WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.
Download WordPress 4.9.2 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.
Thank you to everyone who contributed to WordPress 4.9.2:
Activity slowed down in December in the WordPress community, particularly in the last two weeks. However, the month started off with a big event and work pushed forward in a number of key areas of the project. Read on to find out more about what transpired in the WordPress community as 2017 came to a close.
WordCamp US 2017 Brings the Community Together
The latest edition of WordCamp US took place last month in Nashville on December 1-3. The event brought together over 1,400 WordPress enthusiasts from around the world, fostering a deeper, more engaged global community.
The next WordCamp US will be held in Nashville again in 2018, but if you would like to see it hosted in your city in 2019 and 2020, then you have until February 2 to apply.
WordPress User Survey Data Is Published
Over the last few years, tens of thousands of WordPress users all over the world have filled out the annual WordPress user survey. The results of that survey are used to improve the WordPress project, but that data has mostly remained private. This has changed now and the results from the last three surveys are now publicly available for everyone to analyze.
The data will be useful to anyone involved in WordPress since it provides a detailed look at who uses WordPress and what they do with it — information that can help inform product development decisions across the board.
Tide is a series of automated tests run against every plugin and theme in the directory to help WordPress users make informed decisions about the plugins and themes that they choose to install.
The annual surveys for WordPress meetup members and meetup organizers are available for people to fill out — if you’re involved in or attend your local meetup group then be sure to complete those.
10up has a brand new plugin in beta that will assist with powerful and flexible content publishing and syndication across WordPress sites.
For many years, we’ve invited folks to tell us how they use WordPress by filling out an annual survey. In the past, interesting results from this survey have been shared in the annual State of the Word address. This year, for the first time, the results of the 2017 survey are being published on WordPress News, along with the results of the 2015 and 2016 survey.
So that information from the survey doesn’t reveal anything that respondents might consider private, we do not publish a full export of the raw data. We’d love to make this information as accessible as possible, though, so if you have a suggestion for an OS project or tool we can put the data into that allows people to play with it that still protects individual response privacy, please leave a comment on this post!
Major Groups
This survey features multiple groups, dividing respondents at the first question:
Which of the following best describes how you use WordPress? (Mandatory)
Those who selected “I’m a designer or developer, or I work for a company that designs/develops websites; I use WordPress to build websites and/or blogs for others. (This might include theme development, writing plugins, or other custom work.)” were served questions from what we’ll call the “WordPress Professionals” group.
This “WordPress Professionals” group is further divided into WordPress Company and WordPress Freelancer/Hobbyist groups, based on how the respondent answered the question, “Which of the following best describes your involvement with WordPress? (2015) / Do you work for a company, or on your own? (2016-17).”
Those who selected “I own, run, or contribute to a blog or website that is built with WordPress.” were served questions in what we’re calling the “WordPress Users” group.
The relevant survey group is noted in each table below. In the case of questions that were served to different groups in 2015 but then served to all respondents in 2016 and 2017, the group responses from 2015 have been consolidated into one set of data for easier comparison between years.
Which of the following best describes how you use WordPress? (Mandatory)
2015
2016
2017
Number of responses (since this question was mandatory, the number of responses here is the total number for the survey)
45,995
15,585
16,029
I’m a designer or developer, or I work for a company that designs/develops websites; I use WordPress to build websites and/or blogs for others. (This might include theme development, writing plugins, other custom work.)
26,662
58%
8,838
57%
9,099
57%
I own, run, or contribute to a blog or website that is built with WordPress.
16,130
35%
5,293
34%
5,625
35%
Neither of the above.
3,204
7%
1,460
9%
1,306
8%
WordPress Professionals
Which of the following best describes your involvement with WordPress? (Mandatory, 2015) / Do you work for a company, or on your own? (Mandatory, 2016-17)
2015
2016
2017
Group: WordPress Professional
Number of responses
26,699
8,838
9,101
My primary job is working for a company or organization that uses WordPress.
