Wednesday May 3, 2023
This Month in WordPress: April Roundup
WordPress community is always in motion to create a better experience for its content management system users. This month, we’re treated with updates, patches, and feature development for various WordPress plugins.
In addition, sticking with the AI trend, we saw more AI adoption in the WordPress ecosystem. Most notably, Elementor, one of the big players, announced its plans to introduce more AI-powered features into the site builder. But more on that later – let’s look at what April has brought us.
Despite being a relatively quiet month for the WordPress core, there are still some interesting and important updates to talk about. Some experimental features got rolled out in Gutenberg, and Yoast updated its minimum requirements.
Experimental Features in Gutenberg
April saw the release of Gutenberg versions 15.5 and 15.6, which brought three new interesting experimental features to users. To try them out, you must install and activate the Gutenberg plugin and activate the experiments from the Gutenberg → Experiments panel.
The grid block was introduced in Gutenberg 15.5. Acting as the new container block, the grid layout enables users to arrange content, such as displaying product features, in a way that wasn’t previously possible with the “group, row, and stack” block.
Currently, the grid block has a single setting to change the minimum column width, which will affect the number of columns. This block is also included in the container block transformation option, making it easier to transform the different blocks into each other. This way, if you want to change a stack block to a grid block, you simply click a button and get on with your day.
The details block, introduced in Gutenberg 15.6, lets users add a collapsible section to their pages to hide content.
For example, you might want to hide a transcript or product details that may take up too much space if displayed by default. This block also comes in handy when users want to create an accordion menu.
The details block consists of a heading for the details summary and a child block. You can insert any core block you want into this block, including a query loop and an image. This gives great flexibility for adding any content inside the accordion.
The last experimental feature we want to highlight is the command center. Also introduced as an experiment in Gutenberg 15.6, this feature acts as a shortcut for users to go to other posts, pages, templates, and template parts.
Users simply have to press Cmd/Ctrl + K in the Site Editor, and the command center pop-up will appear, showing the available items to jump to. Alternatively, use the search bar to find the item you want to pick.
Yoast SEO Increases PHP Requirement
Yoast launched two updates in April – version 20.5 and 20.6. But it’s the first update you should really pay attention to.
Version 20.5 will increase the PHP requirement to a minimum of PHP 7.2.5 or higher. This means that the plugin will no longer be compatible with previously supported versions – PHP 5.6, 7.0, and 7.1.
Update your PHP version to improve the performance of your website. You can do so easily with our hPanel: we have a dedicated PHP management panel that lets you change the PHP version in just a few clicks.
Yoast already posted a notice in November 2022 about increasing the minimum PHP requirement for the plugin. While it was initially planned for March 2023, Yoast finally implemented it in version 20.5, launched in mid-April 2023.
Elementor’s first notable AI tool is the text generator. This tool lets users generate text for headings and content blocks with simple prompts. Thanks to the several handy quick prompts, you can refine the results by making the suggested text shorter or longer, simplifying the language, and fixing grammar issues. There are options to change the tone and translate the text.
The second intriguing feature is code-writing AI. Created to help write CSS and custom HTML code, this tool is useful for anyone who wants to create specific visual customization but doesn’t know how to code.
Currently, Elementor AI is available in the beta version of 3.13, with the final release estimation will be on May 8, 2023.
Although we just got the latest major WordPress release last month, the WordPress team is already working on future updates.
The WordPress 6.2 release squad is working on the 6.2.1 minor updates to fix several bugs. While there is still no schedule for the update, the team is expected to deliver it in May.
Enable the WordPress automatic update feature in hPanel, so you won’t miss any patches to the software.
As for the major update, the proposed plan is to ship WordPress 6.3 around August. The WordPress team is still calling for a release squad. If you’re interested, you can check out the Core Team blog post for more information.
WordPress Security News
This month, we had a rather unusual security breach: an abandoned plugin was exploited to create a backdoor on compromised websites. Not something you wish to happen to your site, right? We have also rounded up some plugins that launched patches to cover cross-site scripting (XSS) vulnerabilities.
A security threat was found related to an abandoned Eval PHP plugin. Considered an abandonware, given the last update was over 10 years ago, the plugin was used to add PHP code to WordPress posts and pages. This created an opportunity for attackers to use it to create a backdoor to sites that had the plugin installed.
The attackers first need to install Eval PHP on compromised websites. Then they could insert the PHP code into posts and pages to create the backdoor.
The vulnerability was identified when an unusual spike of installs happened in the last few months despite the plugin’s dormant activity. This resulted in the WordPress Plugins team removing Eval PHP from the repository to prevent more installation and subsequent security threats.
It is recommended to check your website to ensure Eval PHP is not installed on your site. We recommend also securing your WordPress credentials to prevent compromising your site in the future.
Always use secure credentials to prevent unauthorized access to your WordPress admin. We recommend using hPanel’s malware scanner to find any security threat on your site.
Cross-Site Scripting (XSS) Vulnerabilities
Throughout April, some plugins were affected by cross-site scripting vulnerabilities. We’ve scanned through Patchstack data and listed some notable plugins detected with such vulnerabilities:
- All In One WP Security (1+ million active downloads). The cross-site scripting vulnerability affected version 5.1.4 or lower, with version 5.1.0 or lower also affected by cross-site request forgery (CSRF). Version 5.1.5 fixed all the issues, although we recommend updating to the latest version, 5.1.8, if you haven’t done so.
- MetaSlider (700,000+ active downloads). MetaSlider version 3.29 and lower are affected by a high-severity reflected cross-site scripting vulnerability. Version 3.30 fixes this issue, but only 22.8% of active downloads currently use the latest version. If you’re using this plugin, check your version and update it immediately if necessary.
- Limit Login Attempts (600,000+ active downloads). Two cross-site scripting vulnerabilities were detected in April, affecting version 1.7.1 and lower. The developer has patched them in version 1.7.2.
Featured WordPress Tools
WordPress is driven by creative contributors who develop themes, plugins, and other tools to improve the website creation experience. Here are some new additions to the WordPress family that we found interesting and worth mentioning.
One of the captivating new WordPress block themes is Lovebird – a multipurpose block theme with a bold design and a feature-rich premium version. The demo version boasts a clean pink-themed style with a noisy image background, giving off retro vibes.
The magazine-inspired design makes Lovebird suitable for fashion or online magazine websites. Its bold and catchy style easily captures readers’ attention, and the strong typography selection makes the text pop out for max readability. The theme is also WooCommerce-ready, so starting a fashion store or charging for a magazine subscription is possible from the get-go.
AI technology is here to stay, and the Flusso AI plugin is one of the latest examples of how it can be leveraged for content creation.
Flusso AI brings four AI functionalities to your site:
- Image generator. Use prompts to create AI-generated images. There are options to set the number of images generated, resolution, image type, and style.
- Chat and text content generator. This feature is based on the well-known ChatGPT. You can use prompts to generate text content for your post or page copy. There’s even an option to automatically create a new post based on the generated text.
- Key points. Available in the post editor, the AI will generate the post summary or list the article’s key points. Great for social media posts or summarizing what your articles are all about.
- Speech to text. Need a transcript for your podcast or video? You can upload an audio file to the plugin panel and generate the transcription. Like the text generator, you can quickly create a new post based on the generated transcription.
The plugin uses OpenAI, meaning that you must connect the plugin to your OpenAI account using the secret key.
WordPress Plugins Periodic Table
Curious to see what are the most popular WordPress plugins? Pascal Birchler created a periodic table of 108 WordPress plugins from the official repository with the most active downloads.
The table is interactive, too. Click on any element, and it will expand to show more information about the plugin, what it’s used for, and so on.
Although this periodic table was built to celebrate the 20th anniversary of WordPress, it still provides useful information to users, especially if you’re looking for the most popular and reputable WordPress plugins for your website.
WordPress Is Turning 20 in May
On May 27, 2023, we celebrate a great milestone in WordPress – the software’s 20th anniversary!
It’s rare for a community-supported software to grow and evolve for so long, and it’s surely something WordPress fans are keen to celebrate. Check out the official WordPress 20th Anniversary website for community events near you.
Hostinger will take part too! Stay tuned: we have special content planned for celebrating 20 years of WordPress.