Top WordPress blog posts from February 2020
Each month, we do a recap of the top blog posts from the month before related to various open-source projects. Here’s a list of our favorite WordPress posts from February, we hope you enjoy revisiting them.
WordPress 5.4 Beta 1
The first post on February’s list is Francesca Marano’s announcement of the release of WordPress 5.4 Beta 1. Since then, there have been two more Beta releases, with the full release of 5.4 scheduled for March 31st. Until that time, members of the community are more than welcome to test it and thus help with a timely and secure release.
As for the new features of this Beta release, the most notable one are the improvements to the Gutenberg Block Editor. Other changes include Site Health and improvements to accessibility, as well as some useful developer changes, such as better favicon handling. If you’d like to help out, you can do so by reporting a bug or helping with translation.
How To Create A Headless WordPress Site On The JAMstack
Next up, we have a post on Smashing Magazine in which Sarah Drasner and Geoff Graham dive into creating a headless WordPress website on the JAMstack (JavaScript, APIs and Markup, in case you’re not familiar with the term).
This is achieved thanks to WordPress’s REST API, which allows you to separate the front end from WordPress, using it solely for content management while having more freedom in terms of the content’s presentation.
The frontend framework of choice in Sarah and Geoff’s article is VueJS, but you could use any one you like for your project. The thus created site is then deployed on Netlify. For the step-by-step tutorial, you should definitely give the entire post a read.
6 Simple Steps for Hardening your WordPress Security
With WordPress websites representing such a substantial percentage of the entire web, it’s no surprise that they are more often the target of cyber attacks than sites built with other CMS. In this post, Juliana Lewis of Sucuri shares 6 tips for improving the security of a WordPress site.
According to Juliana's post, these are the steps to take to secure your site: keeping it updated; cleaning up your plugins (both getting rid of unnecessary ones as well as updating them); clearly defining your website’s roles; using two-factor authentication (2-FA); using strong passwords and regularly updating them; and, lastly, relying on a WordPress firewall.
Where to Learn WordPress Theme Development
The fourth post from February we wanted to highlight is dedicated to WordPress theme developers, ranging from beginner to more experienced. Written by Chris Coyier of CSS-Tricks, it serves as a great guide to the development of WordPress themes (and, to be honest, a guide to getting started with development in general), complete with tips for working with GitHub and numerous useful resources.
As Chris states, the intended audience for his post are the more “middleground” developers - not the people who are already satisfied with the base theme, but also not exactly hardcore programmers. The post contains resources for all groups, e.g. both some starter themes as well as information on WordPress as a headless CMS.
Even faster WordPress sites with our SG Optimizer plugin
Moving on, we have a post by Hristo Pandjarov of Siteground detailing the new features of the latest version of their SG Optimizer plugin which further improve the performance of sites hosted with them.
These new features include deferring render-blocking of JavaScript and the ability to lazy load elements such as iFrames and directly imported videos, as well as setting lazy loading on mobile devices.
In addition to that, SG Optimizer now enables you to turn any image on your site into the WebP format. It also optimizes the loading of Google Fonts, and you can even test the site’s performance with Google Pagespeed right in the plugin’s interface.
Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers
The next post concerns a piece of news that appeared in numerous different blogs on the web; we chose to include this one on Hacker News as it was the earliest one published of all the ones we’ve found. The security issue we’re talking about is the ThemeGrill Demo Importer bug which exposed over 200,000 websites to being exploited by hackers.
According to a report cited by the post’s author, Swati Khandelwal, the plugin fails to authenticate the user running code as an admin, which could allow attackers to delete entire sites’ content, then log in as administrator and essentially take over said site. Luckily, ThemeGrill released a patched version of the plugin on February 16th.
5 Ways to Create a WordPress Plugin Settings Page
This post by Iain Poulson of Delicious Brains doesn’t beat around the bush, its content is exactly what it promises in the title - five ways to create a settings page for a WordPress plugin. Namely: with the WordPress Settings API; with a custom Fields framework; by using a code generator; using WordPress’s REST API; or by using VueJS.
This last one, using the VueJS framework, might seem a bit odd considering WordPress’s adoption of React, but Iain chose to try it out after discovering the wp-optionskit package which uses REST and Vue. Interestingly, this is also the approach he says he prefers due to its high customizability and a good user experience.
Conference talk: WordPress’s role in a changing web
We’re concluding this month’s list with one of our favorite posts recently, one that has a concern much broader than just WordPress. It is essentially a recap by Heather Burns of her talk at WordCamp Vienna on the role of WordPress in the changing nature of the web.
She structures it in two parts: the first one explains the current situation regarding the web and the upcoming changes which will affect us all, while the second takes a look at what WordPress and other open-source communities should be doing (but, sadly, aren’t, due to their still apolitical stance).
In a final CTA, she then urges the community to step up, get organized and play a part in shaping the future of the open web.
Well, this is it for our recap of February’s top WordPress posts. It’ll be interesting to see what the following months have in store for WordPress and the web in general - we’ll keep you posted!
