10 Things You Need To Know About WordPress 2.8

WordPress 2.8: Search for Plugins

WordPress 2.8 is the latest installment of the WordPress platform, scheduled to be released on Wednesday, June 10. Millions of sites are powered by WordPress including the BBC, CNN, the NFL, the New York Times blogs, and that’s just a few of the big names.

Ok, so there’s a new version.  So what?  There are a number of massive improvements which will make WordPress even easier to use than before, however most of the new features are under the hood. Mark Jaquith, a core WordPress developer, is calling it the “Snow Leopard of WordPress” – in other words, on the surface, it doesn’t have much new but there are radical updates under the hood to make it run faster and give developers more options.

Faster Load Times

The first, of smaller features, but very important features to me, is the ability to compress both external CSS files and embedded CSS, and the same with Javascript, both embedding and external files. Why is this important? It decreases both load time for the user and saves bandwidth because of compression. It’s a win-win situation for everyone. But, this is just one of the major enhancements I’m excited about.

Now Easier to use Widgets

Yay for a new widget panel!  No more “add this widget” and gets added and having to browse the different sidebars.  Now you can drag and drop, and auto-save, on any of the registered sidebars for your theme.  See below for the example of what it looks like.  It’s a lot more useful and much easier to use now.

WordPress 2.8: New Widgets Page

Plugins, Plugins, Plugins, Plugins

The second major update that is clear to see is the plugins page layout.

I run a test site that updates code every few hours from SVN so I can see what is going on with all the new code being developed and committed, so something I noticed quickly was that the Plugins page layout changed dramatically. You’ll notice that the way the plugins are grouped together now is different than it was before. With the upgraded Plugins layout, it was quite difficult to see the important plugins, so the lead developer working on it, Ryan Boren, was kind enough to add a “Per Page” option for Plugins. Now, you can easily find all your plugins on a single page by changing the Per Page option to a higher number than the plugins you have. For example, I have 55 plugins installed, so I set mine to 60 and I can easily see all my plugins.

Plugin Search

Another great addition to the WordPress codebase in 2.8 is enhanced plugin search.  For a long time, and still, plugin search is not that great.  2.8 will help fix a lot of those issues and give users a greater opportunity to find what they are looking for.

WordPress 2.8: Search for Plugins

New Admin Schemas

Diving into some of the admin features, the blue color scheme received some love and has some updated features. The grey color scheme’s icons were also updated. Overall, the admin style has stayed the same though, since Automattic conducted the user experience testing back in October 2008 to draw up a new administration theme. Have they done a good job? I honestly think that yes, they’ve done a great job with it and it’s fully functional now. I was hesitant at first when they made the big change, but I really like it now.

Along with upgrading the admin schema, you can now select how many columns you want to display.  It’s really easy to move the various dashboard widgets around to customize the dashboard to exactly how you want it.   You can easily select which widgets you want to show too.  Whether you care about plugins, recent news, or you just care about posting quickly, you can edit it to your liking.

New WordPress Dashboard

Search for Themes

Not only was the plugins browsing area upgraded, but you can also now view and search for themes!

WordPress 2.8: Search for Themes

Can’t Upload with Flash? Let’s Fix That!

For all those users that were having issues with Flash, Firefox, and uploading images, those problems should go away.  WordPress 2.8 comes with PHP SWFUpload 2.2.0.1.

Editors Note: I wish the Flash uploader would be applied to more than just images. For instance, the WordPress importer could use some love – particularly for large export files.

Automattic Highlights

A few of the highlights that Automattic is pointing out is the new ability to drag and drop, and save, in one action, widgets for your theme. IIS 7.0 URL rewriting is now supported as well, giving a little love to the Windows users. These are just a few of the highlights.

Editors Note: If you use the Thesis theme there are some incompatibilities. Anthony Ferguson has the fix in advance of an official update from DIYThemes.

Upgrading Using the SSH Method

If you’re into really quick plugin upgrades, you might already be using a script running on a cron job that upgrades your plugins every few hours.  But, there’s a slightly less geeky way of doing it.  The SSH2 method of upgrading is now more functional.  It had some problems in 2.7.x, so I helped work with the developer of that area and we made it more functional and operational.  I wrote a tutorial about how to upgrade WordPress and plugins using SSH that works seemlessly.  For my personal blog, I just click upgrade and the next screen I see is that it upgraded successfully.  I never have to enter my username or password.  It’s all stored on the server.

Other Updates

Digging into the nitty gritty, the backend received some updates as well. Dropping some database columns, for those of us that are uber geeky, which will help keep the database running smoother and cleaner. For the full list of geeky updates, check out the Development, Themes, and Plugins updates.

10 Things You Need to Know About WordPress 2.6

postrevs.png

WordPress 2.6 is around the corner (sometime next week, it looks like), and as usual, there’s a bunch of changes, improvements, enhancements that have went into this version. In my opinion, this is an odd major release. While there are certainly major new changes that warrant a new major release, much of the release consists of various improvements generally saved for “dot releases”. Security and enhancement type stuff. The thinking is that WP 2.6 can be released so a WordPress 2.7 can come in the early fall timeframe and integrate new features developed in conjunction with the Google Summer of Code project.

Still though, there is a significant amount of new functionality that I find quite nice.

Google Gears Support

Gears is the Google technology that allows for Firefox (apparently IE 6 too, but I can’t confirm) to “pre-cache” pages and speed up access. Gears has been integrated with WordPress 2.6 on the admin side and speeds things up tremendously. This is particularly important where broadband access is limited or inaccessible (third world, for instance). To enable Gears in your new WordPress 2.6 installation, click on the Turbo link in the upper right corner of your WordPress admin.

XML-RPC Editor Functionality

Quietly, a new bit of functionality snuck into WordPress trunk that threw a number of developers and kicked off an interesting discussion. In the development cycle, XML-RPC and Atom Pub API for remote editing was turned off by default as a “security precaution” since many recent WordPress security issues seem to stem from the XML-RPC protocol.

Daniel took the issue up on his blog in a bit of a vicious manner because he has a vested interest in desktop client support for blogs. He is the developer behind the very nice MarsEdit client for Mac which, incidentally, I’m using to write this post. He took his battle up, a bit more congenially among WordPress developers, and the result was a compromise. New WordPress 2.6 installs would be given the option at install to enable XML-RPC editing and upgraded blogs (pre-existing) ware grandfathered in to an “enabled” paradigm.

Picture 9.png

This is an important shift in the way bloggers think about writing. Most of us simply want to write. We don’t want to worry about the technical aspects of maintaining a blog. This is the philosophy that drove the b5media team, whom I worked for from very early days, to develop a network of bloggers that were able to simply write without worrying about the logistics of maintenance, upgrades, monetization, etc. Unfortunately, while most bloggers are not technical, malicious parties ‘out there’ are technical and look for any opportunity to attack blogs and other websites. XML-RPC and APP provide a vector which, though pretty secure, has seen its share of exploits in the past. Disabling functionality that is not explicitly used by every user makes sense for security reasons.

Bloggers can enable or disable the functionality via the Settings > Writing page in WordPress admin and most desktop editors still only support the XML-RPC protocol so unless you’re explicitly using the Atom Publishing Protocol, you’re probably safe to leave only XML-RPC checked.

Post Versioning

Developers familiar with Subversion, or SVN, understand the concept of versioning and diffs. Compare one file, or revision, against another file, or revision, and see a breakdown of differences between the two. With the help of GUI tools, developers can see a color-coded red vs. green (removed vs. added) presentation.

This concept has now been applied to posts so you can view differences between posts as well as “revert” to an earlier version of a post. I absolutely love this feature and you can see an example of a “revision compare” built directly into WordPress.
postrevs.png

SQL Security – $wpdb->prepare()

Back in WordPress 2.3, the

1
prepare()

first emerged, initially unused… but there. The method was very experimental at the time and was not ready for prime-time so, though it was included, it was not yet used. We started to see its emergence in WordPress 2.5 and in WordPress 2.6 it is being used just about everywhere.

The idea behind

1
prepare()

, if you’ll allow me to get geeky for a minute, is to sanitize SQL in such a way that SQL injection is prevented. So, plugin developers, in particular, should be happy with this method (part of the

1
$wpdb

class). Not only should they be happy, but from a best practice standpoint, you should be using it.

