WordPress.org

WordPress 4.9.2 Security and Maintenance Release

Posted January 16, 2018 by Ian Dunn. Filed under Releases, Security.

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

Thank you to the reporters of this issue for practicing responsible security disclosureEnguerran Gillier and Widiz.

21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:

  • JavaScript errors that prevented saving posts in Firefox have been fixed.
  • The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.
  • Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.

The Codex has more information about all of the issues fixed in 4.9.2, if you'd like to learn more.

Download WordPress 4.9.2 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.2:

0x6f0, Aaron Jorbin, Andrea Fercia, Andrew Duthie, Andrew Ozz, Blobfolio, Boone Gorges, Caleb Burks, Carolina Nymark, chasewg, Chetan Prajapati, Dion Hulse, Hardik Amipara, ionvv, Jason Caldwell, Jeffrey Paul, Jeremy Felt, Joe McGill, johnschulz, Juhi Patel, Konstantin Obenland, Mark Jaquith, Nilambar Sharma, Peter Wilson, Rachel Baker, Rinku Y, Sergey Biryukov, and Weston Ruter.

The Month in WordPress: December 2017

Posted January 3, 2018 by Hugh Lashbrooke. Filed under Month in WordPress, Uncategorized.

Activity slowed down in December in the WordPress community, particularly in the last two weeks. However, the month started off with a big event and work pushed forward in a number of key areas of the project. Read on to find out more about what transpired in the WordPress community as 2017 came to a close.


WordCamp US 2017 Brings the Community Together

The latest edition of WordCamp US took place last month in Nashville on December 1-3. The event brought together over 1,400 WordPress enthusiasts from around the world, fostering a deeper, more engaged global community.

While attending a WordCamp is always a unique experience, you can catch up on the sessions on WordPress.tv and look through the event photos on Facebook to get a feel for how it all happened. Of course, Matt Mullenweg’s State of the Word talk is always one of the highlights at this event.

The next WordCamp US will be held in Nashville again in 2018, but if you would like to see it hosted in your city in 2019 and 2020, then you have until February 2 to apply.

WordPress User Survey Data Is Published

Over the last few years, tens of thousands of WordPress users all over the world have filled out the annual WordPress user survey. The results of that survey are used to improve the WordPress project, but that data has mostly remained private. This has changed now and the results from the last three surveys are now publicly available for everyone to analyze.

The data will be useful to anyone involved in WordPress since it provides a detailed look at who uses WordPress and what they do with it — information that can help inform product development decisions across the board.

New WordPress.org Team for the Tide Project

As announced at WordCamp US, the Tide project is being brought under the WordPress.org umbrella to be managed and developed by the community.

Tide is a series of automated tests run against every plugin and theme in the directory to help WordPress users make informed decisions about the plugins and themes that they choose to install.

To get involved in developing Tide, jump into the #tide channel in the Making WordPress Slack group, and follow the Tide team blog.


Further Reading:

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

WordPress User Survey Data for 2015-2017

Posted December 22, 2017 by Andrea Middleton. Filed under General, WrapUp.

For many years, we’ve invited folks to tell us how they use WordPress by filling out an annual survey. In the past, interesting results from this survey have been shared in the annual State of the Word address. This year, for the first time, the results of the 2017 survey are being published on WordPress News, along with the results of the 2015 and 2016 survey.

So that information from the survey doesn’t reveal anything that respondents might consider private, we do not publish a full export of the raw data. We’d love to make this information as accessible as possible, though, so if you have a suggestion for an OS project or tool we can put the data into that allows people to play with it that still protects individual response privacy, please leave a comment on this post!

Major Groups

This survey features multiple groups, dividing respondents at the first question:

Which of the following best describes how you use WordPress? (Mandatory)

Those who selected “I’m a designer or developer, or I work for a company that designs/develops websites; I use WordPress to build websites and/or blogs for others. (This might include theme development, writing plugins, or other custom work.)” were served questions from what we’ll call the “WordPress Professionals” group.

This “WordPress Professionals” group is further divided into WordPress Company and WordPress Freelancer/Hobbyist groups, based on how the respondent answered the question, “Which of the following best describes your involvement with WordPress? (2015) / Do you work for a company, or on your own? (2016-17).”

Those who selected “I own, run, or contribute to a blog or website that is built with WordPress.” were served questions in what we’re calling the “WordPress Users” group.

The relevant survey group is noted in each table below. In the case of questions that were served to different groups in 2015 but then served to all respondents in 2016 and 2017, the group responses from 2015 have been consolidated into one set of data for easier comparison between years.

Survey results

Jump to answers from WordPress Professionals

Jump to answers from WordPress Users

Jump to answers from All Respondents

Which of the following best describes how you use WordPress? (Mandatory)

2015 2016 2017
Number of responses (since this question was mandatory, the number of responses here is the total number for the survey) 45,995 15,585 16,029
I’m a designer or developer, or I work for a company that designs/develops websites; I use WordPress to build websites and/or blogs for others. (This might include theme development, writing plugins, other custom work.) 26,662 58% 8,838 57% 9,099 57%
I own, run, or contribute to a blog or website that is built with WordPress. 16,130 35% 5,293 34% 5,625 35%
Neither of the above. 3,204 7% 1,460 9% 1,306 8%

WordPress Professionals

Which of the following best describes your involvement with WordPress? (Mandatory, 2015) / Do you work for a company, or on your own? (Mandatory, 2016-17)

2015 2016 2017
Group: WordPress Professional
Number of responses 26,699 8,838 9,101
My primary job is working for a company or organization that uses WordPress. 9,505 36% 3,529 40% 3,660 40%
My primary job is as a self-employed designer or developer that uses WordPress. 9,310 35% 3,188 36% 3,440 38%
I earn money from part-time or occasional freelance work involving WordPress. 5,954 22% 1,633 18% 1,590 17%
Work that I do involving WordPress is just a hobby, I don’t make money from it. 1,930 7% 491 6% 411 5%

How does your company or organization work with WordPress?

2015 2016 2017
Group: WordPress Company
Number of responses 9,342
Build/design and/or maintain websites or blogs for other people, companies, or organizations. 7,772 27%
Develop or customize themes. 5,404 19%
Build/design and/or maintain websites or blogs for my own use. 4,733 16%
Host websites for customers. 4,397 15%
Develop or distribute plugins. 3,181 11%
Provide educational resources to help others to use WordPress. 1,349 5%
Sponsor and/or attend WordCamps. 1,127 4%
Contribute bug reports and/or patches to WordPress core. 914 3%
Other Option 182  1%
Number of responses 3,457 3,598
We make websites for others. 2,695 24% 2,722 23%
We make websites for ourselves. 2,355 21% 2,470 21%
We develop or customize themes. 1,866 16% 1,910 16%
We host websites for others. 1,564 14% 1,595 14%
We develop or distribute plugins. 1,283 11% 1,342 11%
We provide educational resources to help others to use WordPress. 581 5% 631 5%
We sponsor and/or attend WordCamps. 561 5% 579 5%
We contribute bug reports and/or patches to WordPress core. 444 4% 468 4%
Other Option 98 1% 96 1%

How would you describe the business of your typical client(s)? (2015) / How would you describe the business of your typical client/customer? (2016, 2017)

2015 2016 2017
Group: WordPress Company
Number of responses 9,154 3,317 3,498
Small business 6,893 32% 2,398 31% 2,510 31%
Large business or Enterprise 3,635 17% 1,361 18% 1,447 18%
Non-profit 2,644 12% 934 12% 992 12%
Individual 2,600 12% 888 12% 1,022 12%
Education 2,344 11% 854 11% 966 12%
Website development (sub-contracting) 2,065 10% 637 8% 677 8%
Government 1,410 6% 524 7% 552 7%
Other Option 127 1% 66 1% 64 1%

How does your company or organization use WordPress when developing websites? (2015) / When making websites, how does your company or organization use WordPress? (2016, 2017)

2015 2016 2017
Group: WordPress Company
Number of responses 9,078 3,369 3,552
Mostly as a content management system (CMS) 6,361 70% 2,482 74% 2,640 74%
About half the time as a blogging platform and half the time as a CMS 1,222 13% 370 11% 383 11%
Mostly as a blogging platform 721 8% 137 4% 129 4%
Mostly as an application framework 629 7% 303 9% 303 9%
Other Option 145 2% 78 2% 97 3%

How much is your average WordPress site customized from the original WordPress installation?

2015 2016 2017
Group: WordPress Company
Number of responses 9,054 3,302 3,473
A lot of work has been done, the front end is unrecognizable, but the Dashboard still looks like the usual WordPress interface. 5,651 62% 2,025 61% 2,105 61%
There’s a different theme and some plugins have been added. 2,230 25% 799 24% 905 26%
Not at all, it’s still pretty much the same as the original download. 756 8% 302 9% 298 9%
You’d never know this was a WordPress installation, everything (including the admin) has been customized. 417 5% 177 5% 165 5%

Roughly how many currently active WordPress sites has your company or organization built?

2015 2016 2017
Group: WordPress Company
Number of responses 8,801
200 + 1,074 12%
51 – 200 1,721 20%
21 – 50 1,718 20%
11 – 20 1,284 15%
6 – 10 1,109 13%
2 – 5 1,418 16%
1 390 4%
0 87 1%
Number of responses 3,358 3,540
Thousands. 291 9% 331 9%
Hundreds. 770 23% 894 25%
Fewer than a hundred. 1,144 34% 1,177 33%
Just a few, but they are really great. 926 28% 896 25%
Prefer not to answer. 228 7% 242 7%

How many person-hours (of your company’s work) does the typical site take to complete?

2015 2016 2017
Group: WordPress Company
Number of responses 9,091 3,353 3,522
More than 200 939 10% 309 9% 325 9%
100 – 200 1080 12% 329 10% 367 10%
60 – 100 1541 17% 527 16% 513 15%
40 – 60 1854 20% 583 17% 620 18%
20 – 40 2066 23% 691 21% 685 19%
Fewer than 20 1611 18% 479 14% 519 15%
Prefer not to answer (2016, 2017) 436 13% 493 14%

Roughly what percentage of your company or organization’s output is based around WordPress (as opposed to other platforms or software)?

2015 2016 2017
Group: WordPress Company
Number of responses 8,950 3,345 3,503
100 % 1,089 12% 438 13% 480 14%
90 % 1,043 12% 417 12% 459 13%
80 % 955 11% 367 11% 424 12%
70 % 831 9% 305 9% 344 10%
60 % 534 6% 246 7% 226 6%
50 % 973 11% 335 10% 338 10%
40 % 613 7% 245 7% 202 6%
30 % 877 10% 335 10% 310 9%
20 % 806 9% 242 7% 280 8%
10 % 1,039 12% 344 10% 348 10%
0 % 190 2% 72 2% 92 3%

In which of the following ways do you work with WordPress?

2015 2016 2017
Group: WordPress Freelancer/Hobbyist
Number of responses 17,009 5,221 5,425
Build/design and/or maintain websites or blogs for other people, companies, or organizations 15,342 34% 4,795 34% 5,064 34%
Develop or customize themes 10,549 24% 2,997 21% 3,021 20%
Host websites for customers 8,142 18% 2,466 17% 2,728 18%
Develop or distribute plugins 4,125 9% 1,395 10% 1,416 9%
Provide educational resources to help others to use WordPress 3,276 7% 1,187 8% 1,308 9%
Sponsor and/or attend WordCamps 1,559 4% 648 5% 724 5%
Contribute bug reports and/or patches to WordPress core 1,107 2% 381 3% 393 3%
Other Option 389 1% 243 2% 299 2%

How would you describe the business of your typical client(s)?

2015 2016 2017
Group: WordPress Freelancer/Hobbyist
Number of responses 16,863 5,151 5,353
Small business 14,185 35% 4,342 35% 4,622 36%
Individual 8,513 21% 2,581 21% 2,583 20%
Non-profit 6,585 16% 2,004 16% 2,113 16%
Website development (sub-contracting) 4,301 11% 1,258 10% 1,216 9%
Education 3,458 8% 1,049 8% 1,139 9%
Large business or Enterprise 2,391 6% 805 6% 857 7%
Government 1,150 3% 300 2% 329 3%
Other Option 173 0% 101 1% 99 1%

How do you use WordPress in your development?

2015 2016 2017
Group: WordPress Freelancer/Hobbyist
Number of responses 16,768 5,145 5,372
Mostly as a content management system (CMS) 11,754 70% 3,641 71% 3,959 74%
About half the time as a blogging platform and half the time as a CMS 2,825 17% 812 16% 721 13%
Mostly as an application framework 1,012 6% 343 7% 344 6%
Mostly as a blogging platform 992 6% 246 5% 226 4%
Other Option 185 1% 105 2% 122 2%

How much is your average WordPress site customized from the original WordPress installation?

2015 2016 2017
Group: WordPress Freelancer/Hobbyist
Number of responses 16,699 5,131 5,317
A lot of work has been done, the front end is unrecognizable, but the Dashboard still looks like the usual WordPress interface. 9,457 57% 2,837 55% 2,998 56%
There’s a different theme and some plugins have been added. 5,526 33% 1,694 33% 1,781 34%
Not at all, it’s still pretty much the same as the original download. 977 6% 341 7% 310 6%
You’d never know this was a WordPress installation, everything (including the admin) has been customized. 739 4% 261 5% 228 4%

How many currently active WordPress sites have you built? (2015) / Roughly how many currently active WordPress sites have you built? (2016, 2017)

2015 2016 2017
Group: WordPress Freelancer/Hobbyist
Number of responses 16,690
200 + 514 3%
51 – 200 1,728 10%
21 – 50 3,000 18%
11 – 20 3,146 19%
6 – 10 3,405 20%
2 – 5 3,838 23%
1 698 4%
0 361 2%
Number of responses 5,165 5367
Thousands. 110 2% 104 2%
Hundreds. 603 12% 713 13%
Fewer than a hundred. 2,264 44% 2,457 46%
Just a few, but they are really great. 1,871 36% 1,813 34%
Prefer not to answer. 319 6% 280 5%

Roughly what percentage of your working time is spent working with WordPress?

2015 2016 2017
Group: WordPress Freelancer/Hobbyist
Number of responses 16,658 5,039 5,241
100 % 949 6% 459 9% 461 9%
90 % 1,300 8% 527 10% 540 10%
80 % 1,784 11% 637 13% 711 14%
70 % 1,850 11% 608 12% 627 12%
60 % 1,313 8% 438 9% 465 9%
50 % 2,095 13% 612 12% 639 12%
40 % 1,438 9% 391 8% 384 7%
30 % 2,076 12% 530 11% 511 10%
20 % 1,743 10% 445 9% 429 8%
10 % 1,819 11% 342 7% 419 8%
0 % 291 2% 52 1% 55 1%

How many hours of your work does the typical site take to complete? (2015) / How many hours of work does your typical WordPress project take to launch? (2016, 2017)

2015 2016 2017
Group: WordPress Freelancer/Hobbyist
Number of responses 16,670 5,164 5,378
More than 200 503 3% 222 4% 245 5%
100 – 200 973 6% 386 7% 393 7%
60 – 100 2,277 14% 788 15% 815 15%
40 – 60 3,896 23% 1,153 22% 1,216 23%
20 – 40 6,068 36% 1,487 29% 1,582 29%
Fewer than 20 2,953 18% 712 14% 751 14%
Prefer not to answer 418 8% 376 7%

Which of the following have you done with WordPress?

2015 2016 2017
Group: WordPress Professional (Company/Freelancer/Hobbyist)
Number of responses 20,687
I’ve written a theme from scratch. 11,894 25%
I’ve written a plugin. 9,719 21%
I’ve answered a question in the WordPress forum. 8,805 19%
I’ve attended a WordPress meetup. 4,062 9%
I’ve submitted a WordPress bug report. 4,062 9%
I’ve attended a WordCamp. 3,571 8%
I’ve contributed to WordPress documentation. 1,778 4%
Other Option 1,739 4%
I’ve contributed a WordPress core patch. 1,055 2%

What’s the best thing about WordPress?*

2015 2016 2017
Group: WordPress Professional
Number of responses 22,718 7,891 8,267
Easy/simple/user-friendly 9,450 42% 3,454 44% 3,852 47%
Customizable/extensible/modular/plugins/themes 8,601 38% 3,116 39% 3,555 43%
Community/support/documentation/help 3,806 17% 1,211 15% 1,340 16%
Free/open/open source 2,291 10% 802 10% 908 11%
Popular/ubiquitous 249 1% 86 1% 187 2%

 What’s the most frustrating thing about WordPress?*

2015 2016 2017
Group: WordPress Professional
Number of responses 21,144 7,294 7,691
Plugins & themes (abandoned/conflicts/coding standards) 6,122 29% 2,194 30% 2,187 28%
Security/vulnerabilities/hacks 2,321 11% 712 10% 829 11%
Updates 1,544 7% 422 6% 508 7%
Nothing/I don’t know/can’t think of anything 1,276 6% 344 5% 476 6%
Speed/performance/slow/heavy 1,196 6% 644 9% 516 7%

WordPress is as good as, or better than, its main competitors.

2015 2016 2017
Group: WordPress Professional
Number of responses (this question was not asked in the 2015 survey) 8,672 9,059
Agree 7551 87% 7836 87%
Prefer not to answer 754 9% 795 9%
Disagree 370 4% 428 5%

WordPress Users

Which of the following describes how you use WordPress?

2015 2016 2017
Group: WordPress User
Number of responses 15,169 5,043 5,521
My personal blog (or blogs) uses WordPress. 9,395 36% 3,117 36% 3,424 36%
My company or organization’s website is built with WordPress software. 7,480 29% 2,519 29% 2,841 30%
I have a hobby or side project that has a website built with WordPress. 6,112 23% 1,973 23% 2,200 23%
I write (or otherwise work) for an online publication that uses WordPress. 2,329 9% 806 9% 821 9%
Other Option 872 3% 234 3% 288 3%

Who installed your WordPress website?

