Welcome to ManageWP.org

Register to share, discuss and vote for the best WordPress stories every day, find new ideas and inspiration for your business and network with other members of the WordPress community. Join the #1 WordPress news community!

×

3 min read Matt Cromwell
Plugins | wordpress.org | May. 13, 2015

New Plugin: WP Rollback

WP Rollback lets you rollback any theme or plugin to any version published on the Repo. There's no settings, it's built to be a seamless WordPress update experience. Great for those times when an update just doesn't go the way you wanted it to.

New Plugin: WP Rollback

Plugins | wordpress.org | May. 13, 2015

Quickly and easily rollback any theme or plugin from WordPress.org to any previous (or newer) version without any of the manual fuss. Works just like the plugin updater, except you're rolling back (or forward) to a specific version. No need for manually downloading and FTPing the files or learning Subversion. This plugin takes care of the trouble for you. Rollback WordPress.org Plugins and Themes
While it's considered best practice to always keep your WordPress plugins and themes updated, we understand there are times you may need to quickly revert to a previous version. This plugin makes that process as easy as a few mouse clicks. Simply select the version of the plugin or theme that you'd like to rollback to, confirm, and in a few moments you'll be using the version requested. No more fumbling to find the version, downloading, unzipping, FTPing, learning Subversion or hair pulling.
Muy Importante (Very Important): Always Test and Backup
Important Disclaimer: This plugin is not intended to be used without first taking the proper precautions to ensure zero data loss or site downtime. Always be sure you have first tested the rollback on a staging or development site prior to using WP

2 min read David Bisset
Development | wordpress.org | Jan. 26, 2017

WordPress 4.7.2 Security Release

This is a security release so better get to updating. Three issues including WP_Query being vulnerable to a SQL injection and a cross-site scripting (XSS) vulnerability.

WordPress 4.7.2 Security Release

Development | wordpress.org | Jan. 26, 2017

WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues:
The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
Thank you to the reporters of these issues for practicing responsible disclosure.
Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.
Thanks to everyone who contributed to 4.7.2.

3 min read Tim Nash
Community | wordpress.org | Sep. 4, 2014

WordPress 4.0 “Benny”

WordPress 4.0 is released today so you should go download and update all your sites.

WordPress 4.0 “Benny”

Community | wordpress.org | Sep. 4, 2014

Version 4.0 of WordPress, named “Benny” in honor of jazz clarinetist and bandleader Benny Goodman, is available for download or update in your WordPress dashboard. While 4.0 is just another number for us after 3.9 and before 4.1, we feel we’ve put a little extra polish into it. This release brings you a smoother writing and management experience we think you’ll enjoy. Manage your media with style
Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.
Working with embeds has never been easier
Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.
We’ve expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.
Focus on your content
Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools

2 min read Hesham
Security | wordpress.org | Jul. 23, 2015

WordPress 4.2.3 Security and Maintenance Release

WordPress 4.2.3 has been release, it's now available at WordPress.org, this is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress 4.2.3 Security and Maintenance Release

Security | wordpress.org | Jul. 23, 2015

WordPress 4.2.3 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.2.2 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site. This was reported by Jon Cave of the WordPress Security Team, and fixed by Robert Chapin.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.
Thanks to everyone who contributed to 4.2.3:

8 min read David Bisset
Development | wordpress.org | Dec. 6, 2016

WordPress 4.7 “Vaughan” Is Released!

It's here! Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan.

WordPress 4.7 “Vaughan” Is Released!

Development | wordpress.org | Dec. 6, 2016

Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan, is available for download or update in your WordPress dashboard. New features in 4.7 help you get your site set up the way you want it. Introducing WordPress 4.7Get Link to Video
Share
Play Video
Presenting Twenty Seventeen
A brand new default theme brings your site to life with immersive featured images and video headers.
Twenty Seventeen focuses on business sites and features a customizable front page with multiple sections. Personalize it with widgets, navigation, social menus, a logo, custom colors, and more. Our default theme for 2017 works great in many languages, on any device, and for a wide range of users.
Your Site, Your Way
WordPress 4.7 adds new features to the customizer to help take you through the initial setup of a theme, with non-destructive live previews of all your changes in one uninterrupted workflow.
Theme Starter Content
https://wordpress.org/news/files/2016/12/starter-content.mp4
To help give you a solid base to build from, individual themes can provide starter content that appears when you go to customize your brand new site. This can

6 min read Tim Nash
Community | wordpress.org | Dec. 18, 2014

WordPress 4.1 "Dinah"

WordPress 4.1 is released named Dinah like all WordPress major version after a Jazz singer.

