WordPress.org

Becoming Better Digital Citizens Through Open Source

Posted October 14, 2019 by Yvette Sonneveld. Filed under Community.

The WordPress Project is on a mission to democratize publishing. As WordPress empowers more people to participate in the digital space, we have the opportunity to make sure that everyone can participate safely and responsibly. Today marks the start of Digital Citizenship Week. We are going to share how open source can be used as a tool for learners (regardless of age) to practice and model the essential parts of being a good digital citizen.

What is digital citizenship?

The digital landscape constantly changes and this affects the way we use the internet. New platforms emerge, people find different ways to spread information, communities form, grow and fade away every day. The concepts and practice of promoting civil discourse, critical thinking and safe use of the internet still remain central. And that is exactly what digital citizenship is about.

“Put simply, digital citizenship is a lot like citizenship in any other community — the knowledge of how to engage with digital communities you’re part of in a way that is thoughtful, safe, and makes appropriate use of the technology.”

Josepha Haden, Executive Director WordPress Project

Who is a digital citizen?

Digital Citizenship is for all age groups. Anyone who uses the internet on a computer, mobile device or a TV is a digital citizen. You don’t have to be tech-savvy already, maybe you are taking your first steps with technology. Digital Citizenship Week is a chance to reflect together on our impact on the digital world. It can help us to make our consumption more considered and our interaction friendlier. It enables us to make a positive difference to those around us.

All of us can strive (or learn) to become better digital citizens. It can be affected by the access those teaching have had to digital skills and good practice. Adult education classes and community tech hubs play a part in basic tech skill development. Unfortunately, these are not always accessible to those in less populated geographic locations. 

Open source communities like WordPress already make a difference in encouraging the principles of digital citizenship, from sharing tech skills to improving security knowledge. They give people an opportunity to learn alongside their peers and many of the resources are available regardless of location, resources, or skills.

  • WordPress Meetups — locally-based, informal learning sessions — typically take place monthly on weekday evenings.
  • WordCamps are city-based conferences that take place in cities worldwide. These events usually last 1-3 days and are organized and run by volunteers.
  • The talks are also recorded and made available on the free, online library WordPress.tv. These can be watched from the comfort of your own home, office or during informal get-togethers.

What can we do as part of the WordPress community?

Digital citizenship skills, like many other skills needed in this tech-focused world, should be kept up-to-date. Open source communities offer unparalleled opportunities to do this and are available in countries across the world. As part of our role as members of WordPress and other communities, we can pass on such skills to others. For instance by working alongside people who have had limited experience of digital skills. Or by finding new ways of making this knowledge sharing fun and accessible. 

Here are just a few of the ways we do and can make an even greater difference:

  • as bloggers and writers, we can be more aware of how to write content responsibly.
  • as designers, we can think more about how different people will view, understand and respond to the designs and visuals we create or use.
  • as developers, we can build systems that make it easier for all users to find information and accomplish their goals, to be secure while visiting our sites, and to model good security and practice.
  • as community members, through organizing events like WordPress Meetups and WordCamps, we are helping equip those who may not have had access to digital literacy or who lack the confidence to put it into place or share with their family and colleagues. Through these events, the online videos and other resources on WordPress.tv and through the Make WordPress teams, we are already making a difference every day.
  • as individuals, the way we communicate in the community and listen to each other is equally important. This is a vital part of how we grow and model positive digital citizens. Through growing our positive digital skills and a better understanding of online etiquette and challenges, we can make our immediate and wider digital world a more positive and useful environment.
  • making it easier to document and share knowledge.
  • emphasizing how skills learned within the community can be used in other parts of our digital lives.
  • creating and becoming ambassadors for Digital Citizenship.

You can also get involved with specific events that have grown out of the wider WordPress project, championed by enthusiasts and those wanting to improve specific digital skills and bring wider benefits to society.

Community-driven Events

For example, WordPress Translation Day in 2019 had 81 local events worldwide. Running for 24-hours, individuals with language skills translated aspects of the platform into multiple languages with a total of 1181 projects modified. An amazing 221 new translators joined on the day. In addition, there was a live stream with talks, panel discussions, interviews, and sharing of tips and skills to help others learn how to translate. Volunteers are now planning the event for 2020!

Stories of how people came together for WordPress Translation Day


Interviews with some of the participants from a previous WordPress Translation Day giving a flavour of how volunteers developed this event.

Do_action days are WordPress events organized in local communities to help give charities their own online presence. Each event involves members of the local WordPress community, planning and building new websites for selected local organizations in one day. Some take place in a working day, others on weekends. 

Volunteer Tess Coughlan-Allen talking about how people came together for the first do_action in Europe to help local charities.

Find the next do_action hackaton nearby your home town.

Improving digital skills through WordPress


In this video clip, Josepha talks about the Digital Divide and what current technological trends mean for it in the future. She explores what it takes to be literate in the digital landscape and how WordPress can be used to build and perfect those skills.

Contributors

Thanks to @webcommsat for researching and writing this article and @yvettesonneveld for her supporting work in this series.

WordPress 5.3 Beta 3

Posted October 8, 2019 by Francesca Marano. Filed under Development, Releases.

WordPress 5.3 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

You can test the WordPress 5.3 beta in two ways:

WordPress 5.3 is slated for release on November 12, 2019, and we need your help to get there.

Thanks to the testing and feedback from everyone who tested beta 2 (and beta 1) over 60 tickets have been closed in the past week.

Some highlights

  • Fixes and enhancements in the admin interface changes introduced in previous 5.3 beta releases.
  • Wording changes in login screen (#43037).
  • Improved accessibility in media upload modal (#47149).
  • Changes in the way the new error handling with images works (#48200).
  • MediaElement.js has been updated from 4.2.6 to 4.2.13 (#46681). The script is now also being loaded in the footer again. This fixes a regression that happened two years ago, so might be worth noting (#44484).
  • Update to the REST API media endpoint to allow resuming of uploads (#47987).

In addition to these, Beta 3 landed a number of small consistency and polish changes to the REST API, including an improvement to the permissions check used when editing comments, a fix for post type controller caching edge cases, and most importantly, the ability to use the _embed parameter to access the full data for a post using the /wp/v2/search endpoint.

Developer notes

WordPress 5.3 has lots of refinements to polish the developer experience. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developer notes tag for updates on those and other changes that could affect your products.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac where you can also find a list of known bugs.

People of WordPress: Alice Orru

Posted October 5, 2019 by Yvette Sonneveld. Filed under heropress, Interviews.

You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories.

Meet Alice Orru, from Sardinia, Italy.

Alice Orru was born in Sardinia, an island in the middle of the Mediterranean Sea. As a child, she dreamt of becoming a flight attendant, traveling the world, and speaking many foreign languages.

Unable to meet the height requirements of her chosen profession, Orru ended up choosing a different path in life, following the Italian mantra: “You have to study something that will guarantee a stable and secure job for life.”

The unemployment rate in Sardinia is very high, a challenge shared throughout the surrounding islands. In addition to that, Alice wasn’t that keen on having the same job all her life, as her parents had.

When Orru was 22 she moved to Siena, Tuscany, to finish her studies. That is when she created her first personal blog. The website was built on an Italian platform named Tiscali, which she later migrated to WordPress.com.

After 2 years in Tuscany Orru moved to Strasbourg, France. She studied French and worked several jobs while living there. Her first serious job was in Milan – working 40 hours/week in the marketing department of a large, international company. She found herself surrounded by ambitious colleagues and a boss who constantly requested extra —unpaid— working hours per day.

Alice Orru
Alice Orru

Choices, choices, choices…

Alice gave up blogging because she wasn’t feeling inspired enough to write. She questioned whether she really wanted to do that job forever; working 10 hours per day under the neon lights of an office. It forced her to set aside her dreams for the time being, and for a while, she mainly lived for the weekends.

Alice decided to leave the job and moved to Barcelona, Spain, all by herself, in 2012.

After a few months of intense Spanish learning at the university, she found a job in an international clinic as a “Patient Coordinator.” Orru assisted international patients coming to Barcelona for their treatments. She acted as their translator, interpreter and administrative consultant. 

Patients came from Italy, France, England, Morocco, Senegal, and several other countries. Alice was so inspired by some of their stories, that she started to write again: She dusted off her WordPress blog and filled it with stories about her new life in Barcelona and some of the women she met at the clinic. “I was feeling stronger and more independent than ever,” Orru expressed.

Technical issues led to unexpected opportunities

In the summer of 2015, Alice was writing on her blog and got stuck with a technical problem. While she was searching through the WordPress.com documentation, she saw a pop-up in the bottom right corner of her screen. It was a staff member of Automattic, checking if she needed help. They chatted for a few minutes and the problem was solved. Alice left the chat with one question, though: how did that person on chat find a support job with WordPress?

Alice found the official WordPress job page: jobs.wordpress.net and noticed a job offer that caught her attention: WP Media, a French startup, was looking for a polyglot and remote customer service teammate for one of their plugins, WP Rocket. She read their requirements: fluency in English, French and possibly other languages, excellent experience with WordPress, and some coding skills.

She knew she didn’t meet all the requirements, but could speak 4 languages, and she had a WordPress blog. She didn’t know anything about PHP, though. Orru had been a WordPress.com user for years and knew she was ready to learn more.

Orru wrote a cover letter and sent her CV. A Skype interview was conducted and several days later she received the news that she had gotten the job! 

A steep learning curve

The early days in her new job were intense. Alice felt inexperienced but was supported by her teammates. She started studying and reading everything about WordPress for beginners. Initially, she answered easy tickets from customers. All the while her teammates were sending useful material to read, setting up video-calls for 1 to 1 training, and encouraging her the entire time.

Soon, Orru was replying to customers whose first language was either Spanish or Italian in their native language. This was much appreciated and resulted in several happy comments. Until that moment the plugin’s support had been offered only in English and French.

Finding her way in the WordPress community

At WordCamp Paris 2016, one of Alice’s teammates introduced her to how the WordPress community collaborated and kept in contact through Slack.

“You speak multiple languages, why don’t you try to contribute to the polyglots team?” he asked.

Alice knew very little about contributing to WordPress. She had only been working for WP Media for 6 months and didn’t feel ready to dive into a new challenge and start also contributing to WordPress.

Yet, curiosity led her to join both the local Italian and the global WordPress Community on Slack. For the first few months, she mainly observed what was happening the channels. Then, she attended WordCamp Milan and met some members of the Italian Polyglots team.

It was love at first string! Laura, one of the General Translation Editors (GTE) for Italy, taught her how to start contributing and translating, following the polyglots guidelines. She also told her about the Italian community’s big efforts to work together, consistently, to boost and grow WordPress related events in Italy.

With her teammates’ encouragement, Orru applied to WordCamps as a speaker and gave her first talk in December 2016 at WordCamp Barcelona. After that, she both spoke at WordCamp Torino on April 2017 and at WordCamp Europe in 2017.

Alice Orru speaking at WordCamp Europe, in Paris, in 2017

Dreams evolve, all the time!

Orru knows that her experiences are not just due to luck. She used her previous skills and passions and adapted them to a new career and life path.

“We all have some skills; and if we don’t know which they are exactly, we should take some time to make a list of the things we’re really good at. With that in mind, just try. Apply. Get involved. Don’t get stuck in the feeling of ‘I can’t do it because I don’t know enough’. So that’s what I did. Without even realizing it, I started putting into reality the dream of the little girl who was born on an island and wanted to travel and speak different languages.WordPress made this possible. I’m now part of a big community, and I am proud of it.”

Alice Orru

This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard.

Meet more WordPress community members over at HeroPress.com!

The Month in WordPress: September 2019

Posted October 2, 2019 by Hugh Lashbrooke. Filed under Month in WordPress.

September has been a particularly busy month in the WordPress community—a lot of important work has been done as everyone in the project works towards an upcoming major release. Read on to find out more about this and everything else that has been going on over the past month.


WordPress 5.2.3 Security and Maintenance Release

Early in September, version 5.2.3 of WordPress was released as a security and maintenance release. Sixty-two individuals contributed to its 29 fixes and enhancements.

The security issues fixed in this release owe thanks to numerous people who disclosed them responsibly. You can read more about the vulnerability reporting process in the Core handbook.

Want to get involved in building WordPress Core? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

WordPress 5.3 Enters Beta

WhileWordPress 5.3 is slated for release on November 12, it has already entered the beta phase with the second beta release being made available at the end of September. As this is a major release, it will feature a number of new features and enhancements, including significant improvements to the block editor, updates to the Site Health component, new block APIs, accessibility updates, and much more.

You can test the 5.3 beta release by installing the WordPress Beta Tester plugin on any WordPress site, although as this is software that is currently in development, we don’t recommend installing it on a live site.

Want to get involved in building this release? Test the beta, follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Date/Time Component Improvements

For over a year, contributors involved in the Date/Time component of WordPress Core have been working hard on the “wp_date” project. The goal of this project is to fix and streamline the way that Core handles times and dates throughout the platform.

This ambitious project has seen incremental changes over the last few Core releases. The upcoming 5.3 release will include the final and most significant changes to the component, bringing much-needed stability to time handling in WordPress Core.

Want to get involved in the Date/Time component of WordPress Core? Learn more about it, follow the Core team blog, and join the #core-datetime channel in the Making WordPress Slack group.

New Theme Review Team Structure

After recent discussions around the goals of the Theme Review team, some changes have been made to the leadership structure of the team. The team leads are now ‘representatives’ of different areas of the work that they do. This flat structure allows for representatives to work in more loosely defined areas so they contribute to the team in more diverse ways, and helps the team to be more focused on setting and achieving their goals. The new structure is outlined in the team handbook.

Want to get involved in reviewing themes for WordPress? Follow the Theme Review team blog, and join the #themereview channel in the Making WordPress Slack group.

New Default Theme: Twenty Twenty

The upcoming 5.3 release will also include a new default theme for WordPress, Twenty Twenty. This theme will have a strong focus on readability and accessibility while being optimized for the block editor that first shipped with WordPress 5.0.

Development of Twenty Twenty has been going quickly, with a recent update showing more of the design and layouts that you can expect when the theme is released with WordPress 5.3 in November.

Want to get involved in building Twenty Twenty? You can contribute on GitHub, follow the Core team blog, and join the #core channel in the Making WordPress Slack group.


Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

WordPress 5.3 Beta 2

Posted September 30, 2019 by Francesca Marano. Filed under Development, Releases.

WordPress 5.3 Beta 2 is now available!

This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version.

You can test the WordPress 5.3 beta in two ways:

WordPress 5.3 is slated for release on November 12, 2019, and we need your help to get there.

Thanks to the testing and feedback from everyone who tested beta 1, over 45 tickets have been closed since then.

Some highlights

  • Work continues on the block editor.
  • Bugs fixed on Twenty Twenty.
  • Accessibility bugs fixes and enhancements on the interface changes introduced with 5.3 beta 1:
    • Iterate on the admin interface
    • Reduce potential backward compatibility issues
    • Improve consistency between admin screens and the block editor
    • Better text zoom management
  • Support rel="ugc" attribute value in comments (#48022) – this particular ticket shows the WordPress project ability to integrate quick solutions to things that are changing unexpectedly – like Google new features.

Developer notes

WordPress 5.3 has lots of refinements to polish the developer experience. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers notes for updates on those and other changes that could affect your products.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac where you can also find a list of known bugs.

WordPress 5.3 Beta 1

Posted September 23, 2019 by Francesca Marano. Filed under Development, Releases.

WordPress 5.3 Beta 1 is now available!

This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version.

You can test the WordPress 5.3 beta in two ways:

WordPress 5.3 is slated for release on November 12, 2019, and we need your help to get there. Here are some of the big items to test, so we can find and resolve as many bugs as possible in the coming weeks.

Block Editor: features and improvements

Twelve releases of the Gutenberg plugin are going to be merged into 5.3 which means there’s a long list of exciting new features. 

Here are just a few of them:

  • Group block and grouping interactions
  • Columns block improvements (width support + patterns)
  • Table block improvements (text alignment support, header/footer support, colors)
  • Gallery block improvements (reordering inline, caption support)
  • Separator block improvements (color support)
  • Latest Posts block improvements (support excerpt, content)
  • List block improvements (indent/outdent shortcuts, start value and reverse order support)
  • Button block improvements (support target, border radius)
  • Animations and micro interactions (moving blocks, dropdowns, and a number of small animations to improve the UX)
  • Accessibility Navigation Mode which will allow you to navigate with the keyboard between blocks without going into their content.
  • Block Style Variations API

Plus a number of other improvements, amongst them:

  • Data Module API improvements (useSelect/useEffect)
  • Inserter Help Panel
  • Extensibility: DocumentSettingsPanel
  • Snackbar notices
  • Typewriter Experience
  • Fix a number of Accessibility report issues

If you want to see all the features for each release, here are direct links to the release posts: 6.5, 6.4, 6.3, 6.2, 6.1, 6.0, 5.9, 5.8, 5.7, 5.6, 5.5, and 5.4.

Continuous effort on performance

The team working on the block editor managed to shave off 1.5 seconds of loading time for a particularly sizeable post (~ 36,000 words, ~ 1,000 blocks) since WordPress 5.2.

A new default theme: welcome Twenty Twenty

WordPress 5.3 introduces Twenty Twenty, the latest default theme in our project history. 

This elegant new theme is based on the WordPress theme Chaplin which was released on the WordPress.org theme directory earlier this summer. 

It includes full support for the block editor, empowering users to find the right design for their message.

Wait! There is more

5.3 is going to be a rich release with the inclusion of numerous enhancements to interactions and the interface.

Admin interface enhancements

Design and Accessibility teams worked together to port some parts of Gutenberg styles into the whole wp-admin interface. Both teams are going to iterate on these changes during the 5.3 beta cycle. These improved styles fix many accessibility issues, improve color contrasts on form fields and buttons, add consistency between editor and admin interfaces, modernize the WordPress color scheme, add better zoom management, and more.

Big Images are coming to WordPress

Uploading non-optimized, high-resolution pictures from your smartphone isn’t a problem anymore. WordPress now supports resuming uploads when they fail as well as larger default image sizes. That way pictures you add from the block editor look their best no matter how people get to your site.

Automatic image rotation during upload

Your images will be correctly rotated upon upload according to the EXIF orientation. This feature was first proposed nine years ago. Never give up on your dreams to see your fixes land in WordPress!

Site Health Checks

The improvements introduced in 5.3 make it easier to identify and understand areas that may need troubleshooting on your site from the Tools -> Health Check screen.

Admin Email Verification

You’ll now be periodically asked to check that your admin email address is up to date when you log in as an administrator. This reduces the chance that you’ll get locked out of your site if you change your email address.

For Developers

Time/Date component fixes

Developers can now work with dates and timezones in a more reliable way. Date and time functionality has received a number of new API functions for unified timezone retrieval and PHP interoperability, as well as many bug fixes.

PHP 7.4 Compatibility

The WordPress core team is actively preparing to support PHP 7.4 when it is released later this year. WordPress 5.3 contains multiple changes to remove deprecated functionality and ensure compatibility. Please test this beta release with PHP 7.4 to ensure all functionality continues to work as expected and does not raise any new warnings.

Other Changes for Developers

Keep your eyes on the Make WordPress Core blog for more 5.3 related developer notes in the coming weeks detailing other changes that you should be aware of.

What’s next

There have been over 400 tickets fixed in WordPress 5.3 so far with numerous bug fixes and improvements to help smooth your WordPress experience.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac where you can also find a list of known bugs.

People of WordPress: Abdullah Ramzan

Posted September 6, 2019 by Yvette Sonneveld. Filed under heropress, Interviews.

You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories.

Meet Abdullah Ramzan, from Lahore, Punjab, Pakistan.

Abdullah Ramzan was born and brought up in the under-developed city of ​Layyah​, which is situated in Southern Punjab, Pakistan and surrounded by desert and the river ​Sindh​.

He graduated from college in his home town and started using a computer in ​2010​ when he joined ​Government College University Faisalabad​. Abdullah’s introduction to WordPress happened while he was finishing the last semester of his degree. His final project was based in WordPress.

Ramzan’s late mother was the real hero in his life, helping him with his Kindergarten homework and seeing him off to school every day. 

Before her heart surgery, Ramzan visited her in the hospital ICU, where she hugged him and said: ​“Don’t worry, everything will be good.” Sadly, his mother died during her surgery. However, her influence on Ramzan’s life continues.

Start of Ramzan’s Career:

After graduation, Ramzan struggled to get his first job. He first joined PressTigers as a Software Engineer and met Khawaja Fahad Shakeel, his first mentor. Shakeel provided Ramzan with endless support. Something had always felt missing in his life, but he felt like he was on the right track for the first time in his life when he joined the WordPress community. 

Community – WordCamps and Meetups:

Although Ramzan had used WordPress since ​2015​, attending WordPress meetups and open source contributions turned out to be a game-changer for him. He learned a lot from the WordPress community and platform, and developed strong relationships with several individuals. One of them is Nidhi Jain​ from Udaipur India who he works with on WordPress development. The second is Jonathan Desrosiers​ who he continues to learn a lot from.

In addition, Usman Khalid, the lead organizer of WC Karachi, mentored Ramzan, helping him to develop his community skills. 

With the mentorship of these contributors, Ramzan is confident supporting local WordPress groups and helped to organize ​WordCamp Karachi​, where he spoke for the first time at an international level event. He believes that WordPress has contributed much to his personal identity. 

Abdullah Ramzan among a group of community members at WordCamp Karachi 2018
Abdullah Ramzan at WordCamp Karachi 2018

WordPress and the Future:

As a ​co-organizer of WordPress Meetup Lahore,​ he would love to involve more people in the community leadership team, to provide a platform for people to gather under one roof, to learn and share something with each other.

But he has loftier ambitions. Impressed by Walk to WordCamp Europe, Abdullah is seriously considering walking to WordCamp Asia. He also one day hopes for the opportunity to serve his country as a senator of Pakistan and intends to enter the next senate election.

Words of Encouragement

Abdullah Ramzan knows there is no shortcut to success. “You have to work hard to achieve your goals,” explained Ramzan. He still has much he wishes to accomplish and hopes to be remembered for his impact on the project.

Abdullah believes WordPress can never die as long as people don’t stop innovating to meet new demands. The beauty of WordPress is that it is made for everyone.

Ramzan encouraged, “If you seriously want to do something for yourself, do something for others first. Go for open source, you’ll surely learn how to code. You’ll learn how to work in a team. Join local meetups, meet with the folks: help them, learn from them, and share ideas.”


This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard.

Meet more WordPress community members over at HeroPress.com!

WordPress 5.2.3 Security and Maintenance Release

Posted September 5, 2019 by Jake Spurlock. Filed under Releases, Security.

WordPress 5.2.3 is now available!

This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade.

If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you.

Security Updates

  • Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. 
  • Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect. 
  • Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
  • Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.
  • Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
  • Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
  • In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions. 

You can browse the full list of changes on Trac.

For more info, browse the full list of changes on Trac or check out the Version 5.2.3 documentation page.

WordPress 5.2.3 is a short-cycle maintenance release. The next major release will be version 5.3.

You can download WordPress 5.2.3 from the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Thanks and props!

This release brings together contributions from more than 62 other people. Thank you to everyone who made this release possible!

Adam SilversteinAlex ConchaAlex GollerAndrea FerciaAndrew DuthieAndrew OzzAndy Fragen, Ashish ShuklaAslam Shekhbackermann1978Catalin DogaruChetan PrajapatiChris ApreaChristoph Herrdan@micamedia.comDaniel LlewellyndonmhicoElla van DurpeepiquerasFencer04flaviozavanGarrett HyderGary Pendergastgqevu6bsizHardik ThakkarIan BelangerIan DunnJake SpurlockJb AudrasJeffrey PauljikamensJohn BlackbournJonathan Desrosiers, Jorge Costa, karlgrovesKjell ReigstadlaurelfulfordMaje Media LLCMartin SpatovaliyskiMary BaumMonika RaoMukesh Panchalnayana123Ned ZimmermanNick Daugherty, Nilambar SharmanmenescardiPaul Vincent BeigangPedro MendonçaPeter WilsonSergey BiryukovSergey PredvoditelevSharaz ShahidStanimir StoyanovStefano MinoiaTammie ListertellthemachinestmatsuurVaishali PanchalvortfuWill West, and yarnboy.

The Month in WordPress: August 2019

Posted September 2, 2019 by Hugh Lashbrooke. Filed under Month in WordPress.

This has been a particularly busy month, with a number of interesting and ambitious proposals for the WordPress project along with active progress across the entire community.


Core Development and Schedule

The upcoming minor release of WordPress, v5.2.3, is currently in the release candidate phase and available for testing.

Following that, the next major release is v5.3 and the Core team has laid out a schedule and scope for development. In addition, a bug scrub schedule and an accessibility-focused schedule have been set out to provide dedicated times for contributors to work on ironing out the bugs in the release.

Want to get involved in building WordPress Core? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Proposal for User Privacy Improvements

The Core Privacy Team has proposed a feature plugin to build a consent and logging mechanism for user privacy. This project will focus on improving the user privacy controls in WordPress Core in order to protect site owners and users alike.

The proposal includes some useful information about building effective controls for users, how other projects have worked on similar efforts, and what kind of time and resources the project will need in order to be developed.

Want to get involved in this feature project? Follow the Core team blog, and join the #core-privacy channel in the Making WordPress Slack group where there are open office hours every Wednesday at 19:00 UTC.

Core Notification System Proposal

A proposal has been made for a new feature project to build a robust notification system for WordPress Core. The aim of the project is to build a system to handle notifications for site owners that can be extended by plugin and theme developers.

This proposal comes on the back of a Trac ticket opened 18 months ago. With weekly meetings to discuss the project, the team behind WP Notify are in the planning phase while they establish exactly how to develop the feature.

Want to get involved in this feature project? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group – meetings for this project happen every Monday at 14:00 and 22:00 UTC.

Local WordPress Development Environment

Members of the Core Team have put together a local development environment for WordPress that runs on Docker. This environment provides an easy way for developers to get involved with WordPress core development. 

The work on this was inspired by the environment used for local Gutenberg development, which has since been improved based on the new work that has been done here.

The announcement post explains how to use the Docker environment. If you have any feedback or bug reports, please comment on the post directly.

Updates for Older Versions of WordPress

On July 30, the Security Team shared that security updates need to undergo the same testing and release process for every major version of WordPress. This means they have to provide long-term support for over fifteen major versions of WordPress. This requires a lot of time and effort, and the team has sought feedback on potential solutions for this challenge

Following this discussion, a proposal was made to auto-update old versions of WordPress to v4.7. This proposal garnered many responses and has since been updated to incorporate feedback from comments. The current recommendation is to secure the six latest versions and to eventually auto-update all older versions of WordPress to 4.7. Since this proposal was made, it has been discussed at Hosting Team meetings and Dev Chat meetings, and the conversation is still ongoing.

Want to provide feedback on this proposal? Comment on the original post with your thoughts.


Further Reading:

Have a story that we should include in the next “Month in WordPress” post? Please submit it here.

People of WordPress: Amanda Rush

Posted August 9, 2019 by Yvette Sonneveld. Filed under heropress, Interviews.

You’ve probably heard that WordPress is open source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories.

Meet Amanda Rush from Augusta, Georgia, USA.

Amanda Rush is a WordPress advocate with a visual disability. She first started using computers in 1985, which enabled her to turn in homework to her sighted teachers. Screen reader technology for Windows was in its infancy then, so she worked in DOS almost exclusively.

After graduating high school, Amanda went to college to study computer science, programming with DOS-based tools since compilers for Windows were still inaccessible. As part of her computer science course of study, she learned HTML which began her career in web development.

How Amanda got started with WordPress

Amanda began maintaining a personal website, and eventually began publishing her own content using LiveJournal. However, controlling the way the page around her content looked was hard, and she soon outgrew the hosted solution.

So in 2005, Amanda bought customerservant.com, set up a very simple CMS for blogging, and started publishing there. She accepted the lack of design and content, and lack of easy customization because she wasn’t willing to code her own solution. Nor did she want to move to another hosted solution, as she liked being able to customize her own site, as well as publish content.

Hebrew dates led her to WordPress

At some point, Amanda was looking for an easy way to display the Hebrew dates alongside the Gregorian dates on her blog entries. Unfortunately, the blogging software she was using at the time, did not offer customization options at that level. She decided to research alternative solutions and came across a WordPress plugin that did just that. 

The fact that WordPress would not keep her locked into a visual editor, used themes to customize styling, and offered ways to mark up content, immediately appealed to Amanda. She decided to give it a go.

Accessibility caused her to dive deeper

When the software Amanda used at work became completely inaccessible, she started learning about WordPress. While she was learning about this new software, Web 2.0 was introduced. The lack of support for it in the screen reader she used meant that WordPress administration was completely inaccessible. To get anything done, Amanda needed to learn to find her way in WordPress’ file structure.

Eventually Amanda started working as an independent contractor for the largest screen reader developer in the market, Freedom Scientific. She worked from home every day and hacked on WordPress after hours.

Unfortunately Amanda hit a rough patch when her job at Freedom Scientific ended. Using her savings she undertook further studies for various Cisco and Red Hat certifications, only to discover that the required testing for these certifications were completely inaccessible. She could study all she wanted, but wasn’t able to receive grades to pass the courses.

She lost her financial aid, her health took a turn for the worse, she was diagnosed with Lupus, and lost her apartment. Amanda relocated to Augusta where she had supportive friends who offered her a couch and a roof over her head.

But Amanda refused to give up

Amanda continued to hack WordPress through all of this. It was the only stable part of her life. She wanted to help make WordPress accessible for people with disabilities, and in 2012 joined the  WordPress Accessibility Team. Shortly after that, she finally got her own place to live, and started thinking about what she was going to do with the rest of her working life.

Listening to podcasts led her to take part in WordSesh, which was delivered completely online and enabled Amanda to participate without needing to travel. She began to interact with WordPress people on Twitter, and continued to contribute to the community as part of the WordPress Accessibility Team. Things had finally started to pick up.

Starting her own business

In 2014, Amanda officially launched her own business, Customer Servant Consultancy. Since WordPress is open source, and becoming increasingly accessible, Amanda could modify WordPress to build whatever she wanted and not be at the mercy of web and application developers who know nothing about accessibility. And if she got stuck, she could tap into the community and its resources.

Improving her circumstances and becoming more self-sufficient means Amanda was able to take back some control over her life in general. She was able to gain independence and create her own business despite being part of the blind community, which has an 80% unemployment rate. 

In her own words:

We’re still fighting discrimination in the workplace, and we’re still fighting for equal access when it comes to the technology we use to do our jobs. But the beauty of WordPress and its community is that we can create opportunities for ourselves.

I urge my fellow blind community members to join me inside this wonderful thing called WordPress. Because it will change your lives if you let it.

Amanda Rush, entrepreneur

This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard.

Meet more WordPress community members over at HeroPress.com!

Older Posts »

See Also:

Want to follow the code? There’s a development P2 blog and you can track active development in the Trac timeline that often has 20–30 updates per day.

Want to find an event near you? Check out the WordCamp schedule and find your local Meetup group!

For more WordPress news, check out the WordPress Planet.

Categories

Subscribe to WordPress News

Join 1,809,549 other subscribers

%d bloggers like this: