WordPress 5.5 Beta 1

Posted by download | Posted in Software | Posted on 07-07-2020

WordPress 5.5 Beta 1 is now available for testing!

This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version.

You can test the WordPress 5.5 beta in two ways:

The current target for final release is August 11, 2020. This is only five weeks away. Your help is needed to ensure this release is tested properly.

Testing for bugs is an important part of polishing the release during the beta stage and a great way to contribute. Here are some of the big changes and features to pay close attention to while testing.

Block editor: features and improvements

WordPress 5.5 will include ten releases of the Gutenberg plugin, bringing with it a long list of exciting new features. Here are just a few:

  • Inline image editing – Crop, rotate, and zoom photos inline right from image blocks.
  • Block patterns – Building elaborate pages can be a breeze with new block patterns. Several are included by default.
  • Device previews – See how your content will look to users on many different screen sizes.
  • End block overwhelm. The new block inserter panel displays streamlined categories and collections. As a bonus, it supports patterns and integrates with the new block directory right out of the box.
  • Discover, install, and insert third-party blocks from your editor using the new block directory.
  • A better, smoother editing experience with: 
    • Refined drag-and-drop
    • Block movers that you can see and grab
    • Parent block selection
    • Contextual focus highlights
    • Multi-select formatting lets you change a bunch of blocks at once 
    • Ability to copy and relocate blocks easily
    • And, better performance
  • An expanded design toolset for themes.
  • Now add backgrounds and gradients to more kinds of blocks, like groups, columns, media & text
  • And support for more types of measurements — not just pixels. Choose ems, rems, percentages, vh, vw, and more! Plus, adjust line heights while typing, turning writing and typesetting into the seamless act.

In all, WordPress 5.5 brings more than 1,500 useful improvements to the block editor experience. 

To see all of the features for each release in detail check out the release posts: 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, and 8.4.

Wait! There’s more!

XML sitemaps

XML Sitemaps are now included in WordPress and enabled by default. Sitemaps are essential to search engines discovering the content on your website. Your site’s home page, posts, pages, custom post types, and more will be included to improve your site’s visibility.

Auto-updates for plugins and themes

WordPress 5.5 also brings auto-updates for plugins and themes. Easily control which plugins and themes keep themselves up to date on their own. It’s always recommended that you run the latest versions of all plugins and themes. The addition of this feature makes that easier than ever!

Lazy-loading images

WordPress 5.5 will include native support for lazy-loaded images utilizing new browser standards. With lazy-loading, images will not be sent to users until they approach the viewport. This saves bandwidth for everyone (users, hosts, ISPs), makes it easier for those with slower internet speeds to browse the web, saves electricity, and more.

Better accessibility

With every release, WordPress works hard to improve accessibility. Version 5.5 is no different and packs a parcel of accessibility fixes and enhancements. Take a look:

  • List tables now come with extensive, alternate view modes.
  • Link-list widgets can now be converted to HTML5 navigation blocks.
  • Copying links in media screens and modal dialogs can now be done with a simple click of a button.
  • Disabled buttons now actually look disabled.
  • Meta boxes can now be moved with the keyboard.
  • A custom logo on the front page no longer links to the front page.
  • Assistive devices can now see status messages in the Image Editor.
  • The shake animation indicating a login failure now respects the user’s choices in the `prefers-reduced-motion` media query.
  • Redundant `Error:` prefixes have been removed from error notices.

Miscellaneous Changes

Keep your eyes on the Make WordPress Core blog for 5.5-related developer notes in the coming weeks, breaking down these and other changes in greater detail.

So far, contributors have fixed more than 350 tickets in WordPress 5.5, including 155 new features and enhancements, and more bug fixes are on the way.

How You Can Help

Do you speak a language other than English? Help translate WordPress into more than 100 languages!

If you think you’ve found a bug, please post to the Alpha/Beta area in the support forums. We would love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac. That’s also where you can find a list of known bugs.

Props to @webcommsat, @yvettesonneveld, @estelaris, and @marybaum for compiling/writing this post, @davidbaumwald for editing/proof reading, and @cbringmann, @desrosj, and @andreamiddleton for final review.

The Month in WordPress: June 2020

Posted by download | Posted in Software | Posted on 02-07-2020

June was an exciting month for WordPress! Major changes are coming to the Gutenberg plugin, and WordCamp Europe brought the WordPress community closer together. Read on to learn more and to get all the latest updates. 


WordPress 5.4.2 released

We said hello to WordPress 5.4.2 on June 10. This security and maintenance release features 17 fixes and 4 enhancements, so we recommend that you update your sites immediately. To download WordPress 5.4.2, visit your Dashboard, click on Updates, then Update Now, or download the latest version directly from WordPress.org. For more information, visit this post, review the full list of changes on Trac, or check out the HelpHub documentation page for version 5.4.2. WordPress 5.4.2 is a short-cycle maintenance release. The next major release will be version 5.5, planned for August 2020

Want to get involved in building WordPress Core? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Gutenberg 8.3 and 8.4

The core team launched Gutenberg 8.3 and 8.4 this month, paving the way for some exciting block editor features. Version 8.3 introduced enhancements like a reorganized, more intuitive set of block categories, a parent block selector, an experimental spacing control, and user-controlled link color options. Version 8.4 comes with new image-editing tools and the ability to edit options for multiple blocks.  The block directory search feature that was previously available as an experimental feature, is now enabled for all Gutenberg installations. For full details on the latest versions on these Gutenberg releases, visit these posts about 8.3 and 8.4.

Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.

WordPress Bumps Minimum Recommended PHP Version to 7.2

In a major update, WordPress has bumped the minimum PHP recommendation to 7.2. The ServeHappy API has been updated to set the minimum acceptable PHP version to 7.2, while the WordPress downloads page recommends 7.3 or newer. Previously, the ServeHappy dashboard widget was showing the upgrade notice to users of PHP 5.6 or lower. This decision comes after discussions with the core Site Health team and the Hosting team, both of which recommended that the upgrade notice be shown to users of PHP <=7.1.

WordCamp Europe 2020 Moved Online

Following the success of a remote WordCamp Spain, WordCamp Europe was held fully online from June 4 to 6. The event drew a record 8,600 signups from people based in 138 countries, along with 2,500 signups for contributor day. WCEU Online also showcased 33 speakers and 40 sponsors, in addition to a Q&A with Matt Mullenweg. You can find the videos of the event in WordPress.tv by following this link, or you can catch the live stream recording of the entire event from the WP Europe YouTube Channel.

Want to get involved with the Community team? Follow the Community blog here, or join them in the #community-events channel in the Making WordPress Slack group. To organize a Meetup or WordCamp, visit the handbook page


Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

Celebrating Pride Month: Perspectives on Identity, Diversity, Communication, and Change

Posted by download | Posted in Software | Posted on 30-06-2020

Throughout June, we’ve published a series of Q&As at WordPress Discover featuring members of the Automattic team. These conversations explore personal journeys; reflections on identity; and diversity and inclusion in tech, design, and the workplace. Here are highlights from these interviews.


“In a World That Wants You to Apologize or Minimize Who You Are, Don’t.”

Gina Gowins is an HR operations magician on the Human League, our global human resources team. In this interview, Gina examines identity and language; communication and trust-building in a distributed, mostly text-based environment; and how her life experiences have informed her work.

I am particularly attached to the term queer as a repurposing of a word that was once used to isolate and disempower people — it was used to call people out as problematically different and other. From my perspective, there is no normal and no other; instead, we are all individual and unique. Identifying as queer allows me to take pride in my own individuality.

Language changes over time, and how we use language shapes our values and thinking. In a culture that is aggressively governed by heteronormative values and where it can still be dangerous and lonely to be LGBTQIA+ — such as the United States, where I live — defining myself as queer is also my small act of defiance. It is a reminder of the consistent fight for acceptance, inclusion, and justice that so many people face, and our inherent value and validity as humans.


“Reflect What Is Given, and In So Doing Change It a Little”

Echo Gregor is a software engineer on Jetpack’s Voyager team, working on new features that “expand Jetpack’s frontiers.” In this conversation, Echo talks about gender identity, pronouns, and names; and how xer identity and experiences have impacted xer approach to development and work in general.

Earlier in my transition, I called myself “E” sort of as a placeholder while I pondered name things. One late night, on the way home from a party, I had a friend ask if they could call me Echo, as it was the callsign equivalent for “E.” I immediately fell in love with the name, and gradually started using it more and more, until I made it my legal name.

I like that it’s simple and doesn’t have many gendered connotations in the modern world. I also appreciate it’s mythological origin! In the myth, Echo was a mountain nymph cursed by the goddess Hera — to be unable to speak, and only repeat the last words said to her.

I think there’s a lot of parallels in our world to that idea. We’re part of systems that are so much bigger than us that it’s rare any one of us can be loud enough to bring meaningful change, to speak new words. But echoes don’t perfectly repeat things. They reflect what is given, and in so doing change it a little. I like to try and live up to that by bringing a bit of change to the world, not by being the loudest, but by reflecting things back in my own way.


“Living My Life Freely and Authentically”

Mel Choyce-Dwan is a product designer on the theme team. In this Q&A, Mel tells us how she got involved with the WordPress community through a previous WordCamp, about her observations of tech events as a queer designer, and about the importance of inclusive design.

Show a lot of different kinds of people in your writing and your imagery, and don’t make assumptions. Talk to people from the communities you’re representing if you can, or read about their own experiences from their perspectives. Don’t assume you know better than someone else’s lived experience. When in doubt, talk to people.

And don’t just talk to people about how your product should work, talk about how it shouldn’t work. Talk about how people think others could hurt them using your product. People of marginalized identities often have stories of being harassed, stalked, or abused on the web. We need to think about how our products can be used for harm before — not after — the harassment.


“Every Person and Voice Has the Opportunity to Be Heard”

Niesha Sweet, a people experience wrangler on the Human League, says she feels like she was destined to work at Automattic. In this final interview, Niesha reflects on her Pride Month traditions and what she finds most rewarding about her HR work.

I would say that we all have to apply an additional level of empathy, understanding, and openness when working together. Just with communication alone — English is not the first language for some Automatticians, and some cultures’ communication style is direct. Assuming positive intent and having an additional level of empathy for one another allows us to effectively communicate with each other, while also appreciating our differences. 

The reward that comes with our diverse workforce is that every person and voice has the opportunity to be heard. Impostor syndrome is real, so some Automatticians may not feel as though they can share their ideas with anyone at the company, but we truly can. Our level of diversity is truly outside of what the typical company is aiming to achieve. That’s not to say we’re not looking to hire more diverse Automatticians, or increase our workforce with non-US hires, but we’re not limited by age, sexual orientation, race, and gender identity. Diversity has a different meaning in a lot of the countries where we have Automatticians, and that alone is rewarding. 


Learn more about diversity and inclusion at Automattic. We’re currently hiring — apply to work with us!

Celebrating Pride Month: Perspectives on Identity, Diversity, Communication, and Change

Posted by download | Posted in Software | Posted on 30-06-2020

Throughout June, we’ve published a series of Q&As at WordPress Discover featuring members of the Automattic team. These conversations explore personal journeys; reflections on identity; and diversity and inclusion in tech, design, and the workplace. Here are highlights from these interviews.


“In a World That Wants You to Apologize or Minimize Who You Are, Don’t.”

Gina Gowins is an HR operations magician on the Human League, our global human resources team. In this interview, Gina examines identity and language; communication and trust-building in a distributed, mostly text-based environment; and how her life experiences have informed her work.

I am particularly attached to the term queer as a repurposing of a word that was once used to isolate and disempower people — it was used to call people out as problematically different and other. From my perspective, there is no normal and no other; instead, we are all individual and unique. Identifying as queer allows me to take pride in my own individuality.

Language changes over time, and how we use language shapes our values and thinking. In a culture that is aggressively governed by heteronormative values and where it can still be dangerous and lonely to be LGBTQIA+ — such as the United States, where I live — defining myself as queer is also my small act of defiance. It is a reminder of the consistent fight for acceptance, inclusion, and justice that so many people face, and our inherent value and validity as humans.


“Reflect What Is Given, and In So Doing Change It a Little”

Echo Gregor is a software engineer on Jetpack’s Voyager team, working on new features that “expand Jetpack’s frontiers.” In this conversation, Echo talks about gender identity, pronouns, and names; and how xer identity and experiences have impacted xer approach to development and work in general.

Earlier in my transition, I called myself “E” sort of as a placeholder while I pondered name things. One late night, on the way home from a party, I had a friend ask if they could call me Echo, as it was the callsign equivalent for “E.” I immediately fell in love with the name, and gradually started using it more and more, until I made it my legal name.

I like that it’s simple and doesn’t have many gendered connotations in the modern world. I also appreciate it’s mythological origin! In the myth, Echo was a mountain nymph cursed by the goddess Hera — to be unable to speak, and only repeat the last words said to her.

I think there’s a lot of parallels in our world to that idea. We’re part of systems that are so much bigger than us that it’s rare any one of us can be loud enough to bring meaningful change, to speak new words. But echoes don’t perfectly repeat things. They reflect what is given, and in so doing change it a little. I like to try and live up to that by bringing a bit of change to the world, not by being the loudest, but by reflecting things back in my own way.


“Living My Life Freely and Authentically”

Mel Choyce-Dwan is a product designer on the theme team. In this Q&A, Mel tells us how she got involved with the WordPress community through a previous WordCamp, about her observations of tech events as a queer designer, and about the importance of inclusive design.

Show a lot of different kinds of people in your writing and your imagery, and don’t make assumptions. Talk to people from the communities you’re representing if you can, or read about their own experiences from their perspectives. Don’t assume you know better than someone else’s lived experience. When in doubt, talk to people.

And don’t just talk to people about how your product should work, talk about how it shouldn’t work. Talk about how people think others could hurt them using your product. People of marginalized identities often have stories of being harassed, stalked, or abused on the web. We need to think about how our products can be used for harm before — not after — the harassment.


“Every Person and Voice Has the Opportunity to Be Heard”

Niesha Sweet, a people experience wrangler on the Human League, says she feels like she was destined to work at Automattic. In this final interview, Niesha reflects on her Pride Month traditions and what she finds most rewarding about her HR work.

I would say that we all have to apply an additional level of empathy, understanding, and openness when working together. Just with communication alone — English is not the first language for some Automatticians, and some cultures’ communication style is direct. Assuming positive intent and having an additional level of empathy for one another allows us to effectively communicate with each other, while also appreciating our differences. 

The reward that comes with our diverse workforce is that every person and voice has the opportunity to be heard. Impostor syndrome is real, so some Automatticians may not feel as though they can share their ideas with anyone at the company, but we truly can. Our level of diversity is truly outside of what the typical company is aiming to achieve. That’s not to say we’re not looking to hire more diverse Automatticians, or increase our workforce with non-US hires, but we’re not limited by age, sexual orientation, race, and gender identity. Diversity has a different meaning in a lot of the countries where we have Automatticians, and that alone is rewarding. 


Learn more about diversity and inclusion at Automattic. We’re currently hiring — apply to work with us!

Editing and Enhancing Images in the WordPress Apps

Posted by download | Posted in Software | Posted on 29-06-2020

The WordPress app on your Android or iOS device is your companion wherever you go. Manage your site, write and publish, and even add images to your posts — from anywhere you are. Oftentimes, the most engaging posts include visuals, like the photos you take on the go: pictures from last week’s walk, snapshots of your afternoon picnic, or portraits of the family with your puppy.

Have you ever needed to edit your images on your phone? Maybe the lighting wasn’t quite right, or the framing and composition were off. You can now make small retouches right in the WordPress app, like cropping, rotating, and even adding a filter to change the mood of your photos.

Editing photos

You now have the option to edit an image. If your photo is already in the post, tap it, then tap the icon in the top right corner and select Edit. When you’re finished editing the image, tap Done and the previous image will be replaced with the new one.

If you’re adding a new image, you can edit it before inserting it into the post. For example, add a Gallery Block, tap Add Media, and select Choose from your device. Select one or multiple photos, then in the bottom left corner, tap Edit. Edit your image, tap Insert, and that’s it!

If you’re offline, you can still add, edit, and insert new images to a post. 

Making small adjustments

Need to adjust or enhance an image? You can now rotate a photo or crop the borders:

Adding a filter or drawing over an image

If you’re using the iOS app, you can apply a filter to your picture:

And if you have iOS 13 or later, you can also draw over an image, either with your finger or with your Apple Pencil:


We’re thrilled about these new updates to the Media Editor! Let us know what you’d like to see in upcoming versions. We’d love to hear your feedback.

Expert Advice: Manage Your Site on the Go Using the WordPress Mobile Apps

Posted by download | Posted in Software | Posted on 19-06-2020

For many people, the go-to tool for updating a website is a laptop or desktop computer. Did you know, though, that the computer you carry around in your pocket has as much power as the one on your desk? The WordPress mobile apps are packed with features that make it possible to manage your site no matter where you are.

Want to become a WordPress app pro? Register for our next webinar, “WordPress Mobile: Your site. Your inspiration. Anywhere.” We’ll be sharing bite-sized tips that will transform the way you manage your site and connect with your audience. 

Some of the topics we’ll cover include:

  • How to create a site from your phone.
  • Using stats on the mobile app for a deep dive into your site’s performance. 
  • Leveraging the activity log to keep an eye on what’s going on around your site.
  • The recently introduced WordPress editor and the ways it has revolutionized mobile content creation. 
  • Starter page templates and how they can jump-start your page designs.
  • How to use the WordPress.com Reader to find new content and expand your site’s audience. 
  • Making the most of real-time notifications and alerts.

Date: Wednesday, June 24, 2020
Time: 10:00 a.m. PDT | 11:00 a.m. MDT | 12:00 p.m. CDT | 1:00 p.m. EDT | 17:00 UTC
Cost: Free
Registration link

Eli Budelli and I will be your hosts — we work on the WordPress mobile apps, so you’ll be learning and sharing with the people who are crafting your mobile experiences. No previous knowledge using our mobile apps is necessary, but we recommend a basic familiarity with WordPress.com and installing the WordPress app to ensure you can make the most from the webinar. The session will cover both iOS and Android, last about 40 minutes, and conclude with a Q&A session (15-20 minutes), so start writing down any questions you may have, and bring them with you to the webinar.

Attendee slots are limited, so be sure to register early to save your seat! But if you can’t make it, we’ve got your back. A recording of the webinar will be uploaded to our YouTube channel a few days after the event.

See you then!

Enjoy a Smoother Experience with the Updated Block Editor

Posted by download | Posted in Software | Posted on 18-06-2020

Little details make a big difference. The latest block editor improvements incorporate some common feedback you’ve shared with us and make the editing experience even more intuitive than before.

We’ve also updated the categories we use to organize blocks, so you can find exactly what you need, fast. Read on to learn about recent changes you’ll notice next time you open the editor.

Move on quickly after citations and captions

Have you ever felt as if you were stuck inside a block after adding a citation? Now, when you hit Enter or Return at the end of the citation, you’ll be ready to start typing in a new text block.

Quotes were a bit sticky…

Much smoother now!

Quotes, images, embeds, and other blocks now offer this smoother experience. It’s a small change that will save you a little bit of time, but those seconds add up, and less frustration is priceless.

Streamlined heading selection

Another subtle-yet-helpful change we’ve introduced is simplified heading levels. Before, the block toolbar included a few limited options with additional ones in the sidebar. Now, you can find all available heading levels right in the block toolbar, and adjust the heading directly from the block you’re working on. (For even more simplicity, we’ve also removed the dropdown in the sidebar.)

Select a parent block with ease

Working with nested blocks to create advanced page layouts is now considerably smoother. Some users told us it was too difficult to select a parent block, se we’ve added an easier way to find it right from the toolbar. Now it’s a breeze to make picture-perfect layouts!

Filter your latest posts by author

Sites and blogs with multiple authors will love this update: you can now choose a specific author to feature in the Latest Posts block.

To highlight recent articles from a particular writer, just select their name in the block’s settings.

Renamed block categories

Finally, the next time you click the + symbol to add a new block, you’ll notice new, intuitive block categories that make it both easier and faster to find just the block you’re looking for.

What’s new:

  • Text
  • Media
  • Design

What’s gone:

  • Common
  • Formatting
  • Layout

You keep building, we’ll keep improving

Thank you for all your input on how the block editor can be better! We’re listening. If you have more ideas, leave a comment below.

👋 Happy editing!

The WordPress.com Referral Program: Empower Others to Start a Website

Posted by download | Posted in Software | Posted on 12-06-2020

All of us know interesting people. Some have unique talents. Others have business ideas, write beautiful poetry, or have a passion to change the world for the better. 

Should your mom be sharing her recipes with the world?
Does your roommate have hilarious opinions on current events?
Got a co-worker who needs to pursue her entrepreneurial dreams?
Is your favorite singer-songwriter looking for a better way to make money from his music?

If they’re not online, they should be. If you’ve ever told a friend or family member that they should create a blog, start their own podcast, or sell what they make online, this is your chance to give them the nudge they need.

The WordPress.com Refer-a-Friend Program kicked off this spring. Both you and your connections can earn credits for their new WordPress.com websites. But what’s really exciting is how you’ll give people you know the opportunity to bring their big ideas to life.

How the referral program works

We’ve designed our peer referral program to be mutually beneficial: You simply invite someone  — friends, family, casual acquaintances — to build a website. As long as they’re totally new to WordPress.com, they get a US$25 credit towards purchasing a WordPress.com plan.

And every time someone you refer picks a plan, you get a US$25 credit, too! That’s our way of saying “thanks.” The credit will be applied within two months of the referrer signing up and making an eligible purchase.

WIth current pricing, a $25 credit is more than 50% off the first year of a Personal plan and more than 25% off a Premium plan. Plus, your referrals also get a free custom domain name for their first year.

Here’s how to start:

    1. Log in to your WordPress.com account and go to Tools → Earn.
    2. Locate your unique referral link in the Refer-a-Friend section.
    3. Copy the link and share it via email, social media, or text message.

Think about what you’ll say to each person before you pass along that link. Instead of saying, “Click this link and you’ll save money on a website,” tell people why you think they should make that leap. Tell them why you believe in them.

Then, tell them why you use WordPress.com and explain how you think it will help them, too.

A little encouragement goes a long way

Why should you bother? Why should you take the time to tell others about WordPress.com?

It’s not really about saving a few bucks (although that’s nice!). The credit is just a little incentive that convinces your friends they should take that first step towards doing something meaningful. You’re not clipping coupons. You’re encouraging the creation of something new and valuable on the internet.

Think back to when you first built a website. Think about the first blog post you ever published. If you’re like most people, it felt like a big deal. And it was a big deal. You had something to say, a goal you were striving to reach, and your website gave you the power to make it happen. Now it’s time to empower others with that same sense of possibility.

In a world of tweetstorms and 24-hour news cycles, websites help us stop consuming and start creating. They give us a space to be thoughtful and proactive. We need more original artists. We need more thoughtful writers. We need more brilliant entrepreneurs. We need more compassionate community activists.

Everyone at WordPress.com believes in the importance of democratizing online publishing. That means giving small businesses, free thinkers, and creators the tools they need to build an online presence.

But we also need you. We need you to help spread the word about what can be done with a real website. Think about three people you can refer to WordPress.com today and give them the spark they need to get started.

Want to send along some inspiration? Check out the amazing websites and customer stories featured on Discover!

WordPress 5.4.2 Security and Maintenance Release

Posted by download | Posted in Software | Posted on 10-06-2020

WordPress 5.4.2 is now available!

This security and maintenance release features 22 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.

If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the bugs for you.

Security Updates

WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
  • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

One maintenance update was also deployed to versions 5.1, 5.2 and 5.3. See the related developer note for more information.

You can browse the full list of changes on Trac.

For more info, browse the full list of changes on Trac or check out the Version 5.4.2 documentation page.

WordPress 5.4.2 is a short-cycle maintenance release. The next major release will be version 5.5.

You can download WordPress 5.4.2 from the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Thanks and props!

In addition to the security researchers mentioned above, thank you to everyone who helped make WordPress 5.4.2 happen:

Andrea Fercia, argentite, M Asif Rahman, Jb Audras, Ayesh Karunaratne, bdcstr, Delowar Hossain, Rob Migchels, donmhico, Ehtisham Siddiqui, Emilie LEBRUN, finomeno, garethgillman, Giorgio25b, Gabriel Maldonado, Hector F, Ian Belanger, Mathieu Viet, Javier Casares, Joe McGill, jonkolbert, Jono Alderson, Joy, Tammie Lister, Kjell Reigstad, KT, markusthiel, Mayank Majeji, Mel Choyce-Dwan, mislavjuric, Mukesh Panchal, Nikhil Bhansi, oakesjosh, Dominik Schilling, Arslan Ahmed, Peter Wilson, Carolina Nymark, Stephen Bernhardt, Sam Fullalove, Alain Schlesser, Sergey Biryukov, skarabeq, Daniel Richards, Toni Viemerö, suzylah, Timothy Jacobs, TeBenachi, Jake Spurlock and yuhin.

Equity and the Power of Community

Posted by download | Posted in Software | Posted on 06-06-2020

Over the past week, I’ve been thinking a lot about George Floyd, Breonna Taylor, and Ahmaud Arbery. I have been thinking about white supremacy, the injustice that Black women and men are standing up against across the world, and all the injustices I can’t know, and don’t see. 

The WordPress mission is to democratize publishing, and to me, that has always meant more than the freedom to express yourself. Democratizing publishing means giving voices to the voiceless and amplifying those speaking out against injustice. It means learning things that we otherwise wouldn’t. To me, it means that every voice has the ability to be heard, regardless of race, wealth, power, and opportunity. WordPress is a portal to commerce; it is a canvas for identity, and a catalyst for change.

While WordPress as an open source project may not be capable of refactoring unjust judicial systems or overwriting structural inequality, this does not mean that we, the WordPress community, are powerless. WordPress can’t dismantle white supremacy, but the WordPress community can invest in underrepresented groups (whose experiences cannot be substituted for) and hire them equitably. WordPress can’t eradicate prejudice, but the WordPress community can hold space for marginalized voices in our community.

There is a lot of racial, societal, and systemic injustice to fight. At times, change may seem impossible, and certainly, it’s been too slow. But I know in my heart that the WordPress community is capable of changing the world. 

If you would like to learn more about how to make a difference in your own community, here are a few resources I’ve gathered from WordPressers just like you.