logo-01b@2x
Issue #36
grey 2
MailPoet logo
yellow 1@2x
orange 2@2x

This week in WordPress

WordCamp US 2020 canceled

"It is with heavy hearts that we have made the decision to cancel this year's WordCamp US event. Huge gratitude to all who have been part of the planning. Your efforts inspire us," tweets the WordCamp US account, linking to WCUS 2020: An Update.

As WP Tavern's Sarah Gooding reports in WordCamp US 2020 Canceled Due to Pandemic Stress and Online Event Fatigue, the conference was originally scheduled for 27-29 October. In April, organizers transitioned to planning a virtual event, but the tenuous situation with the pandemic, online event fatigue for attendees, organizers, and volunteers, and the desire for WordCamp experiences to be traditional WordCamp experiences, the decision was made to cancel WordCamp US 2020 altogether.
As WP Engine senior software engineer and WordCamp US organizing team member Chris Wiegman tells Torque editor Emily Schiola in WordCamp US 2020 Cancelled, "As the camp wasn't until October we didn't want to be in a position where we were just another camp, especially as WCUS is supposed to be the flagship."
giphy-1
WordPress co-founder Matt Mullenweg's annual State of the Word address β€” a key feature of WordCamp US events β€” is still expected to go ahead, but in a different format. "For the State of the Word I don't have a plan yet, I think there's less value to us watching the same thing at the same time if we can't hang out afterward, but it still would be fun to celebrate the great progress we've been making with some sort of video. Stay tuned November-ish," Matt tells WP Tavern.

"Please give a πŸ‘ to #WCUS volunteers who donated a TON of time already. Many have day jobs, families quanritineed w/ them, etc. I know it's easy to be sad about not seeing people. But appreciate and show thanks in place of recongization that usually is shared after the event," tweets freelance developer and WordCamp US organizer David Bisset.

Similarly, Valet CEO and co-founder Kimberley Lipari tweets, "It was heartbreaking to make the call. I'm so full of gratitude for having the opportunity to work with such a phenomenal group of #WCUS organizers. Whatever is next is going to be great with you all at the helm! I look forward to your contributions in this new virtual world πŸ’–"

In other WordCamp-related news, Sarah also reports WordPress to Stick with Online-Only Meetups and WordCamps for Remainder of 2020. The WordPress Community Team has updated its guidelines for WordCamps to be online-only events for the remainder of 2020. The remaining six WordCamps scheduled for 2020 are already planned to be virtual, but the guidelines also include local meetups.

WordPress 5.5 release candidate out as full release inches closer

The WordPress 5.5 Release Candidate is now available for testing as we edge closer to the full release on 11 August. If you're not up to date with what's coming, WP Beginner has you covered with What's Coming in WordPress 5.5 (Features and Screenshots).

For theme authors, WP Tavern has the headline: Upcoming in WordPress 5.5: Features and Changes Theme Authors Should Know About.

Meanwhile, "πŸ’₯ The WordPress 5.5 Technical Field Guide is available! If you are a WordPress developer, if you maintain a WP website, a plugin or a theme, please have a look! πŸ“šβœ¨πŸ€“ Final release expected to August 11, 2020 🧑#WordPress #WP55 #Devinette" tweets WHODUNIT CTO and WordPress Core Team rep Jb Audras.

WpDiscuz critical flaw leaves 70,000+ users vulnerable to remote code executions

WpDiscuz's 70,000+ users are being urged to update to the latest version after a critical vulnerability was discovered last month that allows attackers to remotely execute code on the servers of affected websites.

In Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin, Wordfence threat analyst Chloe Chamberland explains that in a recent version of the comments plugin, developers introduced an option for users to add image attachments in their comments. However, the implementation of the feature lacked security protections, creating a critical flaw that allowed attackers to upload arbitrary files, including PHP files.

Wordfence reported the vulnerability to wpDiscuz's developers on 19 June and a patch was released with version 7.0.5 on 23 July, after a failed attempt to fix the issue in 7.0.4, reports Bleeping Computer journalist Sergiu Gatlan in Critical Wordpress plugin bug lets hackers take over hosting account.

Wordfence will be running a proof of concept demo of the WpDiscuz vulnerability and the ease of exploitation during its Wordfence Office Hours on Tuesday, 4 August 4.

Elegant Themes launches Divi Marketplace

Elegant Themes has launched a marketplace for its popular Divi page builder. In Introducing The Divi Marketplace, CEO and founder Nick Roach says the new marketplace is a repository for third-party Divi modules, child themes, and layouts. Divi developers and designers can upload their creations and make them available to the Divi community for purchase or for free. "Think of it like the WordPress repository or the iPhone App Store, except just for Divi," writes Nick.

"I'm honored to have my products on here, and can't wait to see how this will continue to help the Divi community and ecosystem thrive!!" comments Divi Life owner Tim Strifler, while Marshall from Divi Extended says, "Congratulations on the launch of the marketplace. We are mesmerized by the way your code review team works. It did not just help us get our plugins ready for the marketplace but also improve code quality."

Unsplash image licensing dramas continue

Last week we shared the news that Unsplash had launched an official plugin for WordPress, along with concerns that folks have about image licensing. This week, there's more: Unsplash Responds to Image Licensing Concerns, Clarifies Reasons for Hotlinking and Tracking, reports Sarah Gooding for WP Tavern.
source
Sarah dives deep into the issues that have surfaced around Unsplash's terms and image licensing in her excellent article. She covers why Unsplash abandoned Creative Commons Zero (CC0) licensing, how the image site has moved to clarify why its new plugin hotlinks images to the Unsplash CDN, and explores whether Unsplash has actually violated the WordPress.org plugin repository's guidelines.

Richard Best from WP and Legal Stuff unpacks the legalese around the issue in Comments against Unsplash WordPress plugin are a bit …, writing: "What we have here is a useful plugin for the WordPress community developed by Unsplash at its own expense. Sure, there may be a commercial rationale for it (just as there is for the likes of Jetpack and for free versions of plugins on the repository for which paid/pro versions are available elsewhere), but so what? There is no violation of the GPL here and no violation of the Detailed Plugin Guidelines. In my respectful view, in these circumstances, Unsplash should be thanked, not criticised on the tenuous basis that its own image licence is not the same as a licence written for software under which WordPress is licensed."

Regardless of what you think about the issue, we'll give Jonathan Wold, WordPress evangelist and community lead for WooCommerce at Automattic, the last word: "Content aside (which is both interesting and relevant), I just wanted to point out that I really appreciate the approach and quality of journalism here on WPTavern – this story is a great example. I finished the piece and felt informed. Keep up the great work."
yellow 2@2x

In other news...

orange 2@2x

Not subscribed? Join the most conversational weekly email
in the WordPress community!