EDITS.WS

Author: Sarah Gooding

  • Real-Time Collaboration Is Coming to WordPress

    Gutenberg Phase 3 is officially in the planning stage, as the Site Editor is set to exit the beta in 6.2 and the major tasks of Phase 2 are nearing completion.

    Gutenberg lead architect Matias Ventura published a preliminary outline of what is planned to be included in the next “Collaboration” phase of the project. Real-time collaboration is at the top of the list, the likes of which users have previously experienced in apps like Google Docs.

    “Imagine being able to work together in real-time across all block editors, crafting content and designs seamlessly without being locked out of editing,” Ventura said. “The goal is to provide all the necessary infrastructure and UI to handle multiple users working together on the same content simultaneously, making it easier to create, edit, and customize web pages and posts as a team.”

    In a recent episode of the WP Briefing podcast, WordPress core contributor Héctor Prieto said he predicts this feature will take the most work.

    “I would say, in general, the real-time collaboration sounds the most technically challenging because of what it represents and all the changes needed to how we interact with WordPress from async to sync, basically,” Prieto said. “That would be the hardest part. I think there are also already a few prototypes working, but we need to see how that scales, for example.”

    Prieto was referencing Gutenberg engineer Riad Benguella’s AsBlocks project, which he introduced on his blog in 2020 and is available on GitHub. Another prototype, “Block Collab: New package, a framework for collaborative editing,” currently exists as a draft PR created by Gutenberg contributor Enrique Piqueras.

    AsBlocks demo video

    Asynchronous collaboration will also get some attention in this phase, which includes features like sharing drafts for content and design changes, inline block commenting, assignment review, improved version control, and task management. These are features that are currently available to WordPress users through a variety of different plugins.

    “The goal is to enable users and larger teams to collaborate on projects and its different parts at their own pace and based on their workflows,” Ventura said.

    Ventura also identified Publishing Flows and improvements to the Post Revisions interface as parts of the Collaboration phase. This would include features like an interface for editorial requirements, customized goals, and task completion prerequisites before publishing. Post Revisions would become more visual, inclusive of individual blocks, and may even be updated to to support more complex scheduling requirements across multiple parts of the site.

    Collaboration may less critical to WordPress’ success than world-class publishing capabilities but it will be refreshing to look past the editors to begin improving the admin experience. There are a few pieces of the puzzle that will will require contributors to jump in on getting WordPress’ admin to the place where it can handle more modern collaboration workflows. Ventura said part of this project is to begin the process for an admin design update and navigation work, improving admin notices and the UI library of design components, as well as the ancient admin list views.

    Ventura also loosely outlined a Library focus area that would introduce a place for managing blocks, patterns, styles, and fonts.

    “As part of this work, also look at what improvements can be done to enhance the media library design, interactions, and extensibility,” Ventura said. He confirmed to commenters that this part of the project was left “intentionally vague as it needs a bit more thinking.”

    The last item in the Collaboration outline is a global search and command component that would be extensible and allow admins to navigate directly to content or different admin areas as well as run comments like “create new post” or “toggle top toolbar.”

    “As AI tools are taking the world by storm, this could also play an important role in letting plugin authors integrate novel solutions that are prompt based in nature,” Ventura said.

    Although Ventura assured readers that projects related to prior phases will continue, such as more blocks, improved tables, grid layout system, and the block API roadmap, there are those who would like to see more time spent on editing and customization before moving on.

    “I love the initiative, but I wish they’d slow down and focus on the overall WordPress experience and mobile design tools, which affect virtually every user,” WP Engine developer Mike McAlister said in October 2022. “Collaboration tools won’t make or break WordPress, but the user experience will.”

    In March, McAlister commented again on the pace of the Gutenberg project’s phases. “I would add a new phase of User Experience between 2 and 3,” he said. “We need a whole phase dedicated to refining the experience of all these great new tools.

    “I am very optimistic about all of the features, but even as a veteran WordPress builder, the experience is still quite maddening at times. I don’t know if we’re spending enough time understanding the problems before implementing solutions and moving on to the next thing.”

    Ventura said the timing for breaking ground on the Collaboration phase would not be the 6.3 release coming in August 2023. Contributors are still working towards refining the customization experience as WordPress prepares to bring the Site Editor out of beta in the 6.2 release. He encouraged people to share feedback in the comments on the post if there are any items they were hoping to see as part of the Collaboration phase.

  • Block Visibility 3.0.0 Makes Pro Version Free, Adds Browser and Device Control, Visibility Presets, and More

    WordPress contributor and developer Nick Diego has released version 3.0.0 of his Block Visibility plugin, which allows users to conditionally display blocks based on specific user roles, logged in/out, specific users, screen sizes, query strings, ACF fields, and more.

    The biggest change in this update is that Diego has decided to merge the Pro version with the free plugin so users no longer have to purchase a commercial add-on to get extra features. Diego launched the pro version in 2021 to help support his efforts developing the free plugin but said this is no longer necessary.

    “Originally I had planned on developing a plugin business,” he said. “But I found my love for building, contributing, and educating surpassed my desire to be an entrepreneur in the plugin space. This way, I can focus on my passion and also support the community.”

    Version 3.0.0 includes previously pro features such as browser and device control that allows for displaying custom content based on the browser and/or device of the current user. It also adds Location control, which isn’t what it sounds like. It allows users to show or hide content based on where the block is located on the website and attributes of its location. Blocks can be conditionally displayed based on post taxonomy, post type, and other rules that offer more control over block visibility than one might ever have imagined possible.

    Block Visibility documentation on Browser and Device Control

    This update brings in controls for Cookies, Metadata, Referral Source, and URL Path. It expands the Date & Time control to include Day of Week and Time of Day.

    Visibility Presets is another mind-blowing new feature in this release, the kind that makes you wonder how this could be a free plugin. It allows users to create a collection of visibility conditions that can be applied to other blocks with a single click. Blocks can have multiple presets applied, and Diego said this is just the first iteration of this feature.

    Block Visibility documentation on Visibility Presets

    This release includes everything except the WooCommerce and Easy Digital Downloads controls, which include conditional block logic for shopping cart contents, product details, customer metrics, and more. Diego plans to add those later in April with the next version (3.1.0), so he can make a few further changes to them before including them in the free version. Users who rely on the WooCommerce or Easy Digital Downloads controls will need to wait until the next release to deactivate the Pro add-on.

    The Block Visibility plugin’s documentation is already extensive, with videos, screenshots, and tutorials for nearly every feature. Diego said he will be investing more time into documenting how developers can create their own Block Visibility extensions. The plugin currently has more than 9,000 active users and will likely see more growth now that the pro features are getting rolled into the free version.

  • WooCommerce Payments Plugin Patches Critical Vulnerability That Would Allow Site Takeover

    WooCommerce Payments, a plugin that allows WooCommerce store owners to accept credit and debit card payments and manage transactions inside the WordPress dashboard, has patched an Authentication Bypass and Privilege Escalation vulnerability with a 9.8 (Critical) CVSS score. The plugin is active on more than 500,000 websites.

    Beau Lebens, WooCommerce’s Head of Engineering, published an advisory about the vulnerability today, which he said “could permit unauthorized admin access to impacted stores” if exploited. It was discovered by a security researcher participating in WooCommerce’s HackerOne program.

    WooCommerce worked with WordPress.org to push out a forced update for sites running WooCommerce Payments versions 4.8.0 through 5.6.1 to patched versions. Many store owners have automatic updates turned off to ensure proper testing before updating. Now that the vulnerability has been made public, it is imperative that all stores running version 4.8.0+ of the plugin update manually as soon as possible. WooCommerce sites hosted on WordPress.com, Pressable, and WPVIP have already been patched.

    At this time WooCommerce does not have any evidence of the vulnerability being exploited but the plugin’s engineers recommend checking for any unexpected admin users or posts addd to the site. The advisory includes further details of what to do if you believe your site has been impacted. As a cautionary measure, WooCommerce has temporarily disabled the WooPay beta program since the vulnerability impacts this new checkout service they have been beta testing.

