Hello!

Following the WordPress.org supply chain attack, the Plugin Review Team has taken the appropriate measures to safeguard the users and has also highlighted the best practices to follow to keep one’s account secure. Also, we are now just two weeks away from the release of WordPress 6.6.

Don’t forget to subscribe and listen to the podcast version of this newsletter on Amazon Music, Apple Podcasts, Spotify, and Google Podcasts, where you can hear more details and discussions about these topics and more.

See you next week!

Team WP-CONTENT.CO

This weekly newsletter is kindly sponsored by Omnisend and Gutenkit

Omnisend

Boost your sales with email & SMS—without breaking the bank
Check it out  →

GutenKit – Page Builder Blocks

50+ blocks and 500+ templates to transform your Gutenberg experience.
Check it out  →

---

📰 WORDPRESS & AROUND

All the updates around WordPress and its closely related technologies

Keeping your plugin committer accounts secure

Following the recent supply chain attack, the post focuses on the best practices for WordPress.org accounts, particularly those with plugin committer and owner-level access. Also, the Plugin Review Team has initiated a force reset password for all plugin authors, as well as other users whose information was found by security researchers in data breaches.

• WordPress 6.6 RC1 released: The first release candidate (RC1) for WordPress 6.6 is ready for download and testing. We can expect the RC2 later today.
• WordPress 6.6 field guide: This guide outlines major developer features and breaking changes in 6.6 and is published in the Release Candidate cycle to help inform WordPress extending developers Core developers, and others.
• WordPress 6.6 release candidate phase: WordPress core committer Jb Audras has highlighted the various policies in place now that WordPress 6.6 has entered the RC phase.
• WordPress 6.6 ready to be translated: WordPress 6.6, scheduled for July 19, 2024, is now ready to be translated on translate.wordpress.org.
• WordPress 6.6 source of truth: Anne McCarthy has published the source of truth for WordPress 6.6, which allows the community to get the latest information about the upcoming version quickly.
• Proposal: Block variation aliases: The proposal seeks to make several changes to the Block Variations for WordPress 6.7 such as add a variation-specific class name to the block wrapper, implement server-side detection of the active block variation, and include the variation name in block markup persisted in the database. The feedback for this proposal is open till July, 14, 2024.
• Reactivating inactive meetup groups: The WordPress Community Team’s next project will focus on reviving inactive meetup groups. The goal of the initiative is to encourage activities in the groups that have been inactive and optimize our meetup group network by focusing on active and engaged groups.
• Proposal to integrate Slack workspaces from local WP Communities into Slack Enterprise Grid: The proposal seeks to migrate the local WordPress communities currently on free Slack plans, into a consolidated Enterprise Grid plan. The various benefits of this migration have been provided such as data continuity and access, enhanced Security and compliance, and improved collaboration across workspaces.
• Google reveals its methods for measuring search quality: Google measures search results using surveys, experts, and user behavior. Improving quality leads to trickier searches and ongoing challenges.
• Google completes June 2024 spam update rollout: Google has officially confirmed the completion of its June 2024 spam update, a week-long process aimed at enhancing search result quality by targeting websites that violate the company’s spam policies.
• Google on the 2 types of searches it still struggles with: Google still struggles with complex search queries, particularly those using “not” and prepositions, despite AI advancements.

🗣️TALK OF THE TOWN

New Features in WordPress 6.6

• Section Styles: In WordPress 6.6, Section Styles simplify the process of styling individual sections of a webpage by offering users a one-click application of curated styles, eliminating the need for repetitive manual configuration.
• Internationalization improvements in 6.6: Various internationalization (i18n) improvements are in WordPress 6.6 such as enhanced support for only using PHP translation files, a new lang_dir_for_domain filter, and additional context for the load_translation_file filter.
• Introducing the Token Map: The post summarises the new data structure coming in WordPress 6.6 called, the WP_Token_Map.
• Updates to the HTML API in 6.6: WordPress 6.6 includes a helpful maintenance release to the HTML API.
• Updates to the Interactivity API in 6.6: The Interactivity API development for WordPress 6.6 has been focused on maintenance. Its updates include new features and directives, a better debugging experience, and improved code quality.
• Miscellaneous Editor changes in WordPress 6.6: Dev notes for smaller changes to the editor in WordPress 6.6.
• Miscellaneous developer changes in WordPress 6.6: Quick overview of all the developer changes in WordPress 6.6.

🚨WEB SECURITY & VULNERABILITIES

A collection of web security and vulnerability news and updates for the past week

An inside look at the malware and techniques used in the WordPress.org supply chain attack

Wordfence analysis on the recent supply chain attack on WordPress.org, by focusing on the five plugins that were initially affected. Later, Wordfence uncovered several plugins that were compromised besides the initials ones.

