logo-01b@2x copy
Issue #104
grey
A hand holding a paint brush painting orange lines down a wall and onto a laptop next to the words 'Streamline your website development' and Elementor's logo.
yellow-dot
MailPoet - Zeplin 2019-10-25 17-00-44

This week in WordPress

Gravatar leak exposes 114 million scraped emails

Was Gravatar hacked? Depends who you ask.

This week, Have I Been Pwned notified users of a large-scale leak involving 114 million Gravatar emails that were scraped in October 2020. On Twitter, the data breach monitoring service linked to Bleeping Computer's article from the time about security researcher Carlo Di Dato's technique for scraping large volumes of data from the global avatar service, which enabled this week's scraping event.

Gravatar says it was not hacked and sought to "clear up the misinformation" in a brief series of tweets. The Automattic-owned company also updated its data privacy page to explain why the incident was a misuse of its service, not a hack.

Roger Montii has more at Search Engine Journal: Gravatar "Breach" Exposes Data of 100+ Million Users.

Jeff Chandler at WP Mainline notes that security concerns involving Gravatar and how it works have been written about and documented since 2009. But while the data leak isn't new, it's the first time Gravatar has publicly addressed security issues related to its service.

As Sarah Gooding at WPTavern puts it in Gravatar Says It Was Not Hacked, "After years of researchers demonstrating that this was possible, is scraping Gravatar an unethical data acquisition because the scraper is abusing the service's architecture? Or is it unethical that Gravatar made it possible to harvest profile data en masse for years?"

Automattic acquired Gravatar in 2007 from creator Tom Preston-Werner. At Patchstack, security advocate Robert Rowley explains how Gravatar's security works and says its core design is "from a different time, we're talking MySpace and Digg."

Did the so-called breach cause people to close their Gravatar accounts? Twitter says "yes." But as Have I Been Pwned creator Troy Hunt tweets: "... personally, this won't stop me using Gravatar. I'm sympathetic to tech platforms providing services that by design, make data public and easily accessible but then need to defend against scraping. It's a hard problem."

Bob Dunn traveling by train to State of the Word

While most folks will be watching the State of the Word livestream on December 14, Doo the Woo's Bob Dunn was lucky enough to receive an invite – and is traveling 6,500 miles by train over eight days to attend the three-hour event in person.

Dunn is currently making his way from Seattle, Washington, to New York City as part of a sponsored podcasting adventure. He shares his plans in Do the Woo is Heading to the WordPress State of the Word 2021.

WordPress co-founder Matt Mullenweg's annual address will be live-streamed from 5-7pm (ET) and he's expected to talk about a range of topics, including WordPress 5.9, Openverse, Web3, and non-fungible tokens (NFTs).

Web3 WP co-founder Aaron Edwards tweets, "With the WordPress #StateOfTheWord coming up where we're all anxiously waiting to hear what @photomatt has to say about Web3, here are my more neatly compiled thoughts on how #Web3 will be the 🚀 fuel for Open Source innovation." He links to Why Web3 is a (R)evolution of Open Source.

Meanwhile, Jason Tucker, Steve Zehngut, Sé Reed, and Jason Cosper will be recording a special broadcast of the WPwatercooler podcast during the State of the Word with their real-time commentary.

Efficiently deliver results for clients.

Sponsor
GoDaddy Pro logo
GoDaddy Pro
Manage all your projects with the Hub — free.
The Hub by GoDaddy Pro is an all-in-one site, client and project management solution tailored to the needs of web designers and developers. No matter what stage your business is at, the Hub's integrated tools help you save time, boost collaboration, and expand your day. Learn more.

Justin Ferriman: "...it is incredibly stupid to not have a Black Friday sale"

Ellipsis Managing Director Alex Denning analyzed sales from 300 WordPress businesses for his write-up Black Friday in WordPress is unstoppable, and this is what we learned in 2021. He found the mean discount for business this year was 43% and the most common was 30%.

And if you think there were more sales this year than ever before, you're not wrong: "What is clear is the market for WordPress and WooCommerce products is continuing to grow at a rapid pace, and with that the sale period each year will become a bigger and bigger deal. It was easy to get a list of 300 businesses running a sale this year; in 2019 getting a list of 150 was hard," Denning writes.

Meanwhile, LearnDash founder Justin Ferriman concludes, "There is no gray area: it is incredibly stupid to not have a Black Friday sale," in 🤬 Bleeping Black Friday. Reinforcing Ferriman's point, podcaster Joe Casabona shares How I Ended Up Having My Best Black Friday Sale Ever on his How I Built It podcast.

But not all businesses cashed in his year. Weglot has raised €35,000 for Médecins Sans Frontières, Fondation de France, and several other charities after committing to donate 50% of its Black Friday and Cyber Monday sales to charities. The translation company started the initiative last year to support those doing it tough during the pandemic.

WordPress 5.9 Beta 2 out now

WordPress 5.9 Beta 2 is now available and fixes 24 bugs. The official WordPress 5.9 release remains on track to ship on January 25.

Gutenberg 12.1 is also now available and includes a fix for the block appender layout shift, new global styles features, and improved templates list view, reports Justin Tadlock at WPTavern. Theme authors also have a new flag for enabling all appearance-related tools. Or as David Bisset at Post Status tweets, "New version of #Gutenberg has a return of the template list view, global style panel improvements, navigation block stuff, misc UX improvements, and a new #WordPress car smell."

Birgit Pauli-Haack shares more on the latest developments in Gutenberg in All Things Block Themes -Weekend Edition 195.

WordPress growth slowing as Shopify gains ground

WordPress remains the dominant content management system with 43% market share but its growth is slowing and Shopify is gaining ground, according to Yoast founder and Chief Product Officer Joost de Valk's latest CMS market share analysis.

de Valk's sixth biannual analysis shows that in the past six months WordPress has increased its market share by 1.5%. Shopify, which overtook Joomla to become the second most popular CMS in 2020, now has 4.3% market share, up 1% over the past 12 months.

Joomla lost 0.3% market share in the past six months and is now at 1.8%, dropping from the third most popular CMS to fifth. Wix is growing fast, adding 0.3% market share in just six months, overtaking Squarespace in the rankings again to take the third spot.

de Valk's forecasts that in December 2022, WordPress will grow to 47.4% market share, Shopify's share will be 5.4% and Wix will grow to 2.3%.

"… the three commercial SaaS providers, Shopify, Wix and Squarespace, are all growing and seem to be picking up pace. As those companies get more and more access to cash, as they're generating more and more revenue, it's going to be very interesting to see what that means," de Valk writes.

#WPCommunityFeels: Cate DeRosia

Photo of Cate DeRosia
This week, what's inspiring Cate DeRosia, Managing Lead for The HeroPress Network and Marketing Lead at Big Orange Heart.
A podcast worth listening to: You Can Sit With Us by the wives/partners of The Try Guys. It's a great real life look at what it's like to be a creator's partner, and a lot of what I've dealt with as a wife.

A concept worth understanding: I've learned to treat life like a scientific experiment. If you don't like the outcome of an action, evaluate what you can change and move forward. Don't punish yourself for trying.

A Twitter account worth following: Taylor Poindexter - @engineering_bae. She's friendly, intelligent, personable, and shares some excellent whisky knowledge.

An article worth reading: Vertical Heterophoria: The ADHD Related Eye Condition You've Never Heard Of by Rene Brooks has been huge in our family. It prompted Soph and I to get tested, and we're happy to discuss the different reasons why we both wear glasses now.

A habit worth forming: Evaluate life regularly. All aspects. Don't like something? Doesn't fit you anymore? Let it go and try something new. Still no self-punishment.

WordPress Trends to Watch in 2022

brought-to-you-by-godaddypro
WordPress-trends-to-watch-in-2022-visual
What does the future of WordPress look like? What features are you hoping to see in the near future? What do we expect to see on the roadmap beyond full site editing?

Long gone are the days of WordPress solely as a blogging platform. Today WordPress powers approximately 43% of all websites. As 2022 approaches, some key trends will continue to change the WordPress space and impact related areas like theme development and eCommerce.

Joining our paneling discussion are: Paul Lacey, Ronald Gijsel, Cami MacNamara, and Anne McCarthy. We'll share ideas about emerging trends and what we expect to see beyond WordPress 5.9 such as:
  • Full Site Editing
  • Block Themes
  • Where Gutenberg goes from here
  • Performance improvements and more
RSVP now to attend or catch the replay of our December 13 GoDaddy Pro Meetup at 6pm GMT/ 1pm ET.

Read more: WordPress Trends to Watch in 2022.
MailPoet-Zeplin-2019-10-25-16-52-56.png

In other WordPress news...

  • The first-ever WordCamp Taiwan will kick off on December 11. The two-day online event will feature one session track and one workshop track, and a hallway track on Gather Town, a virtual networking tool. Local Meetups are organizing regional watch parties in Kaohsiung City, Hsinchu, Taipei, Taoyuan, and Taichung. At Post Status, David Bisset talks to organizers Eric Chuang 莊桓亦 and Hend Chen 陳瀚宇 about creating a "hybrid" WordCamp in the hope having English sessions will bring more talent and influence to Taiwan's WordPress community.
  • "Personal news for real this time: I've wrapped up my long, long tenure at @10up and am taking a little break before I head into something new in the new year," tweets WordPress lead developer Helen Hou-Sandí, who has finished up as Director of Open Source Initiatives at the web agency after 10 years. Hou-Sandí shares more in It's so hard to say goodbye to yesterday… and says the opportunity to work on the White House website for the Biden-Harris Administration was a career highlight. She says she'll be joining a new team in the New Year as an engineering manager. "Wow, had no idea my RT is how you ended up at 10up 😂 Congrats on all your successes and best of luck on the next chapter in your career Helen!" tweets WebDevStudios CEO Brad Williams.
  • Wordfence is reporting that an active attack is underway targeting four different plugins – Kiwi Social Share, ​​WordPress Automatic, Pinterest Automatic, and PublishPress Capabilities – and several Epsilon Framework themes across over 1.6 million sites and originating from over 16,000 different IP addresses. Threat Analyst Chloe Chamberland says the security company has blocked over 13.7 million attacks since December 9.
  • The Hub by GoDaddy Pro was created to streamline your workflow and save time on tasks that typically eat up a workday. But we aren't done yet. See the latest Hub updates and changelog here, and then explore the Hub by GoDaddy Pro – it's free! Sponsored link
  • After teasing its followers for several days, Freemius has launched Meet the Gamechangers, a new series of interviews with the "big players" behind some of the WordPress mergers and acquisitions in recent years. The first interview features Awesome Motive founder Syed Balkhi, who talks about the process behind his company's acquisitions and shares tips for making an exit. Freemius's launch didn't go as smoothly as planned, with Kimberley Coleman, co-founder of WP Strangers and Paid Memberships Pro, pointing out the obvious lack of women in the interview lineup. Lisa Sabin-Wilson, CCO of WebDevStudios, tweeted a scathing rebuke: "2021 and we're still doing this, every time and at every turn and its always the same answer.. ‘this is definitely our bad & we apologize for the oversight..do you have recommendations..? 'How about .... they are right in front of your face, stop being lazy about it."
  • "Introducing the #WordPress Plugin Acquisition plugin! Just connect your financial accounts, pick the plugins you want to own and...boom! They're all yours," tweets writer Eric Karkovack, linking to his (satirical) piece The Grumpy Designer's 2022 Preview at speckboy. Karkovack predicts there'll be a continued gentrification of WordPress, with Competitor Site Editing (CSE) expected to land in 2022.
MailPoet - Zeplin 2019-10-25 17-00-44

Not subscribed? Join the most conversational weekly email
in the WordPress community!