  • Navigating the New Era of AI-Assisted Code Generation in WordPress

    The world is learning new ways of moving faster with the help of AI, as the increased availability of the technology is poised to transform the way humans work. Generitive AI is decades old but recent advances and new tools like DALL-E (launched in January 2021) have made AI more accessible to the public.

    When ChatGPT arrived in November 2022, it sparked an explosion of tools built to extend its capabilities to nearly every aspect of work. Conversational AI tools can now handle a myriad of mundane tasks like updating your resume, reading and summarizing PDFs, and creating slides for presentations. Yesterday Google announced it is testing Bard, its AI chatbot rival to ChatGPT and Bing AI. In the fast-moving world of companies innovating with AI, GitHub also announced Copilot X, which is powered by GPT-4 and adds Copilot to pull requests, docs, and the command line and introduces chat and voice features for Copilot.

    WordPress plugin developers are adopting AI-powered tech and building it into their products, such as RankMath’s AI-generated suggestions for creating SEO-friendly content, WordPress.com’s experimental blocks for AI-generated images and content, and a Setary’s plugin that uses AI to write and bulk edit WooCommerce product descriptions. The wpfrontpage site is tracking these plugins but WordPress.org also lists dozens of plugins with AI, many of them created to write content or generate images.

    In addition to adding AI to plugins, developers have attempted to have ChatGPT build plugins for them, with varying degrees of success:

    So far developers report having more success with ChatGPT than Bard. In some cases the creation process is incomplete and requires some expertise to ensure the plugin will work, but it’s also opening up the world of plugin development to those who would not be able to create one without hiring a developer.

    WordPress developers who want to share their AI-assisted creations with the community have also started submitting them to WordPress.org.

    After receiving a string of violations, WordPress’ Plugin Team is warning developers that code submitted to the official directory must be GPL compatible.

    “There is no guideline AGAINST using generated code,” Plugin Review Team rep Mika Epstein said.

    “You’re welcome to use whatever tool you want to build plugins. That said, you are 100% responsible for that code if you chose to host it here…

    “But the important bit here is that it means if ChatGPT, for example, built your plugin, you have to verify that all the code used is GPL compatible. Just like you are expected to validate licenses on libraries and code-snippets, everything in your plugin has to be GPL compatible. Should we determine that your code is a copy of someone else’s or includes code from non-GPL plugins, your submission will be rejected and any live plugins will be closed.”

    Epstein cited an example where a developer built a “scroll to top” plugin with code that was copied from another, existing plugin hosted on WordPress.org. It was submitted five times and rejected every time.

    “Yes it’s fine to fork code,” Epstein said. “You have to credit them, however, and that’s something those AIs have been pretty bad at doing.” 

    Commenters noted that autocomplete in modern IDEs workin in a similar way, as well as snippets. These types of tools can enhance productivity but prospective plugin developers who may not be as informed about software licensing, should stay away from wholesale copying another’s work without crediting them. This may require doing some extra research on the code that AI spits out.

    In this new era of AI-assisted creation, we have essentially hitched our wagon to a star, as Ralph Waldo Emerson described in his essay on Civilization in 1870:

    Now that is the wisdom of a man, in every instance of his labor, to hitch his wagon to a star,’ and see his chore done by the gods themselves. That is the way we are strong, by borrowing the might of the elements. The forces of steam, gravity, galvanism, light, magnets, wind, fire, serve us day by day and cost us nothing.

    Ralph Waldo Emerson, Civilization

    That decade brought humanity inventions like the phonograph, telephone, and the incandescent light bulb, followed by the automobile in the next decade. Emerson’s essay explores man’s relationship to technology where principles—”justice, love, freedom, knowledge, utility”— are the guiding light and accelerant of technology’s impact.

    The GPL is one of those principles for the WordPress community, which has enabled its uncommon growth and its wildly successful ecosystem. There are still a lot of grey areas when it comes to licensing and the code generated by AI. Developers would do well to use AI-generated code for inspiration and give credit where they can.

    Web developer Mark Praschan created his first plugin for WordPress.org using ChatGPT. He used the free version, gave it a few prompts describing what he wanted it to do, and ChatGPT produced a functional plugin.

