WordPress 4.8 is out, named “Evans” in honor of William John “Bill” Evans. Grab now and bask in the glory of a fresh new release.
An Update with You in Mind Gear up for a more intuitive WordPress!
Version 4.8 of WordPress, named “Evans” in honor of jazz pianist and composer William John “Bill” Evans, is available for download or update in your WordPress dashboard. New features in 4.8 add more ways for you to express yourself and represent your brand.
Though some updates seem minor, they’ve been built by hundreds of contributors with you in mind. Get ready for new features you’ll welcome like an old friend: link improvements, three new media widgets covering images, audio, and video, an updated text widget that supports visual editing, and an upgraded news section in your dashboard which brings in nearby and upcoming WordPress events.
Exciting Widget Updates
Adding an image to a widget is now a simple task that is achievable for any WordPress user without needing to know code. Simply insert your image right within the widget settings. Try adding something like a headshot or a photo of your latest weekend adventure — and see it appear automatically.
A welcome video is a great way to humanize the branding of your website. You can now add any video
This is a security release so better get to updating. Three issues including WP_Query being vulnerable to a SQL injection and a cross-site scripting (XSS) vulnerability.
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues:
The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
Thank you to the reporters of these issues for practicing responsible disclosure.
Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.
Thanks to everyone who contributed to 4.7.2.
It's here! Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan.
Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan, is available for download or update in your WordPress dashboard. New features in 4.7 help you get your site set up the way you want it. Introducing WordPress 4.7Get Link to Video
Presenting Twenty Seventeen
A brand new default theme brings your site to life with immersive featured images and video headers.
Twenty Seventeen focuses on business sites and features a customizable front page with multiple sections. Personalize it with widgets, navigation, social menus, a logo, custom colors, and more. Our default theme for 2017 works great in many languages, on any device, and for a wide range of users.
Your Site, Your Way
WordPress 4.7 adds new features to the customizer to help take you through the initial setup of a theme, with non-destructive live previews of all your changes in one uninterrupted workflow.
Theme Starter Content
To help give you a solid base to build from, individual themes can provide starter content that appears when you go to customize your brand new site. This can
HackerOne is a platform for security researchers to report vulnerabilities. With the announcement also comes introduction bug bounties!
WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially on HackerOne! HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress.
The security team has been working on this project for quite some time. Nikolay Bachiyski started the team working on it just over a year ago. We ran it as a private program while we worked out our procedures and processes, and are excited to finally make it public.
With the announcement of the WordPress HackerOne program we are also introducing bug bounties. Bug bounties let us reward reporters for disclosing issues to us and helping us secure our products and infrastructure. We’ve already awarded
WP Rollback lets you rollback any theme or plugin to any version published on the Repo. There's no settings, it's built to be a seamless WordPress update experience. Great for those times when an update just doesn't go the way you wanted it to.
Quickly and easily rollback any theme or plugin from WordPress.org to any previous (or newer) version without any of the manual fuss. Works just like the plugin updater, except you're rolling back (or forward) to a specific version. No need for manually downloading and FTPing the files or learning Subversion. This plugin takes care of the trouble for you. Rollback WordPress.org Plugins and Themes
While it's considered best practice to always keep your WordPress plugins and themes updated, we understand there are times you may need to quickly revert to a previous version. This plugin makes that process as easy as a few mouse clicks. Simply select the version of the plugin or theme that you'd like to rollback to, confirm, and in a few moments you'll be using the version requested. No more fumbling to find the version, downloading, unzipping, FTPing, learning Subversion or hair pulling.
Muy Importante (Very Important): Always Test and Backup
Important Disclaimer: This plugin is not intended to be used without first taking the proper precautions to ensure zero data loss or site downtime. Always be sure you have first tested the rollback on a staging or development site prior to using WP
WordPress 4.7.4, a maintenance release, is out. Contains 47 maintenance fixes and enhancements. Go get it or let auto-update work its magic.
After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release. This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes.
Download WordPress 4.7.4 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.4.
Thanks to everyone who contributed to 4.7.4:
Aaron Jorbin, Adam Silverstein, Andrea Fercia, Andrew Ozz, aussieguy123, Blobfolio, boldwater, Boone Gorges, Boro Sitnikovski, chesio, Curdin Krummenacher, Daniel Bachhuber, Darren Ethier (nerrad), David A. Kennedy, davidbenton, David Herrera, Dion Hulse, Dominik Schilling (ocean90), eclev91, Ella Van Dorpe, Gustave F. Gerhardt, ig_communitysites, James Nylen, Joe Dolson, John Blackbourn, karinedo, lukasbesch, maguiar, MatheusGimenez, Matthew Boynes, Matt Wiebe, Mayur Keshwani, Mel Choyce,
This is something i think the community should know. Regardless if you used Wangguard or not, take a moment and read the reason why the developer stopped.
Many people have been wondering why WangGuard closed for good. It is a question that I have come across more or less frequently in the WordPress forums, the official WordPress.org Slack, Twitter, and so on. I have never answered, but I feel that now the time has come to explain, since thousands of sites worldwide were using this plugin and there are conjectures everywhere.
From what I’ve seen, those conjectures can be anything from the economic ones, the professional ones, or the “he closed it just because” ones.
None of the above fits in the least with reality. Yes, WangGuard had a high server cost for me, but SiteGround had started to sponsor WangGuard, and hence that cost was gone. The only “cost” left was the time that I dedicated to the plugin. As to the professional one, that I had started to work for a company and had no time left, of course not. I still feel very comfortable working for myself, even though I can work more or less regularly for important companies, who know that I am a free agent. The “just because” conjecture is the most absurd of all: WangGuard was created to help people with a very big problem on the internet, particularly
Smaller release than i think was expected, but includes improved visual editor experience, WordPress event locator, and a few other shiny things.
We’re planning a smaller WP release early next month, bringing in three major enhancements: An improved visual editor experience, with a new TinyMCE that allows you navigate more intuitively in and out of inline elements like links. (Try it out to see, it’s hard to describe.)
A revamp of the dashboard news widget to bring in nearby and upcoming events including meetups and WordCamps.
Several new media widgets covering images, audio, and video, and an enhancement to the text widget to support visual editing.
The first beta of 4.8 is now available for testing. You can use the beta tester plugin (or just run trunk) to try the latest and greatest, and each of these areas could use a ton of testing. Our goals are to make editing posts with links more intuitive, make widgets easier for new users and more convenient for existing ones, and get many more people aware of and attending our community events.
Four point eight is here
Small changes with a big punch
Big ones come later
#WCEU The new WP plugin for Gutenberg editor is here. It's only v0.1 right now. Try it out!
Description The goal of the block editor is to make adding rich content to WordPress simple and enjoyable.
Warning: This is beta software, do not run on production sites!
The new post and page building experience will make writing rich posts effortless, making it easy to do what today might take shortcodes, custom HTML, or “mystery meat” embed discovery.
WordPress already supports a large amount of “blocks”, but doesn’t surface them very well, nor does it give them much in the way of layout options. By embracing the blocky nature of rich post content, we will surface the blocks that already exist, as well as provide more advanced layout options for each of them. This will allow you to easily compose beautiful posts like this example.
This plugin is being actively developed by many contributors. You can follow along on github.com/WordPress/gutenberg and on the #editor tag on the make.wordpress.org blog.
Contributors & Developers
WordPress 4.2.3 has been release, it's now available at WordPress.org, this is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress 4.2.3 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.2.2 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site. This was reported by Jon Cave of the WordPress Security Team, and fixed by Robert Chapin.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.
Thanks to everyone who contributed to 4.2.3:
WordPress 4.0 is released today so you should go download and update all your sites.
Version 4.0 of WordPress, named “Benny” in honor of jazz clarinetist and bandleader Benny Goodman, is available for download or update in your WordPress dashboard. While 4.0 is just another number for us after 3.9 and before 4.1, we feel we’ve put a little extra polish into it. This release brings you a smoother writing and management experience we think you’ll enjoy. Manage your media with style
Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.
Working with embeds has never been easier
Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.
We’ve expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.
Focus on your content
Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools
WordPress 4.5 is here. Congrats Mike and everyone involved. About 300 contributors and lots of new features.
Version 4.5 of WordPress, named “Coleman” in honor of jazz saxophonist Coleman Hawkins, is available for download or update in your WordPress dashboard. New features in 4.5 help streamline your workflow, whether you’re writing or building your site. Editing Improvements
Stay focused on your writing with a less distracting interface that keeps you in place and allows you to easily link to your content.
Do you enjoy using formatting shortcuts for lists and headings? Now they’re even more useful, with horizontal lines and .
Live Responsive Previews
Make sure your site looks great on all screens! Preview mobile, tablet, and desktop views directly in the customizer.
Themes can now support logos for your business or brand. Try it out with Twenty Sixteen and Twenty Fifteen in the Site Identity section of the customizer.
Under the Hood
Smart Image Resizing
Generated images now load up to 50% faster with no noticeable quality loss. It’s really cool.
Release notes are out, and this release fixes 6 security issues.
WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues:
Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.
Thank you to the reporters of these issues for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.
Quite a few security issues fixed in this one, yikes.
WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues:
Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
Control characters can trick redirect URL validation. Reported by Daniel Chatfield.
Unintended files can be deleted by administrators using the plugin deletion functionality. Reported by xuliang.
Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Daniel Cid.
Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. Reported by Sipke Mellema.
Thank you to the reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.
Download WordPress 4.7.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that
WordPress 4.1 is released named Dinah like all WordPress major version after a Jazz singer.
Version 4.1 of WordPress, named “Dinah” in honor of jazz singer Dinah Washington, is available for download or update in your WordPress dashboard. New features in WordPress 4.1 help you focus on your writing, and the new default theme lets you show it off in style. Introducing Twenty Fifteen
Our newest default theme, Twenty Fifteen, is a blog-focused theme designed for clarity.
Twenty Fifteen has flawless language support, with help from Google’s Noto font family.
The straightforward typography is readable on any screen size.
Your content always takes center stage, whether viewed on a phone, tablet, laptop, or desktop computer.
Sometimes, you just need to concentrate on putting your thoughts into words. Try turning on distraction-free writing mode. When you start typing, all the distractions will fade away, letting you focus solely on your writing. All your editing tools instantly return when you need them.
The Finer Points
Choose a language
Right now, WordPress 4.1 is already translated into over forty languages, with more always in progress. You can switch to any translation on the General Settings screen.
Log out everywhere
If you’ve ever worried
This is a beta of the new WordPress plugin repo. It's been encouraged we take it for a spin. :-)
Akismet checks your comments against the Akismet Web service to see if they look like spam or not. Increase your traffic, view your stats, speed up your site, and protect yourself from hackers with Jetpack.
WordPress out of the box is already technically quite a good platform for SEO, this was true when Joost wrote his original WordPress SEO article in 20 …
A brand new WordPress Support Ticket Management plugin. Its free, featured on several WP related place.
Create a fully featured Support Center within your WordPress environment without any third party software, for completely FREE of cost. No 3rd party support ticketing system required, no external site/api dependency, simply create your own fully featured Support Center within your WordPress environment, and take your support into the next level.
What is it?
The plugin is to provide support to your users - the users those are taking product or services from you. So the plugin provides a managable communication privately in between you and your that specific user only. Visit the 'Installation' tab for more details on how to use the plugin.
Smart templating for nice theme support
Smartly designed Support Center
Completely Private ticketing
Ticket submission with registration
Ticket submission with login (Beta Feature)
Auto generate user account's username on ticket submission (if chosen)
Auto generate user account's password on ticket submission (if chosen)
Knowledgebase content categories
Default ticket department 'Support'
Make agent from registered users
Assign ticket to an agent
Change ticket status (Pending, Open, Under
This is a link to a WordPress support post I just put up, because it looks like a PayPal change is going to impact anyone using PayPal on their sites. We're going to need to move to SSL faster than I expected. The issue will be how can we make SSL adoption and installation easier for users, because this is going to get messy, quickly.
Yesterday, I discovered that it was no longer possible to paste an http address into the PayPal sandbox IPN interface on PayPal. As far as I can tell, existing sandbox accounts with existing http IPN URLs still work, but there's no guarantee that will continue. What this means is that although PayPal has announced a September 2016 deadline for all PayPal sites to use https, they have apparently decided to land this new "feature" in the sandbox now.
This is not unique to Seamless Donations -- it appears that anything that uses PayPal's sandbox has been hit by this.
The https protocol is important, and it will be more secure, but it means you have to convert your site to handle https. I haven't yet done this for my sites, but I'm working my way through some tutorials and will hopefully add some helper code in Seamless Donations over time.
Also, to be clear, Seamless Donations as of 4.0.14 supports the new encryption protocols mandated by PayPal, so communication to and from PayPal is fully compliant. It's just that your Web site needs to be updated.
Technically, this isn't a Seamless Donations issue at all. If your site supports https, you should just be able to put an 's' in the IPN
Come and get it! This update has some maintenance fixes and enhancements, mainly: (1) fixes to the rich Text widget and (2) introduction of the Custom HTML widget.
After over 13 million downloads of WordPress 4.8, we are pleased to announce the immediate availability of WordPress 4.8.1, a maintenance release. This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the release notes, the tickets closed, and the list of changes.
Download WordPress 4.8.1 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.1.
Thanks to everyone who contributed to 4.8.1:
Adam Silverstein, Andrea Fercia, Andrew Ozz, Atanas Angelov, bonger, Boone Gorges, Boro Sitnikovski, David Herrera, James Nylen, Jeffrey Paul, Jennifer M. Dodd, K. Adam White, Konstantin Obenland, Mel Choyce, r-a-y, Reuben Gunday, Rinku Y, Said El Bakkali, Sergey Biryukov, Siddharth Thevaril, Timmy Crawford, and Weston Ruter.
Help Test! Since last beta, includes enhancements for video headers, REST API bug fixes, media and page template support in starter content, and more.
The release candidate for WordPress 4.7 is now available. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.7 on Tuesday, December 6, but we need your help to get there. If you haven’t tested 4.7 yet, now is the time! To test WordPress 4.7, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).
WordPress 4.7 is a jam-packed release, with a number of features focused on getting a theme set up for the first time. Highlights include a new default theme, video headers, custom CSS, customizer edit shortcuts, PDF thumbnail previews, user admin languages, REST API content endpoints, post type templates, and more.
We’ve made quite a few refinements since releasing Beta 4 a week ago, including usability and accessibility enhancements for video headers, media and page template support in starter content, and polishing of how custom CSS can be migrated to and extended by plugins and themes. The REST API endpoints saw a number of bugfixes and notably now have anonymous comment off by default.
Not sure where to start
Early in 2017, WordPress will begin promoting only hosting partners that provide SSL certificates by default. Next, a push will be made for the adoption of SSL APIs.
First, early in 2017, we will only promote hosting partners that provide a SSL certificate by default in their accounts. Later we will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.
Separately, I also think the performance improvements in PHP7 are particularly impressive,
A project & task management plugin was just released by a Corey Maass. What do you think about this one? Does this plugin stand a chance when compared with Trello?
Kanban for WordPress lets you run a complete kanban board on your WordPress site. If you want to get more done, if you want to see or show progress on your projects, if you want to use agile project management methods, try Kanban for WordPress. Features
Customize the board to work for your team, including custom swim lanes
Create tasks and projects quickly, right from the board. Most editing is "edit in place" for quick updating.
Assign tasks to team members as you complete tasks
Set estimates on how long you think tasks will take
Track hours, and see the progress of tasks as they get done
Create custom views by filtering and searching for tasks
Manage the users who have access to the board, in case some team members don't need to see it
Works on mobile!
While using this plugin if you find any bug or any conflict, please submit an issue at Github (If possible with a pull request).
A security release but also containing 6 maintenance fixes. Get your upgrade a-going people!
WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues:
$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco
A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the
More than 65 changes this week plus some other goodies. Plugin and theme developers should test as soon as possible.
WordPress 4.6 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
For more information on what’s new in 4.6, check out the Beta 1 and Beta 2 blog posts, along with in-depth field guides on make/core. Some of the fixes in Beta 3 include:
Revisions: Autosaves can now be restored when revisions are disabled (#36262).
An improved handling of PHP’s memory limit which doesn’t lower the limit anymore (#32075).
HTTP API: Proxy settings weren’t honored by the new HTTP library. This has been fixed (#37107).
Improved handling of UTF-8 address headers for emails (#21659).
Various bug fixes. We’ve made more than 65 changes during the last week.
Do you speak a language other than English? Help us translate WordPress into more than 100 languages!
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable