As 2023 drew to a close, December became a month of reflection, updates, and anticipation for the future of WordPress. The release of WordPress 6.4.2 delivered crucial security and maintenance fixes, wrapping up the year on a stable note. Meanwhile, the publication of the WordPress 6.5 roadmap set the tone for what’s next in 2024, from design tool upgrades to a renewed focus on plugin and theme usability. WordPress ended the year stronger than ever with continued community collaboration and evolving development tools.
Mergers, Acquisitions, Investments
In a noteworthy move, NerdPress acquired the Grow Social plugin from Mediavine in December 2023. This plugin, widely used by bloggers and content creators for social sharing, joins NerdPress’s growing suite of services to make WordPress site management easier and more secure.
This strategic acquisition allows NerdPress to directly influence plugin development and strengthen its offerings for small publishers. The plugin’s rebranding and updates are expected in early 2024.
WordPress Core Updates
On December 6, 2023, WordPress released version 6.4.2, a maintenance and security update addressing seven core bugs and one security vulnerability. The security fix targeted a potential Remote Code Execution (RCE) vulnerability that, while not directly exploitable in core, posed a high-severity risk when combined with specific plugins, especially in multisite installations. Users are strongly encouraged to update to this version to ensure site security.
Other WordPress News
The roadmap for WordPress 6.5, scheduled for release on March 26, 2024, was unveiled. Key features planned include a new Font Library for global font management, Appearance Tools in Classic Themes support, Data Views for templates and patterns, and enhanced revisions across the editing experience. New APIs like Interactivity, Custom Fields, and Block Binding are set to expand block capabilities and underpin features like Synced Pattern Overrides.
Security Alerts & Plugin Vulnerabilities
December saw the disclosure of 36 new vulnerabilities in WordPress plugins, with security patches available for 32 of them.
- A critical vulnerability (CVE-2023-48777) in the Elementor plugin allowed arbitrary file uploads, potentially leading to remote code execution. Users should update to version 3.18.2 or later.
- Another significant flaw, CVE-2023-6553, was found in the Backup Migration plugin. This allowed unauthenticated attackers to execute PHP code. The issue affected versions up to 1.3.6 and was fixed in 1.3.8.
- The My Calendar plugin discovered a high-severity SQL Injection vulnerability (CVE-2023-6360), affecting versions before 3.4.22.
Industry Trends & Insights
The WordPress community continues to emphasize the importance of security and proactive maintenance. With cyberattacks becoming increasingly sophisticated, particularly targeting small to mid-sized businesses, site administrators must update plugins and themes and monitor for unusual activities.
Theme of the Month
Astra
Astra is a lightweight and highly customizable WordPress theme known for its speed and compatibility with popular page builders. It’s suitable for various website types, from blogs to e-commerce stores.
Plugin of the Month
Rank Math SEO
Rank Math is a powerful SEO plugin that helps users optimize their content with built-in suggestions based on widely accepted best practices. Its user-friendly interface and advanced features make it a preferred choice for many WordPress users.
Agency of the Month
Seahawk Media continued to provide exceptional WordPress services, including website development, maintenance, and optimization. Their commitment to quality and client satisfaction solidified their reputation in the industry.
Host of the Month
Rocket.net
Rocket.net impressed the WordPress community in December with its focus on speed, security, and simplicity. Their enterprise-level performance is powered by Cloudflare Enterprise integration and edge caching, making it one of the fastest managed WordPress hosts on the market.
Founder of the Month
Brian Gardner
As the original creator of the Genesis Framework and a key contributor to the block theme movement, Brian Gardner remained influential in shaping modern WordPress design. His continued advocacy for clean, minimal, block-based themes like Frost reinforces best practices in WordPress theme development.
Looking Ahead to January 2024
The WordPress community anticipates the continued development and refinement of features leading up to the release of WordPress 6.5 in March. Focus areas include enhancing the block editor experience, improving site performance, and bolstering security measures. Community members are encouraged to participate in beta testing and provide feedback to ensure a robust and user-friendly release.