WordPress 4.1 "Dinah"

Community | wordpress.org | Dec. 18, 2014

Version 4.1 of WordPress, named “Dinah” in honor of jazz singer Dinah Washington, is available for download or update in your WordPress dashboard. New features in WordPress 4.1 help you focus on your writing, and the new default theme lets you show it off in style. Introducing Twenty Fifteen
Our newest default theme, Twenty Fifteen, is a blog-focused theme designed for clarity.
Twenty Fifteen has flawless language support, with help from Google’s Noto font family.
The straightforward typography is readable on any screen size.
Your content always takes center stage, whether viewed on a phone, tablet, laptop, or desktop computer.
Distraction-free writing
Just write.
Sometimes, you just need to concentrate on putting your thoughts into words. Try turning on distraction-free writing mode. When you start typing, all the distractions will fade away, letting you focus solely on your writing. All your editing tools instantly return when you need them.
The Finer Points
Choose a language
Right now, WordPress 4.1 is already translated into over forty languages, with more always in progress. You can switch to any translation on the General Settings screen.
Log out everywhere
If you’ve ever worried

6 min read Ahmad Awais
Development | wordpress.org | Apr. 12, 2016

Introducing WordPress 4.5 “Coleman”

WordPress 4.5 is here. Congrats Mike and everyone involved. About 300 contributors and lots of new features.

Introducing WordPress 4.5 “Coleman”

Development | wordpress.org | Apr. 12, 2016

Version 4.5 of WordPress, named “Coleman” in honor of jazz saxophonist Coleman Hawkins, is available for download or update in your WordPress dashboard. New features in 4.5 help streamline your workflow, whether you’re writing or building your site. Editing Improvements
Inline Linking
Stay focused on your writing with a less distracting interface that keeps you in place and allows you to easily link to your content.
Formatting Shortcuts
Do you enjoy using formatting shortcuts for lists and headings? Now they’re even more useful, with horizontal lines and .
Customization Improvements
Live Responsive Previews
Make sure your site looks great on all screens! Preview mobile, tablet, and desktop views directly in the customizer.
Custom Logos
Themes can now support logos for your business or brand. Try it out with Twenty Sixteen and Twenty Fifteen in the Site Identity section of the customizer.
Under the Hood
Smart Image Resizing
Generated images now load up to 50% faster with no noticeable quality loss. It’s really cool.
Selective Refresh
The customizer now supports a comprehensive framework for rendering parts of the preview without rewriting your PHP code in JavaScript.
Script Loader

3 min read M Asif Rahman
Plugins | wordpress.org | Jun. 19, 2016

NanoSupport

A brand new WordPress Support Ticket Management plugin. Its free, featured on several WP related place.

NanoSupport

Plugins | wordpress.org | Jun. 19, 2016

Create a fully featured Support Center within your WordPress environment without any third party software, for completely FREE of cost. No 3rd party support ticketing system required, no external site/api dependency, simply create your own fully featured Support Center within your WordPress environment, and take your support into the next level.
What is it?
The plugin is to provide support to your users - the users those are taking product or services from you. So the plugin provides a managable communication privately in between you and your that specific user only. Visit the 'Installation' tab for more details on how to use the plugin.
Features
OnActivation setup
Smart templating for nice theme support
Smartly designed Support Center
Completely Private ticketing
Ticket submission with registration
Ticket submission with login (Beta Feature)
Auto generate user account's username on ticket submission (if chosen)
Auto generate user account's password on ticket submission (if chosen)
Knowledgebase
Knowledgebase content categories
Ticket departments
Default ticket department 'Support'
Make agent from registered users
Assign ticket to an agent
Change ticket status (Pending, Open, Under

Community | wordpress.org | Jul. 10, 2014

WordPress 4.0 Beta 1

WordPress is about to launch the new version in August. We are pleased to be testing the new version of WordPress 4.0 Beta one.

WordPress 4.0 Beta 1

Community | wordpress.org | Jul. 10, 2014

WordPress 4.0 Beta 1 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.0, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
4.0 is due out next month, but to get there, we need your help testing what we’ve been working on:
Previews of embedding via URLs in the visual editor and the “Insert from URL” tab in the media modal. Try pasting a URL (such as a WordPress.tv or YouTube video) onto its own line in the visual editor. (#28195, #15490)
The Media Library now has a “grid” view in addition to the existing list view. Clicking on an item takes you into a modal where you can see a larger preview and edit information about that attachment, and you can navigate between items right from the modal without closing it. (#24716)
We’re freshening up the plugin install experience. You’ll see some early visual changes as well as more information when searching for plugins and viewing details. (#28785, #27440)
Selecting a language when you run the installation process. (#28577)
The editor

3 min read David Gewirtz
Community | wordpress.org | Mar. 26, 2016

Changes to PayPal: SSL, https, sandboxing, and what it all means

This is a link to a WordPress support post I just put up, because it looks like a PayPal change is going to impact anyone using PayPal on their sites. We're going to need to move to SSL faster than I expected. The issue will be how can we make SSL adoption and installation easier for users, because this is going to get messy, quickly.

Changes to PayPal: SSL, https, sandboxing, and what it all means

Community | wordpress.org | Mar. 26, 2016

Yesterday, I discovered that it was no longer possible to paste an http address into the PayPal sandbox IPN interface on PayPal. As far as I can tell, existing sandbox accounts with existing http IPN URLs still work, but there's no guarantee that will continue. What this means is that although PayPal has announced a September 2016 deadline for all PayPal sites to use https, they have apparently decided to land this new "feature" in the sandbox now.
This is not unique to Seamless Donations -- it appears that anything that uses PayPal's sandbox has been hit by this.
The https protocol is important, and it will be more secure, but it means you have to convert your site to handle https. I haven't yet done this for my sites, but I'm working my way through some tutorials and will hopefully add some helper code in Seamless Donations over time.
Also, to be clear, Seamless Donations as of 4.0.14 supports the new encryption protocols mandated by PayPal, so communication to and from PayPal is fully compliant. It's just that your Web site needs to be updated.
Technically, this isn't a Seamless Donations issue at all. If your site supports https, you should just be able to put an 's' in the IPN

1 min read David Bisset
Plugins | wordpress.org | Jun. 24, 2016

WordPress Plugin Repo: BETA

This is a beta of the new WordPress plugin repo. It's been encouraged we take it for a spin. :-)

WordPress Plugin Repo: BETA

Plugins | wordpress.org | Jun. 24, 2016

Akismet checks your comments against the Akismet Web service to see if they look like spam or not. Increase your traffic, view your stats, speed up your site, and protect yourself from hackers with Jetpack.
WordPress out of the box is already technically quite a good platform for SEO, this was true when Joost wrote his original WordPress SEO article in 20 …

2 min read Ahmad Awais
Plugins | wordpress.org | Oct. 14, 2015

Kanban for WordPress

A project & task management plugin was just released by a Corey Maass. What do you think about this one? Does this plugin stand a chance when compared with Trello?

Kanban for WordPress

Plugins | wordpress.org | Oct. 14, 2015

Kanban for WordPress lets you run a complete kanban board on your WordPress site. If you want to get more done, if you want to see or show progress on your projects, if you want to use agile project management methods, try Kanban for WordPress. Features
Customize the board to work for your team, including custom swim lanes
Create tasks and projects quickly, right from the board. Most editing is "edit in place" for quick updating.
Assign tasks to team members as you complete tasks
Set estimates on how long you think tasks will take
Track hours, and see the progress of tasks as they get done
Create custom views by filtering and searching for tasks
Manage the users who have access to the board, in case some team members don't need to see it
Works on mobile!
While using this plugin if you find any bug or any conflict, please submit an issue at Github (If possible with a pull request).

Community | wordpress.org | Apr. 21, 2015

WordPress 4.1.2 Security Release

Important update. Please check your plugins if they aren't effected with it. It is recommended to update all your websites to WordPress 4.1.2.

WordPress 4.1.2 Security Release

Community | wordpress.org | Apr. 21, 2015

No Description

Plugins | wordpress.org | Sep. 18, 2015

Publish To Apple News

Couple of day after the announcement we now have a plugin

Publish To Apple News

Plugins | wordpress.org | Sep. 18, 2015

The Publish to Apple News plugin enables your WordPress blog content to be published to your Apple News channel. Features include:
Convert Your WordPress content into Apple News Format content.
Configure Your Apple News Channel Credentials for Upload.
Automatically or Manually Publish Posts from WP to Apple News.
Control Individual Posts with Options to Publish, Update, or Delete.
Use Bulk Publishing Controls.
Handle Banners and Image Galleries.
Toggle Advertisements On or Off.
To enable content from your WordPress blog to be published to your Apple News channel, you must obtain and enter Apple News API credentials from Apple.
Please see the Apple Developer and Apple News Publisher documentation and terms on Apple’s website for complete information.

Community | wordpress.org | Apr. 23, 2015

WordPress 4.2 "Powell"

The new version of WordPress is now available named after Bud Powell.

WordPress 4.2 "Powell"

Community | wordpress.org | Apr. 23, 2015

Version 4.2 of WordPress, named “Powell” in honor of jazz pianist Bud Powell, is available for download or update in your WordPress dashboard. New features in 4.2 help you communicate and share, globally. An easier way to share content
Clip it, edit it, publish it. Get familiar with the new and improved Press This. From the Tools menu, add Press This to your browser bookmark bar or your mobile device home screen. Once installed you can share your content with lightning speed. Sharing your favorite videos, images, and content has never been this fast or this easy.
Extended character support
Writing in WordPress, whatever your language, just got better. WordPress 4.2 supports a host of new characters out-of-the-box, including native Chinese, Japanese, and Korean characters, musical and mathematical symbols, and hieroglyphs.
Don’t use any of those characters? You can still have fun — emoji are now available in WordPress! Get creative and decorate your content with

1 min read Ahmad Awais
Plugins | wordpress.org | Aug. 1, 2015

Epoch - A native Disqus alternative with a focus on speed and privacy

The team behind Postmatic is aiming to breathe new life into WordPress native comments with the 1.0 release of Epoch today. The plugin was created to provide a Disqus alternative with faster loading and submitting for comments.

Epoch - A native Disqus alternative with a focus on speed and privacy

Plugins | wordpress.org | Aug. 1, 2015

Epoch integrates with your existing theme by matching the colors, typography, and width of your content area. Automatically. Epoch is compatible with other 3rd party commenting plugins such as Postmatic (enable commenting by email), WordPress Social Login (for logging in via Twitter, Facebook, and more), WP-reCAPTCHA, Aksimet, and WordPress Zero Spam (Spam protection), and WYSIWYG Comment Form (for adding a toolbard to the comment area).

4 min read Ryan Love
Community | wordpress.org | Apr. 15, 2015

WordPress 4.2 Release Candidate - Expected Date: Wed April 22!

The release candidate for WordPress 4.2 is now available. - Their hoping to ship WordPress 4.2 on Wednesday, April 22!

WordPress 4.2 Release Candidate - Expected Date: Wed April 22!

Community | wordpress.org | Apr. 15, 2015

The release candidate for WordPress 4.2 is now available. We’ve made more than 140 changes since releasing Beta 4 a week and a half ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.2 on Wednesday, April 22, but we need your help to get there.
If you haven’t tested 4.2 yet, now is the time! (Please though, not on your live site unless you’re adventurous.)
Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.
To test WordPress 4.2 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).
For more information about what’s new in version 4.2, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog posts.
Developers, please test your plugins and themes against WordPress 4.2 and update your plugin’s Tested up to version in the readme to 4.2 before next week. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.
Be sure to follow along the core

2 min read David Bisset
Development | wordpress.org | May. 6, 2016

WordPress 4.5.2 Security Release

WordPress versions

WordPress 4.5.2 Security Release

Development | wordpress.org | May. 6, 2016

WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.
Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53. Thanks to the team for practicing responsible disclosure, and to the Plupload and MediaElement.js teams for working closely with us to coördinate and fix these issues.
Download WordPress 4.5.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.2.
Additionally, there are multiple widely publicized vulnerabilities in the ImageMagick image processing library, which is used by a number of hosts and is supported in WordPress. For

15 min read Donna Cavalier
Security | wordpress.org | May. 27, 2016

Jetpack by WordPress.com 4.0.3 May 26th, 2016 Important security update. Please upgrade immediately.

Couldn't find any more information on this, but figured it was important enough to share what little info I had.

Jetpack by WordPress.com 4.0.3 May 26th, 2016 Important security update. Please upgrade immediately.

Security | wordpress.org | May. 27, 2016

Important security update. Please upgrade immediately. Release date: April 21st, 2016
Bug Fix:
Addresses an issue where Jetpack 4.0 caused a fatal error on sites with specific configurations.
Release date: April 20th, 2016
Performance Enhancements:
Protect: the routine that verifies your site is protected from brute-force attacks got some love and is more efficient.
Contact Forms: cleaning the database of spam form submission records is more efficient.
Feature Improvements:
VideoPress: edit your VideoPress shortcode in the editor with a fancy new modal options window.
Custom Content Types are now classier: a new CSS class on Testimonial featured images — has-testimonial-thumbnail — allows you to customize Jetpack custom post types as you see fit.
Sharing: social icons are now placed under the "add to cart” singular product views in WooCommerce, making it easier for customers to share your products on social media.
Theme Tools: search engines will now have an easier time knowing what page they are on, and how that page relates to the other pages in your site hierarchy with improved schema.org microdata for breadcrumbs.
Widget Visibility: now you can select widgets

Plugins | wordpress.org | Jul. 28, 2015

Slack invitations plugin

A new plugin to facilitate invitations to your slack group :)

Slack invitations plugin

Plugins | wordpress.org | Jul. 28, 2015

Requires: 4.0 or higher Compatible up to: 4.3
Last Updated: 2015-7-24
Active Installs: Less than 10
Ratings
5 out of 5 stars

2 min read David Bisset
Development | wordpress.org | Jul. 13, 2016

WordPress 4.6 Beta 3

More than 65 changes this week plus some other goodies. Plugin and theme developers should test as soon as possible.

WordPress 4.6 Beta 3

Development | wordpress.org | Jul. 13, 2016

WordPress 4.6 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
For more information on what’s new in 4.6, check out the Beta 1 and Beta 2 blog posts, along with in-depth field guides on make/core. Some of the fixes in Beta 3 include:
Revisions: Autosaves can now be restored when revisions are disabled (#36262).
An improved handling of PHP’s memory limit which doesn’t lower the limit anymore (#32075).
HTTP API: Proxy settings weren’t honored by the new HTTP library. This has been fixed (#37107).
Improved handling of UTF-8 address headers for emails (#21659).
Various bug fixes. We’ve made more than 65 changes during the last week.
Do you speak a language other than English? Help us translate WordPress into more than 100 languages!
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable

4 min read David Bisset
Development | wordpress.org | Jul. 27, 2016

WordPress 4.6 Release Candidate

Nearing ever closer to a release! If things go well, WordPress 4.6 will ship on August 16.

WordPress 4.6 Release Candidate

Development | wordpress.org | Jul. 27, 2016

The release candidate for WordPress 4.6 is now available. We’ve made a few refinements since releasing Beta 4 a week ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.6 on Tuesday, August 16, but we need your help to get there.
If you haven’t tested 4.6 yet, now is the time!
Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.
To test WordPress 4.6, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).
For more information about what’s new in version 4.6, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog posts.
Developers, please test your plugins and themes against WordPress 4.6 and update your plugin’s Tested up to version in the readme to 4.6. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release – we never want to break things.
Be sure to read the in-depth field guide, a post with all the developer-focused

3 min read Donna Cavalier
Security | wordpress.org | 23 days ago

WordPress 4.7.3 Security and Maintenance Release

Quite a few security issues fixed in this one, yikes.

WordPress 4.7.3 Security and Maintenance Release

Security | wordpress.org | 23 days ago

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues:
Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
Control characters can trick redirect URL validation. Reported by Daniel Chatfield.
Unintended files can be deleted by administrators using the plugin deletion functionality. Reported by xuliang.
Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Daniel Cid.
Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. Reported by Sipke Mellema.
Thank you to the reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.
Download WordPress 4.7.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that

Community | wordpress.org | Dec. 1, 2016

WordPress.org Makes a Push for SSL Adoption

Early in 2017, WordPress will begin promoting only hosting partners that provide SSL certificates by default. Next, a push will be made for the adoption of SSL APIs.

WordPress.org Makes a Push for SSL Adoption

Community | wordpress.org | Dec. 1, 2016

We’re at a turning point: 2017 is going to be the year that we’re going to see features in WordPress which require hosts to have SSL available, just as Javascript is an almost necessity for smoother user experiences and more modern PHP versions for performance, SSL just makes sense as the next hurdle our users are going to face. SSL basically means the link between your browser and the server is encrypted. SSL used to be difficult to implement, and often expensive or slow. Modern browsers, and the incredible success of projects like Let’s Encrypt have made getting a certificate to secure your site fast, free, and something we think every host should support by default, especially in a post-Snowden era. Google also weighs SSL as a search engine ranking factor and will begin flagging unencrypted sites in Chrome.
First, early in 2017, we will only promote hosting partners that provide a SSL certificate by default in their accounts. Later we will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.
Separately, I also think the performance improvements in PHP7 are particularly impressive,