The new WordPress editor continues to be a major focus for all WordPress contribution teams. Read on to find out some more about their work, as well as everything else that has been happening around the community this past month.

Further Enhancements to the New WordPress Editor

Active development continues on Gutenberg, the new editing experience for WordPress Core. The latest update for the editor includes great new features, such as reusable content blocks, a dark editor style, export and import of templates, and much more. In addition, the Gutenberg team has published a comprehensive guide to the features currently included in the editor.

Users can test Gutenberg right now by installing the plugin, which currently has over 450,000 active installs according to the new Gutenberg in Numbers site. Along with that, the Gutenberg Handbook has some very useful information about how to use and develop for the new editor.

Want to get involved in building Gutenberg? Follow the #gutenberg tag on the Core team blog and join the #core-editor channel in the Making WordPress Slack group.

Work Begins on WordPress 5.0

After initially announcing a minor v4.9.9 release, the Core team has shifted their focus to the next major release — v5.0. One of the primary factors for this change is that Gutenberg is nearly ready to be considered for merging into Core, with the goal to complete the merge in v5.0.

Many of the WordPress contribution teams have been working hard on the new WordPress editor, and the tools, services, and documentation surrounding it. Read on to find out more about this ongoing project, as well as everything else that has been happening around the WordPress community in August.

WordPress 4.9.8 is Released

WordPress 4.9.8 was released at the beginning of the month. While this was a maintenance release fixing 46 bugs, it was significant for Core development because it made a point of highlighting Gutenberg — the new WordPress editor that is currently in development (more on that below).

This release also included some important updates to the privacy tools that were added to Core earlier this year.

Want to get involved in building WordPress Core? Follow the Core team blog and join the #core channel in the Making WordPress Slack group.

New WordPress Editor Development Continues

Active development continues on Gutenberg, the new editing experience for WordPress Core. The latest version features a number of important user experience improvements, including a new unified toolbar and support for a more focussed writing mode.

We are pleased to announce the immediate availability of WordPress 4.9.8.  This maintenance release fixes 46 bugs, enhancements and blessed tasks, including updating the Twenty Seventeen bundled theme.

Following are the highlights of what is now available.

“Try Gutenberg” callout

Most users will now be presented with a notice in their WordPress dashboard. This “Try Gutenberg” is an opportunity for users to use the Gutenberg block editor before it is released in WordPress 5.0.

In WordPress 4.9.8, the callout will be shown to the following users:

If Gutenberg is not installed or activated, the callout will be shown to Admin users on single sites, and Super Admin users on multisites.If Gutenberg is installed and activated, the callout will be shown to Contributor users and above.If the Classic Editor plugin is installed and activated, the callout will be hidden for all users.

You can learn more by reading  “Try Gutenberg” Callout in WordPress 4.9.8.

With WordPress 5.0 coming closer, there’s lots of work going on all across the project. Read on to learn about how we progressed in July.

Release of WordPress 4.9.7

On July 5, WordPress 4.9.7 was released,  fixing one security issue and 17 other bugs across the platform.

While this is a minor release, incremental fixes are essential to keep WordPress running smoothly. Everyone is encouraged to update as soon as possible and to make sure that automatic updates are switched on.

Would you like to get involved in building WordPress Core? Follow the Core team blog and join the #core channel in the Making WordPress Slack group.

The New WordPress Editor

In the upcoming minor release of WordPress, 4.9.8, a new section in the dashboard will feature Gutenberg, the upcoming content editor for WordPress.

To keep everyone aware of big projects and efforts across WordPress contributor teams, I’ve reached out to each team’s listed representatives. I asked each of them to share their Top Priority (and when they hope for it to be completed), as well as their biggest Wins and Worries. Have questions? I’ve included a link to each team’s site in the headings.

Accessibility

Contacted: @rianrietveld, @joedolson, @afercia Priority: Working to make sure that Gutenberg is reasonably accessible prior to merge. ETA is before 5.0 Struggle: Lack of developers and accessibility experts to help test and code the milestone issues. The team is doing outreach to help solve this problem. Big Win: Interest from companies like The Paciello Group and Tenon.io to help out with Gutenberg code review and testing tools.

CLI

Contacted: @danielbachhuber, @schlessera Priority: Very first global Hack Day is coming up July 20. Version 2.0.0 is still in progress (new ETA is end of July). Struggle: The team continues to need new contributors. The current team is tiny but tough. Big Win: WP-CLI is currently one of the project’s four main focuses, as mentioned in the Summer Update at WordCamp Europe.

Community

Contacted: @francina, @hlashbrooke Priority: Focusing on smoothing out the processes in our community management by building up our team of volunteers and establishing what tools we need to keep things running well. ETA is ongoing. Struggle: Our two biggest struggles at the moment are tracking what we need to get done, and making final decisions on things. There is current work on the tools available to assist with tracking progress. Big Win: After making a concerted effort to get more contributors on the Community Team, we now have a much larger group of volunteers working as deputies and WordCamp mentors

Core

Contacted: @jeffpaul Priority: Following the WordCamp Europe summer update (and the companion post here), the team is getting Gutenberg (the new WordPress editing experience) into a strong state for the 5.0 release. Potential ETA as soon as August. Struggle: Coordinating momentum and direction as we start seeing more contributors offering their time. Still working our way through open issues. The team is starting multiple bug scrubs each week to work through these more quickly and transparently. Big Win: Had a sizable release in 4.9.6 which featured major updates around privacy tools and functionality in Core.

Design

Contacted: @melchoyce, @karmatosed, @boemedia, @joshuawold, @mizejewski Priority: Better on-boarding of new contributors, especially creating better documentation. ETA is end of July. Struggle: It’s hard to identify reasonably small tasks for first-time contributors. Big Win: The team is much more organized now which has helped clear out the design backlog, bring in new contributors, and also keep current contributors coming back. Bonus: Joshua Wold will co-lead the upcoming release.

Documentation

Contacted: @kenshino
Priority: Opening up the work on HelpHub to new contributors and easing the onboarding process. No ETA.
Struggle: Some blockers with making sure the code and database can be ready to launch on https://wordpress.org/support/
Big Win: The first phase of HelpHub creation is complete, which means content updates (current info, more readable, easier discovery), internal search, design improvements, and REST API endpoints.

Hosting

Contacted: @mikeschroder, @jadonn Priority: Preparing hosts for supporting Gutenberg, especially support questions they’re likely to see when the “Try Gutenberg” callout is released. ETA July 31st, then before WordPress 5.0
Struggle: Most contributions are still made a by a small team of volunteers. Seeing a few more people join, but progress is slow.
Big Win: New team members and hosting companies have joined the #hosting-community team and have started contributing.

Marketing

Contacted: @bridgetwillard Priority: Continuing to write and publish case studies from the community. ETA is ongoing. Struggle: No current team struggles. Big Win: Wrote and designed a short Contributor Day onboarding card. It was used at Contributor Day at WCEU and onboarding time went down to 1 hour instead of 3 hours.

Meta (WordPress.org Site)

Contacted: @tellyworth, @coffee2code Priority: Reducing manual work around the contributor space (theme review, GDPR/privacy, plugin review). ETA for small wins is end of quarter, larger efforts after that. Struggle: Maintaining momentum on tickets. There are also some discussions about updating the ticket management process across teams that use the Meta trac system. Big Win: The new About page launched and has been translated across most locale sites.

Mobile

Contacted: @elibud Priority: Getting Gutenberg in the mobile applications. ETA is late December. Struggle: Consuming the Gutenberg source in the ReactNative app directly. More info can be found here: https://make.wordpress.org/mobile/2018/07/09/next-steps-for-gutenberg-mobile/ Big Win: The WordPress mobile applications now fully support right-to-left languages and are compliant with the latest standards for accessibility.

Plugins

Contacted: @ipstenu Priority: Clearing ~8,000 unused plugins from the queues. Likely ETA is September.
Struggles: Had to triage a lot of false claims around plugins offering GDPR compliance. Big Win: Released 4.9.6 and updated expectations with plugin authors. Huge thanks to the Core Privacy team for their hard work on this.

