Helen Hou-Sandí Previews WordPress 4.0 at NYC Meetup

wpnyc

WordPress 4.0 release lead Helen Hou-Sandí recently gave an in-depth preview of the upcoming release at the WordPress NYC Meetup. Her presentation gives a complete overview of the new features that you will see in the official release next week.

Part of Hou-Sandí’s responsibility as the release lead is to help shape the scope, goals and features merged into WordPress. Her presentation includes context for each feature landing in 4.0. She covers how WordPress worked before the new features were added and explains the reasons behind each addition.

She also gives the audience an overview of what it’s like to lead a release and offers insight on managing a large group of volunteers on an open source project. At the end of the presentation she answers more specific questions from meetup attendees.

If you’ve been out of the loop and you want to quickly catch up on what’s coming in WordPress 4.0, check out the recording of the presentation:

The demise of Video SEO

Recently, Google removed, without any warning, the video snippets in the search results for a large group of sites. This followed pretty quickly on Google’s removal of author highlight pictures from the search results. First discussed by Seer on July 16th and slowly becoming more and more visible, we’ve been testing and trying to figure out what worked and what didn’t. Of course this heavily impacts the benefits of our Video SEO plugin so we wanted to make sure we knew what was happening before making any rash decisions.

It’s now pretty clear what Google has done. For those interested in the deeper workings, AJ Kohn’s post on rich snippets explains it better than I could. The gist of it is simple: video snippets now only show for sites purely dedicated to video or very large sites with clear sections dedicated to video. Which, incidentally, is why some of our clients still have them.

A clear example of the new landscape is this query: [iphone 5 review video], which has 3 videos from YouTube at the top and a video snippet for the Guardian below. As Danny Goodwin shows in his post on SearchEngineWatch, it used to be rather different.

What does this mean for the Video SEO plugin?

This doesn’t mean our Video SEO plugin becomes entirely useless, luckily. It still allows sites to:

  • show up in the video search results;
  • heavily enhances the experience of sharing posts with video in them on social networks like Facebook, Twitter and Pinterest;
  • allows you to make videos responsive through enabling fitvids.js.

It does, however, mean that the direct traffic impact from Google will be less for our users and that we should focus more on the social sharing aspect.

We’re very close to releasing a major update of Video SEO that we’d been working on for months, actually from before we saw this happen, but it actually lies a better foundation for all the social stuff. We’ll probably end up renaming the plugin to “Video SEO & Social Sharing”, but that shouldn’t affect anyone.

If you bought the plugin in between June 16th (a month before it happened) and now, and no longer want to use the plugin, we’ll give you a full refund. Just let us know through our plugin support and we’ll take care of it.

Feel free to ask your questions in the comments!

This post first appeared on Yoast. Whoopity Doo!

WordPress 4.0 Adds Custom Icons to the Plugin Installer

The WordPress plugin installer page is about to get more colorful. The upcoming 4.0 release completely revamps the plugin search and installation process with plugin cards arranged in a new grid view. Andrew Nacin announced today that plugins will also have their own icons in the installer.

akismet-details

Plugin authors are at liberty to create their own custom 128px square icons, as seen in the Akismet example above. Nacin outlines the specific criteria for custom icons in the announcement:

Plugin icons are 128 pixels square. HiDPI (retina) icons are supported at 256 pixels square. Like banners, these go into your /assets directory and can be either a PNG or JPG. So just create assets/icon-128×128.(png|jpg) and/or assets/icon-256×256.(png|jpg) and you have an icon.

You also have another option: SVG. Vectors are perfect for icons like this, as they can be scaled to any size and the file itself is small. For an SVG file, you simply need an assets/icon.svg file.

If a plugin does not have a custom icon in place, an auto-generated icon will appear in the installer instead. Default icons are created from a color sampling of your plugin banner (done via Tonesque) and generated using the Geo Pattern library. This is all the more reason to add a custom banner to your plugin’s page on WordPress.org.

geo-patterns

Nacin credits Alex Shiels for his work on this beautiful new feature for the plugin installer.

If you are a plugin author and you want to have a custom icon in place when WordPress 4.0 launches, you can add one now. A custom icon will help your plugin stand out among the auto-generated icons. Check out Nacin’s tips on creating a custom icon for more information. WordPress 4.0 will be landing the week of August 25th. While you’re adding your icon, there’s still plenty of time to test your plugin with 4.0 to ensure its compatibility.

Free WordPress Supueruser Training Course from WordPress.com VIP

photo credit: Kris Krug - cc
photo credit: Kris Krugcc

The folks at WordPress.com VIP are continuing to add to Documattic, a repository dedicated to sharing presentations and resources with the WordPress community. While the repository already contains some solid resources for WordPress in enterprise and government, today’s addition may have the widest reach, as it pertains to user education.

The WordPress.com VIP Superuser Training Course is now open source on GitHub for anyone to use. The course was designed to provide editorial and administrative training for administrators of multi-author sites and is used by VIP instructors for WordPress.com’s VIP Training Day events.

Comprised of 300+ slides, the training course is well-organized and comprehensive, covering important topics such as user management, creating posts, managing tags and categories, comment moderation and more. The slides were created with reveal.js, so they can be presented within any browser and easily edited with HTML.

bulk-user-editing

Everything You Need to Guide Users Through the Publishing Process

This course is immensely valuable for any WordPress agency that provides in-person training for clients. It helps new WordPress administrators get up to speed on managing content and even contains exercises for students to practice during the course. To get a full view of the breadth of this course, check out the index of the presentation sections, which includes the corresponding slide numbers.

While the intended purpose of the course is to train WordPress beginners, the WordPress.com VIP team recommends that it be delivered by an instructor. The slides are not meant to stand alone but rather to serve as a tool for teachers to train site administrators, site owners, and editors of large multi-author sites.

You can put videos and tutorials inside the WordPress admin, but nothing replaces a hands-on teaching experience. It is by far the best way to build confidence in new administrators. The WordPress.com VIP Superuser Training Course essentially gives you the material to provide a full day’s worth of WordPress training to your clients.

If you’re in the business of WordPress, then you need to bookmark the Documattic repo, as it houses a wealth of knowledge on marketing the platform and educating users. All of the material is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license and you can feel free to modify it as needed.

