WordPress news recap for November 2018

Adding the final touches to WordPress 5.0

Like WordPress, but there’s more news about it than you can take in? That’s what this monthly post is for! I’m going to distill the news for the month into a short(ish) post so that you can keep up to date with less effort! Sound good? Let’s get into November 2018…

WordPress news highlights from November 2018 include:

  • The whirlwind of last-minute updates for WordPress 5.0
  • Core developers are not happy.
  • New options for creating Gutenblocks.
  • Security updates – plugins that you need to update.
  • Remember Expression Engine?

Let’s get into it.

WordPress + Gutenberg

A whirlwind of last-minute updates for WordPress 5.0

The progress and amount of work done last month was amazing. There were so many releases and so many news items about how close we were to WordPress 5.0. Most of the work at the start of the month concerned the new Block Editor (aka Gutenberg), improving formatting, and fixing up some bugs with meta boxes.

By the middle of the month we were on to other matters. A new way to edit the permalink was added to the editor sidebar; text and code editor blocks became full-width; and image handling was improved. All were very worthy improvements, but there was a growing voice of disquiet.

If you’ve followed WordPress development for any time, you’ll know that this WordPress release was like no other. It was a massive change, possibly the most massive change since WordPress began. Many people didn’t want the editor to change at all, and even among those that like it, there are a significant number of people who thought that the release needed to be delayed.

With all of this in mind, I had Matt Mullenweg (co-founder of WordPress) on the WP Builds WordPress podcast. I asked him why he thought Gutenberg was needed, and more importantly, why now? His answers were interesting, but would not have satisfied all WordPress users.

Many people started to use Gutenberg before the release of 5.0 and concluded that not only was it not ready for people with accessibility needs, but that it was not ready, period. They claimed that it made no sense to include the editor yet, as it would break familiar workflows and possibly even entire websites.

The push back appeared to have worked to some extent. The release date of 19th November was moved until the 27th November, which allowed for some additional testing, but as that deadline approached, even that looked like an impossible deadline to meet due to the nature of the outstanding issues.

[ Editor’s note: At the time of writing, WordPress 5.0 had not yet shipped, but at the time of publishing, WordPress 5.0 was installed on well over 3+ million websites. ]

If you’re worried about Gutenberg, you now have an assurance that the Classic Editor will be officially supported until the end of 2021. That date is not set in stone, and might be extended if the need arises.

Related: Our top takeaways from WordCamp US 2018

WordPress plugins and themes

Get your eCommerce to ‘flow’

A notable new eCommerce plugin emerged this month: CartFlows lets you add up-sell and down-sell offers to the WooCommerce checkout process. The developers have big plans beyond this initial release. It might be one to watch, especially if you are currently using a marketing SaaS app and would rather use WordPress. You might also find it easier to work with, as it uses your favorite page builder to create templates.

Want to build some Gutenblocks?

In the new world of WordPress, all the things are going to be blocks. But how on earth do you create these blocks? You’re either going to code them yourself, or you’re going to download a plugin to do it. (I wonder which approach will be more popular?)

Last month I mentioned that Advanced Custom Fields had a great implementation. Well, some more options have seen the light of day: Lazy Blocks and Block Lab. They’re both pretty cool, if quite similar. They show us what can be done when developers have the time to develop for Gutenberg.

I would highly recommend that you check them out, because they all feel like something that, once configured, could be used by just about any client.

Get loads of free blocks

Cloud Blocks is a WordPress plugin that serves as a connector to the Gutenberg Cloud project. The idea behind Gutenberg Cloud is to create a single repository of custom blocks that are available in WordPress, Drupal, and anywhere else Gutenberg is used. At present there are only a few blocks available, but they may have what you need.

[ Editor’s note: Also check out Atomic Blocks and Stackable, two other block libraries. ]

Elementor Page Builder introduces ‘Finder’

The popular page builder plugin Elementor came out with a cool new feature last month. It’s called Finder, and it allows you to quickly find editable page elements via keyboard shortcuts. If you have a Mac, then it’s a lot like Spotlight. You press CMD / CTRL + E then start typing in your search. You can also create and edit elements through the same interface. If you’re an Elementor user, it’s well worth a look.

Security

Update WooCommerce

A vulnerability was discovered in a widely-deployed version of WooCommerce. It allows shop managers to delete key WordPress files and promote themselves to the Administrator role. From there, they can do pretty much whatever they want. If you’re running WooCommerce, get yourself updated to the latest version of everything.

WP GDPR

Another privilege escalation vulnerability! This time it’s in the popular WP GDPR plugin. Many WordPress users installed it in hopes of becoming compliant with the new EU laws earlier this year. Little did they know that older versions of the plugin would enable attackers to take control of their site and conduct remote code execution. If you’ve installed this plugin, make sure it’s updated to the latest version.

Cross-site scripting in WordPress AMP

I’m going to let the experts over at Wordfence explain this XSS campaign which is attacking the WordPress AMP plugin.

PHP 5 is at the end of its life

PHP is ending support for all 5.x versions later this year. You really should be on PHP 7.2 for all sorts of reasons, but security and speed in particular come to mind. If you’re not already on PHP 7.x, get in touch with your hosting provider about upgrading your PHP version.

Community

Winner of the Kim Parcell travel scholarship

Nidhi Jain from Rajasthan is the proud winner of the WordPress Foundation’s travel scholarship. Going back to 2015, this scholarship was introduced to cover the cost of travel, tickets and accommodation to a WordPress event. Jain is a major contributor to WordPress and was suitably excited to be heading to WordCamp US!

Remember Expression Engine? Now it’s free!

Some years back there were a few major players in the CMS space: WordPress, Joomla, Drupal, and Expression Engine to name but a few. Expression Engine had a strict licensing fee, and this was perhaps the biggest reason that it never really took off. It is currently used on 0.3% of websites compared to the 32%+ on WordPress. They’ve just decided to go all-in on open source, and I for one wish them every success with their new free version.

Not WordPress at all, but interesting nevertheless

Google Chrome is fighting back on ads

Google is going to use its dominance of the browser market to stamp out “abusive ads”. Starting in Chrome 71, Google will start removing ads that trick users into performing an action that they did not intend because the ad is intentionally confusing. Think of popups that try to look like a system notification, or banners misdirecting users to a fake download button. I have not the faintest idea of how Google intends to police this, but I actually like the sound of it — if they can pull it off without inconveniencing the majority of us.

Until next month…