah, I'll definitely take a look at it and I'm sure there's some great content in
[00:39:20] Nathan Wrigley: there.
Yeah. I can't in all good conscience say that I've trolled it a lot. I just wanted to highlight it as a thing. But the URLs, oh I'll just strip the URL out and go to a new tab quickly. Is just developer.wordpress.org and then, Yeah. If you put slash blog Oh, you have to put slash blog to get the news Yeah.
To get the new theme, don't you? I'd forgotten that. Yeah. And there we, oh no. No, there is a way. Oh, news. It is. Sorry. Thank you. Not blog. It's news. Yeah, I did actually make that mistake earlier myself. Oh yeah. There we go. developer.wordpress.org/news and you get a nice search bar and at the minute that looks like, there's four articles featured on the homepage and quite a few there already.
There. Content. Yeah, there's quite a little bit that's been added. So yeah, go check it out. I dunno if you've got anything to say about that. No,
[00:40:14] Rob Cairns: just another great resource for the community and we could use all the resources we can get. So go check it.
[00:40:21] Nathan Wrigley: Okay. So there we go. Yeah I'll link to that in the show notes, developer.wordpress.org/news.
Get you the full Monty. Antonio, thanks for dropping by and leaving your comment. This is going back to the helping out with WordPress speakers. I'm a bit antisocial events and try to avoid booths, but talking to Mark Word Camp Europe 2022 in Europe was one of the best things that ever happened to me.
Oh, that's such a nice comment. He's a nice comment. The cockles. Yeah. Thank you Anthony. And then he goes on to say the previous comment was not true. No, he didn't say that. I am a bit antisocial at event. Oh, no comment. Yeah, he's repeated himself. Ws form addict. Since then. Yay. Mark turn. There we go, brown.
Oh, that's lovely. There we go. Nice thing for you to write, Antonio. Thank you for that. Thank you for that. Yeah. Okay. So here's the WP Drama for this week. This is a post on the WP Minute podcast. Matt Madras produces a podcast, which is a pithy and short summation of a WordPress story during the co typically I think once a week.
And this time the article is entitled, what's the Problem With Awesome Motive? It does it in two ways. Really. You can either listen to the, you can either listen to the audio, or I believe the transcript is a faithful representation of what you said, so you can read it here instead. But this is a, this is something that just came up, blew up during the course of this week where there was clearly some commentary largely on Twitter, which was How should we say, which was having a go, a little bit of a go at the way that some WordPress plugins.
Make it very easy to onboard you to their service , you'd be crazy to make it difficult to onboard people into your product. Talk about marketing 1 0 1, so you're easy in the road into subscription is dead simple. But then what about the opposite side of that coin? What about the fact that you no longer need that product or service that's, you wanna step Sorry.
Yeah, sorry. Yeah. You wanna step away and, but that journey is fraught with difficulty and the finger got pointed. I think obliquely, I don't think anybody directly pointed the finger or some motive, but I think Matt. Tease that out and figured out that's where the finger was, in fact pointing and then created a podcast about it.
Now you can obviously go through, he talks about much more than just that. He talks about automotive as a company and all of that kind of stuff. But my, the thing that I wanna raise really around this is this whole approach to plugin development where you gather people in and then make it incredibly difficult to leave.
Now, whether or not the, I saw a, what's it called? A wire frame, like a flowchart. That's the word I'm after. , a flowchart of a WordPress plugin. Whether or not it was an awesome motor plugin, I don't know, but it was a flow chart of the process of unsubscribing from the subscription, and it was utter.
Utterly tortuous . The end point, it ended at two successful places. So there were two tiles on the flow chart, which indicated success. And there must have been 50 tiles, which indicated misdirection buttons, put in the wrong place. Decision making decision, trees just being diverted to an yet another and yet another page where you had to figure out where's the correct path on the journey here?
And so the conversation around that really, is this something that's ethical? Is this something we wanna promote? Do we want to trash this publicly? What do we think?
[00:44:22] Rob Cairns: I gotta jump my 2 cents. So I have big problems with the way O Automotive or other plugin or other IT companies lock people in and don't let them get out, especially their data. So that's an issue for me. So I wanna draw parallels with this big monster company we all love to hate called Google. And what Google does is they have a feature called Google [email protected] and basically it allows you to get any of your data outside of their ecosystem and download it across all their services.
And that's going the extra mile. But I'm sorry if it takes me 20 buttons to cancel my subscription. Another prote use a P prepaid credit card for your subscription to. Just knee on it when it renews . But then this becomes a pain in the butt. Do they think that by forcing me to be difficult to cancel my subscription, I'm gonna support them and have nice things to say about them or any other company across Twitter or any other social media?
So let's make it easy if customers don't wanna be your costume. Let's let them get out of it real quickly. Push a button, be done, go away. And I think the other problem going on is O Automotive is entwined themselves into some big brands like WP Beginner, all in one s C O, easy digital downloads and so on.
So they're all plugins that everybody likes to use, and they're just making it so difficult. So I have to agree with Matt on this take to be honest
[00:46:05] Nathan Wrigley: you. Do you think the, do you think the incentive here from the plugin manufacturer, okay. Does their decision tree go a bit like this? If anybody's clicked on the cancel now bottom, we already.
They're gonna cancel, right? Yes. So that decision's been made. A proportion of them will give up canceling, because we've presented enough obstacles along that journey that let's just make up a number. 2%, 3% will give up and they'll just subscribe for another year. In other words we'll get a little bit more revenue for absolutely nothing.
We won't have to do anything because we know they're not gonna use the product anymore. We haven't done anything illegal because, you can cancel if you want to go through that process. But but we'll gain a little bit more revenue by customers, which we know we've already lost anyway.
So that's I assume what they're thinking, but e every, almost every fiber of my body thinks that's a peculiar stance to take. Mark, over to you.
[00:47:17] Mark Westguard: Yeah I wonder what the long-term ramifications are of behaving this way. It feels like it's leaving a sour taste in a lot of customers' mouths.
Could that impact their decision making? Cuz you know, also motive own a lot of brands. If you were to consider one of their other products and you've gone through their process, could that impact negatively? I'm sure they've got data on this that for some reason they think that these crazy cancellation processes make sense to them.
Maybe they are making money out of it. It's also the front end side of it as well that I see, which kind of frustrates me and I actually post posted it and I'm usually air frustration on Twitter. I like to stay behind the scenes, but I use easy digital downloads for our plug.
and up pop this notification with three spelling errors in it, in the space of about 20 words. And when I clicked on it, it was then encouraging me to upgrade to their pro version. And I was curious whether signing up for the pro version would actually opt me into their usage tracking. And I contacted them and I reaffirmed it with them twice, and I'm still not sure I've got the right answer back for them, but they said that if you do sign up for the Pro edition, it would sign me up for their usage tracking.
I thought that's a bit strange because there was nothing legal wise along the way that said that was gonna happen. So that was frustrating. And I also didn't like the way that the, they've recently changed the term usage tracking to join the c. So it, it's almost trying to fool people into doing things and clicking buttons that have different ram, different ramification from what you actually think you're clicking on.
So for it to say, join the community, and that actually means they're getting your sales speakers every week that troubled me. Because you're not joining a community, there's no nothing community about it when that button is clicked. Yeah I dunno it must, it obviously must work for them.
They must be making money out of this procedure. And I think, we, in this community, even in Twitter and even on WP Builds, we're a very small group of people. There are so many thousands of customers out there that don't get involved in this community and just buy a product and just deal.
So yeah, maybe it's certainly not anything I would wanna do with my product. If somebody wants to cancel my plugin, I cancel it, I refund it. I don't even ask any questions. It's just not worth the grief. Sometimes a customer will say to me, Hey I couldn't get it to do this. Could I have a refund that I'll go back and say, it can do that.
I'm gonna process your refund, but just to wanna let you know it can do that. And they'll sometimes come back and say whoa. Don't cancel it. That's as far as I'll go on the cancellation front. And I have no hard sell banners within the product itself either. That's just the way I like to work.
Also multiply to do things a
[00:50:25] Nathan Wrigley: different way. Yeah. It'd be interesting to see how this does, typically in the WordPress space when we get any kind of WP drama, it has the shelf life of usually less than a week. So it'd be interesting to watch this to see if there's any long-term things.
I know that deceptive design, as it's now called as opposed to dark patterns, which it used to be called, it does seem to be something which people more generally are being switched onto. If you went into a car dealership and your car was clearly broken and it was still under warranty and you'd had it for two or three days, you really wouldn't accept it from the person sitting behind the counter over there to say, I'm sorry, your warranty doesn't count.
No. You can ask me a thousand times and it, we're not gonna do anything. , and I guess people are beginning to become a bit more savvy with that on the internet and any kind of weirdness, dark pattern buttons, which look like a yes when they are in fact no. , those kind of things. They're getting increasingly called out.
So anyway, the piece that was called, what's the Problem With Awesome Motive, you can find it on the wp minute.com. It was produced on the 23rd of March, 2023. Now, interestingly, t tied to that, but n a apropo of nothing, there's no connection between Matt's piece and this, but it's interesting over on the Verge website.
Now the FTC is a phrase that I hear a lot and I know it's got to do with tech and I know it's got to do with keeping tech companies. Within the legal system. I don't actually know what FTC stands for. Somebody could Natural Trade Commission. Okay, perfect. That's great. Thank you. Yeah, so they're looking into putting something on the books, which would make it illegal.
The proposal is something called click to cancel. And this rule would let you cancel any kind of thing. Memberships, it mentions on the website and the process has to be as easy as it is to sign up. So if you have an incredibly difficult sign up process, firstly, good luck with that. But secondly, I presume you'll be allowed to have an equally difficult , backing out cancellation policy.
But most companies wanna. Dead easy. Sign up, one click, you're off to the races. If it's easy, as easy to sign up as it is with one click, then the idea would be that it would be the same on the other side. It would be just as easy to cancel. This strikes me as a really sensible law. They point to the fact that in the real world, they use gyms as an example.
I'm not a member of a gym, so I don't know how this is, but they talk about the fact that you rock up to the gym for the first time, sign a piece of paper, and you're basically a member. But then canceling that membership, you have to do things like go home and make a phone call and go through various things.
And they have trained operatives on the other end of that phone who are very good at talking you down and trying to explain why you're missing out on this, that, and the other thing. And just trying to obfuscate and just put you off the scent, really. . So I think, , this seems on the face of it to be the answer.
Could be the end of
[00:53:30] Mark Westguard: timeshares as we
[00:53:31] Nathan Wrigley: know it. . . Yeah. But this, presumably mark your plugin or, I dunno maybe it doesn't, maybe you've got things to tweak, but that seems like just common sense default. Yeah.
[00:53:44] Mark Westguard: Yeah. I tend to find if somebody is considering canceling because they don't know whether it's got functionality or not, they'll ask, they won't just cancel.
It's very rare that someone will just cancel cuz they couldn't find something. Yeah. I tend to find that customers will make an inquiry about, how do I do this? And then we'll help them out with it. Usually our cancellations are things like, maybe they've lost a contract and they're not working on it anymore, or they're not working with the customer anymore.
And why make the process of canceling difficult? I'd much rather end the relationship with the customer, with them feeling happy so that when they consider my plugin in future, they'll come back. , if I make that cancellation process difficult, it's a sour flavor in their mouth and that they, and they're not gonna come back in future.
Yeah. Yeah. I like to keep it simple and I think this is a great
[00:54:35] Nathan Wrigley: thing. So as always interesting to get a a contrary point of view. ATIs, aif, sorry. Atif says, as much as I agree with you as a dev, it's important to learn why customers are leaving. , because there may be holes that could be plugged or improvements.
So I do opt to handle some way of getting that data. So is it a bit like the, I don't know if you wanna install a plugin. Occasionally you'll get that one modal popup, which says, yeah, why are you on installing this? And you get a choice of three things, five things, and then you can cancel. Yeah, I think, and I have that.
I have that.
[00:55:09] Mark Westguard: So it's just a simple question and that's as far as it
[00:55:11] Nathan Wrigley: goes. Okay. And in many cases, that question can be ignored. I think what , Matt Madeiros was describing, or at least what he was being what he was creating that post in response to was not that. It was a fairly lengthy journey with many tripwires on the way where it was I think as many as seven or eight pages deep.
. So it wasn't like, okay, tell us the reason that you're leaving it. Here's a page. Find the next page button while it's buried at the bottom. Try another one. Go through on yet another page, then a modal, then click the correct thing in the modal, then go to yet another page. And then finally one last page where you click another button, and finally you're out.
I think it was that kind of level judging by the the modal, sorry, the the flow chart that we saw. Then he goes on to say it's a fine line, but as Mark says of more often than not, people rush to get a refund when actually they can do what they like to do. That's great feedback for me as it's not as user friendly as I thought.
Yeah, it'd be interesting to see actually what level people think this stuff is. Okay. We've, we always get comments when a WordPress plugin posts an ad in the d. . I wonder if this will lead to a whole series of how acceptable is it to ask us for information before canceling happens And Yeah. That's interesting.
Peter Ingersol. He's back. . He's back. He is back. Look at that. The clocks changed. Of course they did. Yeah. The clocks went forward here in the uk. So Peter in Connecticut is an hour behind. But thanks for joining us, Peter. It's, he's in Connecticut. It's eight degrees centigrade, 47 degrees Fahrenheit. That's quite nice.
And he says The lack of transparency when it comes to WP beginner tutorials and best ranking as greatly tarnished my opinion of a yeah. Anything to add before we put the drama behind? I
[00:57:08] Rob Cairns: do actually, Peter you hit on a great point about the best rankings. There was a well-known computer magazine back in the day, PC Mag, and we all probably remember it, and they used to do top 10 rankings, but if you ever looked, their top 10 rankings were all based on what their advertisers were in the magazine.
Oh, I see. Yeah. ,
[00:57:29] Rob Cairns: Peter your astuteness has hit it on the nail. Thank you, sir.
[00:57:33] Nathan Wrigley: Okay. Okay. So go and check both of those pieces out. The Verge the Verge article and the Mount Maduros one, I will link to in the show notes, which come out tomorrow. You'll need to subscribe to get 'em. Actually, you don't.
You can just go to the word, press the WP Builds website tomorrow and search for this. Subscribe if you like . And by the way, if you do subscribe, there's a button at the bottom of every email. It says unsubscribe. Guess what that does? ? 15 pages? Yeah. Oh no, it goes, it's a series of 200 questions that you have to answer correctly about WordPress functions.
And then once you've done that, you can unsubscribe. Now, ,
[00:58:13] Rob Cairns: it funneled the West card to be the .
[00:58:15] Nathan Wrigley: Yes. It's the one click on ins on subscribe, I promise. Okay. Here's another nice thing we had earlier. The here it is. Look the call for mentors. This is such a nice little project.
This is Give WP along with a variety of other companies. I might add we mentioned it last week, but only in passing. Really. It's called the Give Back Athon nonprofit Hackathon. You can find [email protected]. And then the next four words are hyphenated. So give. Back th each separated by a hyphen again in the show notes.
The idea really is that you come to this website and if you are a nonprofit, we call them charities in the uk, but nonprofit. You fill out your form, you can see that I've incorrectly filled out this form cuz all the fields have turned red. Didn't put anything in, but you fill it in with the basic data about why you would like to have your website built for you gratis for free.
And they're gonna do this for three nonprofit companies. There are some incentives aside from that. If you're not one of the lucky three. There are some. Things on offer. It's open for 27 days. That is to say the form will be open for 27 days. And I guess at that point the decision making begins.
And here we go. Three complete websites built from Stellar for stellar nonprofits. They are gonna be you get some free stuff thrown in to make your websites or stand out a little bit more and bring some functionality. You get give WP Stellar WP Products including Yost Oh, and also Yost Premium Bertha ai.
And look at that mark. Bit of a, bit of a coup for you. Ws form gets thrown in there. You also get free hosting on the Nexus platform. Five Runners up are gonna get a give WP Pro plan 10 finalists. So I was obviously whittling it down to 10. They're gonna get 50% off the Give WP plan and 25% offer anybody who signs up and just gives it a go.
So yeah, this is nice, isn't it? Yeah, and I
[01:00:24] Mark Westguard: think don't quote me on this, but I think we're actually giving away the the additional stuff for two or three years as well. So it'll, it won't just be for the first year. So they're actually gonna get it for a longer
[01:00:37] Nathan Wrigley: time, which would be nice.
Let's see if we can find it. Da. It doesn't seem to mention it. Oh yeah. Three years. Look. There you go. Yeah. Oh, it says Nexus hosting sponsor and we'll provide hosting and for the grand prize for three years.
[01:00:50] Mark Westguard: Yeah. So we've definitely given it for three years okay. Yeah.
[01:00:53] Nathan Wrigley: So I'm assuming that will be the same forever and I believe it was.
So when we talked about the Stellar WP Suite, that includes things like ithe security. Yeah. Cadence, obviously if if you struggle can, yeah. So they'll be able to build you a really credible site. But completely for free. If you're a nonprofit, I don't think there's any requirement to be in any way connected with.
Technology or WordPress or anything like that. I think this is just open to anybody and I, but I don't know what the criteria are for deciding your worthiness as being a winner, but obviously there will be some criteria, but the form won't take you long. Give it a go. Exactly. Yeah. Yeah. Thank you, mark for chipping in that makes it.
Absolutely. Yeah. Yeah. Any thoughts on this, Rob?
[01:01:40] Rob Cairns: Just a hats off to Stellar WP all their partners, including Mark Bertha and anybody else involved well done. They give back to the community and the nonprofits
[01:01:50] Nathan Wrigley: well done. You. Yeah I don't know. You've obviously gotta provide your name and organ.
Okay. Here's the question. You need to provide your, I dunno what this means, but I presume it's some kind of official accreditation. Your e i n Yeah. N's like a
[01:02:06] Mark Westguard: US company number. Okay.
[01:02:08] Nathan Wrigley: And then your charity id. If you're in the uk, that's something that you can provide. Okay. I don't think you could be applying for this if you weren't a bonafide already set up, already baked in the oven out there in the wild charity.
I don't, this is for people who are thinking about starting a charity. So though a few little tiny, teeny caveats, but otherwise, yeah. Give that a go. All right. Ready, ho. WP Turbo. This is so cool. I love this website. I'm just gonna open it up in a new tab. WP Turbo is a tool where you go in and you ba basically a bit like me.
You don't really have the chops to do certain things, but you know that the solutions are out there. So you could go Google them and take your chances with that. Probably take you quite a long time. Or you can go to Turbo WP and . That's quite kind of them. I've never noticed that. Got our logo on there.
Oh, bless them. And you can do things like the menu generator, the post type generator. , the theme js o generator and so on. And so you go through the process, it asks you some questions. You, it's not really questions, but you fill out the forms, what you want it to have, blah, blah, blah. You could see on the screen here, it's really cool.
And then you download it as a snippet, which you then put into your functions dot php file. So there's one right there, right? The basic one that they start with. But as of this release, you can now invoke this button, which says Download as a plugin. So you can then do exactly that. You no longer need to do.
Contact your developer if you are non-skilled, if you are happy that whatever you've done is okay and you don't wanna have any contact with the developer, you can now download it as a plugin. I realize that for this audience, this is probably a bit moot, but nevertheless, I think for people who are not familiar with using, I dunno, functions, stop p php or where that might live or anything like that, download it as a plugin, upload it to your website and boom, you're good to go.
I just think this is so cool. So that's the initiative that they're announcing. WordPress coding standard integration has also been announced on this post. I'm not entirely sure what that means, but the bit that caught my attention was the fact that, yeah, you can just download this as a plugin, but if anybody in the comments does know what they mean by coding standard integration, I'd be pleased to know.
So again, over to you fellas. What do you think? I like
[01:04:36] Mark Westguard: that. Yeah. I like that it's not ai. It looks like it's actually Yeah, it is
[01:04:40] Nathan Wrigley: generated. Yeah. It's just a human did it, I think. Yeah. .
[01:04:43] Mark Westguard: Yeah. And I'm assuming that the WordPress coding standard would mean that the code is generating is according to WordPress coding standards, which is nice.
. But yeah that's really cool. I like the download plugin. That would make it a lot easier for people to integrate that, but,
[01:05:02] Nathan Wrigley: But also just that idea that if you step through the hoops, let's just go back, let's do, I don't know, post type generator. Yeah. And let's just take immediately what we've got.
If you are not, if you've never done this before and you've never taken an interest, some of this immediately starts to oh, yeah I get it a little bit. It starts to teach you a little bit about how it works. Look, every line within the label is the same. There's some kind of syntax going on there.
Why is there a little bit the front followed by this peculiar little arrow? What's all that about? And you would just start to get of an idea of how this works and what it's doing. Yeah. And yeah, I just think it's. I just think it's such a, all the bits that you forget about are there. Yeah. Yep.
Yep. And then you can obviously build it up. Name things, change the labels of things all there. I actually think so. I've used a plugin in the past, which I really like, it's by web dev studios, it's called. Custom post type ui. And it does all of this in a plugin. Yeah. But the, this strikes me as this, I could easily replace it right here and it would do exactly the same thing.
And I would just have my own little unique plugin, which feels like, I don't know, it just feels like there's something nice about
[01:06:14] Mark Westguard: that. Quite a nice way of learning how to code
[01:06:16] Nathan Wrigley: for work. That's what I mean. Yeah, that's what I was trying to illustrate. You could come in here and begin the journey, right?
[01:06:21] Mark Westguard: As you tweak things, you can see how that
[01:06:23] Nathan Wrigley: affects the code. Yeah. I don't know what happens. I dunno if it does it on the fly. So if we uncheck things, does it do that as we go? If you know what I'm Oh yeah, it does. Look. Did you notice it? Yeah. Yeah. As we were doing it on the screen, far slightly lower down.
So let's check on all now. Yeah. That's cool. Isn't it cool? It was really great.
[01:06:41] Rob Cairns: Well done. That's so cool.
[01:06:43] Nathan Wrigley: Yeah. But it really does have a broad range of things, like I said, right at the top. Let's go back to the, oops oops, oops. Go to the main site. Postop generator taxonomy, generator menus, short codes, hook generator, WP config start a plugin generator theme dot j and then 40 more.
WordPress admin related WordPress query generators, other WordPress generators, Google Front Loader. That's cool. Yeah. Woo. Commerce stuff. Couple for element or. Oh, that's
[01:07:14] Mark Westguard: good. That's really cool. Elemental widget.
[01:07:17] Nathan Wrigley: Elemental widget. So there you go. You can build your elemental widgets. Anyway, now it's available downloading as a plugin.
So that's very cool indeed. Fantastic. I like that. Indeed. Okay. Wow. Ouch. Obviously, when I mentioned security, I've caveated the whole thing with how I'm not a coder. I really do understand that things break, but still this does seem like quite a bad one. Hacker News and almost every news outlet on the planet, I think this one actually made it onto the front page.
Of a few actual real world newspapers in the uk, it was deemed that serious critical w commerce payments plugin floor patched in 500. Wow. Wow. 500 plus thousand WordPress websites. And I'll just quote quickly, patches have been released for a critical security floor impacting the Woo commerce payments plugin for WordPress, which is installed o over half a million times.
The floor, if left unresolved, could enable a bad. To get, I was gonna come up with some actor who I thought was quite bad at this point, but then I thought, just forget it. Wrigley, just move on. We could enable a bad actor to gain unauthorized admin access to impacted stores. The company said on the 23rd put differently the issue.
Could p permit an unauthenticated attacker to impersonate an administrator and here it is completely take over a website without any user interaction or social engineering requirement. Now, I could be wrong, but that line seems to be about as bad as it gets in terms of security. I can't imagine a line being much worse than that.
The bottom line is if you are, if you're in any way connected with Woo commerce and you suspect that you are using Woo commerce payments, which a lot of you are, Please go and get it updated and save yourself a lot of trouble. I imagine that within 20 minutes of this being announced, the hackers started paying great attention to it, because where there's woo commerce, there's money, and where there's money, there's an incentive to do it quickly.
So anyway, I dunno if either of you have got anything on this Mark. I think you didn't you, before we started recording, you said you'd had a little poke around. I,
[01:09:40] Mark Westguard: yeah, I'm always interested just to look at the change login, see how this occurred from what I gather. And Rob from probably backed me up on this and explain this as well.
So Rob's really the security expert here, but it appeared that what had happened was in the code for the site for the work comments, payments, plugin. It looked like it was old testing code. Yes. Where you could inject the user ID using what's called an HTTP header. So when you make a request to a web server, there are various HTTP headers that get set up things like, Hey, here's what browser I'm using, here's this type of content I accept, et cetera, et cetera.
And there was a custom http header that could be set and that would numerically set the user ID on the website. And it appeared that code had been in there for quite some time from what I had read. So I'm quite surprised it hadn't been pulled out at some point. And that was basically the vulnerability.
