WordCamp US 2019 dates announced

Save the date! The next WordCamp US will be held on November 1-3, 2019, in beautiful St Louis, Missouri. One of our largest events of the year, WordCamp US is a great chance to connect with WordPress enthusiasts from around the world. This is also the event that features Matt Mullenweg’s annual State of the Word address.

We’d love to see you in St. Louis next year, so mark your calendar now!

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility.

WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.

  • Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to.
  • Simon Scannell of RIPS Technologies discovered that authors could create posts of unauthorized post types with specially crafted input.
  • Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection.
  • Tim Coen discovered that contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.
  • Tim Coen also discovered that specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations.
  • Team Yoast discovered that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.
  • Tim Coen and Slavco discovered that authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.

Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

Download WordPress 5.0.1, or venture over to Dashboard → Updates and click Update Now. Sites that support automatic background updates are already beginning to update automatically.

In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.0.1:

Alex Shiels, Alex Concha, Anton Timmermans, Andrew Ozz, Aaron Campbell, Andrea Middleton, Ben Bidner, Barry Abrahamson, Chris Christoff, David Newman, Demitrious Kelly, Dion Hulse, Hannah Notess, Gary PendergastHerre Groen, Ian Dunn, Jeremy FeltJoe McGill, John James Jacoby, Jonathan DesrosiersJosepha Haden, Joost de Valk, Mo Jangda, Nick Daugherty, Peter Wilson, Pascal Birchler, Sergey Biryukov, and Valentyn Pylypchuk.

WordPress 5.0 “Bebo”

Say Hello to the New Editor

We’ve made some big upgrades to the editor. Our new block-based editor is the first step toward an exciting new future with a streamlined editing experience across your site. You’ll have more flexibility with how content is displayed, whether you are building your first site, revamping your blog, or write code for a living.

Building with Blocks

The new block-based editor won’t change the way any of your content looks to your visitors. What it will do is let you insert any type of multimedia in a snap and rearrange to your heart’s content. Each piece of content will be in its own block; a distinct wrapper for easy maneuvering. If you’re more of an HTML and CSS sort of person, then the blocks won’t stand in your way. WordPress is here to simplify the process, not the outcome.

We have tons of blocks available by default, and more get added by the community every day. Here are a few of the blocks to help you get started:

Freedom to Build, Freedom to Write

This new editing experience provides a more consistent treatment of design as well as content. If you’re building client sites, you can create reusable blocks. This lets your clients add new content anytime, while still maintaining a consistent look and feel.


A Stunning New Default Theme

Introducing Twenty Nineteen, a new default theme that shows off the power of the new editor.

Designed for the block editor

Twenty Nineteen features custom styles for the blocks available by default in 5.0. It makes extensive use of editor styles throughout the theme. That way, what you create in your content editor is what you see on the front of your site.

Simple, type-driven layout

Featuring ample whitespace, and modern sans-serif headlines paired with classic serif body text, Twenty Nineteen is built to be beautiful on the go. It uses system fonts to increase loading speed. No more long waits on slow networks!

Versatile design for all sites

Twenty Nineteen is designed to work for a wide variety of use cases. Whether you’re running a photo blog, launching a new business, or supporting a non-profit, Twenty Nineteen is flexible enough to fit your needs.


Developer Happiness

Protect

Blocks provide a comfortable way for users to change content directly, while also ensuring the content structure cannot be easily disturbed by accidental code edits. This allows the developer to control the output, building polished and semantic markup that is preserved through edits and not easily broken.

Compose

Take advantage of a wide collection of APIs and interface components to easily create blocks with intuitive controls for your clients. Utilizing these components not only speeds up development work but also provide a more consistent, usable, and accessible interface to all users.

Create

The new block paradigm opens up a path of exploration and imagination when it comes to solving user needs. With the unified block insertion flow, it’s easier for your clients and customers to find and use blocks for all types of content. Developers can focus on executing their vision and providing rich editing experiences, rather than fussing with difficult APIs.


Keep it Classic

Prefer to stick with the familiar Classic Editor? No problem! Support for the Classic Editor plugin will remain in WordPress through 2021.

The Classic Editor plugin restores the previous WordPress editor and the Edit Post screen. It lets you keep using plugins that extend it, add old-style meta boxes, or otherwise depend on the previous editor. To install, visit your plugins page and click the “Install Now” button next to “Classic Editor”. After the plugin finishes installing, click “Activate”. That’s it!

