EDITS.WS

Category: wptavern.com

  • Hey: An Elegantly Simple WordPress Block Theme for Blogging

    Hey is a block theme designed by Automattic for users on WordPress.com and also released for free in the WordPress.org Themes Directory. It’s the kind of simple theme that enables you to quickly get started writing online, without having to configure a bunch of design elements. The homepage features a profile image (Site Logo), site title, and recent posts with dates.

    Single posts display with the feature image at the top of the post, although this template can easily be edited if this is an undesirable feature. Previous and Next post navigation appears under the post. Users can add menu items to display at the top, but clicking the site logo brings the visitor back home in the absence of a navigation menu.

    The Hey theme comes in two different styles – the default and a serif variation. Colors can be adjusted to create a more vibrant palette for the site design.

    One major drawback to this theme, which may not be immediately evident by looking at the demo, is that if users want to display more than the three most recent posts, they will need to add the pagination block inside the query loop block. It will also need to be styled to match the theme better. The query loop can be edited to show more posts on the homepage.

    Although Hey is a simple personal blog theme, it also comes packaged with templates for WooCommerce compatibility. This is likely for the benefit of WordPress.com users who may want to quickly fire up a store. Self-hosted users who want to sell products with WooCommerce will be able to easily display things like the mini-cart, customer account block, product archive, product search results, and more.

    Overall, Hey is an elegantly simple block theme with a clean design and plentiful white space. It’s suitable for the person who wants an almost blank slate to get started, or just a theme that enables writing without any distraction for the reader. Check out the live demo on WordPress.com and download Hey from WordPress.org.

  • WordPress 6.3 to Drop Support for PHP 5

    WordPress is officially dropping support for PHP 5 in the upcoming 6.3 release, which is expected on August 8. WordPress’ minimum supported version has sat at PHP 5.6.20 since 2019, but will be updated to 7.0.0 in the next release. The recommended PHP version will stay the same at 7.4+.

    “The minimum supported version was last adjusted in WordPress 5.2 in 2019, and since then usage of PHP 5.6 has dropped to 3.9% of monitored WordPress installations as of July 2023,” WordPress core developer John Blackbourn said.

    “There’s no concrete usage percentage that a PHP version must fall below before support in WordPress is dropped, but historically the project maintainers have used 5% as the baseline. Now that usage of PHP 5.6 is well below that at 3.9% and dropping by around 0.1% every few weeks, plans to increase the minimum supported PHP version can move forward.”

    Blackbourn also emphasized that WordPress’ support for PHP 8.0, 8.1, and 8.2 is “very good” and contributors may soon act on a proposal for the criteria that would enable them to remove the “beta” support label on new PHP versions. Nearly 26% of WordPress users are already running sites on PHP 8.0+.

    Prior to this minimum required version boost, some hosts had even taken matters into their own hands in urging users to get on newer versions of PHP. Dreamhost charges additional fees for sites that require extended support for PHP 7.4 and older. IONOS and Strato have similar policies.

    The decision to bump the minimum supported version is happening after a lengthy seven-month long discussion, which surprisingly drew a little resistance. Although sites that remain on PHP 5.6 cannot upgrade beyond WordPress 6.2, they will still receive security updates, as the project currently backports them to versions 4.1+. The bump to 7.0.0 for the minimum supported version will have many benefits for the WordPress ecosystem of themes and plugins, will significantly reduce memory usage for upgraded websites, and provide better security and improvements to core tooling.

    “There are no plans to bump the minimum supported PHP version on a schedule,” Blackbourn said. “The core team will continue to monitor usage of PHP versions and work with the hosting team to encourage users and hosting companies to upgrade their versions of PHP as swiftly as possible. The 5% usage baseline will continue to be used for the foreseeable future.”

  • WordPress 6.3 Beta 3 Released, Introduces UI Changes to Pattern Management

    WordPress contributors are onto another round of testing, as 6.3 Beta 3 was released this week. RC 1 is expected on July 18, and a live product demo is anticipated to be broadcast on Thursday, July 20, 2023 at 16:00 UTC. These demos have become a more regular part of the release process and allow viewers to familiarize themselves with important new features and updates coming in the release.

    Beta 3 includes approximately 34 updates to the Site Editor since the previous beta release, and more than 40 updates coming from Trac.

    A last-minute PR has renamed Library to Patterns in the Site Editor and was cherry-picked to get it included in Beta 3. Automattic-sponsored Gutenberg contributor Aaron Robertshaw cited three reasons for the renaming:

    • Discovery: this is an opportunity to make patterns front and center as we are introducing the ability to save custom patterns. They should be front and center in the “Design” tab.
    • Clarity: library can be obscure and overlaps with other terminology (like Media Library). We didn’t get to add font library management in this round, but it would have made things more confusing (would a user expect to see their font library under “Styles” or an item called “Library”?). Calling it patterns removes that ambiguity.
    • Presence: patterns is a unique name that has been established in the WP branding parlance for a bit and deserves more clear placement.

    This video from the PR gives a quick overview of the changes testers should see in the Patterns UI as of Beta 3:

    Gutenberg PR: Patterns: Rename Library to Patterns #52102

    Beta 3 introduces a new lock icon to designate theme patterns as unable to be edited or modified. It also adds a sync status details section within the pattern sidebar navigation screen.

    image credit: Gutenberg PR #51990

    There are a significant number of new things being introduced after Beta 1, which seems usual. Major features like the pattern creation and the Patterns section made their debut in Gutenberg 16.1 but had very little testing before being rolled into the upcoming WordPress 6.3 release. This is likely why UI changes are being introduced after Beta 1 has already shipped.

    Check out the Beta 3 release post for more information on how to test. A Beta 4 is anticipated the week of July 11, followed by RC 1 on July 18. The general release is scheduled for August 8, 2023.

  • #82 – Louise Towler on How and Why You Can Make WordPress Sites Sustainable

    Transcript

    [00:00:00] Nathan Wrigley: Welcome to the Jukebox podcast from WP Tavern. My name is Nathan Wrigley. Jukebox is a podcastwhich is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in this case, how and why you need to be thinking sustainably when building websites.

    If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice. Or by going to WPTavern.com forward slash feed forward slash podcast. And you can copy that URL into most podcast players.

    If you have a topic that you’d like us to feature on the podcast, I’m keen to hear from you, and hopefully get you, or your idea featured on the show. Head to WPTavern.com forward slash contact forward slash jukebox, and use the form there.

    So on the podcast today, we have Louise Towler. She joined me at the recent WordCamp Europe in Athens to talk about websites and making them more sustainable.

    Louise is the founder of Indigo Tree, a UK based agency with deep expertise in WordPress websites. She gave a presentation at WordCamp Europe entitled, Digital sustainability: The benefits for business and the environment, in which she emphasized the impact websites can have on our planet. Her aim was to deliver practical tips for users and developers to help them make informed decisions. This presentation is the focus of today’s podcast, and we cover quite a lot of ground.

    Louise highlights the significant role which electricity plays in powering data centers and transmitting data to end devices. Even if data centers use renewable energy, there is still a need to address overall electricity consumption. She points out that the internet is the fourth largest polluter globally, surpassing the airline industry.

    We discussed how the continuous and widespread use of the internet has made it difficult to reduce its own impact, while still emphasizing the importance of the steps that we can take to make the internet more energy efficient.

    She suggests ways that we can all make a difference right away. Educating clients about the consequences of certain design choices, such as using large videos or auto-play features that require substantial data to load. Optimizing videos, images, and other website elements, which makes it possible to reduce data consumption and improve performance.

    The conversation then explores other suggestions, such as using modern image formats, using images as placeholders for videos, self hosted fonts, and considering the carbon footprint of email communications.

    Louise acknowledges the challenges of discussing environmental concerns with clients, whilst also explaining that we have to come up with ways to make clients understand that these decisions are beneficial to them as well. After all, an optimized website is one that is looked upon favorably by search engines. Whilst clients ultimately are the decision makers, informing them about the consequences of their choices can help them be more informed.

    Moving onto WordPress, we talk about the responsibility theme authors play. It’s a crucial role, helping users make sustainable choices. Her agency builds custom themes for clients which allows them to have full control over design decisions.

    We get into the subject of how legislation is certainly coming, and so getting in early and understanding the implications of such legislation will help your endeavors in the future.

    Towards the end of the podcast, we chat about some of the tools which you can use to assess the impact that your websites have, including a tool which Louise and her team have been working on for the last few years.

    If you’re interested in how your sites can become more sustainable, this podcast is for you.

    If you want to find out more, you can find all of the links in the show notes by heading to WPTavern.com forward slash podcast, where you’ll find all the other episodes as well.

    And so without further delay, I bring you Louise Towler.

    I am joined on the podcast today by Louise Towler. Hi Louise.

    [00:04:54] Louise Towler: Thank you for inviting me. Hello.

    [00:04:56] Nathan Wrigley: We’re going to talk today about, well possibly the most important topic ever, which is the environment and your website compared to the environment. Prior to that Louise, will you just tell us a little bit about you, so that we have some context. Who are you? What’s your relationship with WordPress and so on?

    [00:05:13] Louise Towler: Okay. I am the founder of Indigo Tree. We’re a small but beautiful WordPress agency based about 30 minutes on the train north of London in the UK. There’s 15 of us in total at the moment. We have an engineering team, a project management team, and a support team, and we build WordPress websites.

    I started building websites, well my first webpage that I built was built Christmas Day, the year 2000, because my husband was daft enough to buy me a book on html. So he cooked the turkey and I built myself a little webpage. I started freelancing about 20 years ago, and then one of my freelancing clients said to me, we’ve heard there’s this thing called WordPress. Would you mind building our website in WordPress? And I was like, okay, I’ll give it a go. And went off and Googled and found out how to do it, and the rest is history.

    [00:06:09] Nathan Wrigley: Nice. You did a talk today entitled The Benefits for Business and the Environment. Just give us a bit of a background about your thoughts on the environment. What I mean by that, is this something that you are concerned about in your normal life? Does the environment figure heavily in your daily life?

    [00:06:27] Louise Towler: It does. It’s really difficult to tread lightly on the planet. It’s very hard to do things in a sustainable way, but I think I’m very conscious of it. So I buy a few clothes, but I wear them a lot rather than throw them away, and the fast fashion thing. I use recycled paper. I try to do things in a good way. Turn off lights. Think about my travel. But it is genuinely hard. But then I have children and they’re going to live a lot longer than me, and global warming is going to affect them a lot more than it’s going to affect me. But 2050 is not that far away. And we are in trouble, as we can see by the mad world weather that’s happening at the moment.

    [00:07:16] Nathan Wrigley: You work in the website building industry, as do I. Which feels in my daily interaction with my computer, it feels like the cleanest thing ever. I have a shiny laptop. I have a shiny phone. None of them put smoke out of the back when I switched them on. You know, if I worked in the automotive industry, it would be obvious what my footprint was. But I switch on my computer, there’s no connection between that and the environment. And yet it’s pretty bad.

    [00:07:49] Louise Towler: Yeah.

    [00:07:50] Nathan Wrigley: We browse the internet. We’re probably asking Google and all the other rivals, trivial things all the time. So make the connection for us. What is the environmental impact? What are the things which are happening between me switching on my computer and browsing WordPress websites? What are the things that are going on? What’s the technology, the bits and pieces that we need to be thinking about?

    [00:08:13] Louise Towler: Well, if the internet was a country, it would be the fourth largest polluter. Compared to airlines, you know, that are 1.6%, it’s massive. It is just massive. And it’s fundamentally about electricity. Because it’s electricity that powers the data centers, whether or not they’re running on renewable energy, the fact is they still need electricity.

    You’ve got the transmission, the wires between the data centers and the end devices, and then you’ve got the power to power your device. If you’re on a phone, you are recharging it. If you’re on a laptop, you are plugging it in, and that’s all using electricity. And not all of that electricity is renewable and the electricity that comes through the wires, you don’t have any control about what proportion of that is renewable.

    On a hot, windy day in the UK, a vast proportion of that electricity is from renewable energy, from solar and wind turbines. But on a dark, gloomy day with no wind, a massive proportion of that is fossil fuel powered electricity.

    [00:09:27] Nathan Wrigley: It feels like we’re completely addicted to the internet. I use the car that I have, a bit. But I use the internet more or less continually. You know, I’ve got my phone, it’s constantly charged up. The merest thought in my head can easily lead me to whip out the phone, do some banal scrolling of Facebook or whatever it may be. And that feels like that’s crept up on us. We’re all using it all the time. You said what was it, 4%?

    [00:09:57] Louise Towler: It’s the fourth largest polluter.

    [00:09:59] Nathan Wrigley: Fourth largest polluter. Can you compare that to another industry? You mentioned airlines. Does the internet as a whole, so every website, all the online services that we can use and so on, does that pollute more than the airline industry? Because the airline industry is the poster child of pollution, isn’t it?

    [00:10:15] Louise Towler: I believe it does. I mean, the problem is finding out, and even measuring it is really hard. So all the estimates are that it is just massive, and it’s getting worse. With AI, the stat that I’ve read is that to do a search in ChatGPT takes four times as much energy as to do a search in Google. And to build that AI model takes a massive amount of processing power to suck in all the data and build out that model that then does predict the next word that’s going to come out in the chat box.

    And so it’s not getting better. When you are talking about carbon footprints and getting to net zero, you’ve not just got to change the energy mix so that you’re running off renewable energy. You need to actually reduce demand. In the UK there’s a carbon reduction in task force. Their target is by 2030, they will have reduced demand by 15% for electricity in comparison to 2021. You have to reduce the demand as well.

    [00:11:25] Nathan Wrigley: Right.

    [00:11:26] Louise Towler: And the connection to IT and websites is that if you transmit less data, you are, there’s not a direct correlation always, but you are essentially using less electricity to transmit that data.

    [00:11:37] Nathan Wrigley: So the easiest way to mitigate your use of the internet is just to stop using it. But that’s completely unrealistic now?

    [00:11:44] Louise Towler: Well, a company with zero carbon footprint is probably a company that’s not in business. You can’t not use the internet. What you have to do, we have to try and make sure the internet uses less electricity to do what it does.

    [00:11:59] Nathan Wrigley: Okay, so given that we’re not going to be switching our computers off, we’re not going back to the internet stone age, if you like. We’ve got to figure out ways to reduce the amount of carbon that we put out. So we’ve got to become responsible citizens because we’re using the internet. But also, we’re in a slightly unique position, you, I, and the people listening to this podcast, because we’re sitting behind the websites that are causing the pollution. And that’s, I guess, where the rest of this conversation is going to go. What are the things that we can do to make our websites for our clients, for ourselves, pollute a little bit less?

    [00:12:38] Louise Towler: Think about the data and educate your client. So in the first instance, if your client wants that amazing stock video on the banner of their homepage, that auto plays in the background and looks absolutely fab. But actually the amount of data that you are then having to load on the homepage to deliver that video is massive. Well explain to them the consequences of that decision.

    It’ll probably mean the homepage is a little bit slower, which won’t be as good for Core Web Vitals and for search. So whether or not they care about the planet, they should be caring about the performance of their website. And the fact is it will use more data and that’s not good for people or the planet.

    If I’m on a fixed price data plan, because I’m on a low income and my children’s school has a massive video on the homepage of their school website with lots of happy kids running around the playground. And every time I visit that website, I’m using up my scarce resources of data, auto playing that video, that’s not very respectful to me when I’m trying to go about my daily life.

    So there’s lots of levels you can talk to your clients about why it’s good to do things. So it’s things like optimizing videos, optimizing images. If you’re familiar with Core Web Vitals and trying to speed up websites, these are nothing new. But you know, design your website with two fonts rather than five.

    Think about when you embed videos on the page. The block editor, it’s really easy to embed a video from YouTube or Vimeo, but use a plugin and put a facade in front of it so that when you actually load the page it loads an image. If it’s below the fold, you can lazy load the image. If people don’t scroll down, the image doesn’t load, and it’s only when they click on that image that the video plays and actually downloads that extra data.

    So you are being really respectful to your visitors as well as to the planet by consciously thinking about these things. And it doesn’t cost anymore if you plan it in from the beginning. Talking to your clients and planning it, most clients are really happy to have that conversation because in the end, performance and speed should increase conversions and profit.

    [00:14:56] Nathan Wrigley: Actually, that’s a really good point. You mentioned, just as we were beginning, that you run an agency.

    [00:15:00] Louise Towler: Yeah.

    [00:15:01] Nathan Wrigley: Do you have this conversation with your clients?

    [00:15:03] Louise Towler: I talk about performance and speed.

    [00:15:08] Nathan Wrigley: Yeah, so how does that go down?

    [00:15:09] Louise Towler: Fine.

    [00:15:10] Nathan Wrigley: Have you ever had somebody push back and say, no, we need the video? Or is it generally a conversation of look, okay you could have the video, but here’s the reason why I think for the planet, you shouldn’t have the video. How does that conversation normally go?

    [00:15:19] Louise Towler: We advise them. It’s like with banners, with sliders, we advise them. I emailed something to a client last week saying, here’s the Google stats. About 8% will see banner number two. Do you really think banner number three, as one of your key important messages being viewed by 4% of your home paved visitors, you’re better off putting that content on the page. It is the client’s choice in the end, but I will educate them so they’re conscious of the choice that they’re making. Rather than not aware and then complain that nobody clicks through from banner number three. And I’m like, well, we did tell you.

    But there’s some things I don’t give clients a choice on, like accessibility. They don’t get a choice about having an accessible website because you don’t want to give people a choice where you don’t want them to make a poor decision.

    [00:16:04] Nathan Wrigley: And in terms of your agency, do you advertise your environmental credentials?

    [00:16:09] Louise Towler: We don’t really talk about it at the moment, but we will be dipping our toe in the water and talking more and more about it over the next few months, because we’ve been doing some interesting stuff in the background.

    [00:16:20] Nathan Wrigley: You mentioned that an autoplay video, that seems like the most extreme example. You know, you go to a website, suddenly you’ve downloaded without your realizing it, I don’t know, 10 megabytes of data that you really didn’t need. Just run through the components of a typical webpage. So what have we got? We’ve got text, we’ve got images, we’ve got video, we’ve got, audio like this.

    What are quick wins? What’s the order, if you like, that you should go through when in your head you’re trying to make a page more environmentally friendly?

    [00:16:49] Louise Towler: I would start with images because a website typically has more images than videos. And if you’re doing something with images like you are, I don’t know, using a CDN, or you’ve installed the performance plugin and you are delivering things as WebP, then one plugin and one solution might work across all images on your website.

    So I would definitely think about images in terms of making sure you deliver the right sized image for the device as well. So make sure that in your theme, you’ve got that function which saves it all out at the various different break points.

    [00:17:22] Nathan Wrigley: If you’re on a, mobile website, the image that’s loaded should be the same size as the device that you’re looking at. Not a great big image that’s been squished down, okay.

    [00:17:30] Louise Towler: Exactly. And that can be a bit tricky because sometimes on mobile sites for example, we’ll have a nice banner image, but we’ll make it cropped and square. Whereas on a desktop site you might have it that letter box shape. And actually it won’t really work on a mobile. It’s too sort of narrow and thin.

    So you sometimes need to be a bit careful about, especially with the block editor, do you need to have different versions of images unless the cropping is right in the middle. Doesn’t work very well with the block editor to just auto crop. It’s about thinking about it. So I definitely start with images.

    Little things like making sure you are using SVGs where it’s appropriate. If you’ve got an animated gif, turn it into a video. I then look at the videos. Just make sure you’ve got facades or posters on videos and try and persuade your client not to have that large banner video.

    I would then look at fonts and make sure all your fonts are self-hosted. Which is a good thing anyway because certainly from a GDPR perspective, if you are using Google fonts in Europe, then there’s been some case law around, it’s leaking data to Google about who’s using those fonts and you don’t want to be doing that.

