On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000 installations.
We received a response the same day and sent over our full disclosure early the next day, on April 19, 2022. A patched version of the plugin, 9.1.1, was released on April 21, 2022.
We released a firewall rule to protect Wordfence Premium, Wordfence Care, and Wordfence Response customers on April 18, 2022. Sites still running the free version of Wordfence will receive the same protection on May 18, 2022. We recommend that all Wordfence users update to the patched version, 9.1.1, as soon as possible as this will entirely eliminate the vulnerability.
The Booking Calendar plugin allows site owners to add a booking system to their site, which includes the ability to publish a flexible timeline showing existing bookings and openings using a shortcode, [bookingflextimeline].
The flexible timeline includes the ability to configure viewing preferences and options when viewing the published timeline. Some of these options were passed in PHP’s serialized data format, and unserialized by the define_request_view_params_from_params function in core/timeline/v2/wpbc-class-timeline_v2.php.
An attacker could control the serialized data via several methods:
If a timeline was published, an unauthenticated attacker could obtain the nonce required to send an AJAX request with the action set to WPBC_FLEXTIMELINE_NAV and a timeline_obj[options] parameter set to a serialized PHP object.
Any authenticated attacker could use the built-in parse-media-shortcode AJAX action to execute the [bookingflextimeline] shortcode, adding an options attribute in the shortcode set to a serialized PHP object. This would work even on sites without a published timeline.
An attacker with contributor-level privileges or above could also embed the [bookingflextimeline] shortcode containing a malicious options attribute into a post and execute it by previewing it, or obtain the WPBC_FLEXTIMELINE_NAV nonce by previewing the [bookingflextimeline] shortcode and then using method #1.
Any time an attacker can control data that is unserialized by PHP, they can inject a PHP object with properties of their choice. If a “POP Chain” is also present, it can allow an attacker to execute arbitrary code, delete files, or otherwise destroy or gain control of a vulnerable website. Fortunately, no POP chain was present in the Booking plugin, so an attacker would require some luck as well as additional research in order to exploit this vulnerability. Nonetheless, POP chains appear in a number of popular software libraries, so many sites could still be exploited if another plugin using one of these libraries is installed.
Despite the lack of a POP chain and the complexity involved in exploitation, the potential consequences of a successful attack are so severe that object injection vulnerabilities still warrant a “High” CVSS score. We’ve written about Object Injection vulnerabilities in the past if you’d like to find out more about how they work.
Timeline
April 18, 2022 – We release a firewall rule to protect Wordfence Premium, Care, and Response customers. We initiate the disclosure process. The plugin developer verifies the contact method. April 19, 2022 – We send the full disclosure to the plugin developer. April 21, 2022 – A patched version of the Booking Calendar plugin, 9.1.1, is released. May 18, 2022 – The firewall rule becomes available to free Wordfence users.
Conclusion
In today’s post, we covered an Object Injection vulnerability in the Booking Calendar plugin. Wordfence Premium, Wordfence Care, and Wordfence Response customers are fully protected from this vulnerability. Sites running the free version of Wordfence will receive the same protection on May 18, 2022, but have the option of updating the Booking calendar plugin to the patched version 9.1.1 to eliminate the risk immediately.
If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both these products include hands-on support in case you need further assistance.
Closing the cybersecurity skills gap has been a topic of interest for a number of years with many organizations reporting on its slow decline. According to (ISC)2’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65 percent to effectively defend organizations’ critical assets. While the number of professionals needed to fill the gap has decreased from 3.12 million down to 2.72 million in the past year, this is still a significant void that leaves organizations vulnerable.
Organizations are looking for individuals with certified skills
Organizations are looking for more diversity
Raising cybersecurity awareness remains a key challenge
The survey was conducted in January and February of 2022 and included more than 1200 IT and cybersecurity decision-makers from 29 different locations. There was an even split between the respondents in four regions: North America, EMEA, APAC and LATAM.
How Cybersecurity and the Skills Gap Affects Every Organization
A staggering 80% of organizations experienced at least one breach during the last 12 months that they could attribute to a lack of cybersecurity skills and/or awareness. Almost 20% suffered five or more breaches.Number of breaches in the last 12 months
If that weren’t enough, 64% of organizations experienced breaches that resulted in lost revenue and/or cost them fines. Of those, 38% reported breaches that cost them more than a million dollars (USD).
How is the Skills Gap Creating Cyber Risk?
According to the survey respondents, a key factor contributing to the breaches is that organizations struggle to find and retain certified cybersecurity people. 67% of global leader respondents indicate that the skills shortage creates additional cyber risks for their organization.
Recruitment and Retention Are Key Challenges Causing the Skills Gap
Organizations need qualified cybersecurity professionals now more than ever, which is why 76% of organizations indicate that their board of directors now recommend increases in IT and cybersecurity headcount.Board members who recommend increases in IT and cybersecurity headcount
Most would hope that increasing hiring could be an easy fix to this problem, however, 60% of organizations indicated that they struggle to recruit cybersecurity talent and 52% struggle to retain it.
Another key challenge for recruitment is the that organizations need to hire people for a broad range of security and IT network-related roles and specializations. Cloud security specialist and security operations (SOC) analysts remain among the most sought-after roles in cybersecurity, followed closely by security administrators and architects. But organizations aren’t just looking to ramp up hires arbitrarily. They’re deliberately trying to build teams of specialized talent who are equipped to handle an increasingly complex threat landscape.
Finding Qualified People is a Challenge for the Skills Gap
Globally, 50% of organizations seek cloud security specialists, a priority that’s likely informed by how rapidly companies moved their operations to the cloud during the pandemic.
The challenge is finding the right people.What roles are organizations looking for?
What Skills Are Needed to Work in Cybersecurity?
Central to the challenge of recruiting and retaining cybersecurity talent is the importance of certification. Certified professionals are universally sought after with 95% of decision-makers sharing that technology-focused certifications positively impact both their role and their team.
Organizations Are Looking for Certified Skills
As such, 81% of leaders prefer to hire people with certifications.
However, 78% indicate it’s hard to find certified people. This may contribute to the fact that globally 91% of organizations say they are willing to pay for an employee to achieve a cybersecurity certification.Organizations would pay for an employee to get a cybersecurity certification
The preference to hire certified people may be because organization leaders followed that same path themselves:
86% of decision-makers report having earned technology-focused certifications
88% report having other people with certificates on their team
Certification is an Opportunity Given the Skills Gap
It should also be noted from above that global leaders attributed the struggle to find and retain certified cybersecurity people as a key factor contributing to breaches. This also may influence an organization’s hiring strategy with a tendency to lean towards professionals with corresponding certifications to the positions they are attempting to fill.
Closing the Cybersecurity Skills Gap by Prioritizing Diversity
The challenge isn’t just hiring more people, but also building more capable and more diverse teams. While enterprises need qualified talent for a range of different roles, 89% of global companies also have explicit diversity goals as part of their hiring plan.
7 out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges. 61% say hiring minorities is also a top three challenge.
Despite the challenges, or perhaps because of it, three out of four organizations implemented formal processes to hire more women, and nine out of 10 actively engaged women and new graduates during the last three years. 59% of companies have structures in place to hire minorities, and 51% for hiring more veterans.Hiring from these populations is a top three challenge for organizations
Raising Cybersecurity Awareness to Close the Skills Gap
Even though the recruitment, retention, and certification of a cybersecurity team is vital, companies cannot realistically protect themselves until they also raise the cyber awareness of all employees. That requires ensuring that all employees, at all levels and all roles within the organization, have the knowledge and awareness to protect themselves and their organization’s data. Until they do, breaches will always be likely.
87% of organizations implemented a training program to increase cyber awareness. However, 52% of leaders continue to believe their employees still lack the necessary knowledge. This raises the question of the effectiveness of the programs that organizations currently have in place. Employees lack knowledge when it comes to cybersecurity awareness
For those that don’t have a program in place, 66% report they are currently looking for a program that would suit their needs.
The Power of People Can Help Close the Skills Gap
Cybersecurity can sometimes feel like a purely technological domain. But when you look past the technology that organizations rely on, cybersecurity is all about how well your employees work together to protect the organization.
Fortunately, organizations are making deliberate efforts to improve on all these fronts. However, it is imperative to remember that the cyber battle isn’t won on any one front. Cybersecurity requires an entire system of people and technology working together to protect an organization.
That starts with people who are empowered, qualified, and certified to protect the organization.
The Fortinet Security Fabric is the industry’s first—and only—platform to converge essential networking and security functions and consolidate security point products into a unified platform. And now, Fortinet has announced the release of FortiOS 7.2, which widens that leadership position even further. With over 300 new features spanning the Fortinet portfolio—including new advanced AI-powered services that accelerate the detection and response to threats—FortiOS is better positioned than ever to secure the hybrid networks that organizations rely on to compete in today’s digital marketplace.
Today’s Network Is Different, Not Dead
Too many organizations hear that everything is moving to the cloud. And that as a result, the traditional network will soon be dead. But nothing could be further from the truth. And worse, buying into that myth is putting organizations at risk.
Of course, networks are vastly different from just a few years ago. Digital acceleration has enabled users and devices to access critical resources from any location, fundamentally changing how businesses operate. But this need for consistent user experience does not require them to abandon their networks. Instead, organizations worldwide and across all industries are building hybrid networks that interconnect traditional data centers and campuses with multi-cloud infrastructures, SaaS platforms, branch offices, home offices, and mobile users and devices.
Brandon Butler, a Senior Research Analyst at IDC, recently stated, “The network is foundational for enabling secure, scalable, and efficient use of cloud, edge, and IoT applications.” So, rather than dying, hybrid networks are the enablers of digital acceleration. They allow applications and workflows to move seamlessly from end to end and be accessed by any user or device from any location.
However, organizations need to stop thinking about networking and security as separate strategies to do this effectively. Instead, securing their digital acceleration efforts requires infrastructure and security teams to converge their visions. As applications continue their cloud journey and devices become increasingly visible to everyone, secure networks are vital to connecting these domains.
But to do this, enterprises, small businesses, and service providers alike need to replace isolated point devices that only address a portion of the network with solutions designed to operate as part of an integrated fabric that can see and adapt to the broader network. As network edges and dynamic infrastructures evolve, single-purpose and isolated security solutions only make it more difficult for organizations to deploy and maintain a cohesive and comprehensive security strategy. Instead, organizations must adopt a platform approach that converges operational efficiency and security automation with the underlying network.
The Only Platform Designed to Fully Protect Today’s Hybrid Networks
The Fortinet Security Fabric is the only platform designed to fully protect and dynamically adapt to today’s hybrid networks at any edge, and FortiOS 7.2 is the heart of that platform. FortiOS enables organizations to deploy the Fortinet Security Fabric to every edge, allowing security to dynamically scale and adapt as the network evolves. This expansive, integrated approach also enables the delivery of AI-powered automation that correlates intelligence from across the network and global threat feeds to rapidly detect even the most sophisticated threats and respond in real time.
FortiOS 7.2 enhances the Security Fabric’s award-winning functions and services by extending the definition of what’s possible in networking and security, thereby enabling customers and partners to safely and effectively compete in today’s digital marketplace. And for the foreseeable future, those businesses will rely on hybrid networks. But only by integrating security at the core of those networks will they be able to adapt at speed and scale to secure every edge. Over 20 years of prioritizing research and development have positioned Fortinet as the driving force behind cybersecurity innovation. With FortiOS 7.2, Fortinet is setting new industry standards for converged networking and security. Figure 1. Fortinet’s Security Fabric platform converges essential networking and security functions and consolidates security point products into a unified platform
High-performance AI-powered threat intelligence and services
New AI-powered FortiGuard Security Services enable organizations to automate their security systems to stay ahead of never-before-seen attacks, in real-time. And one of the most significant enhancements is the speed and accuracy with which FortiOS 7.2 can detect and prevent threats, in a coordinated way across an organization’s extended attack surface.
Traditionally, performance-intensive activities like sandboxing suspicious files for out-of-band inspection resulted in a delay in delivering content or having to hunt down malware inside the network when a file turns out to be infected. FortiOS 7.2’s new inline sandbox service resolves this by transforming a traditional detection sandbox capability into real-time in-network prevention to stop both known and unknown malware, with minimal impact on operations. New inline CASB, dedicated IPS, advanced device protection for OT and IoT systems, and additional enhancements to our SOC services portfolio deliver advanced security services to improve our customers’ security postures. Because they are consumed as a service across the Fortinet Security Fabric and ecosystem, this guarantees real-time proactive updates with minimal impact to operations and simplified scaling. Additionally, our new outbreak detection service provides a faster response to outbreak attacks, including immediate alerts and threat hunting scripts that automatically identify and respond to new threats. In addition, all FortiGuard services are powered by trusted machine learning and artificial intelligence. Its accuracy and fidelity are further enhanced through FortiGuard Labs’ analysis of over 100 billion global security events a day observed in live production environments worldwide.
The critical convergence of networking and security
One of the most essential functions of a modern security solution is its ability to scale, span, and adapt to a continuously evolving hybrid network. Achieving this requires converging security with the network. Such convergence allows security systems to seamlessly adapt to network changes as it addresses continually evolving requirements. However, the challenge most organizations face is that few security solutions are genuinely able to provide this essential function.
