WordPress Insiders Discuss WordPress Stagnation via @sejournal, @martinibuster

A recent webinar featuring WordPress executives from Automattic and Elementor, along with developers and Joost de Valk, discussed the stagnation in WordPress growth, exploring the causes and potential solutions.

Stagnation Was The Webinar Topic

The webinar, “Is WordPress’ Market share Declining? And What Should Product Businesses Do About it?” was a frank discussion about what can be done to increase the market share of new users that are choosing a web publishing platform.

Yet something that came up is that there are some areas that WordPress is doing exceptionally well so it’s not all doom and gloom. As will be seen later on, the fact that the WordPress core isn’t progressing in terms of specific technological adoption isn’t necessarily a sign that WordPress is falling behind, it’s actually a feature.

Yet there is a stagnation as mentioned at the 17:07 minute mark:

“…Basically you’re saying it’s not necessarily declining, but it’s not increasing and the energy is lagging. “

The response to the above statement acknowledged that while there are areas of growth like in the education and government sectors, the rest was “up for grabs.”

Joost de Valk spoke directly and unambiguously acknowledged the stagnation at the 18:09 minute mark:

“I agree with Noel. I think it’s stagnant.”

That said, Joost also saw opportunities with ecommerce, with the performance of WooCommerce. WooCommerce, by the way, outperformed WordPress as a whole with a 6.80% year over year growth rate, so there’s a good reason that Joost was optimistic of the ecommerce sector.

A general sense that WordPress was entering a stall however was not in dispute, as shown in remarks at the 31:45 minute mark:

“… the WordPress product market share is not decreasing, but it is stagnating…”

Facing Reality Is Productive

Humans have two ways to deal with a problem:

1. Acknowledge the problem and seek solutions
2. Pretend it’s not there and proceed as if everything is okay

WordPress is a publishing platform that’s loved around the world and has literally created countless jobs, careers, powered online commerce as well as helped establish new industries in developing applications that extend WordPress.

Many people have a stake in WordPress’ continued survival so any talk about WordPress entering a stall and descent phase like an airplane that reached the maximum altitude is frightening and some people would prefer to shout it down to make it go away.

But facts cannot be brushed aside and that’s what this podcast tried to do. Everyone in the discussion has a stake in the continued growth of WordPress and their goal was not malign WordPress but discuss the current situation, identify what it is and try to reach an understanding of ways to solve the problem.

The live webinar featured:

• Miriam Schwab, Elementor’s Head of WP Relations
• Rich Tabor, Automattic Product Manager
• Joost de Valk, founder of Yoast SEO
• Co-hosts Matt Cromwell and Amber Hinds, both members of the WordPress developer community moderated the discussion.

WordPress Market Share Stagnation

The webinar acknowledged that WordPress market share, the percentage of websites online that use WordPress, was stagnating. Stagnation is a state at which something is neither moving forward nor backwards, it is simply stuck at an in between point. And that’s what was openly acknowledged and the main point of the discussion was understanding the reasons why and what could be done about it.

Statistics gathered by the HTTPArchive and published on Joost de Valk’s blog show that WordPress experienced a year over year growth of 1.85%, having spent the year growing and contracting its market share. For example, over the latest month over month period the market share dropped by -0.28%.

Crowing about the WordPress 1.85% growth rate as evidence that everything is fine is to ignore that a large percentage of new businesses and websites coming online are increasingly going to other platforms, with year over year growth rates of other platforms outpacing the rate of growth of WordPress.

Out of the top 10 Content Management Systems, only six experienced year over year (YoY) growth.

CMS YoY Growth

1. Webflow: 25.00%
2. Shopify: 15.61%
3. Wix: 10.71%
4. Squarespace: 9.04%
5. Duda: 8.89%
6. WordPress: 1.85%

Why Stagnation Is A Problem

An important point made in the webinar is that stagnation can have a negative trickle-down effect on the business ecosystem by reducing growth opportunities and customer acquisition. If fewer of the new businesses coming online are opting in for WordPress are clients that will never come looking for a theme, plugin, development or SEO service.

It was noted at the 4:18 minute mark by Joost de Valk:

“…when you’re investing and when you’re building a product in the WordPress space, the market share or whether WordPress is growing or not has a deep impact on how easy it is to well to get people to, to buy the software that you want to sell them.”

Perception Of Innovation

One of the potential reasons for the struggle to achieve significant growth is the perception of a lack of innovation, pointed out at the 16:51 minute mark that there’s still no integration with popular technologies like Next JS, an open-source web development platform that is optimized for fast rollout of scalable and search-friendly websites.

It was observed at the 16:51 minute mark:

“…and still today we have no integration with next JS or anything like that…”

Someone else agreed but also expressed at the 41:52 minute mark, that the lack of innovation in the WordPress core can also be seen as a deliberate effort to make WordPress extensible so that if users find a gap a developer can step in and make a plugin to make WordPress be whatever users and developers want it to be.

“It’s not trying to be everything for everyone because it’s extensible. So if WordPress has a… let’s say a weakness for a particular segment or could be doing better in some way. Then you can come along and develop a plug in for it and that is one of the beautiful things about WordPress.”

Is Improved Marketing A Solution

One of the things that was identified as an area of improvement is marketing. They didn’t say it would solve all problems. It was simply noted that competitors are actively advertising and promoting but WordPress is by comparison not really proactively there. I think to extend that idea, which wasn’t expressed in the webinar, is to consider that if WordPress isn’t out there putting out a positive marketing message then the only thing consumers might be exposed to is the daily news of another vulnerability.

Someone commented in the 16:21 minute mark:

“I’m missing the excitement of WordPress and I’m not feeling that in the market. …I think a lot of that is around the product marketing and how we repackage WordPress for certain verticals because this one-size-fits-all means that in every single vertical we’re being displaced by campaigns that have paid or, you know, have received a a certain amount of funding and can go after us, right?”

This idea of marketing being a shortcoming of WordPress was raised earlier in the webinar at the 18:27 minute mark where it was acknowledged that growth was in some respects driven by the WordPress ecosystem with associated products like Elementor driving the growth in adoption of WordPress by new businesses.

They said:

“…the only logical conclusion is that the fact that marketing of WordPress itself is has actually always been a pain point, is now starting to actually hurt us.”

Future Of WordPress

This webinar is important because it features the voices of people who are actively involved at every level of WordPress, from development, marketing, accessibility, WordPress security, to plugin development. These are insiders with a deep interest in the continued evolution of WordPress as a viable platform for getting online.

The fact that they’re talking about the stagnation of WordPress should be of concern to everybody and that they are talking about solutions shows that the WordPress community is not in denial but is directly confronting situations, which is how a thriving ecosystem should be responding.

Watch the webinar:

Is WordPress’ Market share Declining? And What Should Product Businesses Do About it?

Featured Image by Shutterstock/Krakenimages.com

Vulnerabilities in Two ThemeForest WordPress Themes, 500k+ Sold via @sejournal, @martinibuster

A vulnerability advisory was issued about two WordPress themes found on ThemeForest that could allow a hacker to delete arbitrary files and inject malicious scripts into a website.

Two WordPress Themes Sold On ThemeForest

The two WordPress themes with vulnerabilities are sold on ThemeForest and together they have over a half million sales.

The two themes are:

• Betheme theme for WordPress (306,362 sales)
• The Enfold – Responsive Multi-Purpose Theme for WordPress (260,607 sales)

Betheme Theme for WordPress Vulnerability

Wordfence issued an advisory that The Betheme theme contained a PHP Object Injection vulnerability that was rated as a high threat.

Wordfence was discreet in their description of the vulnerability and offered no details of the specific flaw. However, in the context of a WordPress theme, a PHP Object Injection vulnerability usually arises when a user input is not properly filtered (sanitized) for unwanted uploads and inputs.

This is how Wordfence described it:

“The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the ‘mfn-page-items’ post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin.