Note to users of assistive technology: if you experience usability issues with the block editor, we recommend you continue to use the Classic Editor.

This release is named in homage to the pioneering Cuban jazz musician Bebo Valdés.


The Squad

This release was led by Matt Mullenweg, along with co-leads Allan Cole, Anthony Burchell, Gary Pendergast, Josepha Haden Chomphosy, Laurel Fulford, Omar Reiss, Daniel Bachhuber, Matías Ventura, Miguel Fonseca, Tammie Lister, Matthew Riley MacPherson. They were ably assisted by the following fabulous folks. There were 423 contributors with props in this release. Pull up some Bebo Valdés on your music service of choice, and check out some of their profiles:

Aaron Jorbin, Abdul Wahab, Abdullah Ramzan, abhijitrakas, Adam Silverstein, afraithe, Ahmad Awais, ahmadawais, Airat Halitov, Ajit Bohra, Alain Schlesser, albertomedina, aldavigdis, Alex Sanford, alexis, Alexis Lloyd, Amanda Rush, amedina, Andrea Fercia, Andrea Middleton, Andrei Lupu, andreiglingeanu, Andrew Duthie, Andrew Munro, Andrew Nevins, Andrew Ozz, Andrew Roberts, Andrew Taylor, andrewserong, Andy Peatling, Angie Meeker, Anna Harrison, Anton Timmermans, ArnaudBan, Arshid, Arya Prakasa, Asad, Ashar Irfan, asvinballoo, Atanas Angelov, Bappi, bcolumbia, belcherj, Benjamin Eyzaguirre, Benjamin Zekavica, benlk, Bernhard Kau, Bernhard Reiter, betsela, Bhargav Mehta, Birgir Erlendsson (birgire), Birgit Pauli-Haack, blowery, bobbingwide, boblinthorst, Boone Gorges, Brady Vercher, Brandon Kraft, Brandon Payton, Brent Swisher, Brianna Privett, briannaorg, Bronson Quick, Brooke., Burhan Nasir, CantoThemes, cathibosco, Chetan Prajapati, chetansatasiya, chetansatasiya, Chouby, Chris Runnells, Chris Van Patten, chriskmnds, chrisl27, Christian Sabo, Christoph Herr, circlecube, Claudio Sanches, coderkevin, Copons, courtney0burton, Csaba (LittleBigThings), csabotta, Daniel James, Daniel Richards, danielhw, daniloercoli, DannyCooper, Darren Ethier (nerrad), davemoran118, David Cavins, David Herrera, David Kennedy, David Ryan, David Sword, Davide ‘Folletto’ Casali, davidherrera, Davis, dciso, Dennis Snell, Derek Smart, designsimply, Devin Walker, Devio Digital, dfangstrom, Dhanendran, Diego de Oliveira, diegoreymendez, dingo-d, Dion Hulse, Dixita Dusara, Dixita Gohil, Dominik Schilling, Donna Peplinskie, Drew Jaynes, dsawardekar, dsifford, Duane Storey, Edwin Cromley, ehg, ElectricFeet, Elio Rivero, Elisabeth Pointal, Ella Iseulde Van Dorpe, elrae, enodekciw, ephoxjames, ephoxmogran, Eric Amundson, ericnmurphy, etoledom, fabiankaegy, fabs_pim, faishal, Felix Arntz, Florian Simeth, foobar4u, foreverpinetree, Frank Klein, fuyuko, Gabriel Maldonado, Garrett Hyder, Gary Jones, Gary Thayer, garyjones, Gennady Kovshenin, George Olaru, George Stephanis, georgeh, gnif, goldsounds, Grappler, Grzegorz Ziółkowski, Gustavo Bordoni, gwwar, Hardeep Asrani, hblackett, Helen Hou-Sandi, Hendrik Luehrsen, herbmiller, Herre Groen, Hugo Baeta, hypest, Ian Dunn, ianstewart, ibelanger, iCaleb, idpokute, Igor, imath, Imran Khalid, intronic, Ipstenu (Mika Epstein), Irene Strikkers, Ismail El Korchi, israelshmueli, J.D. Grimes, J.D. Grimes, Jacob Peattie, jagnew, jahvi, James Nylen, jamestryon, jamiehalvorson, Jan Dembowski, janalwin, Jason Caldwell, Jason Stallings, Jason Yingling, Javier Villanueva, Jay Hoffmann, Jb Audras, Jeff Bowen, Jeffrey Paul, Jeremy Felt, Jip Moors, JJJ, Joe Bailey-Roberts, Joe Dolson, Joe Hoyle, Joe McGill, joemaller, Joen Asmussen, Johan Falk, John Blackbourn, John Godley, johndyer, JohnPixle, johnwatkins0, jomurgel, Jonathan Desrosiers, Jonny Harris, jonsurrell, Joost de Valk, Jorge Bernal, Jorge Costa, Jose Fremaint, Josh Pollock, Josh Visick, Joshua Wold, Joy, jrf, jryancard, jsnajdr, JulienMelissas, Justin Kopepasah, K.Adam White, Kallehauge, KalpShit Akabari, Kat Hagan, Kelly Dwan, Kevin Hoffman, khleomix, Kite, Kjell Reigstad, kluny, Konstantin Obenland, Konstantinos Xenos, krutidugade, Lance Willett, Lara Schenck, leahkoerper, lloyd, Loic, Lucas Stark, LucasRolff, luigipulcini, Luke Cavanagh, Luke Kowalski, Luke Pettway, Luminus, lynneux, m-e-h, macbookandrew, Maedah Batool, Mahdi Yazdani, mahmoudsaeed, Maja Benke, Marcus Kazmierczak, Marin Atanasov, marina_wp, Marius L. J., mariusvw, Mark Jaquith, Mark Uraine, martinlugton, mathiu, Matt Cromwell, Matt Mullenweg, MattGeri, Matthew Boynes, Matthew Haines-Young, maurobringolf, Maxime BERNARD-JACQUET, Mayo Moriyama, meetjey, Mel Choyce, mendezcode, Micah Wood, Michael Adams (mdawaffe), Michael Hull, Michael Nelson, Michele Mizejewski, Migrated to @jeffpaul, Miina Sikk, Mikael Korpela, Mike Crantea, Mike Haydon, Mike Schroder, mikehaydon, Mikey Arce, Milan Dinić, Milana Cap, Milen Petrinski – Gonzo, milesdelliott, mimo84, mirka, mitogh, mmtr86, Monique Dubbelman, Morten Rand-Hendriksen, Mostafa Soufi, motleydev, mpheasant, mrmadhat, mrwweb, msdesign21, mtias, Muhammad Irfan, Mukesh Panchal, munirkamal, Muntasir Mahmud, mzorz, nagayama, Nahid F. Mohit, Naoko Takano, napy84, nateconley, Native Inside, Ned Zimmerman, Neil Murray, nic.bertino, Nicola Heald, Niels Lange, Nikhil Chavan, Nikolay Bachiyski, nitrajka, njpanderson, nosolosw, nshki, Okamoto Hidetaka, oskosk, Paresh Radadiya, Pascal Birchler, Paul Bearne, Paul Dechov, Paul Stonier, Paul Wilde, Pedro Mendonça, Peter Wilson, pglewis, Philipp Bammes, piersb, Pieter Daalder, pilou69, Piotr Delawski, poena, postphotos, potbot, Prateek Saxena, pratikthink, Presskopp, psealock, ptasker, Rachel, Rachel Baker, Rahmohn, Rahmon, Rahul Prajapati, rakshans1, ramonopoly, Rastislav Lamos, revgeorge, Riad Benguella, Rian Rietveld, richsalvucci, Riddhi Mehta, Riley Brook, Robert Anderson, Robert O’Rourke, robertsky, Rocio Valdivia, Rohit Motwani, Ross Wintle, Ryan McCue, Ryan Welcher, ryo511, Sagar Prajapati, Sami Keijonen, Samuel Wood (Otto), Sang-Min Yoon, sarah semark, Scott Weaver, Sergey Biryukov, SergioEstevao, Shahjehan Ali, Shailee Sheth, Sharaz Shahid, Shaun sc, shaunandrews, Shawn Hooper, shenkj, sikander, Simon Prosser, siriokun, sirjonathan, sirreal, Sisanu, skorasaurus, Slushman, Sofia Sousa, SOMTIJDS, Soren Wrede, spocke, Stagger Lee, Stanimir Stoyanov, Stephen Edgar, Steve Henty, Store Locator Plus, strategio, stuartfeldt, tacrapo, Tammie Lister, ThemeRoots, Thorsten Frommen, Thrijith Thankachan, Tim Hengeveld, timgardner, Timmy Crawford, Timothy Jacobs, Tom J Nowell, Toni Laakso, Tor-Bjorn Fjellner, Toro_Unit (Hiroshi Urabe), Toshihiro Kanai, Towhidul Islam, Travis Lopes, truongwp, Tunji Ayoola, twoelevenjay, Ulrich, vindl, Vishal Kakadiya, Vitor Paladini, Walter Ebert, warmarks, WebMan Design | Oliver Juhas, websupporter, Weston Ruter, William Earnhardt, williampatton, Willy Bahuaud, wpscholar, xyfi, Yahil Madakiya, yingles, Yoav Farhi, Yusuke Takahashi, zebulan, and Ziyaddin Sadigov.

Finally, thanks to all the community translators who worked on WordPress 5.0. Their efforts bring WordPress 5.0 fully translated to 37 languages at release time, with more on the way.

If you want to follow along or help out, check out Make WordPress and our core development blog.

Thanks for choosing WordPress!

WordPress 5.0 RC3

The third release candidate for WordPress 5.0 is now available!

WordPress 5.0 will be released on December 6, 2018. This is a big release and needs your help—if you haven’t tried 5.0 yet, now is the time!

To test WordPress 5.0, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For details about what to expect in WordPress 5.0, please see the first release candidate post.

This release candidate includes a fix for some scripts not loading on subdirectory installs (#45469), and user locale settings not being loaded in the block editor (#45465). Twenty Nineteen has also had a couple of minor tweaks.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.0 and update the Tested up to version in the readme to 5.0. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release. An in-depth field guide to developer-focused changes is coming soon on the core development blog. In the meantime, you can review the developer notes for 5.0.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.


WordPress Five Point Oh
Is just a few days away!
Nearly party time!
🎉

The Month in WordPress: November 2018

WordPress 5.0 is almost ready for release, including an all-new content editing experience. Volunteers all across the project are gearing up for the launch and making sure everything is ready. Read on to find out what’s been happening and how you can get involved.


WordPress 5.0 Close to Launch

The release date for WordPress 5.0 has not yet been set, but the second release candidate (RC) is now available. The final release date will be determined based on feedback and testing of this RC. The Core development team has been posting daily updates on the progress of their work on v5.0, with the number of open issues for this release decreasing every day.

The primary feature of this release is the new editor that will become the default WordPress experience going forward. A number of people have been seeking more direct feedback from the release leads about the progress of this release, which @matt has facilitated by hosting one-to-one discussions with anyone in the community who wanted to talk with him about it. He has also published an extended FAQ covering many of the questions people have been asking.

Alongside the development of the new editor, the Mobile team has been working hard to bring the WordPress mobile apps up to speed. They plan to make a beta version available in February 2019.

Want to get involved in developing WordPress Core in 5.0 and beyond? Follow the Core team blog and join the #core channel in the Making WordPress Slack group.

New WordPress Support Platform Goes Live

WordPress user documentation has long been hosted on the WordPress Codex, but for the past couple of years an ambitious project has been underway to move that content to a freshly-built WordPress-based platform. This project, named “HelpHub,” is now live and the official home of WordPress Support.

There is still plenty of content that needs to be migrated from the Codex to HelpHub, but the initial move is done and the platform is ready to have all WordPress’ user documentation moved across. HelpHub will be the first place for support, encouraging users to find solutions for themselves before posting in the forums.

Want to get involved in populating HelpHub with content, or with its future development? Follow the Documentation team blog and join the #docs channel in the Making WordPress Slack group.

Spanish WordPress Community Pushes Translations Forward

The WordPress community in Spain has been hard at work making sure as much of the WordPress project as possible is available in Spanish. They have recently translated more of the project than ever — including WordPress Core, WordPress.org, the mobile apps and the top 120 plugins in the Directory.

This achievement has largely been possible due to the fact that the Spanish translation team has over 2,500 individuals contributing to it, making it the largest translation team across the whole project.

Want to get involved in translating WordPress into your local language? You can jump straight into translations, follow the Polyglots team blog and join the #polyglots channel in the Making WordPress Slack group.


Further Reading:

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.