Speaking at WordCamp Boston

On Saturday I’ll be presenting my “Large Setup for WordPress Projects” talk at WordCamp Boston. It’s my third attempt to visit Boston over the past 3 years and I’m looking forward to joining the local WordPress community this weekend!

Our SiteGround crew is ready and two of us will share our experience on Saturday, and take part in the Contributor Day on Sunday as well.

Don’t miss the incredible event that the Boston folks have prepared for you this weekend – see you later this week!

The post Speaking at WordCamp Boston appeared first on Mario Peshev on WordPress Development.

Prodcast.fm – A New Productivity Podcast

My friend Slobodan has just started his new podcast – ProdcastFM. The podcast would be focused on productivity and efficiency, which happens to be an important topic for a lot of people in the WordPress community – freelancers, consultants, clients, employers.

I was invited for the pilot episode which turned to be a hiring-related one, but for the sake of the setup and experiment, here we are:

To stay “on-topic”, after all, I’ll also share few of my productivity tips:

  • I start every Monday with a task labeled “Wake up” in my PM system. It’s always a great motivation booster completing the first weekly assignment right after waking up.
  • Usually I work in blocks of 2.5 – 3 hours, then I take breaks (lunch, driving to another place, etc). It helps me stay focused during each block and avoid getting burned out or getting stuck with a specific task.
  • I’m a cofficer, check out my Coffice Resort book.
  • My week is mapped out on Sunday, so that everything is set up for the coming week – less surprises, less critical moments.
  • I’m leveraging my time off – listening to podcasts in the morning, management or marketing audio books while driving or at the airport.

 

We also implement a bunch of boosters in my team:

  • Backup projects – we have several projects in the queue whenever we have a gap between projects, waiting for feedback or just getting too tired of a single project.
  • We deliver weekly. Weekly scrums allow us flexible hours and ROWE (Results Only Working Environment) model where we focus on the work done.
  • We pay attention to the Interruption Science and try to avoid interruptions whenever possible.

Sign up for the ProdcastFM and follow the productivity cast feed on Twitter.

The post Prodcast.fm – A New Productivity Podcast appeared first on Mario Peshev on WordPress Development.

The Problem With Image Attachments In WordPress

Something I’ve wanted to see in WordPress for a long time is the ability to determine which posts an image is being used on. WordPress 4.0 is expected to ship by the end of August and contains two subtle changes to image data in the media library. You’ll be able to view the author who uploaded the image and the post parent ID it’s attached to.

Uploaded By and Uploaded To Informatiom
Uploaded By and Uploaded To Information

I find this information to be useful, especially for multi-author websites. Although you can view the parent post ID the image is attached to, you can’t locate each post the image is used on. It’s important to note the difference between an image attached to a post and using an image already available in the media library.

Why Knowing Where An Image Is Used Comes In Handy

Let’s say I use a featured image for a post and it’s the featured image for several other posts. If I want to change the featured image in one post and have it change in every other post, I can’t. I also can’t change the image for specific posts automatically, it’s either all or nothing. I can’t determine which posts are using the image because WordPress only sees it being used on the parent post. This is due to the attachment relationship.

In other words, the first post the image is attached to is the only information WordPress has on where it’s being used. I could browse to every post and manually change it but my memory isn’t that good and it’s a tedious process.

The History Behind The Dilemma

In trying to figure out why this is, Justin Tadlock pointed out two Trac tickets, 10657 and 14513. Both contain lengthy, technical discussions, on how to add support for many-to-many relationships between posts and attachments in WordPress. Within the discussions, the Posts 2 Posts plugin is commonly referred to as a top-notch plugin that offers this functionality.

Before the Community Summit in October of 2012, Andrew Nacin and a host of other WordPress developers came together to discuss the subject in detail. The ideas brought forth from that conversation are available on the Make.WordPress.com blog and is a potential roadmap for taxonomy meta and post relationships in WordPress.

It’s Possible But Not Worth The Hassle

WordPress automatically renames files if it detects the same name being used in the media library. This means you can’t upload a new image with the same file name to replace it. An alternative method is to use FTP to locate the original file and overwrite it, keeping the same name. The image will change in all posts using it, regardless of the attachment details. You’ll also need to overwrite any images that were resized automatically by WordPress or else they’ll show up instead of the new ones.

After performing all sorts of tests in my local environment for trying to change one image across multiple posts, I’ve decided it’s too much of a hassle. Not being able to manage these relationships in WordPress doesn’t make sense. Ideally, I’d like to be able to determine which posts are using an image and replace that image across all of those posts at the same time. I also wouldn’t mind the flexibility to change an image for certain posts while leaving the others alone.

WordCamp Russia 2014

The second WordCamp in Russia was a success, with almost 200 attendees and a great lineup of 14 speakers from all over Russia and abroad, including Ukraine and even Germany.

WordCamp Russia 2014

I’m not going to go into much planning details like I did last year. Everything was mostly the same, with the exception of having almost twice as many speakers, two tracks, pizza for lunch, a new logo (which everybody thought was a splash), as well as little irritating things that made planning more stressful — like the absence of parking spots close to the venue, problems with shipping anything from the US to Russia, and the fact that we bought about 10x more coffee than we ended up serving.

In any case, the post-WordCamp survey showed a 96% satisfaction rate, which definitely works for me. Now back to reading those new 4.0 commits, and still struggling for inbox zero, even though it’s been over a week now.

Photos from WordCamp Russia 2014 are on Facebook. Slides from my talk about scaling WordPress can be found here, the videos from all the sessions should appear on WordPress.tv in a few weeks.

Click here to comment

More from Konstantin Kovshenin

Auto-Close Comments v1.5

I pushed through an update of Auto-Close Comments, Pingbacks and Trackbacks, the simple WordPress plugin that allows you to close comments, pingback and trackbacks on all your posts at the click of a button!

And, v1.5 adds support for all custom post types. So, you no longer need to worry about those comments on some of your old custom post type posts.

Auto-Close v1.5

If you’re an existing user of Auto-Close, you’ll be able to update it from within your WordPress Admin area and if you’re not, then just head over to Plugins > Add New and search for “autoclose”.

As usual, if you’re looking for support, please create a new ticket in the Support Forums. And, if you’ve found this plugin useful, you can hit the button below to send me your donation.

Changes in v1.5:

  • New: Custom post type support. Now close comments on posts, pages, attachments and your custom post types!
  • Modified: Language initialisation
  • Modified: More code cleaning
  • New: Spanish and Serbian languages thanks to Ogi Djuraskovic

Download Auto-Close Comments, Pingbacks and Trackbacks v1.5


Auto-Close Comments v1.5 was first posted on August 16, 2014 at 1:59 pm.
© 2003-2014 "Ajay - On the Road called Life". All rights reserved.

WordPress and Internet Marketing

Around all possible discussion of WordPress and Internet Marketing, there is a single valid true statement that explains it all.

WordPress and Internet Marketing have a single thing in common.

It’s brutally easy to get into each one of those. And start making money with them, even.

The difference is between the level of a beginner and an expert. It’s just as easy to find a “marketing expert” who has absolutely no idea how does the Internet world work, as is to find a regular WordPress developer online.

Being able to install WordPress through Softaculous and calling yourself a WordPress expert is the same as posting a link on a Facebook page (or creating one) and call yourself an Internet marketing guru.

The insane thing is that most customers buy that. Or even, they would accomplish everything that they want with anyone in the range of beginner through an expert (but the price varies a lot, naturally). If a business owner is not interested in receiving the best quality, providing the top-notch content to the users, implementing the best toolset to accommodate all sorts of potential clients together with the lead capture forms and opt-ins, then they don’t need a high-end agency to build their entire technical and marketing ecosystem.

They are not interested in their business development at all.

It’s just like all those projects for “I want a Facebook clone”. It’s straight forward building a Facebook clone, technically-wise. There are numerous open source platform like Elgg that would even inherit the look and feel of Facebook. Alas, the clients forget that tiny little fact that, having a feature-complete platform is not the same like managing millions of users and hundreds of millions of posts, and scaling the infrastructure respectively.

This is what makes WordPress and Internet Marketing so common. Everyone does them, just a few know what they actually do, and companies are usually unaware of the fact that a website or a Facebook page doesn’t run the business by its own.

The post WordPress and Internet Marketing appeared first on Mario Peshev on WordPress Development.

How to Add Sponsored Post Prefix to Post Title in WordPress

Often you see bloggers publish sponsored posts on their blog. Recently one of our users asked if it was possible to automatically add a “Sponsored” prefix in post titles. In this article, we will show you how to add sponsored post prefix to post title in WordPress.

Sponsored Post prefix added to post title in WordPress

Adding Sponsored Post Prefix Using Custom Fields

Custom fields allow you to add meta information to your posts. In this article we will be using custom fields to add sponsored meta field to a post.

First you need to create a new post or edit an existing one. In the post editor, scroll down to the custom fields metabox. If you can not see the custom fields meta box in your post edit area, then you need to click on the Screen Options button on the top right corner of the screen. This will open a menu where you need to check the box next to custom fields options.

Making custom fields meta box visible in WordPress post editor

Now scroll down to the custom fields meta box and add sponsored in the custom field Name, and true in the value field.

Adding sponsored custom field in the custom fields meta box

Next you need to save your post and scroll down to custom fields meta box. You will notice that custom field meta box is now showing a drop down menu. Next time you need to set a sponsored post, all you need to do is select sponsored from the drop down menu and enter true in the value field.

After adding the sponsored custom field to your post, you need to copy and paste this code snippet into your theme’s functions.php file or a site-specific plugin.

add_filter( 'the_title', 'wpb_sponsored' );
function wpb_sponsored( $title ) {
   global $post;
   $sponsored_text = '<span class="sponsored_text"> Sponsored Post</span> ';
   $sponsored = get_post_meta($post->ID, 'sponsored', true);
   if( $sponsored == 'true' && in_the_loop() ){
       return $sponsored_text.$title;
   }
   return $title;
}

That’s all. Try visiting the post you edited earlier, and you will see Sponsored Post: prefix with the post title.

If you study the code snippet, you will notice that we have wrapped sponsored post text around a CSS class. Using this CSS class you can highlight the text inside the post title. Here is a little CSS that you can add to your theme or child theme‘s stylesheet.

.sponsored_text { 
background: #eeffee;
font-size:small;
text-transform: uppercase;
padding:5px;
}

Feel free to modify the CSS to meet your needs.

Adding Sponsored Post Suffix to Post Title in WordPress

In case you want to display the sponsored post text after the post title, then you can achieve this by using this code snippet:

add_filter( 'the_title', 'wpb_sponsored' );
function wpb_sponsored( $title ) {
   global $post;
   $sponsored_text = '<span class="sponsored_text"> Sponsored Post</span> ';
   $sponsored = get_post_meta($post->ID, 'sponsored', true);
   if( $sponsored == 'true' && in_the_loop() ){
       return $title.$sponsored_text;
   }
   return $title;
}

If you study the code we have made just two changes. We have added a single letter space before the sponsored text, and then we have switched the order to display $title first.

That’s all, we hope this article helped you add a sponsored post prefix / suffix to post title in WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.

To leave a comment please visit How to Add Sponsored Post Prefix to Post Title in WordPress on WPBeginner.

Interview With Siobhan McKeown On The Future Of The WordPress Codex

If you use WordPress, chances are that you’ve run into the WordPress Codex. The Codex is a community maintained collection of documentation, hooks, filters, best practices, and other information related to WordPress. With various handbook projects underway, I’ve been wondering what the future of the Codex is. To find out, I got in touch with Siobhan McKeown, who is a member of the documentation team.

Interview With Siobhan McKeown

Is the roadmap outlined here still accurate and is it being followed? Is it still on time?

The roadmap is still fairly accurate but it’s not on time. The number of contributors to docs is quite small and we’ve faced challenges around getting development work done and finding people to write. That said, the people who are involved are very dedicated and we’re slowly chipping away at things. We have made big strides forward, particularly in the area of inline docs (thanks Drew Jaynes and Kim Parsell) and in building developer.wordpress.org.

Ultimately, is the future of the Codex for it to disappear in favor of all the other documentation resources outlined in the roadmap?

I would like for that to happen, but the decision doesn’t ultimately lie with me and it’s a discussion that we’ll have to return to once new documentation is in place.

Many free software projects in the early stages of their life use a wiki for their documentation. Over time, this can become out-of-date and inaccurate. As a project grows, it often out-grows a wiki, requiring more targeted documentation for both users and developers. Firefox and Ruby on Rails are good examples of FOSS projects that provide the types of targeted documentation that WordPress should be providing. I would hope that we can eventually get there ourselves, and keep the Codex as a historical archive.

Mozilla FireFox Targeted Documentation
Mozilla FireFox Targeted Documentation

Is it a waste of effort and energy for folks to continue to edit and update the Codex?

No. For two reasons: First of all, while all of the docs work is going on, we need to ensure that the Codex stays up-to-date and accurate. It remains WordPress’ primary source of documentation and will be for some time, so contributions are still valuable there. When a new version of WordPress is released, the docs team usually does a sprint to get the Codex up-to-date.

Secondly, the main problem with the Codex is its navigation and structure. There’s a lot of good content in there mixed with a lot of out-of-date content. As we create new resources, we look at the content in the Codex and migrate good-quality content. If you fix a page in the Codex, then it’s likely that will end up somewhere in a new documentation resource.

How can folks get involved with helping the roadmap move along?

We particularly need help in two areas:

  1. Someone to help with ongoing development of WP-Parser (the parser used to generate the Code Reference). A lot of things are on hold until we get someone helping there.
  2. Writing the theme and plugin developer handbooks. These have been around for a long time and we really want to get them finished off so that we can move on to focusing on user support.

To Some, Google Is The WordPress Codex

It may be the largest collection of WordPress documentation but I bet it doesn’t compare to the amount of WordPress content published on sites across the web. The paradox of publishing content on the Codex for the benefit of everyone versus a personal site for the benefit of a small audience has existed since it was created.

I think it would be awesome if content from sites like Justin Tadlock found a home on the Codex but perhaps we don’t need one at all. Maybe all we need is Google. When I asked the Tavern’s Twitter followers what aspect of WordPress do they take for granted, Jared Novack submitted the following answer:

If the Codex ever goes offline, it will be a sad day. However, if it’s replaced with easy to navigate, skill level targeted documentation, with a solid code reference, I think a lot of users and developers will be happy with its replacement. Has the Codex saved your bacon once or twice? Let us know in the comments.

Find, Search, Replace, and Delete in the WordPress Database

The following was originally published on WordCast and authored by Lorelle VanFossen. It is reprinted here as a reference guide. You’ve moved your WordPress installation from one server to another. You’ve changed domain names. You’ve moved images around on your server and now they don’t load. You’ve changed your WordPress installation and now images show […]

How Crowd Favorite Utilizes Multiple Offices and a Distributed Work Force

As I was listening to an interview with Chris Lema, I was surprised to hear how Crowd Favorite has offices setup across the world. Many of the WordPress agencies I’m familiar with are 100% distributed with one physical office. This is the first time I’ve heard of a WordPress development agency with multiple offices throughout the world. I contacted the CTO of Crowd Favorite, Chris Lema, to learn why the company is structured this way and what practical benefits and drawbacks it offers.

The Crowd Favorite Approach To Offices

Crowd Favorite Office Locations Across The World
Crowd Favorite Office Locations Across The World

Crowd Favorite takes an entirely different approach to having an office. Instead of one or two locations, they have small, satellite offices spread across the world. This approach allows the company to merge the benefits of a distributed work force with having physical locations. Each office is staffed by a group of people who excel at a specific skill. Lema describes the offices as communities of practice.

For example, there’s an office in Phoenix that we have that is dedicated to design work and branding, and they’re fantastic at that. That’s a very different dynamic than if you had three designers across the country, four designers across the country, or two brand people across the country.

Sure, if they were really phenomenal people, you could hire them and you’d get a bang for your buck, but if you put a whole group of them together in one place, you’ll discover that they go further faster.

Regional and localized offices enable people to work together to accelerate their progress. The offices are also used to focus on disciplines. For example, the Las Vegas, NV office is focused on video and promotion, the office in Arizona is focused on design, and the office in Denver, CO is focused on advanced development. Crowd Favorite even has a small office in New York focused on .net and Ruby development.

Offices Have Different Purposes Depending On The Region

Offices outside the US have a unique business dynamic associated with them. They’re used as the final component of a business deal after establishing trust and a relationship with a customer. “As Karim Marucchi worked in several different countries, it became a cornerstone of the way he works, that he would have an office, and that’s the office that would drive the business in that region.” Lema said. “It’s especially effective when you think about it on the international stage because you want to be able to make sure that your presence is physically felt in the areas where you’re doing business. We have an office in Italy for example, specifically for that reason.”

The Lone Rangers Of A Distributed Workforce

The Lone Ranger Developer
photo credit: eschipulcc

One of the benefits of having several office locations is the increased opportunity for employees to work together. However, one of the biggest drawbacks is that some employees end up working alone. For example, Crowd Favorite has an office in Seattle, WA that handles development operations that is staffed by one person. This is why Crowd Favorite and other companies with a distributed work force organize company wide meetups once or twice a year. It gives individuals a chance to meet their co-workers and strengthen their connection to the company.

How Other WordPress Companies Handle Offices

One of the benefits of working with WordPress is that it can be done from anywhere in the world, as long as an internet connection is available. Automattic is a leading example of how employees can accomplish anything without having to spend eight hours in a cubicle. Despite having a distributed work force, the company maintains a physical presence with an office in San Francisco, CA. The office is used as a co-working space, to host shareholder meetings, or to just hang out.

Web development firm 10up has an office in Portland, OR. The office hosts speakers, out-of-town guests, and the occasional workshop. WebDevStudios is another large web development firm with a 100% distributed work force. Unlike 10up and Automattic, the company has two office locations, one in New Jersey and the other in Philadelphia, PA.

Copy The Motivation, Not The Model

Going with a 100% distributed work force has drawbacks as does everyone working in the same physical space. Crowd Favorite believes they have figured out a way to reap the benefits of both methods. “When you say we’re only going to have one office, there are drawbacks. When you say we’re going to be 100% remote, there are going to be drawbacks. I think we’ve tried to thread the needle on this to find the situation that gives us the least amount of drawbacks with the most amount of potential.” Lema said.

Is the way Crowd Favorite uses offices a model for other WordPress development firms to follow? “Copying someone’s model is a really poor approach to anything. Copying someone’s motivation may be a more helpful approach to think about.” Lema told the Tavern. Every company is different and has to satisfy its own needs and requirements.

Crowd Favorite has found success using offices not only for co-working spaces, but as a way to build trust and establish relationships with clients in other parts of the world.

WordPress 3.9.2 Fixes Security Vulnerabilities, Users Strongly Encouraged To Update

WordPress users are strongly encouraged to update their sites to 3.9.2 as it’s a security focused release. According to the announcement, 3.9.2 fixes a possible denial of service issue in PHP’s XML processing. The bug was first reported by Nir Goldshlager of the Salesforce.com Product Security Team and was fixed by Michael Adams and Andrew Nacin of the WordPress security team. The release was also coordinated with the Drupal security team.

18.8% Of WordPress Sites Are Running On Version 3.5
18.8% Of WordPress Sites Are Running On Version 3.5

Since the vulnerability is present in WordPress 3.5 to 3.9.1, there are several sites that need to be manually updated in order to be protected. Automatic updates for security releases was introduced in WordPress 3.7, leaving users of 3.6 and 3.5 especially vulnerable. According to stats on WordPress.org, 26.8% of all WordPress sites will not be auto updated. Among those sites, 18.8% are still using WordPress 3.5.

WordPress 3.9.2 has a few other security updates as well:

  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
  • Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
  • Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

You can update to 3.9.2 immediately by browsing to Dashboard > Updates in the backend of WordPress. Sites that have automatic updates configured will be updated within 12 hours. Sites using WordPress 3.8.3 or 3.7.3 will be updated to 3.8.4 or 3.7.4. Older versions of WordPress are not supported, so please update to 3.9.2 for the latest and greatest.

It’s awesome to see the security teams from both WordPress and Drupal working together to keep users safe.

Resources for Working with the WordPress REST API

The WordPress REST API is currently slated for inclusion in WordPress 4.1 and the API team is busy working towards that goal. Project contributors Ryan McCue and Rachel Baker have been on the road giving presentations to introduce developers to the API. They presented at WordCamp Milwaukee and WordCamp NYC, demonstrating how developers can use the API now in its current plugin-based form.

McCue also traveled to API Craft unconference in Detroit where he and Andrew Nacin hosted a session about building the WP API. “I think we solved some outstanding questions with the API, and we’re in a good place moving forward for version 2,” McCue reported after the event. He is currently holed up in Brooklyn working on the version 2 branch, which is focused on preparing the API for integration into WordPress core.

In the meantime, developers are getting excited about all the new possibilities that the WP REST API will open up. As part of the API team, I’ve been working on improving our documentation on WP-API.org, based on feedback from developers who are working with it every day. We’ve pulled all the extraneous docs that were previously in the plugin into the new Jekyll-powered GitHub pages site. We’ve also added new sections for Guides to help developers get started and Resources for working with the API.

wp-rest-api-resources

The new Resources section includes all of the currently available client libraries, links to authentication information, major WordPress plugin integrations, slides and videos, useful tools and REST info. If you want to recommend any additional resources or have any suggestions for the documentation, feel free to let us know or jump in on GitHub.

Regular security audits: taking our responsibility

Yoast SecurityToday, we’re announcing that we have partnered with Sucuri, in the interest of pro-actively securing our plugins. As our plugins run on more and more sites, we have a responsibility towards our users and the web at large to make sure that we do our utmost to make sure our code doesn’t make them vulnerable.*

We’ve been preparing this release for over two months. In that time, Sucuri has identified vulnerabilities in plugins across the WordPress ecosystem affecting over 20 million downloads. This shows the need for users and web hosts to update plugins promptly on security updates. If you look at it, it beckons for a more “forced” way of updating plugins. It also places additional scrutiny on us, plugin and theme developers, to ensure that we are not only focused on features but place additional emphasis on good, secure, code.

Once a security problem is public there’s no stopping the bad guys in any other way than to update. To us, as authors of plugins that all combined have more than 20 millions downloads and run on over 5% of the top 1 million websites, it made even more clear the need for more scrutiny in our code writing. We could think of no one better than the guys working in the trenches, Sucuri.

Improved security, so we can sleep better

Let me be honest: there’s no such thing as 100% safe software. Ever. But we can strive. From now on, Sucuri will review all the code in our major plugins at least four times a year, on top of our own testing and development best practices. They will work with my team to ensure that the patches we push are adequate and work with us to get the word into as many hands as possible. For all intents and purposes, they will be an extension of my development team, focused strictly on security. We are not foolish enough to think that this is the end all be all to security, no, we realize this is a process and will continue to evolve.

Like all of you, we’re not perfect. We’re sure though, that having the pro’s at Sucuri review our code regularly will lead to our plugins being among the safest out there, which is how we want it. It’s how we, as the good web stewards we strive to be, will take responsibility for what and how we do it – providing our users the best, and most secure, options available. Not just because you sleep better because of it, but because we sleep better because of it too.

But you said “partnered”?

Yes. This will be a relationship in which we reciprocate the service by being an extension of their online marketing team. Sucuri will review our plugins, we’ll help them by reviewing their online practices from a website optimisation point of view. Let’s face it, we can’t all be good at everything, they are great at Security, but could use some help at online marketing and website optmization, and they recognize this, which is why we are going to help them get better.

To start, they have already received our diamond review, our ultimate review package in which we provide a thorough review of their SEO practice, website usability and conversions. Have you seen their latest changes?

In a similar fashion, we’ve made the first improvements to our plugins based on their reviews, luckily showing no critical issues yet.

Additionally, they will be working with us beyond just the code we ship. They will be working with us to improve our overall security posture as an organization and we’ll be leveraging their Website AntiVirus and Firewall products to ensure a safe online experience for all our online visitors. They are the premiere Website Security company and we rock at what we do, it’s only right we make full use of each others services.

Lead, not follow

When I was on the Dradcast 2 months ago, I hinted at some of this. We should lead by showing how people can improve their products and processes. I personally think every premium plugin / theme company should have a process for regular independent security reviews of their product(s). This is an example which I’d love for every company in the WordPress community to follow and document.

We’ll be as transparent as possible about all of the things we do, both Sucuri in how they improve their site as we in how we improve our code. As you can see, we’re very excited to be working with the team at Sucuri and we look forward to making the web safer together!

* For the record: from a purely juridical point of view, the GPL basically disclaims all warranty.

This post first appeared on Yoast. Whoopity Doo!

7 Aspects Of WordPress I Take For Granted

After using WordPress for seven years in a row, it’s hard to consider switching to another publishing platform. I have my gripes about WordPress and there are plenty of things that can improve the publishing process. However, after testing a few other open source alternatives, I was reminded of how many things I take for granted in WordPress. Here are seven WordPress things I take for granted.

The Visual Editor

For the longest time, the visual editor in WordPress has been the bane of existence for so many users. It has a reputation for screwing up code snippets and ruining the formatting of text. In the past two years, there have been several improvements to the editor that make it my favorite way to write a post. These are just a few of my favorites, some of which are slated for WordPress 4.0.  oEmbed support, oEmbed previews, sticky toolbar, automatic resizing based on the amount and type of content, and the ability to easily edit inserted media.

After using a few different themes, I’ve determined support for visual editor styles to be a killer feature. If executed properly, content within the visual editor looks the same as it does on the frontend of the site. After using a theme that executes this feature properly, it’s hard to use a theme that doesn’t support it.

Visual Editor In WordPress 4.0 With oEmbed Previews
Visual Editor In WordPress 4.0 With oEmbed Previews

One Click and Automatic Updates

As far as I’m concerned, any content management system that doesn’t have an easy way to upgrade within the software is stuck in the past. WordPress 2.7 “Coltrane” introduced the ability to upgrade WordPress with one click. Gone are the days of manually uploading files via FTP. Being able to upgrade plugins, themes, and WordPress with the click of a button is a huge time saver. If you want to fully automate the process, you can configure WordPress to automatically update core, themes, and plugins.

Vast Amount Of Plugins and Themes To Choose From

Considered a negative by some, I think the large amount of free themes and plugins to choose from is a huge benefit. It gives users across the world a chance to turn WordPress into their WordPress. Because of the wide assortment of themes and plugins available, the chances of two WordPress installations being exactly the same are slim. Sure, there is a lot to choose from, but I’d rather have too much choice than too little.

Plugin Count As Of July 29th, 2014
Plugin Count As Of July 29th, 2014

Akismet

Despite Akismet not being 100% accurate in determining who spammers are, it’s saved me a lot of time (24 days to be exact) and grief. It’s available for free for non-commercial use and ships with WordPress. There are plenty of alternatives to handle comment spam but I’ve never had a reason to switch. Other content management systems I’ve tested either don’t have an anti spam solution built-in or are tied into the Akismet service. At the time of writing, Akismet has protected the Tavern from 109,288 spam comments with an accuracy rating of 99.19%.

Akismet Stats For The Tavern
Akismet Stats For The Tavern

An Abundance Of Resources

Being used on over 22% of the web has its perks. If I don’t know how to do something with or in WordPress, the answer is usually a Google search away. Someone has either written a tutorial or knows about a plugin that has the functionality I’m looking for and a lot of the information is free of charge.

The WordPress Community

The WordPress community is global. People all over the world are helping each other go farther with WordPress. People who don’t know each other are showing up to local area meetups and becoming best friends. I’ve seen first-hand veterans of the community stop what they are doing and provide a helping hand. More often than not, if we see someone struggling with their WordPress website, we do what we can to help them.

WCSF Contributor Day
WCSF Contributor Day

The Time So Many People Spend Improving The Project

Notice how I didn’t say improving the software. That’s because WordPress is more than just software, it’s like a big tree with several branches. There are a ton of people all over the world helping to make the project better through individual and team contributions. Most are not paid but simply want to improve their favorite part of the project. This includes documentation, organizing meetups, WordCamp planning, improving the core of WordPress, and other initiatives.

Many of the contributions go unnoticed and contributing to WordPress can be a thankless job sometimes. Not every contribution is world-changing; some are more important than others. The bottom line is, every contribution no matter how small, makes a difference.

What Do You Take For Granted?

I asked the Tavern followers on Twitter what aspect of the WordPress project do they take for granted. Here are a few of the responses.

What aspects of WordPress do you take for granted?

Code Standards Project to Take WordPress Into the Future

WP Tavern reported recently that WordPress Developers are organizing a community initiative to standardize common post types, taxonomies and meta data. Led by Justin Tadlock, popular WordPress developer and author of Professional WordPress Plugin Development, the goals of the community project are to name these common parts of WordPress to create a more stable and […]

Business Around WordPress

The latest WordPress pricing discussions went viral and it’s apparently an important subject that should be discussed broadly at WordCamps. The large number of implementers out there are affecting the number of technical experts, and the competitive prices of other platforms lead us to the question: Why are the WordPress budgets underpriced?

I’ll share my experience so far as a single consultant and an agency owner.

Costs of WordPress Development

As a European WordPress developer I get occasional requests for WordPress development, and the budgets are often hilarious. At DevriX we get various requests where the budgets for the WordPress-based sites are often significantly lower than the ones for other projects (custom PHP/framework or Java development most of the time).

One of the reasons we’ve identified is apparently the low entry for new WordPress developers. People start customizing themes and get into the: “Hey, look what I’ve done, I’m a developer!”. That leads to “my son built my website” attitude and experience with building blocks together, and overall disrespect to the overall community in the sense of: “It’s so easy that my kid can do it in a week”.

Which is fine as long as customers don’t call a web agency and request their work to be done “pro bono” because WordPress is Open Source and there are “freelancers” out there who probably work for free (name association).

However, there is a huge gap between “building a site with whatever is available” for two hours and expecting custom features in a complete technical solution. And that’s where most arguments are born: the fact that a free plugin does 90% of what you need doesn’t necessarily mean that the other 10% of the work would happen in a few minutes.

But let’s not get into that dilemma and see where does WordPress shine.

WordPress for MVP

When Adii started Public Beta he had tested his idea through WordPress because it’s fairly straight forward to build MVPs. Then he went on with Rails (IIRC) which was arguably the right choice, but still the idea could have been easily validated at first without a large initial investment. The bright business minds out there know that building fairly straight-forward websites with WordPress is doable, and there are enough plugins out there to use for starters.

Exactly the thing that we’ve discussed earlier: you could do A LOT with default plugin setup as long as you don’t need too many customizations that weren’t meant to be done within the plugin options set. Therefore launching an MVP with a small set of changes and focusing on the business model is a great and affordable thing to expect from WordPress.

I have been able to validate several business ideas myself once I’ve started using WordPress. It was time consuming before that, and now it’s a matter of purchasing a domain name, setting up WordPress, installing a few plugins and seeing how it goes. If the idea is good and people are interested, then I plan a completely brand new development process that includes new features, rebuilding some of the plugins, new design, different APIs integration and so forth. Which is a long, expensive process – just as with any other technical platform and a custom solution.

WordPress CMS

WordPress is an established CMS with a very flexible structure due to the Custom Post Types API and the foundations on the database level. Over a dozen plugins on WordPress.org or premium ones make it possible to build virtually any type of data entry that has: title, content, publish date, author and an infinite (so to speak) number of custom properties.

This is perfect for any sort of business. You could easily create a technical backbone with WordPress for: products, air conditioners, cars, real estates, or whatever you want that falls into that pattern. Thanks to the Custom Taxonomy API you could group all of these in a hierarchical or flat model (categories vs. tags) which works for the majority of the projects.

There are a few types of projects that wouldn’t be a good fit for the current infrastructure. They are usually related to huge amounts of data that lack part of the required things in the posts table, or wherever a SQL join would be a heavy operation – yet these are more of exception cases. Especially with the JSON REST API that’s about to get in the core soon most of the API-related requests would be possible with WordPress and we will cover more and more project types.

The main problem again is that requiring a good amount of customization for the existing CPT capabilities might require a lot of work, especially when it comes to complex filtering, searches, multilingual websites, ecommerce, payment integration, AJAX manipulation, various templates, and others. The fact that “it’s almost there” doesn’t mean that the rest can be built in an instant.

WordPress SaaS

When I was preparing my slides for WordCamp The Netherlands, I’ve researched the multisite capabilities of other platforms – both in PHP, and in other languages too. None of the options that I was able to find was as flexible, automated and powerful as the WordPress Multisite feature. Plugins like Pro Sites makes it possible to create membership websites with subsites for each member, integrate different payment processors, track plans, and build on the top of that.

It’s a very powerful solution really. There are numerous plugins that leverage that properly, and the WordPress API is quite flexible when it comes to multisite installs. Certainly, there are some bugs here and there that require workarounds (such as getting the post types of a site after switch_to_blog() ) but it’s all possible.

However, if you expect specific changes in the plans model, exotic payment gateways, automated lifetime registration support, more fine-grained plugins control you might be stuck with weeks of changes and an actual fork of the real plugin, or end up with building a custom multisite management plugin as we did in DevriX.

WordPress Marketing Platforms

If you’re following people like Syed from WPBeginner or follow marketers who are into platform building, you will find out that the majority of the plugins or platforms out there are WordPress based. Why is that?

WordPress has:

  • integration with lots of autoresponders
  • several different eCommerce solutions
  • stats features
  • decent integration with most if not all Google services
  • brilliant SEO plugins
  • all those powerful CMS thing that we’ve discussed above
  • the incredibly usable WordPress admin panel
  • a bunch of plugins for customizing the overall user experience
  • tons of themes and other goodies

The marketing niche is one of the places where people invest a lot because they know how powerful it is, how much they could squeeze out of WordPress and extend it at the same time.

The interesting thing is that, since marketers aren’t tech-savvy and they communicate with numerous fields and also technical companies out there, even though they’re not techies – they know how expensive it is to build a system on the top of another platform, and they know that they could earn a lot (and normally are willing to invest a lot).

Full disclosure: over the past 2 years at DevriX almost all of our clients are in the marketing, sales, SEO or event management world, and we’ve closed two $50K+ projects with few more that would cross the line (which is why we’ve separated them into WP Commit). It’s all about perspective, and since marketers and sales people can sell outside of the WordPress world, they’re inclined to invest in a growing infrastructure as the main tool for their sales.

Automattic and it’s direction

I’m mentioning Automattic here although I actually mean all of the large product companies including WebDevStudios. Don’t forget that you could also leverage the WordPress.com Stats and the entire Jetpack stack, and also add a lot of gamification with BadgeOS. AppPresser makes it possible to build a mobile application based on WordPress which is definitely revolutionary.

Being able to see where the big companies are headed is a smart move to see what’s possible, and checking the WordPress.com VIP list with agencies and large sites is a proof that smart corporations invest in WordPress as a reliable platform with stable backbone that could be extended further.

Complete WordPress Solutions

Back to the implementers subject and the small websites: most of the cost complains for WordPress come from the fact that many clients really don’t require much. “Just a simple website” is totally something that you could do for $200 even, if you just need to install WordPress, a free theme and a SEO plugin. It would take you 20 minutes and no one that I know of would complain about that $600/h rate. Even though it’s probably something that you’d rather not do, because the site would be neither functional, nor outstanding UI-wise.

What we do ourselves is the following: we always ask for budgets. There are too many requests for fixing a small bug in a large site or customizing a huge premium plugin for less than $100.

But the other thing that we do is offer solutions. Complete solutions may include, for example:

  • design + development + SEO
  • consulting + online training + code reviews
  • development + system architecture and administration
  • development + SMM + copywriting

Big clients are not interested in small chunks and they’re usually looking for complete solutions. Most of them have entire departments in-house that would handle part of the work, or they could prefer a specific hosting company for their dedicated servers. But being able to provide a complete solution is far more valuable and attracting to larger clients than just offering small website packages.

The post Business Around WordPress appeared first on Mario Peshev on WordPress Development.

How to Add Custom Styles to WordPress Visual Editor

WordPress visual editor comes with basic formatting options. However, sometimes you may need custom styles of your own to add CSS buttons, content blocks, taglines, etc. Switching from Visual to Text editor and adding CSS each time is time-consuming. What if we told you that you can add formatting options as custom styles in your WordPress visual editor? In this article, we will show you how to add custom styles to WordPress visual editor.

Note: This tutorial requires basic working knowledge of CSS.

Custom styles drop down menu in WordPress visual editor

Manually Adding Custom Styles to WordPress Visual Editor

We are going to start with adding your own custom styles and formatting options in WordPress visual editor without installing any new plugin.

Since you will be editing your theme files, please make a backup of your theme.

For the sake of this tutorial, we will be adding a custom style to add a content block and a custom CSS button in the post.

First thing we need to do is add a custom styles drop down menu in the WordPress visual editor.

Simply copy and paste the following code in your theme’s functions.php file or a site-specific plugin.

function wpb_mce_buttons_2($buttons) {
	array_unshift($buttons, 'styleselect');
	return $buttons;
}
add_filter('mce_buttons_2', 'wpb_mce_buttons_2');

This code will adda a styleselect drop down menu on the second row of the buttons. You will need to click on the kitchen sink button to see it.

After adding a drop down menu for your custom styles, the next step is to fill it up with options. Simply copy and paste this code in your functions.php file or in a site-specific plugin.


/*
* Callback function to filter the MCE settings
*/

function my_mce_before_init_insert_formats( $init_array ) {  

// Define the style_formats array

	$style_formats = array(  
		// Each array child is a format with it's own settings
		array(  
			'title' => 'Content Block',  
			'block' => 'span',  
			'classes' => 'content-block',
			'wrapper' => true,
			
		),  
		array(  
			'title' => 'Blue Button',  
			'block' => 'span',  
			'classes' => 'blue-button',
			'wrapper' => true,
		),
		array(  
			'title' => 'Red Button',  
			'block' => 'span',  
			'classes' => 'red-button',
			'wrapper' => true,
		),
	);  
	// Insert the array, JSON ENCODED, into 'style_formats'
	$init_array['style_formats'] = json_encode( $style_formats );  
	
	return $init_array;  
  
} 
// Attach callback to 'tiny_mce_before_init' 
add_filter( 'tiny_mce_before_init', 'my_mce_before_init_insert_formats' ); 

In this code we have added three options to the drop down menu. A content block, a blue button, and a red button.

If you study this code, you will notice that each style format has title, block, classes, and wrapper. The title is what you will see in the TinyMCE drop down menu in your visual editor.

The block is the name of the block element to produce on the selected text. We have used span, you can use any other element you want. The classes will add the CSS class to the element, so that you can style it accordingly.

After adding this code, you can go to the post editor where you will see your new drop down menu with these options. However, selecting these options will not make any change just yet. You need to add CSS rules to your theme’s stylesheets.

Here is the CSS code that we have used for the tutorial.

.content-block { 
    border:1px solid #eee; 
    padding:3px;
    background:#ccc;
    max-width:250px;
    float:right; 
    text-align:center;
}
.content-block:after { 
    clear:both;
} 
.blue-button { 
	background-color:#33bdef;
	-moz-border-radius:6px;
	-webkit-border-radius:6px;
	border-radius:6px;
	border:1px solid #057fd0;
	display:inline-block;
	cursor:pointer;
	color:#ffffff;
	padding:6px 24px;
	text-decoration:none;
}

.red-button {
	background-color:#bc3315;
	-moz-border-radius:6px;
	-webkit-border-radius:6px;
	border-radius:6px;
	border:1px solid #942911;
	display:inline-block;
	cursor:pointer;
	color:#ffffff;
	padding:6px 24px;
	text-decoration:none;
}

Copy and paste this CSS into your theme or child theme’s stylesheet and editor-style.css file. The editor stylesheet controls the appearance of your content in the visual editor. Check your theme’s documentation to find out the location of this file.

If your theme doesn’t have an editor stylesheet file, then you can always create one. Simply create a new CSS file and name it custom-editor-style.css. Upload this file to your theme’s root directory and then add this code in your theme’s functions.php file.

function my_theme_add_editor_styles() {
    add_editor_style( 'custom-editor-style.css' );
}
add_action( 'init', 'my_theme_add_editor_styles' );

That’s all. You have successfully added your custom styles into WordPress visual editor. Feel free to play around with the code by adding your own elements and styles.

Using a Plugin to Add Custom Styles in WordPress Visual Editor

This method does exactly what we have shown you above, but it provides a web based interface, so that you don’t have to manually edit the files yourself.

First thing you need to do is install and activate the TinyMCE Advanced Professsional Formats and Styles plugin. Upon installation, go to Settings » TinyMCE prof. Styles to configure the plugin.

TinyMCE Professional Styles settings

The plugin allows you to choose the location of stylesheet files. It can use your theme or child theme’s stylesheets, or you can choose a custom location of your own. After that you need to click on the Save Settings button to store your changes.

To add a new style option, you can to scroll down to style section and click on the Add new style button.

Adding custom styles using a UI

First enter a title for the style. This title will be displayed in the drop down menu. Then choose whether it is an inline, block, or selector element. After that add a CSS class and then add your CSS rules as shown in the screenshot below.

Once you have added a CSS style, simply click on the Save Settings button to store your changes.

To see your custom styles in action, edit an existing post or create a new one. You will see a Format drop down menu in the second row of WordPress visual editor.

Custom TinyMCE Style

We hope this article helped you add custom styles to WordPress visual editor. Feel free to create as many styles you want and simply apply them with a few clicks.

If you were just looking for a way to add CSS buttons then see our guide on how to add CSS buttons in WordPress without using shortcodes. Also check out how to add multi-column content in WordPress posts and 14 tips for mastering the visual editor.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.

To leave a comment please visit How to Add Custom Styles to WordPress Visual Editor on WPBeginner.