2015 2016 2017
Group: WordPress User
Number of responses 15,055 5,020 5,523
I did. 11,216 66% 3,659 73% 4,129 75%
My hosting provider 2,236 13% 667 13% 767 14%
An external company 909 5% 182 4% 178 3%
An internal web person/team or a colleague 874 5% 178 4% 191 3%
A friend or family member 787 5% 192 4% 172 3%
I don’t know 502 3% 145 3% 87 2%
Other Option 345 2% n/a n/a n/a n/a

How much has the site been customized from the original WordPress installation?

2015 2016 2017
Group: WordPress User
Number of responses 14,789 4,997 5,494
There’s a different theme and some plugins have been added. 7,465 50% 2,337 47% 2,660 48%
A lot of work has been done, the site itself is unrecognizable from the original theme, but the Dashboard still looks like the usual WordPress interface. 4,715 32% 1,707 34% 1,872 34%
Not at all, it’s still pretty much the same as it was when I started out. 1,841 12% 635 13% 673 12%
You’d never know this was a WordPress installation, everything has been customized. 768 5% 321 6% 290 5%

What’s the best thing about WordPress?*

2015 2016 2017
Group: WordPress User
Number of responses 14,328 4,613 5,076
Easy/simple/user-friendly 7,391 52% 2,276 49% 2,511 49%
Customizable/extensible/modular/plugins/themes 4,219 29% 1,569 34% 1,632 32%
Free/open/open source 1,586 11% 493 11% 538 11%
Community/support/documentation/help 1,085 8% 388 8% 458 9%
Popular/ubiquitous 223 2% 74 2% 48 1%

What’s the most frustrating thing about WordPress?*

2015 2016 2017
Group: WordPress User
Number of responses 13,681 4,287 4,758
Plugins & themes (abandoned/conflicts/coding standards) 2,531 19% 1,183 28% 1,300 27%
Customization/design/look/template 1,273 9% 381 9% 408 9%
Code/coding/PHP 931 7% 306 7% 277 6%
Updates 926 7% 209 5% 296 6%
Security/vulnerabilites/hacks 785 6% 255 6% 292 6%

WordPress is as good as, or better than, its main competitors.

2015 2016 2017
Group: WordPress User
Number of responses 5,026 5,498
Agree 4,038 80% 4,462 81%
Prefer not to answer 737 15% 782 14%
Disagree 254 5% 255 5%

All Respondents

Can you (truthfully!) say “I make my living from WordPress”?

2015 2016 2017
Group: All Respondents
Number of responses (combination of all three groups from 2015; this question was not broken out by group in 2016-2017) 42,236 14,906 15,616
Not really, but I do get some or all of my income as a result of working with WordPress. 16,607 39% 5,408 36% 5,702 37%
Yes. 9,635 23% 4,791 32% 5,033 32%
No. 15,995 38% 4,713 32% 4,882 31%

Which devices do you access WordPress on?

2015 2016 2017
Group: All Respondents
Number of responses (combination of all three groups from 2015; this question was not broken out by group in 2016-2017) 42,433
Web 40,503 95%
Android phone 15,396 36%
iPhone 12,353 29%
iPad 11,748 28%
Android tablet 9,223 22%
Desktop app, like MarsEdit 6,018 14%
Other Option 1837 4%
Number of responses (this question was not broken out by group in 2016-2017) 14,840 15,597
Web browser on a desktop or laptop 14,160 54% 15,052 55%
Web browser on a mobile device (tablet or phone) 7,952 30% 8,248 30%
An app on a mobile device (table or phone) 3,309 13% 3,311 12%
A desktop app like MarsEdit 517 2% 498 2%
Other Option 282 1% 240 1%

WordPress now updates minor & security releases automatically for you. Check all that apply: (question not asked in 2016, 2017)

2015 2016 2017
Group: All Respondents
Number of responses (combination of all three groups) 39,726
I love auto-updates. 17,367 44%
I’d like to see auto-updates for plugins. 12,796 32%
Initially, I was nervous about auto updates. 11,868 30%
Auto updates still make me nervous. 10,809 27%
Auto updates don’t make me nervous now. 10,708 27%
I’d like to see auto-updates for themes. 10,449 26%
I’d like to see auto updates for major versions of WordPress. 10,225 26%
This is the first I’ve heard of auto-updates. 8,660 22%
I hate auto-updates. 3,293 8%

What is your gender?*

2015 2016 2017
Group: All respondents (This question was not asked in the 2015 survey.)
Number of responses 13,953 14,680
Male 10,978 78.68% 11,570 78.81%
Female 2,340 16.77% 2,511 21.70%
Prefer not to answer 601 4.31% 562 3.83%
Transgender 11 0.08% 8 0.05%
Nonbinary 8 0.06% 17 0.12%
Genderqueer 4 0.03% 3 0.02%
Androgynous 6 0.04% 5 0.03%
Fluid 3 0.02% 4 0.03%
Demimale 2 0.01% 0 0

Where are you located?

2015 2016 2017
Group: All respondents (This question was not asked in the 2015 survey.)
Number of responses 14,562 15,343
United States 3,770 25.89% 4,067 26.51%
India 1,456 10.00% 1,424 9.28%
United Kingdom 810 5.56% 900 5.87%
Germany 555 3.81% 729 4.75%
Canada 511 3.51% 599 3.90%
Australia 389 2.67% 460 3.00%
Italy 298 2.05% 356 2.32%
Netherlands 343 2.36% 350 2.28%
France 232 1.59% 283 1.84%
Bangladesh 257 1.76% 263 1.71%
Spain 271 1.86% 252 1.64%
Brazil 239 1.64% 251 1.64%
Pakistan 254 1.74% 240 1.56%
Indonesia 230 1.58% 226 1.47%
Iran, Islamic Republic of 190 1.30% 173 1.13%
Sweden 144 0.99% 173 1.13%
Nigeria 196 1.35% 172 1.12%
South Africa 193 1.33% 172 1.12%
Russian Federation 181 1.24% 151 0.98%
Poland 129 0.89% 137 0.89%
Romania 144 0.99% 132 0.86%
Switzerland 122 0.84% 130 0.85%
Philippines 92 0.63% 125 0.81%
China 136 0.93% 123 0.80%
Austria 89 0.61% 122 0.80%
Ukraine 105 0.72% 118 0.77%
Denmark 107 0.73% 114 0.74%
Greece 120 0.82% 114 0.74%
Portugal 94 0.65% 109 0.71%
Vietnam 101 0.69% 108 0.70%
Mexico 94 0.65% 105 0.68%
Nepal 76 0.52% 97 0.63%
Ireland 72 0.49% 94 0.61%
Israel 78 0.54% 94 0.61%
New Zealand 77 0.53% 91 0.59%
Finland 63 0.43% 90 0.59%
Turkey 91 0.62% 86 0.56%
Malaysia 91 0.62% 81 0.53%
Belgium 84 0.58% 79 0.51%
Norway 66 0.45% 79 0.51%
Argentina 65 0.45% 76 0.50%
Bulgaria 74 0.51% 72 0.47%
Japan 61 0.42% 68 0.44%
Thailand 69 0.47% 67 0.44%
Czech Republic 76 0.52% 66 0.43%
Serbia 89 0.61% 63 0.41%
Kenya 58 0.40% 62 0.40%
Colombia 39 0.27% 59 0.38%
Egypt 40 0.27% 52 0.34%

What is your age?

2015 2016 2017
Group: All Respondents
Number of responses (This question was not asked in 2015.) 14,944 15,636
60 and over 1,139 8% 1,641 11%
50-59 1,537 10% 1,996 13%
40-49 2,205 15% 2,643 17%
30-39 3,914 26% 3,972 25%
20-29 5,013 34% 4,444 28%
Under 20 1142 8% 941 6%

Thank you to everyone who made time to fill out the survey — we’re so happy you use WordPress, and we’re very grateful that you’re willing to share your experiences with us! Thanks also to everyone who spread the word about this survey, and to those of you who read all the way to the bottom of this post. 😉

*Text Field Questions: Each survey included some questions that could be answered only by filling out a text field. In the case of the questions “What is the best thing about WordPress?” and “What is the most frustrating thing about WordPress?” we listed the five most common responses, aggregated when applicable. In the case of the question “What is your gender?” in the 2016 and 2017 surveys, we aggregated responses as best we could. Responses meant to obscure respondents’ gender entirely are aggregated in “prefer not to answer.”

The Month in WordPress: November 2017

Posted December 1, 2017 by Hugh Lashbrooke. Filed under Month in WordPress.

The WordPress project recently released WordPress 4.9, “Tipton” — a new major release named in honor of musician and band leader Billy Tipton. Read on to find out more about this and other interesting news from around the WordPress world in November.


WordPress 4.9 “Tipton”

On November 16, WordPress 4.9 was released with new features for publishers and developers alike. Release highlights include design locking, scheduling, and previews in the Customizer, an even more secure and usable code editing experience, a new gallery widget, and text widget improvements.

The follow up security and maintenance, v4.9.1, has now been released to tighten up the security of WordPress as a whole.

To get involved in building WordPress Core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.

Apply to Speak At WordCamp Europe 2018

The next edition of WordCamp Europe takes place in June, 2018. While the organizing team is still in the early stages of planning, they are accepting speaker applications.

WordCamp Europe is the largest WordCamp in the world and, along with WordCamp US, one of the flagship events of the WordCamp program — speaking at this event is a great way to give back to the global WordPress community by sharing your knowledge and expertise with thousands of WordPress enthusiasts.

Diversity Outreach Speaker Training Initiative

To help WordPress community organizers offer diverse speaker lineups, a new community initiative has kicked off to use existing speaker training workshops to demystify speaking requirements and help participants gain confidence in their ability to share their WordPress knowledge in a WordCamp session.

The working group behind this initiative will be meeting regularly to discuss and plan how they can help local communities to train speakers for WordCamps and other events.

To get involved in this initiative, you can join the meetings at 5pm UTC every other Wednesday in the #community-team channel of the Making WordPress Slack group.


Further Reading:

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

WordPress 4.9.1 Security and Maintenance Release

Posted November 29, 2017 by John Blackbourn. Filed under Releases, Security.

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

  1. Use a properly generated hash for the newbloguser key instead of a determinate substring.
  2. Add escaping to the language attributes used on html elements.
  3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  4. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Thank you to the reporters of these issues for practicing responsible security disclosure: Rahul Pratap Singh and John Blackbourn.

Eleven other bugs were fixed in WordPress 4.9.1. Particularly of note were:

  • Issues relating to the caching of theme template files.
  • A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
  • The inability to edit theme and plugin files on Windows based servers.

This post has more information about all of the issues fixed in 4.9.1 if you'd like to learn more.

Download WordPress 4.9.1 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.1:

Alain Schlesser, Andrea Fercia, Angelika Reisiger, Blobfolio, bobbingwide, Chetan Prajapati, Dion Hulse, Dominik Schilling (ocean90), edo888, Erich Munz, Felix Arntz, Florian TIAR, Gary Pendergast, Igor Benic, Jeff Farthing, Jeffrey Paul, jeremyescott, Joe McGill, John Blackbourn, johnpgreen, Kelly Dwan, lenasterg, Marius L. J., Mel Choyce, Mário Valney, natacado, odyssey, precies, Saša, Sergey Biryukov, and Weston Ruter.

WordPress 4.9 “Tipton”

Posted November 16, 2017 by Mel Choyce. Filed under Releases.

Major Customizer Improvements, Code Error Checking, and More! 🎉

Version 4.9 of WordPress, named “Tipton” in honor of jazz musician and band leader Billy Tipton, is available for download or update in your WordPress dashboard. New features in 4.9 will smooth your design workflow and keep you safe from coding errors.

Featuring design drafts, scheduling, and locking, along with preview links, the Customizer workflow improves collaboration for content creators. What’s more, code syntax highlighting and error checking will make for a clean and smooth site building experience. Finally, if all that wasn’t pretty great, we’ve got an awesome new Gallery widget and improvements to theme browsing and switching.


Customizer Workflow Improved 

Draft and Schedule Site Design Customizations

Yes, you read that right. Just like you can draft and revise posts and schedule them to go live on the date and time you choose, you can now tinker with your site’s design and schedule those design changes to go live as you please.

Collaborate with Design Preview Links

Need to get some feedback on proposed site design changes? WordPress 4.9 gives you a preview link you can send to colleagues and customers so that you can collect and integrate feedback before you schedule the changes to go live. Can we say collaboration++?