    NorthStar allows users to display a message in the WordPress admin bar with settings to customize it along with the text and background colors.

    “The first version worked great,” Praschan said. “I made a few small aesthetic improvements to the settings page and the display of the message, but we were already 95% of the way there!”

    Praschan also had ChatGPT design an ASCII Art logo for the plugin. It required a few back-and-forth prompts but took just a few minutes before it was ready to be copied and pasted into Photoshop.

    The plugin did not pass the code review on the first try for two reasons that Praschan shared on Twitter:

    • Issue # 1: Variables and options must be escaped when echo’d. There were 2 instances of not “escaping late”
    • Issue # 2: Generic function/class/define/namespace names. One function was missing the “northstar_” prefix.

    “How did I fix it? I made ChatGPT do it, of course,” Praschan said. “I copy/pasted the problems and a few snippets of my code and it spat out the fixed code.”

    There are more of these plugins coming – where a person need only dream up the idea and prompt their chosen AI tool for the code. These will more than likely be simple plugins for the time being, but it’s not too early to establish some best practices for using code generators. WordPress is navigating new territory where anyone can create a plugin with a dash of creative prompts and very little code experience.

  • The Mercantile Reopens with Limited Edition 20th Anniversary WordPress Swag

    The Mercantile, WordPress’ official swag store, was closed for updates but has relaunched with the highly anticipated limited edition 20th anniversary swag.

    In celebration of the milestone, the store has added an array of keepsakes, including sweatshirts, pennants, a “Code is Poetry” t-shirt, stainless steel tumbler, pet bandana, commemorative sticker sheets, and more. What WordPress swag collector can pass up the WP20 Wapuu keychain?

    Unlike years past, where the swag store seemed like its own separate site, this relaunch makes the store a more natural part of the WordPress project’s website. It runs on WooCommerce and shares the same updated design as the rest of WordPress.org with the vibrant blue that has made its way into the 20th anniversary logos.

    The limited edition swag is available while supplies last. Unfortunately, international shipping rates are hefty, a complaint the store has received for years. It makes it cost-prohibitive to order a single t-shirt or sweatshirt outside the U.S. when the shipping costs twice as much or more than the product. Hopefully, this year’s docket of WordCamp events will provide other avenues for distributing 20th anniversary swag to WordPress’ global community through well-stocked pop-up shops.

  • Admin Menu Tree Page View 2.8 Now Supports All Public Post Types 

    The Admin Menu Tree Page View plugin, which adds a tree-view layout of content in the WordPress admin, has been refactored to support more content types. The plugin is an admin utility similar to Hierarchy or the commercial OrganizeWP plugin that reworks the CMS to show content in one place, but it offers a simpler set of features for free with no ads or upsells. These types of plugins are valuable tools on larger, CMS-heavy WordPress sites.

    Previously, the Admin Menu Tree Page View plugin focused on pages, allowing users to better visualize the page hierarchy/tree structure, add pages directly after or inside another post, and easily reorder pages via drag and drop.

    Version 2.8 adds support for all public post types – posts, pages, and custom post types, which was a long requested feature. The plugin’s author, WordPress developer Ciprian Popescu, said adding more post types made the dashboard menu unmanageable and the backend slow, requiring him to update the plugin to us a top-level menu page.

    “The solution here was to move the pages to a top level menu page,” Popescu said. “This increased the ‘one click away’ feature to ‘two clicks away,’ which is not a bad trade-off in my opinion, especially when all public post types are now available in a hierarchical tree layout. Having a separate page now removed the need for collapsing the child <ul> elements, as the purpose of this plugin is to quickly see all your pages in a bird’s eye view manner.”

    Version 2.8 also removes some redundant features, cookies, and JavaScript resources, as the expand/collapse functionality is no longer necessary. Next on the roadmap for future releases Popescu is working on adding caching for post types, removing the jQuery and jQueryUI dependency, and improving dragging and dropping to work inside child elements.

