Wordpress News

Subscribe to Wordpress News feed
WordPress News
Updated: 2 hours 49 min ago

WordPress 4.9 Beta 3

Thu, 10/19/2017 - 05:18

WordPress 4.9 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.9, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information on what’s new in 4.9, check out the Beta 1 blog post. Since the Beta 1 release, we’ve made 70 changes in Beta 2 and 92 changes in Beta 3. A few of these newest changes to take note of in particular:

  • The plugin/theme editors now show files in a scrollable expandable tree list. See #24048.
  • Backwards compatibility has been improved for MediaElement.js, which is upgraded from 2.2 to 4.2. See #42189.
  • When you create post stubs in the Customizer (such as for nav menu items, for the homepage or the posts page), if you then schedule your customized changes or save them as a draft, then these Customizer-created posts will appear in the admin as “Customization Drafts”; these drafts can be edited before your customized changes are published, at which time these posts (or pages) will also be automatically published. See #42220.
  • Theme browsing and installation experience in the Customizer has seen some bugfixes (e.g. #42215 and #42212), with some known remaining issues outstanding in Safari.
  • There is now a callout on the dashboard to install and activate Gutenberg. See #41316.
  • Menus in the Customizer have seen additional usability improvements. See #36279 and #42114.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Many refinements
Exist within this release;
Can you find them all?

WordPress 4.9 Beta 2

Thu, 10/12/2017 - 06:29

WordPress 4.9 Beta 2 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.9, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information on what’s new in 4.9, check out the Beta 1 blog post. Since then, we’ve made 70 changes in Beta 2.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Let’s test all of these:
code editing, theme switches,
widgets, scheduling.

The Month in WordPress: September 2017

Mon, 10/02/2017 - 08:00

This has been an interesting month for WordPress, as a bold move on the JavaScript front brought the WordPress project to the forefront of many discussions across the development world. There have also been some intriguing changes in the WordCamp program, so read on to learn more about the WordPress community during the month of September.

JavaScript Frameworks in WordPress

Early in the month, Matt Mullenweg announced that WordPress will be switching away from React as the JavaScript library WordPress Core might use — this was in response to Facebook’s decision to keep a controversial patent clause in the library’s license, making many WordPress users uncomfortable.

A few days later, Facebook reverted the decision, making React a viable option for WordPress once more. Still, the WordPress Core team is exploring a move to make WordPress framework-agnostic, so that the framework being used could be replaced by any other framework without affecting the rest of the project.

This is a bold move that will ultimately make WordPress core a lot more flexible, and will also protect it from potential license changes in the future.

You can get involved in the JavaScript discussion by joining the #core-js channel in the Making WordPress Slack group and following the WordPress Core development blog.

Community Initiative to Make WordCamps More Accessible

A WordPress community member, Ines van Essen, started a new nonprofit initiative to offer financial assistance to community members to attend WordCamps. DonateWC launched with a crowdsourced funding campaign to cover the costs of getting things up and running.

Now that she’s raised the initial funds, Ines plans to set up a nonprofit organization and use donations from sponsors to help people all over the world attend and speak at WordCamps.

If you would like to support the initiative, you can do so by donating through their website.

The WordCamp Incubator Program Returns

Following the success of the first WordCamp Incubator Program, the Community Team is bringing the program back to assist more underserved cities in kick-starting their WordPress communities.

The program’s first phase aims to find community members who will volunteer to mentor, assist, and work alongside local leaders in the incubator communities — this is a time-intensive volunteer role that would need to be filled by experienced WordCamp organizers.

If you would like to be a part of this valuable initiative, join the #community-team channel in the Making WordPress Slack group and follow the Community Team blog for updates.

WordPress 4.8.2 Security Release

On September 19, WordPress 4.8.2 was released to the world — this was a security release that fixed nine issues in WordPress Core, making the platform more stable and secure for everyone.

To get involved in building WordPress Core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.

Further Reading:

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

Global WordPress Translation Day 3

Wed, 09/27/2017 - 11:56

On September 30 2017, the WordPress Polyglots Team – whose mission is to translate WordPress into as many languages as possible – will hold its third Global WordPress Translation Day, a 24-hour, round-the-clock, digital and physical global marathon dedicated to the localisation and internationalisation of the WordPress platform and ecosystem, a structure that powers, today, over 28% of all existing websites.

The localisation process allows for WordPress and for all WordPress-related products (themes and plugins) to be available in local languages, so to improve their accessibility and usage and to allow as many people as possible to take advantage of the free platform and services available.

In a (not completely) serendipitous coincidence, September 30 has also been declared by the United Nations “International Translation Day”, to pay homage to the great services of translators everywhere, one that allows communication and exchange.

The event will feature a series of multi-language live speeches (training sessions, tutorials, case histories, etc.) that will be screen-casted in streaming, starting from Australia and the Far East and ending in the Western parts of the United States.

In that same 24-hour time frame, Polyglots worldwide will gather physically in local events, for dedicated training and translations sprints (and for some fun and socializing as well), while those unable to physically join their teams will do so remotely.

A big, fun, useful and enlightening party and a lovely mix of growing, giving, learning and teaching, to empower, and cultivate, and shine.

Here are some stats about the first two events:

Global WordPress Translation Day 1

  •   448 translators worldwide
  •   50 local events worldwide
  •   54 locales involved
  •   40350 strings translated, in
  •   597 projects

Global WordPress Translation Day 2

  •   780 translators worldwide
  •   67 local events worldwide
  •   133 locales involved
  •   60426 strings translated, in
  •   590 projects

We would like your help in spreading this news and in reaching out to all four corners of the world to make the third #WPTranslationDay a truly amazing one and to help celebrate the unique and fundamental role that translators have in the Community but also in all aspects of life.

A full press release is available, along with more information and visual assets at wptranslationday.org/press.

For any additional information please don’t hesitate to contact the event team on press@wptranslationday.org.

WordPress 4.8.2 Security and Maintenance Release

Tue, 09/19/2017 - 22:17

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.8.1 and earlier are affected by these security issues:

  1. $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco
  2. A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
  3. A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
  4. A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
  5. A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
  6. An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
  7. A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
  8. A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
  9. A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).

Thank you to the reporters of these issues for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.8.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.2.

Thanks to everyone who contributed to 4.8.2.

The Month in WordPress: August 2017

Fri, 09/01/2017 - 10:02

While there haven’t been any major events or big new developments in the WordPress world this past month, a lot of work has gone into developing a sustainable future for the project. Read on to find out more about this and other interesting news from around the WordPress world in August.

The Global WordPress Translation Day Returns

On September 30, the WordPress Polyglots team will be holding the third Global WordPress Translation Day. This is a 24-hour global event dedicated to the translation of the WordPress ecosystem (core, themes, plugins), and is a mix of physical, in-person translation work with online streaming of talks from WordPress translators all over the world.

Meetup groups will be holding events where community members will come together to translate WordPress. To get involved in this worldwide event, join your local meetup group or, if one is not already taking place in your area, organize one for your community.

You can find out more information on the Translation Day blog and in the #polyglots-events channel in the Making WordPress Slack group.

WordPress Foundation to Run Open Source Training Worldwide

The WordPress Foundation is a non-profit organization that exists to provide educational events and resources for hackathons, support of the open web, and promotion of diversity in the global open source community.

In an effort to push these goals forward, the Foundation is going to be offering assistance to communities who would like to run local open source training workshops. A number of organizers have applied to be a part of this initiative, and the Foundation will be selecting two communities in the coming weeks.

Follow the WordPress Foundation blog for updates.

Next Steps in WordPress Core’s PHP Focus

After last month’s push to focus on WordPress core’s PHP development, a number of new initiatives have been proposed and implemented. The first of these initiatives is a page on WordPress.org that will educate users on the benefits of upgrading PHP. The page and its implementation are still in development, so you can follow and contribute on GitHub.

Along with this, plugin developers are now able to specify the minimum required PHP version for their plugins. This version will then be displayed on the Plugin Directory page, but it will not (yet) prevent users from installing it.

The next evolution of this is for the minimum PHP requirement to be enforced so that plugins will only work if that requirement is met. You can assist with this implementation by contributing your input or a patch on the open ticket.

As always, discussions around the implementation of PHP in WordPress core are done in the #core-php channel in the Making WordPress Slack group.

New Editor Development Continues

For a few months now, the core team has been steadily working on Gutenberg, the new editor for WordPress core. While Gutenberg is still in development and is some time away from being ready, a huge amount of progress has already been made. In fact, v1.0.0 of Gutenberg was released this week.

The new editor is available as a plugin for testing and the proposed roadmap is for it to be merged into core in early 2018. You can get involved in the development of Gutenberg by joining the #core-editor channel in the Making WordPress Slack group and following the WordPress Core development blog.

Further reading:
  • On the topic of Gutenberg, Matt Mullenweg wrote a post to address some of the concerns that the community has expressed about the new editor.
  • A new movement has started in the Indian WordPress community named JaiWP — the organizers are seeking to unite and motivate the country’s many local communities.
  • Merlin WP is a new plugin offering theme developers an easy way to onboard their users.
  • Ryan McCue posted an ambitious roadmap for the future of the WordPress REST API — many contributions from the community will be needed in order to reach these goals.
  • Want to know what you can expect in the next major release of WordPress? Here’s a look at what the core team is planning for v4.9.
  • To help combat the difficulties that Trac presents to WordPress Core contributors, Ryan McCue built an alternative platform dubbed Not Trac.
  • v1.3.0 of WP-CLI was released earlier in the month, adding a whole lot of great new features to the useful tool.

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.