The WP Feature Notifications project has launched a community survey to get feedback on the current system of notices in the WordPress admin. The project aims to create a better way to manage and deliver notifications in the admin, and the survey is intended to further refine this work.
“The team has recently made some solid progress on things like database storage and REST API endpoints,” WordPress core contributor Joe Bailey-Roberts said. “However this is slightly paused for now so we can revise things if necessary, based on the survey results. We also have an updated design for the admin notices UI that we’ll shortly be showcasing, which came out of the WCEU Contributor Day.”
Anyone who uses WordPress is welcome to take the survey – it’s for developers and users alike. It takes just a few minutes and may help shape the direction of the WP Feature Notifications project in the future.
Gutenberg 16.1 was released this week, debuting of the Pattern Library, which coincides with reusable blocks getting renamed to synced patterns. Users can now create and manage their own patterns that will also show up in the block inserter. Custom patterns are saved to the new Library alongside custom template parts.
This release also adds a new Distraction Free mode to the Site Editor, which removes all controls and menus, functioning in a similar way to the mode added to the content editor in October 2022. The mode can be accessed under the more menu of the Site Editor.
Automattic-sponsored engineer Andrei Draganescu submitted the PR for the feature and cited three reasons why the Site Editor could benefit from a Distraction Free mode:
Because distraction free work is a good environment to cultivate
Because the command center makes full chrome UI useless for power users
Because it enables a really 1:1 preview – while maintaining everything editable
Draganescu published a video of the Distraction Free mode working in concert with the new Command Palette:
Another new feature in this release is automated footnotes.* Users can add them by highlighting the text and selecting Footnote from the formatting menu. This will automatically insert the note and create a Footnote block at the bottom of the content. (This block can be moved.)
Footnotes can be added inside paragraph, heading, and list blocks, and are saved as post meta. The Footnote block doesn’t seem to be accessible in the block inserter. It is automatically created and inserted with the first footnote.
A few other notable features in this release include the following:
Live block theme previewing in the Site Editor moved out of experimental stage, available for block themes under Appearance > Themes
Site Editor sidebar now displays template and settings configuration details for the home and index templates
Aspect ratio controls added to Image block
Gutenberg 16.1 is included in the upcoming WordPress 6.3 release, but if you want to take advantage of these features before August, you will need to be using the plugin or test 6.3 Beta 2. Check out the release post for the full changelog that includes all the latest enhancements, bug fixes, and performance and accessibility improvements.
WPScan is reporting a hacking campaign actively exploiting an unpatched vulnerability in the Ultimate Member plugin, which allows unauthenticated attackers to create new user accounts with administrative privileges and take over the site. The vulnerability has been assigned a CVSSv3.1 (Common Vulnerability Scoring System) score of 9.8 (Critical).
Automattic’s WP.cloud and Pressable.com hosting platforms picked up on a trend in compromised sites where each had rogue new administrators popping up. After further investigation they found a discussion on the WordPress.org support forums about a potential Privilege Escalation vulnerability in the plugin, as well as indications that it was already being actively exploited.
Ultimate Member, which is active on more than 200,000 WordPress sites, patched the plugin, but WPScan reports that it wasn’t sufficient.
“In response to the vulnerability report, the creators of the plugin promptly released a new version, 2.6.4, intending to fix the problem,” WPScan security researcher Marc Montpas said. “However, upon investigating this update, we found numerous methods to circumvent the proposed patch, implying the issue is still fully exploitable.
“Adding to the urgency of the situation, a look at our monitoring systems also confirmed attacks using this vulnerability were indeed happening in the wild.”
WPScan has identified more than a dozen IP addresses from which exploits are originating, common usernames for malicious accounts, and other indicators of compromise, such as malicious plugins, themes, and code. Check the security advisory if you believe you have been compromised.
Version 2.6.6 is the latest release from the Ultimate Member plugin but it is still believed to be vulnerable. WPScan recommends users disable the plugin until it has been adequately patched.
WordPress 6.3 hit a major milestone today with the release of Beta 2. The release leads opted to skip Beta 1, which was delayed yesterday after some technical issues with packaging the release, and have moved straight on to Beta 2.
