The WordPress Update March 2019
  • Save

The WordPress Update: Officially Powering A Third Of All Websites

Howdy, WordPress friends. We’re checking in with the latest WordPress news and updates in our March 2019 edition of The WordPress Update.

If you’re not already familiar with The WordPress Update, it’s our monthly WordPress news roundup where we share everything that’s happening in the WordPress community, as well as our thoughts on the latest stories. Then, we post it here on the blog and send it out to our newsletter subscribers.

If you want to stay on top of the latest WordPress news and make sure you get all the future versions of The WordPress Update, the best thing to do is to sign up for the newsletter.

This month, WordPress hit a milestone – it officially powers one-third of all the websites on the Internet. Beyond that, we got a new security and maintenance release, and there’s plenty of interesting stuff going on with the block editor and Gutenberg.

Let’s get to all the latest WordPress news from March 2019…

WordPress powers over 33.33…3% of all websites!

W3Techs is a popular site that monitors the technology used by all the websites on the Internet (well, technically it’s just the top 10 million sites according to Alexa, but that should be pretty representative).

Pretty much since its launch, WordPress’ numbers have been increasing. And in March, WordPress hit a nice new milestone…

On March 1st, WordPress officially hit the mark to power one-third of all websites. Yes – 33.3% repeating of the Internet runs on WordPress.

In fact, as we’re writing this update, WordPress has already sprinted past the one-third mark and is now up to 33.5% of all websites.

If you’d like to see W3Techs’ data, you can check it out here. And for some context on that data, you can read Joost’s celebration post at WordPress.org.

WordPress 5.1.1 patches critical vulnerability

Last month, we talked about the latest WordPress major release – WordPress 5.1 “Betty”. In March, we got a security and maintenance release – WordPress 5.1.1 – to fix a cross-site scripting vulnerability found in WordPress 5.1 (and previous versions of WordPress).

Because this is just a security and maintenance release, your site should have updated automatically (unless you turned off automatic updates).

If your site isn’t running WordPress 5.1.1, however, we’d recommend that you update as soon as possible to keep your site secure.

Beyond the security fix, WordPress 5.1.1 also introduced some more PHP-related features. Speaking of…

WordPress officially ends support for PHP 5.2 – 5.5

As of a few days ago, WordPress has officially ended its support for some of the oldest versions of PHP. Specifically, WordPress will no longer support PHP 5.5 and under.

According to the WordPress.org usage stats, this will affect about 20% of WordPress sites.

Now, despite dropping support for the oldest of the old, WordPress will continue to support PHP 5.6, even though PHP 5.6 is itself no longer supported by the PHP Group.

Some people hoped that WordPress would bump its minimum support all the way up to PHP 7+. However, with a whopping 32.4% of WordPress sites still using PHP 5.6 alone, moving all the way to PHP 7+ would leave more than half of all WordPress sites using non-WordPress supported PHP versions.

Still, if you are using PHP 5.6, we’d highly recommend upgrading to PHP 7 as soon as possible because it offers big performance improvements, as well as better security.

To learn more about this decision, check out WP Tavern’s article on the subject.

If you’re not sure what all this PHP talk means, we’re referring to the PHP version that’s installed on your server via your web host. If you want to upgrade, you can speak to your host’s support about what steps need to be taken. At many hosts, upgrading your PHP version is as simple as choosing an option in your hosting dashboard, though you’ll want to make sure all the plugins you use support PHP 7+.

Gutenberg 5.3 introduces new block management functionality

Since the official release of the WordPress block editor (AKA Gutenberg), developers have released a huge number of plugins that add extra blocks to the editor. Beyond that, many non-related plugins have added their own blocks to help you use the plugin’s content in the block editor.

That’s all well and good…but it means that your block editor interface can become pretty cluttered.

As a result, developers also released plugins that let you manage and disable blocks that you don’t want to use.

With the latest version of Gutenberg, though, that will soon become a core block editor feature. That is, you’ll get a new Block Manager tool that lets you enable or disable blocks as needed.

This feature is currently out in the plugin version of Gutenberg (version 5.3), but you won’t see it in the WordPress core until the next major release – WordPress 5.2.

Beyond the new Block Manager, Gutenberg 5.3 also let you nest other blocks inside of a cover block, which creates some neat opportunities for hero sections and other calls to action.

To learn more, check out this WP Tavern post.

Automattic takes on Facebook with “A Meditation on the Open Web”

This one isn’t “news”, so to speak. Instead, it’s just an interesting little video release from Automattic that supports the open web (and takes some shots at Facebook’s closed garden).

You can watch the video below:

Freemius patches a severe vulnerability in its library, which is used by many popular WordPress plugins

Freemius is a popular service that plugin developers use to manage payments, delivery, analytics, etc. for the plugins that those developers sell.

In late February/early March, Freemius discovered (and then quickly patched) a security vulnerability in its library.

If you’re using a plugin from a developer who uses the Freemius service, you’ll want to update those plugins ASAP to keep your site secure.

To learn more about the vulnerability, WP Tavern has a good writeup on the issue.

Here’s why there was no fatal error protection in WordPress 5.1

WordPress 5.1 was supposed to introduce a new fatal error protection feature to stop you from accidentally breaking your site.

However, at the last minute, this feature was pulled from the release because of multiple security concerns. The biggest issue was the idea that malicious actors could abuse the fatal error protection to target and deactivate plugins. For example, someone could force the fatal error protection into action in order to deactivate a two-factor authentication plugin.

Because of those potential issues, the core team is revamping their approach to fatal error protection and introducing a new “recovery mode” feature that won’t have those vulnerabilities.

To learn more about the problems with the initial implementation, as well as the core team’s new plans, check out Felix Arntz’s post at WordPress.org.

Sucuri releases 2018 Website Hack Trend Report

Every so often, Sucuri releases a Website Hack Trend Report that, based on their own unique data, analyzes trends in hacked websites (as the name would suggest).

You can check out the full report here, but here are some of the notable trends from 2018:

  • The percentage of infected sites using WordPress rose from 2017 to 2018, moving from 83% to 90%
  • 36.7% of hacked WordPress websites were running an out-of-date version of their software when they were infected, which is another good reminder to keep your site updated
  • The three most popular malware families were backdoors, malware, and SEO spam

Because of WordPress’ popularity, it makes an especially juicy target for hackers, which is why it shows up in such a huge percentage of hacked websites in Sucuri’s report.

WordPress Designers seek feedback on navigation menu block prototype

As part of Gutenberg’s onward march into theme customization, the core team is looking into a new navigation menu block that will let you insert a menu via a block.

The project is still very early on, which is why the designers are seeking feedback on some prototypes of how the design and creation flow might work.

If you’d like to see the images and leave your feedback, check out this WordPress.org post. Beyond leaving feedback on the blog post itself, you can also leave feedback via GitHub.

The team wants to have a final design by the end of March, so make sure to get your suggestions in soon!

And that wraps up all of the most important WordPress news and articles from March 2019.

Make sure to subscribe to the newsletter by using the box below. And also check back next month for all the exciting news that’s bound to drop in April.

  • Save