Design Locking Guards Your Changes

Ever encounter a scenario where two designers walk into a project and designer A overrides designer B’s beautiful changes? WordPress 4.9’s design lock feature (similar to post locking) secures your draft design so that no one can make changes to it or erase all your hard work.

A Prompt to Protect Your Work

Were you lured away from your desk before you saved your new draft design? Fear not, when you return, WordPress 4.9 will politely ask whether or not you’d like to save your unsaved changes.


Coding Enhancements

Syntax Highlighting and Error Checking? Yes, Please!

You’ve got a display problem but can’t quite figure out exactly what went wrong in the CSS you lovingly wrote. With syntax highlighting and error checking for CSS editing and the Custom HTML widget introduced in WordPress 4.8.1, you’ll pinpoint coding errors quickly. Practically guaranteed to help you scan code more easily, and suss out & fix code errors quickly.

Sandbox for Safety

The dreaded white screen. You’ll avoid it when working on themes and plugin code because WordPress 4.9 will warn you about saving an error. You’ll sleep better at night.

Warning: Potential Danger Ahead!

When you edit themes and plugins directly, WordPress 4.9 will politely warn you that this is a dangerous practice and will recommend that you draft and test changes before updating your file. Take the safe route: You’ll thank you. Your team and customers will thank you.


Even More Widget Updates 

The New Gallery Widget

An incremental improvement to the media changes hatched in WordPress 4.8, you can now add a gallery via this new widget. Yes!

Press a Button, Add Media

Want to add media to your text widget? Embed images, video, and audio directly into the widget along with your text, with our simple but useful Add Media button. Woo!


Site Building Improvements 

More Reliable Theme Switching

When you switch themes, widgets sometimes think they can just move location. Improvements in WordPress 4.9 offer more persistent menu and widget placement when you decide it’s time for a new theme. 

Find and Preview the Perfect Theme

Looking for a new theme for your site? Now, from within the Customizer, you can search, browse, and preview over 2600 themes before deploying changes to your site. What’s more, you can speed your search with filters for subject, features, and layout.

Better Menu Instructions = Less Confusion

Were you confused by the steps to create a new menu? Perhaps no longer! We’ve ironed out the UX for a smoother menu creation process. Newly updated copy will guide you.


Lend a Hand with Gutenberg 🤝

WordPress is working on a new way to create and control your content and we’d love to have your help. Interested in being an early tester or getting involved with the Gutenberg project? Contribute on GitHub.

(PS: this post was written in Gutenberg!)


Developer Happiness 😊

Customizer JS API Improvements

We’ve made numerous improvements to the Customizer JS API in WordPress 4.9, eliminating many pain points. (Hello, default parameters for constructs! Goodbye repeated ID for constructs!) There are also new base control templates, a date/time control, and section/panel/global notifications to name a few. Check out the full list.

CodeMirror available for use in your themes and plugins

We’ve introduced a new code editing library, CodeMirror, for use within core. CodeMirror allows for syntax highlighting, error checking, and validation when creating code writing or editing experiences within your plugins, like CSS or JavaScript include fields.

MediaElement.js upgraded to 4.2.6

WordPress 4.9 includes an upgraded version of MediaElement.js, which removes dependencies on jQuery, improves accessibility, modernizes the UI, and fixes many bugs.

Roles and Capabilities Improvements

New capabilities have been introduced that allow granular management of plugins and translation files. In addition, the site switching process in multisite has been fine-tuned to update the available roles and capabilities in a more reliable and coherent way.


The Squad

This release was led by Mel Choyce and Weston Ruter, with the help of the following fabulous folks. There are 443 contributors with props in this release, with 185 of them contributing for the first time. Pull up some Billy Tipton on your music service of choice, and check out some of their profiles:

Aaron D. Campbell, Aaron Jorbin, abrightclearweb, Achal Jain, achbed, Acme Themes, Adam Silverstein, adammacias, Ahmad Awais, ahmadawais, airesvsg, ajoah, Aki Björklund, akshayvinchurkar, Alain Schlesser, Alex Concha, Alex Dimitrov, Alex Hon, alex27, allancole, Amanda Rush, Andrea Fercia, Andreas Panag, Andrew Nacin, Andrew Ozz, Andrey "Rarst" Savchenko, Andy Meerwaldt, Andy Mercer, Andy Skelton, Aniket Pant, Anil Basnet, Ankit K Gupta, Anthony Hortin, antisilent, Anton Timmermans, apokalyptik, artoliukkonen, Arunas Liuiza, attitude, backermann, Bappi, Ben Cole, Bernhard Gronau, Bernhard Kau, binarymoon, Birgir Erlendsson (birgire), BjornW, bobbingwide, boblinthorst, boboudreau, bonger, Boone B. Gorges, Brady Vercher, Brainstorm Force, Brandon Kraft, Brian Hogg, Brian Krogsgard, Bronson Quick, Caroline Moore, Casey Driscoll, Caspie, Chandra Patel, Chaos Engine, cheeserolls, chesio, chetansatasiya, choong, Chouby, chredd, Chris Jean, Chris Marslender, Chris Smith, Chris Van Patten, Chris Wiegman, chriscct7, chriseverson, Christian Chung, Christian Nolen, Christian Wach, Christoph Herr, Clarion Technologies, Claudio Sanches, Claudio Sanches, ClaudioLaBarbera, codemovement.pk, coderkevin, codfish, coreymcollins, Curdin Krummenacher, Curtiss Grymala, Cătălin Dogaru, danhgilmore, Daniel Bachhuber , Daniel Kanchev, Daniel Pietrasik, Daniele Scasciafratte, Daryl L. L. Houston (dllh), Daryll Doyle, Dave Pullig, Dave Romsey (goto10), David A. Kennedy, David Chandra Purnama, David Herrera, David Lingren, David Mosterd, David Shanske, davidbhayes, Davide 'Folletto' Casali, deeptiboddapati, delphinus, deltafactory, Denis de Bernardy, Derek Herman, Derrick Hammer, Derrick Koo, dimchik, Dinesh Chouhan, Dion Hulse, dipeshkakadiya, dmsnell, Dominik Schilling, Dotan Cohen, Doug Wollison, doughamlin, DreamOn11, Drew Jaynes, duncanjbrown, dungengronovius, DylanAuty, Eddie Hurtig, Eduardo Reveles, Edwin Cromley, ElectricFeet, Elio Rivero, Ella Iseulde Van Dorpe, elyobo, enodekciw, Eric Andrew Lewis, Eric Lanehart, Evan Herman, Felix Arntz, Fencer04, Florian Brinkmann, Florian TIAR, FolioVision, fomenkoandrey, Frank Klein, Frankie, Frankie Jarrett, Fred, Fredrik Forsmo, fuscata, Gabriel Maldonado, Garth Mortensen, Gary Jones, Gary Pendergast, Geeky Software, George Stephanis, Goran Šerić, Graham Armfield, Grant Derepas, Gregory Karpinsky (@tivnet), Hardeep Asrani, Helen Hou-Sandí, Henry Wright, hiddenpearls, Hinaloe, Hristo Pandjarov, Hugo Baeta, Iain Poulson, Ian Dunn, Ian Edington, idealien, Ignacio Cruz Moreno, imath, implenton, Ionut Stanciu, Ipstenu (Mika Epstein), ivdimova, J.D. Grimes, Jacob Peattie, Jake Spurlock, James Nylen, jamesacero, Japh, Jared Cobb, jayarjo, jdolan, jdoubleu, Jeff Bowen, Jeff Paul, Jeffrey de Wit, Jeremy Felt, Jeremy Pry, jimt, Jip Moors, jmusal, Joe Dolson, Joe Hoyle, Joe McGill, Joel James, johanmynhardt, John Blackbourn, John Dittmar, John James Jacoby, John P. Bloch, John Regan, johnpgreen, Jon (Kenshino), Jonathan Bardo, Jonathan Brinley, Jonathan Daggerhart, Jonathan Desrosiers, Jonny Harris, jonnyauk, jordesign, JorritSchippers, Joseph Fusco, Josh Eaton, Josh Pollock, joshcummingsdesign, joshkadis, Joy, jrf, JRGould, Juanfra Aldasoro, Juhi Saxena, Junko Nukaga, Justin Busa, Justin Sainton, Justin Shreve, Justin Sternberg, K.Adam White, kacperszurek, Kailey (trepmal), KalenJohnson, Kat Hagan, Keanan Koppenhaver, keesiemeijer, kellbot, Kelly Dwan, Kevin Hagerty, Kirk Wight, kitchin, Kite, kjbenk, Knut Sparhell, koenschipper, kokarn, Konstantin Kovshenin, Konstantin Obenland, Konstantinos Kouratoras, kuchenundkakao, kuldipem, Laurel Fulford, Lee Willis, Leo Baiano, LittleBigThings (Csaba), Lucas Stark, Luke Cavanagh, Luke Gedeon, Luke Pettway, lyubomir_popov, Mário Valney, mageshp, Mahesh Waghmare, Mangesh Parte, Manish Songirkar, mantismamita, Marcel Bootsman, Marin Atanasov, Marius L. J., Mariyan Belchev, Mark Jaquith, Mark Root-Wiley, Mark Uraine, Marko Heijnen, markshep, matrixik, Matt Banks, Matt King, Matt Mullenweg, Matt PeepSo, Matt van Andel, Matt Wiebe, Matthew Haines-Young, mattyrob, Max Cutler, Maxime Culea, Mayo Moriyama, mckernanin, Mel Choyce, mhowell, Michael Arestad, Michael Arestad, michalzuber, Miina Sikk, Mike Auteri, Mike Crantea, Mike Glendinning, Mike Hansen, Mike Little, Mike Schroder, Mike Viele, Milan Dinić, modemlooper, Mohammad Jangda, Mohan Dere, Monika Rao, morettigeorgiev, Morgan Estes, Morten Rand-Hendriksen, moto hachi ( mt8.biz ), mrbobbybryant, Naim Naimov, Nate Reist, NateWr, nathanrice, Nazgul, Ned Zimmerman, net, Nick Halsey , Nicolas GUILLAUME, Nikhil Chavan, Nikhil Vimal, Nikolay Bachiyski, Nilambar Sharma, noplanman, nullvariable, odie2, odyssey, Okamoto Hidetaka, orvils, oskosk, Otto Kekäläinen, ovann86, Pantip Treerattanapitak (Nok), Pascal Birchler, patilvikasj, Paul Bearne, Paul Wilde, Payton Swick, pdufour, Perdaan, Peter Wilson, phh, php, Piotr Delawski, pippinsplugins, pjgalbraith, pkevan, Pratik, Pressionate, Presskopp, procodewp, Rachel Baker, Rahul Prajapati, Ramanan, Rami Yushuvaev, ramiabraham, ranh, Red Sand Media Group, Riad Benguella, Rian Rietveld, Richard Tape, Robert D Payne, Robert Jolly, Robert Noakes, Rocco Aliberti, Rodrigo Primo, Rommel Castro, Ronald Araújo, Ross Wintle, Roy Sivan, Ryan Kienstra, Ryan McCue, Ryan Plas, Ryan Welcher, Sal Ferrarello, Sami Keijonen, Samir Shah, Samuel Sidler, Sandesh, Sang-Min Yoon, Sanket Parmar, Sarah Gooding, Sayed Taqui, schrapel, Scott Reilly, Scott Taylor, scrappy@hub.org, scribu, seancjones, Sebastian Pisula, Sergey Biryukov, Sergio De Falco, sfpt, shayanys, shazahm1, shprink, simonlampen, skippy, smerriman, snacking, solal, Soren Wrede, Stanimir Stoyanov, Stanko Metodiev, Steph, Steph Wells, Stephanie Leary, Stephen Edgar, Stephen Harris, Steven Word, stevenlinx, Sudar Muthu, Swapnil V. Patil, swapnild, szaqal21, Takahashi Fumiki, Takayuki Miyauchi, Tammie Lister, tapsboy, Taylor Lovett, team, tg29359, tharsheblows, the, themeshaper, thenbrent, thomaswm, Thorsten Frommen, tierra, Tim Nash, Timmy Crawford, Timothy Jacobs, timph, Tkama, tnegri, Tom Auger, Tom J Nowell, tomdxw, Toro_Unit (Hiroshi Urabe), Torsten Landsiedel, transl8or, traversal, Travis Smith, Triet Minh, Trisha Salas, tristangemus, truongwp, tsl143, Ty Carlson, Ulrich, Utkarsh, Valeriu Tihai, Viljami Kuosmanen, Vishal Kakadiya, vortfu, Vrunda Kansara, webbgaraget, WebMan Design | Oliver Juhas, websupporter, William Earnhardt, williampatton, Wolly aka Paolo Valenti, WraithKenny, yale01, Yoav Farhi, Yoga Sukma, Zach Wills, Zack Tollman, Ze Fontainhas, zhildzik, and zsusag.

Finally, thanks to all the community translators who worked on WordPress 4.9. Their efforts bring WordPress 4.9 fully translated to 43 languages at release time, with more on the way.

Do you want to report on WordPress 4.9? We've compiled a press kit featuring information about the release features, and some media assets to help you along.

If you want to follow along or help out, check out Make WordPress and our core development blog.

Thanks for choosing WordPress!

WordPress 4.9 Release Candidate 3

Posted November 14, 2017 by Weston Ruter. Filed under Documentation, Releases.

The third release candidate for WordPress 4.9 is now available.

A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. In fact, we did miss some things in RC1 and RC2. This third release candidate was not originally scheduled, but due a number of defects uncovered through your testing of RC2 (thank you!), we are putting out another 4.9 release candidate.

We hope to ship WordPress 4.9 on Tuesday, November 14 (that’s tomorrow) at 23:00 UTC, but we still need your help to get there. If you haven’t tested 4.9 yet, now is the time! If there are additional defects uncovered through testing between now and the release time, we may delay the 4.9 release to the following day.

To test WordPress 4.9, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

We’ve made just over 20 changes since releasing RC2 last week (as we did between RC1 and RC2). For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3Beta 4RC1, and RC2 blog posts. A few specific areas to test in RC3:

  • Switching between the Visual and Text tabs of the editor, and the syncing of the cursor between those two tabs.
  • Overriding linting errors in the Customizer’s Additional CSS editor.
  • Adding nav menu items for Custom Links in the Customizer.
  • Scheduling customization drafts (stubbed posts/pages) for publishing in the Customizer.
  • Autosave revisions for changes in the Customizer.
  • About page styling.

Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. Please see the summative field guide to the 4.9 developer notes on the core development blog.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Didn’t squash them all 🐛
We want to release Tuesday
New features not bugs ✨

Thanks for your continued help testing out the latest versions of WordPress.

WordPress 4.9 Release Candidate 2

Posted November 7, 2017 by Weston Ruter. Filed under Development, Releases.

The second release candidate for WordPress 4.9 is now available.

A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.9 on Tuesday, November 14 (just over one week from now), but we need your help to get there. If you haven’t tested 4.9 yet, now is the time!

To test WordPress 4.9, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

We’ve made just over 20 changes since releasing RC 1 last week. For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3Beta 4, and RC1 blog posts. Specific areas to test in RC2:

  • Theme installation in the Customizer.
  • Scheduling changes for publishing in the Customizer.
  • Switching themes with live preview in the Customizer.

Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. Please see the summative field guide to the 4.9 developer notes on the core development blog.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

This week’s haiku is courtesy of @melchoyce:

We squashed all the bugs 🐛
But uh, if not, let us know
Also, test your stuff

Thanks for your continued help testing out the latest versions of WordPress.

The Month in WordPress: October 2017

Posted November 2, 2017 by Hugh Lashbrooke. Filed under Month in WordPress.

While this month we focused on building new features for WordPress core, we advanced other areas of the project too. Read on to learn more about what the WordPress project accomplished during the month of October.


Take the 2017 Annual WordPress User Survey

The annual WordPress User Survey is a great opportunity for you to provide your feedback about how you use WordPress. This year is no exception, as the 2017 WordPress User Survey is out now.

The information collected in the survey is used to make informed decisions about improvements across the WordPress project, so your answers are incredibly valuable and help shape the future of the platform.

WordPress 4.8.3 Security Release

At the end of October, WordPress 4.8.3 was released containing an important security fix for all previous versions of WordPress. If your WordPress installation has not updated automatically, please update it now to protect your site.

This security issue was brought to light by a community member, so if you ever discover a security vulnerability in WordPress core, please do the same and disclose it responsibly.

WordPress 4.9 Nearly Ready for Release

WordPress 4.9 was in rapid development this month. We released four beta versions and published a release candidate. The target for shipping WordPress 4.9 is November 14 — just two short weeks away. With many new features, this is a hugely exciting release that improves WordPress’ user experience considerably. Notably, you’ll see improvements to the theme selection experience, plenty of widget enhancements, drastically improved code editing, and much better user role management.

To get involved in building WordPress Core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.

WordPress Charity Hackathons are Growing

For the last few years, the number of do_action series of WordPress charity hackathons has grown around the world. What started as a community event to assist local nonprofit organizations, has become something many WordPress communities are replicating in an increasing number of cities.

As of this month, do_action events have been hosted in Cape Town and Johannesburg, South Africa, Beirut, Lebanon, Austin, Texas, and Montréal, Canada. In addition, events are now scheduled for Bristol, England and Zurich, Switzerland in 2018.

To get involved in organizing a do_action event locally, read the do_action organizer’s handbook and join the #community-events channel in the Making WordPress Slack group.

Gutenberg Development Advances

While work steadily continues on Gutenberg — the new editor for WordPress core — one update from this month addresses one of the primary concerns that some people shared about the project.

Up until the release on October 24, Gutenberg did not support the meta boxes that so many WordPress content creators rely on. The new editor now has initial support for meta boxes as well as a host of other critical features for content creation in WordPress.

Test out Gutenberg right now and help develop it by joining the #core-editor channel in the Making WordPress Slack group and following the Core team blog.


Further Reading:

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

WordPress 4.8.3 Security Release

Posted October 31, 2017 by Gary Pendergast. Filed under Releases, Security.

WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.

This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change, you can read more details in the developer note.

Thank you to the reporter of this issue for practicing responsible disclosure.

Download WordPress 4.8.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.3.

Older Posts »

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: