This Week in WordPress #160

Welcome

Issue #160

Another week, and we're bringing you the latest WordPress news from the last seven days, including...

Anne McCarthy explains all about Full Site Editing on the WP Tavern podcast
Toolset Blocks 1.5 bring significant speed update
There's a new form builder in town called Formality
Jetpack Boost is a new speed optimisation plugin
There a couple of jobs, and...
Should companies be banned from WordCamp advertising if they are not always happy to say nice things about WordPress?

There's a whole lot more than this, as there is each and every week, and you can find all that by scrolling down and clicking on the links!

This Week in WordPress

This Week in WordPress #160 - "The Ugly Wave"

Recorded on Monday 26th April 2021. With Nathan Wrigley, Paul Lacey and Lee Matthew Jackson.

Each week we discuss some of the the stories (from below) which captured our attention. It's like this newsletter but with real people!

If you ever want to join us live you can do that every Monday at 2pm UK time on the WP Builds LIVE page.

Community

Upcoming FSE Outreach Program Schedule

"In light of the 5.8 planning and next steps, I wanted to share the upcoming schedule for the FSE Outreach Program in order to ideally help people participate more in what’s to come. As changes occur and I’m able to create plans further out for 5.8, I’ll edit this post and note exactly what I changed at the very end of this post. I do expect changes so please see this all as what I anticipate vs set in stone plans..."

Anne McCarthy on How Full Site Editing Will Impact WordPress

So the podcast today features Anne McCarthy. Anne is Developer Relations Wrangler for Automattic. Her work is focussed on the WordPress.org space, and she is leading the Full Site Editing Outreach Program. She's helping people contribute feedback about FSE and support the development of the project.

WordPress Contributors Propose Blocking FLoC in Core

"WordPress contributors are proposing the project take an active position on Google’s Federated Learning of Cohorts (FLoC). This particular mechanism is Google’s alternative to third-party cookies that doesn’t require collecting users’ browsing history. The GitHub repository for FLoC explains how Google will group people together and label them using machine learning..."

Plugins / Themes / Blocks

Simply Schedule Appointments Integration

"Simply Schedule Appointments integrates with The Events Calendar to let users book appointments for your events..."

[FSE] Full-Site Editing Preview: The What, Why, and How of Global Styles

"Global Styles is one of the most exciting features of Full-Site Editing. Parts of this feature will be shipped with WordPress 5.8 in June.Now you might say..."

New Form Builder - Formality

"Forms made simple (and cute). Designless, multistep, conversational, secure, all-in-one WordPress forms plugin..."

Give affiliates a premium experience with the new Affiliate Portal

"We have released the Affiliate Portal pro add-on! From now until the end of this month enter PORTAL at checkout. You’ll save $50 on any new Professional license (first year only) or on upgrades to the Professional license..."

Toolset Blocks 1.5 - Faster Sites for Better SEO Ranking

"In June 2021, Google will start ranking pages by speed. Toolset Blocks 1.5 includes the performance optimizations that help your sites reach top positions in search results..."

Automattic Launches Jetpack Boost: A New Performance Plugin

"The Jetpack team has been quietly testing a new plugin called Jetpack Boost, which addresses website owners’ performance and SEO concerns. Version 1.0 was released today, one month after the final pre-release came out in March..."

Gutenberg 10.4 Introduces Block Widgets in the Customizer

"The latest release of the Gutenberg plugin (10.4) brings block widgets into the Customizer. When customizing widget-enabled areas, a new block inserter icon is now available for dropping blocks into sidebars. This is the first iteration of block management in the Customizer, tackling the technical integration for editing blocks while also taking advantage of the live preview in the Customizer..."

Security

PSA: Remove Kaswara Modern WPBakery Page Builder Addons Plugin Immediately

"Today, April 21, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a premium plugin that we estimate has over 10,000 installations. This vulnerability was reported this morning to WPScan by “Robin Goodfellow.” The exploited flaw makes it possible for unauthenticated attackers to upload malicious PHP files to a WordPress site and ultimately achieve remote code execution to take over the site..."

Widespread Attacks Continue Targeting Vulnerabilities in The Plus Addons for Elementor Pro

"Over the past 10 days, Wordfence has blocked over 14 million attacks targeting Privilege Escalation Vulnerabilities in The Plus Addons for Elementor Pro on over 75% of sites reporting attacks during this period. By April 13, 2021, this campaign was targeting more sites than all other campaigns put together. Number of sites attacked per day..."

Severe Vulnerabilities Patched in Redirection for Contact Form 7 Plugin

"On February 11, 2021, our Threat Intelligence team responsibly disclosed several vulnerabilities in Redirection for Contact Form 7, a WordPress plugin used by over 200,000 sites. One of these flaws made it possible for unauthenticated attackers to generate arbitrary nonces for any function. The second flaw made it possible for authenticated attackers to install arbitrary plugins and inject PHP Objects. The third flaw made it possible for authenticated attackers to delete arbitrary posts on a site running the plugin causing a loss of availability..."

Patchstack Whitepaper: 582 WordPress Security Issues Found in 2020, Over 96% From Third-Party Extensions

"Patchstack, which recently rebranded from WebARX, released its 2020 security whitepaper. The report identified a total of 582 security vulnerabilities. However, only 22 of the issues came from WordPress itself. Third-party plugins and themes accounted for the remaining 96.22%..."

WordPress Vulnerability News, April 2021

"WordPress vulnerability news is a weekly digest of highlighted WordPress plugin security vulnerabilities or vulnerability discloses that have been published. In April we have listed 28 vulnerable plugins and themes that affected more than 4.5 million sites..."

WP Builds

'I' is for Images - WP Builds Weekly WordPress Podcast #226

This is another A-Z of WordPress where we attempt to cover all the major aspects to building and maintaining sites with WP. Today is I for…IMAGES (we could include ICONS too)

Jobs

We're Hiring! - GeneratePress

"We’re looking for an experienced full stack WordPress developer to help us with GeneratePress and our other projects (WP Show Posts and GenerateBlocks)..."

Remote WordPress Developer

Remote WordPress Developer at Iconic

Not WordPress, but useful anyway…

Oxford Malaria vaccine proves highly effective in Burkina Faso trial

"Vaccine developed by scientists at Jenner Institute, Oxford, shows up to 77% efficacy in trial over 12 months..."

The obscure maths theorem that governs the reliability of Covid testing

"Maths quiz. If you take a Covid test that only gives a false positive one time in every 1,000, what’s the chance that you’ve actually got Covid? Surely it’s 99.9%, right? No! The correct answer is: you have no idea. You don’t have enough information to make the judgment..."

Google Web Stories WordPress Plugin Updated With Embedding Capabilities

"Embedding Web Stories on webpages is easier with an update to Googles Web Stories WordPress plugin..."