For the 92nd issue of ProcessWire Weekly, we've got a whole lot of news to share: core updates, ProDrafts timeline updates, security tips and tricks, a new module from Bea Dav, and a brand new site of the week. Read on!
In this issue, we've included a little write-up about the things we've been doing in order to guarantee the security of ProcessWire sites: the official security documentation, the security section of the forum, etc. We've also got some pretty neat new core updates, a new module by Bea Dav, and a brand new site of the week.
Thanks for being here with us, and hope you enjoy our weekly news. If there's anything we could improve, please let us know; our feedback form is always open, and we're more than happy to hear what you folks have to say!
Latest core updates: smarter page tree and updated timeline for the ProDrafts module
Ryan's latest post at the processwire.com blog describes the latest core updates and sheds some new light on the timeline of the upcoming Pro module he's been working on for a while now – a drafts and versioning solution known simply as ProDrafts.
The core updates focus on improving the basic functionality of the Page Tree:
- Page Tree now remembers which branches you've opened even if you navigate to other pages and come back. This works for both pages and pagination, making it a very handy addition indeed.
- Opening multiple levels of Page Tree now happens pretty much instantly. This will result in a visible speed increase especially when compared to the feature mentioned above.
Regarding ProDrafts, the big news is that the first beta version will most likely be out by next week. The module will at first focus on the drafts support and the multiple versions support will be added later on. Anyway, we should have a lot more to tell by next week!
As always, there's an in-depth version of the updates mentioned here available from the processwire.com blog. If you're interested in the ProDrafts module specifically, Ryan's post from last September is a good place to start.
A few words about security
Security has always been a top priority for ProcessWire, and we're proud to say that it shows. While no one can promise that there will never be any vulnerabilities – and if anyone does, you probably shouldn't take them very seriously – there are no known vulnerabilities in our core system. Not a single one.
While keeping the core secure is our responsibility, ProcessWire is a tool for developing new sites and applications. This means that the developers working with it should also be aware of the security implications of their actions. The most important thing is that whenever you write code of your own, you should try to make it as secure as possible.
Our security resources can make your life a lot easier
We're fully aware that security is a broad and complicated topic and not everyone who develops sites with ProcessWire can be an expert on it. This is why we have compiled a collection of resources, available from the security section of our documentation. We would strongly urge our users to familiarize themselves with these.
Our security documentation is dedicated to topics related to ProcessWire development and hosting: file permissions, securing the admin, web hosting security, migrating sites, third party modules, template files, and so on. We are open to suggestions, so if there's something we haven't yet covered that you'd like to hear more about, let us know.
Discussing security topics on the ProcessWire support forum
Additionally, we have a relatively new area of our support forum dedicated to security-related topics. Feel free to post any questions and suggestions you might have there. If you find a great article covering security-related topics, we'd love to hear about it too.
While our support forum is, of course, dedicated to ProcessWire, in the security section there's plenty of room for wider discussion. For an example, just this week we've been discussing remote code execution attacks on the WordPress platform, and how those might relate to the larger context of web applications.
Please let us know if there's anything we should add to our security documentation or if you can think of anything we could do in order to make ProcessWire even more secure. Thanks in advance, and may your sites remain safe and sound!
Newsletter Subscription is the latest module released by Bea Dav
Newsletter Subscription is the latest module released by Bea Dav. As the name of the module suggests, it's core function is subscribing users to – and unsubscribing them from – a newsletter mailing list managed with ProcessWire.
While an in-depth summary of the module and it's features can be found from the Newsletter Subscription GitHub repository, here's a summary of the key features:
- The module supports double opt-in for subscriptions, which allows you to make sure that users are really whom they claim to be.
- There are two separate unsubscription methods: a form embedded on the site and a link that can be included on the newsletter.
- Subscribed users are added as regular users with the "newsletter" role, making them extremely flexible for various needs.
Thanks to Bea for sharing this module with us – this module can no doubt save quite a bit of time compared to building one's own custom solution from the scratch!
Site of the week: DESIGN À POINT, a design studio based in Stuttgart, Germany
Our latest site of the week belongs to DESIGN À POINT, a design studio based in Stuttgart, Germany. Branding, print and web design, software development – whatever it is, they probably have it in their portfolio.
While it's one of the most recent additions to our sites directory, their site has already gained quite a few "likes". That's not much of a surprise considering what a stunning site it is: there's no shortage of great design, interesting effects, wonderful typography and responsive awesomeness in there.
While there are few details we can tell about the backend of the site, we can say that the site is very fast and a PageSpeed Insights desktop score of 94/100 is a proof that they've done something right. On the front-end side, the site features a wide range of JavaScript libraries, ranging from jQuery and modernizr to FastClick and VelocityJS.
For more details about DESIGN À POINT, you should check out their site. Some work samples can be found from Behance and there's also the Facebook page. Thanks to folks at DESIGN À POINT for sharing this awesome site with us!
Stay tuned for our next issue
That's it for the 92nd issue of ProcessWire Weekly. We'll be back with more news, updates, and content Saturday, 20th of February. As always, ProcessWire newsletter subscribers will get our updates a few days later.
Thanks for staying with us, once again. Hope you've had a great and productive week, and don't forget to check out the ProcessWire forums for more interesting topics. Until next week, happy hacking with ProcessWire!
Mira & Alex on Thursday 18th of February 2016 10:09 am
Thanks a lot for the commendation! We are excited about realizing further projects with ProcessWire!