WordPress 5.0 is being released tomorrow, December 6th. This release contains a major change to the WordPress editor. The new editor, code-named Gutenberg, is a substantial leap forward in functionality. It uses a new block-based system for editing which allows you to embed a wide range of content in your posts and pages, and gives you a lot of flexibility in laying out those blocks on the page.
It is time again for a WordPress Update, as the WordPress development team has released WordPress 4.8 on June 8, 2017. This is the first Major WordPress Release of 2017 which has new features and enhancements. In this article, we will show what new features were added.
This version most previous versions are named after Jazz composers. This Edition is nicknamed “Evans” in honor of the Jazz pianist and composer William John “Bill” Evans.
If you have auto-update enabled via softaculous, you should have received an email alerting you of your website is updated.
If not, then you should be able to enable the updates by visiting the “Update” section withing your menu highlighted in the screenshot or see an alert within your WordPress Admin area.
NB. Create a Complete WordPress Backup before making an update.
Three New Media Widgets
- Image Widget – this widget enables you to add an image to the sidebar/widget area by selecting and/or uploading it to your media library with options for title and whether you want the image to have a link to a URL.
- Video Widget – similar to the image widget, this enables you to embed a video within your sidebar/widget area. You can either select/upload to your WordPress media library or use videos from YouTube, Vimeo and other oEmbed providers.
- Audio Widget – like the Image and video widgets, This widget enables you to easily add audio files to the sidebar/widget area. It uses an HTML5 audio player and supports MP3, OGG, and WAV audio file formats
- Rich Text Widget – in previous editions, The Text widget area didn’t include a much needed visual editor. This edition gives you an improved visual editor like the one used to composed blog entries.
Nearby WordPress Events
This New Dashboard widget displays news as well as events near your location. If you have multiple users of your website dashboard, each user will see events near their location.
This widget uses an IP at api.wordpress.org to guess the user’s location based on the IP address hence if you are using a VPN, events near your server will be prominent. You can also manually change the location to see events near your from around the world.
Have you ever tried updating a link, or the text around a link, and found you can’t seem to edit it correctly? When you edit the text after the link, your new text also ends up linked. Or you edit the text in the link, but your text ends up outside of it. This can be frustrating! With link boundaries, a great new feature, the process is streamlined and your links will work well.
Other Updates for WordPress 4.8
If you are a WordPress Developer then the following updates will be of interest. If you are not a developer, feel free to skip to the conclusion of this article.
- variable customizer width – If you have used the live customizer large screens, You may have noticed the sidebar looking narrow. This update makes the sidebar proportionate to the screen within the live customizer.
- username prominently displayed on edit user screen
- Tag cloud widget will not use title tag – the title tag is now replaced with the easily accessible aria-label attribute
- More Accessible Admin Panel Headings – New CSS rules mean extraneous content (like “Add New” links) no longer need to be included in admin area headings.
- Removal of Core Support for WMV and WMA Files – As fewer and fewer browsers support Silverlight, file formats which require the presence of the Silverlight plugin are being removed from core support. Files will still display as a download link, but will no longer be embedded automatically.
- Multisite Updates – New capabilities have been introduced to 4.8 with an eye towards removing calls to
is_super_admin()Additionally, new hooks and tweaks to more granularly control site and user counts per network have been added.
- Media Widgets API – The introduction of a new base media widget REST API schema to 4.8 opens up possibilities for even more media widgets (like galleries or playlists) in the future. The three new media widgets are powered by a shared base class that covers most of the interactions with the media modal. That class also makes it easier to create new media widgets and paves the way for more to come.
So those are the latest features and enhancements which were added to the latest version of WordPress. Feel Free to email us at support[at]internetsolutions[dot]hk if you run into any issues while making your update.
Follow us on Facebook and Twitter for the latest tips, tricks, deals, and updates on how to improve your website, SEO, Business, and More.
WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.
WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes.
Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.
WordPress is an extremely popular web platform, and because of its popularity, it is often the target of hackers looking to “take over” pieces of your site for their own benefit. Hackers like to maximize the effectiveness of their work, so they’ll often target widely installed plugins or themes with known security vulnerabilities. In most cases, your site was not targeted specifically but was hacked because of some vulnerability in a plugin or theme installed on your site.
If your site is hacked, read the following resources to help you get up and running again. Even if your site has not been hacked, many of these articles cover security topics that are helpful for anyone in charge of a WordPress website.
WordPress security is becoming a more demanding issue with time. Hackers are aware that many people, specially does without coding knowledge, choose WordPress as their CMS and because it is open source is easy to find backdoors and exploit them to inject malware, trojans or viruses.
One plugin that helps increasing your WordPress site’s security is “Limit Login Attempts”. Its very easy to install and setup and you will not believe the great amount of succesful blocked attempts.
Also, and more important, is to ALWAYS update your WordPress site. Each upgrade will have a notice on why a new version was released. For example the latest one says:
- Fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. Fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team.
- Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
- Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
- Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
- Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.
Is your responsability to check often and upgrade inmediately to the newest WordPress version. Don’t wait for your website to get hacked!