Block Pattern Directory Update

BlockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. Patterns are a way to set up layouts of blocks, through themes and plugins.  We’ve started work to create a Block Pattern Directory, similar to the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and Theme directories. This will let anyone create and share a Block Pattern with any WordPress user.

Current state

The Block Pattern directory is in progress at wordpress.org/patterns. Following @shaunandrews’s design post, we’ve been working on the pattern browsing flow. The grid view is in progress:

The landing page of the Pattern Directory.

When viewing a single pattern, you can see a live preview which can be resized to preview at different screen sizes. Copying and favoriting are not working yet.

Single pattern view

The editor for creating block patterns is still in progress, but the idea will be that you can create a pattern right on the Pattern Directory site, and submit it. Shaun’s initial design post has more details on the flow, including moderation steps.

Targets

We’re aiming to have an initial version of the pattern directory launched in conjunction with WordPress 5.8. For the initial launch,

  • Anyone will be able to browse through patterns on the directory web site, based on pattern categories, or by searching
  • Anyone can see a live preview of a pattern, and use it on their site by copying the block code
  • WP.org users will be able to create and share Block Patterns, view and manage their submitted patterns
  • Patterns will be able to pick from a set of curated images and media to use, but no uploading your own media
  • Submitted Block Patterns will go through some basic validation/automated moderation
  • The block editor will search and fetch coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. patterns from the directory

Once we have a working directory, these are some of the next ideas:

  • The directory will be in English at launch, but we are thinking about how to internationalize the directory and available patterns
  • Forking an existing pattern to iterate on it, or to translate it
  • Improve the media collection for use
  • Add UIUI UI is an acronym for User Interface - the layout of the page the user interacts with. Think ‘how are they doing that’ and less about what they are doing. for searching and browsing third party patterns from the block editor

Where to contribute

The development work is all happening on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/, WordPress/pattern-directory. If you want to help, or share feedback, comment on any of the GitHub issues (or create one). You can also find most of us in #meta on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/., or share your thoughts and suggestions in the comments below.

+make.wordpress.org/themes/ +make.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org//design/

Thanks to @tellyworth for reviewing this post.

New WordPress Make Team

As Matt announced today, (April 27, 2021) we are thrilled to bring the Creative Commons Search product into the WordPress Community. The new name for the product will be Openverse and will eventually live at https://wordpress.org/openverse

There are many logistics and steps to work through as we grow and build out a new WordPress team and focus. I think the first few immediate requests are:

  1. Create a new SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel, titled #openverse, where we can start coordinating in the open
  2. Setup the following GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ repositories to bring the ccsearch code under the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ umbrella with myself (mkaz) and Zack Krida (zackkrida) as administrators. We can add additional developers to the repositories as needed.
    • openverse-catalog
    • openverse-scripts
    • openverse-frontend
    • openverse-api
  3. A new site on the Make network, make.wordpress.org/openverse

We are excited to get the new project started and looking forward to welcoming the CC Search maintainers and contributors into the WordPress community. Please join us in the new Slack channel once available.

+updates

Thanks @cbringmann, @chanthaboune, and @zackkrida for reviewing this post.

Automatically Catching Bugs in Plugins

A Problem

There are times when it’s difficult for a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party developer to know the most secure way to implement something (e.g., preparing a SQL query with conditional clauses), and it can be easy to overlook bugs and bad practices when there are thousands of lines of codeLines of Code Lines of code. This is sometimes used as a poor metric for developer productivity, but can also have other uses..

That creates bad experiences for users when something breaks or their site is hacked.

A Potential Solution

Static code analysisStatic code analysis "...the analysis of computer software that is performed without actually executing programs, in contrast with dynamic analysis, which is analysis performed on programs while they are executing." - Wikipedia could help to catch bugs, and inform developers how to fix them. It could also reduce the amount of time the Plugin team spends doing manual reviews.

The Coding Standards project has already built an extensive set of PHPCSPHP Code Sniffer PHP Code Sniffer, a popular tool for analyzing code quality. The WordPress Coding Standards rely on PHPCS. sniffssniff A module for PHP Code Sniffer that analyzes code for a specific problem. Multiple stiffs are combined to create a PHPCS standard. The term is named because it detects code smells, similar to how a dog would "sniff" out food., and the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team has prototyped a custom PHPCS standard for the Plugin Repository.

Would something like that be useful? If so, what exactly should it check for?

