Footnotes #416

Cloudflare has implemented an Automatic Platform Optimization for WordPress. It includes improvements in speed for sites that might be slowed down a bit by plugins or hosting limitations effectively creating a “zero-config edge HTML caching solution.” Garrett Galow explains:

“Our testing … showed a 72% reduction in Time to First Byte (TTFB), 23% reduction to First Contentful Paint, and 13% reduction in Speed Index for desktop users at the 90th percentile, by serving nearly all of your website’s content from Cloudflare’s network.”

There is a more technical post that goes into more detail.

This optimization costs $5/month for customers on the Free plan and is included, at no additional cost, in the Professional, Business, and Enterprise plans. It will work both with and without the Cloudflare for WordPress plugin. 🌩️

iThemes has announced its acquisition of WPComplete, an easy-to-use, interactive course completion plugin for WordPress. πŸ‘

Bob Dunn has announced the launch of, a website to connect the WooCommerce builder community:

“I believe that there is a need for a central location to help connect those who build WooCommerce sites, products and services. These people are the ones that drive the community and can benefit from being connected through insights, perspectives and communication.”

The Do the Woo podcast will continue to run as it has. 🀘

Helen Hou-Sandi revisits “starter content” which had its beginnings in WordPress 4.7:

“We will want to strike a balance between showing users what they can do and adding too many individual pieces of content that have to be tracked down and removed if they don’t want it…For a future release, we should start exploring what it might look like to opt into importing starter content into EXISTING sites.”

Demo content importers exist for many commercial themes, but outside of a good experience with BuddyBoss (which helps you easily remove the demo content), the demo content is usually hard to configure and harder to remove. I would welcome a stabilization of sorts from WordPress Core for themes.

A long-standing goal of the WordPress project is to be compatible with new versions of PHP on release day. There's a call right now for both manual and automated testing to ensure the core codebase is ready for PHP 8.0. πŸ€™

Even though WordPress 5.6 will add support for PHP 8.0, “no changes will be made to the minimum required version of PHP at this time.”

Chris Coyier has a new and lengthy but highly consumable essay on the subject of “The Widening Responsibility for Front-End Developers.” Chris touches on the increasing burdens of the role as well as its joys:

“Being a front-end developer puts us on the front lines between the thing we’re building and the people we’re building it for, and that’s a place some of us really enjoy being.”

Ali Spittel acknowledges writing blog posts can be “pretty tricky” and has shared what I think is some great advice for writing posts. Ali covers everything from finding a topic, writing a first draft, revisions, visuals, and publishing. ✍️

Ali includes some encouraging words if you are holding yourself back from writing. Maybe you don't think of yourself as an “authority.” Ali says go right ahead:

“If you have a blog post that contains mostly correct information, or at least your interpretation of the topic, then you're experienced enough.”

Timi Wahalahti has created a plugin that lets back end users choose a post from any site in a WordPress Multisite network through an ACF field. πŸ”Œ

Sami Keijonen shows how to use WordPress and Eleventy together with the block editor “as usual” on the back end but with the front end served by Eleventy. πŸ’‘

The main reasons for doing this, according to Sami, are “Security. Scale. Performance.” He also notes, “I have been playing around with WordPress for a long time. It saves me back-end developing time. I’ve been pretty happy about block editor myself.”

So if you're getting comfortable with Gutenberg and want a fast front end, this is an option.

Jean-Baptiste Audras released a small WordPress plugin called Image Licensing Schema that allows WordPress site administrators to enjoy the benefits of a new Google Images feature. The plugin gives “you an easy way to manage your structured data for Google Images.” πŸ“·

GitHub is changing the default branch name on all new repositories from master to main. Mike McBride shows how to update some (or all) of your existing repositories to use “main” (or another term of your choice) as well.

Dōvy Paukstys' Redux interface framework recently surpassed one million active installations. πŸ‘

Redux is one of the first popular Gutenberg-related WordPress plugins that added a library of blocks and block templates to WordPress.

Joe Casabona‘s WPYearInReview project has met its crowdfunding goal. πŸ₯³ This content project will feature a video tutorial series, an interview series with WordCamp speakers, and an eBook that goes over how WordPress and its ecosystem has changed in the last year.

Congrats to Joe for coming up with this idea and executing on it, as well as everyone in the community who backed it. Looking forward to seeing the results! πŸ™Œ

Application Passwords are scheduled to be shipped along with WordPress 5.6, and if you have any input to offer, now's the time to add your two cents.

Application Passwords make it easy to revoke any individual application password or completely void all of a user’s application passwords. It's also an easier way to request API credentials and allow for an “interactive authentication flow” with 2FA or reCAPTCHA protecting your users' accounts. πŸ”’

According to Sourcegraph, a company specializing in universal code search, developers are managing 100x more code now than they did in 2010. 🀭

Josh Comeau demonstrates what he calls “an elegant solution to a tricky modern layout” β€” a full-bleed layout using CSS Grid.

Call a Vulnerability a Vulnerability

Roger Montii reporting for SEJ looks at an Authenticated Stored XSS vulnerability in the WPBakery Page Builder plugin. The vulnerability was discovered by Wordfence and fixed through their collaboration with WPBakery in a recent update. 🍰

Vulnerabilities happen β€” all the time, and in major plugins. Having them discovered by the good guys and handled this well is how open source is supposed to work β€” the code and the community. So I think in this case the story is being a little overblown, and the real issue is what Roger notes at the end of his article:

Unfortunately, WPBakery’s changelog does not reflect the urgency of the update because it does not explicitly say that it is patching a vulnerability. The changelog refers to the vulnerability patches as improvements.

Don’t hide security and bug fixes in your changelogs, and be responsible by letting your customers know about the problem β€” and the solution.πŸ”’

πŸ“… Conference and Event Updates

  • Join Virtual CFO Jeff Meziere and his partner, Cory Miller, on October 13th as they talk about a framework to better forecast your business cashflow. This webinar is especially timely and relevant for agencies looking to ensure they have cashflow for their business in the peaks and valleys of the pandemic. You can RSVP for this event here.
  • WooSesh will be back again on October 13 and 14th. Chris Lema, Greta GalubauskaitΔ—, Luke Cavanaugh, and Christie Chirinos are among the many great speakers taking the stage.
  • WP Agency Summit is taking place from October 12 to 16th. It's a free virtual conference that will share “strategies for lead generation, sales, project delivery and a lot more that helps you grow your WordPress agency or freelance business.”