WP Engine has launched an annual survey for Advanced Custom Fields (ACF), one of the plugins it acquired from Delicious Brains in 2022. ACF reports more than 4.5 million active users, including PRO site installs, and WP Engine Product Manager Iain Poulson reports that the plugin is “growing in every way since the acquisition.” ACF has added more users, features, and releases, along with community building efforts like bi-weekly office hours.
This is the first time ACF has surveyed its user base about how they are building sites with WordPress and what can be improved. The survey starts with questions about the contexts in which professionals are using ACF and the volume and types of sites they are building. Respondents are asked about how they edit their sites, the type of license they are using, how often the reach for ACF in their toolbox, and which ACF features they use most often (i.e. REST API, ACF Blocks, Options pages, ACF Forms, Post Types Registration, etc.).
The survey is on the lengthier side with an estimated 15 minutes to complete. As ACF is a critical and indispensable part of many WordPress developers’ workflow, helping to shape its future development may be worth the time. WP Engine has also added a few questions that may only be tangentially related to ACF, such as where users are hosting their WordPress sites and what they use for local development.
“It’s our primary method for gathering insights and feedback from the WP community on what they would like to see in ACF,” WP Engine Product Marketing Manager Rob Stinson said. He also related the importance of previous customer feedback that helped ACF’s team plan and implement features like registering CPTs and Taxonomies (v6.1).
“In the near term, we’re working on bringing a UI to register Options Pages which is a PRO plugin feature, some long requested features like bi-directional relationship fields and improvements to conditional logic rules for taxonomy fields,” Poulson said. “We will also be focussing a release on more ACF Blocks features and improvements. The survey won’t likely change those planned features, and the initial results are validating our planned work on ACF Blocks.”
The survey ends May 19, 2023, and WP Engine plans to publish an aggregated and anonymized version of the results soon after the data is collected.
Essential Addons for Elementor, a plugin with more than a million active installs, has patched an unauthenticated privilege escalation vulnerability in version 5.7.2. The vulnerability was discovered on May 8, 2023, and reported by Patchstack researcher Rafie Muhammad. It was given a 9.8 (Critical severity) CVSS 3.1 score and is not yet known to have been exploited.
Muhammad outlined the vulnerability in a security advisory published today:
This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site.
It is possible to reset the password of any user as long as we know their username thus being able to reset the password of the administrator and login on their account. This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user.
The plugin’s authors published the patch today, on May 11, with the following note in the changelog:
5.7.2 – 11/05/2023 Improved: EA Login/Register Form for Security Enhancement Few minor bug fixes & improvements
The vulnerability affects sites using versions 5.4.0 to 5.7.1 of Essential Addons for Elementor. Users are advised to update to the latest version 5.7.2 immediately now that Patchstack has published the proof of concept for exploiting it.
WordCamp US 2023, which is being held August 23-25 in National Harbor, has opened its call for speaker applications. If financial considerations are preventing anyone from applying, there are scholarships and grants available to help cover travel expenses. WCUS is now accepting applications for the Kim Parsell Memorial Scholarship for travel. This particular scholarship applies to anyone who is a WordPress contributor, identifies as a women, has never attended WCUS, and requires financial assistance to attend.
In the interest of promoting a more diverse pool of speakers, MasterWP has launched its travel grant program for WCUS that will support a larger number of applicants. The program will provide more than $10,000 in grants for members of underrepresented groups who are accepted to speak at the event. Those who are selected will receive at least $1,000 towards their travel expenses.
In 2022, the program paid for seven speakers and organizers from underrepresented groups attending WCUS in San Diego. This year MasterWP is aiming to support more speakers and has already received contributions from AccessiCart, Nexcess, Paid Memberships Pro, The WP Minute, and UnlimitedWP towards the fund. They are still accepting corporate grant partners and 100% of funds contributed go directly to the grant recipients.
In recent years, flagship WordCamps have stepped up their work towards diversifying their speaker lineups, as the community has held organizers’ feet to the fire when events failed to recruit a diverse selection. WordCamp Europe has come under scrutiny once again this year for its response to criticism about the lack of diversity in its early speaker announcements. The event has a speaker support program that connects speakers to companies for financial support but is not involved in the selection process.
So far only 25% of the speakers announced for #WCEU are women (by name/photo), and only three appear to be non-white. Hoping to see some more inclusion in the next few rounds of announcements.
“If we want to build WordPress for the next generation, we need to be inclusive,” StellarWP director of community engagement and WP Speakers project creator Michelle Frechette said.
“The next generation is already demanding it. Inclusion is the future. Without it we are irrelevant.”
MasterWP’s travel grant program was created as an independent initiative and is not affiliated with WordCamp or The WordPress Foundation. A growing dissatisfaction with speaker diversity at WordCamps has led WordPress companies to create their own means of supporting the diversity they hope to see at events.
“My conversations with leaders at several major companies led me to believe that many well-meaning, friendly and progressive people simply do not understand that some people cannot afford to participate in the career-growth opportunity of attending a major WordCamp – a similar dynamic to the unfairness of unpaid internships,” MasterWP publisher Rob Howard said in a recap of the 2022 program.
“Since diversity is fundamentally an economic issue, improving it requires economic change. The travel sponsorship is a small economic change that has already made a big impact.”Â
The WordPress Themes Directory is now hosting more than 300 block themes, a milestone for the dedicated theme developers who have persevered through the growing pains and evolution of block theming. WP Engine is one of the newest theme authors who helped put the directory over the 300 mark with its submission of Frost.
With its clean, minimal design, 36 patterns, and impeccable attention to detail on block styles, Frost is positioned to quickly become another blockbuster multipurpose theme. It already has more than 1,000 users as it has been in testing for awhile before landing in the official directory.
Frost’s typography features Outfit, a geometric sans-serif font, for both header and paragraph text.
The default color scheme is black and white with a vibrant blue accent color but Frost comes with eight different style variations. Frost designer Brian Gardner showcases a few in the tweet below, with Gutenberg’s full-screen previews for styles.
Feast your eyes on the latest Style Variations setting in the Site Editor, now with full-screen previews. It's currently in Gutenberg and will likely make its grand entrance in #WordPress 6.3! pic.twitter.com/r7r20GjcdS
When first installing the theme on a new WordPress site, clicking Customize takes the user to the Site Editor with the homepage template pre-filled so there’s no guesswork involved. Users can immediately start customizing any of the included templates. Frost packages all the usual ones – 404, archive, home, index, page, search, and single, but also includes a blank template and a “no title” template to help users with content that works better without the requirement of a title.
Frost includes 36 patterns for building everything from pricing tables to portfolios, calls-to-action, testimonials, a grid of team members, various heroes, feature boxes, and more. Many of them have dark and light variations.
There are also four full-page layouts that users can insert to build pages and launch websites faster, including About, Pricing, Home, and Links pages.
Frost could easily be used for building agency websites, portfolios, business, sites, and more. It’s easy to see developers using it as a starter for multiple projects given its minimal design. If website builders are looking for an even more minimalist starting point, Gardner’s Powder theme is a stripped down fork of Frost.
Check out the Frost theme on its own website at frostwp.com, which includes examples of all the patterns, layouts, styles, documentation, and more. Frost is available to download for free from WordPress.org.
WooCommerce 7.7.0 was released this week with Multichannel Marketing now out of beta. This is the first thing store owners see when they visit the Marketing page in the dashboard. It allows users to connect additional sales channels, such as Google, Amazon, and eBay, and automatically manage inventory across storefronts.
This addition makes WooCommerce more competitive with platforms like Shopify Plus. Merchants can connect different channels to the store by installing plugins. WooCommerce has documentation, including a quick start guide, for configuring Multichannel Marketing.
Version 7.7.0 also introduces updated shopper notices with new, more consistent styles for Snackbar lists and Notice banners. More details on targeting the new CSS selectors is in the release post.
A few other highlights in this release include the following:
New Product Reviews block that can be inserted on the Single Product template
More customization options for Add to Cart button
Expanded Mini Cart block customization options
New option to “Upgrade to Blockified Single Product template†from a classic template
Check out the 7.7.0 release post to see all the new filters and template changes.
WooCommerce is also running its 2023 twice yearly Developer Survey. The survey was designed to capture confidential feedback from developers who build on the WooCommerce platform in order to better understand their needs and make improvements.
WordPress’ Community Team hailed a new era of WordCamps in its recent announcement outlining a significant shift in the purpose for the events.
In the past, WordCamps have had a mostly predictable format of presenting inspirational talks on exciting things people are doing with WordPress, business topics, and the latest trends, with short networking opportunities and a contributor day appended to the event.
“Connection, inspiration, and contribution are undeniably important to WordPressers,” Automattic-sponsored WordPress community organizer Angela Jin said. “However, as events have returned, communities see that people are much more selective about what events they attend and want to know what they will gain by participating.”Â
After the pandemic, the number of WordCamps dwindled to a fraction of what they had been, as different areas of the world grappled with their own unique public health situations. The Community Team had loosened some of the requirements for WordCamps in order to foster a more welcoming environment for people to want to host in-person events.
In an effort to modernize these gatherings moving forward, the team has proposed the following update to the purpose of WordPress events:
WordPress events spark innovation and adoption by way of accessible training and networking for users, builders, designers, and extenders. We celebrate community by accelerating 21st-century skills, professional opportunities, and partnerships for WordPressers of today and tomorrow.
Jin said she hopes a “period of innovation and experimentation will follow this critical shift in the purpose of our events” where events will be curated for more narrow audiences and have a focus on a specific type of content or topic.
This shift also opens the door for more varied event formats, such as workshops, unconferences, job fairs, and pure networking events – which would have definitively been outside the traditional WordCamps of old and not officially supported by the project.
Jin emphasized that WordPress will continue encouraging local meetups. Currently planned WordCamps (there are currently 14 on the schedule for 2023) can continue as before but new WordCamp applicants will be encouraged to experiment with new formats.
“Flagships (WordCamp US, WordCamp Europe, WordCamp Asia): These will remain our largest, broadest event that fully capitalizes on the energy of a large crowd,” Jin said. “They will be the place to highlight the latest, greatest, and coolest in WordPress and where we are going.”Â
Reactions to the change in the purpose of WordCamp have been mostly positive but the community has some questions about how it will work. David Bisset, who helped run WordCamp Miami for over a decade, asks how this will impact smaller communities:
I certainly would love to see more formats being tried, more standout content, etc. However, I’m trying to view this from a local and smaller WordCamp organizer mindset – what if I have a varied community and therefore a varied audience? Will having a particular audience in mind in setting content and promoting local WordCamps unknowingly not attract a more diverse audience? Many people come to conferences and WordCamps for certain talks and speakers and stay around for the rest.
WordPress plugin developer David McCan commented that the new purpose statement reads more like educating and preparing a workforce in contrast to how WordCamps previously leaned towards empowering volunteers.
Participants in the discussion are heavily in favor of giving more freedom to event organizers, but many have had irreplaceable experiences at WordCamps in their current format that they are reluctant to see it go. WordPress developer and contributor Ross Wintle commented that he hoped the change in purpose would not diminish the diversity at WordCamps.
“While I think there’s some value in focussing on an audience, please don’t throw out the current WordCamps,” Wintle said. “I genuinely believe that one of the best things about these events is that I get to experience the diversity of the WordPress community and see the many, many different ways that WordPress is used, extended and developed for, and I get to meet the many, many talented people from across the spectrum of contribution who possess ideas, skills and experiences that I do not.
“I’ve met so many amazing people who have different roles in WordPress, and I think the value of this is far higher than sitting in my bubble with the people that do the same things as me.”
“To my mind, this kind of change (affecting the entire WordPress community and apparently effective immediately) is something that would make sense to discuss at the Community Summit,” Reed said. “As that ship has sailed, I’d like to at least see the discussion that led to it.”
Jin has not yet responded to these questions but said in the announcement that as event organizers experiment with different formats for WordCamps, “the community team can reevaluate our full events program and how events coexist happily.”
Do you want to write captivating headlines that boost traffic?
Have you ever wished there was an EASY tool that helps everyone write great headlines regardless of their skill set or having to hire an elite copywriter?
If you’re like me and most other smart website owners, then you have at least wished for this solution a couple of times in your WordPress journey.
Today, I’m excited to release a free WPBeginner tool, Headline Analyzer, which enables you to write irresistible headlines that your users can’t help but click.
We built this tool because we believe headlines are the single most important factor that can make or break your content.
With our tool, we want to empower all bloggers and website owners to write great headlines so they can compete with the big guys and drive more traffic.
And it is a FREE tool… no signup or registration is required!
One of the reasons most people fail to make their headlines compelling is that there is no clear-cut way to write one. This is why I decided to build a headline analyzer at WPBeginner.
Backed by data, our free tool reviews your headlines and provides suggestions to help you earn the highest number of click-throughs.
To analyze your title, the headline checker considers a few different factors, including word balance, power words, headline sentiment, headline type, word count, and more.
Some of the benefits of our title analyzer include…
It analyzes your headline and grades it on a scale of 1-100
You can refine your title until you get a great score
Why Writing Great Headlines is Important?
Did you know 4 out 5 people will NEVER click through to read your articles?
That means even if your site gets on the first page of Google for relevant keywords, only a minority of your target audience will visit your website.
Fortunately, there is an easy way to improve your chances of driving more visitors to your site… and that is by writing a click-worthy headline.
A click-worthy headline can mean the difference between the search results your users will notice and click on Google – and the search results they’ll skip right over.
With WPBeginner’s Headline Analyzer, it takes less than 2 minutes to write a perfect title for your content… and you don’t have to be an SEO or copywriting guru to do so.
Next, type in your headline in the search bar and click Analyze.
Backed by data, our tool analyzes your headline, grades it on a scale of 1-100, and offers suggestions to improve it.
You can then follow those recommendations and re-analyze your title to see if it improves your score. Then you can repeat the process until you get a great score. The general rule of thumb is to aim for a score of 70+.
To get the best results from the analyzer, follow the below recommended practices.
Always Come Up with Multiple Headline Ideas
It is recommended to come up with around 3 to 5 headlines for your content. When you brainstorm multiple headline ideas, you’re more likely to think out of the box, which in turn helps you create great headlines.
After the analysis, you can pick the one that has a better score and then refine it until it gets a better score.
Choose the Optimal Length for Your Titles
Choosing the optimal length for your titles is important. If it is too lengthy, it might get cut off from Google Search results, email inbox, social media feeds, and so on.
Generally speaking, too short headlines fail to incite curiosity, leading to a drop in click-throughs.
Most WordPress SEO plugins and tools recommend keeping the number of characters under 60 to ensure the title fits in the search snippet and other marketing channels.
Improve Your Workflow with Headline Analyzer
Want to get the headline analyzer inside the WordPress post editor?
As AI-powered technology is rapidly evolving to exponentially extend human capabilities, WordPress contributors do not want the platform to get left behind. AI-powered website creation could even become a threat to its existence, more than a competing CMS, if WordPress doesn’t ensure the platform is easily pluggable for AI-powered extensions. A new discussion on the Core developer’s blog asks what WordPress can do to better enable AI innovation.
“WordPress Core always seeks to provide a stable foundation for folks to build upon directly and extend as they see fit,” Automattic-sponsored core contributor Anne McCarthy said. “Even if a new technology is not actually included in Core, the project aims to enable innovation and progress through extension (plugins, themes, etc.) wherever possible and sensible.”
McCarthy shared a video of what it might look like to have AI integrated into Gutenberg’s experimental command center to build out pages based on AI-suggested designs. She asked three questions of contributors:
How would you want to see Core updated so it can be extended in ways accessible to AI technologies?
For those building, or trying to build, with AI today, how does Core currently enable or hinder this effort?
Are there any concerns that you think the community should be aware of as this space is explored?
WordPress co-founder Matt Mullenweg is optimistic about the prospect of further integrating AI into open source development.
“In 2015 I told you to learn Javascript deeply,” Mullenweg said last month in the Post Status Slack. “I don’t have a catchy phrase yet, but my message for 2023 will be to spend as much time leveraging AI as possible. The boosts to productivity and capability are amazing. This is not a web3/crypto/widgets hype cycle. It’s real.”
Mullenweg also encouraged WordPress professionals to consider how AI and open source can work together.
“Open source and AI are the two mega-trends of the next 30 years,” he said. “They complement each other, and you should think deeply about how. ChatGPT can’t ready Shopify’s code.”
StellarWP-sponsored contributor Matt Cromwell commented on the latest core discussion, suggesting that AI innovation is better left to plugin developers.
“All AI options currently require integration with a 3rd party system, some sort of pricing and authentication, this feels to me to clearly be plugin territory,” Cromwell said.
“The other concern here is that the current Core roadmap is very full. At what cost would the project chase an AI integration? At the expense of multi-editing collaboration features? At the expense of multi-lingual features? I find it hard to imagine pursuing the current roadmap with excellence and stability AND adding a huge AI integration as well.”
Bluehost-sponsored contributor Jonathan Desrosiers, one of the reviewers of the post, clarified that the intention was to “fuel discussion around what AI looks like in the WordPress ecosystem and how that may be blocked currently.”
“As you said, the roadmap is definitely full and adding new things should not be done unless there are extremely compelling reasons,” Desrosiers said. “But, if there are small “paper cut†changes that can be made in Core (new filter or action hooks, etc.) to allow plugins to better experiment and flesh out AI integrations in the WordPress world, I think that we certainly should consider these.”
Cromwell suggested WordPress could add a settings panel for integrating various API’s, such as payment gateways and OpenAI API keys, to prevent conflicts and streamline API usage across multiple plugins.
Rob Glidden proposed that contributors consider the possibility of having AI chatbots as a user type for the future collaboration workflow inside WordPress:
I would suggest looking at AI chatbots as (“just anotherâ€) user type in the upcoming Phase 3 of collaboration/workflow.
I for one want an AI chatbot on my multiuser collaboration team in a phase 3 WordPress.
In the multiuser collaborative workflows already described in “Phase 3 Collaboration†it seems like basically the same infrastructure should work for both human users and AI “usersâ€.
Indeed, it is not a huge stretch in reading that document to think of “usersâ€, “collaboratorsâ€, and “creators†as also being bot-ish users, assigned and performing tasks within a workflow.
CodeWP-sponsored contributor James LePage echoed Cromwell’s concerns that focusing too much on integrating AI might make WordPress less competitive on the features that have already been identified for Gutenberg’s Phase 3 roadmap:
As some others said here, as a WP user, I’d much prefer a really strong focus on the existing Phase 3 roadmap items as I think it would make our CMS a lot more valuable and competitive to other tools out there, as opposed to integrating AI somehow.
One other thing is that there aren’t really any standards here. There are large players, but they keep changing the way their AI works, and probably will continue to do so. We’d be trying to hit a moving target.
As much as WordPress contributors are spread thin across the project’s current Gutenberg roadmap of goals and improvements, you don’t get to choose when new technology is bearing down on your industry, forcing you to act or become obsolete. The WordPress community has built a robust plugin ecosystem, but leaving it all to third-party integrations may not be enough to keep the software relevant in the coming years. Ensuring that WordPress is compatible with the future of AI-powered innovation is critical if contributors want the platform to continue to be the best CMS and website builder available on the web.
Advanced Custom Fields (ACF) has patched a reflected XSS vulnerability that affects versions 6.1.5Â and below of ACF and ACF Pro, potentially impacting more than 2+ million users. It was discovered by Patchstack researcher Rafie Muhammad in February 2023, and patched by ACF developers in version 6.1.6 in April.
This vulnerability allows any unauthenticated user to steal sensitive information for, in this case, privilege escalation on the WordPress site by tricking a privileged user to visit the crafted URL path.Â
The vulnerability was given a high severity CVSS score of 3.1. Muhammad outlined a proof of concept in the security bulletin. At this time, the vulnerability is not known to have been exploited. ACF free and ACF Pro users should update to the latest 6.1.6 version of the plugin as soon as possible.
Gutenberg 15.7 was released this week, adding Site Logo upload and replacement from the inspector controls sidebar. This feature is still available in the block toolbar but it feels like a natural addition to the inspector, as it was previously available in a similar fashion in the Customizer. Here users can easily adjust the logo width and set whether the image links to home, opens in a new tab, and more.
Version 15.7 changed the behavior of the top toolbar fixed setting to address a few issues outlined by Gutenberg lead architect Matias Ventura.
“The top toolbar has stagnated a bit while the feature set of the editor has evolved,” Ventura said. He identified the two most important issues this design change solves – the lack of a parent selector for nested blocks and the overall increase in the editor’s UI footprint. The toolbar has been updated in the following ways:
updates on desktop sized viewports the position of the fixed toolbar
updates the z-index of the interface header to be lower to that block toolbar shows up on top
implements a toggle expanded/collapsed for block contextual toolbar
This change will require feedback from Gutenberg plugin users, as feedback among contributors has been mixed so far. WordPress core committer and accessibility contributor Andrea Fercia weighed in on the PR, suggesting it requires more testing:
A11y-wise there are more issues with this implementation at the point that I wouldn’t know where to start. Some quick testing with the keyboard surfaces only some of the most evident ones. I’d encourage everyone to test this new UI with the keyboard first to get an idea of the main issues so that we can continue the conversation with some more context.
On top of keyboard navigation, there are other issues related to the NavigableToolbar ARIA toolbar usage, placement of elements in the DOM, usage of the icons, etc.
If you have been following the progress on the experimental Command Center, introduced in version 15.6 as a quick search for jumping to other pages or templates, the design has been updated to match new mockups. Users will notice subtle differences, like tweaks to the radius and borders, icons for each command, and results only available when the input is not empty.
A few other highlights from version 15.7 include the following:
Duotone filter controls added to block sidebar (Prior to this change, the only place to edit the duotone filters was on a block level.)
Fluid typography updated to scale large fonts down for smaller screens using a logarithmic scale factor to calculate a minimum font size
Image placeholders now show custom borders
Template pattern suggestion modal now uses a masonry layout
Check out the Gutenberg 15.7 release post and changelog for more details on all the changes in tooling, code quality, performance, accessibility, documentation, and more.
