The WordPress.org Pattern Directory also gets a facelift
In addition to the homepage, the WordPress.org Pattern Directory also got a brand new design. Beyond the new looks, the new design is also powered by blocks, as well as the new Interactivity API that I mentioned in last month’s news post.
You can check out the main page here, and here’s a link to an example of an individual pattern listing. There’s also a blog post on WordPress.org with more about the redesign.
WordPress 6.6 will drop support for PHP 7.0 and PHP 7.1
If you’re one of the ~2.5% of WordPress users who are still running your site on PHP 7.0 or PHP 7.1, I have important news for you:
When WordPress 6.6 is released in July, it will officially drop support for both PHP 7.0 and PHP 7.1.
Both versions have lost their PHP support for multiple years now, so you should have already made the switch. But if you’re still running one of those versions for some reason, this will give you another reason to upgrade.
WordPress plugin, theme, and product news
WordPress.com launches its own local WordPress development tool – Studio by WordPress.com
If you like relying on local development sites when working on your WordPress sites, there’s a cool new option available to you.
In April, Automattic launched its own local development tool called Studio by WordPress.com. You can easily build sites locally and share them with other people as needed.
The Mac version is available to download right now. You can also request early access for the Windows version if you’re using it. Both options are free to use.
Jetpack Stats starts charging for commercial websites
If you’re using Jetpack Stats to collect web analytics, you might’ve been in for a rough surprise in April:
If you have a commercial website (i.e., a website that makes you money), Jetpack has now started charging for the Jetpack Stats service. I found this out when somebody posted about it on the WordPress subreddit, which prompted another user to say goodbye to Jetpack.
For commercial sites, paid plans seem to start at around $10 per month. You can also get it as part of the Jetpack Complete subscription. Jetpack Stats remains free for non-commercial sites, though.
If you’re looking for a free alternative that’s not Google Analytics 4 (a miserable experience, in my opinion), I recommend Clicky if you can fit within its free tier (3,000 daily page views) or Matomo for a free unlimited tool.
What is a vulnerability? Soflyy and Patchstack disagreed
This month, there was a bit of a dust-up between Patchstack (a WordPress security service) and Soflyy (makers of the Oxygen and Breakdance builder products, along with other plugins like WP All Import).
Here’s the very short version, as far as I understand it:
- A security researcher reported a vulnerability in Oxygen and Breakdance to Patchstack. The basic idea is that the builders’ code modules allowed users to execute any PHP, which was the intended purpose of the module. However, this meant that any user with access to the Code module in the editor could essentially grant themselves the Administrator user role, or perform other damaging actions.
- Patchstack privately reported the issue to Soflyy, which started a lengthy back and forth.
- Soflyy believed the issue could be solved by documentation and adding a warning to the interface, while Patchstack wanted the code module feature to only be available to Administrators (to avoid the privilege escalation issue).
- After a long discussion, Patchstack finally said that it would publicly disclose the vulnerability.
- Soflyy pre-emptively emailed all of its customers saying that there was no vulnerability.
- Lots of debate kicked off on Twitter and various Facebook groups.
- Soflyy eventually did update the plugin to remove code editing for non-administrators, while also adding that they would rework the entire role management feature. It seems like a happy ending, though it took a while to get there.
If you want to dig into the issue itself, here are two sources straight from each participant:
Advanced Custom Fields (ACF) wins Torque Plugin Madness
Every March/April, Torque runs its own Plugin Madness competition to coincide with NCAA basketball’s March Madness event.
This year, Advanced Custom Fields beat out WooCommerce to win its second title in a row, and its third overall. In addition to WooCommerce, the other two plugins in the “Final Four” were Wordfence and TablePress. You can see the full bracket here.
Side note – ACF is owned by the same company behind Torque (WP Engine), though I’m by no means suggesting there’s anything sinister going on!
WordPress Performance Team releases a Speculative Loading feature plugin
The Speculation Rules API is an experimental browser feature that provides an alternative to prefetch (and Chrome’s deprecated prerender).
It helps to speed up future interactions with your site by preloading document URLs rather than just specific resource files.
In less technical terms, it lets you tell your users’ browsers to load all of the resources for a certain page in the background, which means that page will load instantly if a user navigates to it.
If you’re interested in using this feature on WordPress, the WordPress Performance Team just released an official feature plugin for this named Speculative Loading. It’s available for free at WordPress.org.
WordPress business news
Woo.com goes back to WooCommerce.com after SEO flub
Back in the December 2023 news roundup, I shared how WooCommerce had moved from woocommerce.com to woo.com, as part of its rebrand.
As anyone who’s ever changed a site’s domain name knows, doing so is a tricky thing*. Apparently, the shift resulted in a massive drop-off in organic search traffic for WooCommerce, as evidenced in these graphs from Cyrus Shepard on Twitter.
In early April, WooCommerce made the surprising decision to reverse the switch and move back to woocommerce.com. I can’t remember ever seeing this happen with a business this large (inside or outside WordPress), so I find this story to be quite remarkable.
Going forward, I’ll be paying close attention to see if the switch back to the original domain name helps them regain that lost search traffic.
*We actually just made a change as well, rebranding CodeinWP into WPShout.
Automattic acquires Beeper for $125 million
Automattic, the company behind WordPress.com, WooCommerce, Jetpack, and others, made a big splash in April by acquiring Beeper for a whopping $125 million.
If you’re not familiar with Beeper, its main goal is to combine every messaging app into one app. It also got a lot of press for developing a solution that let Android users use Apple’s iMessage (though it has since given up on that part).
Automattic seems to be investing heavily in the messaging space, as it also acquired Texts.com for $50 million in October of 2023.
Hostinger gets added to the WordPress.org Hosting page
The WordPress.org recommended hosting page has always been a bit of a contentious topic because of the unclear selection process for how hosts are chosen to be listed there.
In 2023, SiteGround, a long-time entrant on the list, was removed. This brought the recommended host list down to Bluehost, DreamHost, and WordPress.com.
In late March, though, the page got a brand new addition – Hostinger. Because there are no clear criteria for being listed on the page, we won’t know exactly why Hostinger made the cut. Congratulations to them, though, as that page will certainly drive a lot of business.
WPBeginner gets into the website design and maintenance space
After having invested in a WordPress agency in late 2023 (Seahawk Media), Awesome Motive/WPBeginner just made a big announcement that they will be getting into the WordPress website design and maintenance space via WPBeginner Pro Services.
The website services start at $799 for a templated site or $1,299 for a custom web design, so the service seems to be targeted more toward the lower end of the market.
As a side note, if you’ve been seeing less of WPBeginner in Google’s search results lately, it seems to be because the site has taken several hits in Google’s recent updates, including the current “March” Core update (which is still actively being rolled out even as we’re almost in May).
Important security notes
WordPress 6.5.2 released on April 9, 2024
In early April, the core team released WordPress 6.5.2 to make one security fix for a cross-site scripting (XSS) vulnerability, along with a number of bug fixes.
This was actually the first minor release for WordPress 6.5, as WordPress 6.5.1 was not released due to an issue with the initial package.
If you’ve already updated to WordPress 6.5, you’ll want to make sure that you’ve also updated to WordPress 6.5.2 to benefit from those fixes.
Plugin vulnerabilities at Wordfence Intelligence Vulnerability Database
Many of these vulnerabilities have since been patched, so you’ll want to make sure to update to the latest version if you’re using any plugins or themes on this list:
WordCamp and community news
WordCamp Europe releases its 2024 schedule
WordCamp Europe 2024 is scheduled to be held in Torino, Italy from June 13-15, which means that it’s coming up in just a few months.
In April, the WordCamp Europe team released the full event schedule, with more than 52 speakers presenting. There will be three different tracks that you can follow, which should mean that there’s something for everybody.
WordCamp US 2024 speaker applications are open
WordCamp US 2024 is scheduled to go on from September 17-20 in Portland, Oregon.
If you’re interested in speaking at the event, the WordCamp US team opened speaker applications in early April, with applications set to close on April 29.
You can learn more here and find the application form here.
On a related note, WordCamp US 2024 tickets also went on sale in late March.
WordPress leadership answers additional WordCamp Asia Q&A questions
Because of time constraints, Matt wasn’t able to answer some questions during the live event (which was held in Taipei in early March).
However, in late March, WordPress leadership and contributors answered the ones that Matt wasn’t able to get to. You can read all of those answers here.
That sums up our May 2024 WordPress news roundup. Anything I’ve missed?