Fortinet’s security-driven network approach was the first platform-based strategy to encompass the entire network development and deployment life cycle. Converging essential network and security functions ensures that security is the central consideration for all business-driven infrastructure decisions. As a result, new edges, applications, and services that expand your attack surface are automatically protected.
FortiOS 7.2 extends Fortinet’s innovation advantage even further by delivering new ways to converge networking and security across critical functions. New ZTNA enhancements make WFA deployments easier to deploy. Improvements to the industry’s most comprehensive portfolio of secure WAN edge solutions—SD-WAN, SD-Branch, 5G, and ZTNA—help teams achieve even better ROI. Advances in automation using new auto-deployment and zero-touch provisioning features increase uptime for the WAN and LAN Edge. And additional upgrades spread across NGFW, identity, micro-segmentation, SASE, AIOps and digital experience monitoring deliver powerful innovation for further networking and security convergence.
Consolidating security increases efficiency, visibility, and control
Organizations that have taken a best-of-breed approach to security now face the challenge of vendor and solution sprawl. So, in addition to converging network and security, organizations must also begin consolidating the security products deployed across their ever-expanding attack surface to improve visibility, centralize management, orchestrate policy, and automate rapid threat detection and real-time response.
FortiOS 7.2 provides enhancements across Fortinet’s entire portfolio of network, endpoint, and cloud solutions that further consolidate security point products into a single broad, integrated, and automated platform. This deeper integration enables advanced vulnerability correlation and virtual patching to provide more comprehensive protection, including better security for IoT devices and advanced process automation so NOC and SOC teams can further simplify and automate their workflows.
In addition to FortiOS, the Fortinet Security Fabric platform is also built around common standards and open APIs that enable organizations to build a robust cybersecurity mesh architecture that includes investments in other security technologies. The Fortinet Fabric-Ready Technology Alliance Partner Program, one of the largest technology alliance ecosystems in the industry, brings together a community of global technology partners with specialized expertise. As a result of more than 400 integrations, customers can now more easily build a hybrid platform of integrated solutions to improve security effectiveness, reduce complexity, and simplify operations.
Fortinet’s Industry Leadership Enables Advanced Security Strategies
Fortinet’s commitment to innovation has led to the world’s most extensive and deeply integrated security and networking solutions portfolio. Our 1,255 patents are nearly three times that of comparable cybersecurity companies. We also regularly submit our products for impartial testing with the most prominent organizations in the industry. Those consistently top-tier results, combined with annual accolades and awards from leading analysts and industry organizations, and a strong commitment to R&D based in the United States and Canada, assure customers they can take a consolidated approach to security without ever sacrificing performance or protection. https://www.youtube.com/embed/LN2glwJ6vyA?autoplay=0&rel=0&controls=0&showinfo=0
Find out how Fortinet remains a global leader in broad, integrated and automated cybersecurity solutions: Fortinet Innovation series.
Coca-Cola, the world’s largest soft drinks maker, has confirmed in a statement to BleepingComputer that it is aware of the reports about a cyberattack on its network and is currently investigating the claims.
The American beverage giant has started to investigate after the Stormous gang said that it successfully breached some of the company’s servers and stole 161GB of data.
Stormous announcing the victimization of Coca Cola
The threat actors listed a cache of the data for sale on their leak site, asking 1.65 Bitcoin, currently converted to around $64,000.
Coca-Cola listing on Stormous leak site
Among the files listed, there are compressed documents, text files with admin, emails, and passwords, account and payment ZIP archives, and other type of sensitive information.
Who is Stormous
Although they claim to be a ransomware group, there is no indication at this time that they are deploying file-encrypting malware on their victim networks.
Closer to a data extortion group, Stormous has stated that they would take action against hacker attacks against Russia in the wake of the invasion into Ukraine.
Stormous message
This is the first time Stormous has posted a stolen data set. Last week, the gang asked their followers to vote on who should be their next victim.
The attack promised denial-of-service, hacking, leaking of software source code and client data. Coca-Cola won the poll with 72% of the votes. The gang said that it took them only a few days to breach the company.
Poll held on the Stormous Telegram
Coca-Cola and the other victim choices in Stormous’ poll show anti-Western stance. Previously, the group claimed Epic Games as their victim.
They announced that they stole 200 gigabytes of data and details of 33 million users of Epic store and games. However, there has been no confirmation about the legitimacy of the data, so Stormous’ reputation about these claims has yet to be established.
Coca-Cola has not confirmed that their data was stolen. The company told BleepingComputer that it is currently collaborating with law enforcement and that the investigation into the alleged Stormous attack has not revealed a negative impact yet.
The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products.
Calling the new activity a “departure” from the group’s typical behavior, Proofpoint alternatively raised the possibility that the latest set of phishing emails distributing the malware show that the operators are now “engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns.”
Emotet, the handiwork of a cybercrime group tracked as TA542 (aka Mummy Spider or Gold Crestwood), staged a revival of sorts late last year after a 10-month-long hiatus following a coordinated law enforcement operation to take down its attack infrastructure.
Since then, Emotet campaigns have targeted thousands of customers with tens of thousands of messages in several geographic regions, with the message volume surpassing over one million per campaign in select cases.
The new “low volume” email campaign analyzed by the enterprise security firm involved the use of salary-themed lures and OneDrive URLs hosting ZIP archives that contain Microsoft Excel Add-in (XLL) files, which, when executed, drop and run the Emotet payload.
The new set of social engineering attacks is said to have taken place between April 4, 2022, and April 19, 2022, when other widespread Emotet campaigns were put on hold.
The absence of macro-enabled Microsoft Excel or Word document attachments is a significant shift from previously observed Emotet attacks, suggesting that the threat actor is pivoting away from the technique as a way to get around Microsoft’s plans to block VBA macros by default starting April 2022.
The development also comes as the malware authors last week fixed an issue that prevented potential victims from getting compromised upon opening the weaponized email attachments.
“After months of consistent activity, Emotet is switching things up,” Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, said.
“It is likely the threat actor is testing new behaviors on a small scale before delivering them to victims more broadly, or to distribute via new TTPs alongside its existing high-volume campaigns. Organizations should be aware of the new techniques and ensure they are implementing defenses accordingly.”
Google on Tuesday officially began rolling out a new “Data safety” section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties.
“Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties,” Suzanne Frey, Vice President of product for Android security and privacy, said. “In addition, users want to understand how app developers are securing user data after an app is downloaded.”
The transparency measure, which is built along the lines of Apple’s “Privacy Nutrition Labels,” was first announced by Google nearly a year ago, in May 2021.
The Data safety section, which will show up against every app listing on the digital storefront, presents a unified view of what data is being collected, for what purpose it’s being used, and how it’s handled, while also highlighting what data is being shared with third-parties.
On top of that, the labels can also show an “app’s security practices, like encryption of data in transit and whether users can ask for data to be deleted,” Frey noted, in addition to validating those practices against security standards such as the Mobile Application Security Verification Standard (MASVS).
