WordPress.org to Add New Page Educating Users on Benefits of Upgrading PHP

WordPress’ Core PHP team has created a new GitHub organization for initiatives focused on improving the use of PHP in the project. The first one they are tackling is a new page on WordPress.org dedicated to educating users about the benefits of upgrading PHP. Contributors are collecting third-party articles and tutorials on PHP upgrades to find inspiration for the project, which is temporarily codenamed “servehappy.”

WordPress’ stats page shows that 14.2% of the all the sites it is tracking are running on PHP 7.0+. 40.6% of sites are on PHP 5.6, which is no longer actively supported but will receive security fixes until January 2019. This leaves 45.2% of all WordPress sites running on older, insecure PHP versions that have already reached end of life and are no longer receiving security updates.

WordPress PHP Versions – 8.18.2017

Contributors are using the issues queue of the servehappy repository to collect benefits and statistical data they can use to sell the “update PHP” proposition to users. The project is currently in the brainstorming phase, but the team will eventually whittle the ideas down to present the most effective benefits.

“The primary task for the ‘servehappy’ repository will be to open issues for the benefits we’ve come up with over the past few weeks, and discuss them one by one, whether they qualify for the page and how they can be framed in the most convincing way,” Felix Arntz said.

In addition to proposing the benefits of upgrading PHP, the page will also include a call to action and information about how to upgrade or how to approach your host for an upgrade. Contributors are discussing the page’s outline and are aiming to tackle the project in a friendly and sensitive way that doesn’t put stress on users.

“The section ‘What should you need to know before doing an update?‘ must not unnecessarily make the user worry,” Arntz said, recapping the thoughts contributors expressed during the team’s most recent meeting. “Let’s highlight possible issues, but not overestimate them. People should see upgrading as a good thing, and we should point them to how they can determine whether their sites are ready.”

The Core PHP Team will be getting in touch with WordPress’ marketing team to request their expertise on refining the page’s approach. Anyone is welcome to contribute third-party resources or ideas to the servehappy project on GitHub. Check out the most recent meeting notes for a full summary of the project and its needs.

Yoast’s mission: SEO for everyone

Our mission is ‘SEO for everyone’. We keep that in mind, in everything we do. But what do we mean by it? And why is it our mission? In this post, I’d like to explain Yoast’s mission.

A little bit of history

To understand why we pursue this mission, we’ll have to go back in history. Let’s start in 2006: Joost de Valk was building SEO plugins because he strongly believed that everyone could benefit from the SEO knowledge he had collected in his work for large agencies. As a WordPress fanboy, he could quickly translate his technical SEO skills into a useful plugin for WordPress. 

New to SEO? Learn the Basics of SEO in our Basic SEO course »

Basic SEO training$ 199 - Buy now » Info

The WordPress SEO plugin, which was rebranded to Yoast SEO later on, got an enormous amount of users. What’s more, Joost received an overwhelming number of support requests and was unable to handle those, as he was still working for an agency as well. At that point, Joost decided to start his own company. Selling premium plugins and doing a little bit of consultancy enabled him to further invest time and resources into the free Yoast SEO plugin as well. This allowed us to improve the quality and features of our products, and also resulted in a growing company. Moreover, it meant we could further define our mission.

WordPress’ mission and Yoast’s mission

The mission of WordPress is to democratize publishing with open-source GPL (General Public License) software. Yoast’s mission builds on WordPress’ mission, just as Yoast’s software is an extension of the software of WordPress. Everybody can create a website using WordPress. However, not everyone is able to rank in the search engines. In some niches, the search results are dominated by large companies with even larger marketing budgets. The Yoast SEO plugin, combined with the SEO knowledge Yoast shares, enable small entrepreneurs to compete with these large companies.

A ‘fair’ chance in the search results

We believe the web will benefit from all people having an equal chance in the search results. We would love for great new ideas and inventions to spread over the world. And great ideas don’t always come from large agencies but are created everywhere around the world. That’s why we believe that every idea should have a fair chance in the search results. WordPress and Yoast SEO cover most of the technical SEO challenges of a website. But to seriously compete with the big boys, every website owner still faces content SEO challenges. In our blog posts, we explain to our audience how to write awesome and SEO-friendly content and how to set up a decent site structure. Using the Yoast SEO plugin and reading our posts should help everyone to have a fair chance in the search results. That’s what ‘SEO for everyone’ is all about.

Making money and maintaining the mission

Pursuing our mission doesn’t mean we’re not making any money while doing so. On the contrary: the company Yoast is thriving. The money we make enables us to keep on pursuing our mission. We continue to tweak and improve our plugins and we write more and more articles about SEO. Making money makes pursuing ‘SEO for everyone’ easier. We can have a bigger impact. And, it allows us to contribute more and more to WordPress core.

The premium version of Yoast SEO has some practical features, which will make SEO a lot easier. However, all essential features you need to have that fair chance in the search engines, are available and will remain in our free plugin. Our online courses are powerful to quickly learn about (one or multiple aspects) of SEO. But all the SEO information you need is also available in our many blog posts. It’s important to us that everyone – even if you haven’t got much money to spend – can benefit from our SEO products.

Read more: ‘Victory of the Commons’ »

Beginner’s Guide to Starting as a Freelance Content Writer

Blogging has been around since the late 90s and there are millions of bloggers earning a good living thanks to their writing efforts.

Business owners, marketers, college students and everyone else is actively publishing online. With social media prevailing, a good percentage of the population is now actively producing content online.

But what is the difference between a successful writer and a hobbyist?

Generating Revenue Through Content Writing

There are various ways to generate revenue through content writing.

Being a full-time writer or a journalist is the obvious choice. But engaging content writers can build the right audience for each and every business – even the ones who spend just a few hours a week on a piece of paper or within their writing platform.

A valuable piece of content can:

  • Generate more traffic to your website
  • Lead to successful sales for the products or services that you offer
  • Increase the brand awareness of your business
  • Position you as an authority in your industry
  • Educate and generate a followers base for your company
  • Lead to writing and speaking gigs
  • Help you craft highly converting copy for your sales pages
  • Build a story around your personal or professional brand

With that in mind, content marketing is on the rise. In fact, it’s been one of the key pillars of inbound marketing while it’s also been crucial for crafting a unique and engaging copy for your outbound efforts – PPC ads, press releases, and all sorts of different campaigns focused on your prospects.

Where Should I Start as a Freelance Content Writer?

Your blog would definitely be the first place to start.

At DevriX, we do receive 20–30 applications from guest writers on a monthly basis, together with some candidates who are looking for a full-time writing job. What we look for is obviously a content portfolio of high-quality articles that correspond with our content guidelines and expectations.

I would suggest you to focus on two different areas before you get some traction as a successful freelance writer.

Build a diverse portfolio

Building a diverse portfolio is crucial when assessing writers. There are four specific elements that could increase your chances of onboarding new clients.

  1. Engaging and detailed writing – storytelling converts better and detailed resources rank higher than shorter 500–800 words stories. Due to the overflow of information online, Google has refined its algorithm toward more detailed and extensive guides that bring value. Therefore, being able to craft a story and elaborate on different areas would resonate with more people who will be more inclined to share or read further. Some industry experts recommend 2000+ words as the number may vary.
  2. Niche specialization – profiling in certain industries would position you as a writing expert who can deliver high-quality results in a set of areas. Instead of trying to craft mediocre content for random fields, utilize your previous experience or boost your qualifications by taking on additional courses for industries that may be looking for writers. While Internet marketing, small business, entrepreneurship are standard baselines for many freelance writers, being acquainted with more niche industries would position you higher than other candidates with generic experience.
  3. Guest submissions – some testimonials regarding your work would be valuable – reviews from clients or case studies for businesses that you’ve been involved with. Pitching your stories to blogs and magazines and writing unique articles that are applicable to their categories would increase your exposure and reputability in the writing industry.
  4. A personalized portfolio – in addition to guest posts, work on your own portfolio. Craft high-quality content and distribute it online. Participate in Quora, LinkedIn Pulse, Medium, and other networks that help out with content exposure and validating the quality of your content. The incoming traffic will be indispensable as you refine your process and find your voice. Pitch your articles to EzineArticles or other article aggregators that may increase your exposure online.

Outreach and freelance networks

You can sign up for standard freelance networks such as Upwork, PeoplePerHour or Freelancer where clients occasionally look for freelance writers. Competition there is tough and there are plenty of beginner writers who charge a few bucks per article but it may be a starting point until you generate some recurring customer base.

Same goes for more specialized networks like iWriter or Textbroker.

Reaching out to agencies that provide content to their customers is definitely one of the most viable alternatives. Contact SEO agencies, advertising companies, marketing teams. Consider content packages on a monthly basis as well – one of our freelance writers has pitched us with a reputable portfolio and packages that were of interest to us (combining blog posts, sales pages, ebooks and content add-ons).

As with every other field, you may need to start small, work with smaller businesses (that you contact as well) and charge a lower fee over the first months. You can gradually increase your rates and adjust your process and end up with a portfolio of ongoing clients who outsource content production on a monthly basis or regularly contact you for larger projects (ebooks or sets of articles for a new project).

Identifying Viral Content

With the overwhelming amount of content online, crafting a great article takes time.

One of the popular approaches out there is a rough form of article spinning or building a compilation of stories based on existing stories.

While this still works in less populated niches, there are verticals that are crowded and thousands of articles iterate over the same list of things.

One of my go-to tools for identifying viral content is BuzzSumo. You can type in a key term for the industry you’re covering or a specific website in order to identify copy that gets a vast amount of shares online.

For example, if you’re a WordPress development and want to cover relevant stories to your buyer persona, here’s a list of popular results by BuzzSumo:

The key source of information here is Torque. The first couple of results have generated over 2,500 shares each with a close third approaching 2K shares as well.

The three trending topics outlined above are:

  1. Become a Better WordPress Developer with these Local Development Plugins
  2. 4 Key Misconceptions about WordPress Development Debunked
  3. 6 Reasons Why Developers Should Choose WordPress for an Enterprise Site

You can easily extract multiple trends based on the copy that ranks high:

  • WordPress developers are interested in step-by-step and list resources iterating through different approaches for solving a problem
  • WordPress development plugins are high on the priority scale of developers looking for “quick wins”
  • Improving the professional WordPress skills is a goal for many developers out there
  • WordPress is a contradictory platform (being positioned as a blogging platform for a while and utilized as a powerful platform lately)
  • WordPress for enterprises is a valuable field to talk about.

I’ve utilized this approach while writing my first article for Business 2 Community. While reverse-engineering their successful copy, I’ve found out an article listing the top programming languages for 2016.

Since I’m familiar with the industry and aware of TIOBE’s existence, I wrote a more detailed guide named “Top 20 Most Popular Programming Languages in 2017” which successfully generated 1,490 shares in just a few months (with over 800 shares in the first weeks).

I’ve tapped into B2C’s audience which is apparently interested about the popularity of programming languages, pulled the industry data, outlined not 10, but 20 popular entries and prepared a brief for each of the programming languages (which didn’t exist in the former source or the industry stats).

This managed to generate the viral effect and led to a few additional stories written for the outlet.

You can use BuzzSumo in order to reverse engineer what works in your field and for your industry peers in particular and find out how to craft something unique and even better.

An Actionable Content Marketing Process

Since content marketing is not all about writing content, you have to spend some time on research, careful planning, actual implementation, outreach and distribution.

With regards to the content production process itself, here’s a practical guide that you can implement in your writing process:

  1. Analyze your target market and the needs of your customers
  2. Figure out what’s the best type of content that your prospects need
  3. Identify the best medium for content production (long vs. short stories, reviews, how to articles, lists, YouTube videos, podcasts, infographics, a radio show)
  4. Compile a list of major industry problems and struggles that you can explain and help out with
  5. Find your main competitors and reverse engineer their strategy – what sort of content they publish, what are the major topics that they cover, what tone do they utilize when speaking to their audience
  6. Formulate a brand strategy and tone that is consistent and will be followed as you go forward
  7. Run a number of tests using SEMrush, Moz, BuzzSumo, Serpstat in order to analyze the main keywords that your competitors rank for, the content that converts the best and generates the highest number of shares
  8. Combine that with a set of queries through Google Keyword Planner and Google Trends in order to find out what are the direct and long-tail keywords that you may write about and target
  9. Create a spreadsheet or a mindmap that defines the different categories and verticals that you want to target within the realm of your audience
  10. Figure out whether you can work on content upsells (additional guides, checklists, ebooks or whitepapers included in your top resources)
  11. Start producing outstanding content that solves all of the main problems of your audience
  12. Spend a ton of time distributing all of them to your social media channels and all of the other venues where your ideal customer hangs out
  13. Refine your content, update it and continue to include additional data, stories, stats, case studies
  14. Repurpose your content and create other forms of information (infographics, ebooks, roundups) that could be leveraged in different outlets
  15. Publish valuable content on Quora, LinkedIn, Medium and refer your best entries as long as they are contextually relevant and will add value
  16. Build partnerships for fusion marketing and submit guest post entries to other industry sources that would link back to you
  17. Repeat

As long as you define your market properly and identify an industry that would be worth exploring in details, you would start generating traffic soon. Attacking an existing niche is also doable but it would require a lot more time and effort in order to provide outstanding content that produces outstanding results and educates your market group in depth, much further than the other educational resources on the market.

