EDITS.WS

Category: wptavern.com

  • Bluehost Launches WonderSuite Product with AI-Powered Site-Building Guide

    Bluehost launched its new WonderSuite product this week, which introduces a setup and site creation experience guided by AI. In September 2022, the hosting company debuted its managed WooCommerce packages after acquiring YITH, a WordPress plugin company with more than 100 WooCommerce extensions. The new WonderSuite product is included in all Bluehost WordPress hosting plans and is not specific to online stores.

    WonderSuite brings together solutions from YITH and Yoast and integrates them into a new unified design that is based on Yoast’s open source React component library. This interface was introduced as an update in Yoast 20.0 with mixed feedback. Although many users reacted positively to the modern design, some are not keen on plugins building their own UI in the admin. Bluehost is using this component library to streamline and unify the UI for its various products inside the admin.

    WonderSuite is aimed at small and medium-sized businesses, agencies, and freelancers who are just getting online. The major update here is the WonderStart onboarding experience that asks the user specific questions and then populates other parts of the website building process with their answers. For example, social media handles will automatically sent to SEO optimization and added to the social buttons block.

    Bluehost also pulls the WonderStart data into the WonderBlocks, which are used to create a library of block patterns and page templates using images and suggested text based on the user’s entries during onboarding. All of this works with the block-based YITH Wonder Theme, which is free on WordPress.org and active on more than 10,000 sites.

    Wonder theme users have access to some patterns and templates but Bluehost customers have more designs available to them in combination with WonderBlocks. Those hosting with Bluehost who don’t want to use the default Wonder Theme will can still use the WonderBlocks pattern library with any block-based theme.

    Bluehost is one example of a host that is putting AI to use inside the admin. The new WonderHelp section is an AI-powered guide that users can tap into during the site-building process. Users can ask it to create a blog and the feature will provide a guide inside the site builder with instructions for what to do on each page.

    The company is working on a feature called WonderAssist that is anticipated later in 2023. It will provide AI-powered content generation with relevant copy, product descriptions, and SEO-friendly excerpts integrated with the other parts of WonderSuite.

    Bluehost’s e-commerce customers also have access to WonderCart, which provides a collection of cross-sell and upsell features, along with promotional and discount options inside a single, unified interface, instead of spread across multiple plugins and tools.

    Existing Bluehost customers can find the updated plugin in their WordPress sites with the new products available. Onboarding is currently only available for users starting new websites but a representative said they are working on creating a path that allows existing customers to re-route through the onboarding experience.

  • WordPress Plans Ambitious Admin UI Revamp with Design System, Galvanizing Broad Support from the Developer Community

    WordPress’ admin is on deck for a long-awaited makeover after Gutenberg lead architect Matías Ventura published plans for a revamped admin design as part of the Phase 3: Collaboration road map.

    “As WordPress turns twenty years old, the overall aim of this work is to improve upon this experience at a foundational design level, giving plugins and users more control over the navigation while ensuring each WordPress experience is recognizable, intuitive, accessible, and delightful,” Ventura said.

    His post is a follow-up to some earlier admin concepts he published a year ago which evolves the admin towards more fluid browsing and editing flows. This is similar to the block editor design that positions the admin frame as a shell that wraps around a canvas that contains the content in a zoomed state. Instead of users clicking back to access navigation tools, the tools remain present but outside of the canvas view.

    Although contributors have not yet officially produced any designs for the project, Ventura shared a light version of an admin concept.

    One aspect of the proposed plans that has energized the developer community is the prospect of the admin getting rebuilt with an extensible design system.

    “This effort is also an opportunity to formalize the design primitives and interaction paradigms that are part of the UI component system begun in wordpress/components,” Ventura said.

    “A crucial aspect is to ensure WordPress itself is built with the same pieces and APIs that plugin authors can use. Aside from color themes, our set of primitive components also need to work in dense environments like the editor, as well as environments that need more breathing room and focus like admin sections. Density, clarity, usability, and accessibility are paramount.”

    image credit: Matias Ventura – Admin Design

    The admin design concepts have renewed developers’ excitement about the future of WordPress, but they are also hoping this revamp will solve several long-standing problems with the interface.

    One recurring theme in the feedback was the need to find a way to curb the pollution of top-level menus and the out of control admin notices, which are hijacked by plugin developers in the absence of a standard notification system.

    “It’s really about aligning APIs, ensuring we have semantic descriptions of capabilities, and offering the right levels of controls for both plugins and users,” Ventura said.

    “I know it’s a fairly limited example, but there’s a nice balance in the ability to pin or unpin plugin sidebars on the editor, from the perspective that plugins can be opinionated, and users can still interact with those opinions.”

    Another challenge that concerns developers is ensuring the new design adequately accommodates WordPress sites with large numbers of posts, pages, categories, menus, comments, and other things that can easily overwhelm a UI that was intended to be simplified.

    “As part of leveraging the components across the admin interface, we need to address functional gaps (like table and list views, bulk editing operations, etc) and assist plugin needs for anything that might not be already addressed that should be addressed,” Ventura said. “Ultimately, the design library needs to be showcased in the wordpress.org website as a clear resource for people building upon WordPress.”

    Developers who participated in the comments were optimistic about the project and reacted positively to the concepts Ventura shared.

    “I often say, white space is where the magic happens,” WordPress designer and developer Brian Gardner said.

    “The light admin concept is breathtaking and gets me even more excited than I am now about the future of WordPress.”

    Several developers commented on how eagerly they are awaiting an update to a modern UI that reduces the number of page refreshes.

    “Wow! It’s gonna be amazing!” WPMarmite founder Alex Borto said. “A complete admin fluid browsing experience is much needed. I dream of navigating through the admin area without any page loads!”

    For years, WordPress developers have been expected to try to match WordPress’ dated admin UI on their settings pages and the Yoast SEO plugin drew criticism when it released version 20.0 with a new modern interface. Many users are not keen on plugins building their own UI in the admin, as it can make things more confusing. Having a standard set of UI components would make things easier for developers who are extending WordPress.

    “This gives me great optimism about securing the next 20 years of WordPress’s success,” WordPress developer Mike McAlister said. “The fact that you can do anything with WordPress is incredible, it’s probably our biggest strength.

    “But without standardized design patterns for the admin, we’ve seen that devolve into a UI/UX headache with plugin and theme developers baking their own experiences inside WordPress. Reining this in and creating a unified experience for everyone to buy into will not only make it easier on product creators, it will also be a huge win for users.”

    Ventura said this document is just an outline of the admin design project and that it will be followed up with more in-depth design explorations further down the road.

  • All-In-One Security Plugin Patches Sensitive Data Exposure Vulnerability in Version 5.2.0

    All-In-One Security (AIOS), a plugin active on more than a million WordPress sites, was found to be logging plaintext passwords from login attempts in the database and has patched the security issue in version 5.2.0.

    In a post titled “Cleartext passwords written to aiowps_audit_log” published to the plugin’s support forum two weeks and five days ago, @c0ntr07 reported the issue:

    I was absolutely shocked that a security plugin is making such a basic security 101 error (not to mention being out of compliance with NIST 800-63-3, ISO27000, CIS, HIPAA, GDPR, ….)

    How can I stop the logging of clear text passwords?

    How can this be fixed so we don’t fail the upcoming security review and audit by our third-party compliance auditors?

    A support representative from AIOS confirmed that it was a known bug in the last release and offered a development copy of a zip file with a fix. It took more than two weeks for the patch to be published.

    In version 5.2.0, released on July 10, 2023, AIOS included the following security updates in the plugin’s changelog:

    • SECURITY: Remove authentication data from the stacktrace before saving to the database
    • SECURITY: Set tighter restrictions on what subsite admins can do in a multisite.

    Users are advised to update to version 5.2.0+ immediately in order to secure their sites. At the time of publishing, almost no users have updated to 5.2.0+, leaving hundreds of thousands of users who are running 5.1.9 still vulnerable.

    “So far the developer haven’t even told the users to change all passwords,” Patchstack CEO Oliver Sild said in response to the issue on Twitter. “Due to the scale, we will 100% see hackers harvest the credentials from the logs of compromised sites that run (or has run) this plugin.

    “We have also sent out vulnerability alert to all Patchstack users. Hopefully the Updraft team will do the same and will tell their security plugin users to clean those logs ASAP and ask all the site users to change the passwords where ever they used the same combinations.”

  • WordPress Selects Inaugural Cohort to Launch Experimental Mentorship Program

    WordPress’ Community Team kicked off its experimental mentorship program this week, announcing that the inaugural cohort has been assigned to a group of mentors who will guide them forward on project contribution across various teams.

    “Our mentors offer 1:1 support to each contributor in our cohort,” Automattic-sponsored Community Team contributor Hari Shanker R said. “These mentors check-in with mentees each week to offer them support and guidance on the program and to answer any questions that they may have.”

    Mentees graduate from the program after completing self-directed courses, participating in “learn-up” sessions, selecting a contributor team, and making an initial contribution to the team. Optionally, mentors may guide their mentees through a three-month contribution plan. The goal is to create new ongoing contributors through the program.

    A group of 13 mentees have been selected from 50 applications and will participate across eight teams, including Core, Training, Community, Documentation, Photos, Test, Polyglots, and Support.

    “While our group is not in a position to assign mentors to everyone, the activities and tasks of our cohort will be shared in the newly-formed #contributor-mentorship channel of the Make/WordPress Slack, where interested folks can join most of our contributing sessions and onboarding sessions which will also be shared widely with our community.”

    Other open source projects, such as Drupal, have supported mentoring programs that have been used to successfully engage new contributors at events, inspire more collaboration, and foster a learning environment.

    Earlier this year the Linux Foundation published a report from a recent study on Mentorship in Open Source. It surveyed more than 100 mentees from the LFX Mentorship graduating class of 2020 and 2021, and 99% reported the program was beneficial. Nearly half of the graduates (47%) said it helped them get a job.

    The report explores the additional benefits of mentorship programs beyond increasing contribution to the open source project itself. Quality mentorship programs can have an economic and career impact on mentees, as well as increase diversity across the project and help new contributors get more connected to the community.

    WordPress’ Community team has already invested time from 22 facilitators and 13 mentors in getting the program launched. The structure offers a somewhat more formal experience similar to a short internship, but it’s still in the early stages and may change based on feedback from participants.

    “This program is an experiment—our hope is to learn as much as possible from the same to improve mentorship in the WordPress project and to support and empower more contributors,” Shanker said.

  • #83 – Carrie Dils on How to Internationalise Your WordPress Code

    Transcript

    [00:00:00] Nathan Wrigley: Welcome to the Jukebox podcast from WP Tavern. My name is Nathan Wrigley.

    Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in this case how to internationalize your WordPress code.

    If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice. Or by going to WPTavern.com forward slash feed forward slash podcast. And you can copy that URL into most podcast players.

    If you have a topic that you’d like us to feature on the podcast, I’m keen to hear from you and hopefully get you, or your idea featured on the show. Head to WPTavern.com forward slash contact forward slash jukebox. And use the form there.

    So on the podcast today we have Carrie Dils. Carrie is a WordPress loving freelance developer with modern 20 years experience in web development and full scope WordPress projects. She teaches WordPress and front-end development courses for LinkedIn learning and blogs regularly about WordPress, and the business of freelancing.

    This is another of the podcast interviews, which were recorded at WordCamp Europe in Athens. It took place soon after Carrie had completed her workshop at the event. This workshop was entitled international appeal, making your themes and plugins translatable.

    WordCamp workshops are practical hands-on sessions. Carrie’s intention here was to make the audience aware of ways in which they could translate their code into other languages. Specifically it was to assist developers in localising their themes and plugins so that they could be consumed and understood by a wider audience. It covered translation functions for PHP and JavaScript, and a foundational understanding of how the process of localization works.

    We started the podcast with some orientation, getting to grips with what internationalisation is in the context of WordPress. Carrie explains that there are workflows already available for developers to use to translate their plugins and themes. This enables their clients or customers to switch between languages in the admin interface so that they can understand more about what they’re doing.

    Carrie talks about the fact that, although she’s not aware of any legal compulsion to carry out this internationalisation work, it’s very useful for consumers of your code. They will be able to rely on a language that’s familiar to them, and not always have to fall back on English. We get into the weeds a little as Carrie explains the foundations of how the translations actually work, and how developers can tap into this.

    The fact that WordPress is so popular means that it’s in a great position to make the internet a more inclusive space. Part of that is making people from all over the world. Understand how WordPress, and the tools built on top of it, works.

    Carrie says that it’s not about trying to translate every part of your plugin into the 200 plus languages which WordPress supports. It’s more about doing what you can, when you can, for those people who can benefit from it.

    Carrie’s talk will at some point make it onto wordpress.tv, so you can see it there for yourself, but until that’s available she lays out some of the places where you can go to get support around this subject. The plugin and theme handbooks are an ideal place to start that journey.

    We get into a chat about which languages are spoken most widely and how Carrie thinks about which languages to pick. If your resources are limited. She points out that as a developer, you’re building in the capability to have your code translated, and the actual work of making those translations can be handled by others if your code is created correctly.

    Given that AI is always a hot topic, we digress a little towards the end about how the work of translations is likely to become more automated as large language models take on the burden of translating content and assisting in the writing of code.

    If you’re a developer who is curious about making your code available to a wider audience through internationalisation, this podcast is for you.

    If you’re interested in finding out more, you can find all of the links in the show notes by heading to WPTavern.com forward slash podcast, where you’ll find all the other episodes as well.

    And so without further delay, I bring you Carrie Dils.

    I am joined on the podcast today by Carrie Dils. Hello, Carrie.

    [00:05:12] Carrie Dils: Howdy, howdy.

    [00:05:13] Nathan Wrigley: We are in Athens at the WordCamp EU celebration, 2023. Carrie’s just walked into the room and told me that she’s finished her workshop. How did it go?

    [00:05:24] Carrie Dils: It went well. The rooms are kind of set up classroom style, well with desk like these that we’ve got sitting in front of us, so attendees could bust out their laptops and get on the wifi and participate. And it was small enough that acoustically, if they had questions and weren’t miced, it was okay.

    [00:05:39] Nathan Wrigley: Yeah. What’s the difference between a workshop and a presentation?

    [00:05:42] Carrie Dils: Well, so in theory a workshop is meant to be more hands-on, practical. Whereas a presentation is just sort of receiving information, a workshop might be actually doing something with the information that you’re getting. Workshops came in two flavors, a fifty minute and a, I guess roughly two times that, so a two hour workshop.

    I was in a 50 minute slot and it’s a little difficult to do anything truly interactive, and I wasn’t sure how many attendees there would be. So mine was probably closer to presentation and workshop, but I tried to throw in some interactive elements.

    [00:06:20] Nathan Wrigley: You were one of the early ones as well, so at least you’ve got it out the way. You can now enjoy the rest of the conference.

    [00:06:26] Carrie Dils: Right, right.

    [00:06:27] Nathan Wrigley: What was the subject?

    [00:06:28] Carrie Dils: Internationalization in WordPress. So making your plugins and your themes translatable. So basically from a coding perspective, there are functions that you can use so that if someone wanted to take all of the text strings from a theme or a plugin, and translate them into another language, they could do that.

    [00:06:51] Nathan Wrigley: So this was a talk specifically aimed at theme developers and plugin developers, as opposed to sort of end users who might use a plugin to translate their own site.

    [00:06:59] Carrie Dils: Right. So the internationalization, which you might commonly hear that, with the word localization. So think of internationalization is the piece that a developer does when creating a theme or plugin. Localization is the process of then translating it into other languages.

    Not to be confused with multilingual websites, where the actual content of a website is translated into other language. That’s actually a different process.

    [00:07:26] Nathan Wrigley: So is this then a process of assisting developers to ensure that their products are usable by people all over the world?

    [00:07:36] Carrie Dils: Exactly. So imagine, when I first started using WordPress. I didn’t know any better and you needed to do something and you just edited files directly, like edit the core files directly, edit the theme file directly. And I very quickly learned the first time I pushed that update button that it’s not meant to do that.

    But if you want to think about translating the software into other languages, it’s impractical to go make a duplicate code base just to change, forget your password as an English phrase into say a Spanish or a German translation of that. You don’t need to copy all of WordPress just to change that one bit of text. So the way it is written with these translation functions enables others to then go in and grab those strings without touching the original code base.

    [00:08:24] Nathan Wrigley: Yeah. Do you know if there’s any jurisdictional, legal requirements to do this? So if you’re launching a product into the WordPress space, you are basically launching a product throughout the planet. Anybody can buy it anywhere. And the only two examples that cropped up into my head were, for example, in Canada where I believe everything has to be translated into French and English. If you are selling something there, if you put up signage or what have you.

    And also in the UK, if you’re in Wales, Welsh and English would be another example. I didn’t know if there were guidelines around that. If you are a plugin developer, theme developer, whatever you are doing in the WordPress space where you potentially might be breaking law in different parts of the world?

    [00:09:05] Carrie Dils: That’s a great question. To my knowledge the answer is no. There are no legal requirements. It’s not like accessibility where there are laws around site accessibility. Really because we’re not necessarily talking in the case, the examples you’re giving, that’s the end user. End user facing copy. Whereas this is more behind the scenes. So imagine what you would see in WP admin, that sort of thing.

    [00:09:30] Nathan Wrigley: So I guess you had to get into the thick of the code, and put coding examples up to demonstrate. And I’m also guessing that most of this is built into WordPress. You are just leveraging things that are already there, or maybe not. Maybe you are extending the functionality that ships with WordPress.

    [00:09:45] Carrie Dils: No, and it actually goes beyond WordPress. I’m going to get real nerdy on you. There is something called gettext and it is open source. It’s licensed under, GNU. I can’t say GNU without thinking of Gary Gnu that does the news from Giggle Snort Hotel. Now I’m showing my age. If you’re listening to this and are not familiar with that, this was children’s programming in the seventies.

    So anyways Gary Gnu has the news, and there is something called gettext. And this is a sort of universally recognized system for writing translatable code. WordPress uses gettext and has its own kind of wrapper functions around that. So what we’re talking about is not, while there are functions that are unique to the WordPress ecosystem, the concept of internationalizing your code goes well beyond WordPress, and WordPress uses gettext, which is what most software languages use.

    [00:10:41] Nathan Wrigley: I’m guessing the fact that you’ve done a talk about it indicates that you think it’s not being used as often as it perhaps should be?

    [00:10:49] Carrie Dils: So I’m always going to come at things from a education, knowledge is power perspective. It’s quite possible that people may be listening to this and have already used, seen translation functions, and just didn’t know what they were.

    For instance, if you see a double underscore, parenthesis and then some string of text in there, well, that double underscore parenthesis is a translation function. So it’s less about trying to convince people to use it, more educating that it exists and what are the reasons that it’s important to use it.

    So WordPress powers over 40% of the web, I think around 43% at last count. Interestingly, if you go to wordpress.org/stats, s t a t s, there’s lots of details there about WordPress installs, and one of those is what language is WordPress, what locale is being used. And I think it’s around 55% are not in English.

    So WordPress is global software. It’s used all around the world. And I love especially talking about this topic at WordCamp Europe, where we have so many languages, and cultures represented. And making WordPress available in around 200 different locales. And that’s the job of the Polyglots team. So if you go to make.wordpress.org, the Polyglots team is who’s in charge for making WordPress translatable.

    And it’s of course volunteers from all of these different locales that are bringing it to life in their language. But if you’ve ever gone to say the settings page of your WordPress admin, there’s a little box that says what language would you like your site in? If you were to choose another language, one of those 200 languages that exist, then everything in the admin will be displayed in that locale.

    The education piece is that it is global. It is used around the world and the process of internationalizing your code is what makes it possible to have your code exist in other languages.

    [00:12:55] Nathan Wrigley: I think it’s really easy to think about the fact that, well you and I both obviously native English speakers. More or less everything that I’ve ever endeavored to do with WordPress has been in English. If a plugin comes, or a theme comes and everything is displayed in English, I’m entirely happy. That’s fine by me. But I guess we are excluding a bunch of people for whom that obstacle is simply too high.

    You’ll be presented with a bunch of options. Some of it probably in quite technical language, and if the developer hasn’t made the effort to translate it into some additional languages, I’m guessing in most cases, you’re not advocating while it’s 200 or nothing.

    [00:13:33] Carrie Dils: Right.

    [00:13:33] Nathan Wrigley: Maybe pick some low hanging fruit if you like. That’s just part of the job of WordPress. If we are going to endeavor to be truly international, that work has to be done. But how did you get interested in this? How come you are doing a presentation about this particular subject given the panoply of things that you could have picked?

    [00:13:50] Carrie Dils: So I’ve been working with WordPress for over a decade now, and early into that I was introduced at, it was WordCamp Austin, actually, I think 2013 or 14. I was introduced to the idea of web accessibility, and specifically what accessibility looks like in WordPress. And if somebody’s listening and they’re not familiar, accessibility is basically writing both from a code perspective and from a design and presentation, really soup to nuts, your website. Making it accessible for anyone to use regardless of what kind of device they’re on, if they’re on a laptop, a mobile phone or a screen reader.

    So making the web accessible and I was just so glad somebody told me that that was something that was important, because I didn’t know what I didn’t know.

    So extend that idea that the mission of WordPress is to democratize publishing. Well, how do you democratize publishing to someone who doesn’t speak English and sees software, to your point, we’re happy when it’s, when it’s in English. But if you’re seeing all these technical words or, you know, whatever it is. You’re walking through the WP admin experience and it’s not in a language that you’re comfortable navigating, well then your power to publish is diminished.

    So I think of it in terms of, or I guess that’s where I got interested in it, is sort of, I don’t know that most people would consider it a branch of accessibility, but in my mind it’s related.

    [00:15:23] Nathan Wrigley: So let’s imagine that I’ve been listening to this and found it persuasive. Okay, I’ve got a plugin, I’ve got a theme, what have you. But I’ve made no effort to translate anything. And I think, okay, I should. I should begin this journey. How straightforward is it? Does WordPress provide the tools and the infrastructure and the file types and whatever else is going on? Is it fairly easy to drop into this? Is there documentation which is up to date to make it straightforward? Or is this one of those impossibly difficult to find pieces of documentation? And if it’s easy to find, where is it?

    [00:15:53] Carrie Dils: That’s a great question, and it’s easy to find. So if you go toward wordpress.org, there’s the plugin handbook, and there’s also the theme handbook. And both of those handbooks have sections on how to internationalize your code.

    So I’m going to take your question a step further. As someone who is creating products to be distributed maybe for, you know, you’re selling your theme or your plugin. Writing your code in a way that it can be translated into other languages, increases your user base. It makes it accessible to people in other places, right?

    So as the plugin or theme developer, I don’t necessarily have to go, my job is to write my code in a way that it can be translated. Other people can do their translations. I don’t have to necessarily ship my code with a ton of translations.

    [00:16:45] Nathan Wrigley: So you are not suggesting that the burden to get these 200 languages out there is always going to be on the shoulders of the developer. You could ship something and let the community take it over. If this was an important plugin that you developed, which it turns out 40% of all WordPress websites wish to use, it could be a community effort to do that?

    [00:17:02] Carrie Dils: Absolutely. If your customer base is international, then you might want to ship it, you know, with language packs, or the translations for, the locales where your customers live. That would just be common sense.

    [00:17:15] Nathan Wrigley: It’s a little bit off piste, which languages would you say, matter is the wrong word, but do you know what I mean? So obviously English has become the lingua franca of WordPress. By default Most things happen in English. And we come to this event, and although we are in Athens, everything’s largely in English.

    What are the languages which seem to dominate internationally that you would say, okay, if you’re a developer and you wish to get your things translated, do these ones first, because you’ll have the biggest reach. Now obviously if your product is designed for Hungarian users, probably Hungarian’s the first one to go for. But broadly speaking, if you’re just trying to open it up to the world, English, and then where do we go from there?

    [00:17:55] Carrie Dils: Well, as I was doing some research for my session, I was looking statistically, I think about 13% and please, anybody listening to this that says she is very wrong right now. I acknowledge that I am probably very wrong right now. But I’m going to say it’s maybe 13% of the world’s population speaks English. Making it one of the largest, but not the largest. And again, I’m sure I’m about to say something wrong, I think Chinese, specifically Cantonese.

    To your question, I’m not entirely sure. I think it would be more about what market are you trying to go after. I had the experience, maybe seven or eight years ago, of releasing a commercial theme. One of the goals I was trying to accomplish was, one, to create a theme that was accessible, and two, to create a theme that was translation ready.

    And it was a learning experience for me, and I was able to collaborate. I put out a call to my network, to friends that don’t speak English natively, and asked them for translations. So I ended up shipping my theme with, I want to say eight to ten different translations ready to roll. And some of those, this was the particularly interesting bit for me, some of those are scripts that read right to left, versus read left to right, like English.

    So depending on, I’m about to blow your mind, Nathan. Depending on the language, you may need to make layout changes to the front end of the site. So imagine you’ve got a content right sidebar for a site. Well, if you are switching to a right to left script like Hebrew, or Arabic. You would then detect if the language was loaded in one of these RTL scripts and reverse the layout accordingly. So there’s like a separate CSS file for rTL scripts. Isn’t that kind of fascinating?

    [00:19:55] Nathan Wrigley: That is really fascinating actually, and also probably quite a bit of additional work. That’s my next question actually. We live in a very commercial WordPress now. I think if you and I were having this conversation 10 years ago, the whole commercial side of WordPress was far less significant. There’s now a lot of money tied up in WordPress. And you alluded earlier to this, you said that you could, you can open up your plugin, theme, whatever it may be, to a wider audience.

    So I guess somebody listening to this might want to know, okay, how much work is this and what’s the payback? Is it easy to do this? If I pick these two or three popular languages, will I be able to achieve this in a matter of days? Do I need to employ professional transcribers or translators. And will I receive a return on by investment? Like I said, this question probably wouldn’t have occurred 10 years ago. Do you understand the motivation for this might be quite low on the pecking order?

    [00:20:44] Carrie Dils: Yes. So it’s relatively low effort, Nathan. So think of, as developers, there are best practices for the way that we write code. Maybe it’s the way that we structure our comment. I mean, there are actually WordPress coding standards for how things should be formatted and all of that.

    So using translation functions in your code is really just the best practice. It’s low effort to do as a developer. It’s very approachable. And again, the burden of doing the translations into other languages, you don’t necessarily have to do that piece, but of course that, if you know that you have a user base in a particular locale, it would probably behoove you to provide those translations out of the gate with your product.

    But in terms of what’s the return, I’m not entirely sure. I don’t have any statistics that speak to that. But certainly from a goodwill aspect, that is there. And also, take away some of the arrogance factor, acknowledging that there are users that may be using your product that are not native English speakers.

    So just providing that as part of your code base is a pretty, I don’t want to say easy, because that’s an overused word. It depends on who you are if it’s easy. But if you are already a WordPress developer used to writing code, chances are you’ve copy and pasted a translation function, or a texturing that was wrapped in a translation function and maybe you didn’t know that’s what it was.

    [00:22:14] Nathan Wrigley: It is June in 2023, so it’s impossible to have a conversation without the words AI. Will there be a place for AI in this? Because it does seem, the burden may not be the coding side. It may literally be, well we haven’t got the finances to get the text translated. We don’t have any expertise in that area, and we don’t know people who can speak Hebrew, Arabic, whatever.

    So there’s a cost to that. I’m just wondering if that might well be brought down by things like AI. I’m thinking, you know, you can throw things into Google Translate and out it comes with the correct answer. I just wonder what your thoughts are on that. Whether that’s going to assist this endeavor.

    I mean, I can imagine, I can really imagine a future in which we go to ChatGPT, or some variant thereof, and say translate my site’s admin area into Hungarian, for example. And it will wrap all the functions correctly and do it all for you. That sounds like a, possible future.

    [00:23:08] Carrie Dils: I think so I have done zero experimentation in that regard, but I don’t see why it couldn’t. Because you can train AI, right? So if you’re training it on specifically what these functions are, and how you use them. I don’t know why it couldn’t take and theoretically generate both the code. And then on the translation side, to your point, Google Translate already exists. I think the issue right now at least at this stage with AI translations, you lose context.

    So imagine, I gave this example in my workshop, so the word lead, L E A D in English has multiple meanings. I could be leading a presentation. I could get a sales lead for my product. I could have my dog on a leash, and it’s called a lead. So if you were just to tell Google Translate, hey translate the word lead into these 10 languages, who knows. There’s a reason for the phrase lost in translation. So I think probably that’s the first shortcoming I could see with the current state of affairs. Obviously, I think that could be addressed and would be really interesting to see what the applications are with AI.

    [00:24:24] Nathan Wrigley: Yeah, it just feels like a fairly decent shortcut. In that, given everything that we’ve said before about how it would be, well, I’m going to use the word honorable. It would be an honorable thing to do to translate your plugin into the 200 plus languages that WordPress can accept.

    Now, I realize in most cases that’s probably off the table. But if technology could assist in that effort, and you did have the time to double check to make sure that lead meant lead and not lead, if you know what I mean. Then that seems like a win-win because there’s just no downside to that.

    [00:24:53] Carrie Dils: Exactly. Nobody ever cried because your site was faster or more accessible. Yeah, so it’s doing that. There’s not really a downside to it.

    [00:25:02] Nathan Wrigley: Where would you direct us? I’m a plugin developer, a theme developer. You have mentioned the handbook, but I wonder if there’s other things out there. So there might be, I don’t know, YouTube channels or other documentation, maybe some books or something that you’ve written. I don’t know. Is there anything else that you would point people towards? And I will include whatever you say into the show notes so people can just click.

    [00:25:21] Carrie Dils: I can provide you with a handful of articles on my site that I’ve written. I also have a class if I, just shameless plug, a course on LinkedIn learning on this topic, where I’m teaching more specifically exactly what these translation functions are. When you would use them, et cetera.

    And I also met a gentleman this morning, Toby, whose last name I didn’t catch, but he’s presenting tomorrow on the same topic. And then of course in theory the workshop will end up on TV?

    [00:25:51] Nathan Wrigley: Okay. So by the time this podcast episode airs, typically, the WordPress TV won’t have caught up to that, but should it change at some point in the future, I will make the effort to update the show notes.

    Another thing which people have in mind when we talk about translations in WordPress is Gutenberg’s stage four. Now, I realize there’s not a perfect overlap here because that’s more about changing the, well, my understanding, at least anyway, is that’s more about changing the content.

    [00:26:16] Carrie Dils: Yes.

    [00:26:16] Nathan Wrigley: How do you feel more broadly, the WordPress project more generally, in terms of accessibility and being able to read it in different languages? I know that’s a way off. It feels like three, phase three that we’re in at the moment could take decade or more to actually finish. I mean, it’s quite complicated, the concurrent editing, I think.

    But are you fairly bullish that WordPress is going to be at the vanguard of this in the future? I know that we’ve been talking about the internals, the plugins and what have you, but broadly speaking, on the front end, how do you feel about phase four?

    [00:26:46] Carrie Dils: I won’t overstep my bounds and pretend like I know more than I do about it. That said, when Matt laid out the four phases of Gutenberg, however many years ago that was. The project has continued to follow that roadmap, albeit maybe not at the quickest clip. So I have faith that will happen.

    [00:27:04] Nathan Wrigley: Yeah.

    [00:27:04] Carrie Dils: At some point in the future. And that that works towards the WordPress mission of democratizing publishing. I don’t know exactly what, practically speaking, what shape that takes.

    Oh, here’s a resource for you, and people who would know. Polyglots, I mentioned them earlier, the Make WordPress team. They have a Slack channel. They have weekly meetings. If you were to go to the Polyglot section on wordpress.org, that would probably be the place to tune in and, they would have much better information than me.

    [00:27:34] Nathan Wrigley: Carrie, you’ve been very helpful. You’ve provided me with a question. I know that you wanted to mention that there’s been some updates recently. Well not recently, fairly long time ago, five years I think you mentioned, in the way that you can actually implement these things. You mentioned that it was only possible in PHP until five years ago, something like that. But now you can do this in JavaScript if that’s your thing. Talk to us about that.

    [00:27:55] Carrie Dils: Yes. So earlier I mentioned the gettext library, sort of the standard for writing translation functions. And that’s common across many programming languages. WordPress is written primarily in PHP and JavaScript. And up until WordPress 5.0, there was no mechanism for translating JavaScript, only for translating strings that were included in PHP files.

    So now, behold. If you love JavaScript and you love to learn JavaScript deeply, now you can also learn to translate, or include translatable strings in, your JavaScript. And they’re actually, it’s a subset of the functions that are available in PHP, but they work identically.

    [00:28:37] Nathan Wrigley: And so all of that’s again, in the documentation. If we go to the resources in the show notes, we’ll be able to find all of that.

    [00:28:42] Carrie Dils: Absolutely, yes. The handbooks are really, it might take you a little bit of digging around or jumping, jumping around pages, but yes.

    [00:28:51] Nathan Wrigley: Carrie, thank you so much for talking to us today. Before we part ways, if somebody has listened to this, is interested, wants to find out more, but wants to come directly to you, how do they do that?

    [00:29:01] Carrie Dils: Twitter is probably where I hang out the most, and my handle is super simple, c d i l s.

    [00:29:09] Nathan Wrigley: You got in early.

    [00:29:10] Carrie Dils: Yes, I’ve been on for quite a while. And then I’m also on Mastodon, on the wpbuilds.social @cdils.

    [00:29:18] Nathan Wrigley: Carrie Dils, really appreciate you talking to us today. Thank you so much. Enjoy the rest of the conference.

    [00:29:24] Carrie Dils: Thank you, Nathan. Great chatting with you.

    On the podcast today we have Carrie Dils.

    Carrie is a WordPress-loving freelance developer with more than twenty years experience in web development, and full-scope WordPress projects. She teaches WordPress and front-end development courses for LinkedIn Learning, and blogs regularly about WordPress and the business of freelancing.

    This is another of the podcast interviews which were recorded at WordCamp Europe in Athens. It took place soon after Carrie had completed her workshop at the event. This workshop was entitled ‘International Appeal: Making Your Themes and Plugins Translatable’.

    WordCamp workshops are practical, hands-on, sessions. Carrie’s intention here was to make the audience aware of ways in which they could translate their code into other languages. Specifically it was to assist developers in localising their themes and plugins so that they could be consumed and understood by a wider audience. It covered translation functions for PHP and JavaScript, and a foundational understanding of how the process of localisation works.

    We started the podcast with some orientation; getting to grips with what internationalisation is in the context of WordPress. Carrie explains that there are workflows already available for developers to use to translate their plugins and themes. This enables their clients or customers to switch between languages in the admin interface so that they can understand more about what they’re doing.

    Carrie talks about the fact that, although she’s not aware of any legal compulsion to carry out this internationalisation work, it’s very useful for consumers of your code. They will be able to rely on a language that’s familiar to them, and not always have to fall back on English. We get into the weeds a little as Carrie explains the foundations of how the translations actually work, and how developers can tap into this. 

    The fact that WordPress is so popular means that it’s in a great position to make the internet a more inclusive space. Part of that is making people from all over the world understand how WordPress, and the tools built on top of it, works. Carrie says that it’s not about trying to translate every part of your plugin into the two hundred plus languages which WordPress supports, it’s more about doing what you can, when you can, for those people who can benefit from it.

    Carrie’s talk will at some point make it onto WordPress.tv so you can see it for yourself, but until that’s available she lays out some of the places where you can go to get support around this subject. The plugin and theme handbooks are an ideal place to start that journey.

    We get into a chat about which languages are spoken most widely, and how Carrie thinks about which languages to pick if your resources are limited. She points out that as a developer you’re building in the capability to have your code translated, and the actual work of making those translations can be handled by others if your code is created correctly.

    Given that AI is always a hot topic, we digress a little towards the end about how the work of translations is likely to become more automated as large language models take on the burden of translating content and assisting in the writing of code.

    If you’re a developer who is curious about making your code available to a wider audience through internationalisation, this podcast is for you.

    Useful links.

    Carrie’s Twitter

    Carrie’s Mastodon

    Carrie’s website

    gettext project

    WordPress stats

    LinkedIn Learning course by Carrie

    Tor-Björn Fjellner’s WCEU presentation

    WordPress plugin handbook

    WordPress theme handbook

    Polyglots team

  • State of Digital Publishing to Host WordPress Publishers Performance Summit, July 27, 2023

    The State of Digital Publishing, a startup market research publisher focused on digital media, is hosting an online event called WordPress Publishers Performance Summit (WPPS) on July 27, starting at 2PM EST. The organization’s mission is to help publishers develop sustainable business models through education, guides, online courses, and other resources. They have partnered with Multidots, a WordPress development agency and WordPress.com VIP Gold Partner, who is sponsoring the event.

    WPPS will feature 10 panelists speaking on best practices for managing and optimizing the performance of WordPress publishing sites. Panelists have been selected from high performance teams at The Boston Globe, Forbes, Multidots, WordPress.com VIP, Parse.ly, and other publishers.

    The schedule includes four 40-minute sessions over the span of four hours:

    • How to do less: evaluate your website’s performance and metrics
    • Reasons why your Core Web Vitals are not passing
    • Successfully securing and scaling WordPress
    • Improving publishing workflow – the threats and opportunities ahead

    These sessions will be aimed at editorial and content strategists, SEO specialists, ad tech and integration professionals, and others working in the publishing industry.

    WPPS is free and attendees can register on the event’s website. Unlike many other virtual events, the organizers do not plan to record the sessions so those who are interested will need to watch them live. Participants will have the opportunity to ask questions and have them answered by the panel. Those who are unable to attend live can sign up on the website to receive an ebook with the panelists’ recommended WordPress best practices that were shared at the event.

  • WordPress 6.3 Makes the “Edit Site” Link Open the Current Template

    WordPress 6.3 will make site editing several clicks faster for users who are moving from the frontend to edit the corresponding template. When you click the “Edit Site” link in the admin bar from a category page, for example, you currently get dumped out into the Site Editor on the home page. From here it’s several clicks more to get to the template you intended to edit. The upcoming release changes it so that the “Edit Site” link is aware of the current template.

    WordPress developer Brian Coords pointed out the fix on Twitter today. It’s a delightful bit of good news for anyone who works regularly with the Site Editor and becomes annoyed by how long it takes to click through to the applicable template. WordPress is now more context aware, delivering site editors to the correct template directly from the admin bar.

    The update applies to posts, pages, archives, 404 templates, front page, and anywhere the user happens to be on the frontend. Check out the Gutenberg issue and the related WordPress Trac ticket for more technical details on how contributors arrived at this implementation.

    This small fix is important because it removes the requirement for the user to have to know the name of the template they intend to edit. It’s now as easy as clicking directly from the frontend. The more WordPress can reduce friction and the need to have special knowledge in order to edit templates, the more accessible it becomes as a design tool for someone who is just starting out and has no framework for the idea of underlying templates.

    WordPress 6.3 is on track to be released with this fix on August 8, 2023. Beta 4 landed today with 40+ (Editor) and 60+ (Trac) updates since Beta 3, and RC 1 is expected next week.

  • MalCare, Blogvault, and WPRemote Plugins Patch Vulnerabilities Allowing Site Takeover Through Stolen API Credentials

     Snicco, a WordPress security services provider, has published an advisory on a vulnerability in the MalCare plugin, which is active on more than 300,000 sites.

    “MalCare uses broken cryptography to authenticate API requests from its remote servers to connected WordPress sites,” WordPress security researcher Calvin Alkan said.

    “Requests are authentication by comparing a shared secret stored as plaintext in the WordPress database to the one provided by MalCare’s remote application.

    “This can allow attackers to completely take over the site because they can impersonate MalCare’s remote application and perform any implemented action.”

    These potential malicious actions include creating rogue admin users, uploading random files to the site, and installing and removing plugins.

    Exploitation requires a pre-condition to be met, such as a site with a SQL injection vulnerability in a plugin, theme, or WordPress core, or a database compromised at the hosting level, or subject to another vulnerability that allows the attacker to read or update WordPress options.

    “MalCare has received the full details of this vulnerability three months before this public release, and despite us offering (free) help, they subtly dismissed it because ‘supposedly’ this is the industry standard for API authentication,” Alkan said.

    “Furthermore, concerns were raised, because the vulnerability requires a pre-condition that on its own, would be a vulnerability.”

    Two days after Snicco published the security advisory with the proof of concept, MalCare pushed a patch in version 5.16 on July 8, 2023, along with a notice on the plugin’s blog:

    In the rare situation, where a site has a pre-existing, high severity SQL injection vulnerability, an attacker might be able to read the MalCare key. To address such issues, we are further strengthening our authentication systems.

    Authentication is a critical system and any improvements must be done in a careful manner. We have reviewed various plugins and best practices in our ecosystem to come up with our solution.

    In light of the current public discourse, we are expediting the update of our plugin. We will initiate a rollout by EOD.

    MalCare reports that its users have seen no evidence of the vulnerability being exploited.

    Snicco noted that the same vulnerability also exists in WPRemote (20k installs) and Blogvault (100k installs) plugins, as they share the same code. Users of either of these plugins or the MalCare plugin should update to the latest versions as soon as possible now that the vulnerability advisory and proof of concept have been published.

  • WordPress to Host 6.3 Live Product Demo on Thursday, July 20

    WordPress 6.3 is scheduled to be released one month from today on August 8, 2023. The live product demo date and time has now been set for Thursday, July 20, at at 16:00 UTC. Participants can join live via this Zoom link.

    Automattic-sponsored Gutenberg contributors Anne McCarthy and Rich Tabor will be hosting the event, moderated by Nathan Wrigley. They will highlight upcoming changes and take questions from participants during a Q&A session at the end.

    WordPress 6.3 is set to introduce an exciting array of new features – the Command Palette, content editing and distraction-free mode in the Site Editor, pattern creation, and much more. There have also been significant changes to pattern management UI as late as Beta 3. The live product demo is a good opportunity to get up to speed with a guided tour of everything new that will be landing in 6.3.

    The event will be recorded and those who cannot attend live can catch it later when it is published on WordPress.tv.

  • WordPress Unveils Plans for Real-Time Collaboration with Major Improvements to Revisions and the Media Library

    In a series of four posts, Gutenberg lead architect Matías Ventura has outlined the project’s phase 3 plans for Real-Time Collaboration, Workflows, Revisions, and the Media Library. WordPress 6.3 is set to be the final major release of Phase 2, which focused on Customization.

    Phase 3 will shift focus from the editors and move into other parts of the admin in an effort to bring seamless collaboration to WordPress.

    “The primary aim of real-time collaboration is to build functionality into the block editors so that concurrent collaboration, shared edits, and online presence of peers are possible,” Ventura said. “Supporting these workflows is not just about concurrency, though, but also about lifting restrictions that have been present in WordPress for a long time, such as locking a post when two people try to edit at the same time.”

    The technical challenges here are in making this available to all WordPress users, even those on the most economical hosting environments. Ventura shared a quick preview of what that might look like, along with the scope of the tasks that would be part of this effort.

    In the Workflows document, Ventura details collaborative features that will be part of this phase, including allowing users to add comments, suggest edits, and tag other users for peer review. These enhancements would apply to both content creation and design changes on block themes.

    There are some interesting projects listed within the scope of this section, including a publishing checklist, sharing draft links with permission controls, and exploring hook points for version control systems to take over internal revision systems if desired.

    image credit: Workflows – Matías Ventura

    Users can expect that Revisions will also be getting some major improvements as part of the Collaboration phase of the project.

    “As part of improving the overall experience, we should also go beyond document level history and explore how the interface could let users browse through single block changes and offer the ability to restore them individually rather than requiring full post restores,” Ventura said. “For global styles, we should evolve the revisions panel to allow comparing two revisions side by side. For synced patterns, we could allow browsing edit history with side by side and overlay comparison tools.”

    Long-awaited improvements to WordPress’ Media Library are also considered part of this phase.

    “The main goals are to expand the media management capabilities, unify the block edit and single media interfaces, and improve upon the major media flows,” Ventura said. He highlighted a few major areas that may get some enhancements, such as categorization and tagging, better handling of attached media, and design improvements to the library view.

    Other Media Library projects may include a revamp of the image editing interface, which remains somewhat unintuitive at this time. Ventura proposes these tools, such as cropping and thumbnail browsing, be updated to align more with the current block editor tools.

    Contributors may also be exploring contribution to the commons from WordPress, along with improvements to attribution.

    “As we look into expanding the presence and touch points of Openverse, it’d be interesting to see how contributions to the commons could work directly from a user’s WordPress install,” Ventura said. “Another area to look at is improving handling and presentation of other media types (audio, video, files) and their connection with blocks and the block APIs. We should resurface work on a native Playlist block, ideally powered by the Interactivity API.”

    Reactions to the outlined vision and scope for the Collaboration phase have so far been positive, as users and contributors are eager to see a strong focus come to some of the other parts of WordPress that have not had much attention for years. The newer real-time collaboration features that will take WordPress beyond the days of locking posts while another person is editing, have the potential to speed up content creation and editing for groups working on the same website.

    “Very much looking forward to this phase. I think it will really enable larger teams to work on posts much easier,” WordPress developer Rich Holman commented. “I’ve mentioned this before but the ability to continue working on a published draft without the front-end updating seems important especially with more editors working on something, especially if doing more experimental edits.”

    For more details on the features being considered for this phase, check out the Phase 3 overview post, along with Ventura’s more recent write-ups on how contributors will improve and expand WordPress’ collaboration architecture with updates to Real-Time Collaboration, Workflows, Revisions, and the Media Library.