WordPress.org

WordPress 5.4.2 Security and Maintenance Release

Posted June 10, 2020 by Jake Spurlock. Filed under Releases, Security.

WordPress 5.4.2 is now available!

This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.

If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the bugs for you.

Security Updates

WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
  • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

One maintenance update was also deployed to versions 5.1, 5.2 and 5.3. See the related developer note for more information.

You can browse the full list of changes on Trac.

For more info, browse the full list of changes on Trac or check out the Version 5.4.2 documentation page.

WordPress 5.4.2 is a short-cycle maintenance release. The next major release will be version 5.5.

You can download WordPress 5.4.2 from the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Thanks and props!

In addition to the security researchers mentioned above, thank you to everyone who helped make WordPress 5.4.2 happen:

Andrea Fercia, argentite, M Asif Rahman, Jb Audras, Ayesh Karunaratne, bdcstr, Delowar Hossain, Rob Migchels, donmhico, Ehtisham Siddiqui, Emilie LEBRUN, finomeno, garethgillman, Giorgio25b, Gabriel Maldonado, Hector F, Ian Belanger, Aaron Jorbin, Mathieu Viet, Javier Casares, Joe McGill, jonkolbert, Jono Alderson, Joy, Tammie Lister, Kjell Reigstad, KT, markusthiel, Mayank Majeji, Mel Choyce-Dwan, mislavjuric, Mukesh Panchal, Nikhil Bhansi, oakesjosh, Dominik Schilling, Arslan Ahmed, Peter Wilson, Carolina Nymark, Stephen Bernhardt, Sam Fullalove, Alain Schlesser, Sergey Biryukov, skarabeq, Daniel Richards, Toni Viemerö, suzylah, Timothy Jacobs, TeBenachi, Jake Spurlock and yuhin.

Equity and the Power of Community

Posted June 6, 2020 by Josepha. Filed under Community, General.

Over the past week, I’ve been thinking a lot about George Floyd, Breonna Taylor, and Ahmaud Arbery. I have been thinking about white supremacy, the injustice that Black women and men are standing up against across the world, and all the injustices I can’t know, and don’t see. 

The WordPress mission is to democratize publishing, and to me, that has always meant more than the freedom to express yourself. Democratizing publishing means giving voices to the voiceless and amplifying those speaking out against injustice. It means learning things that we otherwise wouldn’t. To me, it means that every voice has the ability to be heard, regardless of race, wealth, power, and opportunity. WordPress is a portal to commerce; it is a canvas for identity, and a catalyst for change.

While WordPress as an open source project may not be capable of refactoring unjust judicial systems or overwriting structural inequality, this does not mean that we, the WordPress community, are powerless. WordPress can’t dismantle white supremacy, but the WordPress community can invest in underrepresented groups (whose experiences cannot be substituted for) and hire them equitably. WordPress can’t eradicate prejudice, but the WordPress community can hold space for marginalized voices in our community.

There is a lot of racial, societal, and systemic injustice to fight. At times, change may seem impossible, and certainly, it’s been too slow. But I know in my heart that the WordPress community is capable of changing the world. 

If you would like to learn more about how to make a difference in your own community, here are a few resources I’ve gathered from WordPressers just like you.

The Month in WordPress: May 2020

Posted June 2, 2020 by Angela Jin. Filed under Month in WordPress.

May was an action-packed month for WordPress! WordPress organizers are increasingly moving WordCamps online, and contributors are taking big steps towards Full Site Editing with Gutenberg. To learn more and get all the latest updates, read on. 


Gutenberg 8.1 and 8.2

Gutenberg 8.1 was released on May 13, followed quickly by Gutenberg 8.2 on May 27. 

  • 8.1 added new block pattern features making it easier to insert desired patterns, along with a new pattern. It also added a button to  collapsed block actions for copying the selected block, which will help touchscreen users or users who don’t use keyboard shortcuts. 
  • 8.2 introduced block pattern categories and a `viewportWidth` property that will be particularly useful for large block patterns. There is also a new content alignment feature, and enhancements to improve the writing experience. 

Both releases include a number of new APIs, enhancements, bug fixes, experiments, new documentation, improvement to code quality, and more! To learn the latest, visit the announcement posts for Gutenberg 8.1 and Gutenberg 8.2.

Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.

Gutenberg Phase 2: Steps Towards Full Site Editing

Contributors are currently working hard on Phase 2 of Gutenberg! Where Phase 1 introduced the new block editor with WordPress 5.0, Phase 2 sees more customization and includes one of the biggest Gutenberg projects: Full Site Editing (FSE). At the moment, work on WordPress 5.5 has been initiated and contributors decided to include basic functionality for Full Site Editing in this release. FSE hopes to streamline the site creation and building process in WordPress using a block-based approach. There’s a lot of conversation and new information about FSE, so communication around the project is very important. On May 28th, a conversation was held in the #core-customize channel to discuss FSE and the future of the Customizer. To help everyone track the latest information, this post summarizes ways to keep up with FSE.

