The WordPress.org privacy policy has been updated, hurray! While we weren’t able to remove all the long sentences, we hope you find the revisions make it easier to understand:
how we collect and use data,
how long the data we collect is retained, and
how you can request a copy of the data you’ve shared with us.
There hasn’t been any change to the data that WordPress.org collects or how that data is used; the privacy policy just provides more detail now. Happy reading, and thanks for using WordPress!
WordPress 4.9.6 is now available. This is a privacy and maintenance release. We encourage you to update your sites to take advantage of the new privacy features.
Privacy
The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25. The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared.
It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located.
You can learn more about the GDPR from the European Commission’s Data Protection page.
We’re committed to supporting site owners around the world in their work to comply with this important law. As part of that effort, we’ve added a number of new privacy features in this release.
Comments
Logged-out commenters will be given a choice on whether their name, email address, and website are saved in a cookie on their browser.
Privacy Policy Page
Site owners can now designate a privacy policy page. This page will be shown on your login and registration pages. You should manually add a link to your policy to every page on your website. If you have a footer menu, that’s a great place to include your privacy policy.
In addition, we’ve created a guide that includes insights from WordPress and participating plugins on how they handle personal data. These insights can be copied and pasted into your site’s privacy policy to help you get started.
Site owners have a new email-based method that they can use to confirm personal data requests. This request confirmation tool works for both export and erasure requests, and for both registered users and commenters.
Maintenance
95 updates were made in WordPress 4.9.6. In addition to the above, particularly of note were:
“Mine” has been added as a filter in the media library.
When viewing a plugin in the admin, it will now tell you the minimum PHP version required.
We’ve added new PHP polyfills for forwards-compatibility and proper variable validation.
TinyMCE was updated to the latest version (4.7.11).
Download WordPress 4.9.6 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates will start updating soon.
Please note that if you’re currently on WordPress 4.9.3, you should manually update your site immediately.
This past month saw a lot of preparation for upcoming events and releases across the WordPress project. Read on to find out more about these plans, and everything else that happened around the community in April.
The WordPress 15th Anniversary is Coming
On May 27 2018, WordPress will turn 15 years old — this is a huge milestone for the project, or, indeed, for any open-source platform. The Community Team has been hard at work helping communities around the world plan local anniversary parties.
Check the central anniversary website to see if there’s already a party being planned near you. These parties are all organized by local communities — if there’s no local community in your area, you can start one today and host a party yourself.
Work has Started on a Gutenberg Migration Guide
With Gutenberg, the upcoming WordPress content editor, in rapid development, a lot of people have been wondering how they will convert their existing plugins to work with the new features. To mitigate the issues here and help people overcome any migration hurdles, a Gutenberg Migration Guide is underway to assist developers with making their code Gutenberg-compatible.
This program will allow frequent and reliable theme authors to apply for trusted status, allowing them to upload themes more frequently and to have their themes automatically approved. This will allow more high-quality themes to be added to the directory, as well as recognize the hard work that authors put in to build their themes.
May 27, 2018 is the 15th anniversary of the first WordPress release— and we can’t wait to celebrate!
Party time!
Join WordPress fans all over the world in celebrating the 15th Anniversary of WordPress by throwing your own party! Here’s how you can join in the fun:
Check the WordPress 15th Anniversary website to see if there’s a party already planned for your town. If there is, RSVP for the party and invite your friends!
If there isn’t, then pick a place to go where a bunch of people can be merry — a park, a pub, a backyard; any family-friendly venue will do!
List your party with your local WordPress meetup group (Don’t have a group? Start one!) and then spread the word to other local meetups, tech groups, press, etc and get people to say they’ll come to your party.
Request some special 15th anniversary WordPress swag (no later than April 27, please, so we have time to ship it to you).
Have party attendees post photos, videos, and the like with the #WP15 hashtag, and check out the social media stream to see how the rest of the world is sharing and celebrating.
Don’t miss this chance to participate in a global celebration of WordPress!
Special Swag
In honor of the 15th anniversary, we’ve added some special 15th anniversary items in the swag store — you can use the offer code CELEBRATEWP15 to take 15% off this (and any other WordPress swag you buy), all the way through the end of 2018!
Keep checking the swag store, because we’ll be adding more swag over the next few weeks!
GDPR compliance is an important consideration for all WordPress websites. The GDPR Compliance team is looking for help to test the privacy tools that are currently being developed in core.
What is GDPR?
GDPR stands for General Data Protection Regulation and is intended to strengthen and unify data protection for all individuals within the European Union. Its primary aim is to give control back to the EU residents over their personal data.
Why the urgency? Although the GDPR was introduced two years ago, it becomes enforceable starting May 25, 2018.
Make WordPress GDPR Compliance Team
Currently, the GDPR Compliance Team understands that helping WordPress-based sites become compliant is a large and ongoing task. The team is focusing on creating a comprehensive core policy, plugin guidelines, privacy tools and documentation. All of this requires your help.
The GDPR Compliance Team is focusing on four main areas:
Add functionality to assist site owners in creating comprehensive privacy policies for their websites.
Create guidelines for plugins to become GDPR ready.
Add administration tools to facilitate compliance and encourage user privacy in general.
Add documentation to educate site owners on privacy, the main GDPR compliance requirements, and on how to use the new privacy tools.
Don’t we already have a privacy policy?
Yes and no. That said, The GDPR puts tighter guidelines and restrictions. Though we have many plugins that create privacy pages, we need means to generate a unified, comprehensive privacy policy. We will need tools for users to easily come into compliance.
Site owners will be able to create GDPR compliant privacy policy in three steps:
Adding a dedicated page for the policy.
Adding privacy information from plugins.
Reviewing and publishing the policy.
A new “postbox” will be added to the Edit Page screen when editing the policy. All plugins that collect or store user data will be able to add privacy information there. In addition it will alert the site owners when any privacy information changes after a plugin is activated, deactivated, or updated.
There is a new functionality to confirm user requests by email address. It is intended for site owners to be able to verify requests from users for displaying, downloading, or anonymizing of personal data.
A new “Privacy” page is added under the “Tools” menu. It will display new, confirmed requests from users, as well as already fulfilled requests. It will also contain the tools for exporting and anonymizing of personal data and for requesting email confirmation to avoid abuse attempts.
New section on privacy will be added to the Plugin Handbook. It will contain some general information on user privacy, what a plugin should do to be compliant, and also tips and examples on how to use the new privacy related functionality in WordPress.
The new privacy tools are scheduled for release at the end of April or beginning of May 2018.
How can you get involved?
We would love to have your help. The first step is awareness and education. For more information about the upcoming privacy tools see the roadmap.
If you would like to get involved in building WordPress Core and testing the new privacy tools, please join the #gdpr-compliance channel in the Make WordPress Slack group.
WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:
Don't treat localhost as same host by default.
Use safe redirects when redirecting the login page if SSL is forced.
Make sure the version string is correctly escaped for use in generator tags.
Download WordPress 4.9.5 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.
Thank you to everyone who contributed to WordPress 4.9.5:
With a significant new milestone and some great improvements to WordPress as a platform, this month has been an important one for the project. Read on to find out more about what happened during the month of March.
The percentage is determined based on W3Techs’ review of the top 10 million sites on the web, and it’s a strong indicator of the popularity and flexibility of WordPress as a platform.
The WordPress Marketing Team has been hard at work lately putting together a comprehensive glossary of WordPress jargon to help newcomers to the project become more easily acquainted with things.
The glossary is available here along with a downloadable PDF to make it simpler to reference offline.
Publishing this resource is part of an overall effort to make WordPress more easily accessible for people who are not so familiar with the project. If you would like to assist the Marketing Team with this, you can follow the team blog and join the #marketing channel in the Making WordPress Slack group.
Focusing on Privacy in WordPress
Online privacy has been in the news this month for all the wrong reasons. It has reinforced the commitment of the GDPR Compliance Team to continue working on enhancements to WordPress core that allow site owners to improve privacy standards.
The team's work, and the wider privacy project, spans four areas: Adding tools which will allow site administrators to collect the information they need about their sites, examining the plugin guidelines with privacy in mind, enhancing privacy standards in WordPress core, and creating documentation focused on best practices in online privacy.
Judging by the flurry of activity across the WordPress project throughout February, it looks like everyone is really getting into the swing of things for 2018. There have been a lot of interesting new developments, so read on to see what the community has been up to for the past month.
WordPress 4.9.3 & 4.9.4
Early in the month, version 4.9.3 of WordPress was released, including a number of important bug fixes. Unfortunately it introduced a bug that prevented many sites from automatically updating to future releases. To remedy this issue, version 4.9.4 was released the following day requiring many people to manually update their sites.
While this kind of issue is always regrettable, the good thing is that it was fixed quickly, and that not all sites had updated to 4.9.3 yet, which meant they bypassed the bug in that version.
In 2016, the Global Community Team ran an experimental program to help spread WordPress to underserved areas by providing more significant organizing support for their first WordCamp event. This program was dubbed the WordCamp Incubator, and it was so successful in the three cities where it ran that the program is back for 2018.
Right now, the Community Team is looking for cities to be a part of this year’s incubator by taking applications. Additionally, each incubator community will need an experienced WordCamp organizer to assist them as a co-lead organizer for their event — if that sounds interesting to you, then you can fill in the application form for co-leads.
These will be run as video chats at 16:00 UTC every Wednesday this month and will be a great place for meetup organizers to come together and help each other out with practical ideas and advice.
If you are not already in the WordPress meetup program and would like to join, you can find out more information in the WordPress Meetup Organizer Handbook.
GDPR Compliance in WordPress Core
The General Data Protection Regulation (GDPR) is an upcoming regulation that will affect all online services across Europe. In order to prepare for this, a working group has been formed to make sure that WordPress is compliant with the GDPR regulations.
Aside from the fact that this will be a requirement for the project going forward, it will also have an important and significant impact on the privacy and security of WordPress as a whole. The working group has posted their proposed roadmap for this project and it looks very promising.
WordCamps are informal, community-organized events that are put together by a team of local WordPress users who have a passion for growing their communities. They are born out of active WordPress meetup groups that meet regularly and are able to host an annual WordCamp event. This has worked very well in many communities, with over 120 WordCamps being hosted around the world in 2017.
Sometimes though, passionate and enthusiastic community members can’t pull together enough people in their community to make a WordCamp happen. To address this, we introduced the WordCamp Incubator program in 2016.
The goal of the incubator program is to help spread WordPress to underserved areas by providing more significant organizing support for their first WordCamp event. In 2016, members of the global community team worked with volunteers in three cities — Denpasar, Harare and Medellín — giving direct, hands-on assistance in making local WordCamps possible. All three of these WordCamp incubators were a great success, so we're bringing the incubator program back for 2018.
Where should the next WordCamp incubators be? If you have always wanted a WordCamp in your city but haven’t been able to get a community started, this is a great opportunity. We will be taking applications for the next few weeks, then will get in touch with everyone who applied to discuss the possibilities. We will announce the chosen cities by the end of March.
To apply, fill in the application by March 15, 2018. You don’t need to have any specific information handy, it’s just a form to let us know you’re interested. You can apply to nominate your city even if you don’t want to be the main organizer, but for this to work well we will need local liaisons and volunteers, so please only nominate cities where you live or work so that we have at least one local connection to begin.
This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail to update automatically, and will require action from you (or your host) for it to be updated to 4.9.4.
Four years ago with WordPress 3.7 “Basie”, we added the ability for WordPress to self-update, keeping your website secure and bug-free, even when you weren’t available to do it yourself. For four years it’s helped keep millions of installs updated with very few issues over that time. Unfortunately yesterdays 4.9.3 release contained a severe bug which was only discovered after release. The bug will cause WordPress to encounter an error when it attempts to update itself to WordPress 4.9.4, and will require an update to be performed through the WordPress dashboard or hosts update tools.
WordPress managed hosting companies who install updates automatically for their customers can install the update as normal, and we’ll be working with other hosts to ensure that as many customers of theirs who can be automatically updated to WordPress 4.9.4 can be.
