July MainWP Roundup: Supply Chain Attack, Accessibility for government websites and WordCamp Canada

This month’s roundup examines the details of the Supply Chain Attack and its implications for WordPress security. We also explore the growing emphasis on accessibility for government websites, highlighting both the current shortcomings and promising initiatives to address them. 

In this month’s MainWP Roundup, we take a look at the Supply Chain Attack and the plugins it affected. We also explore accessibility for government websites and a new theme which should help, CivicPress. Finally, we cover upcoming WordPress events, WordCamp Canada, and the Stellar Spark Conference. Are you ready? 

Let’s ride.

Supply Chain Attack

Read Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins

Supply Chain Attack seems like an usual name for a malicious code to attack WordPress plugins. Nevertheless, late in June, that’s what happened, and it affected 5 plugins:

• Social Warfare
• Blaze Widget
• Wrapper Link Elements
• Contact Form 7 Multi-Step Addon
• Simply Show Hooks.

According to the article at Wordfence, it creates an admin account, sending info back to the hijacker. Additionally, it injects JavaScript in the footer adding SEO spam. 

Currently, all five plugins are shut down by the repository. Did this vulnerability affect any of your websites? 

Government and Accessibility

Read Making Local Government Websites Accessible in the USA – The WP Minute

Eric Karkovack brings up this issue in the article at The WP Minute. 

Apparently, the US is close to making accessibility for government websites more accessible. After all, it is covered under the Americans with Disabilities Act (ADA). However, government sites seem to be behind the rest of the world. 

A quick check of my own county’s website yielded a number of errors and alerts including 35 for contrast errors. My sense is that a coming storm will arrive for government sites. 

In his article, Eric interviews Chris Hinds from Equalize Digital.

One thing Hinds mentioned stood out to me:

“At Equalize Digital, we advise our customers to prioritize making as many things as humanly possible into web pages and moving away from PDFs and spreadsheets. That is unless it is strictly necessary. Assuming that an organization’s website theme and content are accessible, transitioning all of that information into a web format does two things: One, it saves them a ton of headaches and resources trying to maintain a massive set of accessible documents. Two, it carries a huge SEO benefit as all of that content can now be more easily indexed and is inherently more discoverable.”

I have been frustrated with the number of restaurants who use PDF for their menus. It is a horrible experience on a mobile phone.

I have other issues with restaurant websites too, and some have even been sued for accessibility issues and lost. 

I continue to believe that accessibility has a way to go, but I would have thought government websites would do a better job of that based on laws.

WordPress VIP and Lone Rock Point Team Up to Modernize Government Websites

Read CivicPress: WordPress Theme for Government

CivicPress is a new theme targeting government websites, like the ones we mentioned above, in collaboration with WPVIP.

“To support these efforts, we’re thrilled to be collaborating with Lone Rock Point to introduce CivicPress—an advanced WordPress theme custom built to meet the unique needs and requirements of government websites.”

A product of Lone Rock Point, it was created to handle specific issues for government websites.

It seems as if CivicPress helps integrate with various systems,

“To help simplify compliance, CivicPress is compatible with various government systems, including search.gov and the U.S. Digital Analytics Program (DAP).”

Since it’s a collaborative effort with WPVIP, I am not sure if it can be used outside that hosting environment. 

Upcoming WordPress Events

Oh Canada! WordCamp Canada. July 11-13.

WordCamp Canada is coming up this coming week. The camp starts on the 11th with Contributor D’eh and Intro to WordPress day.

Tickets are $75 and the location is Ottawa, ON Canada. 

MainWP’s Marc Benzakein will be presenting “The Problem(s) with WordPress (not a rant session)” on July 12 at 1 pm Central. 

I believe you will see a few members of the MainWP community there. Make sure to let Marc of Dennis know if you are going to be there.

Find your spark!

StellarWP is presenting a free virtual event called Stellar Spark Conference. The event takes place on July 19, 2024.

The event includes a wide range of speakers with a wide range of topics, including Josepha Hayden Chomphosy, Executive Director, WordPress project. 

See the schedule here.

Wrapping it up

Are you going to a WordCamp this year? Have you already been? Let us know what you learned or who you connected with in the MainWP Discord or the MainWP Users Facebook Group.