Latest Product Updates and Feature Enhancements on WordPress.org
WordPress 7.0 WordPress.org
WordPress 7.0 introduces significant updates, including enhanced navigation design, AI integration, and improved accessibility. Users can now create customized navigation overlays, manage AI service ...connections, and utilize a new font library across all themes. The update also enhances performance with better image loading and block stylesheet management. Accessibility improvements include better media management and a refreshed admin interface.
WordPress has launched version 7.0, named "Armstrong," featuring a modernized dashboard and AI integration. This release introduces enhanced customization and development tools, including an AI Clien...t in Core, new blocks, and design tools. The update aims to improve user experience with a sleek admin theme and expanded developer capabilities, marking a significant step in WordPress's evolution.
McCrossen Marketing Releases McCrossenSEO Free on WordPress.org
McCrossen Marketing has released the McCrossenSEOTM plugin for free on the WordPress.org directory. This plugin offers a comprehensive SEO toolkit for WordPress users, bundling features typically spl...it across paid upgrades in competing plugins. It includes on-page and technical SEO capabilities, WooCommerce product SEO, and tracking pixel injection, all without requiring a paid license or add-ons.
WordPress 7.0 Will Ship Without Real-Time Collaboration
WordPress has decided to exclude the real-time collaboration feature from its upcoming 7.0 release. The decision, announced by Matt Mullenweg, stems from concerns over the feature's robustness, inclu...ding issues with server load and recurring bugs. This feature was part of Phase 3 in WordPress's development roadmap. The community largely supports the decision, viewing it as a move towards a more stable release.
WordPress 7.0 Release Candidate 3 (RC3) is now available for testing. This version is a key milestone in the development cycle, with the final release scheduled for May 20, 2026. Users are encouraged... to test RC3 on non-production sites using various methods, including direct download and WP-CLI. Over 143 issues have been addressed since RC2. Real Time Collaboration will not be included in this release.
A popular WordPress redirect plugin was found to contain a hidden backdoor, affecting over 70,000 installations. The backdoor, present in versions from 2020 to 2021, allowed attackers to inject malic...ious code via an external server, posing significant security risks. Users are advised to remove the plugin and replace it with a clean version from official sources to mitigate potential threats.
Innovative WordPress Plugin Cuts AI Data Usage and Energy Costs
The Chancery Lane Project has introduced a new open-source WordPress plugin that reduces AI data usage and energy costs. The plugin, "WordPress Markdown for Agents," simplifies webpage content for AI... systems by removing unnecessary elements, cutting data transfer by up to 80%. This innovation could lead to significant energy savings across millions of WordPress sites globally.
WordPress Plugin Backdoor Compromises Thousands of Sites in 2026
In April 2026, a supply chain attack compromised over 30 WordPress plugins, including the 'Essential Plugin' portfolio, affecting thousands of sites. The attacker, 'Kris,' injected a backdoor allowin...g unauthorized code execution. This incident highlights vulnerabilities in plugin ecosystems and the need for rigorous security measures in third-party software integrations.
Hack of 30 WordPress Plugins Leads to Malware Spread on Thousands of ...
WordPress.org developers swiftly addressed a security breach involving over 30 compromised plugins from the EssentialPlugin bundle. The breach, which began in 2025, involved a backdoor that allowed u...nauthorized access to WordPress sites. A forced update has been deployed to block the malware, although manual checks are needed to ensure complete removal.
WordPress.org has released WordPress 6.9, named "Gene," honoring jazz pianist Gene Harris. This version introduces significant upgrades, including a new Notes feature for block-level commenting, enha...ncing team collaboration and content creation.
WordPress Plugin Vulnerability Exploited to Spread Malware
WordPress.org swiftly responded to a security breach affecting over 30 plugins in the EssentialPlugin suite, which were compromised with malicious code. This code created unauthorized access to websi...tes, leading to spam and redirections. The WordPress team deactivated the affected plugins and enforced updates to stop the malware's communication, although the core configuration file remains vulnerable.
Trusted WordPress plugins carried a hidden backdoor for months before ...
A supply chain attack compromised the WordPress plugin ecosystem after a buyer acquired a portfolio of plugins and inserted malicious code into an update. The code, dormant for eight months, activate...d on April 6, 2026, modifying wp-config.php files. WordPress.org responded by shutting down affected plugins and issuing a forced update, but the update did not fully clean infected sites.
WordPress Plugin Backdoor Hits 20K+ Sites in Supply Chain Attack
Over 20,000 WordPress sites were compromised in a supply chain attack after a plugin developer's portfolio was acquired and backdoored. The malicious code, hidden for months, exploits Ethereum smart ...contracts to evade detection. Despite WordPress's security updates, the backdoor persists, highlighting a systemic vulnerability in plugin ownership changes and supply chain security.
Malicious Backdoor Discovered in Popular WordPress Plug-ins
A backdoor was discovered in several WordPress plug-ins following the acquisition of Essential Plugin, leading to the distribution of malicious code. This security breach, affecting thousands of inst...allations, underscores the risks of supply chain attacks in software. The compromised plug-ins have been removed from the WordPress directory, and site administrators are advised to uninstall affected extensions.
Trusted WordPress Plugins Weaponized in Delayed Malware Campaign
A malware campaign exploited trusted WordPress plugins, including Countdown Timer Ultimate, to deliver SEO spam and backdoor access. The attack, initiated months after a plugin acquisition, highlight...s vulnerabilities in the WordPress plugin ecosystem, particularly in ownership transfer oversight and code review processes.
WordPress plugin suite hacked to push malware to ...
A suite of over 30 WordPress plugins from EssentialPlugin was compromised, allowing unauthorized access and malware injection into websites. The backdoor, active since August 2025, was discovered by ...Austin Ginder of Anchor Hosting. WordPress.org responded by closing affected plugins and issuing a forced update to neutralize the threat, although some vulnerabilities remain unpatched.
Dozens of WordPress plugins hijacked to target thousands of sites
A hacker exploited 31 WordPress plugins, injecting backdoors to gain unauthorized access to thousands of websites. The plugins, developed by Essential Plugin, were sold in 2025 and later compromised.... The injected code was sophisticated, using Ethereum smart contracts to evade detection. WordPress has since removed the malicious plugins from its repository.
Backdoors discovered in 31 WordPress plugins, added in updates after ownership transfer.
Backdoors have been discovered in 31 WordPress plugins following ownership transfers, posing security risks. These vulnerabilities could allow unauthorized access to websites using these plugins, hig...hlighting significant security concerns for WordPress users.
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Hackers compromised the update system for Smart Slider 3 Pro, affecting WordPress and Joomla sites by embedding a backdoor in version 3.5.1.35. The malware creates hidden admin accounts and steals da...ta. Users should update to version 3.5.1.36 or earlier versions, remove malicious elements, and secure their sites with recommended actions like reinstalling core files and enabling two-factor authentication.
WordPress has delayed the release of version 7.0 due to instability in the real-time collaboration (RTC) feature. The RTC allows multiple users to edit content simultaneously, but issues with data st...orage have caused setbacks. The feature has been tested in beta with enterprise customers, revealing performance limitations. The delay has sparked debate on whether RTC should be a core feature or a plugin, with some questioning the necessity of including it in the core.
Cloudflare unveils new plugin-secure CMS to compete with WordPress ...
Cloudflare has introduced EmDash, a new open-source CMS designed to compete with WordPress by addressing plugin security issues. EmDash isolates plugins using Cloudflare's Dynamic Workers, enhancing ...security compared to WordPress's direct plugin access. It also features AI capabilities and supports internet-native payments. Despite its innovations, skepticism exists about its ability to replace WordPress due to compatibility and network effects.
Cloudflare has introduced EmDash, a secure, open-source CMS designed to be compatible with WordPress plugins and themes. EmDash aims to address WordPress's security vulnerabilities by isolating plugi...ns in separate environments. The CMS supports distributed infrastructure, offering flexibility in hosting and scaling, and includes features for new web monetization models. Currently in developer beta, EmDash represents Cloudflare's expansion into application development and hosting.
WordPress Delays Release Of Version 7.0 To Focus On Stability
WordPress has delayed the release of Version 7.0 to focus on stabilizing the Real-Time Collaboration feature. This decision, announced by co-founder Matt Mullenweg, emphasizes the need for extreme st...ability and extended testing. The delay allows more time to address performance concerns and database design issues, ensuring compatibility and reliability before the final release.
WordPress has released the second Release Candidate (RC2) for WordPress 7.0, available for testing. This milestone is crucial for ensuring the software's stability before its final release on April 9..., 2026. Users are encouraged to test RC2 on non-production sites and report issues. Key features include real-time collaboration and pattern editing. Plugin and theme authors should update compatibility to version 7.0.
WordPress 6.7 introduces the modern Twenty Twenty-Five theme, offering enhanced design options and a new 'Zoom out' mode for simplified editing. The update includes performance improvements, accessib...ility enhancements, and support for HEIC images. Users can now connect blocks to custom fields with ease, and enjoy expanded design tools and improved interactivity.
WordPress 6.6 introduces new design and functionality features, including enhanced color palettes, font sets, and a new rollback option for plugin auto-updates. The update also offers performance imp...rovements, accessibility enhancements, and modern pattern management. Users can now customize shadows, manage grid blocks, and use new shortcuts, improving the overall site editing experience.
WordPress 6.5 introduces new features and enhancements, including a Font Library for typography management, improved background and shadow tools, a more intuitive link-building experience, and new Da...ta Views for organizing site information. The release also boasts significant performance and accessibility improvements, with over 110 performance updates and 65 accessibility enhancements. Developers benefit from the Interactivity API for building interactive experiences and the Block Bindings API for connecting blocks to dynamic content.
WordPress has released version 6.4, introducing the Twenty Twenty-Four theme designed for diverse creative and business needs. This update includes over 100 performance enhancements, new site editing... capabilities, and accessibility improvements. Key features include a refreshed Command Palette, Block Hooks for developers, and lightbox functionality for images. The release emphasizes flexibility, customization, and improved user experience.
WordPress 6.3 introduces significant enhancements to the Site Editor, allowing seamless template and content management. Key features include the Command Palette for quick navigation, improved perfor...mance with 24% faster LCP times, and over 500 new features and enhancements. The update also includes 170+ performance updates, support for the Scripts API, and improved image loading times.
WordPress has released the first Release Candidate (RC1) for version 7.0, introducing over 134 updates and fixes since Beta 5. Key features include an AI Connectors Screen and a Command Palette short...cut. The final release is scheduled for April 9, 2026. Users are encouraged to test RC1 and provide feedback to ensure a stable final version.
WordPress has released version 6.9.4, addressing unresolved security issues from previous updates. This update is crucial for maintaining site security. Additionally, WordPress 7.0 is in development,... with its second release candidate available for testing. Users are advised to test these versions on non-production sites.
WordPress 6.8 introduces significant enhancements, including a refined Style Book for easier theme customization, improved editor features, faster page loads through speculative loading, and stronger... password security with bcrypt hashing. The update also includes over 100 accessibility improvements and performance optimizations, enhancing the overall user experience and site management capabilities.
WordPress 6.9 introduces new features like collaborative Notes, a Command Palette, and visual drag-and-drop design. It enhances performance with improved loading metrics and accessibility with over 7...0 fixes. New blocks include accordion, time-to-read, and math blocks. The update also introduces the Abilities API for developers and offers typography options for text blocks.
WordPress.com lets AI agents write, publish, and manage your site
WordPress.com has introduced write capabilities to its Model Context Protocol (MCP) integration, allowing AI agents like Claude and ChatGPT to create and manage content on websites. This update enabl...es AI to draft posts, build pages, and manage site elements with human approval. The feature is available on all WordPress.com paid plans, enhancing the platform's AI integration capabilities.
WordPress.com now lets AI agents write and publish posts, and more
WordPress.com introduces AI agents to automate drafting, editing, and publishing content on websites. These agents can manage comments, update metadata, and organize content using natural language co...mmands. This innovation aims to streamline website creation and management, allowing AI to handle tasks traditionally done by humans, while maintaining user oversight.
Vibe Coding Plugins? Validate With Official WordPress Plugin Checker
WordPress.org has released version 1.9.0 of its Plugin Check Plugin, designed to help developers ensure their plugins meet WordPress.org's standards for compatibility, security, and best practices. T...he update includes AI connectivity, enhanced block compatibility for WordPress 7.0, and checks for external URLs in admin menus. It aims to streamline plugin acceptance into the WordPress repository.
WordPress launched my.WordPress.net, a browser-based, persistent workspace requiring no sign-up or hosting. Built on WebAssembly, it offers private, serverless WordPress environments for drafting and... personal use. This innovation aims to expand WordPress installations from millions to billions by simplifying access and usage. Users can export sites to public hosts, and future updates will include peer-to-peer sync and cloud publishing.
WordPress.org launched my.WordPress.net, a browser-based WordPress environment that requires no sign-up or hosting. It offers a private, device-specific workspace with tools like a personal CRM, RSS ...reader, and AI workspace. Built on WordPress Playground, it allows users to develop plugins and manage content without technical barriers, emphasizing digital sovereignty.
WordPress Launches Browser-Based Site Builder for Private Use
WordPress.org has launched my.WordPress.net, a browser-based tool for creating private sites without the need for signup or hosting. This tool is designed for drafting, journaling, and experimentatio...n, not public use, marking a shift from WordPress's traditional hosting model. It aims to lower barriers for new users amid competition from no-code builders, potentially converting them into paying customers later.
WordPress Launches In-Browser Website Creator: No Sign-Up, No Hosting ...
WordPress.org has launched my.WordPress.net, an in-browser website creator that allows users to build private websites without sign-up or hosting. This tool, based on WordPress Playground technology,... supports plugins and themes while keeping all data local to the browser. It's ideal for private use and experimentation, offering a seamless way for both new and experienced users to explore WordPress features.
WordPress has released 'My WordPress, ' which allows users to build a fully functional WordPress installation using only a web browser, enabling plugin support, backups and restores anywhere, and even functioning as an RSS reader.
WordPress has launched 'My WordPress,' enabling users to create a complete WordPress setup via a web browser. This tool supports plugins, backups, restores, and functions as an RSS reader, enhancing ...user flexibility and functionality.
WordPress.org has introduced a new in-browser website creator accessible via my.WordPress.net. This tool allows users to build private websites without needing a WordPress account, hosting plan, or d...omain. It is designed for creating drafts, journaling, and experimenting with plugins and themes. The workspace, based on WordPress Playground, offers storage starting at 100MB and includes various plugins like a personal RSS reader and an AI assistant.
WordPress debuts a private workspace that runs in your browser via a ...
WordPress has introduced my.WordPress.net, a private workspace that operates entirely in the browser, allowing users to set up and manage sites without hosting or domain registration. This service, p...owered by WordPress Playground, supports personal publishing and includes tools like a Personal CRM and AI Workspace. Sites are private and stored in the browser, with options to move to a public host.
WordPress introduces my.WordPress.net, a browser-based platform that eliminates the need for sign-ups, hosting plans, or domain decisions. Built on WordPress Playground, it offers a private, persiste...nt environment for personal use, featuring an app catalog with pre-configured experiences. This innovation democratizes digital sovereignty, allowing users to explore, learn, and build without barriers.
WordPress Security Release 6.9.4 Fixes Issues 6.9.2 Failed To Address
WordPress released version 6.9.4 to address vulnerabilities not fully fixed in previous updates 6.9.2 and 6.9.3. The update resolves ten security issues, including a medium-severity XML External Enti...ty Injection flaw. WordPress advises immediate updates to ensure site security.
WordPress released version 6.9.3 to address security issues and a bug affecting some themes. The upcoming WordPress 7.0 beta 4, scheduled for March 12, 2026, includes additional security patches and ...updates. Users are advised to test this beta version on non-production sites.
WordPress has released Beta 3 of its upcoming 7.0 version, available for testing. This beta includes over 148 updates and fixes, with significant improvements in the Editor and Core. Notably, it enha...nces AI integration through dynamic registration of providers. The final release is scheduled for April 9, 2026.
WordPress has released the first Release Candidate (RC1) for WordPress 7.0, available for download and testing. This version is still under development and should be tested on non-production environm...ents. The release aims to enhance the platform's capabilities, continuing WordPress's mission to simplify online content creation.
WordPress 6.9.1, a minor maintenance release, is now available, addressing 49 bugs in Core and the Block Editor. This update improves areas like the block editor, mail, and classic themes. Users with... automatic updates will receive it automatically. The next major release, WordPress 7.0, is scheduled for April 9, 2026.
WordPress has introduced a new AI agent skill, wp-playground, designed to streamline the testing of WordPress plugins and themes. This tool allows AI agents to quickly start WordPress, mount code, an...d verify functionality, enhancing the development process. It reduces setup time significantly and supports integration with tools like curl and Playwright. The project is open for community contributions on GitHub.
WordPress Playground Brings Speed, Stability, and Momentum
WordPress Playground introduced significant updates in 2025, enhancing speed, compatibility, and tooling for developers and educators. Key improvements include a 42% reduction in response time, broad...er plugin support, and enhanced database tools like phpMyAdmin. The platform now supports 99% of the top 1,000 plugins, fostering reliable plugin previews and experimentation. These updates position Playground as a versatile environment for testing and sharing WordPress experiences globally.
WordPress 6.8.3 is a security release addressing a data exposure issue and a cross-site scripting vulnerability. Users are advised to update immediately. The next major release, version 6.9, is plann...ed for December 2, 2025.
Maintenance Releases for WordPress branches 4.7 to 6.7
WordPress has released maintenance updates for branches 4.7 to 6.7, backporting a root security certificate bundle update to ensure secure server-side HTTP requests. These updates are available for s...ites supporting automatic updates, while version 6.8.2 remains the latest supported version.
WP Engine AI Toolkit Vectorizes WordPress Sites For Smart Search
WP Engine has launched an AI Toolkit for WordPress sites, featuring Smart Search AI and a Managed Vector Database. The toolkit enhances search functionality and offers AI-powered recommendations, imp...roving user engagement and conversions. It simplifies AI integration for developers and site owners, supporting eCommerce and media sites with flat-rate pricing.
WordPress Update 6 . 8 . 2 - Ends Security Support For 0 . 9 % of Sites
WordPress has released the 6.8.2 maintenance update, which includes twenty core changes and fixes fifteen issues in the Gutenberg block editor. This update also marks the end of security support for ...WordPress versions 4.1 to 4.6, affecting only 0.9% of sites. The update aims to enhance user experience with improvements like immediate style changes in development mode and removal of obsolete attributes.
WordPress 6.8.2 is a maintenance release addressing 20 Core tickets and 15 Block Editor issues. This update is part of a short-cycle release, with automatic updates for supported sites. Security upda...tes for versions 4.1 to 4.6 have ended. The release was led by Jb Audras, Estela Rueda, and Zunaid Amin, with contributions from 96 community members.
Mergers, Acquisitions, and Business Moves by WordPress.org
We Just Launched the WordPress Development Course for the Modern Era
Pronto Marketing, a prominent WordPress agency, has acquired three WordPress-focused companiesWP Site Kit, Pixel Perfect, and SwiftSites. This strategic move adds over 60 clients to Pronto's portfoli...o, enhancing its management of more than 1,000 WordPress websites and marking a significant milestone in its growth strategy.
Corporate News and Organizational Updates on WordPress.org
Attacker Bought 30 WordPress Plugins on Flippa and Backdoored ...
An attacker bought 30 WordPress plugins on Flippa, inserted a PHP deserialization backdoor, and activated it after eight months, affecting 400,000 installations. WordPress.org quickly closed the plug...ins and issued an update, but compromised sites needed manual fixes. This incident highlights vulnerabilities in plugin ecosystems and the need for enhanced security measures.
Someone Bought 30 WordPress Plugins Just to Backdoor Them
WordPress.org permanently closed 31 plugins after discovering a backdoor planted by a buyer who acquired the plugins on Flippa. The backdoor allowed remote code execution, leading to a sophisticated ...supply chain attack. The plugins, originally developed by WP Online Support, were sold to a buyer who exploited them for black-hat SEO. WordPress.org's response included a forced update to neutralize the threat.
Someone bought 30 WordPress plugins and planted backdoors in all of them
WordPress.org faced a significant security breach when an attacker purchased over 30 plugins, planted backdoors, and exploited them to serve SEO spam. The attack highlighted a structural vulnerabilit...y in WordPress's plugin governance, as there's no mechanism to review ownership transfers or require code signing for updates. WordPress.org responded by closing the affected plugins, but the incident underscores the need for stricter security measures.
A security breach in the WordPress ecosystem was uncovered, involving malicious code in plugins from Essential Plugin, a company acquired by a buyer known as "Kris." The code created a backdoor, allo...wing remote access to websites. The attack, which began in August 2025, was activated in April 2026, affecting numerous sites. WordPress.org removed the compromised plugins, but many sites remain vulnerable due to infected configuration files.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
A security breach involving 30 WordPress plugins was discovered, where a backdoor was planted by a new owner after acquiring the plugins. WordPress.org closed the compromised plugins and issued a for...ced update to neutralize the threat. However, the malware persisted, highlighting a significant security oversight in plugin ownership transfers on WordPress.org.