  • CloudFest Hackathon 2023 Kickstarts Innovative WordPress Projects: VS Code Extension for In-Browser Development, WapuuGotchi Gamification Plugin, and More

    More than 6,000 people are attending CloudFest in Europa-Park, Germany, this week. A strong contingent of WordPress developers and contributors are among them. During the Hackathon portion of the event, web professionals gather for a friendly competition, tackling problems for existing not-for-profit, OSS projects, creating solutions with a concentrated effort at a quicker pace than remote collaboration usually allows.

    Several WordPress-related projects have been put into action at the Hackathon, including the following:

    Automattic engineer Daniel Bachhuber published a preview of the in-browser WordPress development environment enabled by an experimental VS Code extension that uses WebAssembly to run WordPress entirely in the browser.

    “Forget spending hours setting up a local development environment at your next Contributor Day,” Bachhuber said. “Simply install the WordPress Playground VS Code extension, run ‘Launch WordPress Playground’ from the command launcher, and you’ll have a fully mostly functional WordPress installation right inside your editor.”

    Bachhuber emphasized that the extension was built for demonstration purposes but is available on GitHub for anyone who wants to contribute or report bugs. A more in-depth tour of the extension is available on Automattic’s developer blog.

    In addition to the VS code previewer for WordPress plugins, the Hackathon team working with WordPress Playground is also experimenting with using the block editor in the browser and working with the Terminal and PHP, wp-cli, and PHPUnit – all in the browser.

    The WapuuGotchi project, which aims to gamify WordPress with a customizable Wapuu, notifications, and rewards, has its own Twitter account and website where those interested can follow along with their progress.

    image credit: WapuuGotchi Hackathon Wrap-Up

    “The audience was captivated as we demonstrated the customizable Wapuu assistant, which can be tailored to suit individual preferences by selecting unique outfits and accessories,” WapuuGotchi design contributor Dennis Hipp said.

    “We also highlighted WapuuGotchi’s backend interaction capabilities, showing how it can guide users through updates, provide helpful tips, and offer reminders for important tasks. The presentation concluded with an invitation for Plugin authors to collaborate with us and integrate their Plugins into the WapuuGotchi ecosystem.”

    The Wappspector project, which aims to create a CLI utility to analyze the file structure of a web hosting server and identify the frameworks and CMS used in the websites hosted on it, made significant progress during the Hackathon. The app added seven more CMS identifiers and will soon be ready for testing on control panels. The app focuses on CMS and e-commerce applications but will also have an extendable mechanism allowing hosting providers to customize it to suit their needs.

    CloudFest 2023 added a new WordPress Day, dedicated to helping internet infrastructure professionals learn more about WordPress’s footprint and ecosystem, and hear from some of the top WordPress plugin developers and security experts. The event was held earlier today on March 20, and featured 12 sessions on WordPress.

  • WordPress Launches Wapuu Coloring Giveaway to Celebrate Upcoming 20th Anniversary

    Wapuu lovers who are looking for a relaxing weekend activity will want to check out WordPress’ recently launched Wapuu Coloring Giveaway. The challenge is to style your own 20th anniversary party Wapuu using crayons, markers, colored pencils, pastels, or even digital drawing tools.

    Three random entries will be selected (which is why it’s called a giveaway and not a contest) to receive limited edition swag:

    You have a chance to win one of three WP20 Swag Kits, complete with a variety of unique anniversary goods. From lapel pins to stickers, and some surprise mystery items, they’ll be a memorable collection for this milestone moment in WordPress history. 

    Participants will need to download the Wapuu coloring set, which comes in different file types (.pdf, .png, .svg, and .ai). Finished wapuu coloring creations can be shared on Twitter using the #WapuuWP20 hashtag to enter the giveaway. So far there are just a handful of party wapuus that have been submitted via Twitter, but email is another option if you want to send it privately or don’t have a Twitter account.

    Entrants must be 18 years old to win, but the coloring page is fun for kids even if they won’t have the chance to win swag. WordPress will celebrate its 20th anniversary on May 27, but the deadline to submit wapuu creations is April 17, 2023, at 03:59 UTC. Winners will be contacted via Twitter or email.

