WordPress 5.2, Jetpack Ads In Plugin Search Screen, Plugin Vulnerabilities Protests 🗞️ May 2019 WordPress News w/ CodeinWP

 This is the May 2019 edition of “This Month in WordPress with CodeinWP.” 

Hello everybody, we are back with a fresh round of front page WordPress news from the last month. And what a month April has been! Except for details on the WordPress 5.2 release (which was pushed back to May 7), controversy is the best word to describe the last four weeks in our community.

To sum it up, Jetpack displayed a sponsored ad on the plugin search screen in the WordPress dashboard, Pipdig theme developers used their own P3 plugin to stealthily access customers’ websites and DDoS competitors, the WordPress.org support forum’s moderators were criticized for what someone perceived as covering up plugin vulnerabilities, while – in lighter news – Automattic launched Happy Tools to help distributed teams manage their time and work better.

But these are only a few of the many stories and resources that we have on the list today. Read further to get yourself up to speed with the latest news in the WordPress community.

May 2019 WordPress News with CodeinWP

WordPress 5.2 to Be Released 7th May with Site Health Check, A11y Improvements, and GIPHY support

It’s a feature-packed release which addresses long-standing accessibility issues. While the broader effort to improve accessibility is far from complete, the additions will make a significant improvement to the UX for assistive technology users.

We recently made a comic about the infamous WSOD but could it become a thing of the past? WordPress 5.2 brings a fatal error recovery mode which will email admins when a fatal error occurs. Once in recovery mode, the error-prone plugin or theme will be paused to give admins an opportunity to access the backend and correct the error.

Error recovery is also helped with the all-new Site Health Check mode which provides users with useful website and server information for debugging purposes. Problems are prioritized according to ‘Critical’, ‘Recommended’, or ‘Good’ along with more information to help you rectify the problem.

Finally, the embed block now supports GIPHY which is a nice cherry on an exciting release.

WordPress 5.2 brings some big changes to help users maintain their site


May 2019 WordPress news - Jetpack promotion in plugin seach screen

Jetpack 7.2.1 Removes Promotions for Paid Upgrades from the Plugin Search Screen

It’s time for some spicy news, ’cause we all love #wpdrama, right? Recently, Automattic placed a Jetpack search result box (‘suggestion’ was their term) in the main plugin showcase page of your WordPress dashboard so that, when you were searching for a specific plugin that overlapped with Jetpack’s functionality, Jetpack showed up first in the results.

While this was controversial by itself, what really got people going is that some of the recommendations showed up for paid Jetpack features, like backups.

As a result of the controversy, the Jetpack team removed the suggestions for paid features. But suggestions for free features still remain, and a lot of people aren’t happy about what they perceive to be preferential treatment for Automattic and the Pandora’s box that this might open.


Pipdig WordPress plugin accused of DDoS attacks and backdoors

Another controversial topic belonged to the Pipdig company, who used their Pipdig Power Pack plugin (P3) to get unauthorized access to clients’ WordPress sites, and also launch DDoS attacks against competitors. The scandal grew even more when the developers continued to deny the accusations and claim that they were being harassed.

Pipdig masked the backdoor hack with misleading variable names, comments, and function names in order to hide this illegal action. But not for long, since many developers (including Wordfence) noticed and made it public. Even then, Pipdig refused customers’ refund requests, citing the company’s “no refund” policy. The WordPress theme shop is still under investigation.

Pipdig investigation backdoor and attacks P3 plugin


Plugin Vulnerabilities protests in May 2019 WordPress News with CodeinWP

PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities

Along the same lines, a service called Plugin Vulnerabilities has put another questionable topic on the table. They are protesting against what they believe to be inappropriate behavior from the WordPress.org support forum moderators. Their protest? Publishing zero-day vulnerabilities in plugins.

Plugin Vulnerabilities believes that, by not allowing public discussion of vulnerabilities at the WordPress.org support forums, the moderators are essentially “sweeping things under the rug”, which actually results in more security issues because there’s no public knowledge of what’s going on or whether it’s been fixed.

If you want to see even more drama, check out the comments section at WP Tavern, where the two sides battle it out.


Happy Tools, for the Future of Work

In lighter news, Automattic has released its Happy Tools pack, aimed to help distributed teams manage their work and communicate better. While the productivity tool market is quite competitive, this pack contains the products that Automattic uses to keep its huge team of 850 remote employees happy.

The first product of this project is Happy Schedule, whose purpose is to assure the harmony between each person’s working hours and timezone, along with the transparency of who is working when. This tool allows the employees to set up their own flexible schedule, so the company can successfully cover a 24-hour global support timeframe.

If you want to improve your remote team’s flow and internal organization, you can give these tools a try. Happy Schedule is just the first one, with more to come out soon.

Automattic Happy Tools for distributed teams

Great Articles From Around The Web

WordCamp Asia Proposed for 2020 in Bangkok, Thailand

After WordCamp Nordic, a new regional WordCamp is in the works. Though it hasn’t been confirmed yet, Bangkok is the proposed host city for WordCamp Asia in 2020. Anyway, fancy visiting Bangkok? Cause we surely do.

SQL Injection in Duplicate-Page WordPress Plugin

Duplicate-Page, a popular WordPress plugin, got infested with an SQL injection that harmed 800,000 websites. The vulnerability was marked by Sucuri as dangerous, with a DREAD score of 8.4. The devs fixed the issue and you should update as soon as possible if you’re using this plugin.

GoDaddy Acquires ThemeBeans, CoBlocks, Block Gallery, and Block Unit Tests

Even more acquisitions for GoDaddy! This time, they took up the reins of no less than four new Gutenberg-oriented brands in the same month. Reason? Expanding the company’s Gutenberg products.

WooCommerce 3.6 to Add Marketplace Suggestions, Despite Overwhelmingly Negative Feedback from Developer Community

Following the suggestion-like advertisement from the big plugin players, WooCommerce started to show users suggestions of extensions too. They include products of their own (managed by Automattic) and third-party developers. This change was not well received in the community either, and Automattic toned it down a little as a result of the feedback.

One of the world’s most popular WordPress themes hits new milestone

WordPress themes have come a long way since 2003, any idea which theme is the most popular? We’re spoiling the suspense. It’s Avada, by ThemeFusion. This theme officially became the most popular premium theme ever. Its more than half a million sales on Envato are the proof. Congrats!

How to Get Featured Snippets for your Blog Posts

We love SEO advice that you can actually use. Do you want to show up as Google’s first choice in the search results page? Aka catch the so-called position zero, where your content is highlighted in a box, separate from the rest? Here’s what to do to get your articles featured there.

How We Successfully Adopted the 4-Day Work Week at MailPoet

Working only 4 days a week, isn’t that sweet? And according to the guys at MailPoet, instead of decreasing their revenue, this change actually did the opposite. It boosted employees’ productivity and happiness at work. Read more on that in this post.

An Analysis of 18,087 WordPress.org Plugins

This is definitely a great source to check when you need data about plugins. The guys at ILoveWP put up this amazing effort to analyze over 18.000 plugins and share their findings with you. Bookmark it for future references, it will surely help.

How To Get More Reviews For Your WordPress Plugins

People don’t usually leave reviews unless they are terribly unhappy or terribly happy with a service. There’s no place for in-betweens, they don’t have time for that. But you can ask for it. Or use other tricks that Matteo Duo is vouching for.

Generating $10,000 Per Month from a Freemium Business Model

What’s the key to breaking the ice in a competitive WordPress market? One of the solutions is offering a free version of your product, according to Adrian Spiac from TranslatePress. This formula worked for his company as he confirmed it in our last interview with him on ThemeIsle blog.

Envato releases official WordPress plugin

Do you know Envato Elements? All these elements are now wrapped and packed into Envato’s first official plugin, which has been in beta since August. The plugin provides 2,000 free templates and access to 670,000 stock photos for Envato Elements subscribers.

Laraberg, a Gutenberg Implementation for Laravel, is now in Beta

If you have spent the past year working on building for Gutenberg, then your CMS proficiency just expanded by one. Laraberg will, eventually, allow developers to integrate the Gutenberg editor directly into Laravel applications. It comes with a simple API and works with the Laravel File Manager.

AMP Plugin for WordPress 1.1 Adds Experimental PWA Plugin Integration, Pre-release of AMP Stories Editor Available in 1.2-alpha

Last but not least, the official AMP plugin got an upgrade. Compatibility with PWA feature plugin, CSS changes for a better Twenty Nineteen theme integration, a rebrand of the Classic mode to Reader mode, and an announcement of AMP Stories Editor are some of the new features. If you’re not sure about AMP then check out our guide.

That’s it for May 2019. Anything we missed?

Don’t forget to join our crash course on speeding up your WordPress site. With some simple fixes, you can reduce your loading time by even 50-80%: