Roundup of WordPress ecosystem #1 – January 2017

roundup wordpress ecosystem january2

After writing the article “Overview of the WordPress Community in 2016” and getting feedback for the article on various platforms, I decided to continue writing them, but I changed its name into “Roundup of WordPress ecosystem”. This is the first article from a monthly series that will showcase what happened around the whole ecosystem in the past month and offer a list of useful resources and tutorials for WordPress users.

WordPress News & Updates

News & Updates

If we want to keep up with the latest news, we have to follow blogs and publications around the web, and eventually, aggregates them by using a third party app. I know all this sometimes can be overwhelming, especially if you have other things pending on your to-do list, that’s why I wanted to divide the article into specific topics to be easier to read and quick to check.

Community News

We started the year with a good news spreading around, that the WordPress platform has been ranked by W3Techs as “The fastest growing content management system”

Further, we had Matt Mullenweg which announced “The Tech and Design Leads for the New Focus-Based Development Process”

  • REST API will get first party wp-admin usage of the new endpoints and replace all the core places where admin-ajax is still used;
  • to build a better onboarding experience with WordPress;
  • Editor improvements for the admin interface, draft-review-publish-schedule updates, and revisions you can see as you update the article;
  • new enhancements for the Shortcake UI feature plugin to build an interface more user-friendly;

Also, another news that deserves to be mentioned here is about the WordPress Core Contributor at GoDaddy, Aaron D. Campbell that replaced Nikolay Bachiyski, the first person that ever held the role of WordPress’ Security Czar. He said that the main objective will be to continue what Nikolay built and focus on making WordPress and our web sites safer.

WordPress Updates

WordPress 4.7.1

There were two Security and Maintenance Releases in the first month of 2017 and according to the official blog of WordPress users are affected by eight security issues. In order to come and help them, the Security team has firstly released WordPress 4.7.1, that fixed various security issues regarding:

  • Remote Code Execution in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer.
  • The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
  • Cross-site scripting (XSS) via the plugin name or version header on update-core.php
  • Cross-site request forgery (CSRF) bypass via uploading a Flash file.
  • Cross-site scripting (XSS) via theme name fallback.
  • Post via email checks ifmail.example.com default settings aren’t changed.
  • A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing.
  • Weak cryptographic security for a multisite activation key.

WordPress 4.7.2

The following update that happened January 26th and it deserves a particular attention as WordPress announced a disclosure of additional security fix in this update. WordPress 4.7.2, resolved some main security issues, such as:

  • The UI for assigning taxonomy terms is viewable to users who should not have permission to use it.
  • WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability
  • A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

Apart from this, the specific disclosure announced one additional vulnerability that was intentionally delayed by one week in order to ensure the security of millions us WordPress websites.

This issue deals with an Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint, which never happened in the past. As it was reported by WordPress, it seems one of the Sucuri’s researchers, Marc-Alexandre Montas has discovered it and alerted the WordPress Security Team. In order to help users, Sucuri has added rules to their Web Application Firewall to block exploit attempts.

 

After that WordPress reached out to several companies including SiteLock, Cloudflare, and Incapsula and worked with them to create a new set of rules that will increase the protection of WordPress users.The next focus was to contact WordPress hosts and offer them information about the vulnerability and also solutions to protect their users. So, everyone worked closely with the WordPress Security Team to implement the protection solutions and regularly check for exploit attempts.

Plugin News

AffiliateWP released the 2.0 version of their plugin, which added a lot of issues fixed and new features available. Also, AffiliateWP got some new integrations with contact form plugins, payment systems, donations plugins and finally, with our membership plugin, Paid Member Subscriptions.

Also, Vectr – the free and simple graphics editor tool that help you create powerful vector graphics has just launched the WordPress plugin version. This is the first WordPress plugin developed using Vectr’s embedded editor API, but it seems they have big plans for the future, so stay tuned to them.

 

Theme News

The latest learning resource developed by WordPress and dedicated to beginners and theme developers is called Theme Developer Handbook. The handbook was finally released this month, after almost two years of development and three different teams working on the project. The document deal with topics, such as Theme Basics, Template Files, Theme Functionality, Theme Customizer API, Theme Security, Advanced Topics and Theme Releases. Also, the handbook has been updated up to the version 4.7 of WordPress and the team will constantly improve it. You can follow the development on Trello.

WordCamp

As you may already know, WordCamp Europe will be held in Paris and the organizing team thought that it would be a good idea to share more information and resources on how attendees can take the most out of their travel. So, they prepared a great list with five less known places from Paris, which are totally worth to visit. Take a break and take a look at Paris from above.

If we still speak about WordCamp Europe, it’s worth to say that the call for volunteers and speakers ended on the first day of 2017 and they received 310 speaker submissions and 292 volunteer applications. And, not to add that more than half of the tickets from the first batch of 2000 are already sold out.

WordPress Resources

WordPress Resources

 

WordPress business

Looking around within the WordPress I’ve found out that some WordPress businesses published their “Year in Review” and I was inspired by each one of them. As each article brought me value and inspiration, I want to recommend them further to you. Some of them were published in the last days of December, but I think they are still great.

 

Beginner’s Guides & WordPress Tutorials

Here we start with a visual topic, Gravatar – the tool that helps people to add a nice photo next to their name when they leave comments on websites. I found a pretty nice tutorial released by WPkube that explains what is a Gravatar, how you can get one and its benefits.

Other good ones are some tutorials from WPbeginner about:

Also, I prepared short lists of WordPress Podcats that help you learn more and stay up to date with the latest WordPress developments.

  • 30 Best WordPress Podcats to Listen to in 2017 (Optimizer)
  • The Best WordPress Podcasts to Improve Your WordPress Knowledge (wplift)

Also, a great interview that goes up to this list is about Bernhard Kau, a PHP developer, passionate WordPress user and proud community member that loves to organize WordPress events, like the WordCamp and WordPress Meetup from Berlin. Read more about his contribution to the WordPress community on the official blog of WordCamp Europe.

Marketing Tips & Tricks

The first marketing recommendation of this month is the tutorial released by Matt Medeiros on his website, Plugintut.com that explains very well how to add Facebook Pixel, the tracking code you can add to your website for remarketing.

I also recently found that Yoast SEO gives you the possibility to optimize  Social Media shares. In one of their latest blog posts, they shared some wisdom on how to optimize SEO for Facebook, Twitter, and Pinterest shares. You can read more, here.

 

A lot of things happened around the ecosystem in the first month of 2017 and we’re curious to see what else this year will unfold.

If you have something interesting about the community, share your opinion below in comments section.

Subscribe to get early access

to new plugins, discounts and brief updates about what's new with Cozmoslabs!

Leave a Reply

Your email address will not be published. Required fields are marked *