The feature is expected to be gradually made available to all users, while giving app developers a deadline of July 20, 2022 to complete the section and keep them updated should they change the apps’ functionality or data handling methods.
That said, Data safety is expected to face similar concerns to that of Apple’s in that the system is built entirely on an honor system, which requires app developers to be truthful and clear-cut about what they do with the data, and not list inaccurate labels.
Apple has since said that it would routinely audit labels for accuracy, thereby ensuring that the labels are reliable and don’t give users a false sense of security about the data being collected and shared.
Google, last year, had said that it intends to institute a mechanism in place that requires developers to furnish accurate information, and that it will mandate them to fix misrepresentations should it identify instances of policy violations.
While the search giant has explicitly stated that its app review process is not designed to certify the accuracy and completeness of the data safety declarations provided by third-party app developers, it’s outlining strong measures to handle such transgressions.
The company is warning that it will be taking suitable enforcement measures when it identifies a deviation from the information provided in the section. Failing to ensure compliance can result in blocked updates or removal from Google Play.
“When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action,” the company said in an updated support article.
Managing lots of files at once can be difficult, especially when dealing with large ones. When struggling with the problem of moving lots of documents and files, an excellent solution is to create a zip file that compresses the files down to a more manageable size.
The good news is that macOS has a built-in tool for creating and unzipping zip files called Archive Utility. The bad news, however, is that it often receives quite a few complaints about things such as its disappointing compression ratio and limited feature set.
In this article, we’re going to tell you about one of the best archive utilities Mac users can use to get the very best results. Keep on reading to learn more!
Mac’s Built-in Archiver Utility
Archive Utility, the built-in archiver utility that comes pre-installed on macOS, can handle zip files, but when it comes to files in other formats or particularly big files, it may not be the best choice. Below are some of its drawbacks.
1. Only one supported format
There are some very common archive formats that Archive Utility simply can’t handle, including the very popular rar format.
2. Disappointing compression ratio
While it does reduce file size, Archive Utility doesn’t have as great of a space-saving impact on disk space as other archiving apps.
3. Limited key features
Archive Utility is missing key features such as archiving, encryption, and volume compression. This is because Apple has not significantly updated Archive Utility in the time since these types of features have become standard.
Unarchiver One Mac is the best free archiving tool for Mac. In seconds, it can archive and unarchive tons of file formats including RAR, Zip, 7z, gzip, bzip2, and lots more.
Unarchiver One can save you huge amounts of disk space by compressing large files into much smaller sizes. And unlike Archive Utility, it also supports encryption and volume compression.
1. How to set up Unarchiver One as the default unarchiving tool
Setting up Unarchiver One as your default unarchiving tool couldn’t be easier. To do so, follow the simple steps below.
(1) Right-click on any compressed file and select ‘Get Info’.
(2) Choose Unarchiver One as your default unarchiving tool.
(3) Click ‘Change All’.
2. How to unzip files on Mac
After setting Unarchiver One as your default unarchiving tool, you can open compressed files by simply double-clicking on them. However, there are also other ways to unzip files with Unarchiver One easily:
(1) Right-click on the compressed file. Unarchiver One will quickly extract files to the current folder by just right-clicking on the compressed file and choosing ‘Open With > Unarchiver One’.
(2) Drag and drop archive files to Unarchiver One’s console. Effortlessly drag and drop archive files to Unarchiver One’s console to easily browse and securely extract their contents with just one click.
3. How to make a zip file on Mac
There are two main ways to make a zip file with Unarchiver One.
(1) Right-click on the files you want to compress.
First, follow the steps above and set up Unarchiver One as your default unarchiving tool.
Then choose all the files you want to compress and right-click on them.
After clicking on ‘Compress’ you’ll find that the archive file is instantly stored in the current folder!
(2) Drag and drop all the files to Unarchiver One’s console.
Choose all the files you want to compress and drag and drop them into Unarchiver One’s console. Click on ‘Compress’.
Choose where you want to save the compressed file and the specific archive format. In this step, you can also encrypt the file if required.
Your UniFi deployment is only as good as the planning behind it. There are two important questions to consider as you build your dream system and determine how to optimize its performance. The first is whether or not your equipment can be seamlessly integrated into your space.
We have you covered there with our Design Center, the interactive visualization tool that allows you to map out a custom network uniquely suited for your location. Check out our brief video overview to learn more.
The UniFi product suite is vast, cohesive, and designed to be highly scalable so you can build and support networks of any size. That means you have myriad options when it comes to choosing your ideal devices, applications, and functionality, so we strongly recommend taking your time during the planning process. Once you’ve finalized your deployment, then comes the all-important follow-up question:
Do I have what I need to run all of this?
With that in mind, we’re very excited to introduce the UniFi OS Console Resource Calculator: a brand-new modal that not only provides console-specific processing and memory caps with a single click, but gives dynamic approximations of how well each console can support various deployment types.
Granularity is the name of the game with our new calculator. Our top priority is ensuring that every user can fully capture each component of their system so they know exactly what console is right for them. After selecting a console and the applications it will run, you have a wealth of customization options to help you specify how many devices you’re connecting, how they will function, and whether or not they will have advanced configurations.
As you make your adjustments, you’ll see how each console’s CPU and memory are impacted, helping you determine whether you’ve chosen the right model or you require one with higher specs. Take a look at the calculator in action in our April edition of Ubiquiti Insider:
Simplifying IT isn’t just about making networking technology more accessible and intuitive; it’s about giving users a deeper understanding of how their system works and what’s needed to support it. We’re very proud of this new innovation because it’s directly tied to our greatest pursuit: delivering the best system performance and user experience possible.
We really can’t wait for you to try the resource calculator, so take it for a spin here and let us know what you think on the Ubiquiti Community forum. Also, be sure to check back soon for more news on the ever-expanding world of UniFi!
The WordPress block directory is a new way that WordPress users can discover, install and test third-party WordPress blocks from within the WordPress block editor. Introduced in WordPress 5.5, the WordPress Block Directory makes it easier to find the WordPress block that best fits your needs.
If you haven’t yet heard of the WordPress block directory, you’re not alone. In this guide, we’ll cover everything you need to know about the new block directory. We’ll also explain how to start using the Block Director to streamline your content workflow.In this Guide
The WordPress Block Directory is a category of free WordPress plugins that provide third-party WordPress blocks for use within the WordPress block editor.
The new WordPress block directory is built right into the block editor, so you can install new block types to your site without ever leaving the editor. The block directory is designed to make it easier for users to search and install WordPress blocks directly from the block editor, so you can quickly add the type of block you need into your content.
To search the WordPress block directory, use the “+” icon on the top left of the page to use the new block inserter and search for available blocks.
Here are a few important things to note about the WordPress block directory:
The block directory search functionality is only available to WordPress user roles who have the permission to add or install plugins.
If you add a third-party block from the block directory, the corresponding WordPress plugin will be installed on your site. So if you see a new plugin installed on your website, and you don’t remember installing it, check to see if the plugin is a WordPress block plugin.
The WordPres block directory pulls in both built-in default WordPress blocks and third-party WordPress block plugins so you can install them directly from your page/post editor.
Search results of third-party block plugins depend a few requirements that developers must meet (covered in more detail later in this article).
History of the WordPress Block Directory
The WordPress block directory is the result of WordPress core discussions about how block plugins need to be distinguished from other free plugins available on the WordPress.org plugin directory.
The WordPress block directory endeavor was a cross-team development effort that involved major updates on:
The WordPress plugin update processes
The WordPress plugin repository
Integration into the WordPress block editor’s Inserter
The 8.4 version of the featured Gutenberg WordPress plugin was when the block directory was merged into the WordPress core; on August 11, 2020 in WordPress 5.5.
The Purpose of WordPress Block Directory
A new WordPress block directory is included in the main WordPress.org plugin directory, so you’re either browsing regular WordPress plugins or single block-enabled plugins.
The block directory is designed to help distinguish block plugins, which are javascript-only and register only WordPress blocks, versus traditional WordPress plugins that have more functionality.
What Are WordPress Blocks?
WordPress blocks are page elements that you can use from within the WordPress block editor to help organize and design the content of your blog posts and pages. From images to quotes to lists and media embeds, there’s a WordPress block for just about everything.
Built-in Default WordPress Blocks
WordPress comes with a library of built-in default blocks. Here’s a table of some of the most frequently-used blocks. This table includes some of the default WordPress blocks included with WordPress in the new block editor.
WordPress block
Description
Audio
Embed a simple audio player.
Buttons
Drive conversions with beautiful buttons.
Categories
Display a list of all categories.
Classic
Use the classic WordPress editor
Code
Display code snippets that respect your spacing and tabs.
Columns
Add a block that displays content in multiple columns, then add whatever content blocks you’d like.
Cover
Add an image or video with a text overlay – great for headers.
Embed
Embed videos, images, tweets, audio, and other content from external sources.
File
Add a link to a downloadable file.
Gallery
Display multiple images in a rich gallery.
Heading
Introduce new sections and organize content to help visitors (and search engines) understand the structure of your content.
Image
Insert an image to make a visual statement.
Latest post
Display a list of your most recent posts.
List
Create a bulleted or numbered list.
Paragraph
The building block of all narrative.
Pull quote
Give special visual interest to a quote from your text.
Quote
Give quoted text visual emphasis.
More
Adds a “Read more” element
Separator
Create a break between ideas or sections with a horizontal separator.
Add white space between blocks and customize height.
When you login to your Admin dashboard (assuming that you’re using WordPress 5.0 or higher) and click to write a new post, immediately you’ll notice a panel for content editing that’s based on blocks.
Previously, this section of your post editor was one big content field that contained standard text formatting controls.
When comparing the old version of the editor to the new block-based version, this was a major upgrade for users.
The overall editing experience within the new version is a lot more streamlined and free of distractions. It gives you clear visibility to your main “canvas” without other elements that were mostly unneeded.
WordPress Block Library Plugins
In addition to the built-in WordPress blocks, other plugins like Kadence Blocks add even more blocks to the WordPress block library. The Kadence Blocks plugin adds even more power to the block editor, adding page builder features.https://wordpress.org/plugins/kadence-blocks/embed/#?secret=Q4GmBAmiJd#?secret=hdsqudoOKw
For example, Kadence Blocks custom blocks include:
Row Layout – Create rows with nested blocks either in columns or as a container. Give style to your rows with a background, overlay, padding, etc.
Advanced Gallery – Create stunning photo galleries, carousels, and sliders! Enable custom links, captions, and more. Plus you can select the image size for performance.
Form – Our powerful form block allows you to easily create a contact or marketing form and style it within the block editor.
Advanced Text – Create a heading or paragraph and define sizes for desktop, tablet and mobile along with font family, colors, etc.
Advanced Button – Create an advanced button or a row of buttons. Style each one, including hover controls. Plus you can use an icon and display them side-by-side.
Tabs – Create custom vertical or horizontal tabs with advanced styling controls. Each tab content is an empty canvas able to contain any other blocks.
Accordion – Create beautiful accordions! Each pane is able to contain any other block, customize title styles, content background, and borders.
Testimonials – Create confidence in your brand or product by showing off beautiful and unique testimonials. Display add as a carousel or a grid.
Icon – Choose from over 1500+ SVG icons to add into your page and style the size, colors, background, border, etc. You can also add multiple icons side-by-side.
Spacer / Divider – Easily create a divider and determine the space around it or just create some space in your content. You can even define the height per screen size.
Info Box – Create a box containing an icon or image and, optionally, a title, description, and learn more text. Style static and hover separately.
Icon List – Add beautiful icons to your lists and make them more engaging and attract viewers’ attention. Over 1500 icons to choose from and unlimited styles.
Countdown – Increase your conversions by adding a sense of urgency to your offering. Pro includes evergreen campaigns as well.
Posts – Display a clean grid of posts anywhere on your site, great for your homepage where you want to tease your blog.
Table of Contents – Allow your readers to navigate your content easily with a table of contents block. Includes smooth scroll to anchor.
Lottie Animation – You can import lottie animations into your site. You can choose how the animation plays and control animation speeds, loops, etc.
Count Up – An animated count up or down to a certain value. Great for displaying stats.
Google Maps – Embed a Google Map on your site.
Advanced Image – An image block with greater controls and advanced features.
What is a WordPress Block Plugin?
AWordPress block pluginis a relatively small, simple WordPress plugin that provides a single WordPress block. The plugin is the block, essentially.
The WordPress block directory helps organize third-party block plugins in a category separate from traditional WordPress plugins so they are easier to search and install.
For example, the Donation Form Block for Stripe by GiveWP adds a Stripe-powered donation form to your website in a few seconds with a single WordPress block. Once installed, the block is easily inserted into your WordPress website and is designed to be easily customized to fit your needs.
What are Block-Enabled Plugins?
In a nutshell, block-enabled plugins are “traditional” WordPress plugins that include blocks you can use within the block editor. The WordPress plugin directory has also started distinguishing “Block-enabled plugins” to highlight plugins that utilize block functionality.
As you start working on new content for your site, whether it’s a new page or a blog post, you’ll notice that every content piece you include (such as an image or a paragraph of text) is converted into its own block.
You can basically think of a block like a wrapper that’s placed around each piece of content that you include on your post or page. But the block system doesn’t change anything about the content pieces individually, or how they appear on your website. An image is still an image and doesn’t appear any different to the end-user.
