WordPress 4.7.4 is available and is a maintenance release that fixes 47 issues reported against 4.7. This update includes a visual editor compatibility fix for an upcoming version of Chrome. Uploading video and audio files no longer result in broken thumbnails and the REST API received a few enhancements related to data handling. WordPress 4.7.4 also restores the ability to…
WordPress contributors to the customizer have published a merge proposal for a new JavaScript and REST API-powered core image widget. The new widget interfaces with the WordPress media library to provide a simpler, more intuitive experience for adding images. No new widgets have been added to core since the Custom Menu widget was included in…
The WordPress Editor Experience survey results have been published with data from 2,563 participants, a significantly larger sampling than the 50 who responded to the recent customizer survey. Both the editor and the customizer are included in Matt Mullenweg’s three main focus areas for core development in 2017. The purpose of the surveys is to…
WP-CLI has hired Alain Schlesser as a new part-time co-maintainer. The position was made possible by sponsorships from Automattic, Bluehost, DreamHost, SiteGround, WP Engine, and more than 60 individuals who contributed to the project. “With Alain joining the project as a co-maintainer, the WP-CLI project is restoring capacity to meet current demands (e.g. support), and…
Adding images to sidebars in WordPress is a cumbersome task that requires users to upload an image to the Media Library, find the URL, copy it, and paste it into a Text widget along with additional HTML. Nearly two years ago, Mel Choyce opened a ticket on WordPress Trac proposing that a media widget be…
WordPress core contributors have published a survey to collect feedback on how people are using the editor. The results of the short 15-question survey will assist the team in redesigning the editing experience in the WordPress admin. Participants are asked to identify how they use WordPress and if they use certain features like formatting buttons…
WordPress 4.7.3 is now available with patches for six security vulnerabilities that affect version 4.7.2 and all previous versions. WordPress.org is strongly encouraging users to update their sites immediately. The release includes fixes for three XSS vulnerabilities that affect media file metadata, video URLs in YouTube embeds, and taxonomy term names. It also includes patches…
In January 2017, WordPress core design contributors posted a survey titled What are you using the Customizer for? The link was published on the Make WordPress Design blog and wasn’t widely shared, so it only received 50 replies. Responses were anonymous, but most seem to have come from the WordPress developer community. Despite the small…
WordPress contributor teams are getting ready for the next Community Summit, which will be held in Paris leading up to WordCamp Europe on June 13-14. This is the first time the event will be held outside the United States, making it more accessible to European community members who may have been unable to attend previous…
In the past few weeks, the WordPress Core Editor team, led by Automattic employees Matías Ventura and Joen Asmussen, have been hard at work creating a new content creation experience. The team recently published a UI prototype for Gutenberg, an experimental block based editor. The editor displays content-specific toolbars when an element is selected and…
Scott Arciszewski, Chief Development Officer for Paragon Initiative Enterprises, who is most widely known for his cryptography engineering work, published a post on Medium criticizing Matt Mullenweg, co-creator of the WordPress open-source software project, for not caring enough about security. Arciszewski has since retracted the post but you can read it via the Wayback Machine.…
At the end of January, WordPress 4.7.2 was released to fix four security issues, three of which were disclosed at the time of the release. These included a SQL injection vulnerability in WP_Query, a cross-site scripting (XSS) vulnerability in the posts list table, and the Press This feature allowing users without permission to assign taxonomy…
This is a guest post written by Reid Peifer, Partner and Art Director at Modern Tribe. In this post, Peifer shares his experience, opinions, and things to consider as the content creation experience in WordPress is revamped. Let’s imagine a world where the tools that we have don’t limit us, but instead enable us to…
At the end of October 2016, Morten Rand-Hendriksen created a proposal on WordPress trac for adding telemetry to core, an opt-in feature that would collect anonymized data on how people are using the software. He proposed that the new feature be displayed on first install or update, disabled by default in the admin with a…
WordPress 4.7.1 is available for download and fixes eight security issues that affect WordPress 4.7 and below. The PHPMailer library was updated to patch a remote code execution (RCE) vulnerability. WordFence reported the vulnerability last month as critical and that it affects WordPress core. However, in the announcement post for 4.7.1, Aaron Campbell, WordPress’ new…