WordPress.org

Ready to get started?Download WordPress

WordPress 3.7 Release Candidate

Posted October 18, 2013 by Andrew Nacin. Filed under Development, Releases.

The first release candidate for WordPress 3.7 is now available!

In RC 1, we’ve made some adjustments to the update process to make it more reliable than ever. We hope to ship WordPress 3.7 next week, but we need your help to get there. If you haven’t tested 3.7 yet, there’s no time like the present. (Please, not on a production site, unless you’re adventurous.)

WordPress 3.7 introduces automatic background updates for security and minor releases (like updating from 3.7 to 3.7.1). These are really easy to test  — RC 1 will update every 12 hours or so to the latest development version, and then email you the results. (You may get two emails: one for debugging, and one all users of 3.7 will receive.) If something went wrong, you can report it.

Think you’ve found a bug? Please post to the Alpha/Beta area in the support forums. If any known issues come up, you’ll be able to find them here.

To test WordPress 3.7 RC1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 3.7, visit the awesome About screen in your dashboard ( → About in the toolbar). There, you can also see if your install is eligible for background updates. WordPress won’t automatically update, for example, if you’re using version control like Subversion or Git.

Developers, please test your plugins and themes against WordPress 3.7, so that if there is a compatibility issue, we can figure it out before the final release. Make sure you post any issues to the support forums.

WordPress three seven
A self-updating engine
Lies beneath the hood

WordPress 3.7 Beta 2

Posted October 10, 2013 by Andrew Nacin. Filed under Development, Releases.

WordPress 3.7 Beta 2 is now available for download and testing. This is software still in development, so we don’t recommend that you run it on a production site.

This has been a quiet beta period. We’re hoping to get some more testers for automatic background updates, which will occur for security and minor releases (like updating from 3.7 to 3.7.1). It’s really easy to test this, as Beta 2 will update each day to the latest development version and then email you the results. If something goes wrong, you can report it — it’s that simple. To get the beta, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). Check out Dashboard → Updates to see if your install is eligible for background updates. WordPress won’t update if, for example, you’re using version control like SVN or Git.

For more of what’s new in version 3.7, check out the Beta 1 blog post. In Beta 2, we further increased the stability of background updates and also added about 50 bug fixes, including a fix for Internet Explorer 11 in the visual editor.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Happy testing!

Beta 2 released
Dotting i’s and crossing t’s

Expect RC next

WordPress 3.7 Beta 1

Posted September 28, 2013 by Andrew Nacin. Filed under Development, Releases.

I’m pleased to announce the availability of WordPress 3.7 Beta 1.

For WordPress 3.7 we decided to shorten the development cycle and focus on a few key improvements. We plan to release the final product in October, and then follow it in December with a jam-packed WordPress 3.8 release, which is already in development. Some of the best stuff in WordPress 3.7 is subtle — by design! So let’s walk through what we’d love for you to test, just in time for the weekend.

Automatic, background updates. 3.7 Beta 1 will keep itself updated. That’s right — you’ll be updated each night to the newest development build, and eventually to Beta 2. We’re working to provide as many installs as possible with fast updates to security releases of WordPress — and you can help us test by just installing Beta 1 on your server and seeing how it works!

When you go to Dashboard → Updates, you’ll see a note letting you know whether your install is working for automatic updates. There are a few situations where WordPress can’t reliably and securely update itself. But if it can, you’ll get an email (sent to the ‘Admin Email’ on the General Settings page) after each update letting you know what worked and what didn’t. If it worked, great! If something failed, the email will suggest you make a post in the support forums or create a bug report.

Here are some other things you should test out:

  • If you’re running WordPress in another language, we’ll automatically download any available translations for official WordPress importers and the default themes. (More to come here.)
  • Our password meter got a whole lot better, thanks to Dropbox’s zxcvbn library. Again, subtle but effective. Strong passwords are very important!
  • Search results are now ordered by relevance, rather than just by date. When your keywords match post titles and not just content, they’ll be pushed to the top.
  • Developers should check out the new advanced date queries in WP_Query. (#18694)

This software is still in development, so we don’t recommend you run it on a production site. I’d suggest setting up a test site just to play with the new version. To test WordPress 3.7, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

As always, if you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed so far.

Happy testing!

WordPress three seven
Saves your weary hand a click
Updates while you sleep

WordPress 3.6.1 Maintenance and Security Release

Posted September 11, 2013 by Andrew Nacin. Filed under Releases, Security.

After nearly 7 million downloads of WordPress 3.6, we are pleased to announce the availability of version 3.6.1. This maintenance release fixes 13 bugs in version 3.6, which was a very smooth release.

WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.

Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

We appreciated responsible disclosure of these issues directly to our security team. For more information on the changes, see the release notes or consult the list of changes.

Download WordPress 3.6.1 or update now from the Dashboard → Updates menu in your site’s admin area.

WordPress 3.6 “Oscar”

Posted August 1, 2013 by Matt Mullenweg. Filed under Releases.

The latest and greatest WordPress, version 3.6, is now live to the world and includes a beautiful new blog-centric theme, bullet-proof autosave and post locking, a revamped revision browser, native support for audio and video embeds, and improved integrations with Spotify, Rdio, and SoundCloud. Here’s a video that shows off some of the features using our cast of professional actors:

We’re calling this release “Oscar” in honor of the great jazz pianist Oscar Peterson. Here’s a bit more about some of the new features, which you can also find on the about page in your dashboard after you upgrade.

User Features

  • The new Twenty Thirteen theme inspired by modern art puts focus on your content with a colorful, single-column design made for media-rich blogging.
  • Revamped Revisions save every change and the new interface allows you to scroll easily through changes to see line-by-line who changed what and when.
  • Post Locking and Augmented Autosave will especially be a boon to sites where more than a single author is working on a post. Each author now has their own autosave stream, which stores things locally as well as on the server (so much harder to lose something) and there’s an interface for taking over editing of a post, as demonstrated beautifully by our bearded buddies in the video above.
  • Built-in HTML5 media player for native audio and video embeds with no reliance on external services.
  • The Menu Editor is now much easier to understand and use.

Developer features

  • A new audio/video API gives you access to metadata like ID3 tags.
  • You can now choose HTML5 markup for things like comment and search forms, and comment lists.
  • Better filters for how revisions work, so you can store a different amount of history for different post types.
  • Tons more listed on the Codex, and of course you can always browse the over 700 closed tickets.

The Band

This release was led by Mark Jaquith and Aaron Campbell, and included contributions from the following fine folks. Pull up some Oscar Peterson on your music service of choice, or vinyl if you have it, and check out some of their profiles:

Aaron Brazell, Aaron D. Campbell, Aaron Holbrook, Aaron Jorbin, Adam Harley, adamsilverstein, AK Ted, Alex Concha, Alex King, Alex Mills (Viper007Bond), Amaury Balmer, Amy Hendrix (sabreuse), Anatol Broder, Andrew Nacin, Andrew Ozz, Andrew Ryno, Andy Skelton, Antonio, apimlott, awellis13, Barry, Beau Lebens, BelloSwan, bilalcoder, Billy (bananastalktome), bobbingwide, Bob Gregor, bradparbs, Brady Vercher, Brandon Kraft, Brian Layman, Brian Zeligson, Bryan Petty, Callum Macdonald, Carl Danley, Caspie, Charleston Software Associates, cheeserolls, Chip Bennett, Chris Olbekson, Christopher Cochran, Christopher Finke, Chris Wallace, Cor van Noorloos, crazycoders, Daniel Bachhuber, Daniel Dvorkin (MZAWeb), Daniel Jalkut (Red Sweater), daniloercoli, Danny de Haan, Dave Ross, David Favor, David Trower, David Williamson, Dion Hulse, dllh, Dominik Schilling (ocean90), dovyp, Drew Jaynes (DrewAPicture), dvarga, Edward Caissie, elfin, Empireoflight, Eric Andrew Lewis, Erick Hitter, Eric Mann, Evan Solomon, faishal, feedmeastraycat, Frank Klein, Franz Josef Kaiser, FStop, Gabriel Koen, Gary Cao, Gary Jones, gcorne, GeertDD, Gennady Kovshenin, George Stephanis, gish, Gregory Karpinsky, hakre, hbanken, hebbet, Helen Hou-Sandi, helgatheviking, hirozed, hurtige, hypertextranch, Ian Dunn, Ipstenu (Mika Epstein), jakub, James Michael DuPont, jbutkus, Jeremy Felt, Jerry Bates (JerrySarcastic), Jesper Johansen (Jayjdk), Joe Hoyle, Joen Asmussen, Joey Kudish, John Blackbourn (johnbillion), John James Jacoby, Jonas Bolinder (jond3r), Jonathan Desrosiers, Jon Bishop, Jon Cave, Jose Castaneda, Joseph Scott, Josh Visick, jrbeilke, jrf, Justin de Vesine, Justin Sainton, kadamwhite, Kailey (trepmal), karmatosed, Kelly Dwan, keoshi, Konstantin Kovshenin, Konstantin Obenland, ktdreyer, Kurt Payne, kwight, Lance Willett, Lee Willis (leewillis77), lessbloat, Mantas Malcius, Maor Chasen, Marcel Brinkkemper, MarcusPope, Mark-k, Mark Jaquith, Mark McWilliams, Marko Heijnen, Matt Banks, Matthew Boynes, MatthewRuddy, Matt Wiebe, Max Cutler, Mel Choyce, mgibbs189, Michael, Michael Adams (mdawaffe), Michael Beckwith, Michael Fields, Mike Hansen, Mike Schroder, Milan Dinic, mitcho (Michael Yoshitaka Erlewine), Mohammad Jangda, najamelan, Naoko Takano, Nashwan Doaqan, Niall Kennedy, Nick Daugherty, Nick Halsey, ninnypants, norcross, ParadisePorridge, Paul, Paul Clark, pavelevap, Pete Mall, Peter Westwood, Phill Brown, Pippin Williamson, Pollett, Prasath Nadarajah, programmin, rachelbaker, Rami Yushuvaev, redpixelstudios, reidburke, retlehs, Reuben Gunday, rlerdorf, Rodrigo Primo, roulandf, rovo89, Ryan Duff, Ryan Hellyer, Ryan McCue, Safirul Alredha, sara cannon, scholesmafia, Scott Kingsley Clark, Scott Reilly, Scott Taylor, scribu, Seisuke Kuraishi (tenpura), Sergej, Sergey Biryukov, Simon Hampel, Simon Wheatley, Siobhan, sirzooro, slene, solarissmoke, SriniG, Stephen Harris, storkontheroof, Sunny Ratilal, sweetie089, Tar, Taylor Lovett, Thomas van der Beek, Tim Carr, tjsingleton, TobiasBg, toscho, Tracy Rotton, TravisHoffman, uuf6429, Vitor Carvalho, wojtek, wpewill, WraithKenny, wycks, Xavier Borderie, Yoav Farhi, Zachary Brown, Zack Tollman, zekeweeks, ziegenberg, and viniciusmassuchetto.

Time to upgrade!

WordPress 3.6 Release Candidate 2

Posted July 24, 2013 by Mark Jaquith. Filed under Development, Testing.

The second release candidate for WordPress 3.6 is now available for download and testing.

We’re down to only a few remaining issues, and the final release should be available in a matter of days. In RC2, we’ve tightened up some aspects of revisions, autosave, and the media player, and fixed some bugs that were spotted in RC1. Please test this release candidate as much as you can, so we can deliver a smooth final release!

Think you’ve found a bug? Please post to the Alpha/Beta area in the support forums.

Developers, please continue to test your plugins and themes, so that if there is a compatibility issue, we can figure it out before the final release. You can find our list of known issues here.

To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

Revisions so smooth
We autosave your changes
Data loss begone!

WordPress 3.6 Release Candidate

Posted July 13, 2013 by Mark Jaquith. Filed under Development, Testing.

The first release candidate for WordPress 3.6 is now available.

We hope to ship WordPress 3.6 in a couple weeks. But to do that, we really need your help! If you haven’t tested 3.6 yet, there’s no time like the present. (But please: not on a live production site, unless you’re feeling especially adventurous.)

Think you’ve found a bug? Please post to the Alpha/Beta area in the support forums. If any known issues come up, you’ll be able to find them here. Developers, please test your plugins and themes, so that if there is a compatibility issue, we can sort it out before the final release.

To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

As you may have heard, we backed the Post Format UI feature out of the release. On the other hand, our slick new revisions browser had some extra time to develop. You should see it with 200+ revisions loaded — scrubbing back and forth at lightning speed is a thing of beauty.

Delayed, but still loved
The release will be out soon
Test it, por favor

Annual WordPress Survey & WCSF

Posted July 9, 2013 by Matt Mullenweg. Filed under Community, Events.

It’s time for our third annual user and developer survey! If you’re a WordPress user, developer, or business, we want your feedback. Just like previous years, we’ll share the data at the upcoming WordCamp San Francisco (WCSF). Results will also be sent to each survey respondent.

It only takes a few minutes to fill out the survey, which will provide an overview of how people use WordPress.

If you missed past State of the Word keynotes, be sure to check out them out for survey results from 2011 and 2012.

Speaking of WCSF, if you didn’t get a ticket or are too far away to attend, you can still get a ticket for the live stream! Watch the live video stream from the comfort of your home on July 26 and 27; WCSF t-shirt, or any shirt, optional.

I hope to see you there.

WordPress 3.5.2 Maintenance and Security Release

Posted June 21, 2013 by Andrew Nacin. Filed under Releases, Security.

WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugsThis is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.

The security fixes included:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.)
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  • Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  • Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.

We appreciated responsible disclosure of these issues directly to our security team. For more information on the changes, see the release notes or consult the list of changes.

Download WordPress 3.5.2 or update now from the Dashboard → Updates menu in your site’s admin area.

Also: WordPress 3.6 Beta 4: If you are testing WordPress 3.6, please note that WordPress 3.6 Beta 4 (zip) includes fixes for these security issues.

Ten Good Years

Posted May 31, 2013 by Matt Mullenweg. Filed under Meta.

It’s been ten years since we started this thing, and what a long way we’ve come. From a discussion between myself and Mike Little about forking our favorite blogging software, to powering 18% of the web. It’s been a crazy, exciting, journey, and one that won’t stop any time soon.

At ten years, it’s fun to reflect on our beginnings. We launched WordPress on 27th May 2003, but that wasn’t inception. Go back far enough, and you can read a post by Michel Valdrighi who, frustrated by the self-hosted blogging platforms available, decided to write his own software; “b2, a PHP+MySQL alternative to Blogger and GreyMatter.” b2 was easy to install, easy to configure, and easy for developers to extend. Of all the blogging platforms out there, b2 was the right one for me: I could write my content and get it on the web quickly and painlessly.

Sometimes, however, life gets in the way. In 2002, Michel stopped maintaining b2. Over time, security flaws became apparent and updates were needed and, while the b2 community could write patches and fixes, no one was driving the software forward. We were lucky that Michel decided to release b2 under the GPL; the software may have been abandoned, but we weren’t without options. A fork was always a possibility. That was where it stood in January 2003, when I posted about forking b2 and Mike responded. The rest, as they say, is history.

From the very beginning to the present day, I’ve been impressed by the thought, care, and dedication that WordPress’ developers have demonstrated. Each one has brought his or her unique perspective, each individual has strengthened the whole. It would be impossible to thank each of them here individually, but their achievements speak for themselves. In WordPress 1.2 the new Plugin API made it easy for developers to extend WordPress. In the same release gettext() internationalization opened WordPress up to every language (hat tip: Ryan Boren for spending hours wrapping strings with gettext). In WordPress 1.5 our Theme system made it possible for WordPress users to quickly change their site’s design: there was huge resistance to the theme system from the wider community at the time, but can you imagine WordPress without it? Versions 2.7, 2.8, and 2.9 saw improvements that let users install and update their plugins and themes with one click. WordPress has seen a redesign by happycog (2.3) and gone under extensive user testing and redesign (Crazyhorse, Liz Danzico and Jen Mylo, WordPress 2.5). In WordPress 3.0 we merged WordPress MU with WordPress — a huge job but 100% worth it. And in WordPress 3.5 we revamped the media uploader to make it easier for people to get their images, video, and media online.

In sticking to our commitment to user experience, we’ve done a few things that have made us unpopular. The WYSIWYG editor was hated by many, especially those who felt that if you have a blog you should know HTML. Some developers hated that we stuck with our code, refusing to rewrite, but it’s always been the users that matter: better a developer lose sleep than a site break for a user. Our code isn’t always beautiful, after all, when WordPress was created most of us were still learning PHP, but we try to make a flawless experience for users.

It’s not all about developers. WordPress’ strength lies in the diversity of its community. From the start, we wanted a low barrier to entry and we came up with our “famous 5 minute install”. This brought on board users from varied technical background: people who didn’t write code wanted to help make WordPress better. If you couldn’t write code, it didn’t matter: you could answer a question in the support forums, write documentation, translate WordPress, or build your friends and family a WordPress website. There is space in the community for anyone with a passion for WordPress.

It’s been wonderful to see all of the people who have used WordPress to build their home on the internet. Early on we got excited by switchers. From a community of tinkerers we grew, as writers such as Om Malik, Mark Pilgrim, and Molly Holzschlag made the switch to WordPress. Our commitment to effortless publishing quickly paid off and has continued to do so: the WordPress 1.2 release saw 822 downloads per day, our latest release, WordPress 3.5, has seen 145,692 per day.

I’m continually amazed by what people have built with WordPress. I’ve seen musicians and photographers, magazines such as Life, BoingBoing, and the New York Observer, government websites, a filesystem, mobile applications, and even seen WordPress guide missiles.

As the web evolves, WordPress evolves. Factors outside of our control will always influence WordPress’ development: today it’s mobile devices and retina display, tomorrow it could be Google Glass or technology not yet conceived. A lot can happen in ten years! As technology changes and advances, WordPress has to change with it while remaining true to its core values: making publishing online easy for everyone. How we rise to these challenges will be what defines WordPress over the coming ten years.

To celebrate ten years of WordPress, we’re working on a book about our history. We’re carrying out interviews with people who have involved with the community from the very beginning, those who are still around, and those who have left. It’s a huge project, but we wanted to have something to share with you on the 10th anniversary. To learn about the very early days of WordPress, just after Mike and I forked b2 you can download Chapter 3 right here. We’ll be releasing the rest of the book serially, so watch out as the story of the last ten years emerges.

In the meantime, I penned my own letter to WordPress and other community members have been sharing their thoughts:

You can see how WordPress’ 10th Anniversary was celebrated all over the world by visiting the wp10 website, according to Meetup we had 4,999 celebrators.

To finish, I just want to say thank you to everyone: to the developers who write the code, to the designers who make WordPress sing, to the worldwide community translating WordPress into so many languages, to volunteers who answer support questions, to those who make WordPress accessible, to the systems team and the plugin and theme reviewers, to documentation writers, event organisers, evangelists, detractors, supporters and friends. Thanks to the jazzers whose music inspired us and whose names are at the heart of WordPress. Thanks to everyone who uses WordPress to power their blog or website, and to everyone who will in the future. Thanks to WordPress and its community that I’m proud to be part of.

Thank you. I can’t wait to see what the next ten years bring.

Final thanks to Siobhan McKeown for help with this post.

« Newer PostsOlder Posts »

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: