June 2026 — Web Design & Dev news.
What changed, as it happens.
Tracked daily from primary sources. The items below are what we're watching for clients right now.
Microsoft Clarity now flags bots that ignore your robots.txt
Clarity added a robots.txt-violations layer to its Bot Analytics dashboard, showing which crawlers request disallowed URLs, trends over time, and filtering by operator — practical visibility into AI crawlers like ClaudeBot and GPTBot ignoring directives. It needs a connected CDN or the latest Clarity WordPress plugin.Search Engine Journal →
Google and Shopify back Cloudflare’s PACT protocol for gating AI bots
Google, Shopify, and several browser makers are backing PACT, a Cloudflare-hosted standard for authenticating and gating AI agents and automated bots. It’s positioned as a permission and authentication layer for agentic web access, complementing the ARD and WebMCP specs — and Shopify’s support signals ecommerce platforms are wiring these standards into their infrastructure.Search Engine Journal →
Chrome ships a Lighthouse “Agentic Browsing” audit in M150
Chrome shipped an informational Lighthouse “Agentic Browsing” audit category in M150 that checks accessibility-tree quality, Cumulative Layout Shift, and WebMCP tool/schema availability. It ships with Chrome DevTools for Agents, which lets developers simulate agent interactions while debugging — early tooling for making sites agent-ready.Chrome for Developers →
Sign in with Google adds session metadata for risk-based access control
Google added two OIDC claims — auth_time (when the user logged in) and amr (how they authenticated) — to Sign in with Google. Verified apps can use them for step-up authentication on sensitive actions and stronger fraud prevention.Google Developers Blog →
MonsterInsights site compromised and sending phishing emails
The website of MonsterInsights, a widely used WordPress Google Analytics plugin, was compromised and taken offline, with the company warning of fraudulent emails sent from its domain. It’s a phishing campaign against plugin users, not a disclosed flaw in the plugin — don’t act on unexpected emails from the brand.Search Engine Journal →
UpdraftPlus flaw exposes 3M+ WordPress sites to takeover — patch now
An authentication bypass in UpdraftPlus WP Backup & Migration (≤1.26.4) lets unauthenticated attackers run admin-level commands and install malicious plugins; Wordfence blocked 8,000+ attacks in 24 hours. Update to 1.26.5 immediately.Search Engine Journal →
Custom ecommerce engineering, AI apps, and SEO — typically 60–80% less than traditional agency pricing.
20+ years of BigCommerce engineering, now AI-augmented. Tell us your store, your stack, and your deadline — we quote fixed scope on the first call.