In this issue of Delicious Brain Bytes, we dive into changes with PHP_CodeSniffer, report on the WP Awards 2023, look at HTML hacks that helped build the modern web, and much more
State of the Word 2023
Generative AI, Gutenberg enhancements, and the new Data Liberation project were among the major highlights from State of the Word 2023, Matt Mullenweg’s annual address to the WordPress community.
This year’s State of the Word took place December 11 in Madrid, Spain, marking the first time the keynote has taken place outside of North America.
The event was live streamed to an audience around the globe, with separate streams for English and Spanish audio.
Matt kicked off the 2023 State of the Word with a look back at major WordPress milestones in 2023, including the relaunched WordPress Showcase, the WordPress Playground, the Twenty Twenty-Four theme, and Openverse.
He then introduced Matías Ventura to provide updates on the Gutenberg project. Matías outlined the next steps for Gutenberg, including working on collaboration and workflow environments. While there isn’t a timeline for a complete release yet, Matías noted there is a working prototype of real-time collaboration now available for testing and feedback. The prototype can be accessed in the Gutenberg plugin by navigating to Gutenberg > Experiments and toggling on Live Collaboration and offline persistence. Matías warned that the prototype will be buggy, but feedback is needed to make sure it improves.
Matt returned to the mic to outline plans for WordPress projects in 2024, leading off with a demo that combined the WordPress Playground with generative AI.
At last year’s State of the Word, Matt said “Learn AI, deeply,” paraphrasing his now famous statement at State of the Word 2015 to “Learn JavaScript, deeply.” He reiterated that message again this year, expressing his excitement for the potential of AI tools for personal development:
“What I’m most excited about with AI is that we will all have…a personalized tutor available 24/7…our growth and development will only be limited by our curiosity,” he said. “And I think that’s been one of the most amazing things about the internet so far, and I cannot wait to see where this goes next. So, please keep learning AI deeply, and also have AI teach you stuff.”
Matt also announced the Data Liberation project, to be developed in parallel with Gutenberg Phase 3. In brief, this will focus on removing lock-in and friction when switching platforms or migrating between staging sites and production. He outlined a number of objectives for the project, including first-party community plugins, tools, and workflows available on WordPress.org, saying “I want it to be seamless, straightforward, and as zero friction as possible.”
For more, including further details on the Data Liberation project, watch State of the Word 2023 in the player below.
PHP_CodeSniffer Needs Sponsors
The PHP_CodeSniffer project (PHPCS) needs your help. Big changes are underway with the project, a widely used open source tool for making sure code remains clean and consistent. One of the most significant is that the project is now at PHPCSStandards/PHP_CodeSniffer. This repo is a continuation of squizlabs/PHP_CodeSniffer, which has been abandoned.
Juliette Reinders Folmer has taken over maintainership from the original developer, Greg Sherwood of Squiz Labs. Juliette has been the main contributor to PHP_CodeSniffer for the last year, and is also the lead developer for PHPCompatibility and PHPCSUtils. Juliet provided more details on the handover, including why the repo had to be forked instead of transferred and the inevitable problems this will cause, in The Future of PHP_CodeSniffer.
“This is less than ideal as all of the 200.000+ packages which have a dependency on PHP_CodeSniffer will need to update their workflow/composer.json/PHIVE etc,” she writes. “It means losing all open PRs (with the exception of my own, which I’ve recreated). It means losing all issues, having to recreate the wiki etc etc.”
In addition, this means the project is no longer sponsored by Squiz Labs and must now seek other sponsorships. Joost de Valk encouraged companies and individuals to contribute in an article on Post Status, pointing to the library’s widespread use:
“PHPCS is a library used by almost every major PHP project (WordPress, Drupal, Joomla, Mediawiki, Doctrine, and many more),” he writes. “It helps companies and individual developers build better code and follow code styles.”
Companies can sign up to sponsor ongoing development and maintenance of PHP_CodeSniffer through the project’s Open Collective page. Developers interested in contributing to the project can do so here.
WP Awards 2023 Results
Results are in for the WP Awards 2023! The Top 5 winners by total vote are ACF PRO, The Admin Bar, Wordfence, RankMath SEO, and Elementor. This is the second year in a row ACF PRO has been named the top Dynamic Data Plugin as well as receiving the most votes overall.
Organized by The WordPress Weekly, the 2021 edition of the WP Awards garnered a total of 2138 across all categories. Participation has skyrocketed in the years since, with 4,164 total votes in 2022, nearly doubling the 2021 result. Voting increased again in 2023, with 5,859 members of the WordPress community casting their votes for their favorite plugins, themes, and WordPress services.
WordPress Security Team Warns of Phishing Emails
An official announcement from the WordPress Security team warns of “multiple ongoing phishing scams impersonating both the ‘WordPress team’ and the ‘WordPress Security Team.’” The phishing scams consist of emails, purporting to be from one of the above, that attempt to convince administrators to install a malicious plugin on their sites.
As reported by Wordfence and Patchstack, the phishing emails warn users of a Remote Code Execution vulnerability with the identifier CVE-2023-45124. This CVE is not currently in use. Users are then prompted to download a “patch” for the non-existent vulnerability.
Clicking the download link takes the user to a fairly convincing mockup of the WordPress plugin repo. Downloading and installing the plugin on a WordPress creates a backdoor and a hidden admin account, “wpsecuritypatch.”
As a matter of policy, the WordPress Security Team never emails users with requests to install plugins or themes. Official emails from the WordPress project always come from either a @wordpress.org
or @wordpress.net
domain, and always say “Signed by: wordpress.org” in the email details section.
Security vulnerabilities in WordPress should be sent directly to the WordPress Security team through the project’s official HackerOne page.
HTML Hacks That Built the Modern Web
For as long as we’ve had HTML, we’ve had developers coming up with hacks and workarounds to achieve their desired results. In Weird HTML Hacks, Ernie Smith makes the case that many of these hacks shaped the Internet we know today.
Some techniques are so ubiquitous they may not be recognized as hacks, like using HTML tables for layout. First used by David Siegel and described in his book Creating Killer Web Sites, this made it possible to build experimental layouts and have them work on every browser.
“Yes, yes, everyone did it (and in the email world, everyone still does), but it is the definition of a hack,” Ernie writes. “And Seigel was one of the first to find it.”
Check out the full article for more.
Should You Use Bun for Your Projects?
Bun is an all-in-one JavaScript runtime and toolkit created with the explicit goals of serving as a drop-in replacement for Node.js, eliminating separate layers of tooling, and speeding up the development experience.
Bun reached a major milestone on September 8, 2023 with the release of version 1.0, marking the first “production-ready” release for Bun’s macOS and Linux builds. The Windows build, however, is still experimental, with only the JavaScript runtime supported. The package manager, test runner, and bundler included in the macOS and Linux builds of Bun are disabled in the Windows version. The plan is to include them once they’re more stable and their performance has been optimized.
In this article, we look at how Bun works under the hood and how to start using it in your projects.
What’s the most interesting news you’ve come across recently? Pop by Twitter and let us know.