In my opinion, this should be a part of a “dot release” and not as a major feature of a major release.

Shift-Click Selection of Multiple Checkboxes in WP-Admin

As the backend of WordPress continues to evolve after the release of the drastically redesigned admin in WP 2.5, usability enhancements are also making their way in.

One of the better usability enhancements added in WordPress 2.6 is the ability to “shift click” to select multiple checkboxes at once. Say, for instance, you want to clean up an unwieldy category system (as I need to), Simply navigate to your category management page, click on the first category you want to delete, for instance (posts will go into the default category), and “Shift-click” on a checkbox farther down the list. Magically, all checkboxes in between will also be selected.

This, of course, works anywhere where checkboxes are employed in the WordPress admin.

More Avatar Options

With the Automattic acquisition of Gravatar last year, in-built support for Gravatars was introduced in WordPress 2.5. WordPress 2.6 gives the blogger more options by allowing for selection of the “default” avatar. Out of the box, the default Gravatar can be “Mystery Man”, a generic grey avatar with a white silhouette of someone. Default avatars can also be “blank” (self-explanatory), the Gravatar logo, Identicons, Wavatars or MonsterIDs. These have all been a part of WordPress.com for some time and now come to the rest of us. For more information, Matt wrote a post for the WP.com community that you should probably check out. The difference here being, of course, that WordPress.com offers “dashboard avatars” and WPFROU (WordPress for the Rest of Us) does not include this functionality.

Page Templates over XML-RPC

In addition to the XML-RPC/APP security measures listed above, a new key bit of functionality has now been exposed for API editors (and also, if you think about it, demonstrates the power behind XML-RPC and why you might want to turn it off if you don’t use it). The XML-RPC interface now allows for managing page templates from an API editor. To the best of my knowledge, no editor supports this yet and may not. However, increasingly there is the ability to remotely post content from places like YouTube, Utterz and others. None of these services would have any real use for this functionality either, however I want to point out that because they can post remotely anything that is exposed to the remote world can also be managed.

It’s also conceivable that an offline WordPress client could be built that replicates WordPress admin in a desktop client, and this is one more step in that direction.

Press This

Press this! is a new enhancement of a long-existing concept. Bookmarklets. In fact, WordPress used to have a bookmarklet included that would allow a user to quickly start a new post from the browser toolbar, but the functionality was limited.

The Press This! functionality rocks, actually, because it allows the user to be on any website, click the bookmarklet and get a miniaturized version of WordPress admin with options to snip text, photos from the page, quotes or video embeds.

Picture 10.png

Obviously, we can lead you to water but we can’t make you drink. BE VERY CAREFUL OF COPYRIGHT VIOLATIONS! Oh, and the Associated Press sponsored this. (kidding!)

Integrated Theme Preview

Theme previewing has been a bugaboo for many a theme designer. How do we check and develop without affecting the rest of the site. Some folks resorted to using Ryan’s venerable Theme Preview plugin. Others setup a beta version of a site that was sandboxed off from the rest of the world. Lots of different approaches, all of which remain valid.

However, for theme developers and bloggers looking to see how a theme will look on their site, with their content, there is now theme preview bling. When you are on your Design page, click on one of the theme screenshots and your site will be loaded in a lightbox-like overlay to allow you a live preview. Heavily inspired, I’d imagine, by the Mac OS X Leopard Quick Look functionality.

Remember when Technosailor looked like this?

Picture 11.png

Plugin Management Overhaul

Finally, the plugin management interface has received a face-lift and some added functionality. Active plugins and inactive plugins are segregated and with that new fangled Shift-click functionality I talked about before, plugin management just got really freaking simple. Note that Active plugins can be deactivated in bulk and Deactivated plugins can be activated or even deleted in bulk. Clean up that stale plugin list in a snap. But… there’s always a but… make a backup before you go nuts.

10 Things You Need to Know About WordPress 2.5

WordPress is about to release version 2.5 into the wild (It just hit Release Candidate yesterday so the release date, though officially not known, is coming soon). If you’ve been using WordPress.com or have peeked at the demo site you will know the biggest change coming to WordPress with this release.

You might ask, “Where did WordPress 2.4 go?” The answer to this is that it was skipped. Yes, that’s right, the 120-day release cycle was scrapped this time and you essentially have two releases in one. Again, the changes are vast and countless. This is a huge release.

So let’s get into the nitty gritty shall we?

New Admin User Interface

WordPress 2.5 GUIBy far the most comprehensive change in this release was the complete rethinking of how WordPressers do their administrative tasks. Happy Cog Studios was enlisted to do usability research and testing – with the emphasis being on usability research. Several of the items in this rundown are going to be broken into their own list item as they deserve their own description and, again, this upgrade is huge.

You’ll notice that the WordPress admin is now bathed in a lighter blue, lighter grey and orange color scheme. I like the nice hues, but others are bound not to. If you’re a developer or know your way around creating WordPress plugins, you can supply your own admin CSS with the

1
wp_admin_css

and

1
wp_admin_css_uri

filters, and WordPress is already supplying per-user options of “Classic” – the old dark blue feel – and the “Fresh” style which is installed by default.

1
2
3
4
5
6
function my_admin_css( $cssfilename )
{
    // Use name of the CSS file inside the wp-admin folder WITHOUT the file extension
    return 'my-new-wp-admin';
}
apply_filters('wp_admin_css', 'my_admin_css');

I’d just stick with the default though. It’s not too shabby.

Menu Layout

WordPress 2.5 Menu
One of the first things you’ll notice is the change in the administrative navigation. It struck me as very Movable Typeish. I don’t know if the idea came from them or simply that Happy Cog had such thorough user research that it made sense. Either way… it makes sense.

Primarily, users interact with the WordPress admin in one of four areas – writing posts, managing posts, managing comments, and managing design elements. You’ll notice that these items make up the primary navigation on the left side of the screen. (Sidebar: You’ll also notice that the Presentation menu has been renamed Design – which was a usability decision. It makes sense.) Matt wrote more about this.

The rest of the formerly Primary navigation items – Plugins, Options (now Settings) and Users have been moved to a secondary navigation on the right side of the screen.

Sub-navigation is something that’s a little weird. As both the Primary and the new secondary navigation used to be part of the same menu bar, the “submenus” all made sense to appear below the primary navigation. This is still the “right” place, I believe for the new Primary navigation points but seems awkward for the Secondary navigation items that are relegated to a different portion of the screen. I know this is something that is currently being thought about, I just don’t know what the final results will be.

Also, as a bit of additional commentary, I think plugin authors need to go back and revisit their choice of where they have put their plugin subpages. Do they really make sense to be in the Options page (now Settings)? Do they really belong in the Manage page? In my opinion, plugin settings pages should be listed as a sub-page of the Plugins menu.

Widget Handling

WordPress 2.5 Widget MAnipulation
Another MASSIVE shift in philosophy has been in the Widgets page. Before, you could drag and drop widgets into position. You can still reposition widgets by dragging within a sidebar, however, WordPress is relying less on Javascript “bling” for this release. Each widget is listed in a column on the left, you click the Add link and it jumps into the sidebar. Instead of having all sidebars displayed at one time, the user selects the sidebar from a dropdown to expose a different sidebar.

To me, this adds work to the overall experience, and so fundamentally I don’t like it, but it feels more reliable.

Dashboard Overhaul

WordPress 2.5 Dashboard Overhaul
The second thing you will probably notice immediately on login to the WordPress admin (the color scheme being the first) is the new dashboard interface. Now it is completely modularized, and though there is no “tight” way of adding your own, plugin authors can create their own dashboard widgets. The architecture is primitive at this point, but will improve offering a much easier way for plugin authors to do their thing without feeling like they are “hacking”.

A summary of your entire WordPress install is summarized in a widget titled “Right Now” informing you of the number of posts, comments, draft posts, tags and categories. Other useful widgets like incoming posts, etc are available and can be customized with your own RSS feeds.

Visual Editor Improvements

WordPRess 2.5 TinyMCE Improvements
The Visual editor, a long time bane of many users existence, has been upgraded with support for TinyMCE 3. It even includes Full Screen mode for those of you that don’t like to be distracted when writing. I cannot speak to the ability of this upgrade, as I don’t use WordPress’ visual editor, but I’m told it is a vast improvement over the older version. The TinyMCE team has worked closely with WordPress on this release as well.

Flash Uploader

WordPress 2.5 Flash Uploader
For those of you using a lot of images in your post, the image uploader has been completely overhauled as well. Namely, you can uplopad and insert multiple images at once via a new Flash-based uploader. This will gracefully fallback to the original uploader if Flash is not installed, so never fear. There is now a new “Add Media” link in the header of the post window that handles all this now. For those of you who want to debate the philosophical decision to include closed source Flash into open source, and GPL’ed WordPress, knock yourself out.

Plugin Auto-upgrade

An ambitious new feature that is being included in WordPress is a new autoupgrader. By default, it will try to upgrade plugins that are already in the WordPress plugin repository by writing the new files out to the existing plugins. however, this is an inherent security risk as it would require your plugin files be writable by the world. So the fallback is to upgrade plugins via FTP/FTP over SSL. Though your FTP username and password are stored in your database, it’s important to remember that FTP is inherently insecure. FTP/SSL is much more secure but is still not the best. Thanks to hooks in the filesystem functionality, I’ll be releasing a plugin that I’ve been working on for Secure FTP (FTP over SSH). It’s not ready yet, but hopefully will be soon and I’ll let you know when it is.

Custom Sizes for Thumbnails

WordPress 2.5 Thumbnail Sizes
Since the image uploader was added back in, something like WordPress 2.0, many, many people have complained about the inability to modify thumbnail sizes. I believe the old default was something like 100×100. In WordPress 2.5, thumb-nailing became a whole lot more useful. You can not only set your thumbnail dimensions globally, you can also have a “medium” sized thumbnail, a la Flickr and an option to crop an oversize image instead of just resizing. I figured some of you would like that.

Tag Management

WordPress 2.5 Tag Management UI
With the introduction of WordPress tags in WP 2.3, the development group took a measured approach to adding user interface around them. A minimal form field on the post write page allowed for a comma separated list of tags with no additional way of management. Fortunately, in 2.5, a bit more UI was added, though functionally identical. It works like Flickr tags where tags can be added via a list of comma separated tags or via a “type, click, add” mantra. In addition, the UI has a tabbed interface which allows for the selection of tags by checkboxes and by most used tags, useful to say the least.

Password Strength Too

WordPress 2.5 Password Strength
The last major item (and trust me there are tons of smaller items or more obscure items) in the list of things you should know about WordPress 2.5, is the password strength meter. Passwords should be at least three characters or they will be deemed “too short” and should consist of two of three types of characters – letters, numbers or symbols – or will be considered too weak. Password security is a big concern for everyone in IT and blog security itself could be beefed up significantly by users choosing “strong” passwords.

Bonus Item: Timestamp Sanity

WordPress 2.5 Timestamp ManagemtThanks to Mark Jaquith (Disclaimer: Mark is one of my employees at b5media, but is also a core developer of WordPress), the timestamp functionality of WordPress has recieved a complete overhaul. By default, a new post has no timestamp module. Instead, it’s a publish immediately, or you can click a link if you really do want to modify the timestamp. When editing a post with a timestamp, there is also no “Modify Timestamp” checkbox that caused so much confusion for so many years. If you modify the existing timestamp, it’s assumed that you actually want to change the timestamp! In other words, WP is no longer insulting the intelligence of users (not that it was an intentional insult before, but the big brother protection from the blogger’s own self was a bit tedious).

So if you feel like testing, you can grab a copy of the lastest trunk code at

1
http://svn.automattic.com/wordpress/trunk

. The usual disclaimers are in play when using a non-stable released version: No support offered, your mileage may vary, use at your own risk, don’t feed the tigers. But if you want to contribute to the development process, testing AND reporting bugs is a good way. A lot of testing is going on right now before a release, so have at it. :-) Enjoy.

Update: Ozh describes how to create your own wp-admin stylesheet.