You’ll find that creating content with blocks is highly intuitive. When you start creating a new page or post, WordPress invites you to choose your block type or begin writing text.
When you complete a paragraph of text, hit enter and WordPress automatically transitions you to a new block.
When you want to add a different block besides a text paragraph, simply click the “+” icon, located within the block editor in the upper-left corner.
Each block type available for you to choose from is highly customizable in many ways. With a little time and experimentation, you’ll be able to make any block look exactly how you envisioned.
Benefits of the Block Editor
The introduction of the block-based editor has brought a number of benefits to WordPress content creators.
First, you can much more easily rearrange your blocks within each page than the previous editor allowed you to do. Every block has individual controls that allow you to move the block up or down one spot. You can also use the drag and drop function to move blocks around manually.
In previous WordPress editors, moving content around was a pain. First, you had to cut and paste content into the areas that you wanted to put them. Often, doing this caused a lot of formatting issues; although more so with some text editors than others. At times, users would lose entire content sections prior to moving them because they accidentally copied over it in their clipboard.
These aren’t issues that you’ll experience with blocks, and they’re a lot more maneuverable as well.
How Do I Use the WordPress Block Directory?
Now that we’ve discussed what WordPress Blocks are, let’s look into the new WordPress block directory.
The idea behind the block directory is not that complicated. But it’s highly useful for developers and site designers once they understand how to properly utilize the tool.
When a WordPress user wants to use a block that’s not available in the default WordPress blocks available locally in their editor, they can head to the search field of the Inserter and type in a keyword, such as “menu” or “team.”
Behind the scenes, the intuitive system first runs a search on the user’s local site. If it’s unable to find the specific block that’s being searched for, it starts searching the block directory: A designated part of the overall WordPress plugin repository that houses single block plugins.
When the system finds blocks that match the current search term, those blocks are displayed within the Inserter, with a preview section available for the user to review.
At this point, the designer decides which block they want to utilize, then clicks on the “Add Block” button. This causes a single-block plugin to be installed and activated, while the designer continues creating the post or page.
If the first block selection wasn’t the best choice, a user can then go back and search for a different block that can also be installed. This allows users a quick and easy way to test different block elements in their designs.
Keep in mind that the block directory can only be accessed by content creators that have full site rights and privileges to install and activate WordPress plugins.
Searching for WordPress Blocks
The search function works really well. The only problem is the current lack of plugins in the repository. It’s important to remember that the block directory is still very new and it’s overall functionality isn’t finalized.
Designers Steven Dufresne and Enrique Sanchez (along with others) have been actively exploring different considerations and variations of the flow for searching, selecting and installing block plugins within the editor.
For example, what happens when a user runs a search and a block plugin shows up in the Inserter that the user already has installed in their editor? Should it display “Disable Block” for that particular search result?
What if the search result displays a block plugin that the user has installed but deactivated? Should it display “Activate Block” for this result?
As you can see, there are many questions that remain up in the air regarding block searches and how they’re delivered.
The discussion is onoging with the designers and developers.
For the WordPress block directory to work, there are several factors that need to perfectly align.
First, the Directory has to have a unique section that’s designated only for single-block plugins to populate the search. There are many plugins that have two or more blocks that cannot be allowed to show in the block directory search feed.
After this, the Directory search feature must return its results within a format that can be displayed in the Inserter.
The block editor then has to run a process that searches the WordPress Plugin directory by way of REST-API. Then, the Inserter requires a method that will allow it to install and activate site plugins.
To do this, it must be able to consider the current user’s site privileges. Only site administrators have the ability to install and activate plugins.
For a plugin author to have their plugin be a part of the block directory, they have to provide a block.json file and an image to be displayed in the search results. It’s also important for plugin authors to remember that users will need additional information about the plugin, in the preview area, before they decide to download it.
In most cases, a user will want to see a plugin’s:
User ratings
Author information
Date of last plugin update
This helps push forward the decision-making process for users trying to decide which blocks to use on their site. After all, a lot of people don’t decide on things based only on how they look. They want to know what’s under the hood as well.
For the block editor, it would be a good idea (although an extremely difficult proposition that will no doubt require a lot of tweaking down the road) to automatically monitor the discarded plugins and make sure that unused blocks are uninstalled from the site after saving the post.
It’s also important to avoid the potential of a “block graveyard” within the site. With an updated Block Manager, this problem should be solved. It was talked about last year by Mel Choyce-Dawn as a part of the initial block directory designs. But it wasn’t a part of the initial release.
WordPress Single Block Plugins List
If you head over to the WordPress plugin repository, you’ll be able to browse WordPress block-enabled plugins that will feed your search results within the WordPress block editor.
At the time of this writing, there are only six pages of results available to browse. And in reality, only about half of those showing in the plugin repository search are actually going to be visible within the block editor via the Inserter.
With a quick spot check, it seems like a lot of them are completely missing the required block.json files. In those cases, the plugins will not be visible in the WordPress block editor search results, but you will see them in the WordPress plugin repository.
This seems to be improving within the last month, however, as final requirements have been more thoroughly documented and key guidelines published. A lot more of the plugin authors are starting to update their plugins to make sure they’re 100% searchable within the block editor.
Some examples of current, fully tested single-block plugins on the block directory include the Donation Form Block for Stripe by GiveWP.
How To Install a New WordPress Block
The block installation process should be seamless and intuitive for the user. At least it should be in theory.
Basically, all a user needs to do is to click on the “Add Block” button without ever exiting the block editor. The desired new block then immediately becomes available.
You’ll probably find out that in some cases you’ll get an error message that will ask you to try the installation again. But before you do, make sure to check and see if the plugin actually was installed and the block available for use.
In many cases, it seems like the error message is, in and of itself, an error and the block is ready to go. As time moves on, more of these minor bugs will be worked out and this useful new feature called the WordPress block directory will be running smoothly.
Block Directory Plugin Author Guidelines
Near the end of 2019, the Meta Team Lead Alex Sheils published an initial draft of WordPress block plugin guidelines for those who want to have a plugin added to the block Directory. It has since been updated with more detailed requirements as of just a few months ago.
To sum up the key points, plugins on the block Directory must have these specific characteristics:
Contain only one single block
Not have UI outside of the post editor
Have a minimum amount of server-side code
Must be structured according to certain specs and include a readme.txt file
Some additional rules that governed the first release of the block directory have been met with some controversy by plugin authors, due to how strict the rules were. However, the restrictions on the Directory weren’t intended on stifling plugin creators.
The goal is to keep the types of blocks that return into the block editor restricted to a specific protocol and type.
That was especially important on the initial release, where it wasn’t a case where more results would be better. The results needed to be very specific within the Inserter.
