WordPress Digest #53

This bi-weekly serves to inform and enlighten our minds on latest happenings in the sprawling countryside we call WordPress Land.

Release News

  • Automattic and the WordPress core development team are abandoning Facebook’s React.js framework entirely and switching all projects to another, yet to be named, js framework. The decision stems from React’s patent & licensing issues. This will push back the release of Gutenberg as it will require a rewrite. Whatever framework is chosen will then be used to rewrite Calypso, as well as any other WP admin projects in the works. I knew there was a reason I never bothered to learn React.
  • Curious which JS framework will replace React? The current top contenders are Vue and Preact, the latter clearly being named so similarly to React in order to create comical conversations among developers.
  • SWFUpload, the library that powered WP uploads prior to WordPress 3.3 back in 2011 when it was deprecated, is being removed from core. As part of this process core developers have identified a number of plugins (~128) that still reference this outdated library including some popular plugins like NextGEN Gallery and WP All Import. Take a look at the list, if you are using any of those plugins, harass the plugin authors to update or switch to something else.

Extending WordPress

  • By default, WordPress does not allow the upload of SVG files due to security concerns. Safe SVG is the only plugin I’ve seen so far that enables SVG uploads and sanitizes them in the process. This should be the go-to for adding SVG support to projects.

Grab Bag

  • Ok so we all know Equifax really screwed the pooch with the whole data breach thing. But then to add insult to injury, they setup their remediation website on WordPress and at first glance, they appear to have made some easily avoided mistakes in the security of that site. Good grief!
  • A popular plugin, Display Widgets, was purchased from the original developers which was promptly updated to insert malware into sites and collect user data without permission. This was released to the roughly 200,000+ active installs running the plugin. WordPress removed the plugin from the directory, but that doesn’t remove it from active sites, so if you use it, you should delete it.

“Never get so busy making a living that you forget to make a life.” -Dolly Parton