Issue #178

Happy Friday! It's July 14 and this week we're covering yesterday's proposal for a new WordPress DEIB team, All-In-One Security's patch after a data exposure vulnerabilty, and more on how the Gutenberg leadership team plans to tackle collaboration in WordPress

First time reading? Sign up here. Got an opinion? Send your thoughts, feelings and news tips to [email protected].

This week in WordPress

1. Ambitious plans revealed for WordPress admin redesign as part of Gutenberg phase three

It's finally happening. The WordPress admin interface will get a long-awaited makeover after Gutenberg lead architect Matías Ventura revealed plans for a revamped admin design as part of the upcoming third phase of the Gutenberg project. Sarah Gooding has the story: WordPress Plans Ambitious Admin UI Revamp with Design System, Galvanizing Broad Support from the Developer Community.

"YES! Of all the big plans for the next phase this is the one I’m most excited about," commented core contributor Mateus Machado Luna, while WPMarmite founder Alex Borto added, "Wow! It's gonna be amazing! A complete admin fluid browsing experience is much needed. I dream of navigating through the admin area without any page loads!"

Ventura also continued outlining project leadership's plans for bringing collaboration to WordPress this week, sharing the goals and scope of work needed to update the media library and block library in addition to the admin design after sharing details last week about real-time collaboration, workflows, and revisions in WordPress.

Nick Schäferhoff also covered the story for Torque: Real-Time Collaboration in WordPress: Here's What to Expect.

2. WordPress DEIB team proposed

We're kicking off with long-time contributor and mentor Birgit Olzem's welcome and timely proposal to establish a WordPress Diversity, Equity, Inclusion, and Belonging Team.

Olzem's proposal comes after the long-time contributor and mentor pitched the formation of a DEIB committee on her blog in May, and followed it up with a question to WordPress Executive Director Josepha Haden Chomphosy during the keynote Q&A at WordCamp Europe 2023. Haden Chomphosy said she had a proposal for "exactly this kind of team on my desk."

Before it was published, the proposal was reviewed and supported by Angela Jin (Head of Programs & Contributor Experience at Automattic), Jill Binder (who leads the Diverse Speaker Training group in the WordPress Community Team), Courtney Robertson (a co-founder of The WP Community Collective), Hari Shanker R (Open Source Program Manager at Automattic), Francesca Marano (Director of Engineering at XWP) and Evangelia Pappa (WordCamp Europe 2023 co-lead) among others.

Diversity has been a hot topic in recent months after WordCamp Europe 2023 was called out for the apparent lack of diversity in its speaker lineup. Last week, developer Aurooba Ahmed tweeted about the need for better representation in WordPress, sharing a screenshot of a sexist and racist message she received from an online harasser (with poor grammar, we might add).

Ahmed tweeted, "... I could go on my soapbox and at some point, I absolutely will. But for now, all I'll say is, this shit happens. Next time someone makes a fuss about diversity, remember that harassment like this happens ALL THE TIME and you don't even know it…. This is why diversity matters, because y'all. This is SO NOT okay."

3. All-In-One Security patches data exposure vulnerability

All-In-One Security, a plugin active on more than a million WordPress sites, patched a security issue with its latest version, 5.2.0, after the previous version inadvertently introduced the logging of plaintext passwords from login attempts in the database.

Or as Oliver Slid, CEO of Patchstack, tweeted this week, "Security feature of the year goes to All-In-One Security (AIOS) – Security and Firewall #WordPress plugin that logs plaintext passwords from login attempts in the database."

Sarah Gooding covered the story for WP Tavern: All-In-One Security Plugin Patches Sensitive Data Exposure Vulnerability in Version 5.2.0.

Slid also tweeted, "Due to the scale, we will 100% see hackers harvest the credentials from the logs of compromised sites that run (or has run) this plugin." But in a comment on Gooding's article, David Anderson, founder of UpdraftPlus, which owns AIOS, dismissed Slid's claim, labeling it a "hyperbolic inaccuracy." Anderson said while he was genuinely sorry to users for the vulnerability, it was an "admin-only" issue since attackers would need admin-level access to harvest anything.

Still, as Yoast founder Joost de Valk tweeted, "And then taking two full weeks to fix it? That's unacceptable."

In related security news, Gooding also reported this week that MalCare, Blogvault, and WPRemote have patched security issues that allow site takeover through stolen API credentials.

4. WordPress 6.3 Beta 4 released and live demo date set

WordPress 6.3 Beta 4 was released this week and includes 40+ Editor and 60+ Trac updates since the Beta 3 release. Testing continues ahead of the final release, due out on August 8—just four weeks away.

A live product demo of WordPress 6.3 has been scheduled for July 20 at 4 pm UTC. Automattic-sponsored Gutenberg contributors Anne McCarthy and Rich Tabor will host the event, moderated by WP Builds host Nathan Wrigley. The demo will highlight upcoming changes and include a live Q&A session.

Meanwhile, WordPress 6.3 will make site editing several clicks faster for users on the front-end of their site who want to edit the page they're viewing. Sarah Gooding at WP Tavern reports that the upcoming release will include an update so that the "Edit Site" link is aware of the current template.
🗞️ Enjoying today's email? Share with your friends.

Business Spotlight: Sponsor us


WordPress news for WordPress people→
Sponsor The Repository and promote your brand, product or service to an audience that is deeply invested in the WordPress ecosystem. Our highly-engaged readership comprises business owners, professionals, contributors, developers, influencers, consultants, marketers, and users—all smart people like you. Sponsor today.

In other news

WordPress project

> The WordPress Community Team kicked off its experimental mentorship program this week, announcing that the inaugural cohort had been assigned to a group of mentors who will guide them forward on project contributions across various Make teams. According to Automattic-sponsored Community Team contributor Hari Shanker R, 13 mentees were selected from 50 applications. The mentees will graduate after completing self-directed courses, participating in "learn-up" sessions, and making an initial contribution to their chosen team (WP Tavern)

> For The WP Minute, Editor Eric Karkovack takes a closer look at the WordPress Command Palette that will land in WordPress 6.3. He covers what the early version of the feature offers power users and speaks to Automattic-sponsored contributor Riad Benguella about next steps for its development (The WP Minute)

Business & enterprise

> Bluehost this week launched Wondersuite, a new web hosting service that uses AI to simplify website creation, customization and maintenance. Marketed as a "digital co-pilot," the service includes six tools: WonderStart (user-friendly and personalized onboarding), WonderTheme (a theme developed by YITH), WonderBlocks (a library of block patterns and page templates), WonderHelp (an AI-powered guide to assist users with site building), and WonderCart (an e-commerce solution) (CNET)

> On the StellarWP blog, Zach Tirrell, a General Manager at Liquid Web, has outlined what Liquid Web’s new investor, One Equity Partner, means to StellarWP. Tirrell covers changes to the company’s leadership team and recent updates to KadenceWP, iThemes/SolidWP, GiveWP, and LearnDash. His post comes after it surfaced last month that One Equity acquired Liquid Web back in April and the web host didn’t announce the news (StellarWP)

> Big Byte is calling on the enterprise community to take part in a survey of how big brands are using WordPress. According to COO Sarah McCormick, the State of Enterprise WordPress 2023 report, which is set to be published later this year, will summarise the survey's findings, including how enterprises are currently using WordPress as either a primary CMS, secondary publishing tool, or to power a blog (Big Byte)

> Brian Alvey, CTO of WordPress VIP, recently joined Osom Studio's Osom to Know podcast for an extensive discussion that touches on everything from building websites without a CMS in the 1990s to how WordPress VIP builds tools for improvement in search, security, analytics, and digital asset management for its enterprise clients (Osom to Know)

> DevriX founder Mario Pechev joined Remkus de Vries on the Within WordPress podcast for a wide-ranging discussion about the WordPress ecosystem and economy. Pechev reflects on his journey with WordPress, problems he sees with the software, competition from other platforms, and challenges in the e-commerce space (Within WordPress)

WordPress community

> Disability rights lawyer Lainey Feingold has urged AudioEye, a cloud-based digital accessibility platform, to drop a lawsuit against accessibility expert and WordCamp speaker Adrian Roselli. Roselli is a vocal critic of accessibility overlays and Feingold argues that he is the victim of a "Strategic Lawsuit Against Public Participation" (SLAPP). "Instead of embracing Adrian Roselli's expertise to better its product, Audio Eye, in my opinion, has strategically singled out a top leader in this space for his participation in this urgent conversation," writes Feingold (

Plugins & themes

> An analysis of the 39 freemium plugins in the repository that have over 1 million active installations has revealed Awesome Motive dominates with 9 plugins. According to PlugScore, the company not only has a "knack for crafting verbose yet captivating plugin names" but cleverly cross-promotes between its products. Amongst the report's other findings, the most popular freemium plugins address security, optimization and the WordPress admin, and offer a yearly subscription (PlugScore)

Conferences & events

> WPCampus announced last month it has terminated its longstanding partnership with web host Pantheon. President David Dashifen Kees said WPCampus' board of directors made the unanimous decision in light of the web host's decision to host the web presence of hate groups, and after urging them to reconsider their stance. Pantheon has sponsored every WPCampus event since 2016 and donated its hosting services. Dashifen Kees said WPCampus would not accept financial contributions or in-kind support from entities whose policies do not align with the organization's values. Meanwhile, WPCampus 2023 wraps up in New Orleans, Louisiana, today (WPCampus)

> WordCamp San José 2023 organizers have put out a call for speakers and sponsors. The Costa Rican WordCamp is the largest in Latin America, with more than 450 people expected to attend from November 4-5 at Universidad Fidélitas, Sede San Pedro. Tickets for the sixth iteration of the event are also now available (WordCamp Central)

> WordCamp Rochester has also put a call out for speakers and sponsors. The event will be held at the Rochester School of the Arts on September 30. Similar to previous years, the event will include workshops along two tracks, with sessions for every ability and level of use. Tickets are also available (WordCamp Central)

> The State of Digital Publishing, a startup market research publisher focused on digital media, is hosting a WordPress Publishers Performance Summit on July 27. The free event will feature 10 panelists from high-performance teams at The Boston Globe, Forbes, Multidots, VIP,, and other publishers, who will speak about best practices for managing and optimizing the performance of WordPress publishing sites (WP Tavern)

#WPCommunityFeels: Bud Kraus

Bud Kraus in a suit and hat.
This week, what's inspiring Joy of WP founder Bud Kraus. Bud has been a web design and WordPress instructor in New York City and beyond "ever since the Earth cooled" and has taught for schools including the Pratt Institute and the Fashion Institute of Technology.
A podcast worth listening to: There are many and I don’t want to exclude any of them, but I have been listening to The Gutenberg Times podcast with Birgit Pauli-Haack since it started. It’s a must for me to keep up with the Gutenberg roject. I also like Oh The Pain and Left Right And Center.

A concept worth understanding: "Life is what happens to you when you are busy making other plans." This is taken from a John Lennon song about his boy, Sean, recorded in 1980. I think it is so true. We lose control of our lives and that only leads to being unhappy and not fulfilled.

A Twitter account worth following: Besides mine? Hmm, I’d say Rich Tabor (@richard_tabor) always has something important to say.

An article worth reading: Here’s a groundbreaking one that comes to mind: Responsive Web Design by Ethan Marcotte, published in 2010 by A List Apart. It was a seminal moment in web design and I had the pleasure of meeting him briefly at WordCamp Boston 2019.

A habit worth forming: To stop working and spend 10-15 minutes every day just reflecting. I’ve seen even the busiest people adopt this principal. And I would go one step further. Take a 15 minute nap after lunch to refresh the batteries. It works!

Together with GoDaddy Pro

The Three R's of a Fast Website: How to Cut Seconds for Better Rankings, Revenue, and Reviews

A yellow banner with a photo of Lora and the title of her "Three R's" chat.
Are you looking to boost your website's speed and improve your online business? If so, then you won't want to miss our upcoming GoDaddy Pro virtual event on website speed optimization! In this talk, we'll delve into the ins and outs of optimizing your website for speed, and we'll show you how to unlock the powerful Three R's framework of successful online businesses: boost your search engine visibility, captivate your audience, and earn glowing reviews.

Join us for this actionable webinar with guest Lora Raykova from NitroPack and gain the knowledge and tools you need to elevate your online business. We'll cover everything from reducing HTTP requests to optimizing your images, and we'll show you how to implement these changes on your own website. Register today!

This free virtual event is presented by GoDaddy Pro and will take place on Wednesday, August 2, 2023 at 1 pm EDT.

Register here: The Three R's of a Fast Website


🍜 WordPress Performance Team contributor Weston Ruter says it took 26⅓ hours to slurp the entire plugin repository.

🗺️ Marcus Burnette's The WP World project has crossed the 1,000 WordPresser mark.

🎨 Automattic's design team has shared the story behind the WordPress 20th anniversary logo.

🏃🏼‍♂️ Adam Zieliński says he prototyped WordPress Playground in just a week.

🌎 Freelance developer and educator Carrie Dils joined WP Tavern's Jukebox to talk about internationalizing WordPress code.

🙋‍♀️ Michelle Frechette joined WPRiders to share her advice for WordPress jobseekers.

The Repository is a weekly email for the WordPress community by Rae Morey. Also on our team: writer Adrianna Nine, proofreader Laura Nelson, and columnist Jonathan Wold. Thank you to Kinsta, our web hosting sponsor, and MailPoet, our email sponsor.

Send your feedback to [email protected] and help us provide high-quality news written by humans that matters to the WordPress community.

Interested in reaching WordPress people like you? Become a Repository sponsor.