WordPress 4.8 is out, named “Evans” in honor of William John “Bill” Evans. Grab now and bask in the glory of a fresh new release.
An Update with You in Mind Gear up for a more intuitive WordPress!
Version 4.8 of WordPress, named “Evans” in honor of jazz pianist and composer William John “Bill” Evans, is available for download or update in your WordPress dashboard. New features in 4.8 add more ways for you to express yourself and represent your brand.
Though some updates seem minor, they’ve been built by hundreds of contributors with you in mind. Get ready for new features you’ll welcome like an old friend: link improvements, three new media widgets covering images, audio, and video, an updated text widget that supports visual editing, and an upgraded news section in your dashboard which brings in nearby and upcoming WordPress events.
Exciting Widget Updates
Adding an image to a widget is now a simple task that is achievable for any WordPress user without needing to know code. Simply insert your image right within the widget settings. Try adding something like a headshot or a photo of your latest weekend adventure — and see it appear automatically.
A welcome video is a great way to humanize the branding of your website. You can now add any video
It's that time! Proposal to merge into core. A 2-parter though. Whatcha think?
Hello everyone! This is the post you’ve all been waiting for. We on the REST API team (myself, @rachelbaker, @joehoyle, @danielbachhuber, and newest member and core committer @pento) would like to propose merging the REST API into WordPress core. We’ve been working a while on this, and think it’s now ready to get your feedback.
This is our first iteration of the proposal, and we’re actively looking for feedback. If you have thoughts on the project, or on this proposal, let us know! Only with your feedback can we make progress.
What is the REST API?
The REST API differs from existing WordPress APIs in that it is explicitly designed from the ground up for modern mobile and browser usage, using the lightweight and widely-supported JSON data serialization format with a modern REST interface.
This is a security release so better get to updating. Three issues including WP_Query being vulnerable to a SQL injection and a cross-site scripting (XSS) vulnerability.
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues:
The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
Thank you to the reporters of these issues for practicing responsible disclosure.
Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.
Thanks to everyone who contributed to 4.7.2.
WordPress officially ending support for Internet Explorer versions 8, 9, and 10, starting with WordPress 4.8.
Previously, we discussed the new editor and browser support within WordPress core. Following up on those conversations, we are officially ending support for Internet Explorer versions 8, 9, and 10, starting with WordPress 4.8. Microsoft officially discontinued supporting these browsers in January 2016, and attempting to continue supporting them ourselves has gotten to the point where it’s holding back development. I realize that folks still running these browsers are probably stuck with them because of something out of their control, like being at a library or something. Depending on how you count it, those browsers combined are either around 3% or under 1% of total users, but either way they’ve fallen below the threshold where it’s helpful for WordPress to continue testing and developing against. (The numbers surprised me, as did how low IE market share overall has gone.)
Of course, wp-admin should still work in these older browsers, but with fewer capabilities, and we will no longer be testing new features and enhancements in these browsers. For example, the next versions of TinyMCE – currently targeted at WordPress 4.8 – will not support older IE browsers.
Nice interview (with audio-only or video) of Matt by Brian Krosgard at WordCamp US 2016. Nice one-on-one moment, usual great content from Post Status (this is public, open to all).
I had the opportunity to interview Matt Mullenweg at the end of WordCamp US 2016, and we chatted about the new WordPress development cycle, the WordPress REST API, and more. During contributor day of WordCamp US in Philadelphia, I was able to interview Matt Mullenweg to follow up on several items he announced in the State of the Word.
We mostly discussed the new WordPress development cycle and how it will work with the three focus areas. We also discussed how that will affect other non-major updates and WordPress features.
Matt also talked about the WordPress REST API, how he defines success for it, what he hopes to see out of it, and what he thinks would cause it to revert to a plugin only feature.
And as this was the second and final year of WordCamp US in Philadelphia, we reflected on the event, and talked about what there is to look forward to in Nashville for WordCamp US 2017 and 2018.
You can listen to just the audio, also on our podcast, which you can find on iTunes, Google Play, Stitcher, and via RSS for your favorite podcatcher.
Or just watch the video on YouTube, or below for the full experience. And don’t forget to subscribe to my new channel on YouTube.
It's here! Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan.
Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan, is available for download or update in your WordPress dashboard. New features in 4.7 help you get your site set up the way you want it. Introducing WordPress 4.7Get Link to Video
Presenting Twenty Seventeen
A brand new default theme brings your site to life with immersive featured images and video headers.
Twenty Seventeen focuses on business sites and features a customizable front page with multiple sections. Personalize it with widgets, navigation, social menus, a logo, custom colors, and more. Our default theme for 2017 works great in many languages, on any device, and for a wide range of users.
Your Site, Your Way
WordPress 4.7 adds new features to the customizer to help take you through the initial setup of a theme, with non-destructive live previews of all your changes in one uninterrupted workflow.
Theme Starter Content
To help give you a solid base to build from, individual themes can provide starter content that appears when you go to customize your brand new site. This can
Folks, I have released yet another open source project. A Gutenberg Boilerplate to build Blocks! I have written an extensive post about it, in the post I have also share my thoughts on the Gutenberg Editor, the dependency hell, license paradox, and stuff. — Have at it!
Gutenberg is all that you hear about in the WordPress community nowadays. Everyone is writing articles on how they feel about Gutenberg. I was one of the early adopters and contributors in the Gutenberg project. I have had been writing about it (invitation to contribute) and covering the meeting notes for the project. When folks started writing about Gutenberg I wanted to do the same, but I was on vacations, visiting my parents, and enjoying Eid holidays. But that’s not all; I stopped myself from writing anything because I have been a bit confused.
I am still making up my mind with how Gutenberg will fit in the WordPress core. There are so many things which are both good and bad about it. So, instead of ranting about it, I wanted to do something more productive. And I went ahead, studied the source code, received a lot of help from Gutenberg contributors (Matias Ventura, James Nylen, Riad Benguella, Andrew Duthie, Joen, etc.) to finally build a Gutenberg Boilerplate project.
Everyone is now writing about their experiences w/ Gutenberg. Chris's take is a good read: he missed the goal of this thing
I checked out the Gutenberg plugin and new writing experience for WordPress – via an early plugin version. It’s clear I missed the goal of this thing. I tried the new Gutenberg writing experience for WordPress today!
Having read all the early reviews of the new Gutenberg plugin (which is still a very early release), and then reading the interview that Matt Mullenweg did with Torque at WordCamp Europe, I was excited to try it out.
What I read from Matt’s interview, which matched his WordCamp US talk last December, was that this focus on the editor experience would let us leapfrog the experiences that newbies were enjoying with Wix, Weebly & Squarespace.
Of course, there’s always mention of the nice writing experience of Medium that is always mentioned, but the target, that I thought I heard, was the other players. The folks that were spending gobs of marketing money on ads and were taking market share from the WordPress ecosystem.
It’s clear I’ve misunderstood something, but first…
Before I tell you about my experience, let me set the record straight on several things.
I believe that the number of volunteers working on this have done a great
HackerOne is a platform for security researchers to report vulnerabilities. With the announcement also comes introduction bug bounties!
WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially on HackerOne! HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress.
The security team has been working on this project for quite some time. Nikolay Bachiyski started the team working on it just over a year ago. We ran it as a private program while we worked out our procedures and processes, and are excited to finally make it public.
With the announcement of the WordPress HackerOne program we are also introducing bug bounties. Bug bounties let us reward reporters for disclosing issues to us and helping us secure our products and infrastructure. We’ve already awarded
Matt gives some of his thoughts, perceptions and feelings on of how things are going with core foci. Rest API admin will take some time I think.
Just wanted to give folks my perception and feelings on of how we’re doing thus far with the core foci: Writing: I’m really happy with the progress. It has had some slower weeks here and there the past few months, but by and large the technical prototypes we implemented have been successful and we’re ready to move into the next phase. We have a Chrome fix we have to get in the next minor release, and the link boundary improvements will be going into TinyMCE core and could be great for an interim +0.1 release.
Customization: Doing well. Remember: The plan is for the larger block-driven customization work to kick off in June. Prior to that, we’re focusing on widgets and other low-hanging fruit. Lack of developers slowed us down last few months, now doing better but could still use more help there. Media widgets + WYSIWYG on text widget seem simple but will have a big user impact.
REST API: There has been little to no perceivable progress on having any parts of wp-admin powered by the REST API.
Considering 4.8: The TinyMCE inline element / link boundaries, new media widgets, WYSIWYG in text widget, and perhaps something else small like the WordCamp / meetup dashboard
Every year there's a brand new default theme, and Helen Hou-Sandi post gives us a preview. Designed by Mel Choyce.
It’s that time again: time to build a new default theme for WordPress! WordPress 4.7 will launch with a brand new theme – Twenty Seventeen. Designed by Mel Choyce (@melchoyce), Twenty Seventeen sports a modern look and will make a good base for any business website or product showcase.
Check out the gallery below to preview our next default theme at full-size: Higher resolution mockups
In addition to having a wide appeal, Twenty Seventeen will focus on providing a seamless initial theme setup so anyone can set up a website for themselves or their business with minimal hassle.
Twenty Seventeen aims to show off some new core features and enhancements, such as:
A better flow for using a static page as your front page.
Visible edit icons in the Customizer, replacing the current hidden shift+click method.
Expanding custom header images to include video (think: atmospheric video headers!).
Dummy content for live previews.
Mel will keep an eye on all things design during the creation of Twenty Seventeen. Laurel Fulford (@laurelfulford) and David Kennedy (@davidakennedy) will assist her, leading the theme’s development. Lots of opportunities exist this year for getting
One of the hardest things to do in technology is disrupt yourself. But we’re trying our darndest, and have some cool news to introduce today. When I took on the responsibility of CEO of Automattic January of last year, we faced two huge problems: our growth was constrained by lack of capital, and the technological foundations of the past decade weren’t strong enough for the demands of next one.
The first has a relatively straightforward answer. We found some fantastic partners, agreed on a fair price, issued new equity in the company to raise $160M, and started investing in areas we felt were high potential, like this year’s WooCommerce acquisition. This “war chest” gives us a huge array of options, especially given our fairly flat burn rate — we don’t need to raise money again to keep the company going, and any capital we raise in the future will be purely discretionary. (Since last May when the round happened we’ve only spent $3M of the investment on opex.)
The second is much harder to address. The WordPress codebase is actually incredible in many ways — the result of many thousands of people collaborating over 13 years — but some of WordPress’ greatest strengths were also holding
Accessible WordPress Components Library from 10up is awesome! Check it out!
We’re proud to introduce the WordPress Component Library: a collection of front-end components constructed with WordPress and accessibility at the forefront. Many of the HTML and CSS components we build for our clients are structurally similar, particularly for prolific features like menus, search forms, posts, and blogrolls. A common starting point offers efficiencies to our clients while simultaneously raising the bar on polish and compliance with standards like accessibility. In evaluating existing libraries, we found that the industry was missing a good, open source project built with WordPress’s often opinionated markup (e.g. menus) and basic layout structure in mind.
Since accessibility is a top priority for many of our clients, and critical to our mission to make the web a better place, each component in the library is WCAG 2.0 accessible. We think that this project will help engineers and clients who value accessibility, but may struggle to budget for it, achieve a higher standard with little-to-no added cost.
We are actively adding to and improving the components. Hosted on GitHub, we welcome feedback, questions, and pull requests.
WordPress has supported custom page templates for over 12 years. With WP 4.7 the same functionality is coming to all post types, using "Template Post Type" in the file header.
WordPress has supported custom page templates for over 12 years, allowing developers to create various layouts for specific pages. While this feature is very helpful, it has always been limited to the ‘page’ post type and not was not available to other post types. With WordPress 4.7, it will be. By opening up the page template functionality to all post types, the template hierarchy’s flexibility continues to improve.
In addition to the Template Name file header, the post types supported by a template can be specified using Template Post Type: post, foo, bar. Here’s an example:
<?php/*Template Name: Full-width layoutTemplate Post Type: post, page, product*/// … your code here
That way, you’ll be able to select this full-width template for posts, pages, and products.
When at least one template exists for a post type, the ‘Post Attributes’ meta box will be displayed in the back end, without the need to add post type support for 'page-attributes' or anything else. The ‘Post Attributes’ label can be customized per post type using the 'attributes' label when registering a post type.
Selecting the post template
WordPress officially hits 25% - will be a solid 25% by WordCamp US.