Somebody discovered that piece of code they immediately removed that piece of code. I think it was an include file or something. But yeah really surprising that fell through the hoop because that's a very significant security floor. .
[01:11:02] Rob Cairns: not, I'm nodding my head cuz I couldn't have said it any better.
Mark. Thank you. One thing I would throw out there before everybody in the community gets bent outta shape the word is they've patched it, so yeah, they fair, they haven't ignored it. Security is a big thing based on trust and I think , they've won their job on this one, they've of vulnerabilities come out.
They've patched it. Yeah. The other thing I would say to anybody who's running a WOOO store is, guys, please don't leave your plug-ins out a date for three months at a time. You gotta get on those weekly, if not biweekly. If you're not gonna do it get somebody to do it for you. And also make sure you got backups and you've tested those backups to make sure you can do a restore.
Because I've seen cases where, Code's been injected and you've gotta go back five backups. I've seen that happen and sometimes you gotta go back and then you realize, oh geez, my restore doesn't work properly. So like that be the lesson, like these are gonna happen, security vulnerability's gonna happen.
If you look at any of the vulnerability reports, patch Stack reported that 42% of all WordPress sites have at least one vulnerable plugin in their year end roundup this year. And we need to be aware numbers like that and we need to make sure we're updating our websites. Usually when I get to look at a website of this magnitude, I can guarantee you the plug-ins are six months out to date, there's no backup.
The hosting backup's a mess. And then the poor client is in a conundrum on what to do. So I do the right thing from step up and then you'll be okay. These are gonna happen.
[01:12:48] Mark Westguard: Yeah. I like how transparent they were about this. When they found it, they immediately. Jumped on it, got it fixed. They also worked in with the, the plugin team to make sure that plugins were updated cuz they do have that magic button I think they can press to make that happen. So yeah, I think they dealt with it the right way. And by jumping on it quickly, hopefully they've stopped a lot of sites being vulnerable.
[01:13:14] Nathan Wrigley: Yeah. I wonder how high up in the list of priorities, woo commerce, especially something like this, how it figures in the hacker's mind.
In other words, is this a drop what you're doing? Let's concentrate on Woo commerce for the next few days. Or if this is actually, let's crack on with our Android exploit because that's probably more profitable. I don't know, but this one felt like a bad one. Taking over, yeah. Potentially half a million websites as an administrator.
I dunno what havoc you could cause, but it could be a very, a lot, large amount, lot, and a lot of it involving siphoning money to the wrong destination, I would imagine. Yeah. The
[01:13:56] Rob Cairns: minimum monies involved, the priority goes up exponentially by a thousand,
[01:14:00] Nathan Wrigley: yeah. That does it. Yeah, they did the right thing.
Yeah. Okay. Sorry, just quickly going backwards in time, Antonio. Thank you. He says, ironically, the pro version will include AI snippets. I think we're talking about WP Turbo, so that's interesting. So the pro version adopts some AI stuff. Okay. Interesting stuff. No, . Yeah. What if they have a, if they have a subsection which says, generated by ai.
That I think is fair. Fair play, right? Yeah. As long as it's clear. Yeah. Label it. Label it. Yeah. . Yeah. Do you want it, do you want it full of whole? Do you want it full of like problems? tick the AI button. Yeah. And Atif says a ACF now has c CCP t in their latest update. Custom post types. Yeah. About time.
Oh, is this a new piece of news that I missed? I did not see that. Can we do that next week? But
[01:14:52] Mark Westguard: Mark is normally, yeah. So yeah, A ACF is normally custom fields and they're gonna be introducing custom post type configuration into it. . Yeah, so cuz I, I use a ACF a lot. I love a acf. I use a C F a lot.
Yeah. And I use C P T ui.
[01:15:10] Nathan Wrigley: That's the one I was mentioning. Custom post types ui.
[01:15:12] Mark Westguard: Yeah. So this is actually gonna bundle. Altogether into acf. So
[01:15:18] Nathan Wrigley: interesting. Yeah. Atif, I wonder if you know whether that is pro or free. I don't know. That sounds like maybe it would be a pro feature. That's cool though.
I did. I missed that piece of news. Ah, honestly, I have one thing to do each week. It's to find the WordPress news, and I've failed to find that bit, but let's carry on. Regardless. Mark was very kind over the. Week or so. Firstly, he came on a show with me and he did a demo, which was really nice of him, but he also offered up two of his licenses.
I'm just gonna refresh this page quickly, and I've, we've decided who the two winners were. The form was open. We had about, I don't know, 25 or something like that, and I whittled it down to the four that I thought were most winnable. You had to fill out a form. Guess who made the form? It was w it was a wf, a WS form.
And and we've decided that two winners, I won't say surnames, but Sean and Ian I'll be in touch in the next day or so. You are gonna be the happy custodians of a of a license for WS form. It's the personal edition, and I'm sure that if I contact you, you'll be able to, in some way reach out to Mark and make that happen.
