The Week in Analysis

WordPress 5.9 Revised Release Schedule

— With an updated release schedule for WordPress 5.9, the new final release is planned for January 25, 2022. Causes for the delay mostly can be pinned on issues related to major features planned for the release, including Full Site Editing. With WordPress 6.0 likely coming out in April, the core team felt this would have been too long for the community to wait if those features were punted. Tonya Mork explains the decision-making process and notes that there were "seasonal considerations" with not enough people available to develop, test, and review critical items in December. magnifying-glass
POST STATUS ANALYSIS

Remember when WordPress 5.0 launched with Gutenberg? Many people called for a delay then, but Matt pushed forward:

Deadlines are not arbitrary, they’re a promise we make to ourselves and our users that helps us rein in the endless possibilities of things that could be a part of every release.

Gutenberg’s initial release was challenging. The release date pressed volunteers to ship 5.0 before the State of the Word, a high-pressure deadline. Over the next six months, Josepha did a lot of listening, reflection, and communication on the breakdowns that occurred.

More than serving an ecosystem of products, the WordPress project also has to keep in mind its user base and community contributors. What is in their best interest? This time the consensus was to postpone a major release. That’s something everyone can be proud of, for the growth it indicates.

The PHP Foundation

— A number of companies, including Automattic, Laravel, Acquia, Zend, Symfony, and JetBrains, have collectively formed a PHP Foundation. It will be a "non-profit organization whose mission is to ensure the long life and prosperity of the PHP language." This was prompted by the departing of a key PHP contributor Nikita Popov. (Nikita left on good terms but is spending spend significantly less time on PHP.) The idea for a PHP Foundation isn't new. It was brought up earlier this year — with this timely post from Joe Watkins. Joe responded favorably to the new organization after it was announced. He called it "an excellent opportunity for budding internals developers and experienced developers alike.") And now it has been kicked into high gear:
"With the projected donations from all the participating companies so far, we expect to raise about $300,000 per year. JetBrains intends to contribute $100,000 annually... We expect to be able to pay market salaries to PHP core developers. The more we collect, the more developers will be able to work full-time on PHP."
The primary goal of the foundation is to fund PHP development. A temporary administration will be put in place. These people will collaboratively decide who receives funding. The Foundation is looking to fund both part-time and full-time developers. Applications are being accepted now. magnifying-glass
POST STATUS ANALYSIS

PHP powers 78% of the web, but not many people realize how fragile it is with its reliance on open source maintainers and contributors. Being overwhelmed and experiencing burnout are real dangers to contributors, just as they are in WordPress and other open source communities. I’m glad a PHP Foundation has been put in place and hope it will add some stability. Time will tell what kind of impact this makes, but if there’s confidence to be had it’s that the major members of the Foundation are heavily committed to PHP’s continued success.

— David

GoDaddy Breached – Plaintext Passwords – 1.2M Affected

— Starting with a recently published disclosure on the United States Securities and Exchange Commission (SEC) website, GoDaddy shared with the public and its customers that a data breach occurred with their Managed WordPress customers in September. It appears the breach also affected to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe. GoDaddy said an unauthorized person used a compromised password to gain access to their systems around September 6. GoDaddy said it first discovered the breach last week on November 17. This breach impacts up to 1.2 million WordPress customers — and potentially more sites since customers can and often do have more than one site in their account. The attacker had access to user email addresses and customer numbers plus the original WordPress Admin password that was set at the time of provisioning as well as SSL private keys. Wordfence also notes the sFTP and database usernames and passwords of active customers were accessible to the attacker. This was possible because the "sFTP passwords [were stored] in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices." For now, anyone using GoDaddy’s Managed WordPress hosting should assume their sites have been compromised and change their passwords, enable two-factor authentication where possible, and watch out for odd emails. If you run an ecommerce site, Mark Maunder warns that "you may be required to notify your customers of the breach" depending on regulatory requirements in your jurisdiction.     magnifying-glass
POST STATUS ANALYSIS

This isn’t something you want to see happen at all, especially on a Black Friday week after a big acquisition you made the week prior. There are likely to be some far-reaching consequences and repercussions here but it’s too soon to tell.

— David

The timing and nature of this attack bring back memories of a similar breach that came to light on Black Friday weekend in 2009 at Media Temple before GoDaddy acquired it. Have hosts become more diligent about security in the past decade? News of big data breaches have become so commonplace they seem less remarkable now. At least disclosures about security failures seem to be more complete and forthcoming once they are detected. But that isn’t much consolation to customers whose sites are hacked.

— Dan

Latest Post Status Feature

WordPress.ORG

This Week at WordPress.org (November 22, 2021)

— Each week we are highlighting the news from WordPress.org that you don't want to miss. If you or your company create products or services that use WordPress, we've got the news you need to know. Be sure to share this resource with your product and project managers. News# Watch State of the Word at a […]

News for the WordPress Professional

Writing with WordPress 5.0 to 5.8

Jeremy Felt shared his experience writing in WordPress with Gutenberg. He finds there's a "slight delay" in text appearing, perhaps based on browser complexities or "the editor has to account for so much non-text-typing stuff." He currently writes in Ulysses, previews his posts as HTML, copies the HTML, and pastes it in Gutenberg. And he'd like to work with anyone interesting in improving the situation:
"If there’s an organized (open source) effort to provide a world-class writing experience in WordPress, I would absolutely invest my time."
magnifying-glass

WordPress 5.9 Revised Release Schedule

— With an updated release schedule for WordPress 5.9, the new final release is planned for January 25, 2022. Causes for the delay mostly can be pinned on issues related to major features planned for the release, including Full Site Editing. With WordPress 6.0 likely coming out in April, the core team felt this would have been too long for the community to wait if those features were punted. Tonya Mork explains the decision-making process and notes that there were "seasonal considerations" with not enough people available to develop, test, and review critical items in December. magnifying-glass

Lift As You Climb

Cassidy Williams at Netlify has a nice post about building relationships and how much giving back can be rewarding:
"As you move up in the tech industry, lift people along with you. They’ll fill in the gaps you leave behind, and the industry is so much better when everybody gives back. You get a lot by giving."
magnifying-glass

Take the 2021 WordPress Annual Survey — and view the 2020 results!

— Don't forget to take the 2021 WordPress Annual Survey. It will be open until the end of the year. Last year more than 17,000 responses were collected. This represented "the highest submission volume in four years," but that number is a tiny fraction of the total number of WordPress professionals working around the world. Josepha Haden summarized the 2020 survey results and noted the pandemic has had a major impact on how we operate as a community:
"With few in-person events, many community members continue to find it challenging to balance community contributions with their own personal and professional obligations."
magnifying-glass

The Software Inflation Rate in 2021: 1.4%

Matthew Guay examines the software inflation rate in 2021:
"After a decade where software got 62% more expensive...software prices, largely, haven't inflated nearly as much as the broader market this year."
There are some good insights here and observations about services and software getting more expensive, even if it was only a slight increase in the case of MailChimp and SurveyMonkey. It's getting harder for larger companies to determine the cost of software because the software aimed at them "increasingly hides pricing, requiring a sales call first before sharing an estimate of what it'd cost for your team." magnifying-glass

Post Status Announcements

13 Days Since Last Acquisition

November 15, 2021 - LiquidWeb Acquires Modern Tribe


👉 We’ve created a page for WordPress acquisitions going back to 2007. We’d also like to gather major investment data. Help us make this table more complete by adding additional deals, data, and links.

Podcast Picks

Post Status Features

Post Status Analysis

Get Hired
Latest Podcast Episode:

September 27, 2021 - Get Hired #5: Get Involved

Who's Hiring in WordPress?

Place a Job Listing [»]

{"cart_token":"","hash":"","cart_data":""}