Want to get involved with Gutenberg and FSE?  Follow the Core team blog and join the #core-editor channel in the Making WordPress Slack group. You can also check the FSE pull requests and issues on GitHub.

Theme Review Team Rebranding

Representatives of the Themes Review Team have decided to update their team name to “Themes Team.” This decision reflects changes that the block editor brings to the landscape of themes with the Full Site Editing project. The team has always been involved in projects beyond reviewing WordPress.org themes and lately, the team has been contributing more to themes in general — including open-source packages, contributions to Full Site Editing, the Twenty Twenty theme, and more. You can read more about the name change in the team’s meeting notes.

Want to get involved with the Themes Team? Follow the Themes blog here, or join them in the #themereview channel in the Making WordPress Slack group.

Online WordCamp Program Announced

To assist organizers with moving their WordCamps online, the WordPress Community team has prepared a new set of guidelines for online WordCamps. The Community Team will cover online production and captioning costs associated with any online WordCamp without the need for local sponsorship. The team also updated its guidelines to cover the regional focus of online events, and modified the code of conduct to cater to the new format. The WordCamp schedule has also been updated to indicate whether an event is taking place online or not. You can find resources, tools, and information about online WordPress events in our Online Events Handbook. They have also prepared a new set of guidelines for in-person events taking place in 2020, in the light of COVID-19 challenges. 

Want to get involved with the Community team? Follow the Community blog here, or join them in the #community-events channel in the Making WordPress Slack group. To organize a Meetup or WordCamp, visit the handbook page

BuddyPress 6.0.0 “iovine’s”

On May 13th, BuddyPress 6.0.0, known as “iovine’s,” was released. This release includes two new blocks for the WordPress Editor: Members and Groups. It also saw the completion of the BP REST API, adding the six remaining endpoints, and the move or local avatar management to the Members component. Beyond that, 6.0.0 includes more than 80 changes, made possible by 42 contributors. 

Want to download this latest version of BuddyPress? Get it here.  You can also help by translating BuddyPress into another language or letting the team know of any issues you find in the support forums.

WordCamp Spain Online Concludes Successfully

WordPress Meetup organizers in Spain joined hands to organize WordCamp Spain online from May 6 to 9, which proved to be a huge success. The event had more than 5,500 attendees, 60 speakers, and 16 sponsors. Over 200 people from around the world participated in the Contributor Day. Matt Mullenweg hosted an AMA for the participants, facilitated by Mattias Ventura’s on-the-spot Spanish translation. 

If you missed the event, you can watch videos from WordCamp Spain online at WordPress.TV. Want to organize a regional WordCamp? Learn more about that here!


Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

The Month in WordPress: April 2020

Posted May 4, 2020 by Angela Jin. Filed under Month in WordPress.

April continued to be a challenging time for the WordPress community, with many under stay-at-home recommendations. However, it was also an exciting month in which we created new ways to connect with and inspire each other! This month, amazing contributors moved more WordCamps online and shipped new releases for WordPress and Gutenberg. For the latest, read on. 


WordPress 5.4.1 released

On April 24th,  WordPress 5.4.1 Release Candidate 1 (RC1) was released for testing, quickly followed by the official release of WordPress 5.4.1 on April 29th. This security release features 17 bug fixes and seven security fixes, so we recommend updating your sites immediately. To download WordPress 5.4.1, visit your Dashboard, click on Updates, then Update Now, or download the latest version directly from WordPress.org. For more information, visit this post, review the full list of changes on Trac, or check out the version 5.4.1 HelpHub documentation page.

Want to get involved in building WordPress Core? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Gutenberg 7.9 and 8.0 released

It was another exciting month for Gutenberg, with the release of 7.9 and 8.0! Version 7.9 brought new block design tools, three new patterns, and improved block markup. Gutenberg 8.0 continued to refine the new block patterns feature, with additional options for inline formatting, and extending the functionality of the Code Editor. In addition to these new features, both releases included new enhancements and APIs, along with a number of bug fixes, performance improvements, some experiments, and more! You can read all the details about the latest Gutenberg releases in the announcement posts for 7.9 and 8.0

Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.

BuddyPress 6.0.0

BuddyPress 6.0.0-beta2 was released for testing in mid-April, leading to the BuddyPress 6.0.0 Release Candidate, announced on April 29. This is an important step before  the final release of BuddyPress 6.0.0, which is slated for Thursday, May 14. Changes and new features in this release include moving the profile photo and user cover image under the BP Members component, and a new BP Rest API. Additionally, this release will introduce the first round of BuddyPress Blocks! Last, but not least, BuddyPress 6.0.0 will require at least PHP 5.6 and WordPress 4.8. 

Want to get involved? Test the 6.0.0-RC here! You can also help by translating BuddyPress into another language, or let the team know of any issues you find, either in the support forums and/or in their development tracker

WordCamp US goes online, apply to speak!

WordCamp US will take place online due to the COVID-19 pandemic. The event still runs from October 27-29, 2020, and will be free to anyone who wishes to attend. The team plans to offer  what WCUS has historically brought to the community in person: sessions and workshops, Contributor Day, a hallway track, and of course, State of the Word. 

Interested in speaking at WCUS? The Call for Speakers is still open! You can apply to speak on the speaker application site until May 31, 2020 at 11:59 pm CDT (UTC-5). 

Additionally, the Call for Cities is also open. If your community is interested in hosting WordCamp US in 2021 & 2022, please fill out this application

For the latest information about WordCamp US, sign up for updates on the website, or follow Facebook, Twitter, or Instagram

WordCamp Europe 2020 goes virtual 

Last month, WordCamp Europe decided to postpone its Porto event to 2021. This April, the WCEU organizing team announced that the 2020 WordCamp will be online! WordCamp Europe 2020 Online will take place from June 4-6, 2020, and tickets will be free. There will be a virtual Contributor Day on June 4, and then two half days of live-streamed talks and workshops. To participate, get your free ticket here

To get the latest news for WordCamp Europe 2020 Online, follow on Facebook, Twitter, LinkedIn, or on Instagram


Further Reading

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

WordPress 5.4.1

Posted April 29, 2020 by Jake Spurlock. Filed under Releases, Security.

WordPress 5.4.1 is now available!

This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 5.4.1 is a short-cycle security and maintenance release. The next major release will be version 5.5.

You can download WordPress 5.4.1 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

Seven security issues affect WordPress versions 5.4 and earlier. If you haven’t yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues:

  • Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated.
  • Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated.
  • Props to Evan Ricafort for discovering an XSS issue in the Customizer
  • Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block.
  • Props to Nick Daugherty from WordPress VIP / WordPress Security Team who discovered an XSS issue in wp-object-cache.
  • Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.
  • Props to Weston Ruter for fixing a stored XSS vulnerability in the WordPress customizer.
  • Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen The Duc (ducnt) in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

For more information, browse the full list of changes on Trac, or check out the version 5.4.1 HelpHub documentation page.

In addition to the security researchers mentioned above, thank you to everyone who helped make WordPress 5.4.1 happen:

Alex Concha, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andy Fragen, Andy Peatling, arnaudbroes, Chris Van Patten, Daniel Richards, DhrRob, Dono12, dudo, Ehtisham Siddiqui, Ella van Durpe, Garrett Hyder, Ian Belanger, Ipstenu (Mika Epstein), Jake Spurlock, Jb Audras, John Blackbourn, John James Jacoby, Jonathan Desrosiers, Jorge Costa, K. Adam White, Kelly Choyce-Dwan, MarkRH, mattyrob, Miguel Fonseca, Mohammad Jangda, Mukesh Panchal, Nick Daugherty, noahtallen, Paul Biron, Peter Westwood, Peter Wilson, pikamander2, r-a-y, Riad Benguella, Robert Anderson, Samuel Wood (Otto), Sergey Biryukov, Søren Brønsted, Stanimir Stoyanov, tellthemachines, Timothy Jacobs, Toro_Unit (Hiroshi Urabe), treecutter, and yohannp.

People of WordPress: Mario Peshev

Posted April 8, 2020 by Yvette Sonneveld. Filed under Community, heropress.

You’ve probably heard that WordPress is open source software, and may know that it’s created and run by volunteers. Enthusiasts share many examples of how WordPress has changed people’s lives for the better. In this monthly series, we share some of those lesser-known, amazing stories.

Computer science in the nineties

Mario Peshev

Mario has been hooked on computers ever since he got his first one in 1996. He started with digging into MS-DOS and Windows 3.1 first and learned tons by trial and error. Following that adventure, Mario built his first HTML site in 1999. He found development so exciting that he spent day and night learning QBasic and started working at the local PC game club. Mario got involved with several other things related to website administration (translating security bulletins, setting up simple sites, etc) and soon found the technology field was full of activities he really enjoyed.

The Corporate Lifestyle

Mario started studying programming including an intensive high-level course for C#, Java development, and software engineering, and eventually got a job in a corporate environment. He soon became a team lead there, managing all the planning and paperwork for their projects.

But he continued freelancing on the side. He grew his own network of technical experts through attending, volunteering at, and organizing conferences. He also ran a technical forum and regularly spoke at universities and enterprise companies.

Remote Working and Business Opportunity

The combination of a high workload and a daily three-hour-long commute made Mario’s life difficult. Many of his friends were still studying, traveling or unemployed. The blissful and calm lives they lived seemed like a fairy tale to him. And even while both his managers and his clients were abroad, he was unable to obtain permission to work remotely. 

So Mario decided to leave his job and start freelancing full time. But he found he faced a massive challenge. 

He discovered Java projects were pretty large and required an established team of people working together in an office. All job opportunities were on-site, and some even required relocation abroad. Certified Java programmers weren’t being hired on a remote basis. 

As Mario had some PHP experience from previous jobs, he used this to start his freelance career. For his projects, he used both plain PHP and PHP frameworks like CakePHP and CodeIgniter. 

For a while, Mario accepted work using commonly known platforms including Joomla, Drupal, and WordPress. In addition, he worked on PHP, Java, Python and some C# projects for a couple of years, after which he decided to switch to WordPress completely.

Building products

One of his projects involved a technically challenging charity backed by several international organizations. Unexpected shortages in the team put him in the technical lead position. As a result, Mario found himself planning the next phases, meeting with the client regularly, and renegotiating the terms. The team completed the project successfully, and after the launch, a TV campaign led millions of visitors to the website.

As a result of the successful launch, this client invited Mario to participate in more WordPress projects, including building a custom framework.

“I wasn’t that acquainted with WordPress back then. For me, a conventional person trained in architectural design patterns and best practices, WordPress seemed like an eccentric young hipster somewhere on the line between insane and genius at the same time. I had to spend a couple of months learning WordPress from the inside out.”

Mario Peshev

As his interest in WordPress grew, Mario stopped delivering other custom platforms, and converted clients to WordPress. 

European Community

Mario presenting to an audience
Mario presenting at a WordCamp

For Mario, one of the key selling points of WordPress was the international openness. He had previously been involved with other open source communities, some of which were US-focused. He felt they were more reliant on meeting people in person. With events only taking place in the US, this made building relationships much harder for people living in other countries.

While the WordPress project started out in the US, the WordPress community quickly globalized. Dozens of WordCamps and hundreds of Meetup events take place around the globe every year.  All of these events bring a wide variety of people sharing their enthusiasm for WordPress together.

For Mario, the birth of WordCamp Europe was something magical. The fact that hundreds, and later on thousands, of people from all over the world gathered around the topic of WordPress speaks for itself. Mario has been involved with organizing WordCamp Europe twice (in 2014 and 2015). 

“There’s nothing like meeting WordPress enthusiasts and professionals from more than 50 countries brainstorming and working together at a WordCamp. You simply have to be there to understand how powerful it all is.”

Mario Peshev

Growing businesses and teams

A key WordPress benefit is its popularity – an ever growing project currently powering more than 35% of the Internet [2020]. It’s popular enough to be a de facto standard for websites, platforms, e-commerce and blogs. 

WordPress has a low barrier to entry. You can achieve a lot without being an expert, meaning most people can start gaining experience without having to spend years learning how to code. That also makes it easier to build businesses and teams.

“Being able to use a tool that is user-friendly, not overly complicated and easily extensible makes introducing it to team members faster and easier. It requires less time for adjustment, and as a result makes a team stronger and faster. The fact that this tool is cost-effective also allows more startups to enter the market. It requires  less time and investments to launch an MVP. This boosts the entire ecosystem.”

Mario Peshev

Helping Others

Mario also introduced WordPress to children and young people. He taught them how to use WordPress as a tool for homework and class assignments. By using WordPress, they were able to learn the basics of designing themes, developing plugins, marketing statistics, social media, copywriting, and so much more. This approachable introduction to the software meant technical skills were not needed.

He was also part of a team of volunteers who helped a group of young people living at a foster home struggling to provide for themselves. The team taught the basic digital literacy skills necessary in the modern workplace and potentially pay for their rent and basic needs. This included working with Microsoft Word, Excel and WordPress, as well as some basic design and marketing skills. 

“When you look at that from another perspective, a platform that could save lives – literally – and change the world for better is worth contributing to, in any possible manner.”

Mario Peshev

Contributing to the WordPress community

From the core team to supporting and organizing WordCamps, Mario has long been an active contributor to the global WordPress project. He is passionate about the connections fostered by people who are involved in building both the WordPress software and the community around it.

“The WordPress community consists of people of all race and color, living all around the world, working as teachers, developers, bloggers, designers, business owners. Let’s work together to help each other. Let’s stick together and show  the world WordPress can help make it a better place.”

Mario Peshev

Contributors

Thanks to Alison Rothwell (@wpfiddlybits), Yvette Sonneveld (@yvettesonneveld), Abha Thakor (@webcommsat), Josepha Haden (@chanthaboune) and Topher DeRosia (@topher1kenobe). Thank you to Mario Peshev (@nofearinc) for sharing his #ContributorStory.

HeroPress logo

This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard.

Meet more WordPress community members over at HeroPress.com!

The Month in WordPress: March 2020

Posted April 3, 2020 by Hugh Lashbrooke. Filed under Month in WordPress.

The month of March was both a tough and exciting time for the WordPress open-source project. With COVID-19 declared a pandemic, in-person events have had to adapt quickly – a challenge for any community. March culminated with the release of WordPress 5.4, an exhilarating milestone only made possible by dedicated contributors. For all the latest, read on. 


WordPress 5.4 “Adderley”

WordPress 5.4 “Adderley” was released on March 31 and includes a robust list of new blocks, enhancements, and new features for both users and developers. The primary focus areas of this release included the block editor, privacy, accessibility, and developer improvements, with the full list of enhancements covered in the 5.4 field guide.

Want to get involved in building WordPress Core? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Releases of Gutenberg 7.7 and 7.8

It’s been another busy month for Gutenberg, this time with the release of Gutenberg 7.7 and 7.8. Gutenberg 7.7 introduced block patterns – predefined block layouts that are ready to use and tweak. This is an important step towards Full Site Editing, which is currently targeted for inclusion in WordPress 5.6. As a first iteration, you can pick and insert patterns from the Block Patterns UI, which has been added as a sidebar plugin.

Gutenberg 7.7 also includes a refresh of the Block UI, which better responds to the ways users interact with the editor. For more information on the User UI and Block Patterns, read this summary of the most recent Block-Based Themes meeting. Gutenberg 7.8, introduced on March 25, further enhanced this Block UI redesign. Both releases also included a suite of improvements, bug fixes, new APIs, documentation, and more!

Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.

WordCamp cancellations and shift to online events

In early March, the Community team issued new recommendations for event organizers in light of growing concerns around COVID-19. Following this guidance, and with COVID-19 declared a pandemic, WordPress community organizers reluctantly but responsibly postponed or canceled their upcoming WordCamps and meetups.

As community events are an important part of the WordPress open-source project, the Community team made suggestions for taking charity hackathons online, proposed interim adjustments to existing community event guidelines, and provided training for online conference organizing with Crowdcast. The team is currently working on building a Virtual Events Handbook that will continue to support WordPress community organizers at this time. 

Want to get involved with the WordPress Community team, host your own virtual WordPress event, or help improve the documentation for all of this? Follow the Community team blog, learn more about virtual events, and join the #community-events channel in the Making WordPress Slack group.

Link your GitHub profile to WordPress.org

Last month, an experimental feature was added to Trac, WordPress Core’s bug-tracking system, to improve collaboration between Trac and GitHub. This month, to help make tracking contributions to the WordPress project across multiple locations easier, there is a new option to connect your GitHub account to your WordPress.org profile. This connection allows for more accurate acknowledgement and recognition of contributors. You can connect your GitHub account to your WordPress.org account by editing your WordPress.org profile.

For more information and instructions on how to connect your accounts, read the announcement post.

Modernizing WordPress coding standards

Defined coding standards is an important step in creating the consistent codebase needed to prepare for requiring PHP 7.x for WordPress Core. As such, coding standards have been proposed for implementation in WordPress Coding Standards 3.0.0. This includes new proposed standards for namespace declarations, import use statements, fully qualified names in inline code, traits and interfaces, type declarations, declare statements/strict typing, the ::class constant, operators, and more. 

Want to get involved or view the full list of currently proposed new coding standards? Visit and add your feedback to the post on updating the Coding standards for modern PHP and follow the Core team blog.


Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

WordPress 5.4 “Adderley”

Posted March 31, 2020 by Matt Mullenweg. Filed under Releases.

Here it is! Named “Adderley” in honor of Nat Adderley, the latest and greatest version of WordPress is available for download or update in your dashboard.

Say hello to more and better.

More ways to make your pages come alive. With easier ways to get it all done and looking better than ever—and boosts in speed you can feel.

Welcome to WordPress 5.4

Every major release adds more to the block editor.

More ways to make posts and pages come alive with your best images. More ways to bring your visitors in, and keep them engaged, with the richness of embedded media from the web’s top services.

More ways to make your vision real, and put blocks in the perfect place—even if a particular kind of block is new to you. More efficient processes.

And more speed everywhere, so as you build sections or galleries, or just type in a line of prose, you can feel how much faster your work flows.

Two new blocks. And better blocks overall.

  • Two brand-new blocks: Social Icons and Buttons make adding interactive features fast and easy.
  • New ways with color: Gradients in the Buttons and Cover block, toolbar access to color options in Rich Text blocks, and for the first time, color options in the Group and Columns blocks.
  • Guess a whole lot less! Version 5.4 streamlines the whole process for placing and replacing multimedia in every block. Now it works the same way in almost every block!
  • And if you’ve ever thought your image in the Media+Text block should link to something else—perhaps a picture of a brochure should download that brochure as a document? Well, now it can.

Cleaner UI, clearer navigation—and easier tabbing!

  • Clearer block navigation with block breadcrumbs. And easier selection once you get there.
  • For when you need to navigate with the keyboard, better tabbing and focus. Plus, you can tab over to the sidebar of nearly any block.
  • Speed! 14% faster loading of the editor, 51% faster time-to-type!
  • Tips are gone. In their place, a Welcome Guide window you can bring up when you need it—and only when you need it—again and again.
  • Know at a glance whether you’re in a block’s Edit or Navigation mode. Or, if you have restricted vision, your screen reader will tell you which mode you’re in.

Of course, if you want to work with the very latest tools and features, install the Gutenberg plugin. You’ll get to be the first to use new and exciting features in the block editor before anyone else has seen them!

Your fundamental right: privacy

5.4 helps with a variety of privacy issues around the world. So when users and stakeholders ask about regulatory compliance, or how your team handles user data, the answers should be a lot easier to get right.

Take a look:

  • Now personal data exports include users session information and users location data from the community events widget. Plus, a table of contents!
  • See progress as you process export and erasure requests through the privacy tools.
  • Plus, little enhancements throughout give the privacy tools a little cleaner look. Your eyes will thank you!

Just for developers

Add custom fields to menu items—natively

Two new actions let you add custom fields to menu items—without a plugin and without writing custom walkers.

On the Menus admin screen, wp_nav_menu_item_custom_fields fires just before the move buttons of a nav menu item in the menu editor.

In the Customizer, wp_nav_menu_item_custom_fields_customize_template fires at the end of the menu-items form-fields template.

Check your code and see where these new actions can replace your custom code, and if you’re concerned about duplication, add a check for the WordPress version.

Blocks! Simpler styling, new APIs and embeds

  • Radically simpler block styling. Negative margins and default padding are gone! Now you can style blocks the way you need them. And, a refactor got rid of four redundant wrapper divs.
  • If you build plugins, now you can register collections of your blocks by namespace across categories—a great way to get more brand visibility.
  • Let users do more with two new APIs: block variations and gradients.
  • In embeds, now the block editor supports TikTok—and CollegeHumor is gone.

There’s lots more for developers to love in WordPress 5.4. To discover more and learn how to make these changes shine on your sites, themes, plugins and more, check the WordPress 5.4 Field Guide.

The Squad

This release was led by Matt MullenwegFrancesca Marano, and David Baumwald. They were enthusiastically supported by a release squad:

The squad was joined throughout the release cycle by 552 generous volunteer contributors who collectively worked on 361 tickets on Trac and 1226 pull requests on GitHub.

Put on a Nat Adderley playlist, click that update button (or download it directly), and check the profiles of the fine folks that helped:

0v3rth3d4wn, 123host, 1naveengiri, Aaron Jorbin, Abhijit Rakas, abrightclearweb, acosmin, Adam Silverstein, adamboro, Addie, adnan.limdi, Aezaz Shaikh, Aftab Ali Muni, Aki Björklund, Akib, Akira Tachibana, akshayar, Alain Schlesser, Albert Juhé Lluveras, Alex Concha, Alex Mills, AlexHolsgrove, alexischenal, alextran, alishankhan, allancole, Allen Snook, alpipego, Amir Seljubac, Amit Dudhat, Amol Vhankalas, Amr Gawish, Amy Kamala, Anantajit JG, Anders Norén, Andrés, Andrea Fercia, Andrea Tarantini, andreaitm, Andrei Draganescu, Andrew Dixon, Andrew Duthie, Andrew Nacin, Andrew Ozz, Andrew Serong, Andrew Wilder, Andrey Savchenko, Andy Fragen, Andy Meerwaldt, Andy Peatling, Angelika Reisiger, Ankit Panchal, Anthony Burchell, Anthony Ledesma, apedog, Apermo, apieschel, Aravind Ajith, archon810, arenddeboer, argentite, Ari Stathopoulos, arnaudbroes, Arslan Ahmed, ashokrd2013, Ataur R, Ate Up With Motor, autotutorial, Ayesh Karunaratne, BackuPs, bahia0019, Bappi, Bart Czyz, bdcstr, ben.greeley, benedictsinger, Benjamin Intal, bibliofille, bilgilabs, Birgir Erlendsson, Birgit Pauli-Haack, BMO, Boga86, Boone Gorges, Brad Markle, Brandon Kraft, Brent Swisher, Cameron Voell, Carolina Nymark, ceyhun0, Chetan Prajapati, Chetan Satasiya, Chintesh Prajapati, Chip Snyder, Chris Klosowski, Chris Trynkiewicz (Sukces Strony), Chris Van Patten, Christian Sabo, Christiana Mohr, clayisland, Copons, Corey McKrill, crdunst, Csaba (LittleBigThings), Dademaru, Damián Suárez, Daniel Bachhuber, Daniel James, Daniel Llewellyn, Daniel Richards, Daniele Scasciafratte, daniloercoli, Darren Ethier (nerrad), darrenlambert, Dave Mackey, Dave Smith, daveslaughter, DaveWP196, David Artiss, David Binovec, David Herrera, David Ryan, David Shanske, David Stone, Debabrata Karfa, dekervit, Delowar Hossain, Denis Yanchevskiy, Dhaval kasavala, dhurlburtusa, Dilip Bheda, dingo-d, Dion Hulse, dipeshkakadiya, djp424, dominic_ks, Dominik Schilling, Dono12, Dotan Cohen, dphiffer, dragosh635, Drew Jaynes, dudo, eclev91, ecotechie, eden159, Edi Amin, edmundcwm, Eduardo Toledo, ehtis, Ella van Durpe, Ellen Bauer, Emil E, Emilie LEBRUN, Enrique Piqueras, Enrique Sánchez, equin0x80, erikkroes, Estela Rueda, Fabian, Fabian Kägy, Fahim Murshed, Faisal Alvi, Felipe Elia, Felipe Santos, Felix Arntz, Fernando Souza, fervillz, fgiannar, finomeno, flaviozavan, Florian TIAR, Fotis Pastrakis, Frank Martin, Gabriel Maldonado, Gal Baras, garethgillman, Garrett Hyder, Gary Jones, Gary Pendergast, Gaurang Dabhi, George Stephanis, geriux, Giorgio25b, Girish Panchal, Gleb Kemarsky, Glenn, Goto Hayato, grafruessel, Greg Rickaby, Grzegorz Ziółkowski, Grzegorz.Janoszka, Gustavo Bordoni, gwwar, hamedmoodi, hAmpzter, happiryu, Hareesh Pillai, Harry Milatz, Haz, Hector F, helgatheviking, Henry Holtgeerts, Himani Lotia, Hubert Kubiak, i3anaan, Ian Belanger, Ian Dunn, ianatkins, ianmjones, IdeaBox Creations, Ihtisham Zahoor, intimez, Ipstenu (Mika Epstein), Isabel Brison, ispreview, Jake Spurlock, Jakub Binda, James Huff, James Koster, James Nylen, jameslnewell, Janki Moradiya, Jarret, Jasper van der Meer, Javier Casares, jaydeep23290, jdy68, Jean-Baptiste Audras, Jean-David Daviet, Jeff Bowen, Jeff Ong, Jeff Paul, Jeffrey Carandang, jeichorn, Jenil Kanani, Jenny Wong, jepperask, Jer Clarke, Jeremy Felt, Jeremy Herve, Jeroen Rotty, Jerry Jones, Jessica Lyschik, Jip Moors, Joe Dolson, Joe Hoyle, Joe McGill, Joen Asmussen, John Blackbourn, John James Jacoby, John Watkins, Jon, Jon Quach, Jon Surrell, Jonathan Desrosiers, Jonathan Goldford, jonkolbert, Jonny Harris, Jono Alderson, Joonas Vanhatapio, Joost de Valk, Jorge Bernal, Jorge Costa, Josepha Haden, JoshuaWold, Joy, jqz, jsnajdr, Juanfra Aldasoro, Julian Weiland, julian.kimmig, Juliette Reinders Folmer, Julio Potier, Junko Nukaga, jurgen, justdaiv, Justin Ahinon, K. Adam White, kaggdesign, KalpShit Akabari, Kantari Samy, Kaspars, Kelly Dwan, Kennith Nichol, Kevin Hagerty, Kharis Sulistiyono, Khushbu Modi, killerbishop, kinjaldalwadi, kitchin, Kite, Kjell Reigstad, kkarpieszuk, Knut Sparhell, KokkieH, Konstantin Obenland, Konstantinos Xenos, Krystyna, KT Cheung, kubiq, kuflievskiy, Kukhyeon Heo, kyliesabra, Laken Hafner, leandroalonso, leogermani, lgrev01, linuxologos, lisota, Lorenzo Fracassi, luisherranz, luisrivera, lukaswaudentio, Lukasz Jasinski, Luke Cavanagh, Lydia Wodarek, M A Vinoth Kumar, M Asif Rahman, maciejmackowiak, Mahesh Waghmare, Manzoor Wani, marcelo2605, Marcio Zebedeu, MarcoZ, Marcus Kazmierczak, Marek Dědič, Marius Jensen, Marius84, Mark Jaquith, Mark Marzeotti, Mark Uraine, MarkRH, markusthiel, Martin Stehle, Marty Helmick, Mary Baum, Mat Gargano, Mat Lipe, Mathieu Viet, Matias Ventura, Matt Keys, Matt van Andel, mattchowning, mattcursor, Matthew Kevins, mattyrob, maxme, Mayank Majeji, mayanksonawat, mbrailer, Mehidi Hassan, Mel Choyce-Dwan, mensmaximus, Michael Arestad, Michael Ecklund, Michael Panaga, Michelle Schulp, mickaelperrin, miette49, Miguel Fonseca, Miguel Torres, mihdan, Miina Sikk, Mikael Korpela, Mike Auteri, Mike Hansen, Mike Schinkel [WPLib Box project lead], Mike Schroder, mikejdent, Mikko Saari, Milan Patel, Milan Petrovic, mimi, mircoraffinetti, mislavjuric, mjnewman, mlbrgl, Mohammad Jangda, Morgan Estes, Morteza Geransayeh, mppfeiffer, mryoga, Muhammad Usama Masood, mujuonly, Mukesh Panchal, Nadir Seghir, nagoke, Nahid Ferdous Mohit, Nate Finch, Nazmul Ahsan, nekomajin, NextScripts, Nick Daugherty, Nick Halsey, Nicklas Sundberg, Nicky Lim, nicolad, Nicolas Juen, nicole2292, Niels Lange, Nikhil Bhansi, nikhilgupte, nilamacharya, noahtallen, noyle, nsubugak, oakesjosh, oldenburg, Omar Alshaker, Otto Kekäläinen, Ov3rfly, Paal Joachim Romdahl, page-carbajal, pagewidth, Paragon Initiative Enterprises, Pascal Birchler, Pascal Casier, Paul Bearne, Paul Biron, Paul Kevin, Paul Schreiber, pcarvalho, Pedro Mendonça, perrywagle, Peter Westwood, Peter Wilson, Philip Jackson, Pierre Gordon, Pierre Lannoy, pikamander2, Prashant Singh, Pratik Jain, Presskopp, Priyanka Behera, r-a-y, Raam Dev, Rachel Cherry, Rachel Peter, ragnarokatz, Rami Yushuvaev, raoulunger, razamalik, Remco Tolsma, rephotsirch, rheinardkorf, Riad Benguella, Ricard Torres, Rich Tabor, rimadoshi, Rinku Y, Rob Cutmore, Rob Migchels, rob006, Robert Anderson, Roi Conde, Roland Murg, Rostislav Wolný, Roy Tanck, Russell Heimlich, Ryan, Ryan Fredlund, Ryan McCue, Ryan Welcher, Ryo, Sébastien SERRE, Søren Brønsted, sablednah, Sam Fullalove, Sampat Viral, Samuel Wood (Otto), SamuelFernandez, Sander, santilinwp, Sathiyamoorthy V, Schuhwerk, Scott Reilly, Scott Taylor, scruffian, scvleon, Sebastian Pisula, Sergey Biryukov, Sergio de Falco, sergiomdgomes, sgastard, sgoen, Shaharia Azam, Shannon Smith, shariqkhan2012, Shawntelle Coker, sheparddw, Shital Marakana, Shizumi Yoshiaki, simonjanin, sinatrateam, sirreal, skarabeq, skorasaurus, smerriman, socalchristina, Soren Wrede, spenserhale, sproutchris, squarecandy, Stanimir Stoyanov, starvoters1, SteelWagstaff, steevithak, Stefano Minoia, Stefanos Togoulidis, steffanhalv, Stephen Bernhardt, Stephen Edgar, Steve Dufresne, Steve Grunwell, stevenlinx, Stiofan, straightvisions GmbH, stroona.com, Subrata Mal, Subrata Sarkar, Sultan Nasir Uddin, suzylah, swapnild, Sybre Waaijer, Sérgio Estêvão, Takayuki Miyauchi, Takeshi Furusato, Tammie Lister, Tanvirul Haque, TBschen, tdlewis77, TeBenachi, Tellyworth, Thamaraiselvam, thefarlilacfield, ThemeZee, Tim Havinga, Tim Hengeveld, timon33, Timothée Brosille, Timothy Jacobs, Tkama, tmanoilov, tmatsuur, tobifjellner (Tor-Bjorn Fjellner), Tom Greer, Tom J Nowell, tommix, Toni Viemerö, Toro_Unit (Hiroshi Urabe), torres126, Torsten Landsiedel, Towhidul Islam, treecutter, tristangemus, tristanleboss, tsuyoring, Tung Du, Udit Desai, Ulrich, upadalavipul, Utsav tilava, Vaishali Panchal, Valentin Bora, Varun Shanbhag, Veminom, Vinita Tandulkar, virgodesign, Vlad. S., vortfu, waleedt93, WebMan Design | Oliver Juhas, websupporter, Weston Ruter, William Earnhardt, William Patton, wpgurudev, WPMarmite, wptoolsdev, xedinunknown-1, yale01, Yannicki, yohannp, Yordan Soares, yuhin, Yui, zachflauaus, Zack Tollman, Zebulan Stanphill, Zee, and zsusag.

Many thanks to all of the community volunteers who contribute in the support forums. They answer questions from people across the world, whether they are using WordPress for the first time or since the first release. These releases are more successful for their efforts!

Finally, thanks to all the community translators who worked on WordPress 5.4. Their efforts bring WordPress fully translated to 46 languages at release time, with more on the way.

If you want to learn more about volunteering with WordPress, check out Make WordPress or the core development blog.

WordPress 5.4 RC5

Posted March 28, 2020 by David Baumwald. Filed under Development, Releases.


The fifth release candidate for WordPress 5.4 is live!

WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time!

You can test the WordPress 5.4 release candidate in two ways:

For details about what to expect in WordPress 5.4, please see the first release candidate post.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.4 and update the Tested up to version in the readme to 5.4. The priority in testing is compatibility. If you find issues, please be sure to post to the support forums so we can figure them out before the final release.

The WordPress 5.4 Field Guide is also out! It’s your source for details on all the major changes.

How to Help

Do you speak a language besides English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

WordPress 5.4 RC4

Posted March 24, 2020 by Francesca Marano. Filed under Development, Releases.

The fourth release candidate for WordPress 5.4 is live!

WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time!

You can test the WordPress 5.4 release candidate in two ways:

For details about what to expect in WordPress 5.4, please see the first release candidate post.

RC4 commits the new About page and updates the editor packages.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.4 and update the Tested up to version in the readme to 5.4. The priority in testing is compatibility. If you find issues, please be sure to post to the support forums so we can figure them out before the final release.

The WordPress 5.4 Field Guide is also out! It’s your source for details on all the major changes.

How to Help

Do you speak a language besides English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Older Posts »

See Also:

Want to follow the code? There’s a development P2 blog and you can track active development in the Trac timeline that often has 20–30 updates per day.

Want to find an event near you? Check out the WordCamp schedule and find your local Meetup group!

For more WordPress news, check out the WordPress Planet.

Categories

Subscribe to WordPress News

Join 3,050,791 other subscribers

%d bloggers like this: