|
|
|
|
|
|
|
|
This week in WordPress
|
|
PHP hacked, new security measures announced
|
PHP maintainers continue to investigate how a hacker (or hackers) managed to compromise the official PHP Git repository and plant a backdoor in the codebase.
|
According to the official PHP Twitter account: "❗A pair of malicious commits were made in the PHP source code repository over the weekend. These commits were immediately noticed and reverted, and never reached end users. Because we're still investigating the root cause, we are putting releases on hold for at least two weeks."
|
Sucuri threat researcher Antony Garand has published a brief rundown on the PHP repository exploit, while Wordfence threat analyst Chloe Chamberland explores the hack in more detail in PHP Compromised: What WordPress Users Need to Know. "While the commits were fairly simple, they could have resulted in an enormous amount of damage had they been released in a production version of PHP, considering PHP powers around 80% of websites using server-side programming," Chloe writes.
|
|
|
|
|
Facebook for WordPress plugin hacked too
|
As Wordfence tweeted on March 26, "Moments ago, our Threat Intelligence team published details about 2 vulnerabilities discovered in Facebook for WordPress, a plugin installed on over 500K sites. These are considered high & critical severity flaws that could lead to site takeover."
|
Threat analyst Chloe Chamberland says Wordfence initially disclosed a vulnerability to Facebook on December 22, later reaching out again on January 27 to disclose a second flaw that was introduced in the rebranding of the plugin.
|
|
Chloe says the first flaw made it possible for malicious users to achieve remote code execution and the second vulnerability enabled attackers to inject malicious JavaScript into the plugin's settings.
|
|
|
|
|
Pre-planning begins for WordPress 5.8
|
Yoast-sponsored WordPress Core Team rep Francesca Marano has kicked off pre-planning for WordPress 5.8, which she anticipates will be released on July 20.
|
The focus of this version will be Full Site Editing (FSE), which Francesca says, "… makes this release particularly complex to handle. It's a new, exciting change, and it needs the appropriate time to marinate in Core for contributors with enough time to work on it."
|
|
Only experienced contributors will lead the release, with mentorship put on hold. The Core team will determine this month whether it's feasible for an FSE MVP to be merged into core. From May 25, there'll be a two-week "feature freeze" during which contributors will focus on the thousands of defect tickets in Trac.
|
|
|
First look at designs for Block Pattern Directory
|
|
|
|
Automattic interface designer Shaun Andrews has shared a first look at designs for the new WordPress Patterns Directory. Like the plugins and themes directories, Shaun says the new directory will be a publicly viewable site that lists user-submitted patterns for anyone to copy and use.
|
|
|
|
|
|
|
WordCamp Europe announced for 7-10 June
|
With a short announcement on its blog, the WordCamp Europe organizing team confirmed this week that WCEU Online will take place on 7-10 June. The announcement only offers brief details ("Yet another year where we cannot travel to a new European host city, but that doesn't mean we can't have a WordCamp Europe.") and calls for registration, speakers and sponsors.
|
"I'll walk to #WCEU. On the stairs at home 😉" tweets Marcel Bootsman, Kinsta's Dutch Market Marketing Manager.
|
|
|
|
|
|
Expand 2021
|
|
|
|
Most web designers and developers agree time is precious and seek ways to expand the hours they have free on any given day. It's why GoDaddy Pro created the free Expand conference.
|
|
Expand 2021 virtually brings together the WD&D community to share their knowledge, make connections and find new ways to succeed in their endeavors. Speakers include freelancers, consultants and agencies who will offer their advice on topics like building websites and managing clients.
|
|
|
|
They'll cover timely, relevant issues like ecommerce, securing clients' websites, and generating new leads. The content is appropriate for anyone in the industry, from those just getting started to established professionals. You'll walk away with valuable insights and new connections that will help you thrive. RSVP for free.
|
|
|
|
|
|
|
In other WordPress news...
|
|
- Flying under the radar, WPMU DEV has published its 2021 roadmap and in typical fashion, it's ambitious. It includes major updates to all of the company's flagship products, including The Hub, Hosting, Smush, Hummingbird and Defender. CEO James Farmer promises members "If we don't have a vastly expanded set of tools that will allow you to create, develop and manage your own WP SaaS business by the end of the year, I'll eat my hat."
- Enterprise agency 10up has officially launched Convert to Blocks, a plugin for transforming classic posts into blocks. As Lead Web Engineer Darshan Sawarkekar explains, "The plugin works upon activation, with no configuration needed and does nothing until an editor needs to update or edit an existing piece of content." WPTavern's Justin Tadlock says for many users looking for a way to convert their classic content, the plugin "is the ideal solution."
- What will WordPress and the ecosystem around it look like in 10 years? Convesio's Lawrence Ladomery speaks to industry analyst and strategist Robert Jacobi ("WordPress will be radically different in 10 years… WordPress will morph into a more invisible type of software."), HeroPress Chief Instigator and Expansion Lead Cate DeRosia ("…if WordPress still exists, it will be because it continued to move in the headless direction, making it easier to couple its best functionality with other powerhouses on the web."), and forgemedia co-founder Brian Jackson ("We hopefully won't need many of the current plugins or themes we're using right now. I'd love to see a more streamlined and straightforward approach to starting a WordPress site.").
- GoDaddy Pro is proud to announce Expand 2021, a virtual event bringing together the WD&D community to share their knowledge, make connections and find new success. Speakers include freelancers, consultants and agencies weighing in on topics like building websites and managing clients. RSVP for free. Sponsored link
- Automattic Developer Relations Wrangler Anne McCarthy has announced the fourth round of testing for the FSE Outreach program, reports WPTavern's Justin Tadlock. This latest phase calls for users to build a restaurant-themed header using the Gutenberg plugin's site editor. Testing is open to anyone and participants should leave feedback by April 8.
- Throughout March, WP Engine celebrated International Women's Day and Women's History Month with a series of events and creative projects, including an employee-led panel focused on women in tech, workshops designed to help employees self advocate in the workplace, Instagram stories highlighting women from across the company discussing what it means to be a woman in tech and their advice for young female colleagues, and publications Torque, Layout and Velocratize featured female leaders across the WordPress community.
|
|
|
|
|
|
|
Not subscribed? Join the most conversational weekly email
in the WordPress community!
|
|
|
|
|
|
|
|
|
|
|