People are abuzz because it looks like the W3Techs survey of the web now has WordPress at 25% market share. Sometimes it goes up and down through the course of a month, but it’s still a pretty fun milestone that we can now say about one in four websites are now powered by the scrappy open source underdog with its roots stretching all the way back to a single person in Corsica, France. We should be comfortably past 25% by the end of the year.
The big opportunity is still the 57% of websites that don’t use any identifiable CMS yet, and that’s where I think there is still a ton of growth for us (and I’m also rooting for all the other open source CMSes).
If you want to celebrate with us come to the first-ever WordCamp US event next month in Philadelphia (tickets still available) — it’s shaping up to be an amazing event. We just published the schedule and there are some amazing speakers and sessions.
The plugins review team has announced that WordPress frameworks are no longer allowed in the official plugins' repository. So we created IncludeWP.
Earlier this year (March 2016), the plugins review team issued a statement on make.wordpress.org that frameworks are no longer allowed in the official plugins repository. We decided to take it upon ourselves to create a worthy repository for WordPress frameworks and created IncludeWP. A home, or rather, a leaderboard, to display all open-source frameworks for WordPress plugin & theme developers. A one-stop-shop for developers to evaluate what’s currently out there in the market.
It had started as a fun & refreshing weekend side-project that the team had decided to pull together three weeks ago, and the plan was to release it right away. But, during the years I adopted a habit of not releasing anything before getting some feedback on it from people whose opinion I trust, so I decided to poke a few of my friends from the WordPress community first.
We got great feedback and some UI suggestions, but one comment drew most of my attention: Luca Fracassi from Addendio said: “Vova, it would be super-cool if I could click on a framework and see what plugins & themes are actually using it.”
“Hell yeah! That would be amazing.” I thought to myself. But
WordPress 4.7.4, a maintenance release, is out. Contains 47 maintenance fixes and enhancements. Go get it or let auto-update work its magic.
After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release. This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes.
Download WordPress 4.7.4 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.4.
Thanks to everyone who contributed to 4.7.4:
Aaron Jorbin, Adam Silverstein, Andrea Fercia, Andrew Ozz, aussieguy123, Blobfolio, boldwater, Boone Gorges, Boro Sitnikovski, chesio, Curdin Krummenacher, Daniel Bachhuber, Darren Ethier (nerrad), David A. Kennedy, davidbenton, David Herrera, Dion Hulse, Dominik Schilling (ocean90), eclev91, Ella Van Dorpe, Gustave F. Gerhardt, ig_communitysites, James Nylen, Joe Dolson, John Blackbourn, karinedo, lukasbesch, maguiar, MatheusGimenez, Matthew Boynes, Matt Wiebe, Mayur Keshwani, Mel Choyce,
I'm not a fan of the code editor in WordPress but this article from Mel is a good read, especially about the upcoming tweaks for WordPress 4.9.
Note: this post was originally published on our new Automattic design blog. I’m lucky that Automattic sponsors my time to work on the core WordPress software full-time. This allows me the time and focus to take on more leadership responsibilities in the community, including my current role as Customization Design Lead and the co-lead for the upcoming WordPress 4.9 release.
One of our major goals during the 4.9 development cycle is to improve the various code editing portions of WordPress: the code editor for plugins and themes, the CSS editor in the Customizer, and the new HTML widget.
This is a controversial decision. Many people believe that WordPress should remove code editing, for many good reasons! At the very least, the theme and plugin code editors make it very easy to break your site. If you don’t backup your site regularly, this can be anything from a couple minute inconvenience to a catastrophe.
I’m of two minds: that yes, we either need to remove the editors entirely, or… we need to make them better, and safer for people to use.
After reflecting, my co-lead and I decided that making them better and safer can have more of a positive impact. WordPress
ApplyFilters interview with Matt talking about why he's back in development and what should get more attention in WordPress.
Today, Brad and Pippin will be talking to Matt Mullenweg. Matt is the founder of WordPress and the CEO of Automattic. We will be talking about the history of Automattic and what Matt does in his spare time. We’ll also talk about what Matt feels is not talked about enough inside of WordPress. Some of the highlights of the show include:
Matt’s announcement that he will be leading WordPress development: how the CEO of such a large company can lead this huge open source project.
The tipping point where Matt decided he wanted to get back into the development side.
Why Matt thinks there has been no progress on powering the WP Admin by the REST API and why this is one of his priorities.
What Matt would like to see happen with the WP Admin to make it most successful.
What Automattic looked like in its early days when the team was only a handful of people, as well as what Matt would change if he could go back in time.
How Matt recommends people learn about management and communication.
What Matt chooses to work on when he’s working on code and why.
The things that Matt is most concerned about today.
What Matt feels is lacking attention and interest in the WordPress world.
To "tackle the problem of serving large volumes of images", Human Made has developed a scalable image service that integrates with Amazon S3.
As an enterprise web development agency, we frequently deal with high-traffic, high-bandwidth sites. We use a horizontally-scalable architecture built on Amazon’s AWS platform to ensure great performance, high availability, and low costs for our clients. This allows us to serve essentially any amount of traffic to sites without breaking a sweat. While most sites are primarily text-based, the larger size of images means that bandwidth from images can have an outsized effect on bandwidth cost and server load.
To tackle the problem of serving large volumes of images while minimising costs, we developed Tachyon, our scalable image service. Tachyon integrates with Amazon S3, and integrates with WordPress through the Tachyon plugin combined with our S3 Uploads plugin (but can also be used for non-WordPress projects).
Our First Attempts
When we initially looked at solving issues around images, we set out to solve two main issues: image regeneration, and caching. Rather than creating and storing thumbnails on upload, we wanted a dynamic system, which would allow us to easily create or change the available sizes, along with allowing complex cropping. To combine the dynamicism of this system
Matt Mullenweg, on Medium (!!!), talks about update signing and security in general.
The WordPress Theme Developer Handbook has finally been released. Congrats to the almost 100 involved. Feedback welcomed.
Weekly Meetings As well as discussing docs issues here on the blog, we use Slack for group communication.
Individual teams have their own regular meetings – you can find details of those in the sidebar.
From a performance standpoint, there appears to be a slight advantage. This isn't a topic i've seen covered before, good read!
Since the introduction of the WordPress REST API, many plugin developers have started converting their plugins to use the REST API instead of the older AJAX API (admin-ajax.php). Aside from the REST API simply being newer technology, rumor has it that the REST API is also faster and more reliable than the older endpoints due to the fact that not as much of WordPress is loaded during a typical REST request. In this article, we’ll be looking at the life of a typical REST request as well as a similar request made over admin-ajax.php to see how they compare.
The Life of an admin-ajax.php Request
Let’s start by breaking down what happens when we make a typical AJAX request to admin-ajax.php. When your browser makes a request to that file, it loads a few other core WordPress files in order to be able to serve the request with core functions loaded:
/wp-settings.php (which loads most core files, all active plugins and themes, and the REST API)
After loading these files, WordPress calls the admin_init hook, which several core functions hook into. The below core functions were called on this hook
We put the final version of PHP 7 to the test! We ran benchmarks for WordPress, Drupal, Magento, OctoberCMS and PyroCMS on a bare metal box comparing the performance with HHVM and PHP 5.6 and the results are non-ambiguous.
It’s been in the works for quite some time and after a long wait PHP 7 was released on December 3, 2015. We tested the most popular PHP based frameworks to see how they perform with PHP 7! It’s a great day for all of us who use PHP every day and that doesn’t just include developers (and web hosting companies) but end users as well. It will speed up the most popular web development language in the coming weeks and months which means faster websites and web services for everyone!
We’re addicted to optimizing the load times of websites and we’ve released numerous guides on the topic previously, take a look at A Beginner’s Guide to Website Speed Optimization, Best Free Website Performance Testing Tools, and more.
To see how much of an improvement we can expect from this new PHP interpreter we put the public release version of PHP 7.0 to test and compared a couple of popular software suites’ performance using PHP 5.6.16, PHP 7.0 and HHVM 3.10.1 on a bare metal server (so virtualization doesn’t interfere with the results). Tested software include WordPress 4.3.1, Drupal 8, Magento 2.0 CE, OctoberCMS build 309, PyroCMS v3 beta2, and Flarum v0.1.0-beta.4.
Long story short, HHVM wins hands down.