Category: WordPress

WordPress 5.5.1 is now available!

This maintenance release features 34 bug fixes, 5 enhancements, and 5 bug fixes for the block editor. These bugs affect WordPress version 5.5, so you’ll want to upgrade.

You can download WordPress 5.5.1 directly, or visit the Dashboard → Updates screen and click Update Now. If your sites support automatic background updates, they’ve already started the update process.

WordPress 5.5.1 is a short-cycle maintenance release. The next major release will be version 5.6.

To see a full list of changes, you can browse the list on Trac, read the 5.5.1 RC1 and 5.5.1 RC2 posts, or visit the 5.5.1 documentation page.

WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.

This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.

WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.

Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

Other highlights of this release include:

  • Hosts can now offer a button for their users to update PHP.
  • The recommended PHP version used by the “Update PHP” notice can now be filtered.
  • Several minor bug fixes.

You can browse the full list of changes on Trac.

WordPress 5.1.1 was a short-cycle maintenance release. Version 5.1.2 is expected to follow a similar two week release cadence.

You can download WordPress 5.1.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

Release of WordPress 5.1

Near the end of the month, WordPress 5.1 was released, featuring significant stability and performance enhancements as well as the first of the Site Health mechanisms that are in active development. Most prominent is the new warning for sites running long-outdated versions of PHP.

You can check out the Field Guide for this release for a detailed look at all the new features and improvements. The next release is already in development with plans to improve the Site Health features, PHP compatibility, and a number of other things.

Want to get involved in testing or building WordPress Core? You can install the WordPress Beta Tester plugin, follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Gutenberg Development Continues

The block editor that is now a part of WordPress core started out as a project named Gutenberg with the lofty goal of creating a whole new site-building experience for all WordPress users. The first phase of Gutenberg resulted in the block editor that was included in WordPress 5.0, but development didn’t stop there – phase 2 of the project is well underway.

This month, one of the initial goals for this phase was reached with all of the core WordPress widgets being converted to blocks – this will go a long way to allowing full sites to be built using blocks, rather than simply post or page content.

Want to get involved in developing Gutenberg? Check out the GitHub repository and join the #core-editor channel in the Making WordPress Slack group.

Block Editor Comes to the Mobile Apps

As Gutenberg development continues, the Mobile team has been working hard to integrate the new block editor into the WordPress mobile apps. Near the end of February, the team shipped a complete integration in the beta versions of the apps – this a significant milestone and a big step towards unifying the mobile and desktop editing experiences.

Both the iOS and Android apps are open for beta testers, so if you would like to experience the block editor on mobile today, then join the beta program.

Want to get involved in developing the WordPress mobile apps? Follow the Mobile team blog, and join the #mobile channel in the Making WordPress Slack group.

WordPress Triage Team Announced

One of the goals for 2019 that Matt Mullenweg (@matt) announced in his State of the Word address last year was to form a team who would work to manage the ever-increasing number of tickets in Trac, the bug tracker that WordPress Core employs.

This team, known as the Triage Team, has been announced. Their work will involve coordinating with component maintainers, release leads, project leadership, contributors, and other WordPress related projects with issue trackers outside of Trac to ensure that everyone is empowered to focus on contributing.

The team was formed based on nominations of volunteers to take part and will be led by Jonathan Desrosiers (@desrosj). The other members of the team are Chris Christoff (@chriscct7), Tammie Lister (@karmatosed), Sergey Biryukov (@sergey), and Sheri Bigelow (@designsimply) – all of whom have a strong track record of contributing to WordPress, have exhibited good triaging practices, and are overall good community members.

Updating WooCommerce

You can choose to update WooCommerce with one click or manually update it.

Important: Before updating, we recommended that you back up your current WooCommerce installation and your WordPress database. See How To Update Your Site on how to make a backup and test before going live.

One-Click Update

Be sure you’ve read and understand how to update your site, then come back to your live site to update..

  1. Back up your live site.
  2. Go to: Dashboard > Updates within WordPress.
  3. If there is an update, you’ll see WooCommerce in the list of plugins/themes to update.
  4. Tick the checkbox next to plugins/themes/WooCommerce, then select Update Now button.

Manual Update

Again, be certain you’ve read how to update your site.

  1. Downloadthe latest version of WooCommerce from WordPress.org.
  2. Upload the unzipped WooCommerce folder to the wp-content/plugins directory on your web server overwriting the old files.

WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7 and earlier are affected by eight security issues:

  1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer thanks to Dawid Golunski and Paul Buonopane.
  2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
  3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
  4. Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
  5. Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
  6. Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
  8. Weak cryptographic security for multisite activation key. Reported by Jack.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.1.

This content provided by WordPress here.

As always, be sure to backup your site + database before installing this new update.

WordPress 4.5 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.5, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information on what’s new in 4.5, check out the Beta 1 and Beta 2 blog posts, along with in-depth field guides on make/core. Some of the fixes in Beta 3 include:

  • Many Theme Logo Support (#33755) fixes, including support for bundled Twenty Fifteen (#35944).
  • Add Responsive Preview to theme install previewer (#36017).
  • Support Imagick in HHVM (#35973).
  • Whitelist IPTC, XMP, and EXIF profiles from strip_meta() to maintain authorship, copyright, license, and image orientation (#28634).
  • Support Windows shares/DFS roots in wp_normalize_path() (#35996).
  • New installs default to generating secret keys and salts locally instead of relying on the WordPress.org API. Please test installing WP in situations where it can’t connect to the internet (like on a ?, ✈️, or ?) (#35290).
  • OPTIONS requests to REST API should return Allow header (#35975).
  • Upgrade twemoji.js to version 2 (#36059) and add extra IE11 compatibility (#35977) for Emoji.
  • Various bug fixes. We’ve made more than 100 changes during the last week.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs.

Happy testing!

Beta one, two, three
so many bugs have been fixed
Closer now; four, five.

Call Now Button