WordPress’s 14th Anniversary Celebration!

It’s celebration time as we commemorate the 14th anniversary of when WordPress was first released. Which means that it’s time to bring out the confetti, streamers, pinatas and have some cake to celebrate more than a decade’s worth of amazing content management right here.

Over here, we look back at all of the most important events and happenings that had transpired over the course of the year that went by. There are several highs and lows that took place, from updates to controversies. But the bottom line is that no matter what hardships WordPress may encounter in, it always finds a way to bounce back.

Major WordPress Updates over the past year

WordPress 4.5.3 security update – June 2016

This was a security update that was released by in June 18th, 2016. The earlier versions had security issues; redirect bypass in the customizer; two different XSS problems via attachment names; oEmbed denial of service; password change via stolen cookie; unauthorized category removal; and less secure sanitize_file_name edge casesless secure sanitize_file_name edge cases. This version also fixes 17 bugs from 4.5, 4.5.1 and 4.5.2

WordPress 4.6 (Pepper) officially launched – August 2016

The name of this version, Pepper, is to honor jazz baritone saxophonist Park Frederick “Pepper” Adams III. Its upgrades includes stuff such as streamlined upgrades that allow you to stay on the same page as you update, install or delete plugins and themes. The dashboard allows you to take advantage of the fonts that you have by making them load faster and allowing you to do more with them.

WordPress 4.7 (Vaughan) – December 2016

WordPress 4.7 Vaughan, is named after historic jazz vocalist Sarah “Sassy” Vaughan and has a number of features including a default theme, Twenty Seventeen, that features images and video headers. It mainly focuses on business sites and includes a customizable front page with multiple sections. It can be personalized with social menus, navigation, widgets, custom colors, etc.

WordPress 4.7.5 Security – May 2017

This security update was released as a response to six issues that were plaguing WordPress: insufficient redirect validation in the HTTP class; improper handling of post meta data values in the XML-RPC API; lack of capability checks for post meta data in the XML-RPC API; a cross-site Request Forgery (CSRF); A cross-site scripting (XSS) vulnerability; and a cross-site scripting (XSS) vulnerability.

WordPress upcoming events

Many enthusiastic WordPress fans would relish at the chance of going to a WordCamp event if it happens to drop by at their area. Fortunately, that’s what they’re going to get all May and June. There is no doubt in my mind when I say these months are going to be lit.

Read: WordPress Events: Top WordCamps Happening in May & June 2017

If you are looking for more upcoming WordCamps, refer to their official site.

Controversies

Of course, with WordPress being so revered for its abundantly user-friendly services, there is also bound to be some level of controversy surrounding it as well. It’s not like any company out there is perfect, because they’re not, but we felt the need to shed some light into the situation to remind our users that hardships have to be dealt with head on.

Mullenweg Takes Aim at Wix over GPL Abuses, Wix Response Fails to Address Licensing Issue. Mullenweg had called out Wix for attempting to copy the GPL code from the mobile app. Wix responded to the open letter by Mullenweg by denying any hint of foul play. Mullenweg is willing to go to court in order to protect the GPL code.

Google is Retiring Its Adsense for WordPress Plugin in May 2017. WordPress’s reason for doing this is so they can put up new and innovative features like automatic ad formats and more. Even though AdSense was used by more than 200,000 sites, the company never supported this for more than 2 years. There will be a new Quickstart method that is a page-level ad format that will automatically display ads at optimal times when AdSense thinks they will perform well for visitors.

Jetpack Introduces Theme Installation from WordPress.com, Sparks Controversy with Alternative Marketplace for Free Themes. JetPack users now have access to over 165 free themes from WordPress.com. JP users have the access to free themes, but won’t be able to purchase commercial themes in the future. Automattic addresses the WordPress.org plugin directory guideline.

Shopify Discontinues Its Official Plugin for WordPress. Shopify’s official WordPress plugin is now being closed after 9000 installs. Shopify claims that the removal will be final after June 30th 2017. The reason behind its removal is because Buy Button offers a better way of selling.

WordPress.com experiments with allowing business plan customers to install third-party plugins and themes. The details are not that crisp yet as it is still in the experimentation phase. If this works, there will be great confusion between WordPress and the self-hosted version.

WordCamp Europe attendees are being denied visas because conference ticket price is too low. There is an issue of small ticket prices that is  preventing foreign WordPressers from getting their visas to attend WordCamp Europe. The President of France is doing everything he can to resolve this dilemma. Lead organizer Paolo Belcastro says that the team has received 60 requests for invitation letters, which is 2% of expected attendees.

Security Vulnerabilities

Given how WordPress is arguably the most popular content management platform out there today, it would make so much sense as to why it is mostly targeted by bots and hackers. This is why the security team of WordPress goes out of their way to constantly buff up the platforms barriers against such attacks.

WordPress REST API vulnerability is being actively exploited, hundreds of thousands of sites defaced. Contributors had opted to delay disclosure of security issues in order to avoid the risk of mass exploitation for any site running on 4.7 or 4.7.1. The vulnerability in a REST API endpoint has been made public for a week and is now being actively exploited. There have been many campaigns that have defaced thousands of WordPress sites.

Hacked Home Routers are Launching Brute Force Attacks on WordPress Sites. 6.7% of all brute force attacks are said to be coming from hacked home routers. 57,000 unique home routers have been seen attacking WordPress sites over the last month. These attacks are using a vulnerability by the name of “misfortune cookie”.

Web Hosting Problems

WordPress’s record isn’t spotless but nevertheless, no one’s is. There are a handful of web-hosting issues that had to be addressed for which WordPress did a great job at doing so.

WordPress will only recommend hosting companies offering SSL by default in 2017. Features such as the API authentication is said to benefit greatly with SSL being there. This is part of Mullenweg’s continuous effort to make the web as secure as possible. Let’s Encrypt is an initiative that is looking to encrypt sites 100% by making free trusted certificates.

Downtime expected for some WPEngine customers as linode patches a critical security vulnerability. WP Engine customers on legacy Xen Linode host servers were told of the impending downtime between July 21st and July 25th. The details of the vulnerability are being embargoed until July 26th, which gives Linode quite the time to patch the problem. WP Engine hopes the problem will be resolved at some point on July 23rd.

Bluehost network outage hits customers with 12 hours of downtime. There has been a widespread network issue that has caused the suspension of customer sites for 12 hours.Bluehost informed its users that it was a “a packet filtering problem” in its core routing layer for which its team had made a fix for. It is possible that it is due to spanning tree protocol misconfigurations, but Bluehost has yet to confirm this.

Pantheon’s $100K WordCamp US sponsorship revoked the night before the event. Even though Pantheon’s Sponsorship was revoked, it was refunded in full. Stodolnic and Pantheon Co-founder Josh Koenig spoke to Mullenweg on day 2 face-to-face behind closed door at the venue. It is now certain whether it is financially worth sponsoring WordCamp anymore as there are less returns on investment.

From the Community and Future of WordPress

WordPress’s healthy, dedicated and loyal community is what makes WordPress whole. Here are some of the most generous donations from a list of WP’s most sincere contributors as well as other great developments that took place.

Syed Balkhi donates WP.org to the WordPress foundation. It is usually an issue where one refers to WP.org, only to be taken to WPBeginner.com. Instead. Syed Balkhi had then decided to donate WP.org to the WordPress Foundation. It was a move done out of the goodness of Balhi’s heart in order to prevent it from falling into the wrong hands.

Advanced WordPress Facebook Group is giving $40K worth of prizes away. Advanced WordPress Facebook Group is giving away more than $40k of prizes for scoring over 20,000 members. Some of these prizes include licenses to Yoast SEO Premium; WP Rocket Personal Licenses; One Free Year of GoDaddy Hosting and MediaTemple Hosting. In order to win any of the prizes, one must become a member of that group. Looking for a new Godaddy alternative? You must check out Cloudways.

Highlights of Matt Mullenweg’s Q&A at WordCamp Europe 2016. Mullenweg says that JavaScript-Powered Interfaces are the future of WordPress. Mullenweg believes that Medium poses no threat to WordPress. Mullenweg says that Tumblr is WordPress’s best competitor.

State of the Word 2016: Mullenweg pushes Calypso as future of WordPress’ Interface, proposes major changes to release cycle. The WordPress Foundation will be looking to create WordPress community support subsidiary. Internationalization is the key to pushing plugin use. WordPress recommends hosts offering PHP 7+ and HTTPS by default.

Obama Foundation launches new website powered by WordPress. The new Obama Foundation site integrates Typeform service for collecting feedback on the hopes and dreams of citizens. The site uses ZURB’s Foundation as its front end framework. Obama is the first president to select WordPress as a presidential center website.

Stack Overflow jobs data shows ReactJS skills in high demand, WordPress market over-saturated with developers. Stack Overflow published an analysis of 2017 hiring trends that are based on the targeting options that employers selected when posting to Stack Overflow Jobs. SO also measured the demand relative to different developers available in different tech skills. For two years now, Stack Overflow respondents have ranked WordPress as among the worst technologies that they prefer not to use.

Weglot multilingual plugin closes $450K in seed funding. Wegot has closed $450k in seed funding from SIDE Capital. Co-founder Remy Berda reports that there are over 10,000 websites that use Wegot and that the company has passed 30K€ in monthly revenue. One year later, Berda and his team found out that WordPress is a great market for those who wish to move quickly and provide a high level of customer satisfaction.

Other Considerable Updates from WordPress.org

Here are some of the other WordPress updates that deserve mentioning.

Responsive design should be required for WordPress.org themes, says Matt Mullenweg. An unknown Google employee suggests that WordPress be made more mobile-friendly. The Theme Review Team has not made any possibility of acquiring new themes to be responsive. There are some themes that pass with great results, some that are usable and some that are just worthless on mobile phones.

WooThemes.com domain redirected as WooCommerce takes front seat. WooCommerce accounted for 85% of all sales on WooThemes, before being acquired by Automattic in May 2015. This move was made to provide better focus for the team, clarity for the customers, and to reflect what has become Woo’s core business. Even though the company is still selling themes, the WooCommerce branding is now taking top billing on the site.

WordPress to bump recommended PHP Version From 5.6 to 7.0 by the middle of 2017. WordPress is looking to shift from PHP 5.6 to 7.0, it doesn’t look to be happening some time soon. Developers are advised to reach out to local groups and inform users why they must care about the PHP version of the site that they use. Mullenweg will rely on established relationships instead of forcing web hosting companies to upgrade to PHP 7.

Automattic will continue to use react.js in Calypso despite patent clause. Calypso is an app built by Automattic that is built entirely on Javascript using the Node and react libraries. React contains a patent clause that allows Facebook to revoke the license if certain conditions are met. Automattic looked into the issues and says that in spite of the termination provisions, it won’t stop the use of React being a part of Calypso.

Registration of the .blog domain extension is now open to trademark owners. Automattic’s subsidiary, Knock Knock, WHOIS There, has won the rights to oversee the sale and registration of the .blog top-level domain extension for $20 million bid. Automattic has hired designer John Maeda and has launched Design.blog. Maeda says that he is looking forward to serving the open-source mission at Automattic.

WordPress.org launches homepage redesign. The meta team of WordPress.org worked quickly to make its new homepage redesign for the holidays. Even though it is the first iteration, it plans to continue design and development in order to create something amazing. The feedback on this so far has been majorly positive and hopes to improve as time goes by.

WordPress relaunches plugin directory with new design and improved search algorithm. The WordPress Plugin Directory has been produced thanks to a year’s worth of work from contributors who thought about giving it a new design and better capabilities. The new plugin search algorithm delivers better relevant search results. The plugin already has several issues that the team has noted and tending to right away.

WordPress 4.8 will end support for Internet Explorer versions 8, 9, and 10. Mullenweg has announced that it is going to drop its support for IE versions 8, 9, and 10 after the release of WordPress 4.8. Users of those browsers will no longer be able to receive security upgrades. Mullenweg says that attempting to support such browsers will hold WordPress back.

Given how much demand there is WordPress, it only makes sense why the teams over there are always breaking their backs to keep the platform secure and up-to-date. With so many upgrades focusing on security, user-interface and design, the future is looking mighty good for WordPress in the years to come.