9,505
36%
3,529
40%
3,660
40%
My primary job is as a self-employed designer or developer that uses WordPress.
9,310
35%
3,188
36%
3,440
38%
I earn money from part-time or occasional freelance work involving WordPress.
5,954
22%
1,633
18%
1,590
17%
Work that I do involving WordPress is just a hobby, I don’t make money from it.
1,930
7%
491
6%
411
5%
How does your company or organization work with WordPress?
2015
2016
2017
Group: WordPress Company
Number of responses
9,342
Build/design and/or maintain websites or blogs for other people, companies, or organizations.
7,772
27%
Develop or customize themes.
5,404
19%
Build/design and/or maintain websites or blogs for my own use.
4,733
16%
Host websites for customers.
4,397
15%
Develop or distribute plugins.
3,181
11%
Provide educational resources to help others to use WordPress.
1,349
5%
Sponsor and/or attend WordCamps.
1,127
4%
Contribute bug reports and/or patches to WordPress core.
914
3%
Other Option
182
1%
Number of responses
3,457
3,598
We make websites for others.
2,695
24%
2,722
23%
We make websites for ourselves.
2,355
21%
2,470
21%
We develop or customize themes.
1,866
16%
1,910
16%
We host websites for others.
1,564
14%
1,595
14%
We develop or distribute plugins.
1,283
11%
1,342
11%
We provide educational resources to help others to use WordPress.
581
5%
631
5%
We sponsor and/or attend WordCamps.
561
5%
579
5%
We contribute bug reports and/or patches to WordPress core.
444
4%
468
4%
Other Option
98
1%
96
1%
How would you describe the business of your typical client(s)? (2015) / How would you describe the business of your typical client/customer? (2016, 2017)
2015
2016
2017
Group: WordPress Company
Number of responses
9,154
3,317
3,498
Small business
6,893
32%
2,398
31%
2,510
31%
Large business or Enterprise
3,635
17%
1,361
18%
1,447
18%
Non-profit
2,644
12%
934
12%
992
12%
Individual
2,600
12%
888
12%
1,022
12%
Education
2,344
11%
854
11%
966
12%
Website development (sub-contracting)
2,065
10%
637
8%
677
8%
Government
1,410
6%
524
7%
552
7%
Other Option
127
1%
66
1%
64
1%
How does your company or organization use WordPress when developing websites? (2015) / When making websites, how does your company or organization use WordPress? (2016, 2017)
2015
2016
2017
Group: WordPress Company
Number of responses
9,078
3,369
3,552
Mostly as a content management system (CMS)
6,361
70%
2,482
74%
2,640
74%
About half the time as a blogging platform and half the time as a CMS
1,222
13%
370
11%
383
11%
Mostly as a blogging platform
721
8%
137
4%
129
4%
Mostly as an application framework
629
7%
303
9%
303
9%
Other Option
145
2%
78
2%
97
3%
How much is your average WordPress site customized from the original WordPress installation?
2015
2016
2017
Group: WordPress Company
Number of responses
9,054
3,302
3,473
A lot of work has been done, the front end is unrecognizable, but the Dashboard still looks like the usual WordPress interface.
5,651
62%
2,025
61%
2,105
61%
There’s a different theme and some plugins have been added.
2,230
25%
799
24%
905
26%
Not at all, it’s still pretty much the same as the original download.
756
8%
302
9%
298
9%
You’d never know this was a WordPress installation, everything (including the admin) has been customized.
417
5%
177
5%
165
5%
Roughly how many currently active WordPress sites has your company or organization built?
2015
2016
2017
Group: WordPress Company
Number of responses
8,801
200 +
1,074
12%
51 – 200
1,721
20%
21 – 50
1,718
20%
11 – 20
1,284
15%
6 – 10
1,109
13%
2 – 5
1,418
16%
1
390
4%
0
87
1%
Number of responses
3,358
3,540
Thousands.
291
9%
331
9%
Hundreds.
770
23%
894
25%
Fewer than a hundred.
1,144
34%
1,177
33%
Just a few, but they are really great.
926
28%
896
25%
Prefer not to answer.
228
7%
242
7%
How many person-hours (of your company’s work) does the typical site take to complete?
2015
2016
2017
Group: WordPress Company
Number of responses
9,091
3,353
3,522
More than 200
939
10%
309
9%
325
9%
100 – 200
1080
12%
329
10%
367
10%
60 – 100
1541
17%
527
16%
513
15%
40 – 60
1854
20%
583
17%
620
18%
20 – 40
2066
23%
691
21%
685
19%
Fewer than 20
1611
18%
479
14%
519
15%
Prefer not to answer (2016, 2017)
436
13%
493
14%
Roughly what percentage of your company or organization’s output is based around WordPress (as opposed to other platforms or software)?
2015
2016
2017
Group: WordPress Company
Number of responses
8,950
3,345
3,503
100 %
1,089
12%
438
13%
480
14%
90 %
1,043
12%
417
12%
459
13%
80 %
955
11%
367
11%
424
12%
70 %
831
9%
305
9%
344
10%
60 %
534
6%
246
7%
226
6%
50 %
973
11%
335
10%
338
10%
40 %
613
7%
245
7%
202
6%
30 %
877
10%
335
10%
310
9%
20 %
806
9%
242
7%
280
8%
10 %
1,039
12%
344
10%
348
10%
0 %
190
2%
72
2%
92
3%
In which of the following ways do you work with WordPress?
2015
2016
2017
Group: WordPress Freelancer/Hobbyist
Number of responses
17,009
5,221
5,425
Build/design and/or maintain websites or blogs for other people, companies, or organizations
15,342
34%
4,795
34%
5,064
34%
Develop or customize themes
10,549
24%
2,997
21%
3,021
20%
Host websites for customers
8,142
18%
2,466
17%
2,728
18%
Develop or distribute plugins
4,125
9%
1,395
10%
1,416
9%
Provide educational resources to help others to use WordPress
3,276
7%
1,187
8%
1,308
9%
Sponsor and/or attend WordCamps
1,559
4%
648
5%
724
5%
Contribute bug reports and/or patches to WordPress core
1,107
2%
381
3%
393
3%
Other Option
389
1%
243
2%
299
2%
How would you describe the business of your typical client(s)?
2015
2016
2017
Group: WordPress Freelancer/Hobbyist
Number of responses
16,863
5,151
5,353
Small business
14,185
35%
4,342
35%
4,622
36%
Individual
8,513
21%
2,581
21%
2,583
20%
Non-profit
6,585
16%
2,004
16%
2,113
16%
Website development (sub-contracting)
4,301
11%
1,258
10%
1,216
9%
Education
3,458
8%
1,049
8%
1,139
9%
Large business or Enterprise
2,391
6%
805
6%
857
7%
Government
1,150
3%
300
2%
329
3%
Other Option
173
0%
101
1%
99
1%
How do you use WordPress in your development?
2015
2016
2017
Group: WordPress Freelancer/Hobbyist
Number of responses
16,768
5,145
5,372
Mostly as a content management system (CMS)
11,754
70%
3,641
71%
3,959
74%
About half the time as a blogging platform and half the time as a CMS
2,825
17%
812
16%
721
13%
Mostly as an application framework
1,012
6%
343
7%
344
6%
Mostly as a blogging platform
992
6%
246
5%
226
4%
Other Option
185
1%
105
2%
122
2%
How much is your average WordPress site customized from the original WordPress installation?
2015
2016
2017
Group: WordPress Freelancer/Hobbyist
Number of responses
16,699
5,131
5,317
A lot of work has been done, the front end is unrecognizable, but the Dashboard still looks like the usual WordPress interface.
9,457
57%
2,837
55%
2,998
56%
There’s a different theme and some plugins have been added.
5,526
33%
1,694
33%
1,781
34%
Not at all, it’s still pretty much the same as the original download.
977
6%
341
7%
310
6%
You’d never know this was a WordPress installation, everything (including the admin) has been customized.
739
4%
261
5%
228
4%
How many currently active WordPress sites have you built? (2015) / Roughly how many currently active WordPress sites have you built? (2016, 2017)
2015
2016
2017
Group: WordPress Freelancer/Hobbyist
Number of responses
16,690
200 +
514
3%
51 – 200
1,728
10%
21 – 50
3,000
18%
11 – 20
3,146
19%
6 – 10
3,405
20%
2 – 5
3,838
23%
1
698
4%
0
361
2%
Number of responses
5,165
5367
Thousands.
110
2%
104
2%
Hundreds.
603
12%
713
13%
Fewer than a hundred.
2,264
44%
2,457
46%
Just a few, but they are really great.
1,871
36%
1,813
34%
Prefer not to answer.
319
6%
280
5%
Roughly what percentage of your working time is spent working with WordPress?
2015
2016
2017
Group: WordPress Freelancer/Hobbyist
Number of responses
16,658
5,039
5,241
100 %
949
6%
459
9%
461
9%
90 %
1,300
8%
527
10%
540
10%
80 %
1,784
11%
637
13%
711
14%
70 %
1,850
11%
608
12%
627
12%
60 %
1,313
8%
438
9%
465
9%
50 %
2,095
13%
612
12%
639
12%
40 %
1,438
9%
391
8%
384
7%
30 %
2,076
12%
530
11%
511
10%
20 %
1,743
10%
445
9%
429
8%
10 %
1,819
11%
342
7%
419
8%
0 %
291
2%
52
1%
55
1%
How many hours of your work does the typical site take to complete? (2015) / How many hours of work does your typical WordPress project take to launch? (2016, 2017)
2015
2016
2017
Group: WordPress Freelancer/Hobbyist
Number of responses
16,670
5,164
5,378
More than 200
503
3%
222
4%
245
5%
100 – 200
973
6%
386
7%
393
7%
60 – 100
2,277
14%
788
15%
815
15%
40 – 60
3,896
23%
1,153
22%
1,216
23%
20 – 40
6,068
36%
1,487
29%
1,582
29%
Fewer than 20
2,953
18%
712
14%
751
14%
Prefer not to answer
418
8%
376
7%
Which of the following have you done with WordPress?
2015
2016
2017
Group: WordPress Professional (Company/Freelancer/Hobbyist)
WordPress is as good as, or better than, its main competitors.
2015
2016
2017
Group: WordPress Professional
Number of responses (this question was not asked in the 2015 survey)
8,672
9,059
Agree
7551
87%
7836
87%
Prefer not to answer
754
9%
795
9%
Disagree
370
4%
428
5%
WordPress Users
Which of the following describes how you use WordPress?
2015
2016
2017
Group: WordPress User
Number of responses
15,169
5,043
5,521
My personal blog (or blogs) uses WordPress.
9,395
36%
3,117
36%
3,424
36%
My company or organization’s website is built with WordPress software.
7,480
29%
2,519
29%
2,841
30%
I have a hobby or side project that has a website built with WordPress.
6,112
23%
1,973
23%
2,200
23%
I write (or otherwise work) for an online publication that uses WordPress.
2,329
9%
806
9%
821
9%
Other Option
872
3%
234
3%
288
3%
Who installed your WordPress website?
2015
2016
2017
Group: WordPress User
Number of responses
15,055
5,020
5,523
I did.
11,216
66%
3,659
73%
4,129
75%
My hosting provider
2,236
13%
667
13%
767
14%
An external company
909
5%
182
4%
178
3%
An internal web person/team or a colleague
874
5%
178
4%
191
3%
A friend or family member
787
5%
192
4%
172
3%
I don’t know
502
3%
145
3%
87
2%
Other Option
345
2%
n/a
n/a
n/a
n/a
How much has the site been customized from the original WordPress installation?
2015
2016
2017
Group: WordPress User
Number of responses
14,789
4,997
5,494
There’s a different theme and some plugins have been added.
7,465
50%
2,337
47%
2,660
48%
A lot of work has been done, the site itself is unrecognizable from the original theme, but the Dashboard still looks like the usual WordPress interface.
4,715
32%
1,707
34%
1,872
34%
Not at all, it’s still pretty much the same as it was when I started out.
1,841
12%
635
13%
673
12%
You’d never know this was a WordPress installation, everything has been customized.
Group: All respondents (This question was not asked in the 2015 survey.)
Number of responses
13,953
14,680
Male
10,978
78.68%
11,570
78.81%
Female
2,340
16.77%
2,511
21.70%
Prefer not to answer
601
4.31%
562
3.83%
Transgender
11
0.08%
8
0.05%
Nonbinary
8
0.06%
17
0.12%
Genderqueer
4
0.03%
3
0.02%
Androgynous
6
0.04%
5
0.03%
Fluid
3
0.02%
4
0.03%
Demimale
2
0.01%
0
0
Where are you located?
2015
2016
2017
Group: All respondents (This question was not asked in the 2015 survey.)
Number of responses
14,562
15,343
United States
3,770
25.89%
4,067
26.51%
India
1,456
10.00%
1,424
9.28%
United Kingdom
810
5.56%
900
5.87%
Germany
555
3.81%
729
4.75%
Canada
511
3.51%
599
3.90%
Australia
389
2.67%
460
3.00%
Italy
298
2.05%
356
2.32%
Netherlands
343
2.36%
350
2.28%
France
232
1.59%
283
1.84%
Bangladesh
257
1.76%
263
1.71%
Spain
271
1.86%
252
1.64%
Brazil
239
1.64%
251
1.64%
Pakistan
254
1.74%
240
1.56%
Indonesia
230
1.58%
226
1.47%
Iran, Islamic Republic of
190
1.30%
173
1.13%
Sweden
144
0.99%
173
1.13%
Nigeria
196
1.35%
172
1.12%
South Africa
193
1.33%
172
1.12%
Russian Federation
181
1.24%
151
0.98%
Poland
129
0.89%
137
0.89%
Romania
144
0.99%
132
0.86%
Switzerland
122
0.84%
130
0.85%
Philippines
92
0.63%
125
0.81%
China
136
0.93%
123
0.80%
Austria
89
0.61%
122
0.80%
Ukraine
105
0.72%
118
0.77%
Denmark
107
0.73%
114
0.74%
Greece
120
0.82%
114
0.74%
Portugal
94
0.65%
109
0.71%
Vietnam
101
0.69%
108
0.70%
Mexico
94
0.65%
105
0.68%
Nepal
76
0.52%
97
0.63%
Ireland
72
0.49%
94
0.61%
Israel
78
0.54%
94
0.61%
New Zealand
77
0.53%
91
0.59%
Finland
63
0.43%
90
0.59%
Turkey
91
0.62%
86
0.56%
Malaysia
91
0.62%
81
0.53%
Belgium
84
0.58%
79
0.51%
Norway
66
0.45%
79
0.51%
Argentina
65
0.45%
76
0.50%
Bulgaria
74
0.51%
72
0.47%
Japan
61
0.42%
68
0.44%
Thailand
69
0.47%
67
0.44%
Czech Republic
76
0.52%
66
0.43%
Serbia
89
0.61%
63
0.41%
Kenya
58
0.40%
62
0.40%
Colombia
39
0.27%
59
0.38%
Egypt
40
0.27%
52
0.34%
What is your age?
2015
2016
2017
Group: All Respondents
Number of responses (This question was not asked in 2015.)
14,944
15,636
60 and over
1,139
8%
1,641
11%
50-59
1,537
10%
1,996
13%
40-49
2,205
15%
2,643
17%
30-39
3,914
26%
3,972
25%
20-29
5,013
34%
4,444
28%
Under 20
1142
8%
941
6%
Thank you to everyone who made time to fill out the survey — we’re so happy you use WordPress, and we’re very grateful that you’re willing to share your experiences with us! Thanks also to everyone who spread the word about this survey, and to those of you who read all the way to the bottom of this post. 😉
*Text Field Questions: Each survey included some questions that could be answered only by filling out a text field. In the case of the questions “What is the best thing about WordPress?” and “What is the most frustrating thing about WordPress?” we listed the five most common responses, aggregated when applicable. In the case of the question “What is your gender?” in the 2016 and 2017 surveys, we aggregated responses as best we could. Responses meant to obscure respondents’ gender entirely are aggregated in “prefer not to answer.”
The WordPress project recently released WordPress 4.9, “Tipton” — a new major release named in honor of musician and band leader Billy Tipton. Read on to find out more about this and other interesting news from around the WordPress world in November.
WordPress 4.9 “Tipton”
On November 16, WordPress 4.9 was released with new features for publishers and developers alike. Release highlights include design locking, scheduling, and previews in the Customizer, an even more secure and usable code editing experience, a new gallery widget, and text widget improvements.
The follow up security and maintenance, v4.9.1, has now been released to tighten up the security of WordPress as a whole.
The next edition of WordCamp Europe takes place in June, 2018. While the organizing team is still in the early stages of planning, they are accepting speaker applications.
WordCamp Europe is the largest WordCamp in the world and, along with WordCamp US, one of the flagship events of the WordCamp program — speaking at this event is a great way to give back to the global WordPress community by sharing your knowledge and expertise with thousands of WordPress enthusiasts.
Diversity Outreach Speaker Training Initiative
To help WordPress community organizers offer diverse speaker lineups, a new community initiative has kicked off to use existing speaker training workshops to demystify speaking requirements and help participants gain confidence in their ability to share their WordPress knowledge in a WordCamp session.
The working group behind this initiative will be meeting regularly to discuss and plan how they can help local communities to train speakers for WordCamps and other events.
To get involved in this initiative, you can join the meetings at 5pm UTC every other Wednesday in the #community-team channel of the Making WordPress Slack group.
WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:
Use a properly generated hash for the newbloguser key instead of a determinate substring.
Add escaping to the language attributes used on html elements.
Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Download WordPress 4.9.1 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.
Thank you to everyone who contributed to WordPress 4.9.1:
Major Customizer Improvements, Code Error Checking, and More! 🎉
Version 4.9 of WordPress, named “Tipton” in honor of jazz musician and band leader Billy Tipton, is available for download or update in your WordPress dashboard. New features in 4.9 will smooth your design workflow and keep you safe from coding errors.
Featuring design drafts, scheduling, and locking, along with preview links, the Customizer workflow improves collaboration for content creators. What’s more, code syntax highlighting and error checking will make for a clean and smooth site building experience. Finally, if all that wasn’t pretty great, we’ve got an awesome new Gallery widget and improvements to theme browsing and switching.
Customizer Workflow Improved
Draft and Schedule Site Design Customizations
Yes, you read that right. Just like you can draft and revise posts and schedule them to go live on the date and time you choose, you can now tinker with your site’s design and schedule those design changes to go live as you please.
Collaborate with Design Preview Links
Need to get some feedback on proposed site design changes? WordPress 4.9 gives you a preview link you can send to colleagues and customers so that you can collect and integrate feedback before you schedule the changes to go live. Can we say collaboration++?
Design Locking Guards Your Changes
Ever encounter a scenario where two designers walk into a project and designer A overrides designer B’s beautiful changes? WordPress 4.9’s design lock feature (similar to post locking) secures your draft design so that no one can make changes to it or erase all your hard work.
A Prompt to Protect Your Work
Were you lured away from your desk before you saved your new draft design? Fear not, when you return, WordPress 4.9 will politely ask whether or not you’d like to save your unsaved changes.
Coding Enhancements
Syntax Highlighting and Error Checking? Yes, Please!
You’ve got a display problem but can’t quite figure out exactly what went wrong in the CSS you lovingly wrote. With syntax highlighting and error checking for CSS editing and the Custom HTML widget introduced in WordPress 4.8.1, you’ll pinpoint coding errors quickly. Practically guaranteed to help you scan code more easily, and suss out & fix code errors quickly.
Sandbox for Safety
The dreaded white screen. You’ll avoid it when working on themes and plugin code because WordPress 4.9 will warn you about saving an error. You’ll sleep better at night.
Warning: Potential Danger Ahead!
When you edit themes and plugins directly, WordPress 4.9 will politely warn you that this is a dangerous practice and will recommend that you draft and test changes before updating your file. Take the safe route: You’ll thank you. Your team and customers will thank you.
Even More Widget Updates
The New Gallery Widget
An incremental improvement to the media changes hatched in WordPress 4.8, you can now add a gallery via this new widget. Yes!
Press a Button, Add Media
Want to add media to your text widget? Embed images, video, and audio directly into the widget along with your text, with our simple but useful Add Media button. Woo!
Site Building Improvements
More Reliable Theme Switching
When you switch themes, widgets sometimes think they can just move location. Improvements in WordPress 4.9 offer more persistent menu and widget placement when you decide it’s time for a new theme.
Find and Preview the Perfect Theme
Looking for a new theme for your site? Now, from within the Customizer, you can search, browse, and preview over 2600 themes before deploying changes to your site. What’s more, you can speed your search with filters for subject, features, and layout.
Better Menu Instructions = Less Confusion
Were you confused by the steps to create a new menu? Perhaps no longer! We’ve ironed out the UX for a smoother menu creation process. Newly updated copy will guide you.
Lend a Hand with Gutenberg 🤝
WordPress is working on a new way to create and control your content and we’d love to have your help. Interested in being an early tester or getting involved with the Gutenberg project? Contribute on GitHub.
We’ve made numerous improvements to the Customizer JS API in WordPress 4.9, eliminating many pain points. (Hello, default parameters for constructs! Goodbye repeated ID for constructs!) There are also new base control templates, a date/time control, and section/panel/global notifications to name a few. Check out the full list.
We’ve introduced a new code editing library, CodeMirror, for use within core. CodeMirror allows for syntax highlighting, error checking, and validation when creating code writing or editing experiences within your plugins, like CSS or JavaScript include fields.
WordPress 4.9 includes an upgraded version of MediaElement.js, which removes dependencies on jQuery, improves accessibility, modernizes the UI, and fixes many bugs.
New capabilities have been introduced that allow granular management of plugins and translation files. In addition, the site switching process in multisite has been fine-tuned to update the available roles and capabilities in a more reliable and coherent way.
The Squad
This release was led by Mel Choyce and Weston Ruter, with the help of the following fabulous folks. There are 443 contributors with props in this release, with 185 of them contributing for the first time. Pull up some Billy Tipton on your music service of choice, and check out some of their profiles:
Finally, thanks to all the community translators who worked on WordPress 4.9. Their efforts bring WordPress 4.9 fully translated to 43 languages at release time, with more on the way.
The third release candidate for WordPress 4.9 is now available.
A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. In fact, we did miss some things in RC1 and RC2. This third release candidate was not originally scheduled, but due a number of defects uncovered through your testing of RC2 (thank you!), we are putting out another 4.9 release candidate.
We hope to ship WordPress 4.9 on Tuesday, November 14 (that’s tomorrow) at 23:00 UTC, but we still need your help to get there. If you haven’t tested 4.9 yet, now is the time! If there are additional defects uncovered through testing between now and the release time, we may delay the 4.9 release to the following day.
We’ve made just over 20 changes since releasing RC2 last week (as we did between RC1 and RC2). For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3, Beta 4, RC1, and RC2 blog posts. A few specific areas to test in RC3:
Switching between the Visual and Text tabs of the editor, and the syncing of the cursor between those two tabs.
Overriding linting errors in the Customizer’s Additional CSS editor.
Adding nav menu items for Custom Links in the Customizer.
Scheduling customization drafts (stubbed posts/pages) for publishing in the Customizer.
Autosave revisions for changes in the Customizer.
About page styling.
Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. Please see the summative field guide to the 4.9 developer notes on the core development blog.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Didn’t squash them all 🐛 We want to release Tuesday New features not bugs ✨
Thanks for your continued help testing out the latest versions of WordPress.
The second release candidate for WordPress 4.9 is now available.
A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.9 on Tuesday, November 14 (just over one week from now), but we need your help to get there. If you haven’t tested 4.9 yet, now is the time!
We’ve made just over 20 changes since releasing RC 1 last week. For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3, Beta 4, and RC1 blog posts. Specific areas to test in RC2:
Theme installation in the Customizer.
Scheduling changes for publishing in the Customizer.
Switching themes with live preview in the Customizer.
Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. Please see the summative field guide to the 4.9 developer notes on the core development blog.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
While this month we focused on building new features for WordPress core, we advanced other areas of the project too. Read on to learn more about what the WordPress project accomplished during the month of October.
Take the 2017 Annual WordPress User Survey
The annual WordPress User Survey is a great opportunity for you to provide your feedback about how you use WordPress. This year is no exception, as the 2017 WordPress User Survey is out now.
The information collected in the survey is used to make informed decisions about improvements across the WordPress project, so your answers are incredibly valuable and help shape the future of the platform.
WordPress 4.8.3 Security Release
At the end of October, WordPress 4.8.3 was released containing an important security fix for all previous versions of WordPress. If your WordPress installation has not updated automatically, please update it now to protect your site.
This security issue was brought to light by a community member, so if you ever discover a security vulnerability in WordPress core, please do the same and disclose it responsibly.
WordPress 4.9 Nearly Ready for Release
WordPress 4.9 was in rapid development this month. We released four beta versions and published a release candidate. The target for shipping WordPress 4.9 is November 14 — just two short weeks away. With many new features, this is a hugely exciting release that improves WordPress’ user experience considerably. Notably, you’ll see improvements to the theme selection experience, plenty of widget enhancements, drastically improved code editing, and much better user role management.
For the last few years, the number of do_action series of WordPress charity hackathons has grown around the world. What started as a community event to assist local nonprofit organizations, has become something many WordPress communities are replicating in an increasing number of cities.
As of this month, do_action events have been hosted in Cape Town and Johannesburg, South Africa, Beirut, Lebanon, Austin, Texas, and Montréal, Canada. In addition, events are now scheduled for Bristol, England and Zurich, Switzerland in 2018.
While work steadily continues on Gutenberg — the new editor for WordPress core — one update from this month addresses one of the primary concerns that some people shared about the project.
Up until the release on October 24, Gutenberg did not support the meta boxes that so many WordPress content creators rely on. The new editor now has initial support for meta boxes as well as a host of other critical features for content creation in WordPress.
The next installment of Camp Press, the WordPress community retreat event, will take place in Iceland.
If you run a WordPress meetup group, but are struggling to find content for your events, the WordPress Marketing team has put together some ideas to help.
WordCamp US 2017 is just around the corner — there’s still time to grab your tickets.
If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.
WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.
This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change, you can read more details in the developer note.
Download WordPress 4.8.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.3.