• Developer accounts compromised due to credential reuse in WordPress.org supply chain attack: Wordfence dissects and sheds light on the recent WordPress.org supply chain attack, and also explains how such a situation can be prevented in the future.
• WordPress security research: A beginner’s series: This new series aims to provide emerging vulnerability researchers, and experienced Bug Bounty Hunters, with a comprehensive guide that is designed to equip them with the necessary skills and knowledge to navigate the complex security landscape of WordPress and to uncover vulnerabilities firsthand.
• WordPress vulnerability & patch roundup June 2024: Monthly vulnerability roundup from Sucuri.
• WordPress vulnerability report — June 26, 2024: From SolidWP.
• Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024): There were 185 vulnerabilities disclosed in 137 plugins and 14 themes.

🔌 NEW PLUGINS & THEMES

Be one of the first ones to explore some fresh plugins and themes

Vitrum theme

A theme suitable for portfolio websites.

• Avi theme: A theme suitable for digital designers.
• Celestium theme: A multipurpose corporate theme.
• GatherPress plugin: An event management plugin developed by the community. If you are a translator, you can help with translating the plugin to various languages.
• Redirect After Logout plugin: This plugin redirects users to a custom URL after they log out of WordPress.
• Top-Down Scroll plugin: The plugin adds a customizable scroll-to-top and scroll-to-bottom button on your WordPress website.

💵 INVESTMENTS, ACQUISITIONS & PARTNERSHIPS

• WordPress VIP and Lone Rock Point team up to modernize government websites: The collaboration will result in a new theme called CivicPress, an advanced WordPress theme custom-built to meet the unique needs and requirements of government websites.
• WPAmelia announces partnership with SuperbThemes: The partnership allows the users access to a WordPress theme and the Amelia Lite Booking Plugin, all for free.
• CheckoutWC joins Kestrel: CheckoutWC a plugin for WooCommerce that replaces your checkout page with a Shopify-style cart and checkout page, has been acquired by Kestrel.

👥 COMMUNITY NEWS

Updates and News from the WordPress Community

Metorik Insights Report for WooCommerce

Metorik has published its first Insights Report for WooCommerce and according to it 43% of the stores are using a child theme, the average number of active plugins per store is 58, and the top four plugins are  Stripe Gateway, Facebook for Woo, Paypal Payments, Mailchimp for Woo, and Subscriptions. To access the report one needs to sign up which is completely free.

• ACF Annual Survey is now live: The main goal of this survey is to learn how users across the globe use ACF, how they build websites with WordPress and the areas that need improvement to make ACF better.
• The WP Awards 2024 is on the horizon: The WP Awards 2024 is nearing and currently the Call for Sponsorships is now open. The nominations will be open from July 22 to Sep 16, 2024.
• All new Woo Developer Newsletter: WooCommerce has introduced a new Developer Newsletter, designed exclusively for WooCommerce developers. The newsletter aims to provide exclusive insights, the latest content, and news regarding updates and announcements.
• An early holiday gift exchange from WooCommerce:  WooCommerce has launched a new survey to learn how users prepare their store for the busiest time of the year, Black Friday, Cyber Monday, and the holiday season. Also, WooCommerce will send the participants a coupon for $30 USD off an extension from the WooCommerce Marketplace.
• Tutor LMS 3.0 is packed with innovative features: The upcoming version will include a redesigned Course Builder, all-new native eCommerce capabilities, a native subscription system, AI integration, and more. Additionally, Rayhan Arif posted on X on the occasion of Tutor LMS having over 90,000+ active users.
• Aaron Jorbin seeking a sponsor to support him on his WordPress contribution journey: Aaron Jorbin, who has been an integral part of the last eight WordPress maintenance and security releases (including the recently released WordPress 6.5.5), is open to chat with any company that is willing to sponsor his work.
• Kevin Geary’s take on Jamie Marsland’s video about Wix vs WordPress: Jamie Marsland posted a recent video about “Wix’s Masterplan to conquer WordPress: The Inside Story” and Kevin Geary has shared his opinion about the topic and other community members have also expressed their thoughts.
• Cory Miller and Katie Richards join A2 Hosting’s Community Growth Team: A2 Hosting’s all-new Community Growth Team will be led by Cory Miller who takes up the role of the Chief Evangelist and Katie Richards will be the Community Growth Project Manager.
• Beta test opportunity now open for the upcoming theme from Rich Tabor: Rich Tabor is working on a theme that will be made available to everyone shortly and right now those interested can DM him for a beta testing opportunity.
• WordPress revisited: A developer’s second take: A developer who was once frustrated with WordPress recently gave it another try and was thoroughly impressed. He expressed his views on the WordPress sub on Reddit, on how effortless things have become as compared to earlier.

🔖 INTERESTING READS & PODCASTS

More blog posts and podcasts from WordPress Community you don’t want to miss

• The next challenge for WordPress: Embracing enterprise: From James Giroux
• WordPress has a rookie problem: From James Giroux
• Voices of WordCamp Europe: Karolína Vyskočilová: From HeroPress
• WCEU hallway track: From WordPress Briefing
• Davinder Singh Kainth on content creation and business strategy in WordPress: From WP Tavern Jukebox
• Developer Hours: What’s new for theme developers in WordPress 6.6: From WordPress YouTube
• WordPress 6.6 is changing the game for custom fields: From Brian Coords
• Profiling WordPress: Flamegraphs with X-Ray: From Human Made
• AI in cybersecurity: Benefits and challenges: From Astra
• Shaping WordPress: Style variations, speed challenges & WordCamps: From Rich Tabor
• My June in WordPress: From Aaron Jorbin
• Use ChatGPT to export data from a WordPress database: From Speckyboy
• Using the WordPress Command Palette to work with faster and smarter: From Hostinger
• Getting your hosting into shape and why you need to update unsupported versions of PHP: From Yoast
• Is OSO, organic search optimization, the new SEO?: From Yoast
• The EU Digital Identity Wallet: Everything you need to know about the EU’s plans for a universal digital identity system: From TechCrunch
• Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack: From Ars Technica

🛠 GUIDE ZONE – HOWTO’S and MORE

Handpicked fresh guides from WordPress circle

• How to create and add anchor links in WordPress (3 Ways): From WPBakery
• How to do a backlink audit: A beginner’s guide [5 easy steps]: From RankMath

📆 SAVE THE DATES

Do not miss a WordPress event ever again

• Uganda Website Projects Competition 2024 on July 5th, 2024: Organized under the theme, “Problem Solving With WordPress”, it is a dynamic next-gen event that brings together high school and university students. The call for sponsors and projects is out.
• WordCamp Canada on July 11-13, 2024: The call for volunteers, and sponsors is now open. The schedule is now available.
• Stellar Spark on July 19, 2024: A free online event with a focus on growth, creativity, collaboration, and more. The call for speakers is now open.
• WordCamp Bengaluru on July 21, 2024: The call for speakers and sponsors is now open. The tickets are also now available.
• do_action Ahmedabad on July 27, 2024: The call for sponsors and charity organization applications is now open.
• WordCamp US on 17-20 September 2024: The tickets are now available.
• WordCamp Netherlands on 27-28 September 2024: The call for speakers is now open.
• WordPress Accessibility Day on Oct 9-10, 2024: The call for speakers is now open.
• WordCamp Asia on February 20-22, 2025: The venue will be the Philippine International Convention Center, Manila, Philippines
• WordCamp Europe on 5-7 June 2025: The call for organizers is now open.

🎁 WORDPRESS DEALS OF THE WEEK

Just the best deals of the week, again, handpicked by yours truly!

EXCLUSIVE DEALS

• 4 Months free offer on hosting plans of WP Engine (Coupon Code- FREEDOMTOCREATE)
• 15% off yearly plans at Videvo (Coupon Code – WPV15)

OTHER DEALS

• 40% off for 4 months on all hosting plans + 40 free migrations at Cloudways  (Coupon Code – BFCM4040)
• 53% off for NordLocker
• Up to 50% off on EchoRewards PRO.
• Up to 75% off on plugins, themes and hosting at WP Hive
• 50% off on the Thrive Suite yearly plan.
• 50% off Web Hosting Packages at StableHost (Coupon Code – 50OFFYEAR1)
• 80% off for plugins at WPPool
• Up to 77% off hosting plans at HostPapa
• 50% off for Advanced Giftcards for WooCommerce plugin
• Upto 55% off hosting plans at Nexcess
• 20% off for Fluent Forms plugin
• 50% off at Formidable Forms
• 20% off for FluentCRM plugin
• 50% off for WP Social Ninja plugin 
• Upto 95% off for PitchGround products 
• Upto 69% off WordPress Hosting plans at InMotion Hosting
• 83% off hosting plans at SiteGround
• 60% off at Hostgator India (Coupon Code- SUNSHINE)
• Up to 74% off at Liquid Web
• 52% off on Managed Dedicated Server Hosting at Liquid Web

Latest from WP-CONTENT.CO

---

Team WP-CONTENT.CO

This weekly newsletter is kindly sponsored by Omnisend and Gutenkit

Built with Newsletter Glue.