Hello!
WordPress.org will enforce mandatory two-factor authentication beginning October 1st, 2024 for plugin and theme authors. The team has also introduced SVN password to enhance security. Also, the roadmap for WordPress 6.7 has been published.
Don’t forget to subscribe and listen to the podcast version of this newsletter, where you can hear more details and discussions about these topics and more.
We won’t be publishing the newsletter next week as we are taking a short break to celebrate Onam festival 🏵️! We’ll be back the following week with fresh updates and exciting content.
See you next week!
Team WP-CONTENT.CO
📰 WORDPRESS & AROUND
All the updates around WordPress and its closely related technologies
Anne McCarthy has unveiled the roadmap for WordPress 6.7, offering a preview of the exciting new features and enhancements expected to arrive on November 12th, 2024. This release will be the third major release of this year and will advance Phase 3 of the Gutenberg project.
- WordPress 6.6.2 RC1 is now available: The RC1 is now available for download and testing. 6.6.2 RC1 features 15 fixes in Core and 11 fixes for the Block Editor. We can expect the final release of WordPress 6.6.2 later today.
- Data Views update: The first of the Data Views update series aimed at providing frequent updates on the progress relating to Data Views so that the community can stay updated, provide feedback, and explore the new changes. A few of the new updates include a consolidate bulk actions UI, updated filtering UX, and more.
- WordPress.org introduces SVN Passwords and enforces mandatory 2FA for plugin and theme authors: Beginning October 1st, 2024, WordPress.org will implement mandatory two-factor authentication (2FA) for all plugin and theme authors. In addition, new SVN passwords have been introduced to enhance security.
- Final reminder: Inactive Meetup Groups will be closed in September 2024: The Community Team has issued a final reminder to inactive Meetup groups, urging them to respond by September 16, 2024. Groups that do not respond by this deadline will be removed from the WordPress Chapter Meetup Program.
- Discontinuing Community Zoom accounts for Meetups: The Zoom accounts which were provided to Meetup Organziers during the Covid-19 pandemic, have been discontinued due to reduced demand and the wide availability of free and accessible videoconferencing tools.
- GatherPress Project, feedback and testing opportunities now open: The Community Team has outlined the future roadmap for the GatherPress plugin and is actively seeking feedback from the community to enhance the plugin and identify areas for improvement.
- WooCommerce 9.3 will be available on WordPress.org tomorrow as scheduled, but won’t be set as the stable version until Sep 11th: They want to provide the community and Woo team time to verify the release with WordPress 6.6.2 expected today.
- Transparency Report from Automattic: The report documents various stuff as DMCA takedown notices, trademark infringement complaints, EU-specific government information requests, and more for the time frame January 1 to June 30th, 2024.
- Automattic welcomes Pedraum Pardehpoosh as VP of Product: Pedraum Pardehpoosh who has previously worked with companies such as Walmart, and Apple is the VP of Product and will oversee product excellence across Automattic.
- Automattic is sponsoring Kevin Jahns, the creator of Yjs: The goal of this sponsorship is to make the Gutenberg editor more collaborative. Also, Yjs is a framework for building collaborative applications created by Kevin Janhs.
- Google Ads to deprecate enhanced CPC for Search and Display Ads: Google Ads will begin phasing out enhanced CPC in October with the goal of transitioning all remaining campaigns to manual CPC by March 2025.
- Google users warned of surging malvertising campaigns: Google search results increasingly exploited by “malvertising” ads spreading malware and phishing scams, researchers warn.
🚨WEB SECURITY & VULNERABILITIES
A collection of web security and vulnerability news and updates for the past week
This vulnerability can be leveraged to execute code remotely and was patched recently.
- Critical arbitrary file deletion vulnerability in MP3 Audio Player WordPress plugin affects over 20,000 sites: The vulnerability that allowed deletion of critical files like wp-config.php which can lead to remote code execution by authenticated attackers with minimal permissions such as subscribers was recently patched.
- Another critical vulnerability patched in LiteSpeed Cache plugin: The unauthenticated account takeover vulnerability (CVE-2024-44000) in the plugin with over 5 Million active installs allows any unauthenticated visitor to gain authentication access to logged-in users or assume an Administrator role. Users are to update to the latest version immediately.
- 6,000 WordPress sites affected by Unauthenticated Critical Vulnerability in WP Job Portal WordPress plugin: This vulnerability can be leveraged to create malicious administrator users, and also can be leveraged to include and execute arbitrary files on the server, allowing for the execution of any PHP code in those files. This was recently patched and users are to update to the latest version immediately.
- All new WordPress XSSplorer Challenge: The Wordfence Bug Bounty Program will now include all Cross-Site Scripting (XSS) vulnerabilities ( Reflected and Stored) till October 7, 2024. This applies to any plugin and themes with at least 1,000 active installations. They have also published a detailed guide on how to find XSS (Cross-Site Scripting) vulnerabilities in WordPress plugins and themes.
- Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024): There were 145 vulnerabilities disclosed in 100 plugins and 23 themes.
- WordPress vulnerability report — September 4, 2024: Weekly report from SolidWP
🔌 NEW PLUGINS & THEMES
Be one of the first ones to explore some fresh plugins and themes
- Covr theme: A theme designed for a sleek presentation of images.
- Voyago theme: A theme suitable for travel agencies, tour operators, and travel enthusiasts.
- Order Restriction plugin: The plugin allows WooCommerce store owners to enforce minimum order amounts on their online stores.
- Approve New User plugin: This automates the user registration process on your WordPress website.
💵 INVESTMENTS, ACQUISITIONS & PARTNERSHIPS
- E2M Solutions acquires WPLift: E2M Solutions, a leading white-label partner has acquired WPLift.
👥 COMMUNITY NEWS
Updates and News from the WordPress Community
According to the report, 72% of merchants attribute more than 20% of their annual revenue to BFCM and the holiday season. Of the stores that generate more than $1M per year in revenue, 56% plan at least a month ahead of BFCM, and another 28% plan in the month leading up to the event. Tamara Niesen, CMO at WooCommerce has also shared further insights on this.
- WordPress security survey statistics: 2024 edition: A few of the key findings of the survey include that many administrators fail to implement security best practices that address their primary concerns, two-factor authentication is by far the most widely adopted security measure, Over half of those who never experienced a security breach do not have a recovery plan and more.
- Announcing WordPress Unplugged, a new podcast: A new podcast hosted by Jamie Marsland and Kevin Geary. The first episode is scheduled for September 11, 2024.
- Launch of The Accessibility Show on WP Builds: Joe Dolson and Nathan Wrigley will host this new podcast series called, The Accessibility Show. Each episode will focus on one interface component or one accessibility issue.
- Really Simple SSL rebrands to Really Simple Security: Really Simple SSL, the most used SSL plugin for WordPress with 5 million installations, announces its rebranding to Really Simple Security. This change reflects the plugin’s evolution from an SSL configuration tool to an extensive WordPress security solution.
- Create Content Model plugin from WordPress.com: The experimental plugin transforms the way custom post types and custom fields are created and managed in WordPress by making use of the latest core features to bring content modeling into the Block Editor.
- WooCommerce Product Table 4.0 released: This release introduces a new table builder that simplifies the process of creating tables and new front-end features such as the ability to display the total and subtotal price, and a ‘Select all products’ option.
- WPBundle plugin launched: With this, you can create automated bundles that increase AOV and generate demand for slow-moving products. You have full control over the products, set the preferred price, and more. As a part of the launch offer, you can avail 50% off with the coupon code SAVE50.
- A major milestone achieved by SureTriggers: SureTriggers has now crossed over 50,000 active installations, marking a significant milestone in its journey of empowering users to automate workflows and streamline tasks with ease.
- All new PHP Multitool: PHP Multitool from Kaspars Dambis is a docker image with multiple PHP versions and Composer v2 to install and run almost any PHP tool. Also, a single docker run command creates a report for all PHP files in the current directory.
- Laravel has raised a $57M Series A in partnership with Accel: Taylor Otwell, the founder and CEO of Laravel, shared this recent development with the community on X.
- Eric Karkovack wonders how easy web design should be, or are we just expecting too much from a tool?: Eric Karkovack initiated a discussion on X with the community regarding web design and WordPress and whether a novice is able to get professional results on their own? Anita replied, “ A “novice” wouldn’t necessarily need to learn web design. They could get a professional look by using a well-designed premade theme. Then they could add their own person touch on it. Just like they always have.” Katie Keith commented, “Yes, there should be an easy way to create a WordPress site using a simple drag-and-drop interface. Other platforms have this.”
- Plugin review queue update from Francisco Torres: In the month of August, he reviewed a total of 434 plugins which makes up about 68% of the total number of plugins submitted for review in August.
🔖 INTERESTING READS & PODCASTS
More posts and podcasts from the WordPress Community you don’t want to miss
- Sponsored contribution reflections: From Tammie Lister
- Etch: A unified builder for the future: From David McCan
- Etch announcement: It’s all about outsourcing risk: From WP BizDev
- My August in WordPress: From Aaron Jorbin
- Empowering inclusion: The impact of WordPress Accessibility Day: From Underrepresented in Tech
- The 8 year update: From Kitchen Sink WordPress
- Jonathan Bossenger on enhancing WordPress learning experiences: From WP Tavern Jukebox
- Using AI-generated content isn’t considered plagiarism: From Bertha AI
- Automattic: 10 year anniversary: From Anne McCarthy
- What should WordPress agencies look for in a web host?: From WP Minute
- Was Google’s document ‘leak’ a strategic move? An SEO theory: From Search Engine Land
🛠 GUIDE ZONE – HOWTO’S and MORE
Handpicked fresh guides from WordPress circle
- Introduction to phpMyAdmin: From Learn WordPress
- Understand where your files live: From Learn WordPress
- Submitting an enhancement to the WordPress Playground Block: From WordPress TV
- How to change your WordPress username: From WPMarmite
📆 SAVE THE DATES
Do not miss a WordPress event ever again
- WordCamp US on 17-20 September 2024: The tickets are now available.
- WordPress Agency Summit 2024 on September 27, 2024: The call for speakers is now open.
- WordCamp Nagpur on September 28, 2024: The call for sponsors is now open.
- WordPress Accessibility Day on Oct 9-10, 2024: The call for speakers is now open.
- WordCamp Youth Hackathon Skopje on October 19, 2024: An exciting event designed to inspire young people aged 14 to 17 in the world of WordPress.
- Rome Core Days on November 8-9, 2024: This will be a two-day event dedicated to WordPress Core developers with round tables, open discussions, and contribution rooms.
- WordCamp Kerala on November 9, 2024: The call for topics and ideas is now open.
- WordCamp Romania on November 14-15, 2024: Tickets are out.
- WordCamp Malaysia on November 22-23, 2024: Call for Speakers is out.
- WordCamp Netherlands on 29-30 November 2024: The call for sponsors is out.
- WordCamp Asia on February 20-22, 2025: The venue will be the Philippine International Convention Center, Manila, Philippines. The call for speakers and A/V Team is now open.
- WordCamp Europe on 5-7 June 2025: The call for organizers is now open.
- WordCamp US 2025 on August 26-29, 2025: The event is in the early planning stages.
🎁 WORDPRESS DEALS OF THE WEEK
Again, these are the best deals of the week, handpicked by yours!
EXCLUSIVE DEALS
- 4 Months free offer on hosting plans of WP Engine (Coupon Code- FREEDOMTOCREATE)
- 10% off on monthly & annual plans at SureTriggers (Coupon Code- WPCONTENT10)
- 15% off yearly plans at Videvo (Coupon Code – WPV15)
MORE DEALS
- 53% off for NordLocker
- Up to 75% off on plugins, themes and hosting at WP Hive
- 50% off on the Thrive Suite yearly plan.
- 50% off Web Hosting Packages at StableHost (Coupon Code – 50OFFYEAR1)
- 80% off for plugins at WPPool
- Up to 67% off hosting plans at HostPapa
- 50% off for Advanced Giftcards for WooCommerce plugin
- Upto 60% off hosting plans at Nexcess
- 30% off for Fluent Forms plugin
- 50% off at Formidable Forms
- 30% off for FluentCRM plugin
- 50% off for WP Social Ninja plugin
- Upto 95% off for PitchGround products
- Upto 73% off WordPress Hosting plans at InMotion Hosting
- 77% off hosting plans at SiteGround
- 65% off at Hostgator India (Coupon Code- SUNSHINE)
- Up to 74% off at Liquid Web
- 52% off on Managed Dedicated Server Hosting at Liquid Web
This weekly newsletter is kindly sponsored by awesome WordPress Companies 🦸♂️🙌
Last but not least, updates from WP-CONTENT.CO 👇
Earlier this year, the WordPress Community Team introduced a proposal to test GatherPress on the WordPress.org network as…
Beginning October 1st, 2024, WordPress.org will implement mandatory two-factor authentication (2FA) for all plugin and theme authors. In…
Patchstack has reported an unauthenticated account takeover vulnerability in the popular LiteSpeed Cache plugin. This report comes just…
Anne McCarthy has unveiled the roadmap for WordPress 6.7, offering a preview of the exciting new features and…
Team WP-CONTENT.CO
Built with Newsletter Glue.