As WordPress 6.3 is set to be the last major release of the Gutenberg project’s Phase 2 focus on customization, it ties up many loose ends related to the Site Editor and usability in general. It rolls in the ten most recent releases of the Gutenberg plugin – versions 15.2 through 16.1.
Major interface enhancements in this release, as outlined by the comprehensive 6.3 testing guide, include the following:
Patterns are also getting a big boost in this release, as reusable blocks have been renamed to “synced patterns.” Pattern creation is now available to users and a new pattern library will be located inside the editor for saving and managing both synced and unsynced patterns. Theme authors now have the capability to register custom patterns to templates, so they appear in the start modal to speed up page building.
WordPress 6.3 will introduce three new blocks, including details, time-to-read, and footnotes, along with many improvements to existing blocks.
In the rare event that the manual update of a theme or plugin fails, auto-rollback is available as of WordPress 6.3.
Beta 2 testers are encouraged to file bug reports on WordPress Trac. During beta testing until the last RC, the WordPress project will also be doubling its monetary reward for any new, unreleased security issues that are uncovered. The vulnerabilities must be found in new code in order to qualify for the doubled reward.
Check out the Beta 2 release post for more information on new features, accessibility improvements, and instructions on how to test. WordPress 6.3 is scheduled for release on August 8, 2023.
WordCamp Asia has announced its dates for 2024. The flagship event is now officially scheduled for March 7-9, in Taipei, Taiwan. Organizers have secured the Taipei International Convention Center (TICC) venue to host the event, which is located in the business district not far from Taipei 101, formerly known as the Taipei World Financial Center, a skyscraper that is the city’s most visible landmark. TICC has a capacity of more than 3,000 people.
“The local community is massive and I’ve been told that WordCamp Taiwan (this October) alone would boast of at least 500 attendees,” organizer John Ang said after visiting Taipei with his team to sign the venue. “While we were on the same trip, we were lucky to be able to celebrate the 20th Anniversary of WordPress with the Taiwanese community.
“There’s also active work bringing in government support and other open source communities across the region (e.g. Hong Kong) to WordCamp Asia next year.”Â
WordCamp Asia attendees can expect 3-5 tracks of sessions featuring diverse presentations across a range of topics for beginners and seasoned WordPress professionals alike. The venue also offers ample common areas for networking.
More details on the event and calls for speakers and sponsors should be coming soon. Those who are hopeful to attend can subscribe to updates on the event’s website or follow @WordCampAsia on Twitter.
Last week Gutenberg contributors were engaged in a spirited debate regarding a proposal to rename the new Command Center to Wayfinder. The feature, designed to be an extensible quick search and command execution tool, will land in WordPress 6.3.
The majority of participants in the discussion were strongly against calling it Wayfinder, as the term doesn’t translate well, nor does it make the feature’s benefits easy to understand. Wayfinder was proposed as a unique name that “has the potential to evoke a sense of curiosity, exploration, and discovery.” There were several attempts to wrap up the discussion with notes on alternatives even when it was apparent that the general consensus was unequivocally not in favor of the term Wayfinder.
Automattic-sponsored Gutenberg contributor Anne McCarthy commented on the issue with the decision, which she said was reached after consulting project leadership and reading through the comments:
Let’s move forward with Command Palette.
Reasoning: easier to translate, consistent across other tooling outside of WordPress, matches current functionality, eases discoverability/understanding of value, and leans generic which matches the concerns raised here.
Ultimately, we can always discuss renaming if the feature reaches a point of evolution outside of this initial name. As raised above, that would be more worth risking a unique name for than something that exists in other products and that ultimately we want people to quickly understand/find value in. Plus if we hold off on that name for the future, it can create a nice marketing push for something truly unique when/if the time comes. If folks have additional specific concerns around this naming, please speak up sooner rather than later.
McCarthy also requested other contributors ensure the re-naming is updated throughout the interface for the upcoming release.
This was an important decision that needed to be made ahead of WordPress 6.3 Beta 1, which was supposed to be released today but was delayed to Wednesday, June 28, due to an unrelated issue. The Command Palette will likely be introduced in blog posts, the 6.3 About page, and countless third-party resources so the proposal urgently needed a conclusion.
It’s also to the team’s credit that they didn’t force a fancy marketing name and instead landed on the side of the majority of contributors who were in favor of using clear language. The API for the Command Palette is now public and ready for developers to create their own custom commands. Using a term that is easy to understand and translate will engender more global community buy-in, as 52% of WordPress users run the software in a language other than English.
WordCamp Europe 2023 in Athens attracted more than 2,500 attendees from 94 countries, made possible by 112 organizers and 250 volunteers. The event is now looking forward to 2024, which will be hosted by the Italian WordPress community in Torino, Italy, June 13-15. This modern city is located at the foot of the Alps in northwestern Italy and has more than 2,000 years of history to explore.
WCEU 2024 is calling for organizers who will serve on one of a dozen teams that have been operating for the past few years, including attendee services, budget, design, sales and sponsors, communications, and more.
Those selected to organize will begin planning WCEU in September 2023 and will work with a distributed team on a weekly basis until June 2024.
WCEU 2023 organizers published a transparent account of the various selection processes used for organizers, speakers, media partners, and others involved in the event. The article states that organizers are shortlisted based on their skills, with an effort “to keep gender parity high whilst also selecting people from all available European WordPress communities.” It also states that applicants’ experience and enthusiasm are chief among selection factors but organizers also reach out to encourage underrepresented groups to apply:
During the selection process we don’t have anything that resembles a “positive discrimination†policy, whereby we choose people based on their race, color, background, gender, sexual identity, or any other attribute; we solely chose people based on their stated experience and enthusiasm to be part of the team…
Acknowledging that diversity within the Organizing team is important, we reach out to community groups and members before and during the application process, encouraging people to apply where we have historically seen underrepresentation.
The article concludes with a statement of willingness to modify this selection process if the organization is not able to achieve a diverse lineup:
WordCamp Europe is an iterative event; each year learns from the last and 2024 will be no different. We cannot take for granted that achieving diversity one year guarantees it the next. As a flagship WordCamp event we may need to positively discriminate to achieve gender parity, or fair representation of communities.Â
The call for 2024 organizers does not identify any changes that have been made to the selection process. Prospective organizers will need to fill out the application form highlighting their skills, experience, and desired role.
Do you want to steal keyword ideas from your competitors ethically?
Have you ever wished there was an easy way to fix over optimization on your site and boost search rankings WITHOUT hiring an SEO consultant?
If you’re like me and most other smart website owners, then you have at least wished for this solution a couple of times in your WordPress journey.
Today, I’m excited to release a free WPBeginner tool, Keyword Density Checker, which enables you to check the most optimized keywords on any content or URL, either yours or competitors’ sites.
We built this tool to help you boost your SEO rankings by identifying the right keywords to rank for.
Why Use a Keyword Density Checker?
WPBeginner’s Keyword Density Checker is a powerful online tool that makes it easy to find the most optimized keywords from any content or URL.
The best part is that using this tool is totally free… no signup, installation, or registration is required!
One of the reasons most website owners fail to rank their site on search engines is that it’s not easy to find the right keyword to rank for. Although there are several keyword research tools available on the market, most are either crazy expensive or come with a search limit.
This is why I decided to create an online tool without any search limits and make it free for all WPBeginner readers.
Our free tool reviews your content or website URL and shows you the most optimized keywords from the submitted content to boost your rankings.
It provides you with a list of one word, two word, and three word phrases, ranked by their frequencies and density.
Some of the benefits of our Keyword Density Checker are…
Get 30 highly optimized keywords from every article you submit
Unlimited search for free without any restrictions
It warns you if it finds a keyword with a high-density percentage
Next, submit the URL or content to check the keyword density.
Our tool analyzes the entire content and gives you 30 highly optimized keywords in that content. That is, you’ll get 10 keywords each for a one word phrase, two word phrases, and three word phrases.
You’ll also be shown the total time each of those keywords was used in the content and its density percentage.
It also gives you an overoptimization warning if the tool finds any of those keywords have a high density percentage.
Competitor Analysis with Keyword Density Tool
Ever wondered what keywords your competitors were trying to rank for?
Performing an SEO competitor analysis and extracting the most used keywords from your competitor’s website is one of the cool things you could do with our Keyword Density Tool.
Let’s figure out how to do it.
First of all, list down the top pages from your competitors’ sites that you think are most popular.
Then enter those URLs into our density tool one by one.
With each search, you’ll get a list of 30 keywords that your competitors were trying to rank for. This report tells you what keywords you can potentially focus on when creating new content or optimizing existing ones.
Fix Over Optimization and Boost Your SEO
Over optimization can hurt your search rankings.
In case you’re wondering, over optimization is the practice of adding too many SEO improvements, which eventually leads to backfiring your SEO efforts.
Well-optimized content remains a top ranking factor, but sometimes Google might suspect your site for over optimization, like keyword stuffing. Once you identify the pages that have recently dropped in search rankings and traffic, you’ll need to start de-optimizing those pages.
With Keyword Density Checker, you can identify keywords that are over optimized. We also recommend doing an SEO analysis to discover other SEO errors that could be hurting your SEO.
Perform an SEO Audit Right Within WordPress
If you want to perform an SEO audit right inside your WordPress dashboard, we recommend using the All in One SEO (AIOSEO) WordPress plugin.
Its free plugin comes with all the basic features that help you optimize your site for search engines, including the SEO Analysis tool.
There is also a premium version of AIOSEO that offers advanced features like a redirection manager, schema markup, powerful sitemap tools, and more.
Alternatively, if you’re looking for an online tool that helps you do SEO analysis free of cost, you can take a look at our SEO Analyzer Tool.
Analyze Your Keyword Density Today!
Our Keyword Density Checker is a great tool to help you discover your competitors’ keyword research strategy and fix your content if it’s over optimized.
This is just one of the tools we’ve recently launched. We also launched several other free tools to help small businesses grow and compete with big guys. Here are some of them …
Free Website SEO Analyzer: Audit your site, find critical SEO errors, and create a detailed SEO action plan on how to fix those errors.
If you have ideas on how we can make WPBeginner’s Keyword Density Checker or other tools more helpful for you, then share your thoughts in the comments.
As always, I want to thank you for your continued support of WPBeginner, and we look forward to continue serving you for years to come.
There has always been some confusion and overlap between reusable blocks and patterns. The difference was that reusable blocks can be created and edited in the block editor and then reused in other places – inserted into posts or pages. Block patterns, once inserted, can be edited and are not synced. They give users the ability to apply the same layout to different posts and pages.
Reusable blocks have now been renamed to patterns, with the option to be synced, which offers the same functionality as the former reusable blocks where all instances can be updated at once. Non-synced patterns are just regular patterns – those that can be edited independently of other other instances that have been inserted. These updates are coming in Gutenberg 16.1 and will be included in the upcoming WordPress 6.3 release.
WordPress contributor Aki Hamano posted a diagram to Twitter regarding the renaming, which was confirmed as an accurate representation of the changes.
I am trying to understand about the new naming of "Pattern" in WordPress. I currently understand it as this figure represents, is this correct? pic.twitter.com/WxKFRotB0V
— Aki Hamano / 浜野 哲明 (@tetsuaki_hamano) June 25, 2023
“Clients already find the pattern and reusable block concept very difficult to grasp,” WordPress developer Mark Howells-Mead commented on the pull request for the renaming. “This change will make things much harder for regular users to comprehend.”
Gutenberg contributor Paal Joachim Romdahl commented that it would be helpful to have more time to test this in a few versions of the Gutenberg plugin, as WordPress 6.3 beta 1 is expected this week. Learning materials and documentation will need to be updated with very little notice.
Gutenberg contributor Daniel Richards encouraged contributors to see the change as part of “the great unification,” an effort towards consolidating the many different block types into a single concept and streamlining the content and site editors.
“In the future it might also be possible for template parts to be considered ‘synced patterns’, and at that point things become much more streamlined and there are far fewer concepts for users to grasp,” Gutenberg contributor Daniel Richards said.
“So the hope is that this is a first step on the path to making things easier for users, rather than more difficult. But I do realize that for existing users it’s quite a shift.”
As part of this effort, WordPress 6.3 will also introduce pattern creation in the block editor using the same interface that it previously used for reusable blocks. Pattern creation necessitates having a place for users to view and manage their patterns. WordPress 6.3 will also include a first pass at a Pattern Library inside the Site Editor, which will include both patterns and template parts. Gutenberg designers shared a preview of what this would look like a couple weeks ago:
In May, contributors began a discussion about the concept of partially synced patterns, which Daniel Richards summarized:
Today, when you insert a pattern, the blocks from that pattern are completely decoupled and standalone. There’s no way to tell that those blocks originated from a pattern, especially since they can be edited to no longer resemble the source pattern.
Partially synced mode is different. When a pattern that’s partially synced is inserted, it retains a reference to the source pattern. The blocks within the pattern are locked so that they cannot be removed or reordered and new blocks cannot be inserted (this is called contentOnly locking). Only specific parts of the pattern considered ‘content’ can be edited (denoted by adding __experimentalRole: 'content' to a block’s definition).
When the source pattern is updated, all instances of blocks that reference the source pattern are updated too (much like a reusable block), but the content values the user entered are retained. The best way to think of this is that the user can update the design of a pattern, but doesn’t lose content that exists in templates and posts.
This concept will not make it into the upcoming version of WordPress, as contributors are still discussing one of many complex implementations, but it offers a glimpse of what might be more granular control coming to patterns in the future. Partially synced patterns would bring distinct benefits to many CMS and content design use cases where clients may be editing content.
“I am a site developer for an agency, and am actively making sites for clients using Gutenberg every day,” Eric Michel said. “Probably our biggest pain point right now is that the editor does not handle types of content that are mostly standardized with small content customizations per post – things like contact directories, majors at a university, products in a catalog.
“For us, the absolute dream scenario is what you are proposing, except with the inclusion of the ability to alter the primary template and have all of the pages that use that template automatically change as well.”
The discussion on making partially synced patterns possible continues in search of an implementation that will ensure users don’t modify the patterns in ways that destroy the ability to display the retained content. WordPress 6.3 will ship with synced and non-synced pattern options, and partially synced patterns may land further down the road in a future release.
Really Simple SSL, a popular plugin used on more than five million sites for installing SSL certificates, handling website migrations, mixed content, redirects, and security headers, has added a new feature in its most recent major update.
Version 7.0.0 introduces vulnerability detection as part of a partnership with WP Vulnerability, an open source, free API created by Javier Casares with contributions from other open source, freely available databases. Once enabled, it notifies users if a vulnerability is found and suggests actions.
“Really Simple SSL mirrors the free database with its own instance to secure stability and deliverability, but of course provides the origin database with an API to enrich, or improve its current data,” Really Simple Plugins developer Aert Hulsebos said.
The new vulnerability detection feature is not enabled by default, so users will need to enable it in the settings. A modal will pop up where users can configure their notifications and run the first scan.
When emailed about a vulnerability users can manually respond with an action or set the plugin to automatically force an update (when available) after 24 hours of no response. There are other automated actions the plugin can take based on how users configure the Measures section of the settings.
For the past several years Really Simple SSL has been providing SSL certificate configuration and installation via Let’s Encrypt as a first pass at securing WordPress sites. To finance this for the free users, the plugin also has a Pro version that handles Security Headers, such as Content Security Policies, which are highly complex for most and not easily configured.
“We figured that with our reach we could impact security on the web as a whole, by adding features in order of impact on security,” Hulsebos said. “So vulnerabilities, after hardening features specific to WordPress, was next.Â
“The nature of our partnership with Javier and WP Vulnerability is sponsoring the efforts of WP Vulnerability and appointing a security consultant ourselves to this open-source effort to improve, and moderate the open-source database daily. WP Vulnerability does not compensate us, nor does it have a stake in Really Simple SSL. Vulnerability detection is available for everyone and always will be.”
Because Really Simple SSL started as a lightweight SSL plugin, Hulsebos said they have taken a modular approach to minimize impact on users who only want or need certain features. Following the launch of the new vulnerability detection feature, the plugin’s authors plan to add login security with 2FA to better secure authentication on WordPress sites.
︎