Polyglots

Contacted: @petya, @ocean90, @nao, @chantalc, @deconf, @casiepa Priority: Keep WordPress releases translated to 100% and then concentrate on the top 100 plugins and themes. ETA is ongoing.
Struggle: Getting new PTEs fast enough, and complex tools/systems. Overall, the volume of strings awaiting approval.

Support

Contacted: @clorith Priority: Getting ready for the Gutenberg callout (it got pushed last quarter). Needing a better presence on the official support forums, and outreach for that is underway, ETA end of July. 
Struggle: Keeping contributors participating post-contributor days/drives. Considering the creation of a dedicated post-contributor day survey to get some insight here. Big Win: The increase in international liaisons joining for weekly meetings, helping bring the wider support community together.

Theme Review

Contacted: @acosmin, @rabmalin, @thinkupthemes, @williampatton Priority: Building a better Theme Check/Sniffer in order to automate most of the checks done right now by reviewers. ETA late 2018, early 2019. Struggle: Bringing in new contributors to the team. Big Win: Trusted Authors program

Tide

Contacted: @valendesigns (but usually @jeffpaul) Priority: Storing PHPCompatibilty results inside the WordPress.org API and building a UI to display those results, an endpoint to request an audit is required for this work to continue. Struggle: Development has dramatically slowed down while team members are on leave or pulled into internal client work. Big Win: Migration to Google Cloud Platform (GCP) from Amazon Web Services (AWS) is complete and the audit servers have all been rewritten in Go. (This allows us to be faster with greater capacity and less cost.)

Training

Contacted: @bethsoderberg, @juliek Priority: Lesson plan production. ETA is ongoing. Struggle: The workflow is a little complex, so recruiting and training enough contributors to keep the process moving is a struggle. Big Win: WordCamp Europe’s Contributor Day was very productive. New tools/workflow are in place and two team representatives were there to lead and help.

Interested in updates from the first quarter of this year? You can find those here: https://make.wordpress.org/updates/2018/04/24/quarterly-updates-q1-2018/

Progress on the Gutenberg project, the new content creating experience coming to WordPress, has come a long way. Since the start of the project, there have been 30 releases and 12 of those happened after WordCamp US 2017. In total since then, there have been 1,764 issues opened and 1,115 closed as of WordCamp Europe. As the work on phase one moves into its final stretch, here is what you can expect.

In Progress

Freeze new features in Gutenberg (the feature list can be found here). Hosts, agencies, teachers invited to opt-in sites they have influence over. WordPress.com has opt-in for wp-admin users. The number of sites and posts will be tracked. Mobile app support for Gutenberg will be across iOS and Android.

July

4.9.x release with an invitation to install either Gutenberg or Classic Editor plugin. WordPress.com will move to opt-out. There will be tracking to see who opts out and why. Triage increases and bug gardening escalates to get blockers in Gutenberg down to zero. Gutenberg phase two, Customization exploration begins by moving beyond the post.

August and beyond

All critical issues within Gutenberg are resolved. There is full integration with Calypso and there is opt-in for users there. A goal will be 100k+ sites having made 250k+ posts using Gutenberg. Core merge of Gutenberg begins the 5.0 release cycle. 5.0 moves into beta releases and translations are completed. There will be a mobile version of Gutenberg by the end of the year.

WordPress 5.0 could be as soon as August with hundreds of thousands of sites using Gutenberg before release. Learn more about Gutenberg here, take it for a test drive, install on your site, follow along on GitHub and give your feedback.

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging out. Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen. Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first. Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Download WordPress 4.9.7 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

With one of the two flagship WordCamp events taking place this month, as well as some important WordPress project announcements, there’s no shortage of news. Learn more about what happened in the WordPress community in June.

Another Successful WordCamp Europe

On June 14th, WordCamp Europe kicked off three days of learning and contributions in Belgrade. Over 2,000 people attended in person, with hundreds more watching live streams of the sessions.

The WordCamp was a great success with plenty of first-time attendees and new WordPress contributors getting involved in the project and community. Recorded sessions from the 65 speakers at the event will be available on WordPress.tv in the coming weeks. In the meantime, check out the photos from the event.

