WordPress 5.4.1

Posted by download in Software on 29-04-2020

WordPress 5.4.1 is now available!

This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 5.4.1 is a short-cycle security and maintenance release. The next major release will be version 5.5.

You can download WordPress 5.4.1 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

Seven security issues affect WordPress versions 5.4 and earlier. If you haven’t yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues:

  • Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
  • Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
  • Props to Evan Ricafort for discovering an XSS issue in the Customizer
  • Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block
  • Props to Nick Daugherty from WordPress VIP / WordPress Security Team who discovered an XSS issue in wp-object-cache
  • Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.
  • Props to Weston Ruter for fixing a stored XSS vulnerability in the WordPress customizer.
  • Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

For more information, browse the full list of changes on Trac, or check out the version 5.4.1 HelpHub documentation page.

In addition to the security researchers mentioned above, thank you to everyone who helped make WordPress 5.4.1 happen:

Alex Concha, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andy Fragen, Andy Peatling, arnaudbroes, Chris Van Patten, Daniel Richards, DhrRob, Dono12, dudo, Ehtisham Siddiqui, Ella van Durpe, Garrett Hyder, Ian Belanger, Ipstenu (Mika Epstein), Jake Spurlock, Jb Audras, John Blackbourn, John James Jacoby, Jonathan Desrosiers, Jorge Costa, K. Adam White, Kelly Choyce-Dwan, MarkRH, mattyrob, Miguel Fonseca, Mohammad Jangda, Mukesh Panchal, Nick Daugherty, noahtallen, Paul Biron, Peter Westwood, Peter Wilson, pikamander2, r-a-y, Riad Benguella, Robert Anderson, Samuel Wood (Otto), Sergey Biryukov, Søren Brønsted, Stanimir Stoyanov, tellthemachines, Timothy Jacobs, Toro_Unit (Hiroshi Urabe), treecutter, and yohannp.

Earth Day Turns 50 with a Massive Livestream Event

Posted by download in Software on 20-04-2020

As the world fights to bring the COVID-19 pandemic under control, another crisis looms.

In late 2018, the UN Intergovernmental Panel on Climate Change (IPCC) warned that if we want to avoid the worst impacts of climate change, we need to cut global carbon emissions almost in half by 2030. This decade will be critical.

As we’ve stated in the past, the time to act is now — we simply cannot continue business as usual, and this proves resoundingly true this year. We are in a time of maximum uncertainty and urgency.

Earth Day Live: April 22-24

Earth Day Live is a three-day livestream and an epic community mobilization to show support for our planet, through which millions of people can tune in online alongside activists, celebrities, musicians, and more. The massive live event — which starts on April 22 and concludes on April 24 — is organized by climate, environmental, and Indigenous groups within the US Climate Strike Coalition and Stop The Money Pipeline Coalition.

Starting today, you can opt into displaying a banner that promotes Earth Day Live on your WordPress.com site, showing your commitment to this critical topic and spreading the word about the digital event and livestream. On April 22, sites with this feature enabled will automatically display a full-screen overlay message. Your site visitors will be able to dismiss the banner once viewed.

Promote this global movement on your site

To activate the banner, go to My Site → Manage → Settings. At the top of the Settings menu, you will see a toggle switch — flip it on to join this digital climate strike.

Self-hosted WordPress sites can also join the movement by installing the Earth Day Live WP plugin from the WordPress.org plugin repository. 

After the livestream ends, the banner will disappear on its own — no further action is required on your end. (If you’ve installed the plugin, it will automatically disable.)

Together we can make a difference. We hope you’ll join us in supporting this movement.


Visit Earth Day Live for event details, and explore more digital Earth Day initiatives and resources on WordPress so you can take action on April 22 — or any day.

Expert Advice: Get Started on Your New Website

Posted by download in Software on 17-04-2020

Starting a new website can be a bit overwhelming but we’re here to help! Beginning Monday, April 20th, WordPress.com will host free, 30-minute live webinars to cover those initial questions that come up as you start to build your website. Each day will cover a different topic, all designed to give actionable advice on how to create the type of website you want. 

Date: Starts April 20, 2020 and repeats daily Monday thru Friday

Weekly Schedule:

  • Mondays – Getting Started: Website Building 101
  • Tuesdays – Quick Start: Payments (Simple and Recurring)
  • Wednesdays – Quick Start: Blogging
  • Thursdays – Quick Start: WooCommerce 101
  • Fridays – Empezando: Construcción de Sitios Web 101

Time: 09:00 am PDT | 10:00 am CDT | 12:00 pm EDT | 16:00 UTC

Who’s Invited: New WordPress.com users and anyone interested in learning more about WordPress.com’s website capabilities.

Register Here: https://wordpress.com/webinars/

Our WordPress.com customer service team, we call them Happiness Engineers, are experts in helping new users get up and running on their new websites. Across each week of webinars we’ll cover questions about the basics of setting up your website, handling simple and recurring payments, blogging best practices, and adding in eCommerce capabilities. Come with questions as you’ll be able to submit them beforehand—in the registration form—and during the live webinar.

Everyone is welcome, even if you already have a site set up. We know you’re busy, so if you can’t make the live event, you’ll be able to watch a recording of the webinar on our YouTube channel.

Live attendance is limited, so be sure to register early. We look forward to seeing you on the webinar!

Expert Advice: How to Start Selling on Your Website

Posted by download in Software on 10-04-2020

Are you just taking your first steps selling a product or service online and don’t know where to begin? Be sure to register for our next 60-minute webinar, where our expert Happiness Engineers will walk you through the basics of eCommerce and show you how to set up your online store.

Date: Thursday, April 16, 2020
Time: 5 p.m. UTC | 1 p.m. EDT | 12 p.m. CDT | 10 a.m. PDT
Cost: Free
Who’s invited: business owners, entrepreneurs, freelancers, service providers, store owners, and anyone else who wants to sell a product or service online.
Registration link

Hosts Steve Dixon and Maddie Flynn are both veteran Happiness Engineers with years of experience helping business owners and hobbyists build and launch their eCommerce stores. They will provide step-by-step instructions on setting up:

  • Simple Payments — perfect for selling a single product or service.
  • Recurring Payments — great for subscriptions and donations.
  • WooCommerce — ideal for entrepreneurs who want to build an online store and automate sales.

No previous eCommerce experience is necessary, but we recommend a basic familiarity with WordPress.com to ensure you can make the most from the webinar. The presentation will conclude with a Q&A session (15-20 minutes), so you can already note down any questions you might have and bring them with you to the webinar.

Seats are limited, so register now to reserve your spot. See you then!

People of WordPress: Mario Peshev

Posted by download in Software on 08-04-2020

You’ve probably heard that WordPress is open source software, and may know that it’s created and run by volunteers. Enthusiasts share many examples of how WordPress has changed people’s lives for the better. In this monthly series, we share some of those lesser-known, amazing stories.

Computer science in the nineties

Mario Peshev

Mario has been hooked on computers ever since he got his first one in 1996. He started with digging into MS-DOS and Windows 3.1 first and learned tons by trial and error. Following that adventure, Mario built his first HTML site in 1999. He found development so exciting that he spent day and night learning QBasic and started working at the local PC game club. Mario got involved with several other things related to website administration (translating security bulletins, setting up simple sites, etc) and soon found the technology field was full of activities he really enjoyed.

The Corporate Lifestyle

Mario started studying programming including an intensive high-level course for C#, Java development, and software engineering, and eventually got a job in a corporate environment. He soon became a team lead there, managing all the planning and paperwork for their projects.

But he continued freelancing on the side. He grew his own network of technical experts through attending, volunteering at, and organizing conferences. He also ran a technical forum and regularly spoke at universities and enterprise companies.

Remote Working and Business Opportunity

The combination of a high workload and a daily three-hour-long commute made Mario’s life difficult. Many of his friends were still studying, traveling or unemployed. The blissful and calm lives they lived seemed like a fairy tale to him. And even while both his managers and his clients were abroad, he was unable to obtain permission to work remotely. 

So Mario decided to leave his job and start freelancing full time. But he found he faced a massive challenge. 

He discovered Java projects were pretty large and required an established team of people working together in an office. All job opportunities were on-site, and some even required relocation abroad. Certified Java programmers weren’t being hired on a remote basis. 

As Mario had some PHP experience from previous jobs, he used this to start his freelance career. For his projects, he used both plain PHP and PHP frameworks like CakePHP and CodeIgniter. 

For a while, Mario accepted work using commonly known platforms including Joomla, Drupal, and WordPress. In addition, he worked on PHP, Java, Python and some C# projects for a couple of years, after which he decided to switch to WordPress completely.

Building products

One of his projects involved a technically challenging charity backed by several international organizations. Unexpected shortages in the team put him in the technical lead position. As a result, Mario found himself planning the next phases, meeting with the client regularly, and renegotiating the terms. The team completed the project successfully, and after the launch, a TV campaign led millions of visitors to the website.

As a result of the successful launch, this client invited Mario to participate in more WordPress projects, including building a custom framework.

