This Month in WordPress: November Roundup
As 2023 draws to a close, the WordPress community remains active. The year’s final significant update, WordPress 6.4, has been released alongside a fresh default theme, setting the stage for an exciting 2024.
In addition, TemplateMonster is hosting the Monster’s Awards. This event celebrates the WordPress industry’s products and service providers – don’t forget to vote for your favorite ones.
On a more serious note, a phishing campaign targeting WordPress sites has come to light, but there is nothing to worry about as long as you don’t download anything suspicious.
Let’s delve deeper into the WordPress news and updates of November.
WordPress 6.4 and 6.4.1 Updates
The last WordPress major release was launched on November 7, introducing the new Twenty Twenty-Four default theme, workflow improvements, and performance boost.
Here are some highlights:
- Twenty Twenty-Four theme. Breaking from the blog-centric design, the new theme has versatile patterns suitable for business and portfolio websites.
- Custom pattern categories. Building on the pattern creation feature from the previous release, WordPress 6.4 introduces custom categories for enhanced pattern organization.
- Container blocks. Rename group, row, and stack blocks to find them more quickly in the editor’s list view.
- Lightbox. Design your website easier with a native image lightbox that will magnify images in an overlay.
- Split queries. This update speeds up your website by breaking down complex queries to reduce load time and database strain.
Only a few days after the release, WordPress 6.4.1 was launched to fix three bugs. The most important one was causing failed theme or plugin updates, as they resulted in timeout errors.
Learn More About WordPress 6.4
Check out our blog post about WordPress 6.4 to find out more about the new version.
Make sure to update your WordPress site to the latest version for better security and new features.
WordPress 2024 Roadmap
As 2023 is coming to an end, WordPress contributors are looking forward to the next year.
Josepha Haden Chomphosy, the Director of the WordPress Project, posted a schedule proposal for the next year’s major releases:
| Version | Beta version | Final release |
| WordPress 6.5 | February 13 | March 26 |
| WordPress 6.6 | June 4 | July 16 |
| WordPress 6.7 | September 24 | November 5 |
If there are no changes, WordPress 6.5 and 6.6 release cycles will coincide with WordCamp Asia 2024 and WordCamp Europe 2024, respectively.
Furthermore, WordPress versions 6.5 and 6.7 primarily focus on enhancing collaborative features, marking significant progress in the Gutenberg Phase 3 project.
Phishing Attempts on WordPress Users
Wordfence has recently identified a phishing campaign targeting WordPress users.
Basically, WordPress website owners get an email from the WordPress Security Team about the Remote Code Execution (RCE) issue. The so-called security team offers to fix it by installing a plugin named CVE-2023-45124 Patch.
However, this CVE identifier does not exist.
Clicking the Download Plugin button in the email redirects victims to a counterfeit WordPress plugin repository page, using the URL en-gb-wordpress.org. The malicious plugin covertly adds an administrator user named wpsecuritypatch, designed to remain hidden for stealth.
Additionally, the plugin downloads a backdoor file named wpgate.zip and stores it in the root directory under the deceptive name wp-autoload.php.
To protect your website from such deceptive tactics, be careful with emails claiming to be from WordPress. Always verify links in the email before clicking on them and look for typos – in this case, ‘WordPress’ is written with a lowercase P.
If you suspect your site might be compromised, take these steps immediately:
- Inspect your root directory for a wp-autoload.php file.
- Review your installed WordPress plugins for any with the slug wpress-security-wordpress.
- Check for the presence of a concealed administrative user named wpsecuritypatch.
Doing so will ensure the security and integrity of your WordPress site.
WPTalkLink
WPTalkLink, envisioned by Javi Guembe, emerges as a unique community project based on the desire to connect people within the WordPress community for mutual language learning.
This new platform pairs members with their language buddies so they can start learning together and motivate each other.
Currently, there are over 20 members, including Javi Guembe himself and some well-known figures in the WordPress community, like Michelle Frechette and Naoko Takano.
Vote for Hostinger in the Monster’s Awards 2023
We’re thrilled to announce that Hostinger is nominated in the Monster’s Awards 2023 as one of the best WordPress Hosting Providers. Visit the Monster’s Awards website and open the best WordPress hosting category to vote for Hostinger.
You can also check other categories and vote for your favorite WordPress-related products or services, including the best free WordPress themes and WooCommerce plugins.
What’s Coming in December
As we’re closing 2023, there is only one WordPress event we’re anticipating – State of the Word 2023. The annual keynote by WordPress co-founder Matt Mullenweg will take place on December 11, 2023, in Madrid, Spain.
Mark your calendar, and be sure to catch the live stream.
Leo is a Content Specialist and WordPress contributor. Armed with his experience as a WordPress Release Co-Lead and Documentation Team Representative, he loves sharing his knowledge to help people build successful websites. Follow him on LinkedIn.
