Issue #35
grey 2
MailPoet logo
yellow 1@2x
orange 2@2x

This week in WordPress

Unsplash launches official WordPress plugin, causes stir with licensing

Unsplash has released an official plugin for WordPress, co-developed with the team at XWP. As Sarah Gooding writes for WP Tavern in Unsplash Launches Official Plugin for WordPress, the free plugin connects Unsplash's 1+ million free high-resolution image library with the WordPress editor.

Unsplash co-founder Luke Chesser tells WP Tavern the project brings "the internet's image library to the internet's publishing platform." He says it was large publishing organizations that provided the impetus for the free image site to develop an official integration for WordPress. The plugin is available in the WordPress.org repository β€” but not without some controversy.
Commenting on the WP Tavern post, Themes Team rep Ari Stathopoulos says it's ironic the plugin's release goes against Unsplash's own licensing for images. "It's vague and restrictive to the point where one doesn't even know if they can actually use the images they import," Ari comments, to which WordPress co-founder Matt Mullenweg adds, "I agree, not sure if this should be allowed in the directory."
Luke took to Twitter to reply: "So we spend months building a @WordPress plugin for Unsplash and then @photomatt comes in and says it shouldn't be listed in the plugins directory, even though it absolutely meets all the criteria, because he doesn't like the Unsplash License?"

"Regardless of whether this is an actual 'we should remove this' statement or not, this is just toxic behaviour, and is harmful to the whole ecosystem," tweets Ryan McCue, Director of Engineering at Human Made.

Block directory guidelines block commercial interests

The Revised Block Directory Guidelines Proposal Updates Wording but Changes Little Else, writes Justin Tadlock for WP Tavern. Automattic developer Alex Shiels posted an update to the proposed guidelines for the WordPress block directory this week, adding eight rules plugin authors must follow if they want to add their one-off blocks to the directory.

Justin says that while the guidelines are mostly "run-of-the-mill requirements," some "are certain to be a disappointment or point of contention for some developers." These include that monetization, server-side blocks, and dependencies are not allowed.

"The largest feedback on the guidelines we received here at the Tavern surrounded what is essentially a blanket ban on commercial interests for block developers," Justin writes. "Right now, one-off blocks will need to be built by those with altruistic interests, giving back to the community simply out of the kindness of their hearts. While there is nothing inherently wrong with wanting to do that, it is not attractive to developers who are primarily focused on putting food on the table."

What do you think about the WordPress block directory guidelines? Let us know on Twitter and don't forget to include #therepository.

Lessons in remote working learned at Automattic

Automattic Director of Marketing Sara Rosso has shared 10 More (Leadership!) Lessons from 10 Years Working in a Fully-Distributed and Remote Company. The follow up to her 10 Lessons from 4 Years Working Remotely at Automattic is even more relevant in our Covid-19 world, where "going to work" has changed for many people. As Sara points out, working remotely is the new reality for many people.

Supporting Black voices in the WordPress community

Jill Binder, who leads the Diverse Speaker Training group in the WordPress.org Community Team, has shared her advice on Supporting Black Voices in WordPress. She offers tips on how to invite potential Black speakers, including highlighting their specific contributions to the community, making sure they are well-supported in their speaker journey, and being mindful of microaggressions.

Meanwhile, in other speaker-related news, WP Buffs founder and CEO Joe Howard tweets, "For anybody in the #WordPress space who wants more speaking opportunities, make sure you're listed in directories like this. $45/yr is def worth increasing your chances of being considered for an event in the next 12 months! πŸ’―." Joe links to BackupSpeaker.com's launch tweet.

Please stop criticizing plugin devs and their admin notices, writes Freemius founder

"Dear community, please stop criticizing #plugin developers as a whole & spreading negative sentiment towards the people that help users fulfill their goals & aspirations through #WordPress sites – it is and wrong & unfair," tweets Freemius founder and CEO Vova Feldman, linking to his piece Stop Blaming Plugin Developers for Too Many WordPress Admin Notices.

Vova argues the case for plugin developers, saying the clutter created by admin notices is a symptom of the real problem: an outdated WordPress admin notices mechanism. He adds that while many have advocated for change, "Somehow, it was never important enough to get prioritized and added to core."

Meanwhile, an interesting stat in the article: after reviewing 10,000 random sites in the Freemius ecosystem, Vova found the average number of active plugins on a site in 2020 is 15.94, compared to 18.3 in 2017.

Interestingly, Luke Cavanagh, a WooCommerce Specialist at Liquid Web, comments: "WooCommerce stores end up with 60-80 active plugins by the nature of payment gateways and additional features in plugins."

All in One SEO Pack security flaw impacts 2 million users

All in One SEO Pack users are urged to update to the latest version after security company Wordfence discovered a vulnerability that could result in "a complete site takeover and other severe consequences," writes TechRadar journalist Anthony Spadafora in This WordPress SEO plugin might leave your website vulnerable to attack.

According to Wordfence Threat Analyst Chloe Chamberland in 2 Million Users Affected by Vulnerability in All in One SEO Pack, the "flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel's β€˜all posts' page."

A patch for the "medium severity security issue" was released on 15 July, five days after the vulnerability was discovered.

Awesome Motive, the company behind WP Beginner and OptinMonster, acquired the popular SEO plugin in February.
yellow 2@2x

In other news...

  • – WordPress 5.5 Beta 3 is now available for testing. WordPress 5.5 is slated for release on 11 August.
  • – Gutenberg 8.6 is out. What's new in Gutenberg (July 22)? The development team has been focusing on getting the plugin ready for merging with WordPress 5.5 while continuing to ship various enhancements, including local UI and performance improvements and bug fixes.
  • – Zero BS CRM Rebrands and Relaunches as Jetpack CRM, reports Justin Tadlock for WP Tavern. Mike Stott, co-creator of Zero BS CRM, announced the "seemingly inevitable rebranding" of the original plugin on Monday. Automattic, which owns the Jetpack plugin, acquired Zero BS CRM almost a year ago. While Jetpack CRM carries the "Jetpack" name, it's still a standalone project and has a dedicated website.
  • – WP Tavern's Sarah Gooding reports WordPress 5.5 will be dropping Hulu oEmbed support after Hulu silently disabled its oEmbed API. Gutenberg Times owner Birgit Pauli-Haack confirmed with Hulu in a tweet that it had disabled its API. Hulu hasn't revealed why it made the change.
  • – Kinsta has released its findings into the 11 Fastest WordPress Themes in 2020 (Based on Thorough Testing). Hello Elementor tops the list, followed by Neve by ThemeIsle, Astra, and GeneratePress, with OceanWP rounding out the top five.
orange 2@2x

Not subscribed? Join the most conversational weekly email
in the WordPress community!