The next WordCamp Europe takes place on June 20-22 2019 in Berlin, Germany. If you’re based in Europe and would like to serve on the organizing team, fill in the application form.

Updated Roadmap for the New WordPress Content Editor

During his keynote session at WordCamp Europe, Matt Mullenweg presented an updated roadmap for Gutenberg, the new content editor coming in WordPress 5.0.

This month saw two significant milestones in the WordPress community — the 15th anniversary of the project, and GDPR-related privacy tools coming to WordPress Core. Read on to find out more about this and everything else that happened in the WordPress community in May.

Local Communities Celebrate the 15th Anniversary of WordPress

Last Sunday, May 27, WordPress turned 15 years old. This is a noteworthy occasion for an open-source project like WordPress and one well worth celebrating. To mark the occasion, WordPress communities across the world gathered for parties and meetups in honor of the milestone.

Altogether, there were 224 events globally, with a few more of those still scheduled to take place in some communities — attend one in your area if you can.

If your city doesn’t have a WordPress meetup group, this is a great opportunity to start one! Learn how with the Meetup Organizer Handbook, and join the #community-events channel in the Making WordPress Slack group.

Privacy Tools added to WordPress core

In light of recent changes to data privacy regulations in the EU, WordPress Core shipped important updates in the v4.9.6 release, giving site owners tools to help them comply with the new General Data Protection Regulation (GDPR). It is worth noting, however, that WordPress cannot ensure you are compliant — this is still a site owner’s responsibility.

The WordPress.org privacy policy has been updated, hurray! While we weren’t able to remove all the long sentences, we hope you find the revisions make it easier to understand:

how we collect and use data,how long the data we collect is retained, andhow you can request a copy of the data you’ve shared with us.

There hasn’t been any change to the data that WordPress.org collects or how that data is used; the privacy policy just provides more detail now. Happy reading, and thanks for using WordPress!

 

We’re starting a new regular feature on this blog today. We’d like to keep everyone up-to-date about the happenings all across the WordPress open source project and highlight how you can get involved, so we’ll be posting a roundup of all the major WordPress news at the end of every month.

Aside from other general news, the three big events in June were the release of WordPress 4.8, WordCamp Europe 2017, and the WordPress Community Summit. Read on to hear more about these as well as other interesting stories from around the WordPress world.

WordPress 4.8

On June 8, a week before the Community Summit and WordCamp Europe, WordPress 4.8 was released.You can read the Field Guide for a comprehensive overview of all the features of this release (the News and Events widget in the dashboard is one of the major highlights).

Most people would either have their version auto-updated, or their hosts would have updated it for them. For the rest, the updates have gone smoothly with no major issues reported so far.

This WordPress release saw contributions from 346 individuals; you can find their names in the announcement post. To get involved in building WordPress core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.

An Update with You in Mind

Gear up for a more intuitive WordPress!

Version 4.8 of WordPress, named “Evans” in honor of jazz pianist and composer William John “Bill” Evans, is available for download or update in your WordPress dashboard. New features in 4.8 add more ways for you to express yourself and represent your brand.

Though some updates seem minor, they’ve been built by hundreds of contributors with you in mind. Get ready for new features you’ll welcome like an old friend: link improvements, three new media widgets covering images, audio, and video, an updated text widget that supports visual editing, and an upgraded news section in your dashboard which brings in nearby and upcoming WordPress events.

Exciting Widget Updates

Image Widget

Adding an image to a widget is now a simple task that is achievable for any WordPress user without needing to know code. Simply insert your image right within the widget settings. Try adding something like a headshot or a photo of your latest weekend adventure — and see it appear automatically.

Video Widget

A welcome video is a great way to humanize the branding of your website. You can now add any video from the Media Library to a sidebar on your site with the new Video widget. Use this to showcase a welcome video to introduce visitors to your site or promote your latest and greatest content.

Audio Widget

Are you a podcaster, musician, or avid blogger? Adding a widget with your audio file has never been easier. Upload your audio file to the Media Library, go to the widget settings, select your file, and you’re ready for listeners. This would be a easy way to add a more personal welcome message, too!

