Business Roundup Week Ending October 25

All WPEngine’s Free Themes and Plugins Now Update from Their Servers

WPEngine has changed the update mechanism for all of its free themes and plugins that are listed on WordPress.org.
This list includes popular plugins like: ACF, Better Search Replace, NitroPack, WP Migrate Lite, WP Offload Media Lite, and WP Offload SES Lite.
A one-time manual installation of these plugins is needed from the WPEngine website. Once completed, plugins will update from the WPE servers.
Pro versions of these plugins are not affected, as they already update from WPE.
The manual install is required because it is against WordPress.org guidelines for plugins listed in the directory to be updated from a source other than WordPress.org.
If you host on WPEngine or Flywheel, no action is needed. Your plugins will be updated from the WPE source automatically.
This WPE support doc provides download links and installation instructions.

The days of forcing customers into phone calls and complicated click sequences to cancel digital subscriptions may be over!
The US Federal Trade Commission has adopted a new rule requiring companies to provide a straightforward subscription cancellation process that makes it as easy to leave as it is to join.
Businesses will now need explicit customer consent before charging for any subscription renewals, and free trials must follow the same easy cancellation guidelines.
The regulation covers a wide spectrum of subscriptions, from gym memberships to digital subscription services (like Adobe and Amazon).
Companies have 180 days to comply with these new regulations.
What does this mean for agencies? (Disclaimer: I am not a lawyer)
- Pay special attention to this rule on the FTC announcement.
- The way people can cancel must match the way they sign up.
- If you offer online sign-up for care plans or other subscription services, you must offer online cancellation as well.
- If your sign-up process involves interaction with a person at your agency, the cancellation process can as well but you must respond promptly.
Read the FTC announcement and get a good overview of the rule changes on The Verge.

Hackers have successfully infiltrated over 6,000 WordPress installations in a coordinated attack that began in June.
The campaign combines two known attack strategies named ClearFake and ClickFix to distribute info-stealing malware.
The attack installs deceptively named plugins like “Wordfence Security Classic” and “Google SEO Enhancer” which display deceptively realistic browser update notifications and error messages to unsuspecting visitors.
GoDaddy’s security team has identified over 20 different malicious plugin variants in this campaign.
BleepingComputer gives details, screenshots, and in-the-wild examples of this new campaign against WordPress sites.

Have you explored Fluid Typography? This new tool makes it amazingly simple to create gradual transitions between font sizes and line heights as screen size changes.
As Archive.org is still limited to “provisional access” as recovery from the massive attack continues, the WordPress Foundation has donated $100K as a affirmation of their continued support of the project.
Huge files inflating your site and cPanel backups? WPShout shows you how to find them and remove them.