Being persistent in your content marketing efforts will start accumulating and generating results a bit slower, but your assets would be invaluable once you start monetizing your content through different channels.

The post Beginner’s Guide to Starting as a Freelance Content Writer appeared first on Mario Peshev.

WordPress 4.9 to Focus on Code Editing and Customization Improvements, Targeted for November 14

photo credit: Sophie Ollis

WordPress core contributors have set a tentative schedule for the upcoming 4.9 release, which will be co-led by Mel Choyce and Weston Ruter. The development cycle kicked off in early August with Beta 1 scheduled for early October and the official release targeted for November 14.

Choyce published a list of goals today that outlines what they will be aiming for in 4.9. WordPress users can expect to see some existing features polished up to be more user-friendly, including some long-awaited updates to the experience of editing theme and plugin files in the admin.

Contributors are looking at adding a nested folder structure that will offer access to files deeper than two levels. They are also aiming to add better warnings for users who are editing themes and plugins, an improvement which Choyce described as “graduating from cowboy coding school.” This could help prevent users from unknowingly making small errors that could have a negative impact on their sites.

Another goal for 4.9 is to improve the code editing experience by adding syntax highlighting. Contributors are examining the possibility of incorporating CodeMirror functionality into the plugin and theme file editors and also extending it to the Customizer’s custom CSS box. An experimental Syntax Highlighting Code Editor for WordPress Core plugin is currently being developed on GitHub as a potential solution for a seven-year-old trac ticket for code editor improvements.

Customizer improvements are also one of the main focuses for 4.9. Contributors to the Customize Snapshots feature plugin have been steadily refining the ability to draft and schedule changesets in the Customizer. They are also looking at providing a better experience for widget and menu mapping when switching between themes, improving homepage settings (“Page on Front“), and displaying responsive images in the Customizer sidebar.

This list of goals for 4.9 includes many more items and the release leads are approaching it with the understanding that some features and improvements may not be ready in time. One item on the list is getting in API endpoints that Gutenberg requires.

Looking ahead to WordPress 5.0, new Gutenberg design lead Tammie Lister has proposed a revised, tentative roadmap that anticipates having the new editor ready for a merge proposal in December 2017. Lister said the outline is not set in stone and Gutenberg’s path to 5.0 would be dependent on the success of the merge proposal.

User Tracking to be Removed from Gutenberg in Upcoming 0.8.0 Release

photo credit: Saving Chicago CPR

The opt-in user tracking that was added to Gutenberg 0.7.0 will be pulled from the plugin in the upcoming 0.8.0 release. The data collection included in last week’s release reignited the discussion regarding adding telemetry to WordPress.

James Nylen and an Automattic engineers involved in Gutenberg added the feature with the goal of improving the editor based on usage patterns. Nylen said the approach they used was very similar to Calypso’s event tracking code and that it would provide “a very useful technique to collect user experience data.” They had planned to use the data to inform various decisions, such as default order for blocks and whether some blocks are less suitable for core. Gutenberg contributors were looking into make the tracking its own module so it could be useful for other WP feature plugins and core.

Shortly after the feature was added to Gutenberg, contributors began to revisit the Telemetry discussion on WordPress Trac. The topic of telemetry for core had been tabled earlier this year, as it did not fall within the three core focus areas for WordPress development in 2017. Participants requested the ticket be reopened for discussion looking toward 2018 in light of Gutenberg adding opt-in tracking.

“I think it’s a terrible idea for Gutenberg, too,” Matt Mullenweg commented on the ticket. “I doubt that anything actionable or useful will come of it that couldn’t be obtained by non-data-collecting means.”

Twelve hours later, James Nylen commented on his original announcement to notify the community that tracking will be removed from Gutenberg in the 0.8.0 release:

There’s been quite a lot of discussion on this topic across the community, much of which stems from earlier discussions like #38418, which I wasn’t aware of.

Usage tracking in Core and feature projects is a much bigger topic than fits into the scope of Gutenberg right now, so I’ve removed it from the GitHub repo, and it will be removed in the 0.8 Gutenberg release.

The data that it was tracking, while interesting, probably wouldn’t have been a significant factor in the long-term growth and development of Gutenberg. The discussion surrounding the data collection, however, would take up a disproportionate amount of the team’s time.

Nylen said the data collected by the plugin thus far will be deleted after 0.8 rolls out and that since it’s so early in Gutenberg’s development there was “not enough data collected to provide any sort of picture of usage.”

WordPress Telemetry Advocates Continue Lobbying for Opt-In Data Collection

The discussion about whether or not WordPress needs telemetry has continued in the form of tweetstorms, as data collection advocates make the case for data-driven decision making.

“The decision not to capture metrics (telemetry) from WordPress is one that continues to have a large impact on what we (don’t) know,” Liquid Web VP of Product Chris Lema said. “As we’re trying to make decisions about Gutenberg and metaboxes, we might ask, how big a problem is this, by number of plugins or sites. But we don’t know because we decided that we can always iterate WordPress, like we’ve always done. It’s true that we’ve done that before, but that doesn’t mean it’s either the wisest approach, nor the least risky. With so many options today, will people necessarily return? The more logical approach, in my mind, is to capture as much data as possible and to make it as public as possible, so we can all review.”

WordPress Telemetry proposal author Morten Rand-Hendriksen joined in the discussion with another tweetstorm:

WordPress needs a core method for collecting quantitative user data through telemetry (metrics). One of the biggest challenges WordPress faces is the lack of reliable data about global day-to-day use. Like most Open Source projects, WordPress has relied on community feedback as its primary data source, which is fine for a small project. The problem is WordPress is a Very Big Project with global reach and the majority of its users never interface with the community.

I like to say we, the people who talk about, provide feedback for, and design/develop WordPress are the 1%. It might be more like 0.1%. Making decisions based on the traditional community feedback model is making decisions without knowing anything about the majority of users. Some will argue this is fine, that WordPress is developed by those who show up. That’s not a workable or responsible model for a project. We, the people who build WordPress, have a duty of care to the people we build it for. And those people are not us. ‘We can just do user testing,’ you say? Sure. Let’s do proper qualitative user testing. That requires staffing, funding, and infrastructure. User testing for a project like WordPress is non-trivial. It requires professional analysis.

Rand-Hendriksen’s tweetstorm continued with a summary of his telemetry proposal which would be opt-in based on a plugin prompted from core. The plugin would anonymize all collected data and allow for targeted data collection based on research needs. He proposes that the data be stored on servers owned by the community, separate from corporate interests, so the data can be shared openly to ensure transparency. The ticket for this feature request is currently closed.

“There’s a ton going on, and it’s far more important than built-in big brother centralized tracking,” Mullenweg said in response to Rand-Hendriksen’s tweetstorm. “Do it as a plugin or with a host and show it informs a decision that we wouldn’t have taken otherwise. And remember that past usage is not a good predictor of future success, or what the world needs. We need to build iPhones not Blackberries.”

During the 2016 State of the Word address, Mullenweg proposed a new structure for core releases in 2017 where he would be putting on the ‘product lead’ hat and have design and user testing lead the way. As feature requests have popped up outside of the three core focus areas, Mullenweg has had to systematically shut them down or put them on hold for later in order to keep Gutenberg on track.

However, it’s not surprising that the engineers leading the Gutenberg project, most of whom are employed by Automattic, wouldn’t think twice about adding user tracking. The company has a blog entirely devoted to data where its data scientists write about the data pipelines they have built to help the company create a sustainable business. Historically, Automattic has strongly embraced using data in making decisions, which is why Calypso has event tracking built into it. Mullenweg is taking a different product leadership approach with the open source WordPress project.

“For people unhappy with our direction, no amount of data will change their minds,” Mullenweg said in response to critics on Twitter. “The results will tell. I’m happy to stand by them the past 14 years, and believe the next 14 will validate our approach.”

How to Avoid the New WordPress.com Interface

WordPress.com New Interface - Access to WP Admin.For the past three to four years, WordPress.com users have been “experimenting” with the what is known as the “new” WordPress.com interface. A drag-and-drop-meets-wysiwymg interface (What You See is What You MIGHT Get), it is designed to make interaction with WordPress easier. I’m still waiting.

What it continues to do is make my students and clients have fits of frustration, hair-tearing, and tears.

Let me be clear. I am not personally or professionally against improving the interface of WordPress. It needs improvement. Unfortunately, during the development stage, the majority of work is done in the “classic” interface known today as the WP-Admin. People become familiar with it, trust it, and enjoy the simplicity once they learn a little of the lingo (what’s a Page, post, and media), yet, when they encounter the new interface, they are confused, frustrated, and lost.

Those starting to use WordPress need quick access to Themes, Widgets, Settings, Pages, etc., and the new interface, unless you are careful with what you click, may switch back and forth between the new and the classic interface seemingly without warning, causing no end of confusion. Once they get the site set up, the new post interface is “good enough” for them, as most of my students admit, though they rush back to the classic interface as soon as possible.

It makes no sense to them. It takes longer to load, doesn’t work well when not connected to the Internet, It might be a “clean” interface, but they can’t find categories, tags, post scheduling, preview links, and sticky post buttons without hunting around the screen. Younger and older people HATE the lack of contrast in the font and screen colors. If they are working near a window or in a bright light situation, they complain they can’t find their way around the screen because they can’t see it. Older people complain they get headaches working with it because it is so “dim” – their word not mine. If there was a higher contrast alternative, the complaints might be fewer.

Having met some of the designers behind the new interface, I understand their intentions and goals. I adore their passion and commitment to improving WordPress. I just wish they could wear Vaseline-coated glasses, work in brightly lit rooms, and approach WordPress from the perspective of someone having never seen it before.

Until then, I have to deal with frustrated clients and students, and you must know there are alternatives.

Use the WP-ADMIN

The classic WordPress interface is now called WP-ADMIN.

To open it directly use example.com/wp-admin/.

I recommend you bookmark it and add it to your visible bookmark toolbar on your browser or memorize it. If you get lost, just type in wp-admin at the end of your URL and hit enter. AH, back to familiar lands.

To access it through the new interface:

  1. Click My Sites to access the dashboard screen or bring up the right side drop down menu.
  2. Scroll to the bottom of the right side menu. Look for WP Admin, and click.
  3. It will force open a new window or tab.
    • If your browser is set to switch immediately to a new tab or window, find the previous tab you were just on and close it.
    • If your browser is set to open new tabs and windows in the background, close this tab and switch to the newly opened tab.
    • If all this tab switching and forcing makes you crazy, and it does, right click on WP-Admin instead and choose to Open Link in New Tab.

Forcing links to open in a new tab without warning the user is a violation of web standards and international laws, but the small box with the arrow shooting out to the top right is a long-held standard indicator that a link will force open in a new tab or window.

Still, it is a useless thing to do and leaves people unfamiliar with how a browser and links work with multiple open WordPress interface tabs, which leaves them confused and lost, not knowing where they were when they switch away and come back. Personally and professionally, I believe the link to the WP-Admin should open in the same page. Those who wish to force open new tabs already know how to do so, so let them.

To avoid accessing the new interface, stick with the WP-Admin access and NEVER click the EDIT link on the front end of your site. It automatically redirects to the new interface now.

Also, ignore all nag screens that tell you to switch to the new interface. For a while, such a switch made it difficult to switch back to the classic edit interface, so don’t. Seriously. Don’t.

If all this tab-switching and clicking is too much work. There is an alternative.

Using a Browser Script

Browser scripts are bits of code that react when you visit a web page or site. They will not work on other sites unless programmed to do so. For example, there are browser scripts that stops autoplay of the most common videos. There are browser scripts that stop autoplay of music on websites that annoy us. There are also browser scripts for Gmail, Facebook, and more.

And for WordPress.

Among them is a script called WordPress.com edit post redirects that automatically redirects the new post edit interface to the classic when you click EDIT from the front end of the site (the design view that other people see).

To use the Edit Post Redirect, install Greasemonkey Add-on for Firefox or Greasy Fork Add-on for Chrome first. Restart your browser if necessary. Then install the WordPress edit post redirect. It will automatically install the one appropriate for your browser.

When you land on the new post edit interface, it will redirect automatically to the classic post interface. It is fairly instant for cable users, and takes a moment for dial-up Internet users.

For more specifics and step-by-step instructions, see “How To Force A Redirect To The Classic WordPress.com Editor Interface – Diary of Dennis.”

Be warned that you may have to reinstall the script from time to time as WordPress makes changes in their redirect process for the new interface.

Filed under: WordPress, WordPress News, WordPress Tips, WordPressDotCom Tagged: browser, browser redirects, browser scripts, edit post, edit post interface, greasemonkey, redirects, wordpress, WordPress classic interface, wordpress interface, WordPress Tips, wp-admin

WordPress Core Fields API Project Sees Renewed Interest

As work continues at a feverish pace on Gutenberg, many developers throughout the community are engaging in discussions on how meta boxes will be handled in the new editor. The team is considering various solutions and some have suggested that a Fields API in core would have made the future of meta boxes less of an issue.

I reached out to Scott Kingsley Clark, lead developer of the Pods Framework and one of the main contributors to the Fields API project. Clark explains what the Fields API is, its current status, its relationship to the meta box discussions, and how to contribute.

For those who don’t know, what is the Fields API project? How would it impact users?

It’s a feature proposal for WordPress core to allow registering fields to different screens in the admin area through a single API. For posts, this would add new meta boxes and fields within them. For users, it would add new sections and fields to the profile screen. The goal is to integrate with all of the different admin screens including, Posts, Terms, Users, Media, and Comments.

Typical users would notice that the fields added by plugins they are using all have a similar look and feel. That’s really an oversimplification of what’s going on behind the scenes, but it’s one of the big benefits as well, since it shouldn’t really affect end-users beyond improving consistency of different screens and potential redesigns.

What has caused progress on the project to slow down?

I was out-of-town for a all-hands company meetup, lead organized WordCamp Dallas-Fort Worth 2016, and ran PodsCamp 2016 in Austin, TX, all in the span of about a month and a half. It was intense, but somehow last summer I thought I could manage moving too.

We were in the process of showing our house, almost all of the time, so that we could sell it. The buying process was full of thorns, with a move that was pretty fun. I also started a new job at Modern Tribe in February, 2017.

In retrospect, yes that was way too much but the challenge was met and the only thing that suffered was the Fields API project, which was no easy feat. It’s unfortunate, but I’m glad to be getting back into things again this month.

Are new contributors showing a renewed interest in the project?

Yes. We recently had a few people become interested in helping. When I’ve got help, I’m 300% more productive. It’s much easier to bounce ideas off of others with shared experience than it is going alone.

How does the API relate to how meta boxes could be handled in Gutenberg? If the API were in core, how would it influence the discussion?

Here’s where the irony sets in. If we were successful in getting a Fields API into WordPress before Gutenberg was a thing, the ability for Gutenberg to revamp as much as it has planned to revamp in the post editor, would not be as hindered as it is now.

The biggest problem I see facing Gutenberg is reining in the scope that covers meta boxes. They need to get things working for meta boxes that are already being registered and used by plugin developers.

If Fields API were a part of WordPress, they would still need to keep backwards compatibility but I could easily add a meta box with my fields into the proposed Gutenberg meta boxes (still in discussion) with just a few lines of code. Plus, my fields and meta boxes registered using the Fields API would work just fine on pre-Gutenberg sites.

Another parallel here would be the User edit screen, which has had much discussion about revamping the way it looks. It’s very difficult to revamp it and give it consistency without a Fields API already in place. It’s not impossible, but many problems come to the surface during any approach to ‘React-ify’ it, utilize meta boxes, or whatever it would use.

How can people get involved/contribute to the Fields API project?

I’m very excited to have others interested in moving the project along. I’m eager to gain more interest. They can join us in #core-fields on WordPress Slack if anyone is interested. They can also follow the project on GitHub where pull requests are welcomed.

Clark also says that the GitHub repository will be revamped soon to provide more focus on making the project a feature-plugin first instead of a core proposal.

Gutenberg Development Team Confirms Meta Box API Will Not be Formally Deprecated

photo credit: Doors Open Toronto 2008 – Toronto Archives(license)

The discussion surrounding how Gutenberg will handle meta boxes heated up over the weekend after a participant commented on the GitHub issue with concern regarding meta box support being removed from the most recent milestone.

“I see this vital issue has been removed from any milestone,” @steveangstrom said. “It has been de-prioritized again while bells and whistles for blog editing get lots of work and are added to betas. This is very worrying for the future of WordPress as a CMS.”

James Nylen, one of the lead developers on the project, reassured followers of the topic that the Gutenberg team has not forgotten about the issue but rather that it is “an extremely complicated issue that we are only beginning to look into, along with many, many other priorities for getting the editor working well.” He also asked for help from the community in planning and testing implementations for supporting meta boxes.

This response left many things unclear. Participants in the discussion, many of whom are developers concerned about about the prospect of having to rewrite all of their meta boxes as React components, are wondering why meta boxes cannot work alongside the new Gutenberg editor and why the team chose to include meta boxes in the scope of the project.

“Is it possible to replace the existing TinyMCE post editor with Gutenberg while leaving the rest of the interface, including meta boxes and existing hooks, unchanged?” Kevin Hoffman asked. When Nylen clarified that Gutenberg, as written today, is intended to be a post_content editor, Hoffman summarized the concerns that many developers have expressed:

If Gutenberg is truly intended to be a post_content editor, then meta boxes should be left alone as they are not concerned with post_content.

Furthermore the need for an API to translate PHP meta boxes into React meta boxes is a manufactured problem. It does not have to be a problem, but it has become a problem because somewhere along the line it was decided that rewriting the post_content editor should also completely change how meta boxes work.

You’ve outlined the tremendous challenge of writing such an API in #2251. Translating PHP meta boxes into React for a popular custom fields solution like ACF is challenging enough, let alone trying to do so for every meta box implementation that exists today, popular or not. It does not scale.

As the Gutenberg contributors shared that they have only just begun to look into the meta box issue, it’s now clear why there is no roadmap for how the project will handle “legacy” PHP meta boxes. In July, Nylen said, “If I had to guess where we will end up here: current metaboxes will be moved to a “legacy” area and we will provide APIs, documentation, and examples for registering ‘new-style’ metabox-block-thingies.”

Plugin developers who manage meta box libraries, agencies, and other concerned parties are following the ticket to find out how to plan for the WordPress 5.0, which has been targeted as the Gutenberg release. Andrey Savchenko asked if WordPress plans to formally deprecate the meta box API, which finally drew a clear answer from the team. Matias Ventura responded:

“Does WordPress intend to formally deprecate Metabox API?”

The question that is not fully answered yet is how do meta-boxes work in the context of the Gutenberg editor. Should they remain the same or evolve? How can we move towards the design goals with the least amount of disruption possible?

This issue has been lingering not due to a lack of desire, but lack of resources. The primary focus for this project is to offer a rich content editing interface that optimizes for direct manipulation of user content through the notion of blocks. (Having used meta-boxes extensively for various projects, I believe blocks can offer a better step forwards for many of those needs while providing a better user experience.)”

Ventura listed several options the team has considered for handling meta boxes and requested help from the community to build the best solution:

  • If we detect a meta-box is registered we can fallback to the old interface, nothing changes.
  • We could split editing the content and modifying meta information into two screens or stages.
  • We can try to see how feasible it is to render these as they are (PHP) below the content: #2251.
  • A theme/plugin/CPT could unregister the new interface as needed.
  • Various items that relied on meta boxes could be converted to blocks for UI (still storing data separately).
  • We could implement API based meta boxes extensibility like the Fields API.

When pressed to answer the question of why meta boxes are being included in the context of the new editor, Gutenberg design lead Joen Asmussen clarified how the team decided to include meta boxes in the scope of the project:

Gutenberg did start just with the editor box. The kickoff goal was to unify multiple disparate interfaces under a single unified block interface. It quickly become apparent that in order for us to create a compelling experience revolving around this unified block interface, we had to consider the full writing flow, including settings and publishing.

If the key strength of WordPress is to make it easy for anyone to create rich posts, then we can’t just design for those of us who already know how to use the editor. We have to consider users who’ve never used WordPress before, and what they expect in a modern publishing interface. Otherwise we’d just be adding cognitive load to an already heavy interface.

The question of how meta boxes will fit into the context of the Gutenberg editor is still open. Participants in the discussion are eager to have this question answered for the sake of backwards compatibility and also because it affects ongoing decisions regarding Gutenberg development and screen design.

“I completely get how much work has been done towards the ‘screen’ replacement approach,” Xavi Ivars commented on the issue. “But shouldn’t a project that started with the goal of a ‘post content editor’ replacement, have gone back to the community before deciding unilaterally that it would replace the whole editor screen?”

The meta box API isn’t being deprecated but there’s also no clear path forward for how Gutenberg will support “legacy” PHP meta boxes. The Gutenberg team said the issue has not been solved due to lack of resources. The project needs community input and better communication if the team is going to land on a solution that will seamlessly usher the majority of WordPress sites into the Gutenberg era with the least amount of breakage.

Currently, the feasibility of rendering legacy PHP meta boxes below the content is fraught with challenges and still up for debate. If there isn’t enough time or client resources for developers to rewrite their work into JS-driven meta boxes, then a clear path for opting out of the Gutenberg interface may be necessary for sites that need to preserve the legacy “PHP” meta boxes.

Yoast SEO 5.2: Accessibility, compatibility and bug fixes

Today we’re releasing Yoast SEO 5.2. In this brand new version you’ll find some feature enhancements, accessibility improvements and a couple of bug fixes. In addition to that, we’ve laid some groundwork that will help us make Yoast SEO work well with the plugins our users use most. Read about all the improvements here!


Web accessibility is something we always urge website owners to think about and improve. As we can’t let our own products fall behind, we regularly work on the accessibility of the plugins we develop. This time, we scrutinized the accessibility of the onboarding wizard of Yoast SEO and improved it so everyone will be able to use it well. 

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO for WordPress pluginBuy now » Info

Redirects for private posts

The redirects manager of Yoast SEO Premium is one of the features we’re most proud of. It makes creating redirects – and therefore preventing 404s – so much easier, and helps site owners to be less dependent of developers. As of this release, we’ve added an enhancement to this feature. From now on, if you trash a post that’s set to private, Yoast SEO Premium will also ask if you want to redirect the old url to a new one. 


One thing that keeps challenging plugin developers like us is to make plugins work with all the different plugins that our users use. There are so many plugins out there – not even to mention the various combinations of plugins that exist. To improve the compatibility of our plugins, we’ve added tracking to find out which other plugins our Premium users have installed. This will help us tremendously in making Yoast SEO work flawlessly on more WordPress installs. For the same reason, we’re tracking which PHP version our user’s websites are running on.

Speaking of PHP, if your site is running on PHP version 5.3 or lower, you couldn’t have missed the notice to urge you to move to a newer version since our 4.5 release. Does this WHIP notice keep annoying you? Then we have some good news for you. You can now dismiss the notice. After 4 weeks it will pop up again though, as we still believe upgrading to a newer PHP version is the best way to go.

That’s about it. Go update to 5.2 and enjoy this brand new version of Yoast SEO!

Read more: ‘Why every website needs Yoast SEO’ »

Gutenberg 0.7.0 Adds Opt-In Usage Tracking

Gutenberg 0.7.0 was released just before the weekend with improvements to the writing flow and greater flexibility for theme authors to add their own customizations. Last week’s version 0.6.0 release made significant changes to the way paragraphs are created within text blocks, allowing for blocks to split when pressing enter. However, it inserted a “New Paragraph” placeholder that was distracting for users trying to stay in the flow of writing.

Version 0.7.0 hides placeholders on focus, providing a cleaner experience of starting a new paragraph. After a user has already intuitively initiated a new paragraph by pressing enter, the “New Paragraph” placeholder holds little value. Removing the placeholder is a minor improvement that brings Gutenberg closer to providing a better experience for long-form writing.

This release also introduces theme support for customized color palettes and a shared component, such as cover text and button blocks. The sample code below shows how easy it would be for theme authors to implement their own color palettes.

Gutenberg contributors have also added theme support for wide images. According to the inline docs, this allows for some blocks, such as the image block, to define a “wide” or “full” alignment by adding the corresponding classname to the block’s wrapper ( alignwide or alignfull ).

These additions offer theme developers a better picture of where Gutenberg is headed in regards to themes. The plugin’s contributors are slowly building in more points of customization so that theme authors can add or override Gutenberg’s styles and provide additional opt-in features to their users.

Theme support for wide images has already been committed to Tammie Lister’s experimental Gutenberg Theme. The project was created to showcase how Gutenberg will interact with WordPress themes and is still a work in progress.

Gutenberg Adds Opt-In Data Collection

After updating the Gutenberg plugin to 0.7.0 and navigating to the editor, users are presented with the option to opt into data collection about their usage of the editor. The usage data, which is anonymous and does not include post content, is sent to WordPress.com for future analysis. Gutenberg contributor James Nylen explained how the data tracking works in a post on Make.WordPress.org.

“The Gutenberg plugin contains a mechanism to count how often specific actions occur over time,” Nylen said. “If the user has previously clicked ‘Yes’ on this screen, and an event occurs that has an associated bumpStat call in the Gutenberg code, then this event is sent to WordPress.com servers by loading a special ‘pixel’ image.”

Gutenberg’s tracking code stores the “group” and “name” sent with the bumpStat call (short strings of text), along with the time the event was recorded. Nylen said the team will use the data to improve the editor based on usage patterns. This data collection information is currently only available to those with access to WordPress.com servers.

“As Gutenberg is an open-source community project, we view this data as belonging to the WordPress community, so we also plan to make this data available via a public dashboard,” Nylen said.

He shared an example of the data that has been collected from the plugin over the past few days since 0.7.0 was released. This chart is a preview of the number and types of blocks that users have added to posts while testing the editor.

“The approach taken here is very similar to Calypso’s event tracking code,” Nylen said in the pull request for adding the data collection. “We can use the data added in this PR to inform various decisions such as default order for blocks and whether some blocks are less suitable for core, and more generally this is a very useful technique to collect user experience data.”

The majority of Gutenberg’s chief contributors are Automattic employees, so it makes sense that they would use the options and infrastructure available to them to quickly get data collection going in Gutenberg. However, the data from these tests needs to be shared with the greater WordPress community as soon as possible, since it is being collected in the name of the WordPress project. Ideally, it would have been set up to be displayed publicly before asking users to opt into the collection.

Gutenberg contributors are also considering making the data collection more modular so that it could be used with other WordPress feature plugins or existing features in the future.

“Maybe the tracking could be its own module, it could be useful outside of the editor (and other WP feature plugins later),” Riad Benguella said. “Longer term (or not), WP.org needs its own tracking infrastructure and this could be very useful to enhance WordPress.”

WordPress 4.8.1 Released, Adds Custom HTML Widget

WordPress 4.8.1 is available for download or as an update from the WordPress Dashboard. This release contains 29 bug fixes and improvements. The most notable addition is a dedicated Custom HTML widget.

Custom HTML Widget in WordPress 4.8.1
Custom HTML Widget in WordPress 4.8.1

The Custom HTML widget works similar to the Text widget in WordPress 4.7 and below. To see a full list of changes in WordPress 4.8.1, check out the release notes. If you think you’ve discovered a bug, please report it in as much detail as possible on the WordPress support forums. Twenty-two people contributed to this release.

WordPress Polyglots Team Fuels International Community Growth with 3rd Global Translation Day

The 3rd Global WordPress Translation Day has been set for September 30, 2017. The success of previous events has generated momentum to continue the 24-hour global translation sprints and has also increased the visibility of the Polyglots team’s contributions. These sprints have provided a catalyst for the team’s growth from 5,000 contributors in April 2015 to 17,000 in November 2016. The greater WordPress community has also grown in tandem, as reliable translations are the lifeblood of international WordPress usage.

One way of measuring the growth of the global community is the checking the status of local meetups. After the addition of the dashboard events widget in WordPress 4.8, the community has seen a sharp rise in meetup group growth, according to recent stats from the community team. The widget displays local WordPress events for logged-in users.

“It’s safe to say that the widget has achieved its goals admirably — since WordPress 4.8 was released a little over a month ago, 31 new meetup groups have been formed with 15,647 new members across the whole program,” Hugh Lashbrooke said. “This is compared to 19 new groups and only 7,071 new members in the same time period last year.”

Much of that growth can be attributed to the growth of the international WordPress community, which has continued to advance the concept of regional WordCamps for countries and continents. These include events such as WordCamp Netherlands, WordCamp Europe, and the planned WordCamp Asia, that bring larger groups of WordPress enthusiasts together around a common region.

In 2014, the WordPress community hosted 80 WordCamps in 29 countries. At the conclusion of 2016, there were 115 total WordCamps hosted in 41 different countries.

WordPress’ usage continues to grow every year, and the percentage of non-English-speaking users is also expanding. In 2014, non-English WordPress downloads surpassed English downloads for the first time.

Last July, 53.9% of WordPress sites used the English (US) locale. That number has dropped to 50% as of today, as international usage continues to rise.

Stats from WordPress.org July 2017

Rahul Bansal’s lightning talk at WordCamp Europe identified one example of how the translation sprints are bringing in new contributors in India. In the past, meetup groups have had a problem with retaining new users, who often come to their first meetup lacking both a sense of belonging and confidence in contributing. Bansal and other Polyglots members had an idea to remove this block to contributing by getting new users involved in translating WordPress.

During the last global translation day event, Bansal helped organize a local group to translate WordPress core into Hindi, Marathi, and Gujarati. They also translated the subtitles for the WordPress 4.6 release video. The key was that the leaders did not participate in translating strings but rather focused on guiding new translators – 90% ended up being first-time contributors.

WordPress 4.6 shipped with support for 50 languages and the complete Gujarati translation was added to core just a few days before the release. Its inclusion in the release made WordPress more accessible to approximately 65.5 million Gujarati speakers worldwide.

The 3rd Global WordPress Translation Day falls on the same day that the United Nations has designated as International Translation Day, a new initiative to recognize “the role of professional translation in connection with nations and fostering peace, understanding, and development.”

WordPress has only just begun to explore its potential to democratize publishing and hasn’t even cracked the ice in terms of usage across the world’s most popular languages. Sites using the various Chinese and Arabic locales make up less than 2% of international usage, despite these languages having more than a billion native speakers combined. If WordPress adoption takes off in these parts of the world, it will create a whole new wave of contribution and vastly expand the world market for commercial plugins and themes. The Polyglots team are on the forefront of making this possible.

The first two WPTranslationDay events were held in April and November of 2016. The second event had a 74% increase in participation over the first with a total of 780 translators participating. This year organizers are aiming to host more local translation sprints to surpass the 67 held in November. If you want to join the Polyglots team to help serve WordPress’ growing international community, you can attend or organize one of the local events, watch sessions live on CrowdCast, organize a remote event, become a speaker, or start translating at translate.wordpress.org.

FAQs for User Submitted Posts

This post contains overflow FAQs for the free version of User Submitted Posts (hosted at WordPress.org). I am moving a bunch of the FAQs to this post in order to clean up the plugin’s ever-growing readme.txt file. For FAQs about the Pro version of USP, check out USP Pro – FAQs & Presales over at Plugin Planet. And so without further ado..

Note that these FAQs are in no particular order..

Is it possible to set up conditional redirects?

I haven’t tried it myself, but it might be possible. In the form code, there is a hidden input that specifies the redirect URL. The hidden input has a name attribute with a value of redirect-override. So you could target this input with some JavaScript, and then change the value of the hidden field based on whatever criteria you need.

What is the plugin setting for the “From” email header?

That setting enables you to customize the address used as the “From” header for email messages. If your email address is a domain-based address, then this setting should be the same as the previous Email setting. Otherwise, if you are using a 3rd-party email service, this setting should be a local, domain-based address. If you find that email messages are getting sent to the spam bin, this setting may help.

How can I display the form again after the user has successfully submitted a post?

Follow the steps to create a custom form, but use submission-form-alt.php instead of submission-form.php. Note the alternate form template still needs a way to clear cookies after successful form submission, so not recommended for public sites.

Does USP require the functions exec(), exec.php, or url_fopen?

Nope. User Submitted Posts does not use any of those functions.

Why doesn’t the USP shortcode work when added to the WP Text widget?

By default, WordPress does not enable shortcodes in widgets. I have added a plugin setting called “Enable Shortcodes” that will enable any/all shortcodes to work in widgets. Enable that setting and you should be good to go.

Note: the “Enable Shortcodes” setting applies to all shortcodes, even those of other plugins. Check out WP-Mix for more information on enabling shortcodes in widgets.

My form has lots of extra spacing between each field, how to fix?

There are numerous reasons why a form might be displayed with too much spacing between the fields. Here are some possible things to look at:

  • The USP shortcode may be wrapped with <code> tags; solution: remove the code tags.
  • Theme CSS may be interfering with its own styles; solution: examine theme styles and edit as needed.
  • There may be interference from some other plugin/theme; solution: troubleshoot your plugins and themes (check out the sections on troubleshooting plugins and themes).

The Name and URL fields are not displayed in the form, even though they are set to display in the plugin options.

The setting “Registered Username” when enabled will automatically hide the Name field. Likewise the setting “User Profile URL” when enabled will automatically hide the URL field. Try enabling these settings, logging out of WordPress, and then refreshing the form page.

How do I display success and error messages when the “Redirect URL” setting is enabled?

Add the following template tag in your theme template, wherever you want to display the success/error messages:

<?php echo usp_redirect_message(); ?>

You can then style the output via the following selectors:

.usp-error {}
#usp-error-message {}
#usp-success-message {}

Check out more CSS hooks for User Submitted Posts.

Nothing happens when you click on the “Add another image” link.

The “Add another image” link is dependent on the required JavaScript being included in the page. Check the plugin setting to “Include JavaScript?” and you should be good to go. Also make sure that the “Image Uploads” settings are configured to allow multiple files.

The height of my form fields are all messed up, how to fix?

USP provides its own, very minimal styles. Nothing that sets the height for any form fields. So if your field heights look weird, most likely your theme or a plugin is adding its own CSS styles. To resolve, you can try adding this bit of CSS to your stylesheet:

#usp_form .usp-input, #usp_form .usp-select, #usp_form .usp-textarea, #usp_form .usp-submit { height: initial; }

That line basically resets the height property of all form fields to the original value. So it should override any other height styles.

How can I customize the login-required message?

When the setting “Require User Login” is enabled, and the user is not logged in, they will see a message that says, “Please log in to submit content!”. To customize this, add the following code to your theme’s functions.php file:

function usp_customize_login_required_message($message) {
	return '<p>Please <a href="http://example.com/wp-login.php">register</a> to submit content.</p>';
add_filter('usp_require_login', 'usp_customize_login_required_message');

Then customize the return line however is desired. This trick uses USP’s filter hook, usp_require_login.

How can I change the default Post Title?

When the Post Title field is not included in the submission form, USP automatically uses the default: “User Submitted Post”. To customize the default Post Title, you can use the provided USP filter hook, usp_default_title. Here is an example:

function usp_customize_default_title($title, $time) {
	return $title .' - '. $time;
add_filter('usp_default_title', 'usp_customize_default_title', 10, 2);

That will append a unique date/time string to the default Post Title.

I’m new to WordPress and just installed USP. How do I display the form?

To add the form via shortcode, you can visit the Post or Page on which you would like to display the form, and then paste the shortcode into place. Remember to save your changes.

To add the form via template tag, it really depends on the theme, because each theme tends to use template files differently. It also depends on where on the page you would like to display the form, for example the sidebar (sidebar.php), the footer (footer.php), and so forth. Also, chances are that you’ll need to add the form to more than one template file, for example index.php and page.php, etc. A good first place to try would be the sidebar, or maybe index.php and then go from there.

How do I display the submitted Author Name and Author URL instead of the Default Assigned Author?

This functionality is built in to the Pro version of USP, but it’s also possible using either of the following methods:

  • Replace your theme’s current author tags with USP’s usp_author_link()
  • Add some custom code to your theme’s functions.php file. If interested, please contact me directly, and I will send the code and steps to implement.

I need help doing basic troubleshooting, can you provide any resources?

Yes, check out these tutorials:

For troubleshooting plugins and themes, check out the first tutorial sections on “Plugins” and “Themes”.

More FAQs & Infos

For more USP FAQs (for the free version of the plugin), visit the User Submitted Posts homepage at WordPress.org. For FAQs about the Pro version of USP, check out USP Pro – FAQs & Presales over at Plugin Planet.

Questions? Feedback?

Send any questions or feedback via my contact form, and I’ll get back to you asap. Thanks! :)

What Are The Main Security Considerations for WordPress-Based Enterprises?

Security is incredibly important for all the right reasons. However, a small blog or a 5-page business website is less prone to becoming a target as compared to a popular enterprise where competitors, top black hats, and other 3rd parties may have an incentive to receive some proprietary information which may be very, very expensive.

WordPress Security is also one of the 15 main obstacles that enterprises report in WordPress. I’ve discussed the list in a separate post based on our sales meetings and calls with various enterprises and what helped us sign several deals with multi-billion dollar brands.

Massive Distributed Attacks and Targeted Hacks

WPScan’s Vulnerability Database

Generally, attacks are split into two main divisions:

  1. Automated mass attacks targeting hundreds of thousands or millions of websites
  2. Specialized attacks focused on a small number of websites (a few dozens) or even a single target

The first type is common among script kiddies looking for zero-day vulnerabilities in hacker forums or vulnerability databases. Often times, Perl or Python scripts are available and could be executed easily. Usually, hackers skip a step or two in order to avoid that, but even a fairly junior kid with some limited programming experience can figure it out with the right (or not) motivation.

The second type of targeted attacks is often more complicated and combines a set of activities that, when combined together, may lead to escalated privileges and unauthorized breach of data.

Technical and Social Engineering Attacks

I would also break them down into two separate components:

  • Technical breaches
  • Social engineering

According to two studies revealed by eSecurity Planet and SC Media state that 60% of enterprises were victims of social engineering attacks in 2016 and fully 84 percent of hackers leverage social engineering in cyber attacks.

Social engineering attacks are interesting as they depend on fooling people into giving some proprietary information somewhat voluntarily without going through the right security procedures or opening the wrong type of file or online resource leading to data leaks.

In other words, sending an email that seems legit to a general bank clerk who thinks that this comes from management may lead to an exploit even without going through all of the security hoops that most hacker movies show.

Social Engineering is Massively Effective

So, more often than not, social engineering is one of the key strategies that hackers use in order to link several activities that could lead to a successful breach.

Other than that – when talking about WordPress in particular – enterprise security and technical departments have to consider different aspects of the technical infrastructure that could be attacked separately.

In a .NET-driven technical stack (such as ASP.NET or any other Microsoft product), the underlying infrastructure usually includes a Windows Server, an MS SQL database, the .NET framework and so on.

WordPress, being a PHP-driven CMS, is written in PHP, runs on top of a MySQL database and is usually hosted on a Linux server running Apache or nginx.

With that in mind, a possible security breach can happen on multiple layers, such as:

  • The Linux server itself
  • Apache/nginx
  • PHP (mod_php or php-fpm)
  • MySQL
  • Other processes running on the server
  • The network layer
  • The WordPress Core CMS
  • Installed WordPress themes
  • Installed WordPress plugins
  • All sorts of 3rd party applications and services
  • The email server
  • An FTP server

The list could go on depending on what’s hosted on the environment.

If we consider any PHP framework or a CMS, most of the points above would be valid. The difference with WordPress is the Core platform itself and the themes and plugins installed.

What Should an Enterprise Evaluate When Deploying WordPress?

So, an enterprise has to evaluate the code quality (security-wise) of the WordPress Core platform and decide on the right process of finding the balance between building everything else from scratch and cherry-picking plugins that have been reviewed for possible security breaches.

There have been various security leaks in the WordPress Core platform but, globally speaking, they have been fairly limited and the number hasn’t been extremely concerning. Being open source, thousands of contributors and various security teams spend a lot of time trying to break the platform and disclosing responsibly vulnerabilities as they are found.

The WordPress Core team has been open and assertive and implements the right patches straight away. The fact that automatic minor Core updates have been around for several years now helps tens of millions of websites that receive updates within a day or two of releasing a minor security fix.

There are tens of thousands of WordPress plugins online and finding some that are proven to be safe isn’t trivial. Which is why many enterprises spend a lot of time on reviewing trustworthy plugins and deploying on approval and reviewing each update separately before deploying to production.

Other business-driven solutions are developed from scratch and coordinated with security teams as well.

Top 3 Enterprise Considerations for WordPress

Enterprises have three main things to keep into account:

  1. Their brands are often quite popular so they are more lucrative for hackers and receive a larger volume of hacking attempts on a monthly basis
  2. Their infrastructure is usually far more complex than a yet another blog or a small magazine (more feature-rich which means more custom code on top of the Core platform)
  3. They employ thousands or tens of thousands of employees and the odds of someone in-house leaking data by mistake is much higher

With the right security policies in place and responsible and regular code reviews in-house, using WordPress for enterprises is a great choice as seen with dozens of established enterprises.

Use Case: Powering a Bank Website With WordPress

Okay, most of the answers here are inherently incorrect or incomplete for various reasons. Let’s tackle that with some research data and brainstorming into account.

1. What is a Bank’s Website?

First off, “powering a bank’s website” is quite vague. We’ve been building WordPress solutions for 3 different banks over the past 5 years. The three platforms in particular were:

  1. An informational portal for bank A mainly suited for company news, listing the branches of the bank, all sorts of corporate information. We’ve also built a financial calculator for credits – a complex system that replicates the software application processing amounts, interest over time, and some machine learning algorithms for assessing risk.
  2. A payment gateway platform for 3rd party vendors, including the WordPress extension as well. That was a separate (yet branded and maintained by the bank) website for integrations.
  3. A set of security modules and privacy plugins and tools for another bank integrated with a reporting platform. Aggregating credit card statements and all sorts of user-driven details related to one’s payment status. Monetary and sensitive data information was indeed provided, although payment processing wasn’t active on the system (sending transfers across other accounts).

Two out of the three applications weren’t remotely related to the main payment system that the banks used for e-banking. The third one was the closest, being thoroughly audited by Verizon’s Internal Network Penetration Testing squad and a few more high-profile white hacking organizations (passed successfully).

As a conclusion, not every bank’s website is dealing with payments or any sensitive data.

2. Bank Security Vulnerabilities Report

One of the most reputable sources with regards to common security vulnerabilities is Category:OWASP Top Ten Project. According to 2013′s report, here’s a list of the main vulnerabilities online:

A study by SC Magazine from November 2013 highlights top site attacks on world’s biggest banks:

A Swiss penetration testing firm, High-Tech Bridge, analyzed publicly reported incidents affecting major websites for banks, and found that, over the last 10 years, cross-site scripting (XSS) vulnerabilities accounted for 80 percent of security incidents.

A common XSS attack method might involve a hacker using code injections to steal visitors’ data, like cookies, or manipulating what victims see to trick them into inputting sensitive personal or financial information.

In the experiment, High-Tech Bridge used a list of the world’s 50 “biggest banks” in 2012 (as determined by Global Finance magazine) and dug up public attack reports posted on security and hacking sites or online archives for XSS attacks and site defacements.

Financial institutions on the list included Bank of America, HSBC, Barclays, JPMorgan Chase, Wells Fargo, Bank of Montreal, and number of other major banks throughout the globe.

Out of 102 reported incidents, that occurred between 2003 to present, High-Tech Bridge found that Bank of America had the most public reports of security issues affecting its site.

As a conclusion, we can outline two separate notes:

  1. It does appear that non-WordPress websites are just as susceptible to web attacks as a WordPress-driven one (if not more)
  2. 80% of all security incidents are XSS-driven

The official WordPress security whitepaper showcases attention to OWASP’s list and major industry vulnerability categories when it comes to reviewing the existing code base and introducing new ongoing features in the WordPress Core.

XSS has a special place in the document with some practical examples of what the WordPress Security Team (and other independent security consultants) look for with regards to XSS:

WordPress provides a range of functions which can help ensure that user-supplied data is safe. Trusted users, that is administrators and editors on a single WordPress installation, and site administrators only in WordPress Multisite, can post unfiltered HTML or JavaScript as they need to, such as inside a post or page. Untrusted users and user-submitted content is filtered by default to remove dangerous entities, using the KSES library through the wp_kses function.

As an example, the WordPress core team noticed before the release of WordPress 2.3 that the function the_search_query() was being misused by most theme authors, who were not escaping the function’s output for use in HTML. In a very rare case of slightly breaking backward compatibility, the function’s output was changed in WordPress 2.3 to be pre-escaped.

The Open Source nature of the project supports those needs, given the tens of thousands of contributors, researchers, and developers who use WordPress for tens of millions of projects – in different applications – being able to replicate a problem in different context, thus easily and quickly identifying potential issues.

When compared to closed source and corporate system, I’ll remind the BadTunnel vulnerability discovered in 2016 which “could give attackers a way to set up man-in-the-middle attacks against victims by getting them to click on a link, open a Microsoft Office document or plug in a USB drive” and “can expose you to attackers who aren’t on your network, and your firewalls won’t save you”. For the record, this vulnerability affected all versions of Windows from 95 to 10, or about 20 years of vulnerable production system running in enterprises and corporate intranets with remote access exploitable by black hats.

There goes the “closed source” theory – at least to some extent.

Another study from 2016 covers some data regarding where banks are most vulnerable to cyber attacks now:

That said, let’s investigate what makes web applications most vulnerable to attacks?

Banks are getting hit hardest in their web applications. Forty-eight percent of bank data security incidents in 2015 involved compromised web applications, the Verizon report found.

Some apps are compromised through code injections. GozNym malware, for instance, typically inserts code into banks’ websites that creates pop-up screens asking for personal information. Through SQL injection, malware can access sensitive information in databases or gain access to other parts of a network through a web app.

Web app attacks are hard to detect since banks have thousands, sometimes millions of legitimate users accessing their sites. Finding the bad behavior in the noise is difficult, especially if the cybercriminals use multiple proxy servers and space their attacks over minutes or days.

The best defense? Two-factor authentication, Novak said. “We still see a lot of financial institutions using single-factor username and password,” he said. According to the report, 63% of confirmed data breaches in 2015 involved weak, default or stolen passwords.

As Matt Mullenweg (co-founder of WordPress) said himself in a Quora answer, running up-to-date software and using strong passwords are absolutely critical. Moreover, 2-factor authentication was mentioned in his reply as well, including a number of different systems including Jetpack’s 2FA component which has been thoroughly tested on WordPress.com as well – the 7th top ranking website in the US now, among giants like Google, Amazon, Facebook, eBay, or Wikipedia.

3. What Makes a WordPress Site Vulnerable?

A common misconception is that WordPress is inherently insecure. While there are regular vulnerabilities discovered and immediately fixed in core, their number, regularity, and impact is significantly lower (given its exposure) than almost any other web platform out there.

The four main reasons WordPress websites are being hacked are:

  1. Outdated WordPress Core and corresponding themes/plugins
  2. Insecure themes or plugins (voluntarily installed by website owners)
  3. Inherently insecure hosting (which is platform-independent as malicious users can gain access to any online software running on a generic host)
  4. Poor passwords, logging from an open Wi-Fi network or another user-driven mistake unrelated to tech

There are almost no grounds as to why WordPress is inherently insecure for a bank’s website. Granted, processing payment transactions through a WordPress platform may not be ideal. Many transactional platforms are not even built on top of a web platform, and run in C++, Java or another language that supports multithreading, introduces several security layers in-between, and passes data to a web application used for interactivity with the end user.

While there are vulnerabilities that can be pointed out in the WordPress Core which may, indeed, be exploited in an outdated system, there has been no thorough and extensive research comparing a WordPress Core build with another web application framework or platform. Relying on public information from media outlets regarding small business owners running an outdated site on a $3/mo web host with 60+ random plugins is not a comprehensive report for the stability of the WordPress platform running in a secure context itself.

As a conclusion, WordPress may not be the standard solution for a banking website (for other reasons such as the underlying database layer or the standard components provided by the Core in certain instances), but there is no objective reason that it should be ruled out in all cases. There are several success stories showcasing WordPress websites ran by popular banks and customers should rest assured that the sensitive information is kept safe and ran on intranets that provide limited access to public-faced websites.

The post What Are The Main Security Considerations for WordPress-Based Enterprises? appeared first on Mario Peshev.

How to Create a Client Dashboard in WordPress

Do you want to create a client dashboard in WordPress? A custom dashboard in WordPress can help your clients with resources and shortcuts they need to get started. In this article, we will show you how to create a client dashboard in WordPress without writing any code or affecting client’s ability to update their websites.

Creating a client dashboard in WordPress

Why Create a Client Dashboard in WordPress?

As WordPress solutions provider, you’ll come across clients who haven’t used WordPress before, and they are not familiar with HTML, CSS, or WordPress terminology.

By creating a custom dashboard for clients, you can provide them with a lean WordPress interface and improved usability.

It will improve client satisfaction which leads to more repeat work. Your clients will need less support which will also save you time.

That being said, let’s take a look at how to easily create a client dashboard in WordPress.

We will walk you through different steps in the process. You can decide how much you want to customize depending on your client’s requirements.

1. Hide Unnecessary Admin Menus

While building a website for your clients, you may use different WordPress plugins, custom post types, WordPress page builders, and other tools. Many of these tools will add their own menu items in the WordPress admin bar, create custom widgets in the admin dashboard, and add links in the toolbar.

The end result looks a bit messy. For a client who has never used WordPress these additional items make the dashboard look more complicated than it needs to.

WordPress dashboard

Let’s start creating a client dashboard by cleaning up the clutter.

To do that you will need to install and activate the Adminimize plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Settings » Adminimize page to configure the plugin.

Adminimize settings

You will see different admin sections listed on the settings page. Clicking on a section will expand it, and you will see the options for that particular section.

Settings for a section in Adminimize

You can show or hide any item listed under a section for different user roles. Carefully review each item before hiding it as this may affect your client’s ability to use their website.

For detailed instructions, see our guide on how to hide unnecessary menu items in WordPress with Adminimize.

2. White Label WordPress Dashboard

The Adminimize plugin covers a lot of options to control the appearance of your WordPress admin dashboard. However, it does not have options to hide the WordPress branding and white labeling the admin area.

White labeling includes replacing the WordPress logo with a custom logo, changing the admin area footer, show or hide items from menus, and more.

First, you need to install and activate the White Label CMS plugin. Upon activation, head over to Settings » White Label CMS page to configure plugin settings.

White Label CMS settings

The settings page is divided into different sections. You can click on a section to expand and view its settings.

Some options in the plugin are also available in Adminimize. If you have already hidden those options, then you can skip them.

For detailed instructions about each section, take a look at our article on how to white label your WordPress admin dashboard.

3. Change The WordPress Dashboard Appearance

WordPress comes with a handful of admin color schemes that users can change from their profiles. You can set a color scheme as default for new users. You can also create a custom color scheme of your own.

Admin color schemer

Want to take it to the next level? Try WordPress admin themes. These themes are available as plugins that you can install to change the appearance of your WordPress admin area.

WordPress admin theme

Here are some free WordPress admin themes and plugins that you can try.

4. Add Helpful Resources to Client Dashboard

When delivering projects to your clients, you will notice that many of them have similar questions. Adding a help or resource section in WordPress client dashboard can help you answer those questions and save time spent on providing support.

The best way to add a help section is by installing and activating the WP Help plugin. Upon activation, the plugin adds a new ‘Publishing Help’ menu item in your WordPress admin bar. Clicking on it will take you to the settings page.

Publishing help

This area will be empty since you haven’t created any help resources yet. Go ahead and click on the ‘Add New’ button to create one.

On the next page, you can create your help document just like you would create a WordPress post or page.

New help document

WP Help uses custom post type for documents, and they are hierarchical like pages. You can create parent and child documents to organize them.

Managing docs

You can also sync documents from another WordPress site. This allows you to use the same documentation for all your client projects.

For detailed instructions, see our guide on how to add a help / resource section in WordPress admin.

5. Creating Custom Dashboard Widgets

Dashboard widgets is the first things user see when they log into the WordPress admin area. This is the best place to point your clients into right direction by adding your own custom dashboard widgets.

Here is a simple dashboard widget code that you can use as a starting point.

You will need to add this code into your theme’s functions.php file or in a site-specific plugin.

add_action('wp_dashboard_setup', 'my_custom_dashboard_widgets');
function my_custom_dashboard_widgets() {
global $wp_meta_boxes;

wp_add_dashboard_widget('custom_help_widget', 'Theme Support', 'custom_dashboard_help');

function custom_dashboard_help() {

// Content you want to show inside the widget

echo '<p>Welcome to Custom Blog Theme! Need help? Contact the developer <a href="mailto:yourusername@gmail.com">here</a>. For WordPress Tutorials visit: <a href="http://www.wpbeginner.com" target="_blank">WPBeginner</a></p>';

Don’t forget to change the content part with your own message. You can use plain HTML for formatting and styling.

Here is how it looked on our demo website.

Custom dashboard widget

For more information, take a look at our article on how to add custom dashboard widgets in WordPress.

That’s all for now.

We hope this article helped you learn how to create a client dashboard in WordPress. You may also want to see our guide on how to boost WordPress speed and performance.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Create a Client Dashboard in WordPress appeared first on WPBeginner.

Gutenberg 0.6.0 Changes Text/Paragraph Block Behavior, Adds New Cover Text and Read More Blocks

photo credit: A Tiny Break From The Rain 🐰Adventures In Wonderland & Through The Looking Glass🐰(license)

Gutenberg 0.6.0 was released over the weekend with significant changes to the way paragraphs are created within text blocks. In previous versions of the plugin, pressing enter would create a line break inside a paragraph. This release modifies the behavior of the text/paragraph block to split the block when a user presses enter. (Line breaks can still be created by pressing SHIFT+ENTER.)

This update is a small improvement in that it hides the text formatting bar when you continue on with a new paragraph, but the slightest scroll or move of the mouse brings it back into view. Contributors are considering adding a buffer at some point that would only trigger the UI after the mouse moves a certain number of pixels.

Unfortunately, the “New Paragraph” placeholder text is intrusive and distracting. It is a constant, unwanted reminder of the structure of your document, which is not helpful if you are trying to stay in the flow of writing.

Gutenberg may improve the experience of vertically stacking differently formatted content, but the writing experience still needs a great deal of work before it can be comparable to what WordPress currently provides. The new editor still gets in the way of writing, instead of silently enabling it.

After browsing the Gutenberg repository’s 400+ issues queue, it’s clear that contributors are aware of the jarring experience for writers and are working to improve it in every release. However, the beta software is not anywhere near ready for long-form writing, as the intrusive UI places too many cognitive demands on the writer.

New Blocks in 0.6.0: “Cover Text” and “Read More”

This release introduces a new “Cover Text” block that includes background, text color, and full-width options. Color swatches are available in the sidebar block options and contributors are planning to add filters to allow plugin and theme authors to supply a custom palette.

Version 0.6.0 also includes a new “Read More” block that inserts a read more link with instant visual feedback within the content.

This release also brings several improvements to existing blocks, autosaving for drafts, and initial support for undo/redo keyboard functions.

Gutenberg’s Negative Reviews are Piling Up on WordPress.org

Gutenberg contributors are regularly shipping weekly releases, with many features added as bare bones placeholders that will be iterated on in future releases. New blocks are being developed simultaneously with core editing features. Some testers have bemoaned the proliferation of blocks that may seldom be used while the basic writing experience continues to lag behind.

Gutenberg plugin reviews are currently averaging 2.3 out of 5 stars on WordPress.org, with 46 1-star reviews, 21 5-star reviews, and a handful in between. While the reviews are not a full representation of all who are testing Gutenberg, they provide a small window into users’ current expectations, delights, and frustrations with the editor. Gutenberg contributors are monitoring these forums and using the feedback to create bug reports.

Many reviewers have left 1-star ratings, begging WordPress to keep it as a plugin instead of adding it to core. One reviewer even took to verse to further elaborate on his one-star review titled “A Visit from St. Gutenberg” with an adaptation of the classic poem “The Night Before Christmas:”

A bundle of blocks he had flung on his back,
And he looked like a coder just opening his pack.

His eyes—how they twinkled! his dimples, how merry!
“Who needs MCE, when we have blocks and so many?”

Many reviewers find Gutenberg to be “unnecessarily complex” for actions that were previously easy to perform in the editor.

“I have several websites – two are for business and include blogs (technical posts, how-tos, etc),” @quantaweb said. “I’m also the editor of a literary magazine. This doesn’t work for any of these sites. It’s not easier to write blogs with it, and it does nothing to ease the work of importing critical essays and poetry into the literary magazine — and formatting them — either…Gutenberg is unnecessarily complex.”

Some of the 1-star reviews come laced with threats to move to another CMS and splinter the WordPress community if Gutenberg is included in core.

“By removing all the traditional editor buttons and trying to make a minimalist design the usefulness and ease of use has been drastically reduced,” @ovann86 said. “I found myself either not being able to do very basic content management or having to click, hover and look for the buttons – instead of them being visible and available immediately…If this was made core I would likely be forced to move to another CMS.”

Early testing of beta software is not for everyone, as many are unable to look past the initial bugs and clunky implementations to see the potential of the editor to improve WordPress’ severely fragmented content creation experience. Matt Mullenweg jumped onto the forums as recently as two weeks ago to respond to testers’ feedback.

“We definitely agree it’s not ready for prime time yet, that’s why we’re doing extensive public testing and iteration while it’s in the plugin phase,” Mullenweg said. “Thank you for your feedback and I hope you try it again in a few months with an open mind.”

How to Display Ad Blocks in Specific Posts in WordPress

Do you want to display ad blocks within specific WordPress posts? This ad placement allows you to show ads when your users are highly engaged with the content. In this article, we will show you how to easily display ad blocks in specific WordPress posts without writing any code or breaking your site.

Displaying ad blocks in specific WordPress posts

Why Display Ads in Specific WordPress Posts?

While there are many ways to make money blogging, banner ads top the list. Often you see banner ads in the sidebar or on the header of the website. Since those are very common ad spots, it leads to banner blindness which affects the click rate, and your site’s revenue.

To deal with this issue, many publishers insert ads within post content. It works because this is the point when your users are most engaged with the content. This increases ad visibility and helps you get more clicks.

However, you also need to consider user experience. Placing too many ads inside your posts can be obtrusive and annoying.

To reduce the adverse effects, you can selectively display ad blocks in specific WordPress posts on your site. These posts can be your most popular posts, long form articles, or featured content.

Having said that, let’s see how to easily display ads in specific WordPress posts.

Displaying Ads in Specific WordPress Posts

First thing you need to do is install and activate the Adsanity plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Adsanity is a premium WordPress ad management plugin. It allows you to easily create ad blocks and display them anywhere on your WordPress site. It works with any third-party ad network, including Google Adsense. You can also use it to sell ads directly to advertisers.

For more information, see our guide on how to manage ads in WordPress with Adsanity plugin.

After activating the plugin, you need to visit Adsanity » Create Ad page to create your first ad.

First you need to enter a title for your ad. This will help you identify ads on your site.

Next, you need to choose what kind of ad you want to create. Adsanity allows you to add hosted ads and third party ads.

For hosted ads, you need to select the ad size. After that you can enter a tracking URL and provide an image you want to use for the ad.

Create hosted ad

For third-party ad networks like Google Adsense, you need to switch to ‘External Ad Network’ tab. Here you can select the ad size and paste the ad code provided by the ad network.

Ad network code

Next, you can publish your ad or click on the edit link and set an schedule for the ad. You’ll be able to set a start date and an expiration date for this particular ad.

Publish your ad

After you have published the ad, you can add it into your WordPress posts and pages, or anywhere else on your website that you desire.

Inserting Ad Blocks in a WordPress Post

First you need to edit the post or page where you want to display your ad block. You will notice ‘Insert Ad’ and ‘Insert Ad Group’ buttons in the visual editor. You need to click on the insert ad button.

Insert ad in post

This will bring up a popup where you can select the ad you want to display and click on the Insert link.

Select and insert ad

The plugin will insert the ad shortcode inside your post. You can now save and view your post to see the ad in action.

Ad displayed inside a WordPress post

Adding Ad Block in WordPress Post Using Shortcode

You can also add the ad block to a WordPres post using shortcode. This is particularly helpful if you use the text editor to write your posts.

Head over to Adsanity » Manage Ads page. You’ll see the list of ads you have created.

Next to each ad, you will see a shortcode link. Clicking on it will automatically copy the shortcode to your clipboard.

Copying ad shortcode

Go on and edit the post or page where you want to display the ad and paste the shortcode. Don’t forget to update post to save your changes.

We hope this article helped you learn how to easily display ad blocks in specific WordPress posts. You may also want to see our list of the best affiliate marketing tools and plugins for WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Display Ad Blocks in Specific Posts in WordPress appeared first on WPBeginner.

What Is the Best Language or Framework For Building a SaaS Application?

I’ve seen successful SaaS applications online built on every single web programming language that I’ve ever heard of. Some of the more extreme ones specializing in certain fields do include Haskell, Erlang, Go, Dark and others for certain applications behind the scenes. A subscription-based business can leverage a SaaS framework or proceed with a custom build, depending on the business needs and the long-term goals for scaling the solution forward.

Top Considerations for Building a SaaS Application

Hosted solution vs. IaaS vs. PaaS vs. SaaS

That said, here are several considerations when selecting a language for your SaaS.

1. What are the business and technical requirements?

All programming languages and frameworks are tailored to solving specific problems, or play together with important tools or platforms that you would need (database systems, image processing libraries, scientific frameworks etc).

Depending on your business application, some of those languages and technical stacks would be better suited to your needs. Moreover, you can ramp up your MVP easier with given libraries that are well tested and proven, hence saving you a lot of time and costs from reinventing the wheel.

2. How sustainable is building an MVP to a solid foundation?

There are different approaches to building a Software as a Service application. Starting with a Minimum Viable Product is a popular one, and this requires crafting a limited version of your product that solves the main problem for your customers. Then, upon validation fit, you continue innovating and expanding further.

You can start small with a simple “proof of concept” and then rebuild it from scratch if it’s worth it. Or invest 6–24 months on a solid and scalable MVP that may not generate enough customer base. Depending on your approach, you can pick your tools and choose your stack.

3. What language are you comfortable with?

In your case, you’re already experienced with Java. The learning curve for a Java web framework like JSF, Struts, Wicket, Tapestry, Spring MVC wouldn’t be as steep as learning a whole new programming language, its paradigms, and frameworks.

This shouldn’t cloud your judgment if there are better alternatives for your need. Java has its shortcomings and if those are an obstacle to your business, make sure that it won’t be a liability as you grow further.

4. Can you scale it?

Scaling both the product and the technical team are important considerations. Maintaining a great SaaS application is easier with more conservative languages that introduce a lot of “safety nets” and intermediate layers, automated testing frameworks, easy to set up continuous integration environment and so on. Other languages are great for rapid prototyping (and scalability) but could be more fragile without a very experienced team.

Speaking of team, being able to find the right talent as your solution grows is also an important point. There are banks that still use Fortran and COBOL for historical reasons, and choosing a language that’s in decline (or with a very limited pool of available developers, or extremely expensive ones) may be a factor for scaling your solution.

This is, by no means, an extensive list of considerations for SaaS applications but it could present a brainstorming path for selecting the right programming language.

Can You Build a SaaS in WordPress?

Over the past several years we’ve built 7 Software as a Service products on top of WordPress. I’ve presented several times and covered some of the problems that we’ve faced and our approach when building a WP-based SaaS.

WordPress is a good solution for Software as a Service platforms that revolve around content, user management, and extensible capabilities or payment options. Given that WordPress now powers over 27% of the Internet, it’s been proven in terms of scalability and security, and provides a number of integrations with 3rd parties who aim for wider adoption, supporting commonly used platforms.

If you can build a single site solution that can implement everything that your users need, you can easily extend that to a SaaS by providing different roles, capabilities, and subscription-based payment plans that provide different capabilities for your users (depending on your pricing table). Additionally, the ability to leverage WordPress multisite in order to create snapshots of your distribution for everyone allows for more granular control and separation of concerns, thus providing the same feature set to all of your users with a higher sense of security.

Integration Considerations for a WordPress SaaS

The main requirements of a Software as a Service application depend on the business model. However, most of the SaaS solutions out there revolve around a recurring fee that provides access to a set of features that could be utilized online.

Moreover, some SaaS solutions could run as standalone applications while others are built as “extensions” for existing solutions. There are hybrid solutions as well. Here are a few relevant examples.

Use Case: Social Media Management SaaS

There are various solutions for Internet Marketing that facilitate content production, scheduled publishing, automated social media monitoring (including alerts) and more.

Examples are Buffer which lets you schedule a number of posts across various social media networks or ManageFlitter – a tool which could be used for identifying influencers, analyzing your followers, or following a targeted group of Twitter users in an automated manner.

Both of those platforms don’t require a specific integration that embeds them within your website or your Facebook page. Sure, they depend on some integrations (in this case, your social media accounts) but after the initial setup, you’re good to go.

Once you’re in Buffer, 100% of your Buffer-related activities happen on their end.

This is an example of a SaaS that runs independently and doesn’t integrate seamlessly with your own platform, CRM, ERP, or anything else.

Use Case: Opt-In Platform

Consider a solutions like OptinMonster by Syed Balkhi and Thomas Griffin, both veterans in the WordPress space.

OptinMonster lets you create various opt-in forms for your website. There are slide-ins, exit intent forms, different pop-up and drop-down forms and what not.

Customers who sign up for OptinMonster design the forms on their end, integrate them to email service providers or marketing automation solutions and integrate them in their websites.

The end goal is embedding a set of scripts or an iframe (or connecting to a 3rd party bridge plugin) that bring the desired behavior within the website.

This requires a different type of planning accordingly. You have to cater for all of the different use cases where customers run premium themes and a bunch of plugins and still want to replicate the core SaaS behavior onto their websites.

Use Case: A Booking Platform

There are several popular SaaS solutions that provide booking and appointment capabilities. Some WordPress users pick a suitable bookings plugin that seamlessly connects to a WordPress websites and provides all of the booking options within the dashboard itself.

However, if you run a website built on top of a proprietary framework or integrate with dozens of solutions (offloaded to third-parties), you may be interested in a hosted solution that does most of the heavy lifting.

In fact, some businesses may very well want to run that entirely on a third-party platform. Software as a Service solutions often allow you to connect your own domain to your account and redirect your customers to the hosted solution.

In that case, a SaaS can focus on both groups of prospects – the ones who want to integrate the platform in their websites and those who want to point a domain to the SaaS.

SaaS Payments and Different Plans

OptinMonster’s SaaS pricing page

One may perceive a SaaS architecture as a membership or an eCommerce solution on steroids.

You have premium (paying) users and different plans. Each plan comes with a set of features where the most expensive plans usually unlock some features that are not available in light plans.

From a WordPress standpoint, there are already platforms like WooCommerce or LearnDash that could build an eCommerce or a Membership platform for your website. The user management may be more challenging though, along with the security considerations within a single website, handling different payment scenarios and one-off offers, and being able to migrate an enterprise plan to a separate server able to handle the corresponding load.

Which is one of the reasons why we often go for a WordPress Multisite when building Software as a Service solutions on top of WordPress.

A WordPress Multisite platform still lets you integrate the same features for every multisite user. However, having different plans, different plugins or libraries may be available for users running the high-tier plans based on their pricing model.

Moreover, a Multisite can be scaled across different servers, even in a cloud environment. Over the years, we’ve had SaaS solutions widely used by SMBs but approached by enterprises.

Large beverage or fashion brands are willing to invest in a rock-solid and reliable solution that comes with some custom requirements. The additional revenue would justify exporting the site into a standalone solution running on its own server and, if needed, incorporating additional plugins or 3rd party solutions.

SaaS Data Analytics and Aggregation

Data privacy and data governance are major concerns for most active online users. However, most SaaS solutions and even software application nowadays try to collect data which would support the future development efforts.

While your private details are kept confidential, a WordPress SaaS could leverage the existing data in order to prioritize performance enhancements, UX updates, or other functional ideas in the backlog.

Moreover, community-driven SaaS could leverage the power of amplification. Our meme generator built in 2012 included a custom framework that we’ve built which aggregated the most shared memes and the ones generating high traffic – both shared on a landing page. This creates additional brand awareness and some form of gamification for businesses willing to compete with others in terms of popularity or visibility.

This could help identifying some edge cases with users utilizing the platform in an unexpected way, too. We’ve found various scenarios that required some code refactoring and performance reviews leading to a better product for all customers.

Some of our WordPress SaaS solutions currently run over 10,000 subsites on a Multisite network that scale fairly well. In fact, WordPress.com is a multisite with tens of millions of subsites – providing a blogging subscription-based service for tens of millions of users worldwide.


The post What Is the Best Language or Framework For Building a SaaS Application? appeared first on Mario Peshev.

WordPress 4.8.1 Adds a Dedicated Custom HTML Widget

When WordPress 4.8 was released last month, it introduced TinyMCE functionality to the Text widget. Unfortunately, this caused issues for those who use Custom HTML as the Visual editor often strips out portions of the code.

WordPress 4.8.1 Beta 1 is available for testing and addresses this problem by including a dedicated Custom HTML widget.

“For advanced users or any user who needs to paste in HTML snippets, there is now a dedicated ‘Custom HTML’ widget that is specifically for adding arbitrary HTML to your sidebar,” Weston Ruter, said.

“This widget will retain the application of the widget_text filters, in addition to having a new dedicated widget_custom_html_content filter.

“For use cases that involve adding content to your sidebar, the Text widget will continue to feature the same Visual editing interface that the post editor has (TinyMCE).”

Users who access Text widgets that have Custom HTML in WordPress 4.8.1, will see a note at the top of the widget that suggests using the Custom HTML widget.


If a user pastes or types HTML into a text widget with the Visual editor active, WordPress displays an Admin Pointer suggesting that they use the Text tab instead or use the Custom HTML widget.

Text Widget Admin Pointer

The Custom HTML widget works similar to the Text widget in WordPress 4.7 and below.

Custom HTML Widget

Sites that have existing Text widgets containing custom HTML that may be modified by the Visual editor, are opened in a legacy mode.

Legacy mode retains the old Text widget interface, including the checkbox on whether or not to automatically add paragraphs. This change prevents the Visual editor from altering code.

Ruter says the ideal way to test these improvements is to install it on a staging site that has Text widgets containing HTML and are known to be problematic in WordPress 4.8. After upgrading, check to see if the widgets open in legacy mode.

WordPress 4.8.1 is scheduled to be released on August 1st. Please report any bugs or errors you encounter in as much detail as possible to the WordPress Alpha/Beta section of the support forums.

How to Limit the Number of Archive Months Displayed in WordPress

Do you want to display the number of archive months displayed in WordPress? If you have been blogging for years, you will notice that your archives list will become too long. In this article, we will show you how to limit the number of archive months displayed in WordPress.

How to limit number of archive months in WordPress

Method 1. Limit Number of Archive Months with Plugin

This method is easier and it is recommended for all users.

First thing you need to do is install and activate the Collapsing Archives plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Appearance » Widgets page and add the Collapsing Archives widget to your sidebar.

Collapse archives

The widget menu will expand to show its settings.

The Collapsing Archives widget uses JavaScript to collapse your archive links into collapsible yearly links. Your users can click on years to expand them to view monthly archives. You can even make monthly archives collapsible and allow users to see post titles underneath.

Review the widget settings to suit your needs and then click on the Save button to store your settings.

You can now visit your website to see the widget in action.

Collapsing archives

Method 2. Replace Default Archives with Compact Archives

This method provides a cleaner alternative to the default archives widget by beautifully displaying them in a compact more presentable way.

First, you need to install and activate the Compact Archives plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Appearance » Widgets page and add the ‘Compact Archives’ widget to your sidebar.

Compact Archives settings

Compact Archives plugin comes in three styles. You can choose from block, initials, or numeric.

Don’t forget to click on the save button to store your widget settings.

You can now visit your website to see the compact archives in action.

Compact Archives preview

You can also use Compact Archives plugin to create a custom archives page on your site. For more details see our guide on how to create compact archives in WordPress

Method 3. Manually Limit Number of Archive Months in WordPress

This method requires you to add code to your WordPress theme files. If you haven’t done this before, then take a look at our guide on how to copy and paste code in WordPress.

You will need to add the following code to your theme’s functions.php file or a site-specific plugin.

// Function to get archives list with limited months
function wpb_limit_archives() { 

$my_archives = wp_get_archives(array(
return $my_archives; 


// Create a shortcode
add_shortcode('wpb_custom_archives', 'wpb_limit_archives'); 

// Enable shortcode execution in text widget
add_filter('widget_text', 'do_shortcode'); 

This code fetches the archives list and limits it to past 6 months only. It then creates a shortcode and enables shortcode in text widgets.

You can now go to Appearance » Widgets page and add a ‘Text’ widget to your sidebar. Switch to the text mode and add your shortcode like this:


Don’t forget to save your widget settings.

You can now visit your website to see your custom archives list in action.

That’s all, we hope this article helped you learn how to limit the number of archive months displayed in WordPress. You may also want to see our list of these most useful tricks for the WordPress functions file.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Limit the Number of Archive Months Displayed in WordPress appeared first on WPBeginner.

5 WordPress-Friendly Internet Marketing Tools You Need

For over a decade, WordPress has been the platform of choice for internet marketers: it’s free, customizable, and loved by Google.

WordPress makes it easy for affiliate marketers to craft sales pages, squeeze pages, and capture leads through web forms. Adding these five WordPress-friendly tools to your toolbox will make internet marketing even easier.

1. A code validator

Your website might look good on a couple browsers, but it may not on others. Some browsers let you get away with invalid code and you’d never know it.

According to the W3C, “Different browsers can and do display the same page very differently. This is deliberate, and doesn’t imply any kind of browser bug. A term sometimes used for this is WYSINWOG – What You See Is Not What Others Get (unless by coincidence). It is indeed one of the principal strengths of the web, that (for example) a visually impaired user can select very large print or text-to-speech without a publisher having to go to the trouble and expense of preparing a separate edition.”

Validating a WordPress website takes a little effort. Don’t run WordPress URLs through an HTML validator because WordPress uses PHP, which registers as invalid code. To validate your website, validate the HTML/XHTML and CSS separately before adding it to your site’s files.

HTML isn’t the only validation you need to complete. Your website should also meet Section 508 and WAI accessibility standards.

Here’s a great tool from the W3C for validating multiple aspects of your website including broken links, mobile-friendly status, RSS and Atom feeds, RDF documents, and more.

2. A mobile device suitable for managing tasks

Have you ever tried to edit your blog on an older smartphone because that’s all you could access?

It’s usually the screen size that makes editing difficult. Login areas disappear or rearrange for mobile compatibility and it’s hard to see what you’re doing, but sometimes it has to be done. Managing your marketing tasks requires lots of clicking, logging in, typing, and analyzing. When you’re away from your computer, you need a pocket-sized device with a big screen to make it easy.

The Samsung Galaxy Note 4 comes with a 5.7” screen, a 32GB hard drive, and 3GB of RAM. Combined with a screen resolution of 1440×2560, these features make it a perfect choice for managing your daily internet marketing tasks.

3. Cross browser compatibility tester

If you attempt customization outside of what your theme has been designed for, you could end up with misaligned graphics, stretched borders, and broken mobile layouts. It’s impossible for one person to access all possible devices and browsers to test customizations, so BrowserStack does it for you.

With BrowserStack, you can enter a URL and generate screen shots for virtually any device, operating system and browser combination (including Amazon’s Kindle).

4. Photoshop is your best friend

If you’ve never used Photoshop, you need to. You can use free programs to accomplish simple tasks, but Photoshop is the ultimate tool, used by top photographers across the world. Even if you aren’t planning on becoming a graphic designer, Photoshop still outperforms free programs on simple tasks like cropping, resizing, and batch resizing because of its intuitive interface.

As an internet marketer, Photoshop will make you independent; you’ll never have to wait for someone else to make quick edits. For example, if you’re looking at a “buy now” button you just uploaded and want to adjust the hue for your split testing campaign, you can do that quickly in Photoshop.

5. Optimizely for split testing

Every part of your website influences visitors either consciously or subconsciously. Everything from the color and size of buttons to the placement of signup forms matters.

You’re probably familiar with split testing – the method that uses randomized experiments to test what aspects of a web page are most effective. For example, during a split testing campaign, you might find that a blue “buy now” button isn’t as effective as a red one, or a signup form in the upper right corner works better than in the left.

Without a program to run the tests for you, you’ll never know which elements of your page are successful and what needs to change. If you’re not split testing yet, Optimizely will do it for you.

While it takes effort to create an empire, internet marketing is made easier with the right tools.

WP Super Cache 1.5.0

WP Super Cache is a fast full-page caching plugin for WordPress. Download it from your dashboard or get it here.

Version 1.5.0 has been in development for some time. It has a ton of bug fixes and new features.


The headline new feature is REST API access to the settings. This will allow developers to create their own interface to the settings of the plugin. Unfortunately it isn’t yet documented but you can see the code in the rest directory. Start with load.php where you’ll find the code that registers all the endpoints. Users who access the API must be logged in as admin users. If you want to test the API, see the end of this post.

Settings Page

We have also simplified the settings page to make it easier to choose which caching method is used.

Instead of maybe confusing the user with technical words like PHP, mod_rewrite and WP-Cache we have split them up into “Simple” and “Expert” delivery methods, and done away with mentioning WP-Cache completely. Simple delivery uses PHP, expert uses mod_rewrite and well, WP-Cache got the boot because it’s always active anyway.

WP-Cache caching is always active, but it can be disabled in different ways.

  • Disable caching for known users.
  • Don’t cache pages with GET parameters
  • Disable caching of feeds


We expanded the number of headers cached by the plugin. The list of headers was borrowed from Comet Cache. However, anonymous users will still only see the bare minimum like content-length, content-type, gzip, etc. If you need to use security headers like “X-Frame-Options” or “Content-Security-Policy” you should enable caching of HTTP headers. This unfortunately disables super caching so only WP-Caching is used but it’s still very fast (and faster in this release than before which I will get to below). You can also use the “wpsc_known_headers” filter to modify the list of recognised headers.

WP-Cache Reorganisation

WP-Cache cache files are split into two files – one holds the page content, the other (meta file) holds information about the page such as cookies, headers and url. In the past these files were stored in two directories which could become a problem if there were many thousands of those files. Even with only a few hundred files, maintenance could be an issue as deleting related files (like page archives, or copies of the front page) needed every meta file to be inspected.
Now the files are stored in the supercache directory structure that mirrors your permalink structure. Deleting related files is is simpler and serving files will be faster as the operating system won’t need to open a directory of thousands of files.
If you currently rely on WP-Cache files, the plugin will still look for them where they are, but new WP-Cache files will be created in cache/supercache/example.com/ (where example.com is your hostname).


We added support for caching sitemaps, but your sitemap plugin will need to cooperate to get it to work. The sitemap plugin needs to identify the sitemap request as a feed. Jetpack 5.1 now supports this since #7397. You can disable the caching by excluding feeds from caching.

Debugging Improved

The debug log is now protected by a username/password. For convenience, the username and password are the same but they are a long md5 string:

Deleting the log file clears it and resets it ready for more logging. Before, toggling debugging would create a new debug log and the old one would be kept around, but not linked, until deleted by garbage collection, and of course they were text files anyone could access.

This release includes lots of other small bug fixes and changes. Take a look at the number of closed PRs for an exhaustive list of those changes!

Testing the REST API

There are a number of ways to send POST requests to a web server but one I like is using curl in a shell script. You’ll need two bits of information from the website:

  1. The “wordpress_logged_in” cookie from your browser.
  2. The wp_rest nonce which you can get by adding `echo wp_create_nonce( ‘wp_rest’ );` somewhere on your site where you’re logged in. It’s good for 24 hours.

My test script looks something like this:
export NONCE='1234567890'
export COOKIE='wordpress_logged_in_xxxxxxxxxxxxxxxxxxxx=1234567890'
curl -v -X "GET" -H "Content-Type: application/json" -H "X-WP-Nonce: $NONCE" -H "Cache-Control: no-cache" -H "Cookie: wordpress_test_cookie=WP+Cookie+check; $COOKIE"
-d '{}' "https://example.com/wp-json/wp-super-cache/v1/settings/"

Related Posts


How to Display Recent Posts From A Specific Category In WordPress

Do you want to display recent posts from a specific category in WordPress? The default recent posts widget shows posts from all categories, and there is no option to filter them by category. In this article, we will show you how to easily display recent posts from a specific category in WordPress.

Display recent posts from specific category in WordPress

Filtering Posts by Category in WordPress

If you just want to create a page to display recent posts from a particular category, then your WordPress site already has separate pages for each category.

You can add links to all your category pages by visiting Appearance » Widgets page and adding the ‘Categories’ widget to your sidebar. You can also add categories in your navigation menus.

On the other hand, if you want to show recent posts from a specific category in your sidebar, then there is no default widget for that. The default recent posts widget does not allow you to filter posts by category or tags.

Thankfully there is another way. Let’s take a look at how to easily display recent posts from specific category in WordPress.

Method 1. Show Recent Posts from a Category Using Plugin

This method is easier, and it is recommended for most users.

First thing you need to do is install and activate the Recent Posts Widget Extended plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit the Appearance » Widgets page and add ‘Recent Posts Extended’ widget to your sidebar.

Limit recent posts by category

The widget menu will expand to show its settings. You need to select the category or categories that you want to display under the ‘Limit to Category’ option.

The widget comes with a lot of options that you can customize. You can show post thumbnail, date, relative date, post summary / excerpts, and more.

Don’t forget to click on the save button to store your widget settings.

You can now visit your website to see the recent posts displayed by category.

Recent posts from specific category

Display Recent Posts by Category Using Shortcode

The Recent Posts Extended Widget also allows you to use shortcode to display recent posts anywhere on your site including posts and pages.

You will need to edit the post or page where you want to display the recent posts from a specific category. In the post editor, you will need to add the following shortcode:

[rpwe limit="5" excerpt="true" cat="72" ]

This shortcode displays 5 recent posts from a specific category with the post excerpt. You will need to replace the cat value with the ID of the category that you want to display. See our article on how to find category ID in WordPress.

After adding the shortcode, you can save your post or page to view your changes.

Posts by category displayed using shortcode

Method 2. Display Recent Posts From Specific Category using Code Snippet

This method requires you to add code to your WordPress theme files. If you haven’t done this before, then take a look at our guide on how to copy and paste code in WordPress.

You will need to add the following code in your WordPress theme files where you want to display recent posts from a specific category.

<?php $catquery = new WP_Query( 'cat=72&posts_per_page=5' ); ?>

<?php while($catquery->have_posts()) : $catquery->the_post(); ?>

<li><a href="<?php the_permalink() ?>" rel="bookmark"><?php the_title(); ?></a></li>
<?php endwhile;

The first line of this code creates a new WordPress query with a specific category ID. You need to replace it with your own category ID. It only shows post title in a list.

You can change it to display full content by adding the following code:

<?php $catquery = new WP_Query( 'cat=72&posts_per_page=5' ); ?>
<?php while($catquery->have_posts()) : $catquery->the_post(); ?>
<li><h3><a href="<?php the_permalink() ?>" rel="bookmark"><?php the_title(); ?></a></h3>
<ul><li><?php the_content(); ?></li>
<?php endwhile; ?> 
<?php wp_reset_postdata(); ?>

You can also replace the the_content with the_excerpt to display post excerpts instead of full article.

We hope this article showed you how to easily display recent posts from a specific category in WordPress. You may also want to see our list of most wanted category hacks and plugins for WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Display Recent Posts From A Specific Category In WordPress appeared first on WPBeginner.

New WordPress Contributors Meeting Provides Opportunities to Ask Questions and Learn the Ropes

Contributing to WordPress or other open source projects can be intimidating for first-time contributors. Sometimes, all you need is a helping hand to overcome fear, intimidation, or other barriers.

In 2013, with the help of Konstantin Obenland, a WordPress core developer, I overcame my fear and contributed my first patch to WordPress.

This is one of the principles behind a new weekly meeting that is geared towards new contributors.

“The new contributors meeting is the perfect place to come if you are new to contributing to WordPress core and have questions,Adam Silverstein, WordPress core contributor, said.

Every Wednesday at 3PM Eastern Daylight Time, users can visit the #core WordPress Slack channel and ask questions related to patches, tickets, and review the good-first-bugs report on Trac.

The first meeting was held on July 5th where participants asked questions about working with Git in WordPress core, applying patches, and unit testing. In the second meeting, participants discussed whether or not new contributors are allowed to make changes to tickets.

Other topics mentioned include, which repositories to use, clarification on contributing to core versus updating the WordPress Developer’s site, and which tickets to select for review.

The next meeting is on Wednesday, July 19th at 3PM Eastern. If you have any questions on how to contribute to WordPress, be sure to join the WordPress #core Slack channel at that time and ask away.

Meeting notes with links to discussions, tickets mentioned, and other resources are published on the Make WordPress Core blog under the #new-contributors tag