Skip to content Marketplace, New Acquisitions, State of WordPress Security πŸ—žοΈ April 2022 WordPress News w/ CodeinWP

📆  This is the April 2022 edition of “This Month in WordPress with CodeinWP.” 

Hey, WordPress fans.

We are back with all the most important WordPress news from the last month. March was an eventful month, but primarily on the business side of WordPress.

While we did get a WordPress security and maintenance release in the form of WordPress 5.9.2, the most notable news deals with a new premium extension marketplace at, two interesting acquisitions in the WordPress space, and details on the WordPress security picture from 2021.

Let’s not keep you waiting – here’s our take on the WordPress news from March…

April 2022 WordPress News with CodeinWP will expand its marketplace for premium extensions

In big news this month, Donna from outlined the vision for’s new premium theme and plugin marketplace.

Currently, is testing this marketplace by selling its own plugins. However, the eventual goal is to expand it so that developers can also list their own themes and plugins in the marketplace.

One of the biggest advantages of this marketplace is that it will be frictionless. already has the payment details for over two million users, and those users will be able to purchase premium extensions with just a few button clicks.

What’s more, users won’t need to manage license keys from a million different websites – they’ll have everything in just one spot.

For developers, getting access to that audience of two million users is also obviously going to be valuable.

Two notes here:

  1. I’m not aware of them having released any details on what commission will take in exchange for listing in the marketplace. That number will obviously play a big role in how happy (or unhappy) developers are.
  2. The marketplace seems like it will exclusively be for Business or eCommerce plan users for now. However, I think it’s conceivable that it could be expanded to self-hosted sites running Jetpack. I have not seen anything suggesting that – it just seems like a profitable long-term route to follow from my perspective.

While I think end users will really appreciate the convenience of an integrated marketplace like this, there is one thing that I think will annoy a lot of long-term WordPress users:


Based on the current implementation with Automattic’s own products, users will purchase extensions as either a monthly or yearly subscription, rather than the one-time purchase with optional renewal for support/updates that a lot of WordPress users are familiar with. marketplace

DigitalOcean acquires CSS Tricks

Over the past couple of years, there have been a ton of acquisitions in the WordPress space. If you read our monthly news posts, you’ve probably seen that we’ve written about a lot of them. In fact, in the next section, I’m going to write about another WordPress acquisition.

I’m giving this acquisition its own section, though, because it’s one of the more surprising pickups that I’ve seen.

In March, DigitalOcean, the popular cloud hosting service, acquired CSS-Tricks, a popular blog about CSS and WordPress.

Why I find this acquisition interesting is that it’s a hosting service acquiring a content site, rather than acquiring a plugin or theme, as we’ve seen with Liquid Web’s many acquisitions.

This really demonstrates the value of content and visibility in search engines. Brands will acquire a site solely for the content and search engine reach, which isn’t something we’ve really seen in the past.

For another example of this, you can consider SEMrush’s recent January 2022 acquisition of Backlinko, one of the more popular SEO blogs.

While Backlinko does have some content products, the acquisition was primarily just to get access to Backlinko’s positions in Google.

Similarly, CSS-Tricks will expand DigitalOcean’s reach in the SERPs while also giving them access to a huge audience of web developers and designers who are potential DigitalOcean customers.

DigitalOcean acquires CSS Tricks

You may also be interested in:

Newfold Digital acquires YITH (makers of WooCommerce plugins)

In another big WordPress acquisition, Newfold Digital just acquired YITH, the development company behind over 100+ WooCommerce plugins (all branded with YITH in the name).

If you’re not familiar with Newfold Digital, it’s the reincarnation of Endurance International Group (EIG) and the parent company behind many of the biggest web hosting services in the world, including Bluehost, HostGator, and many others.

Newfold Digital also owns many products and services, such as Constant Contact. And in 2021, Newfold Digital made big news by acquiring Yoast SEO.

With the acquisition of YITH, we see Newfold Digital expanding even further into the WordPress plugin space.

However, I don’t think this acquisition is just about selling plugins to people.

Instead, I think this is about web hosting. More specifically, the trend toward selling dedicated WooCommerce hosting plans that come bundled with plugins so that people already have everything they need to create a functioning store.

Basically, these hosts are trying to create a more Shopify-like WooCommerce experience by offering a completely managed setup process.

One of the biggest existing examples here is GoDaddy’s WooCommerce hosting plans, which come bundled with a bunch of official WooCommerce extensions at no extra cost. GoDaddy also acquired SkyVerge so that GoDaddy could bundle those plugins in as well.

Liquid Web is also another popular option, as their managed WooCommerce hosting plans come with a number of bundled tools. Liquid Web has also been following a similar strategy and acquiring a lot of WordPress plugins that they can bundle into their services, such as iThemes, Restrict Content Pro, The Events Calendar, Kadence, and more.

Bluehost has already added some bundled extensions to the Bluehost WooCommerce hosting plans. But I would imagine that we’ll be seeing Bluehost customers getting free access to all the YITH WooCommerce plugins sometime soon.

On a broader scale, I also think we’ll continue to see this trend grow, both in the WooCommerce space and in WordPress hosting in general.

Web hosts are looking for ways to differentiate themselves and create more “all in one” WordPress experiences, and these types of acquisitions help them do it.

Note – Newfold Digital says they have no plans to remove any plugins from or change the experience for existing YITH customers. So while I do think Newfold Digital will be looking to integrate YITH with their other brands, I don’t think site owners need to worry about anything right now.

In smaller news, there were also a couple of other notable plugin acquisitions from last month:

Newfold Digital acquires YITH

Patchstack publishes its State of WordPress Security paper

If you’re not familiar with Patchstack, it’s a popular WordPress security service that was previously known as WebARX before a 2021 rebranding.

One of Patchstack’s key functions is detecting and protecting against vulnerabilities in WordPress plugins, which are some of the most common security issues for WordPress sites.

As part of this function, Patchstack has a lot of data and insights on WordPress vulnerabilities, which led them to publish a State of WordPress Security paper.

This paper has some interesting insights…

The headline insight is that Patchstack detected a 150% increase in plugin vulnerabilities in 2021 vs 2020. In 2020, they detected ~600+ vulnerabilities, while they detected ~1,500+ vulnerabilities in 2021.

That doesn’t necessarily mean the increase was actually that large. For example, maybe Patchstack just got better at detecting vulnerabilities. However, the difference is so large that it does seem likely there was an increase in security events.

The paper also has some other interesting data:

  • 91.38% of the vulnerabilities were in free plugins while only 8.62% were in premium plugins, which is a pretty astounding difference. There’s no inherent difference between free vs paid plugins when it comes to security, but premium plugin developers do have more of an incentive to quickly fix and detect issues. Premium plugin developers can also spend more time securing a plugin because they earn an income from it.
  • As compared to 2021, WordPress users are using fewer plugins, but those plugins were more likely to be out-of-date. I’m not sure what the explanation is or if it’s just noise, but I still found it interesting.
  • Malicious actors typically go after easy-to-exploit vulnerabilities rather than more complex vulnerabilities. Basically, they’d rather go after low-hanging fruit, which makes sense if your goal is to exploit as many sites as possible.
  • Malicious actors are still regularly targeting “old” vulnerabilities – even those that are a few years old. This is why it’s essential to update your plugins, as malicious actors won’t give up just because the exploit isn’t cutting-edge.

If you want to see all of the data and insights, you can read Patchstack’s full report by clicking here.

The WordPress Performance Team launches a feature beta plugin

This isn’t big news, but it is a cool little tidbit if you’re interested in WordPress and performance.

To help improve WordPress’ default performance optimization, the Performance Team just released its own Performance Lab plugin at This plugin is a testing ground for performance-focused features that will eventually be merged into the core.

It’s the same idea as the standalone Gutenberg plugin, which provides a testing ground for new features that will eventually be merged into the core editor.

Because these features are still in testing, you probably won’t want to use this plugin on a live website. However, it is still neat because it gives you a peek at what’s coming and how the new features might work.

Currently, the Performance Lab plugin adds automatic WebP conversion for JPEG uploads (if the server supports it).

It also adds a number of performance-focused checks and audits to the Site Health dashboard:

  • WebP support check.
  • Persistent object cache check.
  • Option to audit enqueued assets in Site Health (CSS and JavaScript).
  • Option to audit autoloaded options in Site Health.

I think the Site Health-related checks will be especially useful, as they should make it easier for people to audit their site’s performance without requiring special technical expertise.

As for the WebP improvements, the Performance Team also proposed enabling WebP by default in the eventual WordPress 6.0 release.

That sums up our April 2022 WordPress news roundup. Anything we missed?

Don’t forget to join our crash course on speeding up your WordPress site. Learn more below:


Layout and presentation by Karol K.

Yay! πŸŽ‰ You made it to the end of the article!
Colin Newcomer

Inline Feedbacks
View all comments

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!

Would love your thoughts, please comment.x

Most Searched Articles

Best JavaScript Libraries and Frameworks: Try These 14 in 2024

In this post, we look at the best JavaScript libraries and frameworks to try out this year. Why? Well, with JavaScript being available in every web browser, this makes it the most accessible programming language of ...

20 Best Free WordPress Themes for 2024 (Responsive, Mobile-Ready, Beautiful)

If you're looking for only the best free WordPress themes in the market for this year, then you're in the right place. We have more than enough such themes for you right ...

12 Best WordPress Hosting Providers of 2024 Compared and Tested

Looking for the best WordPress hosting that you can actually afford? We did the testing for you. Here are 10+ best hosts on the market ...

Handpicked Articles

How to Make a WordPress Website: Ultimate Guide for All Users – Beginners, Intermediate, Advanced

Many people wonder how to make a WordPress website. They’ve heard about WordPress, its incredible popularity, excellent features and designs, and now they want to join the pack and build a WordPress website of their own. So, where does one get ...

How to Start an Ecommerce Business: Ultimate Guide for 2024

Is this going to be the year you learn how to start an eCommerce business from scratch? You’re certainly in the right place! This guide will give you a roadmap to getting from 0 to a fully functional eCommerce business. ...