Web Design & Dev · News

June 2026 — Web Design & Dev news.

June 2026

What changed, as it happens.

Tracked daily from primary sources. The items below are what we're watching for clients right now.

  1. Bots · Analytics

    Microsoft Clarity now flags bots that ignore your robots.txt

    Clarity added a robots.txt-violations layer to its Bot Analytics dashboard, showing which crawlers request disallowed URLs, trends over time, and filtering by operator — practical visibility into AI crawlers like ClaudeBot and GPTBot ignoring directives. It needs a connected CDN or the latest Clarity WordPress plugin.Search Engine Journal →

  2. AI Agents · Standards

    Google and Shopify back Cloudflare’s PACT protocol for gating AI bots

    Google, Shopify, and several browser makers are backing PACT, a Cloudflare-hosted standard for authenticating and gating AI agents and automated bots. It’s positioned as a permission and authentication layer for agentic web access, complementing the ARD and WebMCP specs — and Shopify’s support signals ecommerce platforms are wiring these standards into their infrastructure.Search Engine Journal →

  3. Agentic Web · Chrome

    Chrome ships a Lighthouse “Agentic Browsing” audit in M150

    Chrome shipped an informational Lighthouse “Agentic Browsing” audit category in M150 that checks accessibility-tree quality, Cumulative Layout Shift, and WebMCP tool/schema availability. It ships with Chrome DevTools for Agents, which lets developers simulate agent interactions while debugging — early tooling for making sites agent-ready.Chrome for Developers →

  4. Auth · Security

    Sign in with Google adds session metadata for risk-based access control

    Google added two OIDC claims — auth_time (when the user logged in) and amr (how they authenticated) — to Sign in with Google. Verified apps can use them for step-up authentication on sensitive actions and stronger fraud prevention.Google Developers Blog →

  5. WordPress · Security

    MonsterInsights site compromised and sending phishing emails

    The website of MonsterInsights, a widely used WordPress Google Analytics plugin, was compromised and taken offline, with the company warning of fraudulent emails sent from its domain. It’s a phishing campaign against plugin users, not a disclosed flaw in the plugin — don’t act on unexpected emails from the brand.Search Engine Journal →

  6. WordPress · Security

    UpdraftPlus flaw exposes 3M+ WordPress sites to takeover — patch now

    An authentication bypass in UpdraftPlus WP Backup & Migration (≤1.26.4) lets unauthenticated attackers run admin-level commands and install malicious plugins; Wordfence blocked 8,000+ attacks in 24 hours. Update to 1.26.5 immediately.Search Engine Journal →

All Web Design & Dev news

Custom ecommerce engineering, AI apps, and SEO — typically 60–80% less than traditional agency pricing.

20+ years of BigCommerce engineering, now AI-augmented. Tell us your store, your stack, and your deadline — we quote fixed scope on the first call.