Knowing that, these additional rules apply to all plugin authors that want to get their plugin on the WordPress block directory:
Block plugins are created to use in the Block Editor
Block plugins must be separate blocks
The title of the plugin must reflect the title of the block
The plugin has to include a specific block.json file
The plugin author cannot charge a fee or require payment for funcationality. Paid accounts also are not allowed
The plugin should be able to function independently
It cannot, in any way, promote other plugins, themes or blocks
Think about the block directory sort of like an immature plant that you’ve just put into the ground. You know that you need to watch it and protect it so that it’ll grow into a bigger and better version of itself.
The block directory is no different.
As the design and development team continues to watch, listen and problem-solve, the Directory will begin to evolve into a place where plugin authors and users find a lot of value.
If you’re a plugin author and your plugin doesn’t yet meet the requirements to be on the block directory, keep in mind that it’s still welcomed on the normal WordPress plugins directory.
The Future of the WordPress Block Directory and Block-Enabled Plugins
The block directory has the potential to really extend the design functionality of the WordPress platform. It gives content creators a quick and streamlined way to extend their content creation capabilities with fingertip access to dozens of useful single blocks.
Even with the continuously moving parts, the first release of the block directory is a major milestone that should be celebrated by content creators and plugin authors alike.
Those of you reading this around the time of its publishing are on the cutting edge of the block directory and what it’s going to become. Now is a great time for you to consider some additional WordPress training that will show you other areas of WordPress, like the block directory, that you haven’t yet discovered.
As you continue to grow through the learning curve while turning your site into the success that you envision, remember that mistakes can (and will) happen. That’s why it’s so important to have a WordPress backup plugin and WordPress security plugin protecting your site at all times.
With everything in place, your website can continue to grow and evolve just like the WordPress block directory.
Adesigner friend discovered a new website creation tool. It claimed to be super-easy to use. Just drag and drop. See results right away. No coding. What’s not to like about that?
She built her new website and worked hard to make the site exactly as she wanted. Then she launched it.
That’s when the makers of the website creation tool proudly announced version 2.0. All new, from the ground up. Even better. More features. Easier to use.
Just one hitch. A minor one. Hardly worth mentioning: There was no way to migrate a website built in the old version. That was bad. What made it really bad was that version 1 would shut down in a few months.
My friend’s new website suddenly had the lifespan of a mayfly. Pretty, but destined to disappear.Let’s face it, it’s quite a task to build a website — one that works well for you, is aligned with your business, and effectively connects with your ideal audience. Doing all that well takes time and effort. So, of course, we count on our new website serving us well for a long time to come.Let’s face it, it’s quite a task to build a website — one that works well for you, is aligned with your business, and effectively connects with your ideal audience. Doing all that well takes time and effort. So, of course, we count on our new website serving us well for a long time to come.
If you’ve had your website for several years, you now have lots of content created over that long time. It definitely would be disastrous to one fine day find out what powers the website has been end-of-lifed.
So how can we avoid ending up like my friend, with a new, but dead-on-arrival, website? Or with an existing website that can no longer be updated?
The 2 Key Components of Future-Proofing
It starts before we build anything on a new website and involves 2 key components:
Adopting a future-proofing mindset
Future-proofing the technology
It’s tempting to view future-proofing a website as a done-and-forget it action. Because it’s an ongoing process. As much mindset as technology.
First, let’s look at developing a future-proofing mindset. Then it will be easier to consider the tech impact of future-proofing.
1. Adopting a Future-Proofing Mindset
Web technology is constantly changing, as are best practices and security concerns.
If we don’t understand (and accept that), at some point any new website will be outdated. Obsolete. Probably sooner rather than later.
WordPress introduced a new blog post editor in 2018. A major upgrade that changed how we approached writing and posting new content.
Many website owners were upset. They didn’t want to change how they edited post content. Not that they liked the old editor. But they had found ways to work with it. It was familiar. They might even use plugins to improve the editing experience.
Now here was something new. A major change that upset existing workflows. It didn’t help that the first iteration still lacked some refinement.
Others, like me, switched to the new block editor early and found that it truly speeded up posting. Plus it really was easier to work with.
In this change WordPress gave us a choice: Adopt early or later, either is okay. They even told us we had several years before they’d shut down the old editor. The only choice that is not okay, is to never adopt.
Being aware of new developments and recognizing when they affect our WordPress websites
Years ago we designed websites for computer screens. The biggest arguments were about what size computer screen. Designers fretted about pixel-perfect alignment.
Those few people who insisted on visiting websites from their mobile phones were content with dumbed-down mobile versions of websites. But most website owners didn’t worry about mobile browsing.
Today 2/3 of all web browsing is from mobile devices. Google now bases their SEO ranking on how a website shows up on mobile devices. It’s no longer okay to have a dumbed-down website for mobile visitors. Or to ignore them by having a desktop-only website.
Yet I still regularly see websites that are desktop-only. Clearly some website owners haven’t gotten the message. They persist with websites that are not future-proofed. Gradually slipping into oblivion.A future-proofing mindset means paying attention to changes in the online world and recognizing when it’s the right time to adapt and adopt. Often when we do, we find that the new way is clearly better and we really would never want to go back to the old ways.A future-proofing mindset means paying attention to changes in the online world and recognizing when it’s the right time to adapt and adopt. Often when we do, we find that the new way is clearly better and we really would never want to go back to the old ways.
What we don’t want to happen is to one day find out that functionality we relied on has been obsoleted, turned off and now my website doesn’t work anymore. Which of course hurts the business relying on that website bringing in customers.
Fortunately, when a change is announced, there is often a planned a transition time until full implementation. We have time to learn how to master the new approach. We may even be able to approach a major change with a hybrid approach, combining the best of 2 worlds and takes some pressure off today while ensuring that we’ll be ready for the future.
Tips for developing a future-proofing mindset
Become friends with your website — it’s an integral part of your business.
Stay up-to-date with WordPress developments on the official Make WordPress blog.
Be curious and explore how changes in the online world can help your business grow.
Be open to change.
2. Future-Proofing the Technology of WordPress
Choose wisely, we must
It might be tempting to go for that brand-new website builder that has every bell-and-whistle imaginable. But will it be around for years to come?
WordPress has been with us for since 2003! All that time, updates and new versions have been released regularly.
However, WordPress is just one part of the puzzle. There are three main components we’ll need to consider:
Theme — controls what the website looks like and much of the functionality
Page Builder — makes design, layout and editing easier
Plugins — add specific functionalities and integrations
Together these components form the technical base of a website and must be regularly updated to ensure full functionality and keep the website safe and secure.
Let’s look how to future-proof each component of WordPress.
WordPress Core
WordPress started as a blogging solution. Then folks like me concluded that managing content for the entire website in a database would make life easier. It wasn’t long before WordPress grew into a great tool for powering entire websites.
If you could look at the very first version of WordPress core next to the current one, they would seem a world apart. Yet there has never once been a time when a new version was incompatible with older sites.
For example, in 2018 when WordPress released a new editing experience (block editor) for posts, they outlined a roadmap for several years, so we could all see where development was going. Nobody was being left behind. Yes, some features (like the old editor) will eventually be turned off, but there is ample time to upgrade.
For instance, once I started using the new block editor for my blogs, old posts just showed up in a classic block. For site visitors, nothing changed.
I can leave those classic block posts as is. Or turn them into blocks and get all the benefits of the new editor with one click.
That’s future-proofing at work.
In Spring 2022, WordPress took the next step by releasing full site editing. You can now use blocks to add and edit content anywhere on the website and do much layout and design that formerly could only happen through hands-on coding or in a page builder. Again, it’s your choice to start using this new feature right now or take some time to learn more about it.
This gradual roll-out of features and backward compatibility builds confidence that WordPress will continue to be a great website platform for years to come.
Tips for Future-Proofing WordPress Core
Stay up-to-date with WordPress developments on the official Make WordPress blog.
Be aware of the changes included in each new version of WordPress.
Embrace the block editor.
Themes
Once upon a time there were themes for just about every kind of site that could be imagined. They came with pre-made layouts and places to drop in content. You wanted to change the look of the website, you got a new theme.
Since the theme is at the heart of a website (2nd only to WordPress), we have to select carefully. If you switch to another theme, the entire design and layout of your website will go away. Yes, the content is still there, but you’ll have lots of work in the new theme to get things to show up where you want them to.
Fortunately, the days of those specialized, fill-in-the-blanks themes are gone. Today, a future-proof theme is really a framework that lets you create the site you want.
In 2021, I switched to using the Kadence Theme for all my website development work. It’s very lightweight and extremely customizable. You can start with a blank canvas. Or choose from a library of starter sites. Except you’re not limited to an entire starter site. Like one page? Pick that. How about just a row or an element of a starter design? Copy it to your own site and insert your content.
The result is a site that’s truly yours.
Kadence is built for block editing and comes with a library of blocks, letting you easily create even complex layouts. And customize them to your heart’s content.
In many ways, Kadence gave us full site editing with blocks before WordPress officially turned on the feature.
In fact, Kadence does a lot of things with blocks that I used to need a page builder for. That’s of course the ultimate promise of full site editing: Everything done with blocks and no need for page builders.
At the same time Kadence plays nice with page builders. Which means I can choose on a page by page basis to create with Kadence blocks or use a page builder. I have even built pages where part of the layout comes from a page builder and part from Kadence blocks or elements. Everything seamless to the website visitor.
Kadence is fairly new on the market, but is aggressively developed and I expect it to be around for a long time to come.
Tips for Future-Proofing Themes
Make sure your theme is being actively developed alongside the latest developments in WordPress core
Select/switch to a theme that is specifically ready for full site editing and block editing
Page Builders
Page builders have been with us for quite a while. They help us customize page design and layout without having to write code. Plus you can see the layout and design you’re creating as you go.
However, the future of WordPress is now full site editing, where you use blocks to build not just posts, but for content everywhere on the site. That means eventually, page builders won’t be needed.
How soon that day comes varies for each of us. There’s definitely a learning curve for full site editing. Because full site editing is new, it’s still rough around the edges. Controls can be confusing or lacking (meaning I’d have to add custom styling [CSS] or code to get the look I want).
For those reasons, the safe approach for now (in 2022) is to still use a page builder. Because we’re used to how they work.
It is, however, important to select the right page builder.
Some page builders are shortcode-based. Meaning if you were to turn off the page builder, there would be no content on the page. Just some shortcodes. Actual content is hidden inside the database and will stay there, unless you are a database geek and know how to extract it.
A better choice is a page builder that places actual content on the page, along with code needed for styling/layout. If you remove the page builder, everything is still on the page. While it won’t display as when the page builder was active, you can access the content and work with it.
All page builders add code to the website, increasing load time. But some page builders add a lot more code than others.
For future-proofing, select a page builder that is lightweight and that doesn’t rely on shortcodes for everything. Then content is still accessible if you were to remove the page builder one day. Or if that page builder were to become defunct.
Note that there is no direct migration path from page builder formatted content to full site editing. Or from one page builder to another page builder. But at least the content is still on the page.
My choice is BeaverBuilder. It adds less weight than many competitors and it doesn’t rely on shortcodes.
BeaverBuilder can also be used on a page by page basis. Meaning you only use it for pages where you need it. A website I recently built has 49 pages and about half use BeaverBuilder, while the others don’t (block editing). As a rule, I also don’t use the page builder at all for blog posts. Because block editing lets me handle content there with much less added code weight.
Tips for Future-Proofing Page Builders
Select a page builder that is light weight and that doesn’t rely on shortcodes for content placement. Then content is still accessible if the page builder is removed or becomes defunct.
To further future-proof your website, start now to learn how to build pages using blocks instead of a page builder. Remember, it’s a page-by-page choice.
Plugins
WordPress websites rely on plugins for a wide range of different purposes. Security, backup, adding specific functionalities, integrations with other services. Even page builders are plugins. And extended features of your theme could come in plugin form.
Plugins may be the hardest area to future-proof. Why? Because many plugin developers don’t publish roadmaps. And sometimes even plugins that have been around for a long time suddenly go away.
Fortunately, there are usually several options for plugins to provide a particular functionality. So we can switch to using an alternative.
Tips for Future-Proofing Plugins
On your website, make certain to update plugins regularly and remove any unused ones.
From time to time also review the plugins on your site and make sure you really still need them. Don’t let a plugin hang around just because it’s always been there.
Invest in premium plugins with active development and support.
Ready for the Future?
WordPress is a great platform to build your website on. One that has been with us for years and will be there for the long haul.
With a future-proofing mindset and care in selecting the tech, a WordPress website built today will still work next year or five years from now. Because there is a real path forward.
I have a couple websites originally built with WordPress in 2010. Everything about them has been updated multiple times. Today they run the latest version of WordPress. There was never a time that WordPress came out with a new version that didn’t include a way to upgrade older websites. Even when block editing came along, it didn’t mess anything up.
That’s how flexible and future-ready WordPress is. When applying best practices and keeping a future-focused mindset, we can rest assured that today’s website will be around for tomorrow and beyond.
Number of breaches in the last 12 months
Board members who recommend increases in IT and cybersecurity headcount
What roles are organizations looking for?
Organizations would pay for an employee to get a cybersecurity certification
Hiring from these populations is a top three challenge for organizations
Employees lack knowledge when it comes to cybersecurity awareness
Figure 1. Fortinet’s Security Fabric platform converges essential networking and security functions and consolidates security point products into a unified platform