    But that again will speed it up because you can cache the fonts and things like that. And subset the fonts. So I think you can do things where if you are only, if you’ve got a font set that’s in multiple languages, but actually your website’s just in English, only use the bit of the font that you need for the language that you are working in.

    And then I would definitely think about things, other things on the website, like email. If you’ve got a transactional site and you are sending out lots of confirmation of shipping emails. Do you need a really big logo in the email? Can it be a tiny logo or even just text on a colored background and make those emails have a lower carbon footprint as well.

    [00:19:18] Nathan Wrigley: How does WordPress out of the box do with helping you get to some of these targets?

    [00:19:26] Louise Towler: It’s not helpful.

    [00:19:28] Nathan Wrigley: So I was going to say, I imagine that most people listening to this podcast have an understanding of everything that you just said, but the typical user of WordPress is not somebody that’s listening this podcast. Used by millions of people who probably see the media library throwing the biggest image they’ve got, and that’s it.

    [00:19:43] Louise Towler: I think you’ve got to be a responsible theme author. As an agency, we build our own custom themes for each client. So we’re not constrained in any way at the design stage. But if you’re choosing either a free theme or a paid for theme, you can be quite wise about it. So if you are you’re building a brochure site for a client, you don’t need to choose a theme with every possible e-commerce, form plugin, event plugin, all that extra code. If you’re not using font awesome icons, then don’t let the theme pull in the complete font awesome icon set.

    Just download a little SVG. So try and think about the theme that you choose. It can be a bit of a pain to actually turn off on some of those very flexible all singing, all dancing dancing themes, the options when you just want something really simple.

    There are some plugins that can help. So for example, we often use a plugin called Perf Matters, which is really good for performance. And one of the things I particularly like about that plugin is, so if we are working with a client where they might have an inquiry form or a landing page with an inquiry form on it. You install a plugin, we use Gravity Forms. Really brilliant plugin. Love it. But of course you get that plugin code in the head of every page, just in case the form’s required. Well turn it off.

    You can use Perf Matters and go in, and go I only want the Gravity Form code to be embedded on these three pages, on the site that have forms on. Doesn’t need to be downloaded for any other pages.

    The same with something like Google Maps, the API for Google Maps. Often you’ll put it in so that you can have a nice map on your contact page. Well actually, number one, could you replace that map with an image, and then just link out to Google Maps? How many people are actually going to be scrolling in and out on the page?

    Think about it from the user’s perspective, but then actually just have that Google Maps API code in the contact page. Don’t have it anywhere else on your website. It’s just not needed. But you see it a lot where all the plugins inject all their stuff into the head on every single page just in case. So go through and turn things off.

    [00:22:02] Nathan Wrigley: You mentioned earlier that obviously this is something you’re trying to embed in your company. You also mentioned that you don’t have the conversation about accessibility. It’s just the way it is.

    [00:22:10] Louise Towler: Well, we talk about it. The only time we really push back is where clients have got brand colors, which aren’t AA accessible, and then we discuss with them whether we can change them.

    [00:22:21] Nathan Wrigley: But are you going to in the future be having more conversations like this?

    [00:22:26] Louise Towler: Yes.

    [00:22:27] Nathan Wrigley:And if so, how forceful are you going to be with your clients if they push back? Say, no, no, no, no. There’s a delicate line here, isn’t there? You want to do the best for your client and the best for your client may be a bitter pill for them to swallow.

    [00:22:39] Louise Towler: There may be a really good a brand reason, depending on the client, as to why they have to use a particular font. But I would be going to the client and saying, I’m going to tell you why it’s not a good idea. In the end, it is your choice. It is your website. You own the site once you’ve paid me for us to build it. So it is yours to do what you want with. But do it consciously, knowing the consequences of the decision that you are making.

    So I will always tell them, in the end it is their choice. But with things like brand and fonts and that, well you know, the consequences of pulling in an Adobe font is 6 to 800 milliseconds of a page load. That can be the difference between a first and second spot on google.

    So sometimes you can argue it really strongly from a commercial reason, and they will listen and go, right, let’s go back to our brand designer and get them to find some web fonts or some Google fonts that we can use. And elsewhere, yes, you’ll use that fancy type kit or whatever font, but let’s use something for the web that actually will work and not impact on the performance of the site. Because if they’re a commercial client, they’re going to care about the performance. We need to make them look good to their boss.

    [00:23:59] Nathan Wrigley: Given exactly what you just said, is there some accreditation that websites can expose to the world to say, we made an effort here? I’m trying to think of an example, but there are badges that you can get in all manner of industries to say, okay, we went through this training. We made the effort here, and so we have a badge to prove that we made an effort.

    Is there something that people can do on the internet to say, look, our website is consuming 50%, 30%, whatever, less energy than it might have done. We made an effort. Here’s our badge to prove it.

    [00:24:32] Louise Towler: I’m not aware of a badge, but there are lots of people doing lots of things out there. So there might be. I think it’s really hard because what might be a good score for a e-commerce site, might be of a poor score for a different type of site. And I think that in the end, yes, you can measure against other people, but actually you have to have that intrinsic motivation for just wanting to do it. It’s not about collecting badges.

    Does it matter if your site is AA accessible and you have a badge on your site? Or does it matter that you basically have enabled 40% of the population with disabilities or temporary impairments to actually access your goods and services, and you’ll increase your profits as a result?

    [00:25:15] Nathan Wrigley: So that was the website piece. You know, can you expose this credential to visitors? What about you as an agency? Can you expose your credentials to your clients? Is there anything there?

    [00:25:26] Louise Towler: Well, we’re working, and it is a very much a work in progress, towards something called B Corp, which is an accreditation thing that you can get for being, if you like, a good citizen to the planet. It covers environmental. It also covers governance, and more things to help with inclusivity and diversity. And we are rewriting our staff handbook, and we’re measuring our carbon footprint as part of that, as an agency. But we’re also doing other things as well. Making sure that we do things in a way that’s consciously responsible, and there’s got to be a business for good. We want to be a good citizen for the planet. And I think that’s quite a high standard. And there’s, I think about a thousand companies in the UK who have that. And we are not there yet, but it’s something that I think we can aspire to be.

    [00:26:12] Nathan Wrigley: Do you have any sense that this message that you are preaching here is beginning to catch on? You are definitely in the vanguard. Most people are not talking about this. If we go downstairs, we’re not really picking up on that message yet. But do you sense some kind of change? Are you communicating with people on a more regular basis about this? Clearly you are interested in it, but are you talking into the void or are people beginning to listen?

    [00:26:37] Louise Towler: There’s a lot of people in communities where the communities are talking about this a lot. I think what’s really nice is I was given the opportunity to speak at a conference, and this conference, to the entire WebPress community had a session about digital sustainability. I personally think that every conference that anyone puts on should have at least one speaker, or channel, or workshop, or something talking about sustainability in the industry, or sector that the conference is in. Because it is looming.

    The legislation is coming. The governments are legislating now, and at the moment in the UK it’s only very, very large businesses who have to do reporting. But if you are a large business wanting a government contract with a value of more than 5 million pounds, which you know, even small consultants and agencies can go for big contracts. You have to have your scope one, scope two, and some scope three emissions and a carbon reduction plan will be coming.

    By 2028 The National Health Service in the UK will require every product or service that is supplied to it to have a carbon footprint. So you need to be starting now because for some things that’s going to be really hard to do and it’s going to take a while to do.

    So start now with the little things, the quick wins. Start measuring where you are, because your carbon reduction plan has to say how you’re going to reduce. And then you have to show that you are making those reductions. So start measuring now, so that all the things you start doing now can be part of that reduction that you make and you can report on.

    [00:28:18] Nathan Wrigley: So you are describing things in the UK. In the UK in the future, you are literally going to be unable to get certain types of website client work if you cannot prove that you’ve done the due diligence.

    [00:28:31] Louise Towler: Yeah.

    [00:28:31] Nathan Wrigley: Okay, that’s really interesting. But still a way off. We’re still five years out from that portcullis closing?

    [00:28:37] Louise Towler: Yeah. But if you are a large business, very large business, you already have to do mandatory reporting. The government is slowly going to bring that down. It wouldn’t surprise me in the slightest if by 2030, as well as putting in my annual tax return, on my submission of my company accounts to Companies House, I have to do a carbon accounting report. Every small business.

    The EU, 23 million organizations there are in the EU at the moment, by 2028, all of them are going to be expected to put in some sort of carbon report on what they’re doing. The legislation is coming.

    But even quicker than that, procurement is starting to change. So I think it was the back end of 2021, Tesco sent out a letter to all of their suppliers saying, we want you to do these four things. You need to have a carbon reduction plan. You need to move to green energy. Otherwise you can’t be part of a supplier to Tesco. Doesn’t matter whether or not you are a large business or a small business, they sent it out as part of their procurement. So the government legislation is coming, but larger businesses are doing it quicker because they’re using procurement as a tool to do that.

    And then on top of that, for some organizations now it’s affecting their access to finance. So if I’m a pension fund or I want to invest in a large enterprise or a business, why would I invest in you, if you are not sustainable in 5, 10, 15 years time? They are now beginning to ask for those carbon reduction plans, sustainability report. What are you doing for your ESG as a condition of investment?

    [00:30:22] Nathan Wrigley: So the window of opportunity for ignoring this is fast closing?

    [00:30:25] Louise Towler: And why not get ahead of it? Why not be that agency that can help your clients with these challenges?

    [00:30:32] Nathan Wrigley: Although you described that there’s no badge necessarily for this. It really does feel that for the right client this is a conversation which will win you work. If you can prove that you are going to do this work now, like you said, who’s going to say no to a more green website? Would you like your website to be much more environmentally friendly than it could have been? Well, no, actually we’d like it to pollute more, please. That’s just not a conversation you’re going to get into.

    [00:30:56] Louise Towler: Exactly. Exactly.

    [00:30:58] Nathan Wrigley: That’s interesting. So the only piece that I can see in this conference where anything is mentioned about the environment is hosting. And even that, it’s probably I don’t know, one in fifty, one in a hundred who have that badge. Talk to us about that side. So obviously we build websites, we’ve got a computer, we know that it’s stored somewhere, but tell us about hosting, and what people are doing.

    [00:31:22] Louise Towler: Actually some of the hosting companies here are very green, but you have to consider the political climate. So if you are a hosting company based in Texas, in the US. And you are being told that you have to support big oil because that’s what runs Texas. You don’t talk about the fact that you are running your hosting data centers on green energy. So it’s not that they’re not. It’s just that they’re not, it’s not necessarily part of their marketing message at this point, because the political climate isn’t necessarily conducive to that.

    [00:31:55] Nathan Wrigley: So you are saying that the hosting industry broadly are doing a fairly good job of this?

    [00:32:00] Louise Towler: Well, some of them are, yeah. I know for a fact a lot of the Google Cloud hosting is green and a lot of the big, they’re using Google data centers.

    [00:32:09] Nathan Wrigley: That feels like one of the most grounded things that you can do. If you’re having a website, you can actually go out and look for green hosting.

    [00:32:16] Louise Towler: And the Green Software Foundation has a little URL. It’s a little tool. You can literally go and put in your domain name and it will tell you whether it’s running on a green hosting.

    [00:32:25] Nathan Wrigley: What is the Green Software Foundation?

    [00:32:27] Louise Towler: It’s a sort of organization that is talking about green software, green web, green all sorts of things. They’re doing some really interesting stuff. They work a lot with very large organizations. I think to be a member you have, like have to pay up 10,000 pounds or something. It’s like out of my league to be a member, but it doesn’t mean I can’t see what they’re doing and listen to what they’re doing.

    They’ve also got a really interesting free course that you can do on sustainable software development. And it gives you all the background and all the things you should be considering when you’re building software and websites basically, and the things that you can do to make them run better in a greener way.

    [00:33:09] Nathan Wrigley: If I wanted to make my website more SEOable, I’ve got a whole suite of tools available to me. And many of them will give me some sort of data saying, okay, this page is, you’ve done a good job here. Like a traffic light or something you, you know what I’m saying?

    [00:33:25] Louise Towler: Yep.

    [00:33:26] Nathan Wrigley: Are there tools similar to that, that we can use in WordPress?

    Maybe it’s some kind of extension to a browser where we can see what our browsing is doing on the internet. In other words, is there a plugin, something which will show us a dashboard saying, okay this page, based upon the hosting that you’ve told us you’re using is consuming or creating this much carbon debt.

    [00:33:51] Louise Towler: There’s individual tools at the moment that I am aware of. You can put in a URL and it will say, oh yes, your page is this many grams of CO2. Actually what we’ve done is something. We’ve been doing a thing. I did that thing of having a side project to the agency, and we’ve been building something for the past couple of years, and we’re about to launch a piece of software. It’s an extension to WordPress, which will actually, in the dashboard, show you a daily carbon footprint of your website based on daily visits and page views.

    [00:34:24] Nathan Wrigley: How is that working then? So presumably the daily page bit is fairly straightforward. This website has been consumed 25,000 times, we can make the connection there. But presumably it must be figuring out, okay, that page had a video on it. This one had nothing but text, and it’s based upon upon some hosting.

    [00:34:40] Louise Towler: So we’re basically measuring the page, a measure of the data or page weight for each page. And then we’re looking at the visitors to the pages as well.

    [00:34:50] Nathan Wrigley: And are you giving like a score out at the end?

    [00:34:52] Louise Towler: We’re not giving a score at the moment, but eventually when the software’s launched and there’s lots of people using it, we will be able to say, oh, actually, in comparison to other people using our software, you are in the top quarter, or bottom quartile or you are in the middle. So we can give some feedback. But more importantly, if you look at it and you use things like traffic, then you can start to see where you should be optimizing.

    [00:35:17] Nathan Wrigley: Okay. And is this tool going to give you helpful advice on how to optimize it?

    [00:35:22] Louise Towler: Yes, we’re building out a knowledge base as well.

    [00:35:23] Nathan Wrigley: I was going to say, it’s all very well saying this page is doing really badly, but, you know, tough luck.

    [00:35:27] Louise Towler: Yeah.

    [00:35:28] Nathan Wrigley: So, where will it point me? What are the sort of metrics that you’re going to be helping me with?

    [00:35:31] Louise Towler: We’ll be helping with all the basics. It’s actually about empowering the content editors. Because as website theme builders and as website developers and designers, we can build the most amazing AA accessible website that’s really lightweight and fast.

    And then a year later we could audit it and find, oh, content editors added, you know, 30 images and they didn’t realize they had to add alt text to each one. And they can have loaded that really large video and not realized that it needed a poster attribute to make sure that the page didn’t take a long time to load.

    So what we are trying to do is give that feedback to editors in the browser when they’re editing the site, in the backend of the admin. Because that continuous measurement, if they see a little spike, or they see that suddenly something’s changed, they can go in and fix it. Rather than end up just doing an annual check, or checking every so often and ending up with a list of defects to fix, basically.

    So the whole point is, it’s about designing out people making those unconscious mistakes in the first place. And making sure the website continues to be at the standard it should be at and potentially improves over time.

    [00:36:44] Nathan Wrigley: So slightly off piste a little bit. That’s lovely. I mean I would hope to be able to see that kind of data and it would be really useful to me as a website builder. What about by just general browsing the internet? Do you know if there’s any tool which can tell me, right at the end of today Nathan, you’ve been a poor citizen. Some kind of, I don’t know, a browser extension or something which tells me.

    [00:37:05] Louise Towler: I don’t know that. Nobody’s ever asked me that question, so I will have to take that away Nathan and I will have to come back to you, because I genuinely don’t know the answer to that.

    [00:37:13] Nathan Wrigley: I think that would be quite a useful thing to know. At the end of the year, Nathan, your internet use is the equivalent of a 20,000 mile flight or something that would be.

    [00:37:22] Louise Towler: You must be online a lot.

    [00:37:23] Nathan Wrigley: I really am. Yeah. Okay, when are you hoping to get this tool out?

    [00:37:28] Louise Towler: We are doing a soft launch, early adopter, by invitation to Indigo Tree clients mid-July.

    [00:37:33] Nathan Wrigley: Okay. So really soon.

    [00:37:35] Louise Towler: Yeah. And then from then on we’ll be building out new features and basically getting it to the point where we can launch it to people as a SaaS product.

    [00:37:45] Nathan Wrigley: So going to go beyond WordPress at some point?

    [00:37:47] Louise Towler: Couldn’t possibly say, but yes.

    [00:37:49] Nathan Wrigley: Maybe. Maybe, yeah.

    [00:37:50] Louise Towler: Well, it depends on the roadmap and it depends what interest we get. And for me it’s not just about the commercial side of, we to build something that’s obviously profitable and successful. It’s actually where can we make the biggest impact? How can we, with what we are doing, make sure that we get the biggest carbon reduction overall.

    And the great thing about when you’re measuring stuff is we can actually report on global stats that are sort of, you know, a thousand clients and cumulatively this month they have reduced their carbon footprint by this amount. You know, so it is going to be an interesting journey to see how we get on and where the biggest impact can be whilst being commercial as well.

    [00:38:26] Nathan Wrigley: Yeah. It really does sound interesting. Okay, so we’re going to have to wrap it up. We’re probably at the edge of the amount of time that we’ve got.

    Where would we go if we are curious about the things that you’ve talked about? So maybe that’s a link to your, the product that you’ve just mentioned. Maybe it’s just a more general set of resources. What are the two or three top places that you would send people?

    [00:38:45] Louise Towler: I’d definitely have a look at the Green Software Foundation. I would also go to, there’s a Slack channel in the WordPress. I think they’re just about to create a team in Core for sustainability. So I’d be going and talking to them.

    And then I would be keeping an eye on people like Wholegrain Digital. Tom and Vineeta talk about things a lot. Tom’s got a really great newsletter that you can subscribe to. So there’s lots of people talking about it, but I think it’s about figuring out where it fits with your particular clients. And some of our clients are very values based and will immediately go for this. Some people just need that more commercial argument as well.

    [00:39:26] Nathan Wrigley: Well, Louise, thank you for telling us all about your efforts regarding sustainability and the environment. It is a genuinely fascinating subject, and my prediction is that this conversation is only going to get louder and louder.

    [00:39:39] Louise Towler: I hope so.

    [00:39:39] Nathan Wrigley: As the years go on. Yeah, thank you for talking to me.

    [00:39:41] Louise Towler: You’re welcome. Thank you.

    On the podcast today we have Louise Towler. She joined me at the recent WordCamp Europe in Athens to talk about websites and making them more sustainable.

    Louise is the founder of Indigo Tree, a UK based agency with deep expertise in WordPress websites.

    She gave a presentation at WordCamp Europe entitled, Digital sustainability: The benefits for business and the environment in which she emphasised the impact websites can have on our planet. Her aim was to deliver practical tips for users and developers to help them make informed decisions.

    This presentation is the focus of today’s podcast, and we cover quite a lot of ground.

    Louise highlights the significant role which electricity plays in powering data centres and transmitting data to end devices. Even if data centres use renewable energy, there is still a need to address overall electricity consumption. She points out that the internet is the fourth largest polluter globally, surpassing the airline industry.

    We discuss how the continuous and widespread use of the internet has made it difficult to reduce its own impact, whilst still emphasising the importance of the steps we can take to make the internet more energy-efficient. 

    She suggests ways that we can all make a difference right away; educating clients about the consequences of certain design choices, such as using large videos or autoplay features that require substantial data to load. Optimising videos, images, and other website elements, which makes it possible to reduce data consumption and improve performance.

    The conversation then explores other suggestions such as using modern image formats, using images as placeholders for videos, self-hosted fonts, and considering the carbon footprint of email communications.

    Louise acknowledges the challenges of discussing environmental concerns with clients whilst also explaining that we have to come up with ways to make clients understand that these decisions are beneficial to them as well. After all, an optimised website is one that is looked upon favourably by search engines. Whilst clients ultimately are the decision makers, informing them about the consequences of their choices can help them be more informed.

    Moving onto WordPress, we talk about the responsibility theme authors play. It’s a crucial role, helping users make sustainable choices. Her agency builds custom themes for clients, which allows them to have full control over design decisions.

    We get into the subject of how legislation is certainly coming, and so getting in early and understanding the implications of such legislation will help your own endeavours in the future.

    Towards the end of the podcast we chat about some of the tools which you can use to assess the impact that your websites have, including a tool which Louise and her team have been working on for the last few years.

    If you’re interested in how your sites can become more sustainable, this podcast is for you.

    Useful links.

    Louise WordCamp Europe presentation – Digital sustainability: The benefits for business and the environment

    Indigo Tree website

    Perf Matters plugin

    Gravity Forms website

    Green Software Foundation website

    Sustainability Slack Channel

    Wholegrain Digital website

  • WordCamp Dhaka 2023 Cancelled Due to Concerns of Corporate Influence on Community Decision-Making

    WordCamp Dhaka (Bangladesh) 2023 has been cancelled by The WordPress Community Team due to concerns of corporate influence on the community decision-making process. The camp was scheduled for August 5, and organizers had already secured a venue and progressed on moving the camp forward.

    The Community Team published a statement on the event’s website, which cited the interference of corporate interests:

    The WordPress Community Team’s primary goal is to support and nurture the WordPress community by enabling organizers to create amazing events that celebrate WordPress, its community, and globally shared values. The Community team cannot support the event if a WordCamp is not aligned with these values.

    WordPress events benefit the WordPress community as a whole, not specific businesses or individuals. The Community Team expects that WordCamps decisions should be guided by the community’s collective wisdom and not influenced by any one company’s interests. When companies attempt to exert influence on the planning process, the Community Team must step in to mediate. In this instance, we have decided to cancel WordCamp Dhaka 2023.

    The Community Team urged the Dhaka community to focus on collaborative organization, companies uplifting the community, and greater diversity in participation.

    In an equally vague incident report on WordPress.org, which doesn’t even identify the WordCamp that was cancelled, Community Team contributor Sam Suresh called it “an unfortunate but necessary decision.” He summarized the team’s reasons for the decision:

    The decision to cancel the event was not a result of inadequate planning or insufficient effort on the part of the organizing team. Instead, there were observable actions from local community members to influence decisions that would benefit specific individuals or companies. When this influence did not immediately lead to their desired results, the individuals aimed to undermine the organizing process and event success. While the Community Team took steps to mediate, the inappropriate behavior and actions we saw necessitated the cancelation. This is a rare and extreme decision and underscores the severity of the situation.

    Suresh said the issues applied to the local meetup group as well, and that all co-organizers and event organizers were removed from their roles and required to repeat their orientation to gain access again. A community deputy and a mentor were also removed from their roles in the project and the companies involved in the infractions were banned from sponsoring WordPress events for a year.

    “In times of challenges like these, it is important to remember that anyone can organize WordPress events regardless of who they work for and that WordPress community events are for the benefit of everyone, not any one business or individual,” Suresh said. “As a community, we will not tolerate harassment or influencing unacceptable behaviors.”

    Shortly after publishing, several community members commented with objections to the level of secrecy around the issues at hand and the people and companies involved. The Community Team’s nebulous posts on the matter seem to have further scandalized the situation, instead of offering clarity and transparency.

    “This post definitely abides by the ongoing policy of not letting the community know who is being censured by the Community Services team, even in cases of egregious action,” WordPress marketing and meta contributor Sé Reed commented.

    “I’ve seen multiple cases of people filing harassment reports and various Code of Conduct violations, and that person/people have had various consequences, including being removed from organizing teams. However, those people then cite various reasons for leaving the team, often outright lying. But because of the secrecy around these cases, no one says otherwise and those people can and often do continue to operate in the community without any repercussions beyond secretly losing their ‘official’ role(s).”

    Reed highlighted the damaging effects of the secrecy surrounding these incidents, most notably that explaining the situation often falls to those who filed the report, as the Community Team abdicates any further responsibility after validating the report.

    “This action is damaging to the community as a whole, as we do not have a full picture of who we are working with and we continue to unknowingly support and empower people who have not honored their community commitments,” Reed said.

    Not all participants in the discussion were in favor of The Community Team identifying the individuals involved, but in this situation they demand to know the companies that were banned from sponsoring WordPress events.

    “I’m on the fence about knowing peoples’ names here, but I think people definitely need to know the companies involved; actively trying to sabotage a WordPress WordCamp is a serious breach of trust for the community,” WebDevStudios Director of Engineering Mitch Cantor said. “Especially when they may turn around and then make money from that said community they tried to sabotage.”

    Dealing with these types of sensitive situations is not an enviable task, but the community, for whom these decisions are designed to serve, is calling for a greater level of transparency regarding those who act in ways that are not aligned with WordPress’ globally shared values.

    “One way or the other, protecting folks who have violated the Community Code of Conduct is a policy that very clearly needs to be revisited,” Reed said.

  • Ultimate Member 2.6.7 Patches Privilege Escalation Vulnerability

    Authors of the Ultimate Member plugin have released version 2.6.7 with a patch for a privilege escalation vulnerability. Last week WPScan reported that Ultimate Member had still not fully patched the vulnerability after multiple inadequate attempts. There was evidence that it was being actively exploited in the wild.

    Working through the complexities of this security issue, WPScan researcher Marc Montpas opened a ticket on WordPress trac, identifying an issue with the meta key field in the usermeta table using accent insensitive collations:

    Looking at the latest string of vulnerability issues that came up related to the Ultimate Member plugin I discovered that the usermeta table has an accent insensitive collation for the meta_key field. This results in queries for wp_cãpăbilitiës to return the actual wp_capabilities row! See update_metadata() function in wp-includes/meta.php

    Imagine the attack surface this brings. In fact, don’t imagine, just look at the recent attacks in the wild.

    This particular issue made it more difficult to fully patch the vulnerability in question. Ultimate Member released version 2.6.7 on July 1, 2023, which whitelists for metakeys the plugin stores while sending forms. The plugin’s security advisory details a few other changes that may affect third-party developers:

    2.6.7 also separates form settings data and submitted data and operates them in 2 different variables.

    [It] includes some significant changes to how forms submissions are handled. This may cause 3rd-party modifications to stop working. For Third-party developers, please update your customizations to support the new changes in the latest version

    Ultimate Member recommends users review and delete any unknown administrator accounts, reset all user passwords including the admin, enable SSL and backups, and send any advisories to site members and/or customers about the incident. The plugin’s developers are working on releasing a feature inside the plugin that will enable the website admin to reset passwords for all users, but it is still being finalized:

    The reason for this is a site using our plugin may have been hacked or injected with malware that sniffs login inputs, because this vulnerability issue is prone to these attacks, we recommend to reset passwords after updating with a security patch. This is to ensure the best protection for your website user’s passwords.

    All Ultimate Member users should update to the latest available version, 2.6.7, which has the patch for the vulnerability. The plugin’s developers are awaiting more feedback from WPScan and are evaluating all their extensions to ensure they are secure.

  • WordPress Plugin Review Team Adds 6 New Sponsored Volunteers, Opens Applications 

    A new era has begun for WordPress.org’s Plugin Review Team. Mika Epstein, who has served for the past decade, is stepping down, but not before launching a new crew of volunteers.

    The team is responsible for approving newly submitted plugins, maintaining the Plugin Reviewer Handbook, as well as investigating any reported security issues and guideline violations.

    Historically, the Plugin Review team has had very little turnover, but a new crop of six sponsored volunteers will be contributing an estimated 50+ hours per week. The new members include David Pérez, Evan Herman, Francisco Torres, Luke Carbis, Marta Torre, and Paco Marchante. Their efforts are already in demand as they work to tackle a large backlog of plugins.

    “Given the nature of the work the team does, joining this team is a little different than some of the others: each new member will go through a vetting process by current team members before being selected,” Epstein said. “Some of the things the team is looking for are: a solid track record as a plugin developer; the ability to communicate clearly, kindly and constructively – both with other developers and users; interest in improving tools and processes; and excellent collaborative and conflict-management skills.” 

    Epstein is encouraging more volunteers to apply, if they have at least five hours per week to devote to the team, as they could still use more help. Prospective team members can submit an application, which will be evaluated by current team members. Applicants will be required to send examples of plugins they have coded to demonstrate their experience, provide references, and detail some of their contributions to the project.

  • WP Feature Notifications Contributors Seek Feedback on Admin Notices with Community Survey

    The WP Feature Notifications project has launched a community survey to get feedback on the current system of notices in the WordPress admin. The project aims to create a better way to manage and deliver notifications in the admin, and the survey is intended to further refine this work.

    A few months ago, the project released version 0.2.0 of the feature plugin in which contributors implemented a more robust JavaScript-based system for standardizing how notifications appear in the admin. This is a proof of concept plugin that uses demo data only. They are working towards an MVP for 0.3.0, which will remove the demo content and provide a functional notification system. Contributors have also put together an updated design based on the idea of working within WordPress’ existing design system.

    “The team has recently made some solid progress on things like database storage and REST API endpoints,” WordPress core contributor Joe Bailey-Roberts said. “However this is slightly paused for now so we can revise things if necessary, based on the survey results. We also have an updated design for the admin notices UI that we’ll shortly be showcasing, which came out of the WCEU Contributor Day.”

    Anyone who uses WordPress is welcome to take the survey – it’s for developers and users alike. It takes just a few minutes and may help shape the direction of the WP Feature Notifications project in the future.

  • Gutenberg 16.1 Introduces Pattern Creation and Library, Adds Distraction Free Mode to Site Editor

    Gutenberg 16.1 was released this week, debuting of the Pattern Library, which coincides with reusable blocks getting renamed to synced patterns. Users can now create and manage their own patterns that will also show up in the block inserter. Custom patterns are saved to the new Library alongside custom template parts.

    This release also adds a new Distraction Free mode to the Site Editor, which removes all controls and menus, functioning in a similar way to the mode added to the content editor in October 2022. The mode can be accessed under the more menu of the Site Editor.

    Automattic-sponsored engineer Andrei Draganescu submitted the PR for the feature and cited three reasons why the Site Editor could benefit from a Distraction Free mode:

    • Because distraction free work is a good environment to cultivate
    • Because the command center makes full chrome UI useless for power users
    • Because it enables a really 1:1 preview – while maintaining everything editable

    Draganescu published a video of the Distraction Free mode working in concert with the new Command Palette:

    Another new feature in this release is automated footnotes.* Users can add them by highlighting the text and selecting Footnote from the formatting menu. This will automatically insert the note and create a Footnote block at the bottom of the content. (This block can be moved.)

    1. This is an example of a footnote. ↩︎

    Footnotes can be added inside paragraph, heading, and list blocks, and are saved as post meta. The Footnote block doesn’t seem to be accessible in the block inserter. It is automatically created and inserted with the first footnote.

    A few other notable features in this release include the following:

    • Live block theme previewing in the Site Editor moved out of experimental stage, available for block themes under Appearance > Themes
    • Site Editor sidebar now displays template and settings configuration details for the home and index templates
    • Aspect ratio controls added to Image block

    Gutenberg 16.1 is included in the upcoming WordPress 6.3 release, but if you want to take advantage of these features before August, you will need to be using the plugin or test 6.3 Beta 2. Check out the release post for the full changelog that includes all the latest enhancements, bug fixes, and performance and accessibility improvements.

  • Hackers Actively Exploiting Unpatched Privilege Escalation Vulnerability in Ultimate Member Plugin

    WPScan is reporting a hacking campaign actively exploiting an unpatched vulnerability in the Ultimate Member plugin, which allows unauthenticated attackers to create new user accounts with administrative privileges and take over the site. The vulnerability has been assigned a CVSSv3.1 (Common Vulnerability Scoring System) score of 9.8 (Critical).

    Automattic’s WP.cloud and Pressable.com hosting platforms picked up on a trend in compromised sites where each had rogue new administrators popping up. After further investigation they found a discussion on the WordPress.org support forums about a potential Privilege Escalation vulnerability in the plugin, as well as indications that it was already being actively exploited.

    Ultimate Member, which is active on more than 200,000 WordPress sites, patched the plugin, but WPScan reports that it wasn’t sufficient.

    “In response to the vulnerability report, the creators of the plugin promptly released a new version, 2.6.4, intending to fix the problem,” WPScan security researcher Marc Montpas said. “However, upon investigating this update, we found numerous methods to circumvent the proposed patch, implying the issue is still fully exploitable.

    “Adding to the urgency of the situation, a look at our monitoring systems also confirmed attacks using this vulnerability were indeed happening in the wild.”

    WPScan has identified more than a dozen IP addresses from which exploits are originating, common usernames for malicious accounts, and other indicators of compromise, such as malicious plugins, themes, and code. Check the security advisory if you believe you have been compromised.

    Version 2.6.6 is the latest release from the Ultimate Member plugin but it is still believed to be vulnerable. WPScan recommends users disable the plugin until it has been adequately patched.