WordPress.org

GDPR compliance is an important consideration for all WordPress websites. The GDPR Compliance team is looking for help to test the privacy tools that are currently being developed in core.

What is GDPR?

GDPR stands for General Data Protection Regulation and is intended to strengthen and unify data protection for all individuals within the European Union. Its primary aim is to give control back to the EU residents over their personal data.

Why the urgency? Although the GDPR was introduced two years ago, it becomes  enforceable starting May 25, 2018.

Make WordPress GDPR Compliance Team

Currently, the GDPR Compliance Team understands that helping WordPress-based sites become compliant is a large and ongoing task. The team is focusing on creating a comprehensive core policy, plugin guidelines, privacy tools and documentation. All of this requires your help.

The GDPR Compliance Team is focusing on four main areas:

• Add functionality to assist site owners in creating comprehensive privacy policies for their websites.
• Create guidelines for plugins to become GDPR ready.
• Add administration tools to facilitate compliance and encourage user privacy in general.
• Add documentation to educate site owners on privacy, the main GDPR compliance requirements, and on how to use the new privacy tools.

Don’t we already have a privacy policy?

Yes and no. That said, The GDPR puts tighter guidelines and restrictions. Though we have many plugins that create privacy pages, we need means to generate a unified, comprehensive privacy policy. We will need tools for users to easily come into compliance.

Site owners will be able to create GDPR compliant privacy policy in three steps:

1. Adding a dedicated page for the policy.
   
2. Adding privacy information from plugins.
3. Reviewing and publishing the policy.

A new “postbox” will be added to the Edit Page screen when editing the policy. All plugins that collect or store user data will be able to add privacy information there. In addition it will alert the site owners when any privacy information changes after a plugin is activated, deactivated, or updated.

There is a new functionality to confirm user requests by email address. It is intended for site owners to be able to verify requests from users for displaying, downloading, or anonymizing of personal data.

A new “Privacy” page is added under the “Tools” menu. It will display new, confirmed requests from users, as well as already fulfilled requests. It will also contain the tools for exporting and anonymizing of personal data and for requesting email confirmation to avoid abuse attempts.

New section on privacy will be added to the Plugin Handbook. It will contain some general information on user privacy, what a plugin should do to be compliant, and also tips and examples on how to use the new privacy related functionality in WordPress.

The new privacy tools are scheduled for release at the end of April or beginning of May 2018.

How can you get involved?

We would love to have your help. The first step is awareness and education. For more information about the upcoming privacy tools see the roadmap.

If you would like to get involved in building WordPress Core and testing the new privacy tools, please join the #gdpr-compliance channel in the Make WordPress Slack group.

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:

1. Don't treat localhost as same host by default.
2. Use safe redirects when redirecting the login page if SSL is forced.
3. Make sure the version string is correctly escaped for use in generator tags.

Thank you to the reporters of these issues for practicing coordinated security disclosure: xknown of the WordPress Security Team, Nitin Venkatesh (nitstorm), and Garth Mortensen of the WordPress Security Team.

Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:

• The previous styles on caption shortcodes have been restored.
• Cropping on touch screen devices is now supported.
• A variety of strings such as error messages have been updated for better clarity.
• The position of an attachment placeholder during uploads has been fixed.
• Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.
• Improved compatibility with PHP 7.2.

This post has more information about all of the issues fixed in 4.9.5 if you'd like to learn more.

Download WordPress 4.9.5 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.5:

1265578519, Aaron Jorbin, Adam Silverstein, Alain Schlesser, alexgso, Andrea Fercia, andrei0x309, antipole, Anwer AR, Birgir Erlendsson (birgire), Blair jersyer, Brooke., Chetan Prajapati, codegrau, conner_bw, David A. Kennedy, designsimply, Dion Hulse, Dominik Schilling (ocean90), ElectricFeet, ericmeyer, FPCSJames, Garrett Hyder, Gary Pendergast, Gennady Kovshenin, Henry Wright, Jb Audras, Jeffrey Paul, Jip Moors, Joe McGill, Joen Asmussen, John Blackbourn, johnpgreen, Junaid Ahmed, kristastevens, Konstantin Obenland, Laken Hafner, Lance Willett, leemon, Mel Choyce, Mike Schroder, mrmadhat, nandorsky, Nidhi Jain, Pascal Birchler, qcmiao, Rachel Baker, Rachel Peter, RavanH, Samuel Wood (Otto), Sebastien SERRE, Sergey Biryukov, Shital Marakana, Stephen Edgar, Tammie Lister, Thomas Vitale, Will Kwon, and Yahil Madakiya.

With a significant new milestone and some great improvements to WordPress as a platform, this month has been an important one for the project. Read on to find out more about what happened during the month of March.

WordPress Now Powers 30% of the Internet

Over the last 15 years, the popularity and usage of WordPress has been steadily growing. That growth hit a significant milestone this month when W3Techs reported that WordPress now powers over 30% of sites on the web.

The percentage is determined based on W3Techs’ review of the top 10 million sites on the web, and it’s a strong indicator of the popularity and flexibility of WordPress as a platform.

If you would like to have hand in helping to grow WordPress even further, you can get involved today.

WordPress Jargon Glossary Goes Live

The WordPress Marketing Team has been hard at work lately putting together a comprehensive glossary of WordPress jargon to help newcomers to the project become more easily acquainted with things.

The glossary is available here along with a downloadable PDF to make it simpler to reference offline.

Publishing this resource is part of an overall effort to make WordPress more easily accessible for people who are not so familiar with the project. If you would like to assist the Marketing Team with this, you can follow the team blog and join the #marketing channel in the Making WordPress Slack group.

Focusing on Privacy in WordPress

Online privacy has been in the news this month for all the wrong reasons. It has reinforced the commitment of the GDPR Compliance Team to continue working on enhancements to WordPress core that allow site owners to improve privacy standards.

The team's work, and the wider privacy project, spans four areas: Adding tools which will allow site administrators to collect the information they need about their sites, examining the plugin guidelines with privacy in mind, enhancing privacy standards in WordPress core, and creating documentation focused on best practices in online privacy.

To get involved with the project, you can view the roadmap, follow the updates, submit patches, and join the #gdpr-compliance channel in the Making WordPress Slack group. Office hours are 15:00 UTC on Wednesdays.

Further Reading:

• The WordPress Foundation has published their annual report for 2017 showing just how much the community has grown over the last year.
• The dates for WordCamp US have been announced — this flagship WordCamp event will be held on 7-9 December this year in Nashville, Tennessee.
• WordPress 4.9.5 is due for release on April 3 — find out more here.
• Version 2.5 of Gutenberg, the new editor for WordPress core, was released this month with a host of great improvements.
• WordSesh, a virtual WordPress conference, is returning in July this year.

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

Judging by the flurry of activity across the WordPress project throughout February, it looks like everyone is really getting into the swing of things for 2018. There have been a lot of interesting new developments, so read on to see what the community has been up to for the past month.

WordPress 4.9.3 & 4.9.4

Early in the month, version 4.9.3 of WordPress was released, including a number of important bug fixes. Unfortunately it introduced a bug that prevented many sites from automatically updating to future releases. To remedy this issue, version 4.9.4 was released the following day requiring many people to manually update their sites.

While this kind of issue is always regrettable, the good thing is that it was fixed quickly, and that not all sites had updated to 4.9.3 yet, which meant they bypassed the bug in that version.

You can find out more technical information about this issue on the Core development blog.

The WordCamp Incubator is Back

In 2016, the Global Community Team ran an experimental program to help spread WordPress to underserved areas by providing more significant organizing support for their first WordCamp event. This program was dubbed the WordCamp Incubator, and it was so successful in the three cities where it ran that the program is back for 2018.

Right now, the Community Team is looking for cities to be a part of this year’s incubator by taking applications. Additionally, each incubator community will need an experienced WordCamp organizer to assist them as a co-lead organizer for their event — if that sounds interesting to you, then you can fill in the application form for co-leads.

You can find out further information about the WordCamp Incubator on the Community Team blog.

WordPress Meetup Roundtables scheduled for March

In order to assist local WordPress meetup organizers with running their meetup groups, some members of the Community Team have organized weekly meetup roundtable discussions through the month of March.

These will be run as video chats at 16:00 UTC every Wednesday this month and will be a great place for meetup organizers to come together and help each other out with practical ideas and advice.

If you are not already in the WordPress meetup program and would like to join, you can find out more information in the WordPress Meetup Organizer Handbook.

GDPR Compliance in WordPress Core

The General Data Protection Regulation (GDPR) is an upcoming regulation that will affect all online services across Europe. In order to prepare for this, a working group has been formed to make sure that WordPress is compliant with the GDPR regulations.

Aside from the fact that this will be a requirement for the project going forward, it will also have an important and significant impact on the privacy and security of WordPress as a whole. The working group has posted their proposed roadmap for this project and it looks very promising.

To get involved in building WordPress Core, jump into the #gdpr-compliance channel in the Making WordPress Slack group, and follow the Core team blog.

Further Reading:

• WPShout published a thorough guide to WordPress security.
• The Community Team has published interesting statistics from the WordCamp program in 2016 and 2017.
• An intriguing proposal has been made for a new ‘Onboarding’ team to be started in the WordPress project.
• The new editing experience for WordPress, named Gutenberg, continues to be actively developed with a feature-packed release this past month.
• The Advanced WordPress Facebook group held an interview with WordPress co-founder, Matt Mullenweg about the Gutenberg project.
• Two factor authentication is on its way to the WordPress.org network — this will be a great improvement to the overall security of the project.

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

WordCamps are informal, community-organized events that are put together by a team of local WordPress users who have a passion for growing their communities. They are born out of active WordPress meetup groups that meet regularly and are able to host an annual WordCamp event. This has worked very well in many communities, with over 120 WordCamps being hosted around the world in 2017.

Sometimes though, passionate and enthusiastic community members can’t pull together enough people in their community to make a WordCamp happen. To address this, we introduced the WordCamp Incubator program in 2016.

The goal of the incubator program is to help spread WordPress to underserved areas by providing more significant organizing support for their first WordCamp event. In 2016, members of the global community team worked with volunteers in three cities — Denpasar, Harare and Medellín — giving direct, hands-on assistance in making local WordCamps possible. All three of these WordCamp incubators were a great success, so we're bringing the incubator program back for 2018.

Where should the next WordCamp incubators be? If you have always wanted a WordCamp in your city but haven’t been able to get a community started, this is a great opportunity. We will be taking applications for the next few weeks, then will get in touch with everyone who applied to discuss the possibilities. We will announce the chosen cities by the end of March.

To apply, fill in the application by March 15, 2018. You don’t need to have any specific information handy, it’s just a form to let us know you’re interested. You can apply to nominate your city even if you don’t want to be the main organizer, but for this to work well we will need local liaisons and volunteers, so please only nominate cities where you live or work so that we have at least one local connection to begin.

We're looking forward to hearing from you!

WordPress 4.9.4 is now available.

This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail to update automatically, and will require action from you (or your host) for it to be updated to 4.9.4.

Four years ago with WordPress 3.7 “Basie”, we added the ability for WordPress to self-update, keeping your website secure and bug-free, even when you weren’t available to do it yourself. For four years it’s helped keep millions of installs updated with very few issues over that time. Unfortunately yesterdays 4.9.3 release contained a severe bug which was only discovered after release. The bug will cause WordPress to encounter an error when it attempts to update itself to WordPress 4.9.4, and will require an update to be performed through the WordPress dashboard or hosts update tools.

WordPress managed hosting companies who install updates automatically for their customers can install the update as normal, and we’ll be working with other hosts to ensure that as many customers of theirs who can be automatically updated to WordPress 4.9.4 can be.

For more technical details of the issue, we’ve posted on our Core Development blog. For a full list of changes, consult the list of tickets.

Download WordPress 4.9.4 or visit Dashboard → Updates and click “Update Now.”

WordPress 4.9.3 is now available.

This maintenance release fixes 34 bugs in 4.9, including fixes for Customizer changesets, widgets, visual editor, and PHP 7.2 compatibility. For a full list of changes, consult the list of tickets and the changelog.

Download WordPress 4.9.3 or visit Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.3:

Aaron Jorbin, abdullahramzan, Adam Silverstein, Andrea Fercia, andreiglingeanu, Andrew Ozz, Brandon Payton, Chetan Prajapati, coleh, Darko A7, David Cramer, David Herrera, Dion Hulse, Felix Arntz, Frank Klein, Gary Pendergast, Jb Audras, Jeffrey Paul, lizkarkoski, Marius L. J., mattyrob, Monika Rao, munyagu, ndavison, Nick Momrik, Peter Wilson, Rachel Baker, rishishah, Ryan Paul, Sami Ahmed Siddiqui, Sayed Taqui, Sean Hayes, Sergey Biryukov, Shawn Hooper, Stephen Edgar, Sultan Nasir Uddin, tigertech, and Weston Ruter.

Things got off to a gradual start in 2018 with momentum starting to pick up over the course of the month. There were some notable developments in January, including a new point release and work being done on other important areas of the WordPress project.

WordPress 4.9.2 Security and Maintenance Release

On January 16, WordPress 4.9.2 was released to fix an important security issue with the media player, as well as a number of other smaller bugs. This release goes a long way to smoothing out the 4.9 release cycle with the next point release, v4.9.3, due in early February.

