WordPress 5.5.3 Maintenance Release

Posted by download in Software on 30-10-2020

WordPress 5.5.3 is now available. 

This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file.

5.5.3-alpha Issue

Earlier today — between approximately 15:30 and 16:00 UTC — the auto-update system for WordPress updated some sites from version 5.5.2 to version 5.5.3-alpha. This auto-update was due to an error in the Updates API caused by the 5.5.3 release preparations (see more here). The 5.5.3-alpha version at this point was functionally identical to 5.5.2 as no development work had been started on 5.5.3; however, the following changes may have been made to your site:

  • The default “Twenty” themes installed as part of the pre-release package.
  • The “Akismet” plugin installed as part of the pre-release package.

These themes and plugins were not activated and therefore remain non-functional unless you installed them previously. It is safe to delete these features should you prefer not to use them. 

If you are not on 5.5.2, or have auto-updates for minor releases disabled, please manually update to the 5.5.3 version by downloading WordPress 5.5.3 or visiting Dashboard → Updates and click “Update Now.”

For more technical details of the issue, we’ve posted on our Core Development blog.

Thanks and props!

Thanks to those who contributed to the 5.5.3 release @audrasjb, @barry, @chanthaboune, @cbringmann, @clorith, @davidbaumwald, @desrosj, @hellofromtonya, @jeffpaul, @johnbillion, @garubi, @metalandcoffee, @mukesh27, @otto, @punitsoftac, @sergeybiryukov, @whyisjake, and @xknown.

Learn How to Start a Blog with the People who Started Blogging

Posted by download in Software on 30-10-2020

WordPress.com is excited to announce our newest offering: a course just for beginning bloggers where you’ll learn everything you need to know about blogging from the most trusted experts in the industry. We have helped millions of blogs get up and running, we know what works, and we want you to to know everything we know. This course provides all the fundamental skills and inspiration you need to get your blog started, an interactive community forum, and content updated annually. 

How it works: Upon registering, you will receive access to review the lessons at your own pace. Our curriculum includes:

  • Foundations of blogging
  • Getting started with block basics
  • Building your blog
  • Understanding audiences 
  • Designing your blog
  • Writing for the internet
  • Branding and growing your blog
  • Earning money with your blog 

You’ll also be able to connect with WordPress.com experts and other aspiring bloggers, who will create content alongside you. Beyond the modules, this course provides: 

  • Monthly office hours with WordPress experts to answer your questions 
  • A certificate of completion
  • Access to a private blogging community online
  • Virtual meetups scheduled quarterly

Cost: A $49 annual subscription gives you access to all of these on-demand blogging resources, community events, and course updates. That way, you won’t have to waste time looking for answers all over the web—you’ll be able to get started right away.

Join by Thursday, December 10th and enjoy 50% off with code WPCOURSES50.

We are looking forward to reading your new blogs soon!

WordPress 5.5.2 Security and Maintenance Release

Posted by download in Software on 29-10-2020

WordPress 5.5.2 is now available!

This security and maintenance release features 14 bug fixes in addition to 10 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 5.5.2 is a short-cycle security and maintenance release. The next major release will be version 5.6.

You can download WordPress 5.5.2 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

Seven security issues affect WordPress versions 5.5 and earlier. If you haven’t yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues:

  • Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
  • Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
  • Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
  • Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
  • Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
  • Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
  • Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
  • And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

For more information, browse the full list of changes on Trac, or check out the version 5.5.2 HelpHub documentation page.

Thanks and props!

The 5.5.2 release was led by @whyisjake and the following release squad:  @audrasjb@davidbaumwald@desrosj@johnbillion, @metalandcoffee, @noisysocks @planningwrite, @sarahricker and @sergeybiryukov.