“I wasn’t that acquainted with WordPress back then. For me, a conventional person trained in architectural design patterns and best practices, WordPress seemed like an eccentric young hipster somewhere on the line between insane and genius at the same time. I had to spend a couple of months learning WordPress from the inside out.”

Mario Peshev

As his interest in WordPress grew, Mario stopped delivering other custom platforms, and converted clients to WordPress. 

European Community

Mario presenting to an audience
Mario presenting at a WordCamp

For Mario, one of the key selling points of WordPress was the international openness. He had previously been involved with other open source communities, some of which were US-focused. He felt they were more reliant on meeting people in person. With events only taking place in the US, this made building relationships much harder for people living in other countries.

While the WordPress project started out in the US, the WordPress community quickly globalized. Dozens of WordCamps and hundreds of Meetup events take place around the globe every year.  All of these events bring a wide variety of people sharing their enthusiasm for WordPress together.

For Mario, the birth of WordCamp Europe was something magical. The fact that hundreds, and later on thousands, of people from all over the world gathered around the topic of WordPress speaks for itself. Mario has been involved with organizing WordCamp Europe twice (in 2014 and 2015). 

“There’s nothing like meeting WordPress enthusiasts and professionals from more than 50 countries brainstorming and working together at a WordCamp. You simply have to be there to understand how powerful it all is.”

Mario Peshev

Growing businesses and teams

A key WordPress benefit is its popularity – an ever growing project currently powering more than 35% of the Internet [2020]. It’s popular enough to be a de facto standard for websites, platforms, e-commerce and blogs. 

WordPress has a low barrier to entry. You can achieve a lot without being an expert, meaning most people can start gaining experience without having to spend years learning how to code. That also makes it easier to build businesses and teams.

“Being able to use a tool that is user-friendly, not overly complicated and easily extensible makes introducing it to team members faster and easier. It requires less time for adjustment, and as a result makes a team stronger and faster. The fact that this tool is cost-effective also allows more startups to enter the market. It requires  less time and investments to launch an MVP. This boosts the entire ecosystem.”

Mario Peshev

Helping Others

Mario also introduced WordPress to children and young people. He taught them how to use WordPress as a tool for homework and class assignments. By using WordPress, they were able to learn the basics of designing themes, developing plugins, marketing statistics, social media, copywriting, and so much more. This approachable introduction to the software meant technical skills were not needed.

He was also part of a team of volunteers who helped a group of young people living at a foster home struggling to provide for themselves. The team taught the basic digital literacy skills necessary in the modern workplace and potentially pay for their rent and basic needs. This included working with Microsoft Word, Excel and WordPress, as well as some basic design and marketing skills. 

“When you look at that from another perspective, a platform that could save lives – literally – and change the world for better is worth contributing to, in any possible manner.”

Mario Peshev

Contributing to the WordPress community

From the core team to supporting and organizing WordCamps, Mario has long been an active contributor to the global WordPress project. He is passionate about the connections fostered by people who are involved in building both the WordPress software and the community around it.

“The WordPress community consists of people of all race and color, living all around the world, working as teachers, developers, bloggers, designers, business owners. Let’s work together to help each other. Let’s stick together and show  the world WordPress can help make it a better place.”

Mario Peshev

Contributors

Thanks to Alison Rothwell (@wpfiddlybits), Yvette Sonneveld (@yvettesonneveld), Abha Thakor (@webcommsat), Josepha Haden (@chanthaboune) and Topher DeRosia (@topher1kenobe). Thank you to Mario Peshev (@nofearinc) for sharing his #ContributorStory.

HeroPress logo

This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard.

Meet more WordPress community members over at HeroPress.com!

Import Your WordPress Site to WordPress.com — Including Themes and Plugins

Posted by download in Software on 07-04-2020

It’s been possible to export your posts, images, and other content to an export file, and then transfer this content into another WordPress site since the early days of WordPress.

Select WordPress from the list of options to import your site.

This basic WordPress import moved content, but didn’t include other important stuff like themes, plugins, users, or settings. Your imported site would have the same pages, posts, and images (great!) but look and work very differently from the way you or your users expect (less great).

There’s a reason that was written in the past tense: WordPress.com customers can now copy over everything from a self-hosted WordPress site — including themes and plugins — and create a carbon copy on WordPress.com. You’ll be able to enjoy all the features of your existing site, plus the the benefits of our fast, secure hosting with tons of features, and our world-class customer service.

Select “Everything” to import your entire WordPress site to WordPress.com.

To prep for your import, sign up for a WordPress.com account — if you’d like to import themes and plugins, be sure to select the Business or eCommerce plan — and install Jetpack (for free) on your self-hosted site to link it to WordPress.com. To start the actual import, head to Tools > Import in your WordPress.com dashboard.

Then sit back and relax while we take care of moving your old site to a new sunny spot at WordPress.com. We’ll let you know when it’s ready to roll!

The Month in WordPress: March 2020

Posted by download in Software on 03-04-2020

The month of March was both a tough and exciting time for the WordPress open-source project. With COVID-19 declared a pandemic, in-person events have had to adapt quickly – a challenge for any community. March culminated with the release of WordPress 5.4, an exhilarating milestone only made possible by dedicated contributors. For all the latest, read on. 


WordPress 5.4 “Adderley”

WordPress 5.4 “Adderley” was released on March 31 and includes a robust list of new blocks, enhancements, and new features for both users and developers. The primary focus areas of this release included the block editor, privacy, accessibility, and developer improvements, with the full list of enhancements covered in the 5.4 field guide.

Want to get involved in building WordPress Core? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Releases of Gutenberg 7.7 and 7.8

It’s been another busy month for Gutenberg, this time with the release of Gutenberg 7.7 and 7.8. Gutenberg 7.7 introduced block patterns – predefined block layouts that are ready to use and tweak. This is an important step towards Full Site Editing, which is currently targeted for inclusion in WordPress 5.6. As a first iteration, you can pick and insert patterns from the Block Patterns UI, which has been added as a sidebar plugin.

Gutenberg 7.7 also includes a refresh of the Block UI, which better responds to the ways users interact with the editor. For more information on the User UI and Block Patterns, read this summary of the most recent Block-Based Themes meeting. Gutenberg 7.8, introduced on March 25, further enhanced this Block UI redesign. Both releases also included a suite of improvements, bug fixes, new APIs, documentation, and more!

Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.

WordCamp cancellations and shift to online events

In early March, the Community team issued new recommendations for event organizers in light of growing concerns around COVID-19. Following this guidance, and with COVID-19 declared a pandemic, WordPress community organizers reluctantly but responsibly postponed or canceled their upcoming WordCamps and meetups.

As community events are an important part of the WordPress open-source project, the Community team made suggestions for taking charity hackathons online, proposed interim adjustments to existing community event guidelines, and provided training for online conference organizing with Crowdcast. The team is currently working on building a Virtual Events Handbook that will continue to support WordPress community organizers at this time. 

Want to get involved with the WordPress Community team, host your own virtual WordPress event, or help improve the documentation for all of this? Follow the Community team blog, learn more about virtual events, and join the #community-events channel in the Making WordPress Slack group.

Link your GitHub profile to WordPress.org

Last month, an experimental feature was added to Trac, WordPress Core’s bug-tracking system, to improve collaboration between Trac and GitHub. This month, to help make tracking contributions to the WordPress project across multiple locations easier, there is a new option to connect your GitHub account to your WordPress.org profile. This connection allows for more accurate acknowledgement and recognition of contributors. You can connect your GitHub account to your WordPress.org account by editing your WordPress.org profile.

For more information and instructions on how to connect your accounts, read the announcement post.

Modernizing WordPress coding standards

Defined coding standards is an important step in creating the consistent codebase needed to prepare for requiring PHP 7.x for WordPress Core. As such, coding standards have been proposed for implementation in WordPress Coding Standards 3.0.0. This includes new proposed standards for namespace declarations, import use statements, fully qualified names in inline code, traits and interfaces, type declarations, declare statements/strict typing, the ::class constant, operators, and more. 

Want to get involved or view the full list of currently proposed new coding standards? Visit and add your feedback to the post on updating the Coding standards for modern PHP and follow the Core team blog.


Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

Make Your Business More Accessible with New Blocks

Posted by download in Software on 02-04-2020

From our support sessions with customers each month, we know that growing your brand or business is a top website goal. And in this unprecedented time in which more people around the world are staying at home, it’s important to promote your products and services online to reach a wider audience and connect with more people.

Our team has been hard at work improving the block editor experience. We’ve launched six new blocks that integrate WordPress.com and Jetpack-enabled sites with popular services — Eventbrite, Calendly, Pinterest, Mapbox, Google Calendar, and OpenTable — enabling you to embed rich content and provide booking and scheduling options right on your blog or website.

Whether you’re an online boutique, a pilates studio, an independent consultant, or a local restaurant, these blocks offer you more ways to promote your brand or business. Take a look at each block — or simply jump to a specific one below.


Promote online events with the Eventbrite block

Looking for a way to promote an online event (like your museum’s virtual curator talk or your company’s webinar on remote work), or even an at-home livestream performance for your fans and followers? Offering key features of the popular event registration platform, the Eventbrite block embeds events on posts and pages so your visitors can register and purchase tickets right from your site.