The second release candidate for WordPress 4.8 is now available.

To test WordPress 4.8, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

We’ve made a handful of changes since releasing RC 1 last week. For more details about what’s new in version 4.8, check out the Beta 1, Beta 2, and RC1 blog posts.

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

Happy testing!

The release candidate for WordPress 4.8 is now available.

RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.8 on Thursday, June 8, but we need your help to get there. If you haven’t tested 4.8 yet, now is the time!

To test WordPress 4.8, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

We’ve made a handful of changes since releasing Beta 2 earlier this week. For more details about what’s new in version 4.8, check out the Beta 1 and Beta 2 blog posts.

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

WordPress 4.8 Beta 2 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.8, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information on what’s new in 4.8, check out the Beta 1 blog post. Since then, we’ve made over 50 changes in Beta 2.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.4 and earlier are affected by six security issues:

Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.A Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

Thank you to the reporters of these issues for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.5 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.5.

WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially on HackerOne!

HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress.

The security team has been working on this project for quite some time. Nikolay Bachiyski started the team working on it just over a year ago. We ran it as a private program while we worked out our procedures and processes, and are excited to finally make it public.

With the announcement of the WordPress HackerOne program we are also introducing bug bounties. Bug bounties let us reward reporters for disclosing issues to us and helping us secure our products and infrastructure. We’ve already awarded more than $3,700 in bounties to seven different reporters! We are thankful to Automattic for paying the bounties on behalf of the WordPress project.

The program and bounties cover all our projects including WordPress, BuddyPress, bbPress, GlotPress, and WP-CLI as well as all of our sites including WordPress.org, bbPress.org, WordCamp.org, BuddyPress.org, and GlotPress.org.

We’re planning a smaller WP release early next month, bringing in three major enhancements:

An improved visual editor experience, with a new TinyMCE that allows you to navigate more intuitively in and out of inline elements like links. (Try it out to see, it’s hard to describe.)A revamp of the dashboard news widget to bring in nearby and upcoming events including meetups and WordCamps.Several new media widgets covering images, audio, and video, and an enhancement to the text widget to support visual editing.

The first beta of 4.8 is now available for testing. You can use the beta tester plugin (or just run trunk) to try the latest and greatest, and each of these areas could use a ton of testing. Our goals are to make editing posts with links more intuitive, make widgets easier for new users and more convenient for existing ones, and get many more people aware of and attending our community events.

Four point eight is here
Small changes with a big punch
Big ones come later

After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release.

This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes.

Download WordPress 4.7.4 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.4.

Thanks to everyone who contributed to 4.7.4:
Aaron Jorbin, Adam Silverstein, Andrea Fercia, Andrew Ozz, aussieguy123, Blobfolio, boldwater, Boone Gorges, Boro Sitnikovski, chesio, Curdin Krummenacher, Daniel Bachhuber, Darren Ethier (nerrad), David A. Kennedy, davidbenton, David Herrera, Dion Hulse, Dominik Schilling (ocean90), eclev91, Ella Van Dorpe, Gustave F. Gerhardt, ig_communitysites, James Nylen, Joe Dolson, John Blackbourn, karinedo, lukasbesch, maguiar, MatheusGimenez, Matthew Boynes, Matt Wiebe, Mayur Keshwani, Mel Choyce, Nick Halsey, Pascal Birchler, Peter Wilson, Piotr Delawski, Pratik Shrestha, programmin, Rachel Baker, sagarkbhatt, Sagar Prajapati, sboisvert, Scott Taylor, Sergey Biryukov, Stephen Edgar, Sybre Waaijer, Timmy Crawford, vortfu, and Weston Ruter.

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.2 and earlier are affected by six security issues:

Cross-site scripting (XSS) via media file metadata.  Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.Control characters can trick redirect URL validation.  Reported by Daniel Chatfield.Unintended files can be deleted by administrators using the plugin deletion functionality.  Reported by TrigInc and xuliang.Cross-site scripting (XSS) via video URL in YouTube embeds.  Reported by Marc Montpas.Cross-site scripting (XSS) via taxonomy term names.  Reported by Delta.Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.  Reported by Sipke Mellema.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.3.