  • Equalize Digital Raises Pre-Seed Funding for Expanding Accessibility Checker Plugin Development

    Equalize Digital, a WordPress accessibility products and consulting company, has received an undisclosed amount of pre-seed funding from Emilia Capital, the investment company owned by Joost de Valk and Marieke van de Rakt. The investment will be used to accelerate the growth of Equalize Digital’s Accessibility Checker plugin, a tool for auditing websites for WCAG, ADA, and Section 508 accessibility errors.

    Emilia Capital now owns part of the company, although its owners were not given seats on the board. Equalize Digital founder and CEO Amber Hinds said they will be serving as advisors and playing a role in strategic planning, especially around marketing and plugin development.

    The Accessibility Checker plugin currently has approximately 2,000 active installs, according to WordPress.org stats, and the commercial upgrades make up a small percentage of Equalize Digital’s current revenue.

    “We built the initial MVP in 2020 with an SBA loan and since then the plugin has been bootstrapped by profits from the service side of our business,” Hinds said. “My partner Steve and I have been splitting our time between client work and working on the plugin.

    “We decided to bring on an investor because our ultimate goal is for the product to make up a significant portion of our revenue. It’s challenging to rapidly grow a product that isn’t yet self-sustaining, hence seeking investors. The funds will allow us to have full-time team members building new features, and also further invest in marketing, education, and sales than was possible while we were bootstrapping.”

    Hinds said the features her team is targeting are aimed at making the plugin a more competitive accessibility auditing tool when compared with other existing SaaS solutions.

    “Our focus right now is making our reports easier to understand by less technical users,” Hinds said. “The next major release with be a feature that allows people to click a button and highlight elements on the front end of the website, which will make it easier to find the element flagging the issue without having to interpret a code snippet.

    “Other features that we have on the road map include scanning and reporting on archive pages for posts and taxonomies, improved scanning of non-English sites, and the ability for accessibility testers to log issues found during manual accessibility audits.”

    Hinds said she was encouraged by the findings in the recent Admin Bar survey of WordPress professionals, which showed that 76.9% report they are striving for best practices when it comes to website accessibility, a significant increase from the previous year. With the new investment, Equalize Digital will be able to do more marketing to increase awareness and adoption of its tools.

    “Ultimately I would like to see accessibility being considered during website builds in the same way that SEO is, and we’re hoping that our plugin will central to that,” Hinds said. “It’s why the free version of our plugin is much more full-featured than similar plugins. Other accessibility tools are prohibitively expensive for small businesses and bloggers. We’re aiming to build a tool that makes accessibility testing available to everyone.”

  • Local 6.7.0 Adds Long-Requested Site Grouping Feature

    WP Engine’s Local development app has released version 6.7.0 with Site Grouping, a highly requested feature that will greatly improve users’ workflows. It allows users to create custom groups in the sidebar of the Local dashboard page for better organization of their sites.

    Local users have been asking for this feature since 2017, as many are managing dozens of WordPress sites. In June 2022, the Local development team began designing and then building the feature a couple months later, incorporating feedback from user interviews and usability testing.

    In the new Site Grouping feature, sites can be easily dragged between groups and groups can be reordered up or down, as illustrated in the release notes.

    Local 6.7.0 release notes

    Another handy feature released with Site Grouping is the ability to start, stop, restart, or delete all the sites in a group from the context menu (the three dots to the right of the group name). Sites can also be sorted by how recently they were used via the clock icon at the top of the groups sidebar.

    To get users started, all their Starred sites have been placed in a new Starred group at the top of the sidebar. Full documentation for using the new Site Grouping feature is available in Local’s help resources.

    WP Migrate, formerly known as WP Migrate DB and recently acquired by WP Engine, introduced full-site exports and imports to Local in January 2023. Local version 6.7.0 improves imports from WP Migrate so that they auto-select the PHP, web server, and database version closest to the production environment if Local offers the same major/minor version.

    This release also includes several bug fixes with Local importing or pulling to an existing site, where the site’s existing settings or environment were not applied. If you experienced this bug, make sure to update to the latest 6.7.0 release before attempting more imports.