The Mercantile, WordPress’ official swag store, was closed for updates but has relaunched with the highly anticipated limited edition 20th anniversary swag.
In celebration of the milestone, the store has added an array of keepsakes, including sweatshirts, pennants, a “Code is Poetry” t-shirt, stainless steel tumbler, pet bandana, commemorative sticker sheets, and more. What WordPress swag collector can pass up the WP20 Wapuu keychain?
Unlike years past, where the swag store seemed like its own separate site, this relaunch makes the store a more natural part of the WordPress project’s website. It runs on WooCommerce and shares the same updated design as the rest of WordPress.org with the vibrant blue that has made its way into the 20th anniversary logos.
The limited edition swag is available while supplies last. Unfortunately, international shipping rates are hefty, a complaint the store has received for years. It makes it cost-prohibitive to order a single t-shirt or sweatshirt outside the U.S. when the shipping costs twice as much or more than the product. Hopefully, this year’s docket of WordCamp events will provide other avenues for distributing 20th anniversary swag to WordPress’ global community through well-stocked pop-up shops.
The Admin Menu Tree Page View plugin, which adds a tree-view layout of content in the WordPress admin, has been refactored to support more content types. The plugin is an admin utility similar to Hierarchy or the commercial OrganizeWP plugin that reworks the CMS to show content in one place, but it offers a simpler set of features for free with no ads or upsells. These types of plugins are valuable tools on larger, CMS-heavy WordPress sites.
Previously, the Admin Menu Tree Page View plugin focused on pages, allowing users to better visualize the page hierarchy/tree structure, add pages directly after or inside another post, and easily reorder pages via drag and drop.
Version 2.8 adds support for all public post types – posts, pages, and custom post types, which was a long requested feature. The plugin’s author, WordPress developer Ciprian Popescu, said adding more post types made the dashboard menu unmanageable and the backend slow, requiring him to update the plugin to us a top-level menu page.
“The solution here was to move the pages to a top level menu page,” Popescu said. “This increased the ‘one click away’ feature to ‘two clicks away,’ which is not a bad trade-off in my opinion, especially when all public post types are now available in a hierarchical tree layout. Having a separate page now removed the need for collapsing the child <ul> elements, as the purpose of this plugin is to quickly see all your pages in a bird’s eye view manner.”
Version 2.8 also removes some redundant features, cookies, and JavaScript resources, as the expand/collapse functionality is no longer necessary. Next on the roadmap for future releases Popescu is working on adding caching for post types, removing the jQuery and jQueryUI dependency, and improving dragging and dropping to work inside child elements.
More than 6,000 people are attending CloudFest in Europa-Park, Germany, this week. A strong contingent of WordPress developers and contributors are among them. During the Hackathon portion of the event, web professionals gather for a friendly competition, tackling problems for existing not-for-profit, OSS projects, creating solutions with a concentrated effort at a quicker pace than remote collaboration usually allows.
Automattic engineer Daniel Bachhuber published a preview of the in-browser WordPress development environment enabled by an experimental VS Code extension that uses WebAssembly to run WordPress entirely in the browser.
“Forget spending hours setting up a local development environment at your next Contributor Day,” Bachhuber said. “Simply install the WordPress Playground VS Code extension, run ‘Launch WordPress Playground’ from the command launcher, and you’ll have a fully mostly functional WordPress installation right inside your editor.”
Bachhuber emphasized that the extension was built for demonstration purposes but is available on GitHub for anyone who wants to contribute or report bugs. A more in-depth tour of the extension is available on Automattic’s developer blog.
In addition to the VS code previewer for WordPress plugins, the Hackathon team working with WordPress Playground is also experimenting with using the block editor in the browser and working with the Terminal and PHP, wp-cli, and PHPUnit – all in the browser.
The WapuuGotchi project, which aims to gamify WordPress with a customizable Wapuu, notifications, and rewards, has its own Twitter account and website where those interested can follow along with their progress.
“The audience was captivated as we demonstrated the customizable Wapuu assistant, which can be tailored to suit individual preferences by selecting unique outfits and accessories,” WapuuGotchi design contributor Dennis Hipp said.
“We also highlighted WapuuGotchi’s backend interaction capabilities, showing how it can guide users through updates, provide helpful tips, and offer reminders for important tasks. The presentation concluded with an invitation for Plugin authors to collaborate with us and integrate their Plugins into the WapuuGotchi ecosystem.”
The Wappspector project, which aims to create a CLI utility to analyze the file structure of a web hosting server and identify the frameworks and CMS used in the websites hosted on it, made significant progress during the Hackathon. The app added seven more CMS identifiers and will soon be ready for testing on control panels. The app focuses on CMS and e-commerce applications but will also have an extendable mechanism allowing hosting providers to customize it to suit their needs.
CloudFest 2023 added a new WordPress Day, dedicated to helping internet infrastructure professionals learn more about WordPress’s footprint and ecosystem, and hear from some of the top WordPress plugin developers and security experts. The event was held earlier today on March 20, and featured 12 sessions on WordPress.
Wapuu lovers who are looking for a relaxing weekend activity will want to check out WordPress’ recently launched Wapuu Coloring Giveaway. The challenge is to style your own 20th anniversary party Wapuu using crayons, markers, colored pencils, pastels, or even digital drawing tools.
Three random entries will be selected (which is why it’s called a giveaway and not a contest) to receive limited edition swag:
You have a chance to win one of three WP20 Swag Kits, complete with a variety of unique anniversary goods. From lapel pins to stickers, and some surprise mystery items, they’ll be a memorable collection for this milestone moment in WordPress history.Â
Participants will need to download the Wapuu coloring set, which comes in different file types (.pdf, .png, .svg, and .ai). Finished wapuu coloring creations can be shared on Twitter using the #WapuuWP20 hashtag to enter the giveaway. So far there are just a handful of party wapuus that have been submitted via Twitter, but email is another option if you want to send it privately or don’t have a Twitter account.
Long way from the Himalayan kingdom Bhutan, the land of gross national happiness with a population of 700,000 plus, would like to congratulate WordPress Communities worldwide in advance for our upcoming huge celebration on making it to the 20TH WordPress Anniversary. #WapuuWP20pic.twitter.com/Ml1Wz7m8nx
— Ugyen Dorji Organizing #WCAsia (@ugyendzodorji) March 16, 2023
Entrants must be 18 years old to win, but the coloring page is fun for kids even if they won’t have the chance to win swag. WordPress will celebrate its 20th anniversary on May 27, but the deadline to submit wapuu creations is April 17, 2023, at 03:59 UTC. Winners will be contacted via Twitter or email.
Equalize Digital, a WordPress accessibility products and consulting company, has received an undisclosed amount of pre-seed funding from Emilia Capital, the investment company owned by Joost de Valk and Marieke van de Rakt. The investment will be used to accelerate the growth of Equalize Digital’s Accessibility Checker plugin, a tool for auditing websites for WCAG, ADA, and Section 508 accessibility errors.
Emilia Capital now owns part of the company, although its owners were not given seats on the board. Equalize Digital founder and CEO Amber Hinds said they will be serving as advisors and playing a role in strategic planning, especially around marketing and plugin development.
The Accessibility Checker plugin currently has approximately 2,000 active installs, according to WordPress.org stats, and the commercial upgrades make up a small percentage of Equalize Digital’s current revenue.
“We built the initial MVP in 2020 with an SBA loan and since then the plugin has been bootstrapped by profits from the service side of our business,” Hinds said. “My partner Steve and I have been splitting our time between client work and working on the plugin.
“We decided to bring on an investor because our ultimate goal is for the product to make up a significant portion of our revenue. It’s challenging to rapidly grow a product that isn’t yet self-sustaining, hence seeking investors. The funds will allow us to have full-time team members building new features, and also further invest in marketing, education, and sales than was possible while we were bootstrapping.”
Hinds said the features her team is targeting are aimed at making the plugin a more competitive accessibility auditing tool when compared with other existing SaaS solutions.
“Our focus right now is making our reports easier to understand by less technical users,” Hinds said. “The next major release with be a feature that allows people to click a button and highlight elements on the front end of the website, which will make it easier to find the element flagging the issue without having to interpret a code snippet.
“Other features that we have on the road map include scanning and reporting on archive pages for posts and taxonomies, improved scanning of non-English sites, and the ability for accessibility testers to log issues found during manual accessibility audits.”
Hinds said she was encouraged by the findings in the recent Admin Bar survey of WordPress professionals, which showed that 76.9% report they are striving for best practices when it comes to website accessibility, a significant increase from the previous year. With the new investment, Equalize Digital will be able to do more marketing to increase awareness and adoption of its tools.
“Ultimately I would like to see accessibility being considered during website builds in the same way that SEO is, and we’re hoping that our plugin will central to that,” Hinds said. “It’s why the free version of our plugin is much more full-featured than similar plugins. Other accessibility tools are prohibitively expensive for small businesses and bloggers. We’re aiming to build a tool that makes accessibility testing available to everyone.”
WP Engine’s Local development app has released version 6.7.0 with Site Grouping, a highly requested feature that will greatly improve users’ workflows. It allows users to create custom groups in the sidebar of the Local dashboard page for better organization of their sites.
Local users have been asking for this feature since 2017, as many are managing dozens of WordPress sites. In June 2022, the Local development team began designing and then building the feature a couple months later, incorporating feedback from user interviews and usability testing.
In the new Site Grouping feature, sites can be easily dragged between groups and groups can be reordered up or down, as illustrated in the release notes.
Another handy feature released with Site Grouping is the ability to start, stop, restart, or delete all the sites in a group from the context menu (the three dots to the right of the group name). Sites can also be sorted by how recently they were used via the clock icon at the top of the groups sidebar.
WP Migrate, formerly known as WP Migrate DB and recently acquired by WP Engine, introduced full-site exports and imports to Local in January 2023. Local version 6.7.0 improves imports from WP Migrate so that they auto-select the PHP, web server, and database version closest to the production environment if Local offers the same major/minor version.
This release also includes several bug fixes with Local importing or pulling to an existing site, where the site’s existing settings or environment were not applied. If you experienced this bug, make sure to update to the latest 6.7.0 release before attempting more imports.
WooCommerce 7.5.0 was released this week with three new blocks for the Product Archive templates. These include a new Store Breadcrumb block, Product Results Count block, and a Catalog Sorting block, all seen in action below.
These blocks were released as part of an effort to “blockify” Product Archive templates so that they can more easily be customized with a block experience.
“We also want to account for the extensibility within this project by researching the mechanism for extensions to extend the templates and implementing a compatibility layer to keep as many extensions as possible working with blockified templates while giving time for extension developers to update and blockify their extensions,” WooCommerce engineer Tung Du said.
This project also includes support for a Notices block so merchants can display store notices to customers as well as determine where they appear.
WooCommerce 7.5.0 has expanded support for Global Styles, so that the Product Button, Product Rating, and Product Price blocks can now be customized more easily in the Site Editor. The Product Rating block now supports padding controls in Global Styles so that store owners can add more spacing around the blocks.
This release also brings in expanded support for the Style Book, which has been available since the WooCommerce Blocks 9.5.0 release. The Featured Product and Featured Category blocks can now be previewed in the Style Book and have Global Style changes applied.
WooCommerce 7.5.0 includes two database updates, 278 commits to WooCommerce Core, and rolls in 170 commits from the WooCommerce Blocks plugin.
Gutenberg 15.3 was released this week with a new “Time to Read” block that calculates the estimated reading time for the post or page using the same method that appears in the details panel. The block displays this information on the frontend wherever it is inserted.
This is the first iteration of the Time to Read block, so it isn’t very customizable yet. Although users can add custom CSS to the block, it only includes alignment controls right now. The block needs Typography controls and more options for customizing its appearance to be consistent with other core blocks.
In 15.3 Duotone filters have been reworked in several ways to make them more portable across themes. Previously, duotone settings were stored as an array of colors. This has been changed so that duotone presets are stored as slugs, making the color swatches available when a user changes themes.
Another change for Duotone filters in this release is the ability to set them globally inside the Site Editor’s Styles panel.
The Site Editor also received several improvements to make the design more clear and consistent, updating the designs for the edit button and the add template modal, and cleaning up the template details popover, among other small changes.
Check out the 15.3 changelog for the full rundown of all the enhancements, bug fixes, and accessibility and performance improvements.
WordPress 6.2 RC 2 was released today on schedule. The new Navigation section in the Site Editor was dropped from the upcoming release in a somewhat unusual turn of events this late in the release cycle. The feature will remain in the Gutenberg plugin and will be iterated on for a future core release. Users will still be able to manage their menus within the block settings of the Navigation block.
The Navigation section was added in Gutenberg 15.1, the last release to be rolled into 6.2, and the one with the least amount of time to be tested.
“After being added and as the beta cycle continued, various bugs and refinements started adding up,” Editor Triage Co-Lead Anne McCarthy said. “In particular, the top pain points revolved around which menu appears (and how to change it), needing a better description of what this newer section did, and improving the general experience of adding links from that section.”
McCarthy published a video showing what has been removed:
The conversation leading to this decision was spread across many PRs, issues, and Slack conversations, so it became difficult to track. McCarthy cited a dozen of the related issues and PR’s, including page links being buried in the inserter, confusion around which menu is pulled into the panel, and many other loose ends that do not provide a good experience for users.
 “Even with trying to lock the experience further down, bugs continued to pop up and the experience isn’t polished enough to move forward with,” she said. “This led to a decision amongst Core Editor Tech, Core Editor Triage, and the Design lead ahead of WordPress 6.2 RC 2 to remove that was then shared with the wider release squad.”
The PR to remove the feature was merged 13 hours ago and now the navigation panel will only be visible if using the Gutenberg plugin. Anyone who is creating documentation or educational resources for WordPress should be aware that those related to the navigation panel may need to be udpated.
WordPress 6.2 is now just two weeks away from being released on March 28, 2023. Testing and translation are still needed to ensure the official release will be ready for the world of WordPress users.
Patchstack, a WordPress security maintenance and management tool, has published its “State of WordPress Security” whitepaper for 2022, tracking a few key metrics on publicly reported vulnerabilities.
The findings highlight the risk of using unmaintained themes and plugins along with developers’ need to keep pace with updates to libraries and dependencies included in their work. Patchstack is tracking a significant increase in vulnerabilities reported in 2022:
In 2022 we saw 328% more security bugs reported in WordPress plugins – we added 4,528 confirmed security bugs to our database, compared to 1,382 in 2021.
Similar to previous years, the majority of these security bugs were found in plugins (93%), followed by themes (6.7%), and WordPress core (0.6%).
These numbers were sourced from public data from Patchstack and other security companies and researchers in the WordPress ecosystem. The total number of vulnerabilities comes from the three official CNAs in the WordPress space that are authorized to assign CVE IDs to new security vulnerabilities and to whom researchers report issues. These include Patchstack, Automattic (WPscan) and WordFence. Patchstack CEO Oliver Sild said some of the vulnerabilities were also independently published elsewhere or reported directly to MITRE.
The report emphasized that the increase in the number of vulnerabilities reported means that ecosystem is becoming more secure as the result of more security issues being found and patched.
Another small improvement over last year is the percentage of critical security bugs that never received a patch. In 2022, that number was 26% versus 29% in 2021. Critical vulnerabilities were better addressed this year but Sild said so far it’s not a significant change that they would connect with any trend yet.
“We still think it shows a big problem, which is that some plugins are unsupported or abandoned and do not receive timely patches,” he said.
Solving the problem of developers abandoning their work is challenging, and many users have no idea how to select plugins that are more likely to be supported.
“I think it’s important to be transparent,” Sild said. “It is also okay that projects come to an end. I just recently told my colleague that ‘when someone builds a new plugin, they should keep in mind that someone might actually use it.’ It kind of stuck with me, because even if the plugin developer has moved on and is not working on the project anymore, there still might be people who rely on it.”
Sild said users often get left in the dark because WordPress core only shows if an update is available. If a plugin gets closed by WordPress.org due to an unpatched security issue, users don’t get notified.
“It’s something we try to improve together with our partners such as other security plugins and hosting companies,” he said. “Communication is key. We recently also created a free service for plugin developers called ‘managed vulnerability disclosure program’ shortly mVDP. The goal is to help plugin developers adopt more mature security practices and show users that they take security seriously.”
Other notable insights from the whitepaper include a breakdown of WordPress security bugs by severity. In 2022, the majority of vulnerabilities (84%) were classified as Medium severity, with a smaller percentage of High severity (11%) and Critical (2%).
Of the most popular plugins (over 1 million installs) that had security issues, only five contained high severity bugs. The two with the highest CVSS score vulnerabilities were Elementor and Essential Add-ons for Elementor, followed by UpdraftPlus WordPress Backup, One Click Demo Import, and MonsterInsights.
The whitepaper highlights a few other trends, including hosting companies alerting their customers to vulnerabilities, the growth of the security research community, and increased security awareness within the WordPress ecosystem. For more details on the state of WordPress security in 2022 and predictions for this year, check out the whitepaper on Patchstack’s website.
Day 3, the last day and the final sprint! Everyone in the 