In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.5.2 happen:

Aaron Jorbin, Alex Concha, Amit Dudhat, Andrey “Rarst” Savchenko, Andy Fragen, Ayesh Karunaratne, bridgetwillard, Daniel Richards, David Baumwald, Davis Shaver, dd32, Florian TIAR, Hareesh, Hugh Lashbrooke, Ian Dunn, Igor Radovanov, Jake Spurlock, Jb Audras, John Blackbourn, Jonathan Desrosiers, Jon Brown, Joy, Juliette Reinders Folmer, kellybleck, mailnew2ster, Marcus Kazmierczak, Marius L. J., Milan Dinić, Mohammad Jangda, Mukesh Panchal, Paal Joachim Romdahl, Peter Wilson, Regan Khadgi, Robert Anderson, Sergey Biryukov, Sergey Yakimov, Syed Balkhi, szaqal21, Tellyworth, Timi Wahalahti, Timothy Jacobs, Towhidul I. Chowdhury, Vinayak Anivase, and zieladam.

The Spearhead Theme: A Minimal Design and Clean Slate for All Content Creators

Posted by download in Software on 29-10-2020

When AngelList and Venture Hacks co-founder Babak Nivi came to us and wanted to donate a theme, our team was excited to work on the design to make it available to everyone on WordPress.com for free. Designed by Cece Yu and originally developed for the Spearhead podcast, the new Spearhead theme is fully block-powered and the first among our themes to support dark mode.

Spearhead works seamlessly with the block editor, supporting a wide range of blocks — Audio, Video, Image, TikTok, Loom, and many more — so you can customize posts and pages as you like and showcase various types of content, from podcast episodes to video tutorials and more. And while Spearhead shines as a theme for media, its sparse design also displays long-form writing and text and images beautifully.

Spearhead comes with some block patterns, or collections of predefined blocks, to give you a boost as you start building your site. There are a couple of patterns you can use to show a list of places where people can listen to your podcast, as well as a custom archive page.

Being the first theme on WordPress.com to support dark mode, Spearhead’s default color scheme has a white background, but if your operating system shifts into dark mode, the theme will change and display a dark background with light text.

Our team especially loves the theme’s clean design, which lets the content you create shine through. Your listeners and readers can sit back with their cup of coffee — headphones on — and enjoy your latest episode and read along with the transcript!

Explore the Spearhead demo site to see the design in action, and then visit the Spearhead page to activate the theme.

Expert Advice: How to Improve Remote Education Collaboration

Posted by download in Software on 28-10-2020

As we’re witnessing with schools and learning communities around the world, education is shifting dramatically. With the right set of tools, your class, team, or group can learn to communicate and collaborate more efficiently online. Since our company was founded over fifteen years ago, the people behind the scenes at WordPress.com have worked from home — or from anywhere they choose in the world — and have learned a lot along the way.

A tool we call P2 has been indispensable to us, and to a growing number of educators. Want to learn our tips and tricks? Join us for a free webinar on Thursday, November 5, so you and your team can learn to make the most of this tool for remote collaboration. You can also sign up for the free beta version of P2 that is now available.

  • Date: Thursday, November 5, 2020
  • Time: 10:00 am PT | 12:00 pm CT | 1:00 pm ET | 18:00 UTC
  • Registration link: https://zoom.us/webinar/register/4016033198190/WN_WjX8jQhIQ0iZVPpfGAklhQ
  • Who’s invited: Anyone looking to improve internal team collaboration or build a public forum with P2 are welcome, but this webinar is specially designed for educators and teachers.

Register for the webinar today! We look forward to seeing you.

Introducing Patterns: Prebuilt Blocks for Beautifully Designed Websites

Posted by download in Software on 28-10-2020

The WordPress Editor is a powerful tool that can help bring your design ideas to life but one of the best parts is, you don’t have to start from scratch. Building sophisticated designs can be as easy as picking Patterns from our growing library, and snapping them together to create beautiful-looking posts and pages. As of today, we’re now offering over 100 individual Patterns — with more being added all the time!

If you’ve never used Patterns before we’ve got an introduction to help you get started and also highlight some new features.

The best way to introduce Patterns is to use them. Here’s how you can add them to a post or a page on WordPress.com.

  1. Head to the WordPress Editor and click the + icon to add a new block.
  2. Click on the Patterns tab.
  3. Click on the Pattern you’d like to see in your document and it’ll be inserted at the location of your cursor.

Here’s a quick demo that shows how to add an image gallery. 

If you’re familiar with the Block Editor, the process will look similar. Once you’ve inserted a Pattern into a post or a page, you’ll be able to see how you can customize and edit the Pattern by clicking on different areas. The image below reveals the editing options that appear with our example. 

Each Pattern is a collection of different blocks carefully put together to help you produce great looking blog posts and pages in the Editor. In the example above, it’s a collection of Image, Paragraph, Spacer, and Column Blocks. All pre-arranged into a simple but elegant Pattern for displaying images. Using Patterns in the Editor is kind of like having a WordPress web designer right there with you building up a design element by element.

The idea is that, once you’ve inserted a Pattern, you can start customizing it to make it yours.

For even more customization options with Patterns, try combining them with the updated fonts on WordPress.com.

Over 100 Patterns to Choose From

This is where the number of Patterns gets exciting. Think of it like having over 100 templates you can add to your posts and pages. You can browse by category to see all the available Pattern options.

Taking a look at a few all together might be helpful. Here are some of my recent favorites. 

They’re not favorites because they look great, but instead because these Patterns use so many different Blocks to produce a unique and useful design. Take the center Registration Form Pattern, for example. It combines a Heading Block, Paragraph Blocks, the Form Block, and the Columns Block into one Pattern that together, can make up an entire page.

More Patterns are on the Way

We’re just getting started creating new Patterns for you. What type of Pattern would make it easier to create Posts and Pages on your site? More are on the way and we’d love to hear your ideas and feedback so we can make your publishing and site-building experience even better.

And if you have anything to share that you’ve made with a Pattern or with the Editor let us know! We’d love to see and hear how you’re using Patterns on WordPress.com.

Take the 2020 WordPress Annual Survey (and view the 2019 results)!

Posted by download in Software on 28-10-2020

For many years, WordPress enthusiasts have filled out an annual survey to share their experiences and feelings about WordPress. Interesting results from this survey have been shared in the annual State of the Word address and/or here on WordPress News. 

This survey helps those who build WordPress understand more about how the software is used, and by whom. The survey also helps leaders in the WordPress open source project learn more about our contributors’ experience.  

To ensure that your WordPress experience is represented in the 2020 survey results,

You can also take the survey in French, German, Japanese, Russian, and Spanish! The survey will be open for at least 6 weeks, and results will be posted on this blog.

2019 Survey Results

The 2019 survey included some new questions to better understand why people continue to use WordPress as their preferred CMS, as well as a section directed toward WordPress contributors. For the first time in 2019, this survey was translated into 5 different languages: French, German, Japanese, Russian, and Spanish.

The first WordPress Contributor Survey was conducted in 2015, but unfortunately the results were never published. This report includes Contributor Survey results from both 2015 and 2019. 

Survey Segments

Major groups in the survey included: WordPress Professionals, WordPress Users, and Others. 

The WordPress Professionals group consists of those who: work for a company that designs/develops websites; use WordPress to build websites and/or blogs for others; design or develop themes, plugins, or other custom tools for WordPress sites; or are a designer, developer, or other web professional working with WordPress.

This WordPress Professionals group is further divided into WordPress Company Pros (those who work for a company that designs/develops websites) and WordPress Freelancers/Hobbyists (all other professional types) subgroups.

The WordPress User group consists of those who: own or run a blog that is built with WordPress; own or run a website that is built with WordPress; write for or contribute to a blog/website that is built with WordPress; use WordPress for school as a teacher; use WordPress for school as a student, or are learning to build websites using WordPress.

The Others group consists of those who did not self-identify with any of the options provided for the question, “Which of the following best describes how you use WordPress?”

2019 Survey Results Summary

WordPress remains the platform of choice for future projects among those surveyed. Overwhelmingly, the reasons cited for this are that WordPress is the CMS people already know, and that the community supporting it is valuable. Professionals and users report similar levels of frustration with updates and Gutenberg. Both groups also love the ease of use they find in WordPress.

The number of professionals who report providing a heavily customized experience to clients has increased substantially, while at the same time the amount of time reported on creating those sites has decreased. Regardless of frustrations felt with various features, this seems to indicate that ease of use has been on the rise.

More details on sentiment, usage, and other interesting topics are available in the report: check it out!

Before you go: take the 2020 Survey!

Knowing why and how people use WordPress helps those who build WordPress to keep your needs and preferences in mind. 

The survey will be open for at least 6 weeks, and results will be published on this blog. All data will be anonymized: no email addresses or IP addresses will be associated with published results. To learn more about WordPress.org’s privacy practices, check out the privacy policy.

Like last year, the 2020 survey will be promoted via a banner on WordPress.org, as well as by WordPress enthusiasts. Each of the translated surveys will be promoted through banners on their associated localized-language WordPress.org sites. Please encourage your WordPress pals and social media followers to take the survey too!

To ensure your WordPress experience is represented in the 2020 survey results… don’t delay!

(Also available in French, German, Japanese, Russian, and Spanish!)

WordPress 5.6 Beta 2

Posted by download in Software on 28-10-2020

WordPress 5.6 beta 2 is now available for testing!

This software is still in development, so we recommend that you run this version on a test site.

You can test the WordPress 5.6 beta in two ways:

WordPress 5.6 is slated for release on December 8, 2020, and we need your help to get there!

Thank you to all of the contributors that tested the beta 1 development release and provided feedback. Testing for bugs is an important part of polishing each release and a great way to contribute to WordPress.

Some highlights

Since beta 1, 53 bugs have been fixed. Here is a summary of a few changes included in beta 2:

  • 6 additional bugs have been fixed in the block editor (see #26442).
  • Unified design for search forms and results across the admin (#37353).
  • Exposed the embed Gutenberg block to Core (#51531).
  • Updated Twemoji (#51356), React (#51505), and Akismet versions (#51610).
  • Added accessibility improvements (among other things) to Application Passwords (#51580).
  • Added indicator to image details for images attached to a site option (#42063).

Developer notes

WordPress 5.6 has lots of refinements to the developer experience as well. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers’ notes for updates on those and other changes that could affect your products.

How to Help

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you!

If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

WordPress 5.6 Beta 1

Posted by download in Software on 21-10-2020

WordPress 5.6 Beta 1 is now available for testing!

This software is still in development, so we recommend that you run this version on a test site.

You can test the WordPress 5.6 beta in two ways:

The current target for final release is December 8, 2020. This is just seven weeks away, so your help is needed to ensure this release is tested properly.

Improvements in the Editor

WordPress 5.6 includes seven Gutenberg plugin releases. Here are a few highlighted enhancements:

  • Improved support for video positioning in cover blocks.
  • Enhancements to Block Patterns including translatable strings.
  • Character counts in the information panel, improved keyboard navigation, and other adjustments to help users find their way better.
  • Improved UI for drag and drop functionality, as well as block movers.

To see all of the features for each release in detail check out the release posts: 8.6, 8.7, 8.8, 8.9, 9.0, 9.1, and 9.2 (link forthcoming).

Improvements in Core

A new default theme

The default theme is making its annual return with Twenty Twenty-One. This theme features a streamlined and elegant design, which aims to be AAA ready.

Auto-update option for major releases

The much anticipated opt-in for major releases of WordPress Core will ship in this release. With this functionality, you can elect to have major releases of the WordPress software update in the background with no additional fuss for your users.

Increased support for PHP 8

The next major version release of PHP, 8.0.0, is scheduled for release just a few days prior to WordPress 5.6. The WordPress project has a long history of being compatible with new versions of PHP as soon as possible, and this release is no different.

Because PHP 8 is a major version release, changes that break backward compatibility or compatibility for various APIs are allowed. Contributors have been hard at work fixing the known incompatibilities with PHP 8 in WordPress during the 5.6 release cycle.

While all of the detectable issues in WordPress can be fixed, you will need to verify that all of your plugins and themes are also compatible with PHP 8 prior to upgrading. Keep an eye on the Making WordPress Core blog in the coming weeks for more detailed information about what to look for.

Application Passwords for REST API Authentication

Since the REST API was merged into Core, only cookie & nonce based authentication has been available (without the use of a plugin). This authentication method can be a frustrating experience for developers, often limiting how applications can interact with protected endpoints.

With the introduction of Application Password in WordPress 5.6, gone is this frustration and the need to jump through hoops to re-authenticate when cookies expire. But don’t worry, cookie and nonce authentication will remain in WordPress as-is if you’re not ready to change.

Application Passwords are user specific, making it easy to grant or revoke access to specific users or applications (individually or wholesale). Because information like “Last Used” is logged, it’s also easy to track down inactive credentials or bad actors from unexpected locations.

Better accessibility

With every release, WordPress works hard to improve accessibility. Version 5.6 is no exception and will ship with a number of accessibility fixes and enhancements. Take a look:

  • Announce block selection changes manually on windows.
  • Avoid focusing the block selection button on each render.
  • Avoid rendering the clipboard textarea inside the button
  • Fix dropdown menu focus loss when using arrow keys with Safari and Voiceover
  • Fix dragging multiple blocks downwards, which resulted in blocks inserted in wrong position.
  • Fix incorrect aria description in the Block List View.
  • Add arrow navigation in Preview menu.
  • Prevent links from being focusable inside the Disabled component.

How You Can Help

Keep your eyes on the Make WordPress Core blog for 5.6-related developer notes in the coming weeks, breaking down these and other changes in greater detail.

So far, contributors have fixed 188 tickets in WordPress 5.6, including 82 new features and enhancements, and more bug fixes are on the way.

Do some testing!

Testing for bugs is an important part of polishing the release during the beta stage and a great way to contribute.

If you think you’ve found a bug, please post to the Alpha/Beta area in the support forums. We would love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac. That’s also where you can find a list of known bugs.

Props to @webcommsat@yvettesonneveld@estelaris, @cguntur, @desrosj, and @marybaum for editing/proof reading this post, and @davidbaumwald for final review.

Automattic Awarded Coveted Spot on Forbes Cloud 100 List

Posted by download in Software on 14-10-2020

Automattic — a leader in publishing and e-commerce software and the parent company behind the industry-leading brands WordPress.com, WooCommerce, WordPress VIP, Jetpack, Tumblr, and more — was awarded a coveted spot on the prestigious Forbes Cloud 100 list, the annual ranking of the world’s top private cloud companies. In partnership with Bessemer Venture Partners and Salesforce Ventures, the Forbes Cloud 100 recognizes standouts in tech’s hottest categories from disruptive startups to internet giants.

A pioneer in democratizing publishing and e-commerce, WordPress powers 38 percent of all websites globally, has 10x the content management market share of its nearest competitor, and is the platform of choice for tens of millions of websites around the world. 

WooCommerce, Automattic’s e-commerce solution, powers 30 percent of the top one million global e-commerce websites — allowing anyone to sell anything from anywhere. With WooCommerce, people can build exactly the business they want, with everything they need to run their store on a single platform. 

Automattic’s technology also powers the largest brands on the web. The WordPress VIP Platform is used by more than 250 enterprises, including Salesforce.com, Facebook, Microsoft, New York Times, Spotify, and CNN, to publish content to hundreds of millions of readers and users.  VIP’s purpose-built infrastructure delivers flexibility, security, and control with unrivaled performance and effortless scaling.

Automattic’s innovation is also attracting a growing and diverse array of platform interactions  —  e.g. 1.7 million new users registering each month across the Automattic ecosystem, 1.2 billion monthly unique visitors on WordPress.com, and 9 billion monthly page views on Tumblr. 

“We are incredibly proud to be included in the Forbes Cloud 100 list — for the fifth year in a row — among so many other noteworthy companies,” said Matt Mullenweg, CEO, Automattic. “Our passion is making the web a better place, and I credit the extraordinary results over the years to the talented and wonderful people — both inside and outside our organization — who bring the Automattic vision to life every day.”