September 2022 marked a period of significant dynamism within the WordPress ecosystem. This transformative month saw steady advancements in the Gutenberg editor with new releases, intense preparation for the upcoming WordPress 6.1, and a crucial spotlight on plugin vulnerabilities. From core development to community collaboration, let’s dive into the key happenings that shaped WordPress during September 2022.
September 2022: A Collaborative Ecosystem
Consistent with its open-source philosophy, September 2022 saw no major mergers or acquisitions within the WordPress landscape. The focus remained firmly on community-driven development, infrastructure enhancements, and refining the tools that empower millions of websites worldwide. This collaborative spirit continued to define WordPress’s unique strength.
Core Development & Gutenberg’s Progress in September 2022
The WordPress core team was in full swing during September 2022, laying crucial groundwork for the highly anticipated WordPress 6.1 release (codenamed “Misha”), scheduled for early November.
- WordPress 6.1 Beta Releases: On September 21, 2022, WordPress 6.1 Beta 1 was critically released, followed by Beta 2 on September 27. These releases were crucial for widespread testing, allowing developers and users to identify bugs and provide feedback before the final stable version.
- Gutenberg 14.1 Lands (September 15, 2022): This significant update for the block editor brought enhanced typography and spacing support to numerous blocks, further consolidating design tools. It also included improvements to the Navigation block and refined the content-locking experience. Notably, this was the last version of Gutenberg (along with versions 13.1-14.1) to be merged into WordPress 6.1 core.
- Gutenberg 14.2 Released (September 28, 2022): Ending the month strong, Gutenberg 14.2 arrived with notable improvements. Highlights included refined writing flow, a more polished Calendar block, and more intelligent auto-completion for links across blocks. These incremental enhancements steadily improved the editing experience.
- Fluid Typography Discussions: Throughout September 2022, discussions around implementing fluid typography into WordPress 6.1 gained momentum. This feature, allowing text to scale smoothly with view-port size, represented a significant step towards more responsive and accessible web design.
Full-Site Editing Outreach Continues to Grow
The Full-Site Editing (FSE) Outreach Program continued its vital work in September 2022. The program actively guided contributors through various testing calls, gathering invaluable feedback on the Site Editor and block-based themes. This sustained effort was crucial for refining the full-site editing experience ahead of WordPress 6.1.
Security Landscape in September 2022: Vigilance is Key
September 2022 underscored the persistent need for robust security practices, as several high-severity vulnerabilities were identified across the plugin ecosystem. These disclosures highlighted the importance of prompt updates and proactive site maintenance.
Notable Plugin Vulnerabilities from September 2022:
- WP Fastest Cache < 1.0.1: An Authenticated Stored Cross-Site Scripting (XSS) vulnerability was found in versions prior to 1.0.1, allowing attackers with administrative access to inject malicious scripts. This was actively addressed in September.
- WooCommerce Payments < 4.4.0: An authenticated Cross-Site Request Forgery (CSRF) vulnerability was identified, potentially leading to unauthorized actions. Users were urged to update to a patched version.
- WP Statistics < 13.1.2: A reflected Cross-Site Scripting (XSS) vulnerability (CVE-2022-3893) was disclosed for versions before 13.1.2, impacting how user-supplied data was handled. The issue was addressed in a September update.
- Download Monitor < 4.7.4: An unauthenticated stored XSS vulnerability was identified in versions before 4.7.4, allowing attackers to inject scripts into download details. A fix was provided in September.
Theme Vulnerabilities Remain Less Prevalent
While plugin vulnerabilities dominated the security news in September 2022, the theme ecosystem saw relatively fewer high-severity exposures. This trend provided relief, though constant vigilance remained necessary across all site components.
Expert Warnings: Prioritize Updates
The sheer volume of vulnerabilities, particularly within plugins, reinforced a consistent message from security experts throughout September 2022: regular plugin and theme updates, diligent security audits, and immediate patching are non-negotiable for safeguarding WordPress websites against evolving threats.
Industry Trends & Insights from September 2022
- Performance Focus for 6.1: With WordPress 6.1 development in full swing, September 2022 saw an increased emphasis on performance improvements. Efforts included optimizing query caching, improving asset loading, and refining the platform’s overall speed.
- Full-Site Editing Maturation: The continuous iterations of Gutenberg and the FSE Outreach Program highlighted the maturing vision for full-site editing. Discussions focused on making the Site Editor more intuitive and robust, solidifying its future as the primary WordPress design interface.
- Community-Led Testing: The active beta releases for WordPress 6.1 and the FSE testing calls in September 2022 underscored the critical role of the community in quality assurance. This collaborative testing model is fundamental to WordPress’s stability and growth.
- Growing Importance of Managed Hosting Security: As vulnerability disclosures continued, the value proposition of managed WordPress hosting providers offering built-in security features, such as automatic updates and proactive threat detection, became increasingly evident.
September 2022‘s Top Contributors
Theme of the Month: Twenty-Twenty-Three
Twenty Twenty-Three, the new default block theme slated to ship with WordPress 6.1, was a significant topic in September 2022. Its preview highlighted the diverse style variations contributed by the community, showcasing the collaborative power of WordPress design. This forward-looking theme represents the future of site building.
Plugin of the Month: Advanced Custom Fields (ACF) 6.0
Advanced Custom Fields (ACF) made a significant impact in September 2022 with the release of ACF 6.0. This major update brought exciting features like a new custom post type UI and improved block creation workflows, further solidifying ACF’s position as an indispensable developer tool.
Host of the Month: SiteGround
SiteGround consistently provided reliable performance and proactive security measures throughout September 2022. Their commitment to managed updates, optimized hosting environments, and strong firewall protection helped countless WordPress sites stay secure and performant amidst ongoing vulnerability concerns.
Agency of the Month: Seahawk Media
Seahawk Media continued to impress throughout September 2022, providing targeted WordPress support and educational outreach. They were instrumental in producing hands-on guides for block editing, essential plugin security hardening, and eCommerce optimization, actively helping clients and the broader community navigate the evolving WordPress landscape.
Founder of the Month: Ram Gall (Wordfence)
Ram Gall, Senior Security Researcher at Wordfence, takes the spotlight as Owner of the Month for September 2022. Gall was pivotal in safeguarding the WordPress ecosystem by publishing timely vulnerability reports and in-depth security advisories. His work empowered site owners to act quickly on emerging threats, especially during a period marked by several high-risk plugin flaws. Gall significantly strengthened the WordPress community’s defense posture through his leadership in vulnerability disclosure and education.
Looking Ahead to October 2022
As September 2022 drew to a close, the WordPress community eagerly anticipated a dynamic October 2022:
- The crucial WordPress 6.1 (“Misha”) development phases, including Release Candidate releases, leading up to its November 1st launch.
- Continued advancements in Gutenberg, with 14.3 and 14.4 expected to bring further refinements to writing and typography tools.
- Ongoing FSE testing rounds to continue refining the Site Editor workflows.
- Security teams were expected to remain vigilant, spotlighting emergent flaws and necessitating rapid patches across the ecosystem.
Summary
In September 2022, WordPress fortified its foundations. Gutenberg saw continuous refinement, core contributors diligently prepped for 6.1, and the community united to tackle security challenges. The ecosystem’s trajectory firmly pointed toward innovative block-first development and robust defenses heading into October and November.