Quick-start guide:

  • To use this block, you need an Eventbrite account. If you don’t have one, sign up at Eventbrite for free.
  • In the block editor, click the Add Block (+) button and search for and select the Eventbrite Checkout block.
  • Enter the URL of your Eventbrite event. Read these steps from Eventbrite if you need help.
  • Select from two options: an In-page Embed shows the event details and registration options directly on your site. The Button & Modal option shows just a button; when clicked, the event details will pop up so your visitor can register.

Learn more on the Eventbrite block support page.


Schedule sessions with the Calendly block

Want to make it easier for people to book private meditation sessions or language lessons with you? The Calendly block, featured recently in our guide on moving your classes online, is a handy way for your clients and students to book a session directly on your site — eliminating the time spent coordinating schedules. You can also use the Calendly block to schedule team meetings or group events.

Quick-start guide:

  • To use this block, you need a Calendly account. Create one for free at Calendly.
  • In the block editor, click the Add Block (+) button and search for and select the Calendly block.
  • Enter your Calendly web address or embed code. Follow these steps from Calendly if you need help.
  • Select from two styles: the Inline style embeds a calendar directly onto your site; the Link style inserts a button that a visitor can click to open a pop-up calendar.
  • This block is currently available to sites on the WordPress.com Premium, Business, or eCommerce plans. It’s free on Jetpack sites.

Learn more on the Calendly block support page.


Up your visual game with the Pinterest block

Strong visuals help to provide inspiration, tell your stories, and sell your products and services. Pinterest is an engaging way for bloggers, influencers, and small business owners to enhance their site content and expand their following. With the Pinterest block, you can embed and share pins, boards, and profiles on your site.

Quick-start guide:

  • In the block editor, click the Add Block (+) button and search for and select the Pinterest block.
  • Paste the URL of a pin, board, or profile you’d like to display and click Embed. Note that you can only embed public boards.
  • Pro tip: in the block editor, go to Layout Elements and select Layout Grid to create a visually striking layout with pins, boards, and profiles, as shown above.

Display locations with the Map block

A map on your site is a quick visual way to display a location, like your restaurant’s takeout window or the drop-off spot for donations to a local food bank. Powered by mapping platform Mapbox, the Map block embeds a customized map on your site. Show the location of your business, a chain of boutique hotels, the meeting spots for your nonprofit’s volunteers, and more.

Quick-start guide:

  • In the block editor, click the Add Block (+) button and search for and select the Map block.
  • In the text field, type the location you want to display and select the correct location from among the results that appear.
  • Click on the red marker to edit the title and caption of the marker.
  • Explore the toolbar for block-specific settings. Add more markers, for example, by clicking the Add a marker button.
  • In the sidebar, customize your map’s appearance (including colors, height, and zoom level).

Explore more settings on the Map block support page.


Share your calendar with the Google Calendar block

Are you an author planning a book tour (or a series of online readings)? A digital marketing consultant hosting social media workshops? A neighborhood pop-up bakery? With the Google Calendar block, you can display a calendar of upcoming events or your hours of operation.

Quick-start guide:

  • In Google Calendar, click the three dots next to your calendar name and select Settings and sharing.
  • Under Access Permissions, ensure Make available to public is checked.
  • Click on Integrate calendar on the left and copy the code under Embed code.
  • In the block editor, click the Add Block (+) button, search for and select the Custom HTML block, and paste the code you copied in Google Calendar.
  • Publish your post or page. The next time you edit this post or page, you’ll see the code has been converted to shortcode.

Explore more settings on the Google Calendar block support page.


Streamline reservations with the OpenTable block

If you’re a restaurant or cafe owner, a primary goal of your site is to increase the number of bookings. Sure, people aren’t dining out right now, but you can be ready to take reservations in the future. With the OpenTable block, people can reserve a table directly from a post or page instead of calling or booking through a different reservation service.

Quick-start guide:

  • To use this block, your restaurant must be listed on OpenTable. Create an OpenTable listing now.
  • In the block editor, click the Add Block (+) button and search for and select the OpenTable block.
  • Enter your OpenTable Reservation Widget embed code. Check this OpenTable guide if you need help.
  • Explore the block’s toolbar and sidebar settings. For example, choose from four different embed styles: Standard, Tall, Wide, and Button.
  • This block is currently available to sites on the WordPress.com Premium, Business, or eCommerce plans. It’s free on Jetpack sites.

Learn more on the OpenTable block support page.


Which blocks are you most excited about?

Stay tuned for more new blocks soon!