WordPress Adds Emoji 13.1 Support

In WordPress 5.8, currently in beta and launching for everyone in July, adds support for Emoji 13.1!

As a quick refresher, WordPress has a built-in emoji support detection system in place that checks to see if your site visitor’s browser can support the latest emoji. If they are not able to see the latest emoji, we will automatically replace emoji characters with emoji images.

This allows authors to use any emoji character they wish and ensure that everyone can see them. Without this, site visitors would see those little boxes with an X or instead of seeing a transformed emoji (like an female astronaut, they would see an astronaut with the female symbol next to it… which isn’t great).

What’s in Emoji 13.1? Check out Emojipedia’s rundown of 13.1’s changes for Twemoji—the Twitter emoji design that we use within WordPress.

Some of the hightlights include being able to express bending a broken heart ❤️‍🩹 or show off your heart is aflame ❤️‍🔥 (also perfect for talking about the Sacred Heart, heh). Want to stay a little hidden in the clouds? Me too. 😶‍🌫️

The bearded person emoji now supports a whole range of gender, skin tone, and hair color. Lastly, the couple and kiss combination emoji have a wide range of options now with various skin tones, genders. Before, there were pretty limited options so you couldn’t really express a couple or kiss that matched you unless you happened to fit one of existing combinations. Now, I can send my wife an emoji that better displays us 👩🏽‍❤️‍👨🏻

WordPress’ goal is to enable you to express yourself however you wish, including through emoji without making you feel lightheaded 😵‍💫!

Automatic Updates in WordPress

This week, the topic of automatic updates in WordPress came up. Here’s a bit of a guide on how it all works, how to disable them, and so forth.

Automatic Updates?

First, “automatic” is a very problematic term given the history, so let’s define terms a bit.

In The Beginning…

When WordPress first came out, whenever you wanted to update to the next version of things, you had to manually download and install the update. This changed in WordPress 2.5 (March 2008) with, what was often referred to as, “automatic updates”. This post isn’t talking about these “one-click updates“.

The Humanless Era Begins For Minor Updates & Developers

The era of “background updates“, those updates that are possible without human interaction, began in WordPress 3.7.

WordPress 3.7 (October 2013) was billed as a very developer-heavy release. There weren’t really any splashy features—background updates, improved password meter, improved search. Under the hood, this release laid the groundwork for a ton of stuff.

The most visible impact of 3.7, at the time, in regards to updates was that now WordPress could update itself in the background and would start doing so for maintenance releases (e.g. 3.7 to 3.7.1 to 3.7.2).

In addition to the ability to update Core itself, the underlying guts for themes or plugins to background update were in place. There was no user interface for this—had to add a bit of code to activate.

The guts that allowed for plugin background updates also allowed for “background security updates” or “forced updates”. More on this in a bit.

Humanless Reaches The Masses

By WordPress 5.6 (December 2020), the underlying guts had seen various improvements over the years and now the ability to modify background updates expanded to everyone.

WordPress 5.6 included the user interface to enable site owners to indicate individual plugins could background update or even WordPress itself with major updates.

Generally speaking, this was adding UI to the existing framework, but the actual process is the same.

Summary of Terms

In short, “automatic” updates could refer a few different things:

  • One-Click Updates, with the wp-admin ability to upgrade, added in WP 2.5.
  • Background Updates added in WP 3.7 with expanded UI added in 5.6.
  • Forced Updates also added in 3.7 with no UI.

A Special Note About Forced Updates

What Is A Forced Update?

Forced Updates aren’t really a different thing than Background Updates. When a site checks for updates, it informs the API of the current version, the version of WordPress, and the version of PHP running on the site. The API then responds with what upgrade that site is being offered. If you’re running a modern version of WP and PHP, usually, it is the latest stable version of the plugin.

If you’re running an older version of PHP or WordPress that is older than the minimum supported version for the latest version of the plugin, it won’t offer you an upgrade at all.

For a Forced Update, the API responds a little differently. First, if you’re on an older version, it will only offer you the immediate patch for the security issue. For example, if Cool Plugin 2.0 is the latest version and you’re running Cool Plugin 1.5, the API will see that and respond with Cool Plugin 1.5.1 for your update (as opposed to 2.0) and mark it as a forced update (or autoupdate in the response). The overall mechanism is the same for regular upgrade offerings and a forced upgrade offering.

How Does An Update Become Forced?

Jetpack is one of the most installed plugin in the WordPress ecosystem and, as such, anytime there is a potential security issue discovered, it’s a Big Deal™ by way of the number of sites potentially impacted. We take that responsibility seriously, so we’ve had three “Forced Updates” since this became possible in 2013.

The process has been we discover an issue. This is often from our internal security folks trying to find issues or from a responsible person disclosing to us via our HackerOne bounty program (yes, we pay people who find security issues and report them directly to us).

Once we validate the proof of concept and confirm there is an issue, we determine the severity and the scope of the issue. How bad is it and how many people could it impact? At the same time, we determine the smallest possible solution to mitigate the issue. Generally, this is not the time to do a whole-hog refactor or something.

With all that information in place, if we think the issue is potentially serious, we will contact the WordPress Plugins Team. These folks, none of whom work for Automattic, can help advise us on next steps.

If they concur the issue is serious, they advise on if the fix should be backported to older versions or not. In such a case, there are some very important and firm guidelines:

  • To the extent feasible, we need to fix everyone possible. If the problem exists in five versions (e.g. 1.1, 1.2, 1.3, 1.4, 1.5), then we should provide patched versions for each of those versions.
  • The updated versions can only contain the smallest change possible to mitigate the issue. This is not a time to fix other bugs, add features, or anything. It is exclusively to fix the issue discussed.

After that, we go back and fix everything and prepare releases.

When everything is ready, we check-in the new versions to the plugins repo and the WordPress Meta Team updates the API to give the modified response for these versions.

Disclaimer: I suppose I could be considered on the Meta team since I help maintain parts of WordPress.org. I don’t have the authorization nor the access rights to modify the API.

How To Control These Updates?

One-Click Updates

If you want to really lock down your site and disallow, basically, everything, you can do that with a single line in your wp-config.php file:

define( 'DISALLOW_FILE_MODS', true );

This will disable all updates—background, one-click, or manual. You will not be able to install new plugins or themes. It’ll actually disable the Upgrader completely to the point that you won’t be able to see pending upgrades.

I do not suggest using this unless you have extremely specific needs and have the resources to ensure your site is up to date manually.

A common use of this, though, is to mark your production site with DISALLOW_FILE_MODS while running a staging site without it. You can make changes to the staging site, then deploy them to production when you’re ready.

Background Updates

There are a few different ways to control Background Updates.

Via UI

Via the wp-admin user interface, you can control WordPress Core updates via the Dashboard->Updates page.

For plugins, visit Plugins->Installed Plugins and select “Enable auto-updates” option for each individual plugin you’d like to background update.

For themes, visit Appearance->Themes, then choose “Theme Details” for each theme you’d like to background update. On the details page that opens, you’ll see an option to enable updates under the title and author.

The UI options have no effect on Forced Updates.

The UI options have no effect on Forced Updates. You can think of this as replacing the need for One-Click Updates.

Via Code

The DISALLOW_FILE_MODS constant mentioned above will still work, but you have a lot more granular control too.

For the sake of being complete, if your server’s user does not have permission to access the file system or you’re on a version-controlled setup, background updates won’t work. For Core updates, you’ll get an e-mail about them.

SegmentMethodPossible ValuesNotes
AllConstant: AUTOMATIC_UPDATER_DISABLEDbooleanFalse also disables update notification e-mails for Core.
AllFilter:
automatic_updater_disabled
boolean

Default: Value of AUTOMATIC_UPDATER_DISABLED
False will disable notifications too. Overrides the constant above. The below values do not override this. This would still allow UI updates without allowing any background updates. See below the table, though, for an alternative.
CoreConstant: WP_AUTO_UPDATE_COREfalse (bool) – No background updates for Core
minor – Only security/maintenance updates for Core
true (bool) or beta, rc, development, branch-development – All updates allowed.
Filters can still override this behavior.
CoreFilter: allow_dev_auto_core_updatesboolean

Default: False unless WP_AUTO_UPDATE_CORE is set to allow all updates.
If the site is currently on a dev version (alpha/beta), should it background update Core.

3.7-alpha-2500->3.7-alpha-25678->3.7-beta1, etc.
CoreFilter:
allow_minor_auto_core_updates
boolean

Default: True unless WP_AUTO_UPDATE_CORE is false.
3.7.0->3.7.1->3.7.2
CoreFilter:
allow_major_auto_core_updates
boolean

Default: False, unless WP_AUTO_UPDATE is set to allow all updates.
3.7.0->3.8.0->3.9.1
ThemesFilter:
themes_auto_updates_enabled
boolean

Default: Generally true, unless the automatic_updater_disabled constant/filter are false.
This is more the themes system being enabled. This doesn’t mean it will upgrade individual plugins. This can be overridden by Forced Updates.
PluginsFilter:
plugins_auto_updates_enabled
boolean

Default: Default: Generally true, unless the automatic_updater_disabled constant/filter are false.
This is more the plugins system being enabled. This doesn’t mean it will upgrade individual plugins. This can be overridden by Forced Updates.
Plugins/ThemesFilters against the auto_update_themes and auto_update_plugins optionsIndividual plugin and theme background update settings are stored in these options. If you wanted a confusing experience, you could filter these options. I wouldn’t personally.
This can be overridden by Forced Updates.
———–Important Note!Everything above allowing a background update can be overridden by the the API to disable a background update.I’m not sure how/if this has been used, but it is possible. I would guess this is a way that WordPress.org can throttle the rate of downloads by marking something as disable_autoupdate for a percentage of sites. Just a guess.
AllFilters:
auto_update_core
auto_update_plugin
auto_update_theme
auto_update_translation
booleanThese filters also pass $item which is the upgrade object response from the API. You can use these filters to more selectively control updates via code. Want to allow only plugins whose slug begins with a, this is your filter. Or a more realistic setup would be to allow background updates only from a select allow list.

As you can see, there is a lot of flexibility for site owners who wish to have a very specific background update solution. While Forced Updates are given a lot of preference, you can still disable them via the auto_update_{$type} filters.

One idea, if you’re concerned about an autoupdate, but want to be aware, is to hook into those filters and if $item->autoupdate is true, send you an e-mail, before returning false. That way you’d know you’re missing the update but you can completely control when your site’s code is modified.

When do these updates happen?

Generally, every 12 hours. There are wp_update_plugins, wp_version_check and wp_update_themes cron events that are set to run twice daily. There’s not a set time—on every page load, WordPress checks to see if the check is scheduled. If it isn’t, it schedules it for immediately and then every 12 hours thereafter.

One more note about Jetpack

While I’m here, before Core added the UI for background updates, Jetpack had one that was accessible via WordPress.com for connected sites. For while there, this system did not use the same filters as above. With WordPress 5.6 bring a renewed focus to background updates, we modified our system to use the same options and filters as Core’s. The above should all still work the same for any autoupdates selected via the WordPress.com interface for connected Jetpack sites.

I hope this help explains things a bit more with a bit more specificity than a lot of the conversations around “automatic updates” .

Testing the Full Site Editor

Full site editing is coming to WordPress soon, activated when using a theme that supports it.

I’m going to mess around with it, so switched my theme over to a blocked-version of Twenty Twenty One Armando.

It’s probably a bit of a mess because I’m not trying to make sure it’s pretty at this point, just wanting to get my hands dirty. Hope you enjoy my little sandbox.

If I Were A Bishop During COVID

In a pretend world, if I was the abbot of the territorial abbey of Krafton (known by the locals as Krafton Abbey) and had the responsibility for a group of the faithful, as a bishop does for his diocese, I would write a letter like this to them.

Pʀᴀɪsᴇ ʙᴇ ᴛᴏ Jᴇsᴜs Cʜʀɪsᴛ…

Dear sisters and brothers!

When Our Savior walked amongst us, He healed the sick and instructed us to care for the sick as well. During the last 14 months, we have not only been asked to care for the sick but to help take care of the healthy, to ensure that we nor those amongst us get sick as well.

It has been a long road.

This has been a difficult and trying time for our Diocese, our Church, our cities, counties, state, country, and the world. I, first, wish to thank you for the extraordinary efforts we have seen since the beginning of this pandemic. We have completely transformed our day-to-day life with no person exempted. We have foregone worship, recreation, work. We have lost jobs and struggled to make ends meet. We have gone out of our way to help our neighbors through direct assistance, donations, patronizing local businesses, and more. Our health care workers have stepped up in a way I never hope is needed again. Our community has volunteered with public health officials to support increased testing, vaccination sites, and outreach efforts.

This is no small feat and we should take a moment to reflect that we are living in a time where we, as a community, must work together in ways not seen for a long time.

While we can see the light at the end of the tunnel, we are still in the tunnel.

As much as I pray for the end of this pandemic, we are still in the midst of it. We have made progress through refined understanding of the virus, how to mitigate and reduce the risks of transmission and infection, how to better treat those who are infected, and how to vaccinate against it.

This progress is a challenge, too. I am tired of the pandemic. I know many of you are and have been for awhile. As we learn more and are better able to resume the activities of life, there is the feeling that “we’re done” or “we’re past that now”.

Sadly, my sisters and brothers, that is not true. Yes, we’re further along the road than we have ever been before during this pandemic, but we’re still on the journey. We still have new cases daily in Austin higher than we saw a year ago. While Texas is doing better right now, we’re still seeing other states having upswings. And, of course, we must continue to pray and grieve with our Indian brothers and sisters who are currently in a horrific situation in their own country with almost 400,000 averaged new cases a day when a month ago it had never been above 100,000 averaged new cases a day.

While, here in Texas, we can continue to take steps forward, we cannot act as if the pandemic never existed or is over.

We are the Church of faith and reason.

St. Pope John Paul II wrote in the opening of his encyclical Fides et Ratio that:

Faith and reason are like two wings on which the human spirit rises to the contemplation of truth; and God has placed in the human heart a desire to know the truth—in a word, to know himself—so that, by knowing and loving God, men and women may also come to the fullness of truth about themselves

As a Church, we know that faith and reason are intimately related!

“The Church remains profoundly convinced that faith and reason ‘mutually support each other’; each influences the other, as they offer to each other a purifying critique and a stimulus to pursue the search for deeper understanding.” (Fides et Ratio, 100)

Even renowned atheist Stephen Hawking was a member of the Pontifical Academy of Sciences! Why? Because to better understand the Creator—God—and the creation—our universe all the way down to us individually, we must seek out and explore new knowledge. Trusting science to reveal what science reveals while using our faith to guide that pursuit aligned with what science can not reveal.

In today’s context, we have to embrace the scientific and medical communities working tirelessly to better understand this virus, what it does, how to mitigate it, and how to stop it. The Church joins with public health officials to help the world navigate these uncertain waters.

In other words, we must work with hand-in-hand with the best experts to get through this pandemic.

How do we continue to mitigate?

We have learned a lot in the last year when all public Masses were suspended. We are not in a position to even consider that. The Church also affirms that the manifestation of the spiritual life is an essential human right. We are part of the local community and do need to heed public health demands.

One of the many ways to explain the mitigation approach is the “swiss cheese” idea. Every single type of mitigation has gaps, or holes, like swiss cheese. But, if we layer various forms of mitigation, we substantially reduce the transmission risks to where we can return to normal or near-normal activities.

Again, the point of all these mitigation efforts is to restore normalcy.

To that end, I will decree that all Catholic institutions implement protocols and policies that align with the spirit of guidelines from the Center for Disease Control and Prevention and from public health officials.

I will address broad themes here. More particular details, that will be updated as this pandemic continues to evolve, will in an accompanying decree.

In-Person Attendance

Generally, obligation to attend events in-person is dispensed. For parish ministries, including religious education, an option should exist for virtual access. This doesn’t mean one-size fits all.

For example, children should have virtual access to religious formation. I understand that this is a heavy burden for a lot of parishes if they are opting to also do in-person opportunities. Within each deanery, parishes can join together to provide a singular virtual or singular in-person option to help spread the load of dual-formats.

The Sunday Obligation and Mass

The Sunday obligation remains, but can be fulfilled broadly:

  • Attendance at Mass in-person.
  • Praying along with Mass in any form (radio, television, live stream) for that Sunday, recorded or in real-time.
  • Praying the Readings for the day and sincerely reflecting upon them.
  • A major hour of the Liturgy of the Hours: Morning Prayer, Evening Prayer, Office of Readings in a solemn way.

I ask everyone to worship the Lord on Sunday in a way that matches your current situation. If everyone in your household is vaccinated and you’re comfortable with a more normal life routine, please come back to Mass. If your home includes those who are not yet vaccinated, pray with your family from home.

Every time I lift my eyes to heaven, I pray for an end of this pandemic, or at least for it to evolve to where we can be “near normal” soon. We miss you. The Church loves you. I love you. As much as I want us to join together as we did before 2020, the Church realizes that, as we’ve done over our 2000-year history, we sometimes have to exist outside of the ideal. I think of the Early Christians who had to meet in secret in homes to avoid being martyred. I think of the Japanese Christians who had to go into hiding and persisted hundreds of years without a priest. What we’re asking is nothing like what our ancestors had to endure.

Virtual Mass is not ideal. Sacraments can never be conveyed virtually. They require presence. They require physical action. I admit that attending Mass, the time in which we worship the Real Presence of Jesus in the Eucharist while we are, in fact, not present is awkward.

As the primary meeting time of the community, a time to hear and reflect on the Word of God with a homily, I ask that parishes continue to provide a virtual Mass option. That said, I also ask that parishes offer other liturgical options that exist in our faith tradition as well. I encourage Deaneries to work together to offer more ways for the faithful to pray liturgically while away without the duplication of effort or adding an undue burden on any particular parish.

For my part, I will be livestreaming Vespers I (that is, Saturday Evening Prayer as we begin our liturgical Sunday).

Masks

Wearing face coverings has been shown to be the relatively easiest way to make a sizeable reduction of transmission of Covid. As this virus is primarily transmitted via droplets, the vast majority of types of face coverings provide some benefit.

Generally speaking, masks will be required while on Church grounds. Exceptions, such as age, medical exemptions, staff working in a private office or very small meetings with all parties vaccinated, will be noted in the coming decree.

Additionally, I ask that we all act with charity. We do not know why any particular person is wearing or not wearing a mask at any particular moment. Any enforcement or questioning regarding this is for our pastors or their delegated staff members. In other words, please don’t shame each other either way.

While masks aren’t enjoyable, it is a relatively small corporal work of mercy toward our broader community. If you don’t want to wear a mask because of the inconvenience, let us join these small penances together as an offering toward the Lord who innocently suffered so much for us.

Vaccines

In accordance with announcements from the Holy Father and the U.S. Conference of Catholic Bishops (USCCB), we have found it is morally acceptable to receive any available vaccine for Covid-19. The USCCB, through joint work from the Doctrine and Pro-Life Committees, have noted that the Pfizer and Moderna vaccines are preferable over the Johnson & Johnson vaccine.

In Catholic teaching, there is a concept of “cooperation in evil”. In an ideal and perfect world, we would never at all cooperate with any form of evil or sinfulness in any way anywhere. However, there are situations where we have to look at the level of cooperation between the evil act and the act we’re trying to judge.

In full transparency, the Pfizer and Moderna vaccines were developed, in part, by research done on fetal cells acquired through an abortion decades ago. The abortion was not procured for the sake of research, but, as a secondary by-product of the horrible instance of abortion, fetal cells were acquired.

For the Johnson and Johnson vaccine, fetal cells, acquired the same way, were used as part of the production process.

In both cases, that Holy Father, the Vatican, and the USCCB all agree that the connection between us and the abortion is so remote, that there is no guilt associated when there is a proportionately serious reason. Covid 19 and the severe impact it has had on our communities, our nation, and our world qualifies.

Given the above, if you have an option, aim for the two-dose Pfizer or Moderna vaccines. But, all three are morally acceptable if that is the dose you’re able to get.

Vaccines are our ticket back to normalcy. Vaccines are shown to provide better immunity than natural immunity (e.g. already catching Covid), the side effects are minimal, and their effectiveness is very high.

I strongly encourage all Catholics to get vaccinated as quickly as possible. For those who have any health concerns, please contact your doctor and follow their advice.

To that end, all parishes should make themselves available to the local health department to assist in any way possible in the vaccination campaign. This could include, but is not limited to, having flyers with vaccine information, host public health experts to be available following Masses, host vaccination sites at no cost to the health department (please contact me if there are any issues with this).

In short, I bind all of us to do what we can to help.

Other Mitigations

I repeat from earlier that all institutions should have a mitigation plan that implements protocols and policies that align with the spirit of guidelines from the Center for Disease Control and Prevention and from public health officials.

If any institution has questions, concerns, or needs assistance in any way, please contact me directly.

As faith leaders and faithful Catholics, we are the “experts” in the spiritual life. Our public health officials are the experts in public health. Let us “lean into” that expertise and use it for the betterment of all.

We are close.

I thank God every day that the situation locally is moving forward. I pray often for those around the world who are not. As we continue to move ahead as a community of faith, let us not be “blinded by the light at the end of the tunnel”, but walk forward fully aware of the current realities with confidence that, by the will and help of God, we will complete this time of difficulty soon.

…Nᴏᴡ ᴀɴᴅ ғᴏʀᴇᴠᴇʀ.

26 Years Later

26 years ago, I was sitting in Mrs. Wilson’s 5th Grade science class when a classmate across the lab bench from me asked if I heard about the bombing in Oklahoma City.

At the time, I thought she probably didn’t know what she was talking about or, at least, it was a “small bomb”, whatever that means to a 5th grader. In 1995, I had heard about suicide bombers overseas, but they never seemed to be that big.

But, of course, she was correct. The Murrah Federal Building in Oklahoma City, two hours away, was destroyed by a homegrown, fanatic terrorist, who was convinced that the Government was out to destroy American freedom.

Six years later, 9/11 overshadowed Oklahoma City and, I think, as a country, we’ve forgotten about it. Looking right now, none of the major cable news sites or the major national newspapers mention it on their homepage. Of the sites I search, the New York Times did share a video of AG Garland speaking at a service today. But that’s it.

After the storming of the Capitol earlier this year, the idea of homegrown terrorism being one of the top homeland security concerns is fresh in my mind.

These things are linked together. The Capitol events on January 6th were shocking, but Oklahoma City was a whole other level. If we forget what Americans can do when they fall completely into the mindset of “the government is the problem and they’re coming to take away everything”, we’re going to see something very bad.

Our government works best when we all come to the table together and legitimately work together. Yes, we have different opinions and there are different parties, but we must be able to hammer out something that we all can live with.

The Oklahoma City Memorial is beautiful and heartbreaking. There is an Empty Chair for everyone who died in the bombing, positioned roughly to show where they were when they died. 19 of the chairs are small. 19 babies and children died, as there was a day care in the building. The award-winning photograph of a firefighter carrying a dying baby out should be a sober reminder of the depths of evil we can sink to when we don’t see each other as people, but as Others that are trying to attack us.

26 years later, let’s pause and remember those who died this day and do whatever we can do ensure we are not fanning the flames for it to happen again.

Happy National Beer Day

In the United States, today is National Beer Day! Today in 1933, beer became legal again during the tail end of 18th Amendment prohibition of alcoholic beverages.

What’s interesting is that the 21st Amendment, repealing the 18th, was not effective until December 1933, so why is today a day?

On this date, the Cullen-Harrison Act went into effect. The 18th Amendment was functionally enacted by the Volstead Act in 1919, which defined “intoxicating” anything with 0.5% alcohol. Which is just about anything that ever thought about a beer.

The Cullen-Harrison Act, under the authority of the 18th Amendment, changed the definition of “intoxicating” to anything higher than 3.2% alcohol-by-weight so it could be legally sold and consumed under the Federal law, presuming states allowed it. Almost nothing we see in stores today would qualify, but in 1933, 1.5 million barrels were consumed on April 7, 1933 to celebrate.

If you’re one to have a beer every now or then, today isn’t a bad day to raise a glass.