This week in WordPress

Full Site Editing in WordPress 5.8 is a ‘go'

Let's dive in with the decision we've all been waiting for this week: Full Site Editing Is Partly a ‘Go' for WordPress 5.8 is Justin Tadlock's headline at WordPress Tavern. 'Partly' because it won't include the Global Styles interface and Site Editor (managing all templates), which will ship in a later version of WordPress.

A small working group, including WordPress co-founder Matt Mullenweg, Gutenberg Project Lead Matías Ventura, and WordPress Executive Director Josepha Haden Chomphosy among others, met for a 90-minute demo after Gutenberg 10.4 dropped on April 14.

Josepha notes "It was evident in the demo how powerful Full Site Editing can be" and while there's plenty to iterate upon and refine, "from a high level perspective all participants felt this was a ‘go' for WP5.8."

A video of the demo and the full transcript of the meeting have been published on the Make WordPress Core blog, with many in the community taking the time to watch the recording.

"Really worth watching the video to see full site editing in action too," tweets Human Made CEO Tom Willmot. "I'm watching and I forget that @photomatt, @JosephaHaden & @matias_ventura can't hear me when I'm talking to them.... haha," adds Chris Lema, VP of Product at Liquid Web.

Meanwhile, ex-WordPress VIPer Simon Dickson shares "Can't help noticing that 5 of the 6 people making the go/no-go decision on (phase one) integration of Full Site Editing into WordPress 5.8 were employees of Automattic."

In other FSE news, Anne McCarthy, the program manager for the Full Site Editing (FSE) outreach experiment, has put out a fifth call for testing as part of the program. The latest round asks volunteers to provide feedback on the Query block, which Justin says is "arguably one of the most crucial pieces of the FSE-puzzle."

But back to Gutenberg 10.4. It features block widgets in the Customizer, list view design updates, a more descriptive publishing UI, the ability to prevent theme defaults within the Site Editor, rich text placeholder enhancements, improvements to the Navigation Block, and Editor and frontend parity refinements.

Wix CEO pens open letter to Matt Mullenweg

The Wix vs WordPress spat continued this week with Wix CEO Avishai Abrahami hitting back in an open letter to Matt Mullenweg.

There's a lot to unpack. Search Engine Journal's Roger Montti offers his analysis in Wix and WordPress Tensions Rise with plenty more views (and retorts) in the full thread on Twitter ("Came here for all the triggered WordPress fan responses. Was not disappointed," tweets design, development and support agency ZigPress.).

Did Matt fall into a carefully planned trap? Probably, according to industry analyst and strategist Robert Jacobi in Wix vs. WordPress, The Final Word. He says Wix's plan was likely six months in the making. "This whole marketing strategy isn't ad hoc," he points out.

Ultimately, it seems the negative campaign against WordPress has likely achieved what Wix's marketing team was aiming for: to get people talking about Wix as an alternative to WordPress. All but confirming it, WP Engine Senior Product Marketing Manager Hashim Warren tweets: "Wix is enjoying a 30% bump in search interest in the last 7 days."

Security vulnerability broker triples payouts for WordPress exploits

Zerodium, one of the most well-known security vulnerability brokers, is tripling its payouts for remote code execution exploits on default WordPress installations, reports Sarah Gooding at WordPress Tavern. Payouts are typically $100K but have been temporarily increased to $300K.

"When a nation state really wants to hack someone's blog," tweets computer security professional Dodge This Security, or as Bloom Cyber Defense's Daniel Bloom cynically puts it, "'One of our customers has been asking for an exploit that can do immeasurable damage to the Wordpress ecosystem... we'll pay ya extra for it!' - Zerodium, making the grey zone darker since 2015!"

Vulnerabilities found in 15+ Elementor add-on plugins

While we're on the topic of security, it seems Elementor just can't catch a break. According to Wordfence Threat Analyst Ram Gall in Recent Patches Rock the Elementor Ecosystem, over the past few weeks the security company has disclosed vulnerabilities in more than 15 of the most popular addon plugins for Elementor. The plugins are collectively installed on over 3.5 million sites.

The news comes after Wordfence disclosed a set of stored cross-site scripting vulnerabilities in the main Elementor plugin in February.

Elementor users are being urged to update any affected plugins immediately. But as Roger Montti at Search Engine Journal points out in Vulnerabilities in 17+ Elementor Add-on Plugins for WordPress, "Many of the contacted plugin publishers updated their plugins but not all of them responded, including premium plugins."

And more security news

WordPress 5.7.1 is now available. This security and maintenance release includes 26 bug fixes as well as two security fixes.

Sucuri Security Analyst Ben Martin is warning that WordPress Continues to Fall Victim to Carding Attacks as WooCommerce increases in popularity.

Wordfence is urging WP Page Builder users to update to the latest version after its Threat Intelligence team recently disclosed several vulnerabilities in the page building plugin. The plugin is installed on over 10,000 sites.

iThemes has published part two of its WordPress Vulnerability Report for April 2021.

Lastly, web host Pagely has launched Malwatch, a new malware scanning system as part of its PressARMOR™ security framework. CEO Joshua Strebel says it’s built upon the Yara library, which is the same technology used by XProtect that comes included with macOS.

Expand 2021

Most web designers and developers agree time is precious and seek ways to expand the hours they have free on any given day. It's why GoDaddy Pro created the free Expand conference.

Expand 2021 virtually brings together the WD&D community to share their knowledge, make connections and find new ways to succeed in their endeavors. Speakers include freelancers, consultants and agencies who will offer their advice on topics like building websites and managing clients.

Event Thumbnail_Expand 2021 with graphic

They'll cover timely, relevant issues like ecommerce, securing clients' websites, and generating new leads. The content is appropriate for anyone in the industry, from those just getting started to established professionals. You'll walk away with valuable insights and new connections that will help you thrive. RSVP for free.

For more, check out GoDaddy Pro Will Kick off 2-Day Expand Event on April 27 at WPTavern.

In other WordPress news...

Multidots CEO and co-founder Anil Gupta walks Post Status' Brian Krogsgard through his plugin MultiCollab in the latest episode of Post Status Draft. The Google Docs-style editorial commenting tool for WordPress is ahead of its time — collaboration is listed as phase 3 on the Gutenberg roadmap.
GoDaddy Pro is proud to announce Expand 2021, a virtual event bringing together the WD&D community to share their knowledge, make connections and find new success. Speakers include freelancers, consultants and agencies weighing in on topics like building websites and managing clients. RSVP for free. Sponsored link
ICYMI: WordCamp Europe 2021 will be taking place online from June 7-10, reports Sarah Gooding at WordPress Tavern. Speaker applications are now open and first-time speakers are encouraged to apply. Organizers have posted a list of example topics for inspiration, including advanced development, frameworks, security, storytelling, website performance optimization, and more.

Not subscribed? Join the most conversational weekly email
in the WordPress community!

SUBSCRIBE →

SHARE THIS ISSUE IN A TWEET →

Unsubscribe | Manage subscription

A weekly newsletter for the WordPress community by Words by Birds.
A big thank you to the friendly folks at Kinsta, our awesome web hosting sponsor.