Feedback

  1. At a high level, what concerns need to be addressed? e.g., security, backwards/forwards-compatibility, best practices?
  2. At a lower level, what specific things should be reported? e.g., escaped database queries & HTMLHTML HTML is an acronym for Hyper Text Markup Language. It is a markup language that is used in the development of web pages and websites. output, using CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. APIs where available, avoiding deprecated functions?
  3. What are the current gaps in documentation? e.g., piecing together complex MySQLMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/. queries with multiple variables. We’ll need good documentation to help devs understand a problem in their code, and fix it the right way.
  4. What are the current gaps in functionality that Core provides to plugins? e.g., escaping table and column names, native MySQL prepared statements, an HTML templating language. It’ll be easier for plugins to meet the standard if they don’t have to create their own implementations of common functionality.
  5. What metrics should we track to determine if code quality is improving enough?
  6. What metrics should we track to determine if we’re saving the Plugin Team enough time?

If you’re interested in similar conversations, check out the #core-coding-standards channel in our Slack workspace.

+make.wordpress.org/plugins/ +make.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org//docs/ +make.wordpress.org/core/

cc @dingo_d, @westonruter, @jdgrimes, @jeffpaul

#coding-standards, #phpcs, #security

Theme test results added to Trac tickets

Starting today, a subset of Themes Trac tickets may include an automated reply showing the results of end-to-end theme tests. TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. tickets already include Theme Check results; the new automated e2e testing covers extra tests intended to find JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. errors, invalid output, potential a11yAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) problems, and other items from the Guidelines.

The Theme Test results are intended to help both theme reviewers and theme authors discover theme bugs and potential problems easier and earlier. It is a work in progress that we hope will assist and augment the manual review process for themes. The tests are advisory only, there is no requirement or expectation that themes must pass the tests in order to be approved. Here’s an example:

We’d like to hear your feedback on the tests, and suggestions for additions and improvements. You can discuss those in comments here or post issues to the Theme Review Action repository in GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/.

#theme-review

cc +themes

Scheduled Updates: Help test on WordPress.org sites

The project to enable scheduled changes to published posts has now entered the testing phase. The alpha was reviewed by a limited set of testers on one testing site, and after some iterations based on feedback, it’s now ready for use on all sites on the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ network. If your contributor team has a site that you’d like to try it on, comment below and a member of the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team will enable it for you.

A quick demo showing how an update gets scheduled

Some things you can try to orient yourself with the new functionality:

  • Create a scheduled update of a post or page
  • Make changes to a scheduled update after it has been created
  • Publish a scheduled update immediately
  • Delete a scheduled update
  • TrashTrash Trash in WordPress is like the Recycle Bin on your PC or Trash in your Macintosh computer. Users with the proper permission level (administrators and editors) have the ability to delete a post, page, and/or comments. When you delete the item, it is moved to the trash folder where it will remain for 30 days. or unpublish a post that has a scheduled update
  • View the comparison between the update to the original post

Please keep in mind that this is still betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. software that will continue to change and iterate. Feedback is welcome! If you find an issue, you can see if it has already been reported, and if not, please report it!

#revisions-extended

+make.wordpress.org/updates/

Reducing the Plugin Review team’s workload through automation

To help the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review team make the most of their contribution time and improve the security of all plugins distributed on WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team contributors have built a code scanner that detects potential security risks such as unescaped SQL queries in plugin code. This is installed as a plugin on WordPress.org, and displays results in a metaboxMetabox A post metabox is a draggable box shown on the post editing screen. Its purpose is to allow the user to select or enter information in addition to the main post content. This information should be related to the post in some way. on the plugin edit screen accessible to reviewers.

The Plugin Review team has been sharing feedback on the quality of the results, which has let Meta contributors to refine the tool to improve the noise-to-signal ratio that makes any automated checker a challenge.

Looking forward, our teams are discussing how often to run this scan (probably every time a new version of a plugin is detected), and how to semi-automate informing plugin authors about the results of the scans.

We’re excited that the Plugin Review team finds this tool useful, and that we’re making progress toward one of our Big Picture Goals for 2021 by decreasing manual work for contributor teams through better tooling.

If you’re a plugin developer and would like to help test the scanner on your own code, it’s available on GitHub.

Many thanks to the Plugin Review team for making the time to test and share the feedback that made this tooling improvement possible!

#plugins

In Progress: Scheduling updates to published posts on WordPress.org

The Learn WordPress site has a lot of content (especially in lesson plans) that is specific to a particular version of WordPress. When a new version of WordPress is released, that content has to be reviewed and updated, which requires a lot of effort from members of the Training Team. Right now, these updates can only be made after the new version is released, because updates to post content happen immediately (only unpublished posts can be scheduled to publish on a future date). The Docs team that maintains HelpHub and DevHub faces similar challenges.

The MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team is attempting to improve this situation by making it possible for contributors to save a change to an already-published post that will go live at a later date. This will be a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party installed on the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ network that can be enabled on any network site.

The basic scope of the plugin:

  • From the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor, make changes to an already-published post and schedule those changes to go live at a later date.
  • In the block editor UIUI UI is an acronym for User Interface - the layout of the page the user interacts with. Think ‘how are they doing that’ and less about what they are doing. as well as other admin screens, indicate when a post has a scheduled update.
  • View a list of all scheduled updates.
  • Edit scheduled updates, including the content and the future publish date.
  • Compare scheduled update content to the current published content.
  • This functionality should be available for all post types that support revisionsRevisions The WordPress revisions system stores a record of each saved draft or published update. The revision system allows you to see what changes were made in each revision by dragging a slider (or using the Next/Previous buttons). The display indicates what has changed in each revision..

Under the hood, the plugin will use CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.’s built-in revision system. A scheduled update will be saved as a revision post type with a future post status. When the update is due to be “published”, it gets converted to a normal post revision with an inherit post status and then that revision is “restored”.

Here’s a (very rough) screencast of the basic workflow:

The code for the plugin is currently in this GitHub repo.

FAQ

Aren’t there plugins out there already that do this?

There are a couple, but they are either inadequate for our needs or they add a bunch of extra stuff that we don’t need.

What about suggested updates, that don’t necessarily have a future publish date, but should be reviewed by a content editor before being approved and incorporated into an already-published post?

This is another feature that is often requested. While the same underlying revision system could be used for suggested updates as well, the UI flows are more complicated, so the current focus is just on scheduled updates.

Also, there is a fundamental limitation of how revisions are created and stored, in that each revision contains the entire content of a post. So if two people suggest revisions for a particular post at the same time, whichever suggestion gets approved first would be overwritten by the second suggestion. This would probably be a good topic for a separate post.

Is this something that belongs in WordPress Core?

If Core leadership thinks that this feature would benefit 80% of WordPress users, then sure! The plugin will definitely be built to work gracefully with Core and the block editor.  If this were prioritized for merge, Core’s revisions system would need to be updated to be a bit more flexible, and the block editor UI would need some changes to become more customizable.

Got other questions? Please share them in the comments!

#revisions-extended

Call for Feedback: Automated Theme Testing

Ensuring that a theme follows all WordPress Theme Directory requirements can be challenging. While theme requirements are important for maintaining a high standard for themes that are distributed through WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, checking that themes meet these requirements can be time-consuming for reviewers. Additionally, sometimes theme authors aren’t sure whether their theme meets our requirements, before submitting a theme to the directory.

The Theme Review team maintains a number of different tools and datasets to help theme authors. The Theme Check pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and Theme Sniffer do a good job of informing theme authors of problems with their code but aren’t able to cover some of the tricker aspects of theme reviews, as both tools run static code analysisStatic code analysis "...the analysis of computer software that is performed without actually executing programs, in contrast with dynamic analysis, which is analysis performed on programs while they are executing." - Wikipedia. As a result, theme authors & Theme Review team members spend countless hours manually testing themes. 

If we could combine some of the existing code analysis tools, automate away some of the manual testing and open them up to more development workflows, could we improve theme quality, alleviate pressure on manual testing and speed up the theme review process?

The Theme Review Action project is looking to answer this question.

It’s also worth noting that this project was loosely informed by the Theme Review’s proposed updates to the overall process designed to improve communication during theme reviews. This proof of concept doesn’t intend to be a replacement for that work, but hopefully an extension.

Guiding Principles

The project should:

  • Go beyond simply identifying where themes don’t match our guidelines and help improve theme quality
  • Leverage existing tooling
  • Provide actionable feedback to theme authors
  • Be able to run in different contexts
    • Continuous development platforms
    • Local machines

Proof of Concept

In the last quarter of 2020, we worked on getting something in a state for developers to try, in the hopes of sparking discussion and educating a path forward. 

The project has been added to GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/: https://github.com/WordPress/theme-review-action.

How does it work?

As mentioned in the project’s Readme.md on GitHub, you can test a theme by doing any of the following:

  1. Navigate to your WordPress theme folder and run npx wordpress-theme-check-action
  2. Add the Action to your WordPress Theme Repository on GitHub
  3. Clone the project and run it locally.

Once triggered, the project roughly does the following: 

  1. Creates a development environment using wordpress/env (& docker)
    1. Installs the latest version of WordPress
    2. Installs parent theme if applicable
    3. Imports the test data
    4. Activates theme
  2. Tests to make sure theme has minimum required files
  3. Runs Theme Review Plugin
  4. Opens a Browser Session programmatically and runs User Interface tests.
  5. Outputs results of tests

The User Interface tests use the Browser (Puppeteer), mimicking a user, to answer the following questions :

  • Does your theme have appropriate: 
    • Skip links?
    • Element focus states?
    • Keyboard navigation?
  • Does your theme follow other WCAGWCAG WCAG is an acronym for Web Content Accessibility Guidelines. These guidelines are helping make sure the internet is accessible to all people no matter how they would need to access the internet (screen-reader, keyboard only, etc) https://www.w3.org/TR/WCAG21/. AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) standards?
  • Are there any errors in your:
    • JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/.?
    • HTMLHTML HTML is an acronym for Hyper Text Markup Language. It is a markup language that is used in the development of web pages and websites.?
    • PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php.?
    • GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ BlockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. Templates?
  • Does your theme include prohibited content?

Of course, since this is only a proof of concept, the test coverage isn’t extensive and will require more refinement. 

Example 1: Here’s an example of it running locally using npx. 

Note, running using npx on windows isn’t working yet :).

Example 2: Here’s an example of its output GitHub:

Test results from project displayed in the GitHub actions interface.

What’s next?

Can you try it out on your a theme and answer any of the following questions:

  • Did you find it easy to use?
  • Does the information help you make changes that improve your theme? 
  • Did you find any bugs?
  • Is there anything missing that could be added?
  • Although it’s currently a little slow, can you see yourself using it during your development process (or theme review) if it were faster and more complete? 
  • Is there an alternative approach to consider?

Ready?

Check out https://github.com/WordPress/theme-review-action and read the Readme file for more detailed information on how to use the project. Any issues or feedback can also be logged as issues in the GitHub repository

Sincere thanks to @poena for the help!

New Slack channel for Learn development discussions

We now have a #meta-learn channel in SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. for discussions specifically around development topics for learn.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/. Note that non-development discussions should still happen in other channels, such as #training.

+make.wordpress.org/training/

Protecting Children’s Privacy On WordPress (through the lens of COPPA)

Disclaimer:

Nothing in this proposal constitutes professional advice, legal or otherwise.

Although substantial care was taken when compiling this post, no guarantee is made with regards to its accuracy. Please exercise your own judgement.

Common beliefs about WordPress and COPPA:

To start off, let’s examine a couple of common beliefs about WordPress and COPPA:

This is a wider platform issue.”

Yes and no.

WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ has thus far appeared to be a general audience platform – and therefore did not appear to have specific obligations under COPPA.

WordPress.org can become subject to COPPA requirements by:
1. Publishing child-directed content; or
2. Obtaining specific knowledge that children under 13 are using the platform.

Publishing KidsCamp content on Learn WordPress appears to “trigger” COPPA obligations because the content is directed at children.
However, as Learn WordPress makes use of wider WordPress.org infrastructure (and default WordPress installations are not COPPA friendly), becoming COPPA-compliant would require some platform-wide changes.

We are not collecting any personal information.

WordPress offers users the ability to add personal information,
including bios and origin stories, to their profiles.

Personal information is collected when a user registers for a WordPress.org profile.

Here the username itself is personal information, as it functions in the same manner as online contact information (@-mentions).

Visitors to KidsCamp content on Learn WordPress can sign up for a WordPress.org account.

Users can sign up for a WordPress.org account from pages that contain child-directed content.

There is no neutral age verification mechanism when registering for a WordPress.org account, or when accessing other parts of the website.

Learn WordPress offers users the ability to register for discussion groups.

Feedback forms, registration for and participation in discussion groups, notifications and comments all include personal information.

Furthermore, the FTC has specifically indicated that personal information includes information that is associated with any persistent identifier – so that would include usernames, user ids, identifiers in cookies, IP addresses and more.

It also includes any such information that is collected by plugins, or third party services on behalf of WordPress.org, including, but not limited to Jetpack, GravatarGravatar Is an acronym for Globally Recognized Avatar. It is the avatar system managed by WordPress.com, and used within the WordPress software. https://gravatar.com/. and Meetup.com.

So… How can WordPress.org become COPPA-compliant?

A Prominent Privacy Policy

COPPA-compliant privacy policies need to be prominent. As such, the usual privacy link in the footer does not qualify.

Audit Data Practices on WordPress.org

In order to compile a COPPA-compliant privacy policy, it would be highly advisable to do a full code and data audit to create a data flowchart for CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. and any plugins that are running on WordPress.org

This includes determining and documenting exactly what information is being collected, where it is stored and any parties with whom the information is shared and for what purpose.

#51092 could provide a solid approach.

Verifiable Parental Consent

Obtaining parental consent that is verifiable can be a significant administrative burden (outside of physical KidsCamps, where volumes are more manageable), as a simple checkbox will not do the trick.

Do Not Collect Data From Child-Directed Content

A Consent APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. (incorporating #51188) can provide a basis to ensure that information is not collected on child-directed content.

Where information is needed to support internal operations, data should be compartmentalized so that it cannot be accessed for other uses.

List of abbreviations:

COPPA: Children’s Online Privacy Protection Act (United States)

FTC: Federal Trade Commission (United States)

Licensing:

This content is made available under Creative Commons 4.0. BY SA.

Please add your thoughts below:

Please add any concerns, questions and suggestions below.

Your input is greatly appreciated.