Howdy folks, we’re checking in to let you know that we’ve just updated our priv…wait, no, that’s not right. Sorry, I spent too much time clearing out my inbox this week and my brain’s a little addled.

Let me start again – we’re checking in with yet another version of The WordPress Update. If you’re not already familiar, that’s our monthly installment where we round up the most important WordPress news of the month, throw in some of our own thoughts and analysis, and share it in our newsletter and on the blog.

If you want to get all the future versions of The WordPress Update, make sure to click that big subscribe button to the right (or at the bottom of this post).

In May, we saw a big “minor” update, the GDPR officially went into effect, and some nasty actors are exploiting weak WordPress.com credentials to take over certain self-hosted WordPress sites.

Keep on reading to catch up with everything noteworthy that happened in May 2018.

WordPress 4.9.6 was a minor release… but should it have been?

The biggest WordPress news in May was WordPress 4.9.6. True to its version number, WordPress 4.9.6 was billed as a minor “privacy and maintenance release” designed to address some of the provisions required by the new GDPR law that went into effect (more on that next!).

Normally, though, minor releases are just about patching security holes and fixing bugs – not adding completely new features.

WordPress 4.9.6 broke from that mold a bit, though, as it introduced a number of new features like:

  • A new option for anonymous commenters to choose whether or not to save their information as a cookie
  • A new core setting to designate an official privacy page for your site
  • Improved data handling, with an option for site owners to either export or erase a user’s data from the WordPress core and participating plugins

There were also some other minor non-GDPR features, as well. In total, 95 different changes were made as part of the release.

The breadth of the changes in WordPress 4.9.6 led some people to say that it should have been a major release instead of a minor release.

Because Gutenberg is already planned for WordPress 5.0, that meant some people wanted a WordPress 4.10 (rather than 4.9.6, with 6 denoting that it’s a minor release). Previously, there’s never been an X.10 release, so that could’ve been interesting!

The difference between a minor and a major release is significant – minor releases are automatically applied (unless you manually turn off this feature), whereas major releases require you to manually update by default.

Because the changes were causing some issues, the WordPress core team actually turned off the automatic update function for WordPress 4.9.6, though. Those issues should be fixed in WordPress 4.9.7, which is scheduled for release soon after Memorial Day (May 28th).

The GDPR went into effect (and your inbox knew it)

Speaking of WordPress 4.9.6, there’s no bigger story for the Internet this month than the aforementioned GDPR law. And, because WordPress powers a cool 30% of the Internet nowadays, that makes it a big WordPress story, as well.

After a lengthy transition period, the GDPR officially went into effect on May 25th, 2018. You probably don’t need me to tell you that, because as I mentioned in the intro, there’s a good chance your email inbox was bombarded with privacy policy updates from every company you’ve ever interacted with as a result.

If you’re not familiar with this new law, here’s a quick primer.

As you’d expect, May was also filled with articles on how WordPress users can cope with GDPR compliance. Here are some of the best articles that were published in May:

On the subject of email marketing, it’s great to see that most of the top email list building plugins available for WordPress already have features to help you become GDPR compliant. But as Shane from Thrive Themes points out in the article above, tweaks to your forms copy might be enough.

And lest you worry because you haven’t done anything for the GDPR, GeoDirectory points out that most WordPress sites won’t be GDPR compliant by May 25th (I am not a lawyer – but you’ll probably be OK for now!).

WordPress turns 15 years old

While it’s not quite old enough to drive in the States, WordPress just reached a major milestone – its 15th birthday.

With an initial release date of May 27, 2003, WordPress officially turned 15 in March.

Happy birthday, WordPress!

To celebrate, 93digital put together this neat interactive timeline that lets you browse through the dashboard and default theme from every single WordPress major release (yes – it goes from 2003 through today).

Given how WordPress names its major releases, this also serves to give you an education on famous jazz artists – so two birds with one stone! Speaking of, WP Engine featured this neat Spotify playlist that has every single jazz artist from WordPress’ 15 years of releases.

Beyond 93digital’s and WP Engine’s offerings, you can also catch some discussion of WordPress’ birthday on the Post Status Draft podcast.

Are WordPress developers really cheaper to hire?

Ok, this one was technically published at the tail-end of April, but it was late enough that we didn’t manage to squeak it into our April news roundup.

In this post, Torque Mag digs into some of the data to see whether WordPress developers are actually more affordable than other types of developers (as is commonly stated).

It’s not a scientific study or anything, but the prices on sites like Upwork, Freelancer, and Guru.com do seem to support the idea that WordPress developers are underpriced in comparison to other developers.

With that being said, WordPress developers might not be the only ones – Joomla developers don’t fare very well, either!

On this note – if you’re interested in WordPress development, you should also check out this post from Tom McFarlin about whether or not WordPress holds you back as a PHP developer.

Hijacked WordPress.com accounts being used to infect sites

Note WordPress.com was not hacked in any way.

Rather, Wordfence reported on how people are compromising WordPress.com accounts with weak login credentials and then using those accounts to take over any self-hosted WordPress sites that are connected to the WordPress.com account via Jetpack.

The malicious actors then used this control to install a malicious plugin called “pluginsamonsters”. This plugin is invisible when activated and gives the malicious actor full control over the site.

In order for the exploit to work, here’s what needs to have happened:

  • Someone got access to your WordPress.com credentials.
  • You have Jetpack installed on your site and configured so that your site can be managed from WordPress.com

Even if your site wasn’t affected, this is an important reminder that all WordPress.com and Jetpack users need to:

  • Use secure account credentials
  • Take advantage of the two-factor authentication feature that WordPress.com offers

Again – this has nothing to do with a security breach at WordPress.com – it’s all about malicious actors exploiting normal functionality and weak login credentials.

Can you ignore WordPress plugin updates?

Short answer? No. Longer answer? Read this article from Codeable.

In it, Matteo Duò lays out some of the reasons it’s important to update your WordPress plugins.

If you already religiously update – you can probably ignore this one. But if you’re one of those people who uses out-of-date plugins, give this one a read.

An unofficial WordCamp app for iOS from Marcel Schmitz

Love WordCamps but hate browsing mobile websites? If so, this free, unofficial WordCamp iOS app from Marcel Schmitz is for you.

Using WordPress REST API endpoints from WordPress Central and hellodev, it lets you see sessions, speakers, and news for your chosen WordCamp.

The sessions feature should be especially nice while you’re actually attending so that you can quickly check out the available sessions on-the-go. You can even save individual sessions as favorites so that you don’t forget them.

You can grab this app at the iOS App Store.

And that wraps up all of the most important WordPress news and articles from May 2018.

Make sure to subscribe to the newsletter by using the box below. And also check back next month for all the exciting news that’s bound to drop in June.

Posted by Colin Newcomer

Colin Newcomer is a freelance writer for hire with a background in SEO and affiliate marketing. He helps clients grow their web visibility by writing primarily about digital marketing, WordPress, and B2B topics.