WordPress 5.5.3 Maintenance Release

WordPress 5.5.3 is now available. 

This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file.

5.5.3-alpha Issue

Earlier today — between approximately 15:30 and 16:00 UTC — the auto-update system for WordPress updated some sites from version 5.5.2 to version 5.5.3-alpha. This auto-update was due to an error in the Updates API caused by the 5.5.3 release preparations (see more here). The 5.5.3-alpha version at this point was functionally identical to 5.5.2 as no development work had been started on 5.5.3; however, the following changes may have been made to your site:

• The default “Twenty” themes installed as part of the pre-release package.
• The “Akismet” plugin installed as part of the pre-release package.

These themes and plugins were not activated and therefore remain non-functional unless you installed them previously. It is safe to delete these features should you prefer not to use them. 

If you are not on 5.5.2, or have auto-updates for minor releases disabled, please manually update to the 5.5.3 version by downloading WordPress 5.5.3 or visiting Dashboard → Updates and click “Update Now.”

For more technical details of the issue, we’ve posted on our Core Development blog.

Thanks and props!

Thanks to those who contributed to the 5.5.3 release @audrasjb, @barry, @chanthaboune, @cbringmann, @clorith, @davidbaumwald, @desrosj, @hellofromtonya, @jeffpaul, @johnbillion, @garubi, @metalandcoffee, @mukesh27, @otto, @punitsoftac, @sergeybiryukov, @whyisjake, and @xknown.

WordPress 5.5.3 Maintenance Release was originally posted at https://wordpress.org/news/2020/10/wordpress-5-5-3-maintenance-release/

WordPress 5.5.2 Security and Maintenance Release

WordPress 5.5.2 is now available!

This security and maintenance release features 14 bug fixes in addition to 10 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 5.5.2 is a short-cycle security and maintenance release. The next major release will be version 5.6.

You can download WordPress 5.5.2 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

Seven security issues affect WordPress versions 5.5 and earlier. If you haven’t yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues:

• Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
• Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
• Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
• Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
• Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
• Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
• Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
• And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

For more information, browse the full list of changes on Trac, or check out the version 5.5.2 HelpHub documentation page.

Thanks and props!

The 5.5.2 release was led by @whyisjake and the following release squad:  @audrasjb, @davidbaumwald, @desrosj, @johnbillion, @metalandcoffee, @noisysocks @planningwrite, @sarahricker and @sergeybiryukov.

In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.5.2 happen:

Aaron Jorbin, Alex Concha, Amit Dudhat, Andrey “Rarst” Savchenko, Andy Fragen, Ayesh Karunaratne, bridgetwillard, Daniel Richards, David Baumwald, Davis Shaver, dd32, Florian TIAR, Hareesh, Hugh Lashbrooke, Ian Dunn, Igor Radovanov, Jake Spurlock, Jb Audras, John Blackbourn, Jonathan Desrosiers, Jon Brown, Joy, Juliette Reinders Folmer, kellybleck, mailnew2ster, Marcus Kazmierczak, Marius L. J., Milan Dinić, Mohammad Jangda, Mukesh Panchal, Paal Joachim Romdahl, Peter Wilson, Regan Khadgi, Robert Anderson, Sergey Biryukov, Sergey Yakimov, Syed Balkhi, szaqal21, Tellyworth, Timi Wahalahti, Timothy Jacobs, Towhidul I. Chowdhury, Vinayak Anivase, and zieladam.

WordPress 5.5.2 Security and Maintenance Release was originally posted at https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/

Video: How to Password Protect Your WordPress Forms

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=FdDdse5DL9A

WordPress 5.6 Beta 2

WordPress 5.6 beta 2 is now available for testing!

This software is still in development, so we recommend that you run this version on a test site.

You can test the WordPress 5.6 beta in two ways:

• Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option).
• Or download the beta here (zip).

WordPress 5.6 is slated for release on December 8, 2020, and we need your help to get there!

Thank you to all of the contributors that tested the beta 1 development release and provided feedback. Testing for bugs is an important part of polishing each release and a great way to contribute to WordPress.

Some highlights

Since beta 1, 53 bugs have been fixed. Here is a summary of a few changes included in beta 2:

• 6 additional bugs have been fixed in the block editor (see #26442).
• Unified design for search forms and results across the admin (#37353).
• Exposed the embed Gutenberg block to Core (#51531).
• Updated Twemoji (#51356), React (#51505), and Akismet versions (#51610).
• Added accessibility improvements (among other things) to Application Passwords (#51580).
• Added indicator to image details for images attached to a site option (#42063).

Developer notes

WordPress 5.6 has lots of refinements to the developer experience as well. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers’ notes for updates on those and other changes that could affect your products.

How to Help

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you!

If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

WordPress 5.6 Beta 2 was originally posted at https://wordpress.org/news/2020/10/wordpress-5-6-beta-2/

Video: Is Google Analytics Installed Twice? (Find Out Now)

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=87ss6jANCr4

Video: This API Change Will Break Many WordPress Sites in 2 Days - Are You Prepared?

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=TcE5AP-2Srw

WordPress 5.6 Beta 1

WordPress 5.6 Beta 1 is now available for testing!

This software is still in development, so we recommend that you run this version on a test site.

You can test the WordPress 5.6 beta in two ways:

• Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option).
• Or download the beta here (zip).

The current target for final release is December 8, 2020. This is just seven weeks away, so your help is needed to ensure this release is tested properly.

Improvements in the Editor

WordPress 5.6 includes seven Gutenberg plugin releases. Here are a few highlighted enhancements:

• Improved support for video positioning in cover blocks.
• Enhancements to Block Patterns including translatable strings.
• Character counts in the information panel, improved keyboard navigation, and other adjustments to help users find their way better.
• Improved UI for drag and drop functionality, as well as block movers.

To see all of the features for each release in detail check out the release posts: 8.6, 8.7, 8.8, 8.9, 9.0, 9.1, and 9.2 (link forthcoming).

Improvements in Core

A new default theme

The default theme is making its annual return with Twenty Twenty-One. This theme features a streamlined and elegant design, which aims to be AAA ready.

Auto-update option for major releases

The much anticipated opt-in for major releases of WordPress Core will ship in this release. With this functionality, you can elect to have major releases of the WordPress software update in the background with no additional fuss for your users.

Increased support for PHP 8

The next major version release of PHP, 8.0.0, is scheduled for release just a few days prior to WordPress 5.6. The WordPress project has a long history of being compatible with new versions of PHP as soon as possible, and this release is no different.

Because PHP 8 is a major version release, changes that break backward compatibility or compatibility for various APIs are allowed. Contributors have been hard at work fixing the known incompatibilities with PHP 8 in WordPress during the 5.6 release cycle.

While all of the detectable issues in WordPress can be fixed, you will need to verify that all of your plugins and themes are also compatible with PHP 8 prior to upgrading. Keep an eye on the Making WordPress Core blog in the coming weeks for more detailed information about what to look for.

Application Passwords for REST API Authentication

Since the REST API was merged into Core, only cookie & nonce based authentication has been available (without the use of a plugin). This authentication method can be a frustrating experience for developers, often limiting how applications can interact with protected endpoints.

With the introduction of Application Password in WordPress 5.6, gone is this frustration and the need to jump through hoops to re-authenticate when cookies expire. But don’t worry, cookie and nonce authentication will remain in WordPress as-is if you’re not ready to change.

Application Passwords are user specific, making it easy to grant or revoke access to specific users or applications (individually or wholesale). Because information like “Last Used” is logged, it’s also easy to track down inactive credentials or bad actors from unexpected locations.

Better accessibility

With every release, WordPress works hard to improve accessibility. Version 5.6 is no exception and will ship with a number of accessibility fixes and enhancements. Take a look:

• Announce block selection changes manually on windows.
• Avoid focusing the block selection button on each render.
• Avoid rendering the clipboard textarea inside the button
• Fix dropdown menu focus loss when using arrow keys with Safari and Voiceover
• Fix dragging multiple blocks downwards, which resulted in blocks inserted in wrong position.
• Fix incorrect aria description in the Block List View.
• Add arrow navigation in Preview menu.
• Prevent links from being focusable inside the Disabled component.

How You Can Help

Keep your eyes on the Make WordPress Core blog for 5.6-related developer notes in the coming weeks, breaking down these and other changes in greater detail.

So far, contributors have fixed 188 tickets in WordPress 5.6, including 82 new features and enhancements, and more bug fixes are on the way.

Do some testing!

Testing for bugs is an important part of polishing the release during the beta stage and a great way to contribute.

If you think you’ve found a bug, please post to the Alpha/Beta area in the support forums. We would love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac. That’s also where you can find a list of known bugs.

Props to @webcommsat, @yvettesonneveld, @estelaris, @cguntur, @desrosj, and @marybaum for editing/proof reading this post, and @davidbaumwald for final review.

WordPress 5.6 Beta 1 was originally posted at https://wordpress.org/news/2020/10/wordpress-5-6-beta-1/

Video: How to Edit the Footer in WordPress Step by Step

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=7Qsk9ayPjmw

Video: New OptinMonster Feature - The New Publish Screen

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=AjPP4gzO5vk

Video: How to Schedule Your Posts in WordPress Step by Step

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=hM_nywSy0yY

Video: Is Your Site Ready for the Holiday Season?

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=rHdypvCeaxo

Video: 6 Best WordPress Giveaway and Contest Plugins Compared

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=aOPVM5Rhr3M

Video: How to Embed Actual Tweets in WordPress Blog Posts

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=BKVSRIHTU2o