As 2023 comes to a close, so too does an exciting year of WordPress updates.
Besides this, WordPress 6.2–6.4 came out this year, and 70 WordCamps took place around the globe.
Now, let’s wrap up the year with WordPress 6.4.2 (the last release of 2023), Gutenberg 17.2 and the State of the Word going to Madrid for the first time.
If you don’t keep automatic updates turned on — which you definitely should — it’s time to update WordPress immediately.
A potentially critical security issue introduced in WordPress 6.4 could allow remote code execution and a full-site takeover when combined with insecure plugins. Luckily, it doesn’t seem like the vulnerability was exploited significantly, if at all.
The quickly released WordPress 6.4.2 addresses this issue. You’re completely safe as long as your WordPress install is up to date.
With WordPress 6.4 settling in, it’s time to look forward to the next release: WordPress 6.5. Expect it early next spring on March 26, 2024.
While not all of these may make it into the final product, the WordPress team is looking to add these features and more:
- The Font Library feature previously planned for WordPress 6.4 will be coming to 6.5.
- Block and pattern attributes will sync while still allowing local changes. For example, you can reuse a block’s styling across your entire website but change the text within it on each page.
- Support for Appearance Tools and better Pattern management will come to Classic themes.
- The Colorways feature will allow you to use predefined colors within Group blocks.
- A new feature-rich redesign for templates, template parts and patterns pages is in the works. Revisions will also come to templates and template parts.
- Several new APIs, including the Interactivity API, will be available for developers.
- The minimum version of MySQL will rise to 5.5.5, and the team will work to improve compatibility with PHP 8.0+.
It will be an exciting update for WordPress designers, who will see many improvements and more options.
Gutenberg 17.2: Design experience improvements
Gutenberg 17.1 and 17.2 came out in late November and early December, each bringing a few small but impactful features to enhance your experience.
Here’s a highlight of the new features of Gutenberg 17.2 and 17.1:
- The team made some improvements to accessibility and writing flow. This includes small tweaks to make various features consistent with others.
- The Quote block now supports block spacing.
- You can drag and drop blocks onto the beginning and end of a document much more easily.
- Table headers on large datasets are now sticky.
- Distraction-Free Mode now features a Block Toolbar that slides into view when hovering at the top of the screen.
Programmers of WordPress, tune in to the final developer updates for December. We’ve mentioned the roadmap to 6.5 and will go over the return of Plugin Previews, but here are some other highlights for the month:
- The Theme Handbook has added several new chapters focused on blocks, and the handbook overhaul is still underway.
- The PHPMailer and getID3 libraries have been updated to their latest versions.
- The Interactivity API in Gutenberg now supports a native store() API.
- Gutenberg has added a theme.json layout setting to turn off custom content size controls.
- Gallery blocks with nestled images now use a transparent scrollbar. This prevents issues with long captions.
- The Tabs component recently replaced TabsPanel in Gutenberg and has received several improvements.
Plugin Previews return
If you remember the initial launch of Plugin Previews, you know it was quickly steeped in backlash. The premise — allowing people to try out plugins via the new WordPress Playground demo feature — was great in theory.
In execution, WordPress Playground didn’t account for any plugin requirements. It simply didn’t play nice with some plugins, making users see a broken plugin and decide not to install it.
The WordPress team quickly removed Plugin Previews. Still, they listened to feedback and decided to reimplement the feature on an opt-in basis. Plus, developers can set up any install dependencies with other plugins or themes and other helpful changes.
Late November and early December have been stressful for WordPress users, as multiple major vulnerabilities in plugins and even the platform itself have been uncovered. Here are a few highlights:
- Wordfence detected 100+ plugins affected by a cross-site scripting exploit that uses shortcodes. What’s more, some of these plugins haven’t been patched. Cumulatively, this affected over 6 million websites.
- WordPress contained a major vulnerability allowing remote code execution, which 6.4.2 patched.
- Elementor patched a severe file upload vulnerability that affected over 9 million users.
- A significant vulnerability in the MW WP Form plugin, affecting 200,000 users, was quickly patched.
- Backup Migration, a plugin with over 90,000 users, swiftly patched a critical vulnerability that allowed remote code execution.
- A phishing scam of hackers claiming to be part of the WordPress security team has plagued WordPress administrators.
- Phishing ads hosted by Google targeted Kinsta users.
To mitigate potential hacks, keep your plugins and WordPress core up to date and install a highly rated security plugin.
State of the Word 2023 recap
The annual State of the Word premiered this December, taking place for the first time outside of the USA — in Madrid, Spain.
This year was WordPress’ 20th anniversary, so the event was an exciting reflection on how far WordPress has come. Hundreds of key developers and contributors attended, while millions watched online.
The talk touched on topics like the Gutenberg project, its upcoming phases and the future of AI and WordPress.
The first WordCamps of 2024
All of the WordCamps for 2023 have come to a close. It’s been a long and exciting year, with 70 WordCamps globally. Now, it’s time to look forward to next year’s WordPress events.
While most of these are still in the works, a few WordCamps are planned for the early months of 2024.
This January, look forward to WordPress events in Kolkata, India; Pokhara, Nepal; Zaragoza, Spain; and Jakarta, Indonesia. February will also feature WordCamps in Kobe, Japan, and Phoenix, U.S.
Official launch of Bluehost Professional Email
Once you’ve set up your professional website, a personalized email is the next thing you’ll need.
You can’t launch an email marketing campaign from your personal email, and a branded email reduces customer confusion.
That’s why Bluehost launched Professional Email, bringing you affordable email hosting starting at only $1.25/year for the first year. Give it a try if you need a branded email address for your website.
Follow Bluehost to learn all the latest news in the WordPress community.