October 3rd Support Team Meeting Summary

General announcements

As we are nearing the release candidate for WordPress 5.3, it’s time to start thinking about the Master List which we post for every major release.

A separate post will go up regarding it, but we’ve already started collecting some items for it;

  • There is a new screen asking a site admin to confirm the administrator e-mail when they sign in (and once every few months, 6 by default, but this is filterable)
  • There is an ongoing effort to improve contrast and give better identification of in-page hierarchy for elements which may seem odd at first (this may not be included in the final release, as it is being discussed).
  • There’s a new default theme, Twenty Twenty, how to use it, as it’s pretty much all blocks, and some users may find them selves lost at first.
  • There are changes to some block markup, and removal of inline styles in the block editor which themes may need to account for. This will not affect existing content unless the user goes to edit that content.

Feedback is desired on how we should be gathering the items for the Master List, as it can be hard to keep track of blog post comments, one option is to use a GitHub repository, but input is desired on what is best for the majority here.

WordPress 5.3 progression

The release is currently scheduled for November 12th.

WordPress 5.3 beta-2 is available.

Checking in with international liaisons

Representatives from the communities in Russia, Italy, India and Spain helped flesh out this meeting with more details, thank you!

Open floor

Although technically an item that came in after the meeting, it seemed like a good one to tack on to the end to ensure we’ve all picked up on it;

I’ve seen a few reports lately of script code (adware, malicious, etc) showing up in people’s post editors and them not knowing where it came from. Investigation in these cases has revealed malware on the user’s own system, either in a browser extension or just on their PC, but not on the server or website itself.

Seems it is becoming popular for local malware to start injecting script code into forms, and the WP editor is just such a form. Such code appears when they make a new post and gets saved with the post, so it will seem to be a server-side hack, but it isn’t in this case.

So, if you see any questions along the lines of “where did this script code in my editor come from”, have them do local PC scans using anti-virus as well as auditing their browser extensions by turning them all off until they figure out which one is doing it.

– Otto, the “O-man”

Read the meeting transcript in the Slack archives. (A Slack account is required)