So Ian and Sean. You were the only people with those names who filled out the form. So if you filled out the form and your name was Ian or Sean you are the winner. If your name was Ian and you've secondarily filled out the form under the pseudonym of Sean, you've won it twice. Congratulations,
I'm glad for following us with your AI bot. Oh, thank you Nomad Skateboarding. That's really kind. By the way, as Mark said, if you go to that page, you can still get 20% off Ws form if you weren't a winner. You can do that. Righty ho Shopify is the way. Palmer . That's and Palmer yeah, that's, I suppose there's something to be said for that.
Andrew, I'm, there is no doubt talking about the WooCommerce debacle. Okay. Let's move on, Cheryl, all the way. Let's put the screen back on and take the comment away. Thanks for joining us, Andrew da. We've done that one. Okay. I didn't put this one here, I don't think. Did one of you put this one here?
Was it you, mark? No, maybe I did put it here. This was the story that open ai, basically we were talking about AI a lot. I apologize, but AI broke last week. It was a bug. Good grief. , if you were a user of open AI last week, and my understanding is you had to be on their paid plan, it's quite possible that your name.
Address and some portion of your payment details came into other people's conversations. I did add this
[01:18:17] Mark Westguard: one. I remember it now, and how horrific it was.
[01:18:21] Nathan Wrigley: I don't even know what to say. So the idea, everybody goes to chat, g p t, it's a blank screen. You've got a text field, you type something into the text field and you hope for an input back.
But what I'm guessing what was happening is people were putting in their query and then unexpectedly, part of the result that was coming back was people's names, addresses, p email addresses. And four, four digits of people . Yeah.
[01:18:46] Mark Westguard: I dunno whether this was appearing in the chat itself or if it was maybe in the account page or something.
It's not very clear, but that's, that is absolutely horrendous. Yeah.
[01:18:58] Rob Cairns: Security perspective and a privacy issue. Oh my
[01:19:02] Nathan Wrigley: god. . Apparently this vulnerability, whatever it was only ex was only exploitable for something in the region of eight hours or something like that. Only eight hours.
[01:19:12] Mark Westguard: Only
[01:19:13] Nathan Wrigley: eight hours . But you've gotta imagine. I don't know. It feels as if that wouldn't have been in the admin UI because in some way like that would be inexcusable now, right? To be literally putting the incorrect information in a UI of people's names and addresses because that problem's been solved a decade ago.
We know how to do account pages, but we don't know how to do chat. So I'm guess I'm gonna just put my foot out and say, I think this probably appeared in the chat, but I
[01:19:45] Mark Westguard: dunno. . Oh, actually you say sorry. In the second paragraph there. Just say If they were clicking on my account and then managed my subscription between 1:00 AM and 10.
Oh, I'm wrong then. Okay. It was, yeah, show. So it was showing in the u in the the, my account page. You
[01:20:01] Nathan Wrigley: know what the problem is? They got AI to build their, my account page. That's right. They, the AI made all their code
a serious point. If you were, if you are a paid user, it is possible that your name, address, email address, and four digits. Come on. Nobody's gonna guess the other, what is it, 12 or something? Yeah. But still not ideal. Sorry. Okay. No, we'll do that one in a minute. Let's go to this one. Okay.
This is amazing, right? You've all, anybody who listens to this, you've got to do this because it's, it is fascinating. So we're familiar with the cookie. We know what the cookie does. It maintains some kind of state you are. You're logged in, you're not logged in and so on. Now, obviously there's a lot of pushback against cookies.
There's a lot of endeavors to obliterate cookies, to periodically wipe cookies, to have extensions in browsers, which prevent third party cookies and so on. And so a lot of ingenious people have come up with other ways of figuring out who you are. And one of the most interesting ones is called web fingerprinting.
So rather than having anything to do with a cookie, what this does is it sucks out information about your browser session. And then just takes a ton of data and figures out something, some unique combination that you've got. So for example, your IP address, what extensions you've got installed, what the brows, sorry, what the view port size is what C P U you are running, what os you are running.
All of this stuff is given away freely, and then it creates a fingerprint of you, which is then trackable and. , it turns out sellable on the internet. And honestly, go to this page, I, it's called bite string.com. The post is simply called web fingerprinting is worse than I thought. And go and see if you could, if you can be caught up in this, because I thought I'm being a bit clever.
I've got my brave browser switched on, . I've got all my shields up. I've got a few plug-ins extensions installed. I'm in an incognito window, so you can't see 'em. But the point is, I thought there's no way I'm gonna be finger printable. Oh, I was so finger printable. So you go down here go to the bottom of the page and you click on fingerprint.com.
You just go there once and then it'll make an, it'll draw that fingerprint, it'll put together that fingerprint, then go open up an incognito session of the same browser. And you are thinking to yourself, I'm gonna go in there. And the unique string will be different now. No, they got you. Just try it.
Go there. Try it now. Have either of you two tried it?
[01:22:53] Mark Westguard: No, not yet. I'm worried if I try it that I'm gonna be in a database forever. More . Yeah.
[01:22:58] Nathan Wrigley: The thing is, sell me to someone else. Yeah. Just resize your browser or something, or change your IP address quickly. . And but it, it totally got me.
So my brave session it tracked me even though I was in an incognito mode. So it proved to me that it was possible. However, Firefox, if you're into this kind of stuff, Firefox has have got a new config setting. , called privacy revi, resist fingerprinting. And if you set That's true, you go to about dot config in Firefox.
Yeah. And I tested it in Firefox when that had been activated and it didn't work every single time I went to the fingerprinting.com page, it gave me a new thing. Okay. So all I'm saying is forget cookies. They got you. They got you Anyway. Yeah. They know who you are. . And it's a, apparently it's just some big guy in a leather chair stroking a cat.
He's the guy gathering, , gathering all the, he's called Mr. Evil or something. He's he's the guy gathering. Just honestly though, doesn't this stuff freak you out? This is not what I want the internet to be. I've been doing this for years though. Yeah. This shouldn't be doing it for years. It's naughty .
[01:24:08] Mark Westguard: Yeah.
[01:24:29] Nathan Wrigley: It's interesting. I dunno. Yeah. Yeah. I'm really not sure. Yeah. User
[01:24:33] Mark Westguard: agent, stuff like that. Blocking
[01:24:34] Nathan Wrigley: that. That's, yeah. And my understanding is it's not just one data point, it's a whole mishmash of different, anything that they can grab. Yeah. Grab and draw, whatever they can get for you.
Yeah. And if you think about it, like there's no way that me, you and Rob, if we just did what os you using. Yeah. Probably there's one or two options there. Maybe three. What browser are we on that's possibly different? , tell me all of the plugin ex extensions you've got for your browser. I don't think there's any chance that the three of us have got the same ones.
No. We might share a few, but not all of them. Viewport size, C P U I can't off the top of my head think of anything else which might go into that cocktail, but I bet there's more. . Yeah.
[01:25:19] Mark Westguard: Yeah. The ti even the time zone stuff that immediately differentiates us, right? Yeah.
[01:25:25] Nathan Wrigley: Internet provider.
, maybe there's a case for wishing this to happen in the same way that some people just like to be tracked. Cuz they would prefer having the ads which represent their desires rather than the ads which don't. But personally, I feel the trade off isn't worth it and I'd rather have this set up.
So anyway, it's called bite string.com, search for the. On the 19th of March, and you can see that and go and see the . Atif said they're gonna get you no matter what you do. Yeah. . Yeah, you're right. I'll always find a way. Yeah. I got my access to the, to, to the Steve Jobs.
The other I got access to, I think it's the voice of Steve Jobs. Oh, we're back onto AI there. Sorry, I thought this was about this. I will look at that a little bit later. We're very fast approaching the top of the hour. So let's just quickly do, we did that one. We did that one. We'll go back to this one.
The I, oh, I love this stuff, but at the same time, it's so weird if you want to hear the oldest recorded pieces of piece of music, sombre Spark found a QE form tablet with music on it. What they figured with was music. They then figured out what the most likely How to describe it key that music could have been in, because obviously in, in the West at least, anyway, we're all listening to, we're all tuned in to enjoy the same kind of sounds and back in Sumeria not and they figured it out.
Three and a half, three, 3,400 year old piece of music. And It's not very good. Really.
It's it's not gonna, it's not gonna sell a lot, put it that way. , Spotify. I'm not looking at a, not a platinum record. No I'm jesting, I, of course, it's good. It's good because it's ancient and it's fascinating and all of that, but it's not gonna set the pulse racing . I will include it in the show notes.
It's on the open culture website. Just fasting. How is it possible that we can resurrect music from three, nearly three and a half thousand years ago? Okay. That's it. That's all I've got. No, it isn't. No, it isn't. I've got a special treat for you. Oh, . Oh, dear. Okay so there I am. Right there. I am. What is on Nathan's?
[01:28:11] Mark Westguard: sometimes Nathan's head? What's
[01:28:12] Nathan Wrigley: the above? Nathan said, what is it? Russian dolls. Oh, stop it. That was too easy. . Oh, those of you that are listening, I those of you that are listening I put a little mask on. It's not a mask as in, on my face. I put a mask that you can already see the bit at the top Russian dolls.
It is, yeah. Do you know what the real name for mu Russian dolls is? Cuz I did know it and I've forgotten it, but there is a, an actual Go on. Go and get it, mark. Go and get the thing. Go get the head.
Hang on, I'm gonna make you full screen. Wait, is that right? Go on. Let's have a look.
[01:28:50] Mark Westguard: This was Nathan in Asia.
[01:29:07] Nathan Wrigley: Oh. Can you wear that when we do the little wave at the end? Just you can do the 100 wave. Oh, that's absolutely brilliant. Mark was just showing this funny little cardboard cutout that he had made of yours, truly for Word Camp Asia. Listen, in all seriousness, thank you for joining us today. Mark and Bob, really appreciate it.
Thanks to anybody who has made the time to enjoy the show this week and write a comment. I really appreciate it. Don't forget, go and tell your friends. It's a bit of a laugh in it, and we just have a bit of fun and talk about WordPress at the same time. We'll be back. Next week and and hopefully will be all four of us.
So thank you so much. We're gonna do our wave that we do at the end and Mark's
Thank you so much. Take it easy guys. See you later.
Support WP Builds
We put out this content as often as we can, and we hope that you like! If you do and feel like keeping the WP Builds podcast going then...