STAGING ENVIRONMENTDebug log is enabled by default for testing — PHP warning & notice errors will appear on the screen.

WordPress News Roundup January 2023: Gutenberg Advancements, Malware Alerts & Plugin Security

By /
January 2023 Edition

January 2023 kicked off with significant activity across the WordPress ecosystem. The community focused on Gutenberg enhancements, theme releases, core compatibility efforts, and rising security threats, particularly malware that exploits vulnerabilities in plugins and themes. This month’s edition covers top updates, spotlight features, and what to expect next.

Mergers, Acquisitions, Investments

Mergers, Acquisitions, Investments

January 2023 saw notable consolidation moves from Awesome Motive, a major player behind popular WordPress products like WPForms, OptinMonster, and MonsterInsights.

  • Awesome Motive Acquires Thrive ThemesJanuary 23, 2023
    Awesome Motive acquired Thrive Themes, the company behind Thrive Architect, Thrive Leads, and the Thrive Suite. This move strengthens Awesome Motive’s presence in the WordPress ecosystem’s funnel-building, conversion optimization, and course creation segments. Thrive’s products will continue under their brand while integrating with the broader Awesome Motive toolset.
  • Awesome Motive Acquires Duplicator PluginJanuary 5, 2023
    Awesome Motive acquired the Duplicator plugin, one of WordPress.org’s most widely used backup and migration tools, earlier in the month. With over 1 million active installs, Duplicator joins Awesome Motive’s expanding portfolio, further enhancing their infrastructure and site management offerings.

These acquisitions reflect a growing trend of strategic consolidation in the WordPress ecosystem, focused on bundling marketing, site-building, and performance tools under unified umbrellas.

WordPress Core Updates

WordPress Core Updates

While WordPress 6.2 beta launch was slated for early February, January saw developers ramping up feature testing, backporting PHP 8.0+ compatibility, accessibility enhancements, and a custom CSS option in the Site Editor.

Key work included:

  • Gutenberg Phase 2 progress wrapping into the upcoming core release.
  • New Site Editor CSS customization support.
  • Accessibility fixes focused on modal focus, keyboard tabbing, and ARIA compliance.

Other WordPress News

Gutenberg plugin updates:

  • Gutenberg 14.9 (Jan 4) introduced an “Apply Globally” button for block style consistency across a site.
  • Gutenberg 15.0 (Jan 18) added “Paste Styles” and sticky positioning for blocks, alongside a revamped block sidebar with Settings & Styles tab.

Community & Sites:

  • WordPress.org redesigned sections like HelpHub, Enterprise, and its swag store, Mercantile.
  • Discussions began around replacing the WordPress Slack with a Matrix-powered open chat.

Themes on WordPress.com:
New arrivals included:

  • Twenty Twenty‑Three (default block theme with 10 style variations).
  • Tazza (WooCommerce-focused).
  • Calyx (single-page minimal).
  • Muscat (grid blogging).
  • Loudness (music education)

Security Alerts & Plugin Vulnerabilities

This January saw heightened threats:

  • Linux‑based malware campaigns exploited vulnerabilities in over 30 plugins/themes, injecting malicious JavaScript for visitor redirection.
  • Hide My WP plugin (<6.2.9) had a critical SQL injection vulnerability (CVE‑2022‑4681, CVSS 7.5), patched in version 6.2.9 on Jan 11.
  • Stream plugin (<3.9.2) suffered broken access control (CVE‑2022‑4384, CVSS 4.3), fixed in version 3.9.2 on Jan 16.
  • Multiple XSS vulnerabilities were disclosed in plugins like Quick Event Manager (<9.7.5), Login with Phone Number (<1.4.2), WP Helper Lite (<4.3), Meta Data & Taxonomies Filter (<1.3.1), and Woo Bulk Price Update (<2.2.2).
  • Weekly vulnerability reports from SolidWP reported no new WordPress core issues, but flagged numerous plugin vulnerabilities.

Advice:

  • Update all affected plugins immediately.
  • Use virtual patching (e.g., Patchstack, Sucuri WAF) if updates aren’t feasible.
  • Secure your site: strong admin credentials, regular backup, and monitoring.

Industry Trends & Insights

  • Botnet-driven threats: Malware actors are reusing old vulnerabilities (e.g., CVEs since 2016), highlighting the need to phase out abandoned plugins.
  • PHP 8.x adoption: Core and plugin teams continue to ensure compatibility with PHP 8+, driven by user demand and security benefits
  • UI/UX improvements: Gutenberg’s ongoing stylistic controls point toward richer no-code site-building and improved block-based workflows.

Theme of the Month

Frost
Originally created by Brian Gardner and acquired by WP Engine in 2022, Frost gained traction in January 2023 for its clean, modern design optimized for full-site editing. The theme received updates to better align with Gutenberg Phase 2 and WordPress 6.2 compatibility, making it a top choice among agencies and developers pushing into block-based design. Frost showcases a well-balanced blend of minimalism and creative flexibility, positioning it as a go-to for professionals transitioning into the block era.

Plugin of the Month

MemberPress
With the increased demand for monetization and membership-based websites in early 2023, MemberPress stood out. In January, it expanded integrations with learning management systems (LMS), making it easier to build course-centric WordPress sites. The plugin also enhanced its Stripe integration and introduced more flexible content dripping options, helping creators control access and user progression in dynamic new ways.

Agency of the Month

Seahawk Media
In January 2023, Seahawk Media expanded its global footprint as a leading WordPress services provider specializing in white-label development, website maintenance, hacked site repair, and SEO. With partnerships across hosting companies like GoDaddy Pro and DreamHost, Seahawk strengthened its position as a trusted agency for scalable WordPress support. Their dedication to professional-grade WordPress solutions and fast turnaround made them the standout agency of the month.

Founder of the Month

Jason Cohen (Founder, WP Engine)
Jason Cohen, the founder of WP Engine, stood out in January 2023 as the company’s Genesis and headless WordPress initiatives gained momentum. WP Engine’s focus on developer tools, modern block themes (like Frost), and enterprise solutions reflected Cohen’s long-term vision of scaling WordPress for high-performance, content-driven applications. This month, his influence on the hosting and developer tooling ecosystem made him a key figure.

Host of the Month

Nexcess
In January 2023, Nexcess stood out with its fully managed WordPress and WooCommerce hosting solutions tailored for high-growth websites and online stores. Backed by Liquid Web, Nexcess continued to enhance its StoreBuilder platform, allowing users to launch eCommerce sites quickly without coding. With daily automatic backups, advanced caching (via Object Cache Pro), and built-in CDN, Nexcess delivers a fast, secure, and scalable experience ideal for WordPress professionals and SMBs. Their transparent pricing and strong customer support made them a standout hosting provider to start the year.

Looking Ahead to February 2023

  • WordPress 6.2 Beta 1 is scheduled for early February, closing out Gutenberg Phase 2
  • Continued Gutenberg plugin releases, refinement of block UX, and further style & accessibility tooling are expected.
  • Security momentum will continue, patching XSS, SQLi, and other plugin vulnerabilities remains critical.
  • Theme innovation will grow as block-based design adoption accelerates.

Conclusion

January 2023 demonstrated that WordPress is evolving rapidly: Gutenberg is becoming more powerful, core compatibility is tightening, and security challenges are sharp reminders to stay vigilant. With milestone releases on the horizon and community energy high, WordPress enters February ready to cement the groundwork laid this month.

Scroll to Top