Wordpress

Subscribe to Wordpress feed
WordPress News
Updated: 9 hours 13 min ago

WordPress 4.2.1 Security Release

27 April, 2015 - 18:34

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.

Categories: Content Management

WordPress 4.2 “Powell”

23 April, 2015 - 18:35

Version 4.2 of WordPress, named “Powell” in honor of jazz pianist Bud Powell, is available for download or update in your WordPress dashboard. New features in 4.2 help you communicate and share, globally.

An easier way to share content

Clip it, edit it, publish it. Get familiar with the new and improved Press This. From the Tools menu, add Press This to your browser bookmark bar or your mobile device home screen. Once installed you can share your content with lightning speed. Sharing your favorite videos, images, and content has never been this fast or this easy.

Extended character support

Writing in WordPress, whatever your language, just got better. WordPress 4.2 supports a host of new characters out-of-the-box, including native Chinese, Japanese, and Korean characters, musical and mathematical symbols, and hieroglyphs.

Don’t use any of those characters? You can still have fun — emoji are now available in WordPress! Get creative and decorate your content with

Categories: Content Management

WordPress 4.1.2 Security Release

21 April, 2015 - 13:44

WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.

We also fixed three other security issues:

  • In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
  • In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
  • Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.

We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins and Marc-Alexandre Montpas.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.1.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.1.2.

Thanks to everyone who contributed to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackburn and Mike Adams.

A number of plugins also released security fixes yesterday. Keep everything updated to stay secure. If you’re a plugin author, please read this post to confirm that your plugin is not affected by the same issue. Thank you to all of the plugin authors who worked closely with our security team to ensure a coordinated response.

Already testing WordPress 4.2? The third release candidate is now available (zip) and it contains these fixes. For more on 4.2, see the RC 1 announcement post.

Categories: Content Management

WordPress 4.2 Release Candidate

15 April, 2015 - 19:07

The release candidate for WordPress 4.2 is now available.

We’ve made more than 140 changes since releasing Beta 4 a week and a half ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.2 on Wednesday, April 22, but we need your help to get there.

If you haven’t tested 4.2 yet, now is the time! (Please though, not on your live site unless you’re adventurous.)

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.2 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For more information about what’s new in version 4.2, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog posts.

Developers, please test your plugins and themes against WordPress 4.2 and update your plugin’s Tested up to version in the readme to 4.2 before next week. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.

Be sure to follow along the core development blog, where we’ll continue to post notes for developers for 4.2.

Im-Press-ive saving
Achievement unlocked: RC
Release here we come

Categories: Content Management

Improvements to WordPress.org

4 April, 2015 - 20:19

If you visit WordPress.org regularly you might have noticed some changes around the place. If you don’t, now’s the time to check them out! We’ve been working hard to improve the site to make it more useful to everyone, both developers and users, and we hope you like what we’ve done.

New Theme and Plugin Directories

Since WordPress 3.8, you’ve been enjoying improved theme management in your WordPress admin, and in WordPress 4.0 plugin management was refined. We’ve brought these experiences from your admin and re-created them right here on WordPress.org.

Theme Directory

The Theme Directory has a better browsing experience, with handy tabs where you can view featured, popular, and the latest themes. As with the theme experience in your admin, you can use the feature filter to browse for just the right theme for your WordPress website.

Click on a theme to get more information about it, including shiny screenshots, ratings, and statistics.

Konstantin Obenland posted a good overview of everything involved with the theme directory overhaul and followed up with a post on improved statistics.

Plugin Directory

The Plugin Directory has a brand new theme that mirrors the experience in your WordPress admin, with a more visual experience, and better search and statistics.

As well as a facelift, there are some great new features for you to play around with:

  • Favorites – when you’re logged in to you WordPress.org account, this page gives you direct access to the plugins that you have favorited.
  • Beta Testing – try out plugins where developers are experimenting with new features for WordPress.
  • Search by plugin author – you can search for a plugin author using their username.
  • Better statistics – listings now display the number of active installs so you can see how many people are actually using a plugin.

An overview of the new theme was posted by Scott Reilly.

Better Statistics

We’ve made huge improvements to our statistics. This gives us more useful information about the WordPress versions people are using, their PHP version, and their MySQL version.

Already these new statistics have provided us with useful insights into WordPress usage.

  • More than 43% of all sites are running the latest version of WordPress. Previously, we thought only 10% of sites were up-to-date. By excluding sites that are no longer online we were able to improve these statistics.
  • We were able to clear up the data around WordPress 3.0, bringing it more in line with expectations. This anomaly was a by-product of spammers.
  • Only 15.9% of sites are using PHP 5.2, which is better than we thought.

Over the coming months we’ll be able to use these statistics to bring you new tools and improvements, and to make more informed decisions across the board. Read Andrew Nacin’s post about these changes for more background.

Thanks!

Thanks to everyone who contributed to the theme directory redesign, the plugin directory refresh, and improved statistics: Alin MarcuDamon Cook, Dion Hulse, Dominik Schilling, Jan Cavan Boulas, Konstantin Obenland, Kyle Maurer, Matías Ventura, Mel Choyce, Natalie MacLees, Paul de Wouters, Samuel Sidler, Samuel Wood (Otto), Scott Reilly, Siobhan McKeown.

If you want to help out or follow along with future WordPress.org projects, check out Make WordPress and our meta development blog.

Categories: Content Management

WordPress 4.2 Beta 4

3 April, 2015 - 13:05

WordPress 4.2 Beta 4 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information about what’s new in version 4.2, check out the Beta 1, Beta 2, and Beta 3 blog posts. Some of the changes in Beta 4 include:

  • Incrementally improved the experience when accessing the Customizer on mobile. Please test on your mobile devices and let us know if anything seems wonky.
  • Added the ability to make admin notices dismissible. Plugin and theme authors: adding .notice and .is-dismissible as adjacent classes to your notice containers should automatically make them dismissible. Please test.
  • Fixed some reported issues with backward-compatibility issues caused by the modularization of core JS files.
  • Removed the ability to swipe the admin menu open and closed on touch devices due to reports of some issues with built-in history navigation on certain platforms.
  • Improved accessibility of the WordPress admin by replacing skip-to-content links with landmark roles. Screen reader users: please test in any core admin screens.
  • Various bug fixes. We’ve made more than 90 changes in the last week.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Dismiss notices
Customizer on mobile
RC nearly here

Categories: Content Management

WordPress 4.2 Beta 3

26 March, 2015 - 18:32

WordPress 4.2 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information about what’s new in version 4.2, check out the Beta 1 and Beta 2 blog posts. Some of the changes in Beta 3 include:

  • Removed Shiny Installs functionality due to concerns about the activation workflow. Please test the remaining “Shiny Updates” functionality from both the Plugins > Add New and Plugins screens to ensure in-line updating still works as well as before.
  • Fixed an issue with the Comments Quick Edit layout breaking on smaller screens. Please test on your mobile devices.
  • Improved accessibility of login screen errors. Screen reader users: please let us know if you encounter any issues.
  • Refined the emoji compatibility script to only load on the front- and back-end if the browser requires it. If you’re using a legacy web browser, please test.
  • Fixed several issues in Press This with inserted images being improperly linked to locations other than the source site. Go ahead, “press” a site with images on the page and tell us if the image links aren’t working as you’d expect.
  • Standardized the time display format in a variety of admin screens, switching to 24-hour notation where a.m. or p.m. are not specified. Please let us know if you notice you notice anything amiss!
  • Various other bug fixes. We’ve made more than 65 changes in the last week.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Emoji loader
“Shiny Updates” still stand firm
Beta 3, please test!

Categories: Content Management

WordPress 4.2 Beta 2

19 March, 2015 - 19:30

WordPress 4.2 Beta 2 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information about what’s new in version 4.2, check out the Beta 1 blog post. Some of the changes in Beta 2 include:

  • Added support for entering FTP and SSH credentials when updating plugins in-place. FTP and SSH users, please test!
  • Improved cross-browser support for emoji throughout WordPress. If you’re using an older web browser, please tell us if you have problems using emoji.
  • Further refined Press This authoring with auto-embedded media and better content scanning. We’d love to know how auto-embeds work for you.
  • Added a constructor and improved method consistency in WP_Comment_Query. Developers: if you’re extending WP_Comment_Query, please let us know if you run into any issues.
  • Various bug fixes. We’ve made more than 70 changes in the last week.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Test some emoji
FTP and SSH
Let’s “Press” some embeds!

Categories: Content Management

WordPress 4.2 Beta 1

12 March, 2015 - 23:22

WordPress 4.2 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

4.2 is due out next month, but to get there, we need your help testing what we’ve been working on:

  • Press This has been completely revamped to make sharing content from around the web easier than ever. The new workflow is mobile friendly, and we’d love for you to try it out on all of your devices. Navigate to the Tools screen in your WordPress backend to get started (#31373).
  • Browsing and switching installed themes has been added to the Customizer to make switching faster and more convenient. We’re especially interested to know if this helps streamline the process of setting up your site (#31303).
  • The workflow for updating and installing plugins just got more intuitive with the ability to install or update in-place from the Plugins screens. Try it out and let us know what you think! (#29820)
  • If you felt like emoji were starkly missing from your content toolbox, worry no more. We’ve added emoji support nearly everywhere, even post slugs
Categories: Content Management