Wordpress expert.
1923 stories
·
0 followers

WordPress 4.9 “Tipton”

1 Share

Major Customizer Improvements, Code Error Checking, and More! 🎉

Version 4.9 of WordPress, named “Tipton” in honor of jazz musician and band leader Billy Tipton, is available for download or update in your WordPress dashboard. New features in 4.9 will smooth your design workflow and keep you safe from coding errors.

Featuring design drafts, scheduling, and locking, along with preview links, the Customizer workflow improves collaboration for content creators. What’s more, code syntax highlighting and error checking will make for a clean and smooth site building experience. Finally, if all that wasn’t pretty great, we’ve got an awesome new Gallery widget and improvements to theme browsing and switching.


Customizer Workflow Improved 

Draft and Schedule Site Design Customizations

Yes, you read that right. Just like you can draft and revise posts and schedule them to go live on the date and time you choose, you can now tinker with your site’s design and schedule those design changes to go live as you please.

Collaborate with Design Preview Links

Need to get some feedback on proposed site design changes? WordPress 4.9 gives you a preview link you can send to colleagues and customers so that you can collect and integrate feedback before you schedule the changes to go live. Can we say collaboration++?

Design Locking Guards Your Changes

Ever encounter a scenario where two designers walk into a project and designer A overrides designer B’s beautiful changes? WordPress 4.9’s design lock feature (similar to post locking) secures your draft design so that no one can make changes to it or erase all your hard work.

A Prompt to Protect Your Work

Were you lured away from your desk before you saved your new draft design? Fear not, when you return, WordPress 4.9 will politely ask whether or not you’d like to save your unsaved changes.


Coding Enhancements

Syntax Highlighting and Error Checking? Yes, Please!

You’ve got a display problem but can’t quite figure out exactly what went wrong in the CSS you lovingly wrote. With syntax highlighting and error checking for CSS editing and the Custom HTML widget introduced in WordPress 4.8.1, you’ll pinpoint coding errors quickly. Practically guaranteed to help you scan code more easily, and suss out & fix code errors quickly.

Sandbox for Safety

The dreaded white screen. You’ll avoid it when working on themes and plugin code because WordPress 4.9 will warn you about saving an error. You’ll sleep better at night.

Warning: Potential Danger Ahead!

When you edit themes and plugins directly, WordPress 4.9 will politely warn you that this is a dangerous practice and will recommend that you draft and test changes before updating your file. Take the safe route: You’ll thank you. Your team and customers will thank you.


Even More Widget Updates 

The New Gallery Widget

An incremental improvement to the media changes hatched in WordPress 4.8, you can now add a gallery via this new widget. Yes!

Press a Button, Add Media

Want to add media to your text widget? Embed images, video, and audio directly into the widget along with your text, with our simple but useful Add Media button. Woo!


Site Building Improvements 

More Reliable Theme Switching

When you switch themes, widgets sometimes think they can just move location. Improvements in WordPress 4.9 offer more persistent menu and widget placement when you decide it’s time for a new theme. 

Find and Preview the Perfect Theme

Looking for a new theme for your site? Now, from within the Customizer, you can search, browse, and preview over 2600 themes before deploying changes to your site. What’s more, you can speed your search with filters for subject, features, and layout.

Better Menu Instructions = Less Confusion

Were you confused by the steps to create a new menu? Perhaps no longer! We’ve ironed out the UX for a smoother menu creation process. Newly updated copy will guide you.


Lend a Hand with Gutenberg 🤝

WordPress is working on a new way to create and control your content and we’d love to have your help. Interested in being an early tester or getting involved with the Gutenberg project? Contribute on GitHub.

(PS: this post was written in Gutenberg!)


Developer Happiness 😊

Customizer JS API Improvements

We’ve made numerous improvements to the Customizer JS API in WordPress 4.9, eliminating many pain points. (Hello, default parameters for constructs! Goodbye repeated ID for constructs!) There are also new base control templates, a date/time control, and section/panel/global notifications to name a few. Check out the full list.

CodeMirror available for use in your themes and plugins

We’ve introduced a new code editing library, CodeMirror, for use within core. CodeMirror allows for syntax highlighting, error checking, and validation when creating code writing or editing experiences within your plugins, like CSS or JavaScript include fields.

MediaElement.js upgraded to 4.2.6

WordPress 4.9 includes an upgraded version of MediaElement.js, which removes dependencies on jQuery, improves accessibility, modernizes the UI, and fixes many bugs.

Roles and Capabilities Improvements

New capabilities have been introduced that allow granular management of plugins and translation files. In addition, the site switching process in multisite has been fine-tuned to update the available roles and capabilities in a more reliable and coherent way.


The Squad

This release was led by Mel Choyce and Weston Ruter, with the help of the following fabulous folks. There are 443 contributors with props in this release, with 185 of them contributing for the first time. Pull up some Billy Tipton on your music service of choice, and check out some of their profiles:

Aaron D. Campbell, Aaron Jorbin, Aaron Rutley, Achal Jain, Adam Harley (Kawauso), Adam Silverstein, AdamWills, Adhun Anand, aegis123, Afzal Multani, Ahmad Awais, Ajay Ghaghretiya, ajoah, Akash Soni, akbarhusen, Alain Schlesser, Alex Dimitrov, Alex Goller, Alexandru Vornicescu, alibasheer, alxndr, Andrea Fercia, andreagobetti, Andrew Duthie, Andrew Nacin, Andrew Norcross, Andrew Ozz, Andrew Taylor, Andy Fragen, Andy Meerwaldt, Andy Mercer, Angelika Reisiger, anhskohbo, Ankit K Gupta, Anthony Hortin, Anton Timmermans, antonrinas, appchecker, arena94, Arnaud Coolsaet, ArnaudBan, Arun, Ashar Irfan, atachibana, Atanas Angelov, audrasjb, Avina Patel, Ayesh Karunaratne, Barry Ceelen, bduclos, Bego Mario Garde, Behzod Saidov, Ben Cole, Ben Dunkle, benoitchantre, Bharat Parsiya, bhavesh khadodara, Biplav, Biranit, Birgir Erlendsson (birgire), biskobe, BjornW, Blackbam, Blobfolio, bobbingwide, bonger, Boone B. Gorges, Boro Sitnikovski, Brad Parbs, Brady Vercher, Brandon Kraft, Brent Jett, Brian Layman, Brian Meyer, Bruno Borges, bseddon, Bunty, Carl Danley, Carolina Nymark, Caroline Moore, carolinegeven, Charlie Merland, Chetan Chauhan, chetansatasiya, choong, Chouby, Chris Hardie, Chris Runnells, Christian Chung, Christoph Herr, chsxf, cjhaas, Cliff Seal, code-monkey, Collins Agbonghama, corvidism, csloisel, Daedalon, Daniel Bachhuber , Daniel James, Daniele Scasciafratte, dany2217, Dave Pullig, DaveFX, David A. Kennedy, David Aguilera, David Anderson, David Binovec, David Chandra Purnama, David Herrera, David Shanske, David Strauss, David Trower, Davide 'Folletto' Casali, daymobrew, Derek Herman, designsimply, DiedeExterkate, dingo-d, Dion Hulse, dipeshkakadiya, Divyesh Ladani, Dixita Dusara, dixitadusara, Dominik Schilling, Dominik Schwind, Drew Jaynes, dsawardekar, Dzikri Aziz, Eaton, eclev91, Edd Hurst, EGregor, Ella Iseulde Van Dorpe, elvishp2006, enrico.sorcinelli, Eric Andrew Lewis, euthelup, Evan Mullins, eventualo, Fabien Quatravaux, FancyThought, Felipe Elia, Felix Arntz, fergbrain, Florian TIAR, Gabriel Mariani, Garth Mortensen, Gary Pendergast, Gennady Kovshenin, George Stephanis, Girish Lohar, Govind Kumar, Graham Armfield, Greg Ross, Gregory Cornelius, grosbouff, Guido Scialfa, Gustave F. Gerhardt, guzzilar, Hardeep Asrani, Hazem Noor, hazimayesh, Helen Hou-Sandí, Henry, Henry Wright, herregroen, Hinaloe, Howdy_McGee, Hugh Lashbrooke, Hugo Baeta, Iacopo C, imath, Ippei Sumida, Ipstenu (Mika Epstein), Irene Strikkers, Ivan Kristianto, ixmati, J.D. Grimes, j.hoffmann, James Nylen, Janki Moradiya, Jason Stallings, Jeff Paul, Jennifer M. Dodd, Jeremy Felt, Jeremy Pry, Jip Moors, jjcomack, jkhongusc, Joe Dolson, Joe Hoyle, Joe McGill, John Blackbourn, John Eckman, John James Jacoby, John Regan, johnpgreen, johnroper100, Jonathan Bardo, Jonathan Desrosiers, Jonny Harris, Joost de Valk, Josepha, Josh Pollock, Joy, jrf, jsepia, jsonfry, Juhi Saxena, Julien, Justin Kopepasah, Justin Sternberg, K.Adam White, Karthik Thayyil, keesiemeijer, Kelly Dwan, Kevin Newman, Kim Parsell, Kiran Potphode, Kite, Konstantin Kovshenin, Konstantin Obenland, Konstantinos Galanakis, koopersmith, Kristin Kokkersvold, lalitpendhare, Lance Willett, Laurel Fulford, lemacarl, lessbloat, llemurya, Luke Cavanagh, Mário Valney, m1tk00, Maedah Batool, Mahesh Prajapati, Mahvash Fatima, Maja Benke, Mako, manolis09, manuelaugustin, Marcel Bootsman, Marius L. J., Marius Vetrici, Mark Jaquith, Mark Root-Wiley, markcallen, Marko Heijnen, MatheusGimenez, Matt Gibbs, Matt Mullenweg, matthias.thiel, mattyrob, Maxime Culea, mdifelice, megane9988, Mel Choyce, Menaka S., Michael Arestad, Michele Mizejewski, Miina Sikk, Mike Crantea, Mike Hansen, Mike Schinkel, Mike Schroder, Milan Dinić, Milana Cap, Milind More, Mirucon, Mitch Canter, Mithun Raval, mkomar, monikarao, Morgan Estes, moto hachi ( mt8.biz ), msebel, munyagu, MyThemeShop, N'DoubleH, Nathan Johnson, nenad, nic.bertino, Nick Diego, Nick Halsey , Nicolas GUILLAUME, nicollle, Nidhi Jain, Nikhil Chavan, Nilambar Sharma, Nileshdudakiya94, Nishit Langaliya, Norris, obradovic, Ov3rfly, Paal Joachim Romdahl, palmiak, Parth Sanghvi, Pascal Birchler, Pat O'Brien, patel, Paul Bearne, Paul Biron, Paul Dechov, Paul Wilde, Payton Swick, pcarvalho, Pedro Mendonça, Pete Nelson, Peter "Pessoft" Kolínek, Peter J. Herrel, Peter Toi, Peter Westwood, Peter Wilson, Philip John, Piotr Delawski, Pippin Williamson, Plastikschnitzer, powerzilly, Pratik Gandhi, Presslabs, Punit Patel, Purnendu Dash, r-a-y, Rachel Baker, rafa8626, Rahmohn, Rami Yushuvaev, ramon fincken, Ravi Vaghela, RC Lations, redrambles, RENAUT, Reuben Gunday, rfair404, Riad Benguella, Rian Rietveld, Riddhi Mehta, Rinku Y, Rob Cutmore, Rodrigo Primo, Ronak Ganatra, rugved, Rushabh Shah, Ryan Boren, Ryan Duff, Ryan Holmes, Ryan Marks, Ryan McCue, Ryan Neudorf, Ryan Plas, Ryan Welcher, ryanrolds, ryotsun, Sabuj Kundu, Sagar Prajapati, sagarladani, Said El Bakkali, Sami Keijonen, Sampat Viral, Samuel Sidler, Samuel Wood (Otto), sarah semark, sathyapulse, sboisvert, Scott DeLuzio, Scott Kingsley Clark, Scott Lee, Scott Reilly, Scott Taylor, scribu, Sebastian Pisula, SeBsZ, Sergey Biryukov, Sergio De Falco, Shamim Hasan, Shawn Hooper, shital, shramee, Siddharth Thevaril, Simon Prosser, skostadinov, Slava Abakumov, someecards, Soren Wrede, spencerfinnell, spocke, Stanko Metodiev, Stephane Daury (stephdau), Stephen Edgar, Stephen Harris, Steve Grunwell, Steve Puddick, stevenlinx, Subrata Mal, Subrata Sarkar, Sudar Muthu, Susumu Seino, svrooij, Takahashi Fumiki, Takayuki Miyauchi, Tammie Lister, Taylor, tejas5989, terwdan, tharsheblows, thingsym, Thoriq Firdaus, Thorsten Frommen, Timothy Jacobs, tmatsuur, tobi823, Todd Nestor, Tor-Bjorn Fjellner, Torsten Landsiedel, Toru Miki, toscho, transl8or, truongwp, tuanmh, TV productions, uicestone, Ulrich, Umang Vaghela, Umesh Nevase, upadalavipul, Utkarsh, vhauri, williampatton, withinboredom, Wojtek Szkutnik, Xenos (xkon) Konstantinos, Yahil Madakiya, yonivh, yrpwayne, zachwtx, and Zane Matthew.

Finally, thanks to all the community translators who worked on WordPress 4.9. Their efforts bring WordPress 4.9 fully translated to 43 languages at release time, with more on the way.

Do you want to report on WordPress 4.9? We've compiled a press kit featuring information about the release features, and some media assets to help you along.

If you want to follow along or help out, check out Make WordPress and our core development blog.

Thanks for choosing WordPress!

Read the whole story
Share this story
Delete

WordPress 4.9 release delayed by one day

1 Share

The 4.9 release was due out today (November 14th), however issues with shortcodes within widgets (#42548) and changes to the Editor (#42530) occurred during release preparations. The new target release date is tomorrow (November 15th). It doesn't serve anybody well to delay things this late in the day, but it's essential to ensure the late fixes which have landed in the last few days are well tested.

We will do a release dry-run today at November 14th, 23:00 UTC23:00 UTC in #core after the code freeze, depending on the availability of the lead devs. An update will be posted that includes a link to a nightly build after the code freeze.

We've re-scheduled the 4.9 release to occur tomorrow at November 15th, 23:00 UTC / 23:00 UTC.

Read the whole story
Share this story
Delete

WordPress 4.8.3, A Security Release Six Weeks in the Making

1 Share

WordPress 4.8.3 is available and is a security release for 4.8.2 and all previous versions. This release addresses an issue with $wpdb->prepare() that could lead to a potential SQL injection. While WordPress core is not vulnerable, hardening has been added to prevent plugins and themes from inadvertently causing a vulnerability.

If you’re experiencing a bit of déjà vu, it’s because WordPress 4.8.2 attempted to solve the same problem. According to Anthony Ferrara who reported and disclosed the vulnerability, the patch in 4.8.2 didn’t solve the underlying problem and broke many sites.

Ferrara says he reported the issue immediately after 4.8.2 was released and was ignored by the WordPress security team for several weeks.

“When I got the attention of the team, they wanted to fix a subset of the issue I reported,” he said. “It became clear to me that releasing a partial fix was worse than no fix (for many reasons). So I decided the only way to make the team realize the full extent was to Full Disclosure the issue.”

Full Disclosure is the process of publicly sharing technical details of a vulnerability so that the public knows the same amount of information about it as hackers. The threat of full disclosure is typically used to pressure businesses and software creators to act swiftly and release patches as soon as possible.

On October 26th, Ferrara used his Twitter account to notify the public that WordPress contained a serious SQLi vulnerability and that because he lacked confidence in the team, fully disclosing it was his only option. His message was retweeted 562 times and liked by 484 people.

The amount of publicity his Tweet received had an impact as on October 27th, Ferrara reported that constructive discussions resumed with the team and that he would delay the disclosure until October 31st.

On October 27th, Ferrara spoke to a member of the WordPress security team who provided a fresh set of eyes to the problem, “A security team member who hadn’t yet participated in the thread went back to the beginning of the thread and re-read every post,” he said.

“He (correctly I may add) summarized the entirety of the issues, as well as asked a few clarifying questions. He also asked for a little more time but gave me a target of Tuesday, October 31st so it wasn’t wide open. This was the response I was looking for the entire time.”

Both parties collaborated on a patch that fixed the issue and WordPress 4.8.3 was released. Although his experience started out frustrating, Ferrara is hopeful that the team will do better with future reports.

“I get that there are competing priorities,” he said. “But show attention. Show that you’ve read what’s written. And if someone tells you it seems like you don’t understand something, stop and get clarification. And ask for help. Overall, I hope the WP security team moves forward from this. I do honestly see hope.”

Aaron Campbell, WordPress Security Team Lead, says that although there were some rough patches in working with Ferrara, they were able to work together to get a fix released in the end. While the threat of full disclosure didn’t have a huge impact on getting the vulnerability patched, it may have been the catalyst to get a new person involved in the process.

“A threat of disclosure certainly adds pressure and possibly stress, but doesn’t actually change the overall equation that much.” Campbell said. “An issue isn’t more severe because it’s going to be disclosed, but it can become more rushed (meaning a higher likelihood of mistakes).

In this case, I actually think the threat of disclosure ended up coinciding with one of the people from our security team joining in to help out. The new person was much better at communicating with Anthony, and it really turned things around.”

In the official release post, the WordPress Security Team thanked Ferrara for practicing Responsible Disclosure. This generated some conversation on Twitter on whether responsible disclosure should be renamed to coordinated disclosure.

“I’m not sure I know what the terminology change would be aiming to accomplish,” Campbell said. “I do see that some places use this particular phrasing, but honestly I don’t see how it conveys anything that’s not already generally understood with responsible disclosure.”

Users are encouraged to update their sites to 4.8.3 as soon as possible. Since this release changes the behavior of esc_sql(), developers are highly encouraged to read this dev note on the Make WordPress Core site.

Read the whole story
Share this story
Delete

Goodnight Firebug

1 Share

firebug logo

Twitter is lighting up with sentimental Firebug remembrances today after Mozilla announced it will reach end-of-life in the Firefox browser next month. Firebug was the first browser-based tool that allowed developers to easily inspect HTML and debug JS. It was discontinued as a separate add-on and merged into Firefox DevTools in 2016 where it will live on.

I remember the days of painstaking debugging before Firebug was available. It was a revolutionary tool that instantly became indispensable, helping developers work more efficiently.

“Firebug changed everything for me as a frontend developer,” Jens Grochtdreis said. “Looking back I cannot remember how hard the times were before Firebug stepped on the scene. Now each browser has mature developer tools. That’s because of Firebug. Mission accomplished!”

In recognition of what Firebug brought to developers, Mozilla reviewed one of the most important points in Firebug history – the decision to open source the software. This allowed for the proliferation of similar browser development tools that we see today. Firebug creator Joe Hewitt, who eventually moved on to Facebook, made the tool open source in December 2006:

The first announcement is in regards to Firebug’s licensing. As I was developing Firebug 1.0, I began to wonder if I should try to turn the project from a hobby into a business. When I proposed this idea on my blog, the response was very positive and reaffirmed my belief that Firebug could do well as a commercial product.
However, in the end, I just don’t feel like that is the right thing to do. I love working on Firebug because I know I’m making a lot of people happy and helping to advance the state of the art. That’s a lot more meaningful to me than just about anything else, and so, I’ve decided that Firebug will remain free and open source.

Mozilla reported that more than a million people are still using the Firebug add-on. Firefox Developer Tools has a guide for migrating from Firebug. There are still several Firebug features missing from Firefox DevTools, but Mozilla is tracking them and working to bring greater parity between the two. Support for the separate Firebug extension will be discontinued with the release of Firefox Quantum (version 57) in November 2018.

Read the whole story
Share this story
Delete

WooCommerce Retires Canvas Theme, Recommends Customers Migrate to Storefront Theme

1 Share

WooCommerce is retiring its Canvas Theme after seven years. Canvas was one of the most innovative themes on the market when it first launched in 2010, giving customers the ability to modify their sites’ design and layout through an extensive options panel. It sold for $99 before the product URL was redirected to a retirement page today.

Canvas’ retirement is a strong signal that Automattic is going all-in on Gutenberg. Without a complete overhaul, the theme is no longer able to keep pace with the changes that Gutenberg and the Customizer will bring to WordPress theming and site building.

“While still early, we believe strongly that Gutenberg is the future,” Canvas lead developer Jeffrey Pearce said. “We’ve decided to invest our resources in preparing our products for it in order to bring you the best experience. Unfortunately, that won’t include Canvas.”

WooCommerce has discontinued Canvas sales and will not be open sourcing the theme to the community.

“Overhauling the theme wouldn’t serve our users, yet continuing to sell it as-is wasn’t the right decision. So we made the difficult decision to say goodbye,” Pearce said.

“We considered open sourcing Canvas to the community, but ultimately decided that extending its lifetime will not serve the community. It’s in the best interest of our users and the community to eventually move to another theme.”

WooCommerce plans to continue supporting active subscriptions and will offer support for lifetime subscriptions for the next year. However, the theme will not be updated to support newer features coming to WordPress. The team strongly urges users to migrate their sites to Storefront, the company’s more mobile-friendly flagship theme built on top of the Underscores starter theme. WooCommerce has published a migration guide to help customers move on from Canvas.

Over the years customers have created many different types of websites (not limited to e-commerce) using Canvas. While some have accepted the inevitable, others are anxious and upset about the change, faced with the prospect of migrating dozens of sites (in many instances) away from the theme. The news of Canvas’ retirement was especially difficult for those who support clients who may not be happy to pay for their existing sites to get updated with no appreciable difference. It’s not easy to sell the change to clients when most of it happens under the hood.

“This puts me in a terrible position,” WooCommerce customer Leon Wagner said. “I have 10 client sites on Canvas. They look beautiful and the clients are happy. So these are done deals, I’ve been paid, and do occasional maintenance. Now you’re telling me I have to go back to each of them and explain that because you’re discontinuing this theme, my clients will now have to pay me thousands of dollars to port their sites (with no obvious improvements) to new themes. Pretty sure I’ll just lose most of those clients.”

Other freelancers and small business owners find themselves in the same boat, many of them with twice that many clients on the Canvas theme. Although the theme can continue to be used without breaking, it will no longer receive compatibility or security updates after the support window expires in October 2018. WooCommerce is currently giving away its Storefront Extensions Bundle for free to Canvas customers to help make the migration easier.

Read the whole story
Share this story
Delete

WordPress 4.8.2 Patches Eight Security Vulnerabilities

1 Share

WordPress 4.8.2 is available for download and users are encouraged to update as soon as possible. This release patches eight security vulnerabilities and has six maintenance related fixes. Hardening was also added to WordPress core to prevent plugins and themes from accidentally causing a vulnerability through $wpdb->prepare() which can create unexpected and unsafe queries leading to potential SQL injection (SQLi).

To see a full list of changes, check out the release notes. Auto updates are rolling out to sites that support them but if you’d like to update manually, you can browse to Dashboard – Updates and click the Update Now button.

Read the whole story
Share this story
Delete
Next Page of Stories