Back to Top

Tag Archives: wordpresswebsite

WebP by Default Merged Into Core for WordPress 6.1

WebP, an image format developed by Google, which is intended to replace JPEG, PNG, and GIF file formats, will soon be generated by default for new JPEG image uploads in WordPress and used for website content. The main work for this feature was committed to core for inclusion in the upcoming WordPress 6.1 release.

The initial proposal was revised after significant critical feedback. The most notable changes include automatically generating WebP versions of only core image sizes, keeping secondary (WebP) sub-sizes only if they are smaller than the primary MIME type, and only generating WebP images for image sizes that are intended for use in user-facing front-end content.

Despite a raft of revisions, and filters to control or disable WebP uploads, the proposal remained controversial. Contributors continue to report issues after testing. Many still have reservations about whether this should be opt-in or on by default.

“When converting medium-resolution photographs (approx 1600px – 2500px on the long edge), WebP files are often larger than the JPEG equivalent,” WordPress developer Mark Howells-Mead commented on the main ticket for WebP work. “(In my tests using my own photography, in around 60% of cases.) This change might make the ‘modern image format’ test of Page Speed Insights happy, but enforcing WebP by default on sites which use a lot of photography will often cause longer image loading times.”

Some developers are supportive of the change but prefer for it to be off by default when it is first rolled out, to allow the ecosystem to prepare for the change.

“I definitely see it as a big advantage to add Core support for additional MIME types for sub-sized image files,” Matthias Reinholz said. “But I can’t see adding conversion to a specific other file format as preferred behavior. This may help to optimize the market position of WebP but it will also be a serious threat to plugin authors and existing larger websites that do not pay attention to this change.

“Therefore, I’m questioning why this functionality should be activated by default at this stage. IMHO, it should be opt-in only. Plus ideally, we would already start to think about adding further image formats to be supported by this feature.”

NerdPress founder Andrew Wilder created a separate ticket urging contributors to consider making the feature opt-in, but the ticket was closed and conversation directed back to the main ticket so as not to splinter the discussion.

“Making these new features opt-in instead of opt-out would be the best way to be cautious about potential impacts,” Wilder said.

“There have been many requests for this to be opt-in (as well as some asking for a setting on the Media page, rather than only a filter for developers). So far there hasn’t been any open conversation about why that’s not being taken into consideration.”

The notion that WebP by default should be opt-in was summarily dismissed and the conversation was not revisited before the changes were committed.

“The feature will have widespread benefits for users by opting in core sizes (to start) – if it were entirely opt-in it would have little impact – or benefit,” Google-sponsored Core Committer Adam Silverstein said in response to opponents.

In response to suggestions that this feature ship with a UI for enabling it on the media page, Silverstein said, “We have discussed both suggestions in chats and issues with mixed responses. Project philosophy is regularly mentioned as aligning with the current approach.”

The ticket remains open awaiting patches for a few loose threads on the technical implementation. Contributors have continued to chime in with additional concerns.

The Performance team has a new blog where people can follow updates on their current projects and proposals. Now that the main WebP work has been committed, the next steps will discussed in future meetings with notes posted to the new Core Performance blog.

If you are interested in original article by Sarah Gooding you can find it here


Yoast SEO 19.10 Update – Know This Before Updating

Yoast WordPress SEO Plugin update fixes a fatal error issue… Should you update?

The free version of Yoast SEO updated to version 19.10 and the premium version to 19.5, introducing numerous important changes.

This is what you should know about these releases if you’re considering whether or not to update.

WooCommerce 7.1 Compatibility
Both the free and premium version releases benefit users who run the recently released WooCommerce version 7.1.

WooCommerce 7.1 is a huge release and among the enhancements is a change to the database called, High Performance Order Storage (HPOS).

High Performance Order Storage makes changes to the database so the activation of this new feature is an optional for the time being to allow time for plugin developers to catch up with the new feature.

WooCommerce explainer noted:

“After the first production release, the HPOS feature will continue to be opt-in and we will assist developers in making their plugins compatible with HPOS, closely monitor how many extensions are compatible and how many stores are actively testing the feature.”

Yoast 19.10/19.5 Premium both feature compatibility with the new WooCommerce HPOS feature. That means if activation of HPOS results in a website crash it’s safe to rule out Yoast SEO as a culprit.

Users of the WooCommerce SEO add-on for Yoast will also benefit from an update to structured data that makes it eligible for new enhancements in search in Google.

Yoast 19.10 Fixes a Fatal Error Bug

The updated Yoast SEO plugin offers a patch for a bug that can result in website crashes.

The Yoast SEO changelog blames the problem on other (unnamed) plugins:

“Fixes a bug where a fatal error would be thrown in the classic editor in combination with certain plugins that misuse metabox hooks.”

An example of a metabox is a custom field that allows users to add additional content that isn’t in the main content.

Fixes Two Elementor-related Bugs

The first Elementor-related bugfix repairs an issue that affected the ability to save Yoast SEO meta data (under certain circumstances), which is a big deal.

The changelog states:

“Fixes a bug where Yoast SEO-related post meta data would not be saved if a user without the manage_options capability would save a post in Elementor.”

Yoast’s second bugfix is related to the previous one in that it arises from the same “manage_options capability” problem.

The changelog explains:

“Fixes a bug where users with site-wide basic access authentication would be prompted to insert their credentials when saving a post in Elementor if they didn’t have the manage_options capability.”

WordPress 6.1 Compatibility and Miscellaneous

Version 19.10 deprecated over a dozen hooks that are used for adding custom content to Yoast SEO settings pages.

Lastly, Yoast SEO offers full compatibility with the just released WordPress 6.1 code-named Misha.

Should You Update to the Latest Version of Yoast SEO?

Some people understandably prefer to wait before updating a plugin in case there’s a major error and that’s not a bad strategy.

Yoast SEO is used by over five million website publishers. The updated plugin was released yesterday and there are no reports in the Yoast SEO support forum that indicates that there are any widespread problems with this update.

In fact, there are currently only random issues that sometimes have more to do with other plugins and themes.

There are no problems that indicate a pattern of issues related to this update.

Considering updating to the latest version of Yoast SEO is a good idea, particularly to those who use WooCommerce or Elementor but not limited to those users.

Yoast SEO 19.10/19.5 Premium are both compatible with the latest version of WordPress so that in itself makes updating a desirable option as well as being a good practice to using the latest version of all plugins and themes since this helps prevent incompatibility issues.

If you are interested in original article by Roger Montti you can find it here

Raft: A New Multipurpose Block Theme for WordPress

Themeisle, longtime masters of the multipurpose WordPress theme, has launched its first block-based theme with the same trademark style and flexibility of its previous products. The shop currently distributes its Hestia (100K+ installs) and Neve (300K+ installs) themes on, commercializing pro versions with upgrades and support. Raft is the latest addition to the lineup.

When it comes to full-site editing support, the WordPress directory still leans a little heavy on blog themes, but Raft was designed to suit a wide-ranging variety of use cases, as stated in the theme’s description:

“It’s perfect for blogs, small business, startups, agencies, firms, e-commerce shops (WooCommerce storefront) as well as personal portfolio sites and most types of projects.”

Although the default homepage looks simple, it’s the block patterns that make this theme ready for anything. Raft includes patterns for creating a cover image with title and background, image galleries with a title, post query loop, two columns for features or services, three columns of features, call to action, FAQ, inverted background, and a hero section.

When users first install the theme, it prompts them to install the free Otter Blocks plugin, which adds more page building blocks and customization options. Raft also has compatibility with Elementor, Brizy, and Beaver Builder, in addition to Gutenberg, and support for WooCommerce. The Pro version of Otter Blocks contains more advanced WooCommerce blocks for building complex store layouts.

After activating the theme on a new install, clicking “Customize” takes the user to the Site Editor where it will be pre-filled to look nearly identical to the demo. There’s not much to the demo – it keeps the pages fairly simple and showcases the patterns on a separate page. Raft isn’t quite a blank slate but it does leave some room for the imagination, as it’s not stuffed full of content and animations.

The theme comes with eight beautifully designed style variations, each with harmonious color combinations that create a different vibe for the website.

Rift packages full-site-editing templates that users can edit to further customize the main pages like 404, single blog posts, the front page, archives, and more. It also includes a blank page template.

Themeisle markets its popular classic themes on with pro versions that include starter templates, additional header and footer options, custom layouts, WooCommerce layouts, and other features. The company has not created a pro version for Raft. They may still be developing upgrade options but the world of blocks changes the game, since custom layouts are much easier to create with the block editor. User expectations are different. It will be interesting to see how Themeisle markets its first block theme compared to its classic products.

Rift is a good option if you need a lightweight theme that isn’t too opinionated but still provides the basic design as a starting place for building pages and customizing them with more advanced tools as necessary. If you are already one of the 100k+ Otter Blocks users, this theme integrates seamlessly. Raft is available to download for free on

If you are interested in original article by Sarah Gooding you can find it here


WordPress Vulnerability In Shortcodes Ultimate Impacts 700,000 Sites

Popular WordPress plugin Ultimate Shortcodes used in over 700,000 WordPress websites contains a CSRF vulnerability

The United States government National Vulnerability Database (NVD) published an advisory about Shortcodes Ultimate WordPress plugin, warning that it was discovered to contain a Cross Site Request Forgery vulnerability.

Shortcodes Ultimate is a highly popular WordPress plugin that has over 700,000 active installations.

The vulnerability affects plugin versions that are older than the current version 5.12.2.

Cross-Site Request Forgery Vulnerability

Cross-Site Request Forgery, commonly referred to as CSRF, is a type of vulnerability that can in the worst cases can lead to complete website takeover.

These kinds of vulnerabilities are generally caused by targeting a flaw in software that can trigger a change, which can then lead to unintended consequences.

A successful attack generally depends on a user, for example with administrative privileges, clicking on a link and unintentionally revealing information like a session cookie which can then be used to impersonate that person.

This kind of vulnerability depends on social engineering, which is manipulating an end user to complete an action which then takes advantage of the plugin vulnerability.

According to the Open Web Application Security Project (OWASP):

“CSRF is an attack that tricks the victim into submitting a malicious request.

It inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf…

For most sites, browser requests automatically include any credentials associated with the site, such as the user’s session cookie, IP address, Windows domain credentials, and so forth.

Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish between the forged request sent by the victim and a legitimate request sent by the victim.”

National Vulnerability Database (NVD)

The National Vulnerability Database published just a few details about the vulnerability. There is currently no complete breakdown of the vulnerability itself.

The NVD advisory published the following:

“Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.”

The official Shortcodes Ultimate GitHub changelog was similarly vague, describing the update to fix the vulnerability:

“### 5.12.1

**Security release**

This update fixes a security vulnerability in the shortcode generator. Thanks to Dave John for discovering it.”

Meanwhile the WordPress plugin repository changelog explains:

“Fixed issue with Shortcode Generator Presets, introduced in the previous update”

The above changelog appears to misspell the security researcher’s name, which is correctly spelled Dave Jong, CTO of Patchstack, the person who is credited with discovering and reporting the vulnerability.

Recommended Course of Action

WordPress publishers who currently use Shortcodes Plugin should consider updating to the very latest version, which at the time of writing is currently version 5.12.2.


Read the National Vulnerability Database Advisory

CVE-2022-38086 Detail

Read the Patchstack Announcement

WordPress Shortcodes Ultimate plugin <= 5.12.0 – Cross-Site Request Forgery (CSRF) vulnerability

If you are interested in original article by Roger Montti you can find it here


WordPress Gutenberg 14.2 Offers Better User Experience

WordPress releases the updated Gutenberg 14.2 featuring multiple improvements to the user experience and editing flow

Gutenberg 14.2 is released and available for download. The latest version features user interface improvements including an easier workflow and performance improvements plus new header and footer blocks.

All of the new features are incremental improvements that together help to make Gutenberg a more polished and intuitive site editor.

Better User Experience

Smarter suggestions for Query Loop block variations

This improvement provides a smoother editing experience by only showing relevant Query Loop block patterns.

Improvements to Writing Flow

Gutenberg now features a more intuitive writing flow.

Three improvements:

  • “The sibling and line inserters now feature a more natural animation effect.
  • Selecting multiple blocks is now more visually consistent.
  • The block inserter is now hidden when the user is typing, reducing visual clutter.”

Better Functionality

Letter Spacing in Headings

Letter spacing refers to the space that’s between each letter in a word.

Being able to adjust the space between letters is especially important for the heading elements because with some fonts the space can be too close together.

This new setting allows a publisher to adjust how much space their is using the Global Styles interface.

Screenshot of Heading Space Control for Gutenberg

Better Calendar Block

The calendar block gains more ways to adjust how it looks and functions.

The background, link and text colors are now be set for the calendar block.

It can also now inherit text colors from the parent block and colors can now be styled through the global styles.

Editor Performance Improvement

A bug was fixed in the Enhanced List Block feature.

The feature which was introduced in August 31, 2022 for Gutenberg 14.0 contained a performance issue when list items were nested within each other.

WordPress explains the problem and the fix:

“So, if a List item was inside of a List that was inside of another List block, that block would re-render 3 times! This problem has now been fixed and the initial load performance of the editor should be improved.”

New Features

New Block Pattern Categories

Gutenberg now features two new block pattern categories that correspond to banners and footers.

Banners are described by WordPress:

“Banners” here refers to visually distinctive elements that help structure or contrast the contents of a page (including headings and “hero” elements).”

Autocomplete Links in Blocks

Another new feature is the link autocomplete feature is available in any block. This used to be a feature that had to be activated through an opt-in but now it’s available by default in all blocks.

The feature is triggered with the “[[” shortcut.

Screenshot of Gutenberg Link Autocomplete in Blocks

Bug Fixes and Improvements

Aside from the above improvements and additions there are many more bug fixes and additional features that all cumulatively make Gutenberg a better site editor to use.

There are no big standout features, just a lot of improvements that will making creating sites with Gutenberg a better experience.

If you are interested in original article by Roger Montti you can find it here

Theme Redone: A New Block-Based Starter Theme for Building WordPress Websites and Gutenberg Blocks with an MVC Framework

In the days before Gutenberg, the maturity of the WordPress theme ecosystem offered a diverse selection of dozens of well-known starter themes where developers were likely to find one that suited their individual preferences or could easily be modified. Theme authors have frequently asked if there is a good starter theme for building block themes, but at the moment there are really only a handful, as the block themes era is just dawning.

WebREDONE, a Serbia-based web agency, has open sourced its new starter theme, Theme Redone, that offers a foundation for building websites and Gutenberg blocks with an MVC framework:

We’ve taken the inspiration from Laravel and other similar projects that really approached this aspect of coding cleverly and made it a breeze to organize and reason about the code.

In Laravel, we would write plain old PHP for the logic, and then we would use Blade templates for the View layer, we also have model, view, and controller files to separate the concerns and organize code logically and efficiently. We have adopted that same approach but in the context of the WordPress environment. Conceptually, the way we organize code is similar to Laravel, but with a few differences.

Theme Redone brings this approach to Gutenberg block files, identifying a model.json, controller.php, and view.latte file. It uses the Latte templating engine. The JSON file contains the fields schemas with the data passed through to controller.php where it can be filtered or modified before getting passed to view.latte to be rendered on the front end.

Theme Redone Latte template files example

The starter theme uses Gulp 4 and ESBuild for compilation and watching tasks, configured to support React, Svelte, Vue, and Petite Vue out of the box. Its GitHub page summarizes everything included in the framework:

  •  Latte templating engine for its beautiful syntax and a more streamlined and manageable workflow
  •  EsBuild/Webpack + Gulp task tasks for compiling SCSS and JS
  •  SCSS (SMACSS folder/files structure)
  •  Javascript (ES8 and React/Svelte/Vue support, thanks to EsBuild and Babel)
  •  In-theme framework for building Gutenberg blocks in a streamlined and standardized way
  •  TRB CLI helper for scaffolding new Gutenberg blocks
  •  Bare-bones grid system coded with Flex and CSS variables (about 15 lines of code)
  •  Helper functions for repetitive tasks such as rendering images, links, SVG code, and more
  •  Just a few well-written UI components to get you started (we don’t like bloat in our code): Modal, Accordion, Tabs, Menu, Dropdowns, Sliders, and simple “in view fade-in transitions”
  •  SVG support
  •  Tracy Debugger to help us make sure we write stable and error-free code

WebREDONE has developed a fast way to create new blocks through its TRB CLI (Theme Redone Blocks) NPM package, which will instantly create a new block with a single terminal command. It includes a custom UI along with the block preview image. The UI looks out of place inside block editor and somewhat more restricted in terms of controls available to users. This may not matter if the agency is creating sites that are not edited by users, but it seems confusing.

The theme’s creators have also written 50 pages of documentation over the course of two months, including how to get started, working with the template files, the theme’s helper functions, block structure within the framework, and more.

Theme Redone is an opinionated starter theme. WebREDONE decided to share it because it saves their agency time. It may not work for everyone, but it’s interesting to see the diverse ways agencies are evolving their tools to build websites more efficiently in the block era. Check out Theme Redone on GitHub for detailed installation instructions.

If you are intersted in original article by Sarah Gooding you can find it here