To get involved in building WordPress Core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.

Updated Plugin Directory Guidelines

At the end of 2017, the guidelines for the Plugin Directory received a significant update to make them clearer and expanded to address certain situations. This does not necessarily make these guidelines complete, but rather more user-friendly and practical; they govern how developers build plugins for the Plugin Directory, so they need to evolve with the global community that the Directory serves.

If you would like to contribute to these guidelines, you can make a pull request to the GitHub repository or email plugins@wordpress.org. You can also jump into the #pluginreview channel in the Making WordPress Slack group.

Further Reading:

• Near the end of last year a lot of work was put into improving the standards in the WordPress core codebase and now the entire platform is at nearly 100% compliance with the WordPress coding standards.
• Gutenberg, the new editor coming to WordPress core in the next major release, was updated to v2.1 this month with some great usability and technical improvements.
• The Global Community Team is taking suggestions for the goals of the Community program in 2018.
• WPCampus Online, a digital conference focused on WordPress in higher education, took place on January 30. The videos of the event sessions will be online soon.
• A WordPress community member has released a toolkit to help developers build blocks for Gutenberg.
• The community team that works to improve the WordPress hosting experience is relatively young, but they have been making some great progress recently.

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

Thank you to the reporters of this issue for practicing responsible security disclosure: Enguerran Gillier and Widiz.

21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:

• JavaScript errors that prevented saving posts in Firefox have been fixed.
• The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.
• Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.
  

The Codex has more information about all of the issues fixed in 4.9.2, if you'd like to learn more.

Download WordPress 4.9.2 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.2:

0x6f0, Aaron Jorbin, Andrea Fercia, Andrew Duthie, Andrew Ozz, Blobfolio, Boone Gorges, Caleb Burks, Carolina Nymark, chasewg, Chetan Prajapati, Dion Hulse, Hardik Amipara, ionvv, Jason Caldwell, Jeffrey Paul, Jeremy Felt, Joe McGill, johnschulz, Juhi Patel, Konstantin Obenland, Mark Jaquith, Nilambar Sharma, Peter Wilson, Rachel Baker, Rinku Y, Sergey Biryukov, and Weston Ruter.

Activity slowed down in December in the WordPress community, particularly in the last two weeks. However, the month started off with a big event and work pushed forward in a number of key areas of the project. Read on to find out more about what transpired in the WordPress community as 2017 came to a close.

WordCamp US 2017 Brings the Community Together

The latest edition of WordCamp US took place last month in Nashville on December 1-3. The event brought together over 1,400 WordPress enthusiasts from around the world, fostering a deeper, more engaged global community.

While attending a WordCamp is always a unique experience, you can catch up on the sessions on WordPress.tv and look through the event photos on Facebook to get a feel for how it all happened. Of course, Matt Mullenweg’s State of the Word talk is always one of the highlights at this event.

The next WordCamp US will be held in Nashville again in 2018, but if you would like to see it hosted in your city in 2019 and 2020, then you have until February 2 to apply.

WordPress User Survey Data Is Published

Over the last few years, tens of thousands of WordPress users all over the world have filled out the annual WordPress user survey. The results of that survey are used to improve the WordPress project, but that data has mostly remained private. This has changed now and the results from the last three surveys are now publicly available for everyone to analyze.

The data will be useful to anyone involved in WordPress since it provides a detailed look at who uses WordPress and what they do with it — information that can help inform product development decisions across the board.

New WordPress.org Team for the Tide Project

As announced at WordCamp US, the Tide project is being brought under the WordPress.org umbrella to be managed and developed by the community.

Tide is a series of automated tests run against every plugin and theme in the directory to help WordPress users make informed decisions about the plugins and themes that they choose to install.

To get involved in developing Tide, jump into the #tide channel in the Making WordPress Slack group, and follow the Tide team blog.

Further Reading:

• If you’re following the development of Gutenberg, or if you want a primer on where it’s headed, then Morten Rand-Hendriksen’s talk from WordCamp US is a must watch.
• The annual surveys for WordPress meetup members and meetup organizers are available for people to fill out — if you’re involved in or attend your local meetup group then be sure to complete those.
• 10up has a brand new plugin in beta that will assist with powerful and flexible content publishing and syndication across WordPress sites.
• The Community Team is exploring a move to make the recently developed CampSite theme the default theme for all new WordCamp websites. This is the theme that was developed and employed for WordCamp Europe 2017.
• The team working on the multisite features of WordPress Core has recently published their planned roadmap for development.

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.