This Week in WordPress #143

Welcome

Issue #143

So this is the last newsletter of the year, and... well... WHAT A YEAR! A year to remember and a year to forget!

We've seen lots of changes in the WordPress space, some exciting developments in Gutenberg, even more adoption of WordPress across the internet and the community staying close despite being far apart.

I'd like to wish you all a happy holiday season we'll be back in 2021 on 5th January.

For now though, check out some of the WordPress news from the previous week.

'This Week in WordPress' Sponsor

AB Split Test

Want to set up your AB Split test in record time, like a couple of minutes? Use your existing pages and test anything against anything else. Buttons, images, headers, rows... anything. The best part is that it works with Elementor, Beaver Builder and the WordPress Block editor. Check it out and get a free demo at absplittest.com

Community

State of the Word 2020: WordPress Moves Toward Full Site Editing

"WordPress enthusiasts around the world tuned into Matt Mullenweg’s annual State of the Word address this week, delivered virtually for the first time. Mullenweg recognized the community’s efforts in working together during a global pandemic, without the benefit of periodic in-person events that have traditionally re-energized collaboration on the project."

News – Introducing Learn WordPress

"Learn WordPress is a learning resource providing workshops, quizzes, courses, lesson plans, and discussion groups so that anyone, from beginners to advanced users, can learn to do more with WordPress. Learning how to use, build for, and contribute to WordPress is essential for anyone wanting to dive deeper into the software and its community."

Taking a different path – Tammie Lister leaves Automattic

"This year has been a lot for every single one of us. If you’d said at the start of this year I would be sat typing this, I would have not believed you. However, here I am writing this post. Tomorrow, Friday 11th is my last day at Automattic after 7 years."

But Wait, There’s MORE: Check Out the Fourth Round of Speakers For WordFest Live 2021!

"Check Out the Fourth Round of Speakers For WordFest Live 2021!"

Limited Client Access V's Full Access

This is a podcast episode that David and I did about 6 months ago, but it resurfaced on Facebook this week and there were some interesting comments. What level of permissions do you give your WordPress website clients, and how do you achieve that?

How to Start a Career in WordPress: A Step-by-Step Guide

"Starting a career in WordPress is something that would have seemed impossible just a few years ago. After all, we are talking about a piece of free software. How can working with that possibly put food on the table or provide for a family?"

G2 Components, a From-Scratch Reimagining of WordPress Components

“G2 Components is a project that embodies the idea of making user interfaces and user experiences better for others,” said Quach. “At the moment, it’s materialized as a Component System designed to work within the context and environments of Gutenberg and WordPress.”

How to Enable WordPress Debug Mode (2 Methods)

"Nobody likes to run into issues with their website. However, sooner or later, you might encounter a problem that requires some troubleshooting skills. One handy trick is to enable WordPress debug mode, which might sound confusing to users who don’t have any development experience."

Plugins / Themes / Blocks

BuddyPress 7.0.0 Adds 3 New Blocks and Admin Screens for Member and Group Type Management

"BuddyPress 7.0.0 “Filippi” was released this week, following WordPress 5.6 to ensure compatibility. This version was named for Filippi’s Pizza Grotto in California. It requires WordPress 4.9+, but sites that are not using the block editor will miss out on many of the new features that make BuddyPress websites easier to customize."

Fast Brings One-Click Checkout to WooCommerce Stores

"Online shopping almost always involves a lengthy checkout form where customers have to enter passwords, addresses, and payment information nearly every time. This tedious experience is magnified when gift-giving holidays roll around. Fast’s founders have set out to solve this problem with products aimed at modernizing the checkout experience to enable one-click purchasing."

DebugPress

"DebugPress is an easy to use plugin implementing popup for debugging and profiling currently loaded WordPress powered website page with support for intercepting AJAX requests. The main debugger window is displayed as a popup, activated through the button with the Bug integrated into WordPress Toolbar, or floating on the page."

Gravity Forms 2020: A Year in Review (and a sneak peek at 2021!)

"2020 has seen unprecedented challenges and changes for everyone, and we wanted to start by saying thank you to every one of our customers for sticking with us through these tough times and ensuring that our community has remained as strong as ever. We have really appreciated your on-going support!"

Introducing Elementor Beta Developer Edition: A New Way for Developers to Impact Elementor

"The new Developer Edition gives advanced users and developers the ability to test new features and share feedback with the Elementor development team."

Jump Start Block-Based Theme Development With the FSE Theme Generator

"Block-based themes are not complicated. Their structure is almost simple enough that developers are unlikely to need a tool to generate a blank theme. However, for those unfamiliar with how themes are built for the upcoming full-site editing (FSE) feature, a boilerplate is a good place to start."

Record and Track Past Events With the LifePress Calendar Plugin

"Two weeks ago, Ashan Jay released LifePress to the WordPress plugin directory. It is an interactive, front-end calendar for tracking past events — a journal of sorts. For a version 1.0 launch, it has enough features with just the right touch of simplicity to show promise."

Security

A Challenging Exploit: The Contact Form 7 File Upload Vulnerability

"Contact Form 7, arguably the most widely used WordPress plugin, released a security patch for an unrestricted file upload vulnerability in all versions 5.3.1 and lower. The WordPress plugin directory lists 5+ million sites using Contact Form 7, but we estimate that it has at least 10 million installations. One of the important features of Contact Form 7 is the ability to allow file uploads as a part of a form submission. While uploaded filenames are sanitized during the upload process, reviewing the patch indicates that an attacker could potentially bypass some of Contact Form 7’s filename sanitization protections when uploading files by adding control characters or invisible separators."

WordPress Redux Plugin Vulnerability Affects +1 Million Sites

"Redux Gutenberg Blocks Library & Framework, with over 1 million active users, patched a CSRF vulnerability. Redux, a popular WordPress plugin with more than 1 million active installations recently patched a vulnerability. The vulnerability allowed an attacker to bypass security measures in a Cross-Site Request Forgery (CSRF) attack."

The NoneNone Brute Force Attacks: Even Hackers Need QA

"For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period. These attacks attempt to guess the password of an authorized user on a site, and some of our users have noticed an odd phenomenon: brute force attacks with the username and password set to “None” or “NoneNone”. Since these requests are targeted against xmlrpc.php, changing the admin URL won’t prevent attackers from sending these requests."

Have You Been Hacked? How to Clean Your Site and Get Off Google’s Blocklist

"So, did it hurt? When you landed at the bottom of the SERPs, I mean, and Google slapped a scary red warning message on your site telling people to keep out. If this happened due to an error on your part (bad SEO, shady linking tactics, etc) that’s one thing. But if your site was hacked and now contains malicious code, that’s just adding insult to injury – and can really damage your reputation."

WP Builds

'A' is for Appointments - WP Builds Weekly WordPress Podcast #210

It’s the first of a series of chats called the A-Z of WordPress. Very impressive sounding! The idea is that over 26 episodes we will cover all of the major aspects of building sites with WordPress. We all know that this is a ridiculous claim, but there you go, it’s about as click-baity as we get! It’s uncanny that we there are 26 letters in the alphabet and we’re going to do these every two weeks, which means that you’ll be having to put up with this for a whole year! So we start with… ‘A’ is for Appointments

Not WordPress, but useful anyway…

The internet was invented for this... Blob Opera

"Create your own opera inspired song with Blob Opera - no music skills required ! A machine learning experiment by David Li in collaboration with Google Arts & Culture."

4 of the Worst Content Campaigns in History (And Lessons to Learn From Them)

"Publishing the wrong content can send your brand spiraling (think hate messages and millions of $$ lost). Here are 4 content campaigns not to emulate."

Learn the fundamentals of UX & UI Design

"Learn the fundamentals of UX & UI Design, including design laws and principles, visual design, and design processes."

Google Tests Interactive Search Results

"Google is testing a search results page that allows users to click and view images from the web pages. Could impact click through rates."

Facebook Goes on the Offensive Against Apple Over Coming Changes to In-App Data Tracking

"Facebook's gone on the attack over Apple's coming changes to its Identifier for Advertisers - or IDFA - in iOS 14, which will likely make it much harder for companies to track user activity within apps, as users will be specifically prompted to approve or reject all forms of data tracking."