[ad_1] Extendify has been scooping up some successful block-related plugins in recent months. It acquired the Redux Framework in November 2020 and followed it up with a purchase of Editor Plus and Gutenberg Hub in December. Its latest pickup? EditorsKit. This ownership change was an adoption rather than an acquisition. The company is compensating Jeffrey Carandang, EditorsKit’s creator, for helping during the transition. “The main motivation was to ensure that EditorsKit has a good home,” said Extendify co-founder Chris Lubkert. “Jeffrey had taken a full-time role with 10up, and the plugin hasn’t seen any updates in 9 months. So we are both excited about Extendify building on what Jeffrey has built and continuing to serve the user base.” EditorsKit is a playground of extensions on top of the existing blocks. From visibility logic to text formatting to extra block options, it has a little bit of everything. Carandang has often launched features long before something similar has landed in WordPress. It has grown to over 20,000 active installs since he first submitted it to the plugin directory. Taking on a new role with 10up as a web engineer left him little time to devote to the plugin. “My time was occupied by my full-time work and adjusting through my shifts, personal stuff, and with what’s happening in the world due to lockdowns; and the covid virus,” he wrote in his own farewell post. “I hate to admit it but I think I’ve neglected my role in the EditorsKit plugin/community that I’ve built for the past couple of years. With this, my sincere apology to the plugin users and the whole community.” Changes to EditorsKit When a plugin changes owners, users sometimes must brace themselves for changes. Right now, EditorsKit is the same plugin it has always been. However, the Extendify team has introduced some additions. The first is a part of what will eventually be a commercial aspect of the plugin: the Extendify Library. The team added this feature to both the Redux and Editor Plus plugins earlier this year. EditorsKit users will see a new “Library” button at the top of the editor. Once they click it, it opens an overlay for importing patterns and templates from Extendify’s collection. Popup library for importing Extendify patterns and templates. The amount of imports allowed is limited to three without signing up. “EditorsKit users have access to the same library of patterns and templates and can import three patterns and/or templates,” said Lubkert. “Anyone who signs up for the beta program will then receive unlimited imports during the beta period. We expect this to continue for a few more weeks.” Essentially, the commercial aspect of EditorsKit, Editor Plus, and Redux will be a shared library from the Extendify team. Users of any one of the plugins can continue using their preferred plugin with the option of importing patterns and templates. Lubkert said they still have no plans of rolling all of the plugins into one “super plugin,” keeping them each as a separate project. “It makes sense for us to invest our energy into a single library and creating the best experience possible for our users,” he said. The second change the team has implemented is making the EditorsKit Typography add-on a free download. The plugin allows users to select from a list of hand-picked Google Fonts and use them anywhere. It also has a customizable set of default font combinations. It makes sense to drop the commercial aspect of this add-on. WordPress is already starting to provide theme authors with the tools for typography options at the block level. EditorsKit Typography may be the better of the two right now, but the average user will not need it as the core platform continues to improve. ShareABlock and Other Projects The handover includes Carandang’s related sites. ShareABlock, CopyGlphys, and CopyGradients are all tools for helping WordPress users build on top of the block system. The Extendify team plans on keeping them alive. Carandang launched ShareABlock in December 2019. Essentially, it was a block patterns directory. Only, block patterns were merely an idea in the bowels of the Gutenberg GitHub repository at the time. The upcoming pattern directory, expected to officially open next month, was not even a blip on most people’s radar. ShareABlock homepage with downloadable “patterns.” ShareABlock has had time to mature. Its designs are more modern than the current offering from the pattern directory. The downside is the reliance on EditorsKit to import them via a JSON file instead of copy-paste block HTML code. With a few tweaks, it could be a serious contender as an alternative directory. If the WordPress development team follows through with a ticket I opened for allowing third-party vendors to hook into the system, it would be easy to do. “In general, we don’t see ourselves competing with the pattern directory (or anything else in core Gutenberg),” said Lubkert. “We’d like to solve unmet needs for the community and do so in a way that is complementary to core.” The team already has the patterns in place. Hooking in its existing library would be more of a value-add. The official directory is limited to what can be done with core block options. Extendify would have the wiggle room for adding designs built with its more robust EditorsKit and Editor Plus toolsets. Like this: Like Loading… [ad_2] Source link
Continue readingMonthly Archives: June 2021
Which Is the Best Marketing Tool? (2021)
[ad_1] Trying to choose between GetResponse vs Mailchimp for your email marketing and digital marketing platform? Both of these tools started as email marketing services but have since morphed into full digital marketing platforms complete with website and landing page builder tools, along with many other useful options. But which is the best tool for your specific situation? To help you decide between GetResponse vs Mailchimp, I’m going to compare these two tools in three key areas: Ready to get started? Let’s dig in! 🧰 Features To kick off our comparison, let’s go over the features that each tool offers in a comparison table. The core of both tools is email marketing, but both also offer other useful marketing features like a CRM, landing pages, and more. High-Level Features Feature Mailchimp GetResponse Email marketing ✔️ ✔️ CRM ✔️ ✔️ Landing page builder ✔️ ✔️ Full website builder ✔️ ✔️ Webinars ❌ ✔️ Live chat ❌ ✔️ Web push notifications ❌ ✔️ Facebook ad creator ✔️ ✔️ Dedicated WordPress plugin ❌✔️* ✔️ * Mailchimp only has an official plugin for WooCommerce stores. There’s no official plugin for regular WordPress sites. Overall, you can see that GetResponse can do pretty much everything that Mailchimp does…plus more. GetResponse just launched its own full website builder, so it now has feature parity with Mailchimp there (Mailchimp used to have that as an edge). Beyond that, GetResponse can go a lot further with useful features like webinars and live chat. With Mailchimp, you’d need to use a third-party service to add those features (and probably pay extra to do that). With GetResponse, though, you get everything built-in, which both simplifies your marketing efforts because you need to use fewer tools and also saves you money. Nitty-Gritty Features Now, let’s get more in-depth into the nitty-gritty features. I’ll break these down into different categories… Email marketing Feature Mailchimp GetResponse Drag-and-drop email builder ✔️ ✔️ Pre-built email templates ✔️ ✔️ Autoresponders ✔️ ✔️ Marketing automation ✔️ ✔️ Email analytics ✔️ ✔️ Transactional email support ✔️ ✔️ RSS to email ✔️ ✔️ Website/landing page builder Feature Mailchimp GetResponse Drag-and-drop builder ✔️ ✔️ Pre-built templates ✔️ ✔️ Popups and forms ✔️ ✔️ Custom domain ✔️ ✔️ A/B testing ✔️ ✔️ Sales funnels ❌✔️* ✔️ * You can manually create a sales funnel with Mailchimp – there’s just not a built-in feature to help you do it. Overall, you can see that things are pretty similar in terms of the core features that you’d look for. Of course, there are smaller feature differences here and there, but most people probably won’t notice big differences in either direction. ⚙️ User Interface Now that you know the features, let’s get into the user interface of Mailchimp vs GetResponse. That is – what is it like to use each tool and how user-friendly are they? Mailchimp Mailchimp has a very minimalist dashboard with lots of white space. To access the various tools, you can use the small sidebar on the left: To interact with your customers, you can create a “campaign”. A campaign can be pretty much anything: Email Customer journey Landing page Survey Ads Social media post Signup form Printed postcards Mailchimp Email Builder I’ll keep the focus on emails for now. When you create an email, you’ll get a multi-step builder that takes you through setting up your email in different screens. First, you can choose from three types of emails: Regular Automated Plain-text Then, you’ll be in the dedicated interface for your email, which makes it easy to set up key areas: At the time that I’m writing this, Mailchimp gives you a choice between two different email builders – the “Classic” drag-and-drop builder or a new builder that’s in beta. I’ll use the new builder because it might be the default builder by the time that you’re reading this post. When you create an email, you can choose from a blank slate or a pre-built template. Then, you can use a beginner-friendly drag-and-drop builder to control your email design and content. You can move things around with drag-and-drop and easily add new elements by clicking the plus icon: To edit text, you can just click and type. You also get a dedicated option to insert merge tags, which lets you include dynamic information in your email templates (like a person’s first name). For eCommerce stores, you’ll also get a dedicated product block. And that’s it for the highlights of creating an email. Mailchimp Website Builder The rest of the Mailchimp interface carries on the same general aesthetic. For example, the drag-and-drop website/landing page builder uses a similar builder, though the website builder is a little more “section-based” where you construct your website by putting together blocks for different sections. Inside each section block, you can customize the content and design: This means the website builder doesn’t quite offer full free-form drag-and-drop design, though it should be plenty for people looking to build simple websites. GetResponse In contrast to Mailchimp’s interface, GetResponse’s interface is a little more “busy”. That’s not a criticism, it just seems like a different design philosophy, where Mailchimp tries to create a minimalist experience and GetResponse tries to pack in every feature and navigation option: You can also customize the main dashboard to meet your needs by adding “widgets”. GetResponse Email Builder When you create a new email, you get a nice compact interface that looks pretty similar to the equivalent interface at Mailchimp: To design your email, you can choose from a variety of pre-built templates for various niches or start from a blank slate. Once you choose your starting point, you’ll be in a drag-and-drop builder. You’ll see a live preview of your email on the left along with options in the sidebar to add new content blocks or customize your existing blocks: When you select a block, you’ll open its settings in the sidebar. For text blocks, you can just click and type on the live preview and you’ll also get an
Continue readingAutomattic Launches Mayland Blocks, Its Second FSE Theme on WordPress.org – WordPress Tavern
[ad_1] Automattic released its second block theme to the WordPress theme directory last week. Mayland Blocks is geared toward photographers and other users who want to showcase their projects. It is the child of Blockbase, a sort of starter/parent hybrid the company’s Theme Team recently announced. I had high hopes for Mayland Blocks going in. I have kept a loose eye on its GitHub repository in the last couple of months. It was one of the first 100% block-built themes the team seemed to be working on. While block themes are still experimental at this stage, I was admittedly disappointed. Maybe my expectations were too high. I was eager to be wowed when I should have gone into this review more level-headed. However, I am who I am, and that is someone who is genuinely excited each and every time a new block theme comes along. I am ready for the next big thing, but Mayland Blocks did not fit the bill. As I began the process of testing the theme, the first order of business was to recreate the Masonry gallery as shown in the theme’s screenshot: Expected gallery layout from Mayland Blocks My first thought was that the default gallery output would automagically work. It did not. Then, I looked for a Gallery block style. Nothing there. I searched for a custom pattern. Nothing there either. In short, it was impossible to recreate the gallery shown in the theme’s screenshot — one of the primary features that drew me to it. Bummer. I was looking forward to seeing a Masonry-style gallery of images built on top of the block system. Standard gallery output with Mayland Blocks. With a tiny bit of sleuthing and peeking under the hood of the theme’s demo on WordPress.com, I saw that it was using the CoBlocks plugin by GoDaddy. The thing that made the theme special had nothing to do with the theme. After a quick install, I converted my existing gallery to the CoBlocks Masonry block. Success! Masonry gallery output via CoBlocks. At that point, I began to wonder why I was even testing Mayland Blocks at all. Its claim to fame hinged on showcasing photography. The core Gallery block works well enough, and I can use CoBlocks with any theme. Most decent ones provide the sort of open-canvas template that is no different than Mayland’s front page. What would have made it a great theme would have been living up to its screenshot’s promise. This was also a missed opportunity to showcase some alternate Gallery block styles and patterns. If we want more users to buy into this system, some of our best design and development teams need to take that one extra step. For such a simple theme, one well-suited as a one-page design, this was the moment to lean into the photography angle. Provide users a Polaroid picture frame option: Add a “no gutter” block style: Bundle a few patterns that combine the Gallery block with others. Give us a little flavor. Mayland Blocks works well as a WordPress.com child theme because its suite of plugins is available to all users out of the box. For a publicly-released project on WordPress.org, it is a little disappointing that it was a straight port. The child theme is essentially its parent with an open-canvas front page template and some trivial font and color changes. Surprisingly, it made it into the theme directory with so few alterations. Two days later, another child theme was outright rejected for just adding “some minor changes which can be made directly from the parent theme.” The inconsistent application of the guidelines by different reviewers has long been a thorny issue, especially when more subjective rules come into play. However, block themes have more wiggle room at the moment. There are so few for users to test that it makes sense to let things slide. One of the Themes Team’s previous hard lines has been that bundled front page templates must respect the user’s reading settings. This meant that if a user explicitly chose to show blog posts on their front page, the theme must display those posts. Mayland Blocks is the first that I have seen get a pass on this, a hopeful sign of more leeway for directory-submitted themes in the future. Block themes are a different beast. HTML files are not dynamic, and there is no way to put a PHP conditional check in a front-page.html file in the same way as themers once did in a front-page.php template. There is a technical workaround for this, but I do not think it is necessary. Block themes are changing the game, and the guidelines will need to follow. I love seeing the contribution — any contribution, really — of another block theme to WordPress.org. However, I want to see more artistry on top of the Blockbase parent theme. Like this: Like Loading… [ad_2] Source link
Continue readingAlex Denning and Iain Poulson Launch FlipWP, an Acquisitions Marketplace for WordPress Companies – WordPress Tavern
[ad_1] Alex Denning and Iain Poulson launched FlipWP today, a private marketplace to facilitate acquisitions for WordPress companies. WP Engine’s recent published research, which estimates the WordPress economy at $596.7B, has inspired confidence in the ecosystem. An increasing number of acquisitions announced over the past month is also reinforcing the need for a more centralized marketplace for these opportunities. “Iain and I started talking a lot more regularly a year ago, when he started Plugin Rank,” Denning said. “He was getting people asking him for acquisition opportunities, and with Ellipsis I was getting clients asking for help evaluating acquisitions and with sales. There was no go-to marketplace, so in March we started talking about working together on solving the problem.” Sellers can list on FlipWP privately for free and buyers handle their own sales, with no exclusivity obligation. The site doesn’t charge for listings and it doesn’t take commission from any sales. The $299 membership for buyers opened today, which offers access to FlipWP’s email list of acquisition opportunities. Listings include business data, such as ARR and monthly profit, the asking price, and commentary about the opportunity from FlipWP. Buyers can reach out directly to sellers with no middleman involved. In the past, finding a buyer for a WordPress company required having a wide network, knowing the right people, or posting on various marketplaces like Flippa and MicroAcquire. “Every week I was hearing about another acquisition, getting an email from someone looking to buy a plugin business, or emails from developers asking the best way to sell,” Poulson said. “The need for a WordPress specific acquisition marketplace became more and more apparent.” The Acceleration of Acquisitions in the WordPress Ecosystem There is a lot of buzz on Twitter lately, questioning whether an active acquisition market is a healthy development. Some have expressed concern about small, independent tools getting bought up by larger companies and worry that consolidation will lead to lack of competition. Eric Karkovack wrote in a post speculating on the future of plugin acquisitions, entertaining the possibility that “a few big players simply set the rules for everyone else to follow:” Frankly, it’s becoming a lot harder for solo entrepreneurs or small development shops to manage a popular plugin. Supporting a large userbase while also focusing on the future could become overwhelming. Thus, it’s not surprising to see that some of these products are being sold off to larger firms. We saw something similar happen with internet providers back in the early 2000s. The more mature the market, the harder it became for a small company to carry out its mission. Pretty soon, they were just about all bought up by corporate interests. While that may not fully reflect the case here, it seems to at least be trending in that direction… It will take some time. But there might come a day when a typical business website runs plugins from perhaps only a few big development houses. Not everyone shares this same bleak outlook on the potential effects of consolidation. During Matt Mullenweg’s Q&A at WordCamp Europe, Brian Krogsgard asked what these acquisitions mean for the health of the WordPress economy. Mullenweg sees it as a positive development that should spur more creation: It’s a really exciting time because it feels so robust and healthy. The fact that these exits are happening then creates more incentives for something new to be created, either from the alumni of these companies or by people that know that they can get something to a certain point and sell it to one of these companies. It’s actually not very different from Google and Yahoo and all of these companies that buy up lots of startups. Guess what, that created way more startups, some of which became Airbnb and Uber and challenged the tech giants. That’s the beauty of how the ecosystem works. Poulson and Denning are also optimistic that FlipWP will open up more opportunities for business owners to get connected and accelerate the process for all parties involved. “The acquisition trend is indicative of WordPress maturing,” Denning said. “If WP Engine thinks the WordPress economy is worth $597 billion dollars and the biggest public companies in WordPress are worth ~$20bn, we’re about $577bn short. A lot of that number will be made up through the small businesses we see getting sold, and until now they’ve not had a way of selling other than ‘post it on Slack.’ If that study is right, then the one-most-weeks rate of acquisitions might actually be significantly too low, and those businesses are being undervalued, too. We can make it much easier for buyers to find quality WordPress listings, and we can make it much easier for sellers to get the best price.” Like this: Like Loading… [ad_2] Source link
Continue reading#4 – Dan Maby on the Importance of the WordPress Community – WordPress Tavern
[ad_1] Sure. So as a charity, we always intended to have some form of larger in-person event. Events have been something that’s had a real passion for a very long time. The ethos of bringing people together, helping reduce social isolation of lone workers is something that really fits well with everything that we’re doing in terms of Big Orange Heart. So we wanted to enable people to come together. That had always been on the cards from the very early stages of Big Orange Heart. Of course, when we got thrown into this situation with the pandemic, as I say, we moved into the virtual environment for our monthly events, that platform that I’ve been discussing, we actually opened up to other communities. So we’ve enabled other communities to be able to run their events through our platform, without any charge to them. We just simply wants to be able to create a solution for those communities to continue to come together when they couldn’t deliver them in person. What that actually meant was that we, in the first 12 months that we were delivering events through our live dot Big Orange Heart dot org site, we’d had over 12,000 attendees come through that platform, which has meant that we’d obviously had a huge amount of feedback and we’d been able to iterate very quickly across that solution to get to a point where we actually decided that we want to deliver a larger scale event. It’s always been on the cards. Why not do that as a virtual conference or virtual festival? That’s really where the concept of WordFest was born. And I want to, again, when we give a huge shout out to Brian Richards, particularly of WordSesh. WordSesh has been around, you know, as a virtual WordPress focused virtual event for many years, I can remember way back in the early days of the first WordSesh, the first few WordSesh’s, which were 24 hour events and had a lot of fun attending those. And I remember attending my first one and actually attending for the full 24 hours. So this wasn’t something that was new in our space. We were very aware that there was a desire for it, but we wanted to wrap together the two elements of what we do. Our hearts really are in WordPress, but our focus is really around wellbeing and mental health, positive mental health. So this concept of WordFest was about bringing those elements together. So if you attend WordFest, you will find content that focuses on both WordPress and our individual wellbeing as remote workers. It really was about this concept of a global celebration of our community. We talked about different ways of delivering it. We talked about do we do over multiple days because we appreciate time zones, how do we, how do we factor in a way of enabling anybody that wants to attend to be able to attend? But we didn’t want to just say here’s a set time on this day, here’s six hours that would deliver it or, over a period of days, we’ll do, it was a real challenge. So we, we kept coming back to this 24 hour concept because it would end up, if somebody wants to attend over that one day, there was some point in the day that hopefully they would be able to join us. And it has mushroomed. It’s grown and grown. We set out to deliver the first one back in January, this year, 2021, we set a target of 2000 attendees to the event we had just over two and a half thousand attend. So it was, we completely smashed all our expectations in terms of people attending the event. But also we completely smashed our expectations in terms of the number of sessions that we were delivering. We initially set out a wanting to deliver 24 sessions over the 24 hours. That turned into 36 sessions actually ended up being 48 sessions through the first event. I’m really happy. I’m not sure it’s the right word, but I’m really happy to say that this time around we’ve actually got 66 sessions that are going to be delivered in the 24 hours. It’s been a phenomenal experience, delivering this as again, as a wonderful team of volunteers, sitting behind this people like Michelle, Cate, Hauwa, Paul, just wonderful people that are really enabling us to be able to continue to grow this event into a much larger scale event than it ever was initially. So the next WordFest live is taking place on the 23rd of July. So we’ll be featuring 66 sessions over a 24 hour period. And it is, I think one of the most wonderful things I took away from the last WordFest was, as an organizer, having organized many in-person events, there’s always a connection with your co-organizers. Certainly if you’re running a larger event, such as a WordCamp, for example, you build up this rapport and you build up this relationship that on the day of delivering the event often it’s, it’s, it’s tiring. There are, yeah, there are moments of challenges, but there are just wonderful moments as well. But you experience all of those things together as a team. What I took away from WordFest live, which was a genuine surprise to me was we managed to create that same experience. We managed to create that same shared experience as we were delivering the event. I’ll never forget sitting here, I think I was in about hour 36 of because I’d been up some time before the event and I was sitting there and just the silence that was actually happening as a bunch of organizers, we all knew how, what we were experiencing in that moment. And it was just a real special time. We use various tools to deliver it. And one of the key secret ingredients for us as organizers was Discord.
Continue readingChanging The World, Changing Me
[ad_1] WordPress was created when I was 10 years old. I try to imagine myself at 10 and the only images I can conjure up are ones of anxiety. My world both felt so small and was so small yet what I felt seemed so big. I don’t look back fondly on those years. I was a ball of competitive anxiety who was just coming out of being made fun of for years for my speech impediments and finally starting to figure out who I might be. My 10 year old self didn’t like change and didn’t know how to cope. My 10 year old self had no concept of what was being created during these strange years and I’m filled with gratitude thinking about those who were paving the way before I could even conceptualize what a website was. WordPress has fundamentally changed who I am. I don’t say that lightly. I have an urge to jump into a monologue of, “How do I love thee? Let me count the ways” when I think about WordPress. Finding My Creativity The most profound change started in awakening a sense of creativity and belief in myself. I work hard at things but my earlier black and white point of view often limited any amount of creativity I might have had. I’ll never forget in college working for web.unc.edu, UNC Chapel Hill’s WordPress multisite installation, and discovering that I could create as many sites as I wanted. The ease of use and the unlimited possibilities led me to create site after site. This still happens now with https://letslifechat.com/ born this year out of my desire to share my love of questions and deeply connecting with others, especially during a year of profound disconnection. Along the way at UNC, I got to work with brilliant and kind coworkers who believed in me to the point of encouraging me to apply to Automattic after I had to graduate a year early. Knowing they believed in me helped me apply and the case of redbull they sent me for my trial helped me get the job! I never saw myself as creative since creativity was defined for so many years as being art focused (poetry, painting, etc) and I have absolutely no artistic abilities. Being able to make an idea come to life online has changed how I view myself – I now see myself as creative and capable. This shift in how I view myself led me to create initiatives like accelerate.lgbt and Mentor Everywhere at Automattic in my free time. I never realized that my handwriting and drawing abilities could be terrible yet, at the same time, my creativity could be powerful. The results of my creative actions have solidified a sense of belief in myself that is deeply profound. It’s something I fall back on during tough days of self doubt and tough problems. Finding The World Because of WordPress’ global and distributed nature, I have been afforded the opportunity to travel to far away lands and to be there for meaningful moments with dear loved ones. Being a “nomad” is something I never thought I’d be. Being connected to people all over the world felt unfathomable and still feels like more of a dream than a reality. It’s challenged every aspect of who I am and I am better for it. Combined with the ability to see the world, I get to work with folks from all over the world every single day thanks to WordPress. This has given me the honor of having a global mindset that I carry with me no matter where I go. I feel I have traveled enough for many lifetimes over. Once you begin thinking at that scale, whether due to a global mindset or due to the percentage of the web powered by WordPress, you can’t go back. Something in you changes for the better. Finding Who I Am I think often of LGBTQ+ people of years past and how many likely never would have had the chance at a life that I have. This rings particularly true during Pride Month. On top of everything else, WordPress has given me a platform and a job where I can be my truest self whether that’s sharing my mental health struggles, talking about my evolving thoughts on being born through surrogacy, or imagining a different way of existing with many little homes rather than one. With WordPress, I can share my words and I can be heard. I can fiercely be myself and be amplified rather than silenced. I can join community meetings and proudly share a rainbow emoji as I say hi. WordPress has emboldened me and has given me so many opportunities to use my newfound creativity to lead in various spaces. None of the above gets to the root of why I LOVE what I do and love what WordPress is to me. Beyond any personal change, WordPress has allowed me to help others and to increase my own impact on this world. Whether it was working with department sites during my time at UNC or helping a local non profit set up a brand new website to bring theirs out of the 90s, I am thrilled to have a job and a passion that centers on helping others succeed. It’s such a privilege to work with folks during different stages of their sites – it’s always so personal and so sacred. I can vividly remember the first time this gripped me. I was helping a professor at UNC set up a site and when we finally published it, he couldn’t believe it was “live”. He kept asking me whether other researchers, students, professors, etc. could find him. As I began to explain how everything worked, he was nearly brought to tears. “I can’t believe my life’s work can be found by anyone in the world.” I was just a freshman at this point and didn’t quite understand what I had stumbled
Continue readingAutomattic Acquires Day One Journaling App – WordPress Tavern
[ad_1] Automattic has acquired Day One, a journaling app available on iPhone, Android, iPad, Mac, and Apple Watch. The app makes it easy to create journal entries on the go, offers end-to-end encryption for privacy on its paid tier, and has offline capabilities. While most users compose private entries, Automattic’s acquisition announcement promises integrations for publishing to the web: That doesn’t mean that everything you journal has to stay private, though. When you want to share specific entries – or even entire journals with the world – you can expect seamless integrations with both WordPress.com and Tumblr to do just that. On the flip side of that, importing your favorite content from WordPress.com and Tumblr into Day One is on the near-term roadmap. In a post on his personal blog, Automattic CEO Matt Mullenweg said he has been a user of Day One since 2016 and spoke highly of the app’s infrastructure: Day One not only nails the experience of a local blog (or journal as they call it) in an app, but also has (built) a great technical infrastructure — it works fantastic (when) offline and has a fully encrypted sync mechanism, so the data that’s in the cloud is secured in a way that even someone with access to their database couldn’t decode your entries, it’s only decrypted on your local device. Combining encryption and sync in a truly secure way is tricky, but they’ve done it. A journaling app is a surprising acquisition for Automattic, which has traditionally gravitated towards snapping up publishing-related companies and tools. WordPress is capable of powering nearly every kind of public-facing website, but private publishing has never been its strong suit. Though many have used WordPress in a sort of “private” mode for journaling, or set up local installations, the software is not streamlined for this particular use case. Day One expertly handles this niche that has remained relatively untouched in the WordPress ecosystem. In explaining the acquisition, Mullenweg also touched on his “vision of making Automattic the Berkshire Hathaway of the internet,” a notion shared by Tiny Capital and often applied to Alphabet and its diverse holdings. One distinction is that Automattic’s acquisitions tend to complement one another technologically, often introducing the potential for improvements that can be shared with other products through open source software. Day One Community Remains Trepidatious About the Acquisition Why did Automattic buy the company? Day One customers are curious, as some of them perceive Automattic to be another “corporate giant” gobbling up a scrappy startup, ready to squeeze every possible drop of revenue out of the app’s loyal customers. Many long-time Day One users have never heard of Automattic and they are understandably leery of seeing their beloved app change hands. Perusing the comments on the Twitter announcement and in the app’s community on Facebook, the news has precipitated a stream of cancellations and exports as users explore alternatives. Numerous customers were disheartened by one particular ambiguous statement in Day One’s announcement, which left the door open for future changes to the privacy of the app: Rest assured there are no current plans to change the privacy of Day One; safely protecting memories and creating a 100% personal space is the foundation upon which this company was built. The statement has since been updated to be more reassuring to users, although it still doesn’t explicitly promise no changes. It does contain a hint at why Automattic was interested in acquiring the app: Rest assured that Day One’s commitment to protecting your privacy remains unchanged. Safely protecting memories and creating a 100% personal space is the foundation upon which this company was built. (In fact, our technical capabilities around privacy are a large part of what Automattic finds valuable in our company). I have never seen a more engaged community with such a strong reaction following an acquisition. Many are deeply invested, having poured years of their lives and private memories into Day One. “Oh, great. I find a journaling app I really like and have 10 years of entries invested, and they get gobbled up by a bigger fish,” one user commented in the app’s Facebook community. “What will become of our beloved app? Will the safety, security, and integrity of our data be assured? Time to back up all of my data local.” Users have concerns about Day One’s updated privacy policy and whether the company might share data with affiliates. Many embraced the app because it was free of any ties with social media platforms. They have sewn themselves into this app in the most vulnerable way, and they are worried about how their private data will be handled in the future. Automattic may have a long road ahead in easing customers’ concerns so that they don’t feel the pressure to export and look for alternatives. As someone who considered using Day One years ago, I think I would be more likely to use it now, knowing that Automattic is usually in it for the long haul. I passed on Day On at the time because apps come and go and it’s not always easy to predict which ones have the right business model to stay afloat. One of my worst recurring nightmares is that I accidentally throw away my paper journals or that my house burns down with my journals inside. Putting trust in a company to keep your electronic data safe and private is an intensely personal decision. Knowing that a larger company with more resources is behind Day One, along with leadership that bears a genuine appreciation for its underlying tech, it seems like a safer pick for a journaling app that will be around for the next ten years. The company’s founder and CEO Paul Mayne will continue to lead his same team at Automattic and is convinced that the move will be beneficial for “the preservation and longevity” of the app. Given how passionate Day One’s user base is about protecting the app’s future, I’m eager to how Automattic handles the
Continue readingIs It OK To Provide WordPress Admin Credentials to Plugin Support Staff? – WordPress Tavern
[ad_1] No. Nada. Nah. Nope. That’s a negative. Under no circumstances. My mama didn’t raise no fool. Heck naw. Not on your life. And, the other thousands of ways to tell anyone asking for site credentials to bugger off, even plugin support staff of a “trusted” WordPress development company. That is my way of saying that I do not trust anyone. Neither should you. However, there are cases where it is necessary to provide admin permissions to a plugin’s support staff. Today’s installment of the Ask the Bartender series comes courtesy of a reader named Niko. Because the entire text is over 1,000 words, I will simply link to the transcript via a .txt file for those who want to read it in full. Here in the post, I will stick to the vital bits. Or at least the parts that I want to address. One of Niko’s Facebook group members kicked the discussion off. ‘Is it okay to send FTP details for a plugin developer to troubleshoot the issue we are having with WooCommerce. We have already provided WordPress Admin credentials.’ This is pretty normal practice in the WordPress world, right? Plugin developers helping out on issues, and if they can’t replicate an issue, they need the access so they can check if it is a plugin issue or a server issue and fix things? Over the years, I have seen this become more of a common practice. However, it is not a practice that I recommend from either the user or developer end. Any site owner should ask whether they trust the person to whom they are giving credentials. If the answer to that question is no, you have the answer to the first question. In over a decade of running a theme and plugin shop, I never needed admin or FTP access to deal with a support question. It did not matter if it was a large and complex plugin or a small one. Because I was the sole person at the company, I also personally answered hundreds of thousands of support questions over the years. Still, not once did I log into a user’s site to help them. That always seemed like a liability issue for me, but I also used such scenarios as teaching moments about trust and security. Users sometimes provided credentials to me without me asking. Often they posted them in plain text in forums, email, or Slack (also, you should never do that). If on-site code needed changing, my users performed the task themselves or installed a bug-free version of the theme/plugin I handed over. If they did not know how to perform a task via the admin, FTP, or otherwise, I took the time to teach them. Yes, that required more energy on both ends, but I believe we were the better for it. More than once, those moments led some users down the path of becoming developers themselves, or it was at least a tiny stepping stone for them. I remain friends with many of them today and am proud that they started with my little solo WordPress shop. Some cases were rougher than others. Many times, I would replicate their setup (plugins, theme, etc.) on my machine. The majority of the time, this led me to the solution — I was using __doing_it_wrong() long before WordPress introduced the idea. In the long run, I was able to pass countless bug fixes upstream to other developers. I made a lot of developer friends this way too. I have no doubts that the road I traveled was the longer of the two. There were times when I spent an hour, two, or even more addressing one user’s needs. Popping into some of their WordPress admins would have been a quicker course. However, my theme and plugin users never needed to worry about whether they trusted me enough to provide that level of access. Plus, I had no chance of accidentally breaking their site by making custom changes. Are there times when a plugin’s support staff really needs access? Probably. The original question was regarding WooCommerce. It is one of the most technically advanced plugins in existence for WordPress. Replicating a user’s setup off-site for it is trickier than most others. There may be rare times when you need to provide some access, but you should never trust anyone. The second part of Niko’s question revolves around the European Union’s General Data Protection Regulation (GDPR) and user data. It is a vital part of dealing with those times when you decide to hand over the keys to your website. Alright so here comes the issue after we think about GDPR. If this developer happens to be outside the EU, then you would need to anonymize customer data and make an NDA agreement with that exact dev or company that is behind the plugin so they can come around and fix things. I will preface this with the usual I am not a lawyer. However, protecting user data is always a legal and ethical priority on any site you run, regardless of what jurisdiction you fall under. In those — again, rare — cases where you need to provide access to your WordPress admin, there are steps you could take to better protect your site and its data. Regardless of the trustworthiness of a developer or a support staff member, there is always one rule of thumb when dealing with website security: trust no one and trust nothing. The first step should always be having a backup system in place. On the off chance that the support staff breaks something, you will want to revert the site back to its previous state. Never provide complete admin-level access. I recommend installing and activating a role and capability management plugin. This will allow you to create a custom role for support help and limit the areas of the site they have access to. You would then create a user account for them with this
Continue readingToolbelt Tidies WordPress Plugin and Theme Admin Notifications – WordPress Tavern
[ad_1] It’s a tale as old as, well, WordPress. Ben Gillbanks noticed a conversation where someone thought that admin notices were getting out of hand. Enter another developer’s attempt to address this problem. With a few code additions to his Toolbelt plugin, he had a working solution to stop the madness: the Tidy Notifications module. Despite the early promise of the WP Notify project last year, it still feels like we are no closer to addressing the overuse of the current admin notice system in WordPress. In reality, it is not so much a system as a hook that developers can use for literally anything. It is the Wild West of the WordPress admin. No rules. No order. And no proper API for standardizing how notices work. WP Notify still exists on GitHub and continues to move along at its own pace, but there is no guarantee that it will ever land in the core platform. Sometimes, the best thing a developer can do is solve the existing problem and hope that WordPress follows along down the road with a better solution. I am already tidying admin notifications with Toolbelt on my development install. My primary use case is to hide the non-dismissible notice from the Gutenberg plugin that I have a Full Site Editing theme installed — is there not a guideline against such notices? I did not suddenly forget that I was using such a theme between the 999th and 1,000th time the reminder appeared on every admin screen of my installation. Notifications expand when clicking on the bell icon in the toolbar. The Tidy Notifications system in Toolbelt neatly tucks all admin notices under a bell icon in the admin toolbar. It also displays the number of notifications. It makes the WordPress admin so clutter-free that I do not know how I have lived without it before. I cannot imagine going back. The only problem with Toolbelt’s solution is that there is no way to distinguish between essential notices and those that should be tucked away. WordPress letting you know that your post was successfully updated is an important notice that should not be hidden. However, a plugin author drumming up five-star reviews, yeah, that should not be front and center. Having two systems would be beneficial. The existing admin_notices hook in WordPress should be used for letting users know the outcome of their actions or actions that they should take. The post editor, which does not use page reloads or make the hook available, has replaced this with the snackbar popup system. These necessary notices have their place. However, WordPress has no built-in system for non-essential notices. This leaves plugin and theme authors with two options: bundle an entirely custom notification apparatus with each extension or just use the admin_notices hook. The latter is the more efficient use of developer resources. Of course, we have had this conversation before. Just shy of a year ago, I wrote a post titled Are Plugin Authors to Blame for the Poor Admin Notices Experience? In the comments, WordPress project lead Matt Mullenweg posited that the solution to unwanted notifications is not to build an inbox, comparing WordPress to cell phones. He said that app store guidelines were likely more impactful to user happiness. In general, I agree with that concept. Setting down a few directory UI and UX rules would not hurt. Given the more recent push to loosen guidelines for the theme directory, that does not seem to be in the cards. Admin notices were not one of the guardrails, the safety net of “must-haves” from the Themes Team. The admin notice spam WordPress users see today most commonly comes from plugins and not themes. Why? It is not because theme authors care more about user happiness levels. It is because the theme review guidelines over the years have been strict. Anything too flamboyant gets the hammer. The WordPress Themes Team even has a custom guideline-friendly, drop-in class that themers can use. The plugin and theme directories have taken far different stances on admin notices, and it shows. When the Themes Team moves to minimal checks, there may not be anything to stop themers from competing for the most obnoxious admin notice award. Game on, plugin authors. “Unwanted” notifications may even be the wrong terminology. Often, they are “unwanted right now.” Sometimes, folks might want to read a message — just later. I am still holding out hope that we will have a notifications/messages inbox in WordPress one day. One that is entirely controlled by the user. Until then, I may just stick with the Tidy Notifications module in Toolbelt. There are many other handy components in it too. Like this: Like Loading… [ad_2] Source link
Continue readingWordfence Now Authorized as a CVE Numbering Authority – WordPress Tavern
[ad_1] Wordfence has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA (CVE Numbering Authority), which allows the company to directly assign CVE numbers for new vulnerabilities in WordPress core, plugins, and themes. The authority is granted by Mitre Corporation, a federally-funded US non-profit that manages research and development centers. Wordfence anticipates that the ability to create CVE assignments will expedite its security research. “As the Wordfence Threat Intelligence team continues to produce groundbreaking WordPress security research, Wordfence can more efficiently assign CVE IDs prior to publicly disclosing any vulnerabilities that our team discovers,” Wordfence threat analyst Chloe Chamberland said. “This means that a CVE ID will be immediately assigned with every vulnerability we discover rather than waiting for an assignment from an external CNA.” Not having to wait on a CVE ID is a major advantage for the company, especially when working with enterprise installations where WordPress is used in combination with other software. It also helps security personnel prioritize and act based on the potential severity of threats. “Our efforts to become a CNA had these individuals, institutions, and enterprise personnel in mind, as well as WordPress’ reputation as a whole,” Chamberland said. “Now, those tasked with securing WordPress will be able to quickly reference the CVE ID from our blog posts when reporting vulnerabilities throughout their organization and handling security update prioritization. We also hope that by being a CNA, Wordfence will receive even more direct reports from security researchers.” Becoming a CNA simplifies a security company’s process of submitting vulnerabilities. Wordfence is the second company to become one, operating within the scope of WordPress and related vulnerabilities. In January 2021, WPScan was granted CVE Numbering Authority status. Prior to becoming a CNA, assigning CVEs for every vulnerability in WPScan’s database would have been too time consuming. “Becoming a CNA has allowed us to help security researchers to verify and triage their vulnerabilities,” WPScan founder and CEO Ryan Dewhurst said. “This has helped grow our WordPress vulnerability database and keep WordPress users secure. But it is just one source of vulnerabilities among many others that we use.” The process for Wordfence to become a CNA was surprisingly simple. Chamberland said the company filled out a registration form with a few questions. “Once we were approved and agreed upon a scope, you are required to watch a series of onboarding videos that explain the processes required of a CNA,” she said. “After that, we had an onboarding meeting to ensure our team was fully trained on CVE Program protocols. It took Wordfence about a month to get authorized as a CNA once they received our registration form.” Historically, the WordPress ecosystem has been a magnet for those looking to exploit vulnerabilities, due to its large footprint on the web. That trend is likely to continue. Chamberland believes there is room for multiple CNA’s in the WordPress space. “We’ve had a great working relationship with WPScan over the years, and we expect that this relationship will continue as we have a similar mission in helping secure the WordPress community,” she said. “As WordPress grows, it becomes a larger and more attractive target for malicious actors. The more hands we have on deck, and the better we collaborate and adhere to industry standard security practices, the safer WordPress will be.” Attracting more researchers to report vulnerabilities is a major benefit to security companies that gain CNA status, since they are essentially in the business of selling vulnerability protection data. They give their paid customers early access to patches that are not yet available to the general public. Becoming a CNA has the potential to increase the value their businesses can provide. “With this growth in WordPress, we expect to see more security researchers in the WordPress space,” Chamberland said. “As such, we are bound to see an increase in CVE ID requests. Having multiple CNA’s that can assign CVE IDs to WordPress core, plugins and themes make sense to improve the speed in which security researchers can obtain CVE IDs, and provides researchers with multiple sources for CVE IDs.” Like this: Like Loading… [ad_2] Source link
Continue reading