If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.”

Has Betheme Theme Been Patched?

Betheme Theme for WordPress has received a patch on August 30, 2024. But Wordfence’s advisory isn’t acknowledging it. It’s possible that the advisory needs to be updated, not sure. Nevertheless, it’s recommended that users of the Enfold theme consider updating their theme to the newest version, which is Version 27.5.7.1.

The Enfold – Responsive Multi-Purpose Theme for WordPress

The Enfold Responsive Multi-Purpose WordPress theme contains a different flaw and was given a lower severity rating of 6.4. That said, the publisher of the theme has not issued a fix for the vulnerability.

A Stored Cross-Site Scripting (XSS) was discovered in the WordPress theme from a flaw originating in a failure to sanitize inputs.

Wordfence describes the vulnerability:

“The Enfold – Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and ‘class’ parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.”

Enfold Vulnerability Has Not Been Patched

The Enfold – Responsive Multi-Purpose Theme for WordPress has not been patched as of this writing and remains vulnerable. The changelog documenting the updates to the theme shows that it was last updated in August 19, 2024.

Screenshot Of Enfold WordPress Theme’s Changelog

The Enfold – Responsive Multi-Purpose Theme for WordPress has not been patched as of this writing and remains vulnerable.

Wordfence’s advisory warned:

“No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.”

Read the advisories:

Betheme <= 27.5.6 – Authenticated (Contributor+) PHP Object Injection

Enfold <= 6.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters

WordPress Elementor Widgets Add-On Vulnerability via @sejournal, @martinibuster

A WordPress plugin add-on for the popular Elementor page builder recently patched a vulnerability affecting over 200,000 installations. The exploit, found in the Jeg Elementor Kit plugin, allows authenticated attackers to upload malicious scripts.

Stored Cross-Site Scripting (Stored XSS)

The patch fixed an issue that could lead to a Stored Cross-Site Scripting exploit that allows an attacker to upload malicious files to a website server where it can be activated when a user visits the web page. This is different from a Reflected XSS which requires an admin or other user to be tricked into clicking a link that initiates the exploit. Both kinds of XSS can lead to a full-site takeover.

Insufficient Sanitization And Output Escaping

Wordfence posted an advisory that noted the source of the vulnerability is in lapse in a security practice known as sanitization which is a standard requiring a plugin to filter what a user can input into the website. So if an image or text is what’s expected then all other kinds of input are required to be blocked.

Another issue that was patched involved a security practice called Output Escaping which is a process similar to filtering that applies to what the plugin itself outputs, preventing it from outputting, for example, a malicious script. What it specifically does is to convert characters that could be interpreted as code, preventing a user’s browser from interpreting the output as code and executing a malicious script.

The Wordfence advisory explains:

“The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.”

Medium Level Threat

The vulnerability received a Medium Level threat score of 6.4 on a scale of 1 – 10. Users are recommended to update to Jeg Elementor Kit version 2.6.8 (or higher if available).

Read the Wordfence advisory:

Jeg Elementor Kit <= 2.6.7 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File

Featured Image by Shutterstock/Cast Of Thousands

WordPress Cache Plugin Vulnerability Affects +5 Million Websites via @sejournal, @martinibuster

Up to 5 million installations of the LiteSpeed Cache WordPress plugin are vulnerable to an exploit that allows hackers to gain administrator rights and upload malicious files and plugins

The vulnerability was first reported to Patchstack, a WordPress security company, which notified the plugin developer and waited until the vulnerability was patched before making a public announcement.

Patchstack founder Oliver Sild discussed this with Search Engine Journal and provided background information about how the vulnerability was discovered and how serious it is.

Sild shared:

“It was reported to through the Patchstack WordPress Bug Bounty program which offers bounties to security researchers who report vulnerabilities. The report qualified for a $14,400 USD bounty. We work directly with both the researcher and the plugin developer to ensure vulnerabilities get patched properly before public disclosure.

We’ve monitored the WordPress ecosystem for possible exploitation attempts since the beginning of August and so far there are no signs of mass-exploitation. But we do expect this to become exploited soon though.”

Asked how serious this vulnerability is, Sild responded:

“It’s a critical vulnerability, made particularly dangerous because of its large install base. Hackers are definitely looking into it as we speak.”

What Caused The Vulnerability?

According to Patchstack, the compromise arose because of a plugin feature that creates a temporary user that crawls the site in order to then create a cache of the web pages. A cache is a copy of web page resources that stored and delivered to browsers when they request a web page. A cache speeds up web pages by reducing the amount of times a server has to fetch from a database to serve web pages.

The technical explanation by Patchstack:

“The vulnerability exploits a user simulation feature in the plugin which is protected by a weak security hash that uses known values.

…Unfortunately, this security hash generation suffers from several problems that make its possible values known.”

Recommendation

Users of the LiteSpeed WordPress plugin are encouraged to update their sites immediately because hackers may be hunting down WordPress sites to exploit. The vulnerability was fixed in version 6.4.1 on August 19th.

Users of the Patchstack WordPress security solution receive instant mitigation of vulnerabilities. Patchstack is available in a free version and the paid version costs as little as $5/month.

Read more about the vulnerability:

Critical Privilege Escalation in LiteSpeed Cache Plugin Affecting 5+ Million Sites

Featured Image by Shutterstock/Asier Romero

Free WordPress AI Writing Assistant By Jetpack via @sejournal, @martinibuster

Jetpack announced a free WordPress writing tool called Write Brief With AI that improves the clarity and conciseness of content. The AI writing assistant is based on an internal tool used at Automattic and is now available without limitations regardless of whether a user is subscribed to Jetpack AI Assistant or not.

Write Brief With AI Is Free

The new AI tool started as an internal writing tool used at Automattic, the company behind WordPress.com, Jetpack, WooCommerce, and other companies. They are now integrating as part of the Jetpack AI plugin. Although Jetpack AI is a premium plugin (with a limited free trial), the functionality and usage of Write Brief with AI is available to all users both free and paid.

What It Does

The new Jetpack AI writing tool does three important things that can improve engagement and the overall quality of the content.

1. It measures the readability of the text.
2. Flags long-winded sentences.
3. Highlights words that convey uncertainty.

Importance Of Readability

Readability and a direct writing style are important for clearly expressing the content’s topic, which can indirectly benefit SEO, conversions, and engagement. This is because clarity and conciseness make the topic more evident and easily understood by search algorithms.

Why Removing Uncertainty Is Important

Regarding flagging words that sound uncertain, that has the effect of encouraging the writer to consider revisions that make the content more definitive and confident.

Here are examples of how confident writing improves content:

Example 1

This sentence expresses uncertainty:

I think we should consider expanding our marketing efforts.

This improved version of the same sentence is more confident:

We should expand our marketing efforts.

Example 2

This sentence is unconfident:

Maybe we should review the budget before making a decision.

This sentence is direct and definitive:

We should review the budget before making a decision.

The above examples show how improving directness and making sentences more decisive removes a level of ambiguity and makes them more understandable.

Will that help a web page rank better? Communicating without ambiguity makes it easy for search-related algorithms to understand content which in turn makes it easier to rank for the respective topic.

Embedded Within The WordPress Editor

The editor is located within the WordPress editor. Blocks must be enabled because it won’t work within the Classic Editor. Additionally, the functionality is turned off by default and has to be activated by toggling on within the AI Assistant Settings sidebar.

Should You Try Write Brief With AI?

If your site is already using blocks then it may be convenient to give the new writing assistant a try. The tool is focused on improving content according to best practices but not actually doing the writing itself. That’s a good use of AI because it preserves the authenticity of human authored content.

Download Jetpack and activate the free trial of the AI Assistant. Write Brief With AI is switched off by default, so toggle it on in the AI Assistant settings.  While AI Assistant is limited in how many times it can be used, Write Brief With AI is in Beta and can be used without limitations.

Download Jetpack here:

Jetpack by Automattic

Learn More About Write Brief With AI

Read more at the official WordPress.com announcement:

Clearer Writing at Your Fingertips: Introducing Write Brief with AI (Beta)

Read the documentation on requirements, activation instructions and how to use it:

Create Better Content with Jetpack AI

Featured Image by Shutterstock/Velishchuk Yevhen

Why WordPress 6.6.1 Was Flagged For Trojan Malware via @sejournal, @martinibuster

Multiple user reports have surfaced warning that the latest version of WordPress is triggering trojan alerts and at least one person reported that a web host locked down a website because of the file. What really happened turned into a learning experience.

Antivirus Flags Trojan In Official WordPress 6.6.1 Download

The first report was filed in the official WordPress.org help forums where a user reported that the native antivirus in Windows 11 (Windows Defender) flagged the WordPress zip file they had downloaded from WordPress contained a trojan.

This is the text of the original post:

“Windows Defender shows that the latest wordpress-6.6.1zip has Trojan:Win32/Phish!MSR virus when i try downloading from the official wp site

it shows the same virus notification when updating from within the WordPress dashboard of my site

Is this a false positive?”

They also posted screenshots of the trojan warning that listed the status as “Quarantine failed” and that WordPress zip file of version 6.6.1 “is dangerous and executes commands from an attacker.”

Screenshot Of Windows Defender Warning

Someone else affirmed that they were also having the same issue, noting that a string of code within one of the CSS files (style code that governs the look of a website, including colors) was the culprit that was triggering the warning.

They posted:

“I am experiencing the same issue. It seems to occur with the file wp-includescssdistblock-librarystyle.min.css. It appears that a specific string in the CSS file is being detected as a Trojan virus. I would like to allow it, but I think I should wait for an official response before doing so. Is there anyone who can provide an official answer?”

Unexpected “Solution”

A false positive is generally a result that tests as positive when it’s not actually a positive for whatever is being tested for. WordPress users soon began to suspect that the Windows Defender trojan virus alert was a false positive.

An official WordPress GitHub ticket was filed where the cause was identified as an insecure URL (http versus https) that’s referenced from within the CSS style sheet. A URL is not commonly considered a part of a CSS file so that may be why Windows Defender flagged this specific CSS file as containing a trojan.

Here’s the part where things went off in an unexpected direction. Someone opened another WordPress GitHub ticket to document a proposed fix for the insecure URL, which should have been the end of the story but it ended up leading to a discovery about what was really going on.

The insecure URL that needed fixing was this one:

http://www.w3.org/2000/svg

So the person who opened the ticket updated the file with a version that contained a link to the HTTPS version which should have been the end of the story but for a nuance that was overlooked.

The (‘insecure’) URL is not a link to a source of files (and therefore not insecure) but rather an identifier that defines the scope of the Scalable Vector Graphics (SVG) language within XML.

So the problem ultimately ended up not being about something wrong with the code in WordPress 6.6.1 but rather an issue with Windows Defender that failed to properly identify an “XML namespace” instead of mistakenly flagging it as a URL linking to downloadable files.

Takeaway

The false positive trojan file alert by Windows Defender and subsequent discussion was a learning moment for many people (including myself!) about a relatively arcane bit of coding knowledge regarding the XML namespace for SVG files.

Read the original report:

Virus Issue :wordpress-6.6.1.zip shows a virus from windows defender

How WooCommerce Plans To Boost Developers & Merchants via @sejournal, @martinibuster

WooCommerce announced their roadmap for the future of WooCommerce, emphasizing two-way communication with the developer ecosystem in order to be responsive to their needs which further the goals of improving the experience for developers, merchants and customers.

WooCommerce highlighted seven important areas for innovation and six specific areas that are targeted for enhancements that will improve developer and merchant experience.

1. Stronger WooCommerce And Developer Communication

WooCommerce recently launched a newsletter that seeks to keep developers in the look with the latest WooCommerce news, offering early previews of new features, plus tutorials and other information that will keep the community in the loop.

The announcement explains three benefits of the newsletter:

1. “Exclusive Insights:
   Gain access to behind-the-scenes knowledge and tips that can elevate your development game.
2. Latest Content:
   Engage with newly published blog posts and documentation, showcasing our latest releases, resources, advisories, and more.
3. Feature Updates and Announcements:
   Keep your projects current by receiving the latest updates on new features and essential changes in WooCommerce.”

2. Upgrading The WooCommerce Blog and Documentation

Another area of improvement that relates to communication is to emphasizing the official WooCommerce blog as a reliable source of information that’s important to developers.

WooCommerce is also committing to improving their documentation with more guides, step-by-step tutorials, best practices and also making it easier to navigate and find needed information.

The roadmap explains:

“Our goal is to fill crucial knowledge gaps in areas such as extensibility, block development, and theme customization, empowering developers to start and thrive on our platform.

This is a welcome news for developers. One person commented on X (formerly Twitter):

“Coincidentally, I saw this immediately after reading my developers’ frustrations about the documentation for the new product editor in our internal discussions – so it’s good to see that improving this is on the roadmap.

Specifically, we have several plugins which add functionality to the ‘Edit Product’ screen, so we need to integrate them with the new product editor. My developers are finding this unnecessarily difficult because:

– The developer information about each feature is scattered throughout multiple news articles when it should be collated in one location.

– The links to the GitHub discussions about the new Product Editor in the “Roadmap Insights” articles point to the WooCommerce Product Block Editor discussion category (which doesn’t exist anymore) instead of the new WooCommerce New Product Editor one.

– We’re reluctant to update our plugins that integrate with the variations editor because the hooks and filters required for this extension are currently marked as experimental, so we might have to redo work if they change in future.

– We were expecting to see a timeline for the new product editor in January/February but this still isn’t clear, so we don’t know how heavily to prioritize the changes in our plugins.”

3. Improvements To REST API V3

Improvements to the REST API v3 are a top priority, with a focus on backward compatibility. They are also committing to reducing the backlog of issues and new feature requests plus improving API performance.

They also said they would focus on:

“…upgrading API documentation, error handling, and debugging capabilities.”

4. Improve Feedback Loop on Extensibility

A feedback loop is the communication between WooCommerce and the developers who use it, with the goal of improvement being a collaboration that results in a superior product that better serves developer and merchant needs.

Extensibility refers to the flexibility of WooCommerce to be extended and adapted, which is an important benefit of WooCommerce. Thus, one of the “destinations” in the WooCommerce roadmap is to make sure that it is adaptable and easily molded by developers.

Communication between developers and WooCommerce is a key part of maintaining and improving the extensibility of WooCommerce.

WooCommerce commented:

“As we make new features the default experience, we are working to create space for collaboration with our developer community in order to refine these features, incorporate feedback, and gradually move towards full adoption.

In the past year, we have begun using GitHub Discussions, Developer Office Hours, and other sources of feedback to shape and prioritize extensibility points in particular. This iterative process not only enhances the platform but also strengthens the ecosystem, making WooCommerce a more robust solution for everyone.”

5. WooCommerce Is Committed To A Block-Based Future

WooCommerce committed to a 100% block-based feature development in late 2023 as part of a vision of making WooCommerce easier to use for non-coders. A second motivation is to create a more adaptable shopping platform to build upon. As part of this commitment WooCommerce is signaling that now is the time to stop relying with older solutions like shortcodes and legacy APIs.

The statement read:

“If your solutions are still relying on shortcodes or other legacy APIs, it’s time to embrace blocks and modernize your approach.”

WooCommerce announced steps they are taking to bridge the transition to a fully block-based development platform:

• Adding more resources to the WooCommerce Developer Documentation
• Increased frequency of communication on the WooCommerce blog
• More posts to introduce new features tutorials for how to use them
• A renewed focus on creating video tutorials

6. Streamlined onboarding:

WooCommerce is focusing on further simplifying the process of setting up a store and getting online faster. They are also improving the workflow for developers who set up stores for merchants. They said that their experience from simplifying the setup process was an approximately 60% increase in completion rates.

7. Modern Store Customization

Another focus is on being able to integrate the customization options available to WordPress in general but WooCommerce is also looking into creating fully optimized commerce-based themes that are specific to WooCommerce.

They write:

“While we’re ensuring compatibility with all block-based themes in the WordPress ecosystem, we’re also exploring what it would look like to provide our own fully block-based, commerce-optimized theme out of the box.”

Six Specific Areas For Future Improvements

1. Flexible product management
2. Optimized order management and fulfillment
3. Revamping merchant analytics
4. Accessible stores
5. Evolving checkout experience
6. Better integration of order confirmation with summary and shipping information

WooCommerce Roadmap Leans In On Community

The Roadmap outlined by WooCommerce recognizes that the user community is its strength, thus it’s focused on building a stronger product based on what developers need to provide merchants with the ecommerce experience merchants expect. Focusing on creating more documentation and videos shows that WooCommerce is engaging to support the WordPress developer community and intends to remain the leading ecommerce platform.

Read the WooCommerce roadmap announcement:

WooCommerce in 2024 and beyond: Roadmap update

Featured Image by Shutterstock/Luis Molinero

WordPress Releases 6.6.1 To Fix Fatal Errors In 6.6 via @sejournal, @martinibuster

A week after releasing the troubled version 6.6, WordPress has released another version that fixes seven major issues including two that caused fatal errors (website crashes), another issue that caused a security plugins to issue false warnings plus several more that created unwanted UI changes.

Fatal Errors In WordPress 6.6

The one issue that got a lot of attention on social media is one that affected users of certain page builders and themes like Divi. The issue, while relatively minor, dramatically changed the look of websites by introducing underlines beneath all links. Some on social media joked that this was a fix and not a bug. While it’s a generally a good user practice to have underlines beneath links, underline aren’t necessary in all links, like in the top-level navigation.

A post on the WordPress.org support forums was the first noticeable indications in social media that something was wrong with WordPress 6.6:

“Updating to 6.6 caused all links to be immediately underlined on a staging divi themed site.”

They outlined a workaround that seemed to alleviate the issue but they were unsure about what the root cause of the problem was.

They then posted:

“But does anyone think this means I still have something wrong with this staging site, or is this a WordPress version update issue, or more likely a divi theme issue I should speak to them about? Also, if anyone is even familiar with expected Rparen error…that I’m just riding with at the moment, that might help. Thanks.”

Divi issued an emergency fix for that their users could apply even though the issue was on the WordPress side, not on the Divi side.

WordPress later acknowledged the bug and reported that they will be issuing a fix in version 6.6.1.

The Other Issues Fixed In 6.6.1

Fatal Error

is_utf8_charset() undefined when called by code in compat.php (causes a fatal error).

A section of code in 6.6 caused a critical issue (fatal error) that prevents the website from functioning normally. It was noticed by users of WP Super Cache. WP Super Cache developed a temporary workaround that consisted of completely disabling the website caching.

Their notation in GitHub stated:

“Disabling the cache removes the error but is far from ideal.”

Php Fatal Error

“PHP Fatal error: Uncaught Error: Object of class WP_Comment could not be converted to string.”

There was a problem with a part of the WordPress code where one part was trying to get the name of the person who left a comment on a post. This part of the program was supposed to receive a number (the comment ID) but sometimes it was getting a more complex piece of information instead (a WP_Comment object) which then triggered a PHP “fatal error.” An analogy might be like trying to fit a square peg into a round hole, it doesn’t work.

This issue was discovered by someone who was using the Divi website builder.

The other bugs that are fixed didn’t cause websites to crash but they were inconvenient:

Read the full details of WordPress 6.6.1 maintenance release:

WordPress 6.6.1 Maintenance Release

Featured Image by Shutterstock/HBRH