Skip to content

WordPress.com Marketplace, New Acquisitions, State of WordPress Security 🗞️ April 2022 WordPress News w/ CodeinWP

📆  This is the April 2022 edition of “This Month in WordPress with CodeinWP.” 

Hey, WordPress fans.

We are back with all the most important WordPress news from the last month. March was an eventful month, but primarily on the business side of WordPress.

While we did get a WordPress security and maintenance release in the form of WordPress 5.9.2, the most notable news deals with a new premium extension marketplace at WordPress.com, two interesting acquisitions in the WordPress space, and details on the WordPress security picture from 2021.

Let’s not keep you waiting – here’s our take on the WordPress news from March…

April 2022 WordPress News with CodeinWP

WordPress.com will expand its marketplace for premium extensions

In big news this month, Donna from WordPress.com outlined the vision for WordPress.com’s new premium theme and plugin marketplace.

Currently, WordPress.com is testing this marketplace by selling its own plugins. However, the eventual goal is to expand it so that developers can also list their own themes and plugins in the marketplace.

One of the biggest advantages of this marketplace is that it will be frictionless. WordPress.com already has the payment details for over two million users, and those users will be able to purchase premium extensions with just a few button clicks.

What’s more, users won’t need to manage license keys from a million different websites – they’ll have everything in just one spot.

For developers, getting access to that audience of two million users is also obviously going to be valuable.

Two notes here:

  1. I’m not aware of them having released any details on what commission WordPress.com will take in exchange for listing in the marketplace. That number will obviously play a big role in how happy (or unhappy) developers are.
  2. The marketplace seems like it will exclusively be for WordPress.com Business or eCommerce plan users for now. However, I think it’s conceivable that it could be expanded to self-hosted sites running Jetpack. I have not seen anything suggesting that – it just seems like a profitable long-term route to follow from my perspective.

While I think end users will really appreciate the convenience of an integrated marketplace like this, there is one thing that I think will annoy a lot of long-term WordPress users:

Subscriptions.

Based on the current implementation with Automattic’s own products, users will purchase extensions as either a monthly or yearly subscription, rather than the one-time purchase with optional renewal for support/updates that a lot of WordPress users are familiar with.

WordPress.com marketplace

DigitalOcean acquires CSS Tricks

Over the past couple of years, there have been a ton of acquisitions in the WordPress space. If you read our monthly news posts, you’ve probably seen that we’ve written about a lot of them. In fact, in the next section, I’m going to write about another WordPress acquisition.

I’m giving this acquisition its own section, though, because it’s one of the more surprising pickups that I’ve seen.

In March, DigitalOcean, the popular cloud hosting service, acquired CSS-Tricks, a popular blog about CSS and WordPress.

Why I find this acquisition interesting is that it’s a hosting service acquiring a content site, rather than acquiring a plugin or theme, as we’ve seen with Liquid Web’s many acquisitions.

This really demonstrates the value of content and visibility in search engines. Brands will acquire a site solely for the content and search engine reach, which isn’t something we’ve really seen in the past.

For another example of this, you can consider SEMrush’s recent January 2022 acquisition of Backlinko, one of the more popular SEO blogs.

While Backlinko does have some content products, the acquisition was primarily just to get access to Backlinko’s positions in Google.

Similarly, CSS-Tricks will expand DigitalOcean’s reach in the SERPs while also giving them access to a huge audience of web developers and designers who are potential DigitalOcean customers.

DigitalOcean acquires CSS Tricks

You may also be interested in:

Newfold Digital acquires YITH (makers of WooCommerce plugins)

In another big WordPress acquisition, Newfold Digital just acquired YITH, the development company behind over 100+ WooCommerce plugins (all branded with YITH in the name).

If you’re not familiar with Newfold Digital, it’s the reincarnation of Endurance International Group (EIG) and the parent company behind many of the biggest web hosting services in the world, including Bluehost, HostGator, and many others.

Newfold Digital also owns many products and services, such as Constant Contact. And in 2021, Newfold Digital made big news by acquiring Yoast SEO.

With the acquisition of YITH, we see Newfold Digital expanding even further into the WordPress plugin space.

However, I don’t think this acquisition is just about selling plugins to people.

Instead, I think this is about web hosting. More specifically, the trend toward selling dedicated WooCommerce hosting plans that come bundled with plugins so that people already have everything they need to create a functioning store.

Basically, these hosts are trying to create a more Shopify-like WooCommerce experience by offering a completely managed setup process.

One of the biggest existing examples here is GoDaddy’s WooCommerce hosting plans, which come bundled with a bunch of official WooCommerce extensions at no extra cost. GoDaddy also acquired SkyVerge so that GoDaddy could bundle those plugins in as well.

Liquid Web is also another popular option, as their managed WooCommerce hosting plans come with a number of bundled tools. Liquid Web has also been following a similar strategy and acquiring a lot of WordPress plugins that they can bundle into their services, such as iThemes, Restrict Content Pro, The Events Calendar, Kadence, and more.

Bluehost has already added some bundled extensions to the Bluehost WooCommerce hosting plans. But I would imagine that we’ll be seeing Bluehost customers getting free access to all the YITH WooCommerce plugins sometime soon.

On a broader scale, I also think we’ll continue to see this trend grow, both in the WooCommerce space and in WordPress hosting in general.

Web hosts are looking for ways to differentiate themselves and create more “all in one” WordPress experiences, and these types of acquisitions help them do it.

Note – Newfold Digital says they have no plans to remove any plugins from WordPress.org or change the experience for existing YITH customers. So while I do think Newfold Digital will be looking to integrate YITH with their other brands, I don’t think site owners need to worry about anything right now.

In smaller news, there were also a couple of other notable plugin acquisitions from last month:

Newfold Digital acquires YITH

Patchstack publishes its State of WordPress Security paper

If you’re not familiar with Patchstack, it’s a popular WordPress security service that was previously known as WebARX before a 2021 rebranding.

One of Patchstack’s key functions is detecting and protecting against vulnerabilities in WordPress plugins, which are some of the most common security issues for WordPress sites.

As part of this function, Patchstack has a lot of data and insights on WordPress vulnerabilities, which led them to publish a State of WordPress Security paper.

This paper has some interesting insights…

The headline insight is that Patchstack detected a 150% increase in plugin vulnerabilities in 2021 vs 2020. In 2020, they detected ~600+ vulnerabilities, while they detected ~1,500+ vulnerabilities in 2021.

That doesn’t necessarily mean the increase was actually that large. For example, maybe Patchstack just got better at detecting vulnerabilities. However, the difference is so large that it does seem likely there was an increase in security events.

The paper also has some other interesting data:

  • 91.38% of the vulnerabilities were in free plugins while only 8.62% were in premium plugins, which is a pretty astounding difference. There’s no inherent difference between free vs paid plugins when it comes to security, but premium plugin developers do have more of an incentive to quickly fix and detect issues. Premium plugin developers can also spend more time securing a plugin because they earn an income from it.
  • As compared to 2021, WordPress users are using fewer plugins, but those plugins were more likely to be out-of-date. I’m not sure what the explanation is or if it’s just noise, but I still found it interesting.
  • Malicious actors typically go after easy-to-exploit vulnerabilities rather than more complex vulnerabilities. Basically, they’d rather go after low-hanging fruit, which makes sense if your goal is to exploit as many sites as possible.
  • Malicious actors are still regularly targeting “old” vulnerabilities – even those that are a few years old. This is why it’s essential to update your plugins, as malicious actors won’t give up just because the exploit isn’t cutting-edge.

If you want to see all of the data and insights, you can read Patchstack’s full report by clicking here.

The WordPress Performance Team launches a feature beta plugin

This isn’t big news, but it is a cool little tidbit if you’re interested in WordPress and performance.

To help improve WordPress’ default performance optimization, the Performance Team just released its own Performance Lab plugin at WordPress.org. This plugin is a testing ground for performance-focused features that will eventually be merged into the core.

It’s the same idea as the standalone Gutenberg plugin, which provides a testing ground for new features that will eventually be merged into the core editor.

Because these features are still in testing, you probably won’t want to use this plugin on a live website. However, it is still neat because it gives you a peek at what’s coming and how the new features might work.

Currently, the Performance Lab plugin adds automatic WebP conversion for JPEG uploads (if the server supports it).

It also adds a number of performance-focused checks and audits to the Site Health dashboard:

  • WebP support check.
  • Persistent object cache check.
  • Option to audit enqueued assets in Site Health (CSS and JavaScript).
  • Option to audit autoloaded options in Site Health.

I think the Site Health-related checks will be especially useful, as they should make it easier for people to audit their site’s performance without requiring special technical expertise.

As for the WebP improvements, the Performance Team also proposed enabling WebP by default in the eventual WordPress 6.0 release.

That sums up our April 2022 WordPress news roundup. Anything we missed?

Don’t forget to join our crash course on speeding up your WordPress site. Learn more below:

 

Layout and presentation by Karol K.

Yay! 🎉 You made it to the end of the article!
Colin Newcomer
Share:

0 Comments
Inline Feedbacks
View all comments

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!

0
Would love your thoughts, please comment.x