Call for Testing: WordPress 6.8 RC1

The WordPress 6.8 Release Candidate 1 is now available on WordPress VIP. Use the Software Management page to update your non-production sites to WordPress 6.8 for testing.

What’s Changing?

WordPress 6.8 Release Candidate 1

Testing this release candidate is the next step in preparing your site for the WordPress 6.8 release slated for April 15, 2025.

How to test WordPress 6.8

Local Environment

Ensure VIP-CLI is updated:
npm update -g @automattic/vip

Update environment:
vip dev-env update --slug SITENAME

Non-production

Alternatively, you may update a non-production site to WordPress 6.8 RC1 now.

Within the Software Management section of the VIP Dashboard, you can select your non-production environment and change the WordPress version to “6.8″ within the “Testing” section.

Testing is vital to polishing the release during the Release Candidate and a great way to contribute. ✨

Not for Production Environments

WordPress VIP does not recommend using Release Candidate or Beta versions in production environments. Any sites that have managed updates will automatically be updated to WordPress 6.8 when released on April 15.

Questions?

If you have testing feedback or questions related to this release, please open a support ticket, and we will be happy to assist.

Removing restrictions on Media Imports 

Following feedback from customers, we’re pleased to make media imports even easier on the VIP Platform. We have now removed all limits for what file types can be imported using our VIP-CLI tool.

Previously our import tool matched the default limitations in WordPress, allowing the import of files as long as they matched a list of allowed file types. Uploading disallowed file types prior to this update required contacting support. After consultation on the security implications, we are happy to remove this restriction allowing any file of any type to be imported using the vip import media command provided by our CLI.

No updates to the VIP CLI are necessary for you to benefit from this improvement.
We’re always pleased to receive feedback from customers and improve our product to make your work easier. Our documentation on media imports contains more details, and please reach out to us if you have any questions!

New Feature: Deny Requests Based on User Agent

We’re excited to introduce another new access control feature in the VIP Dashboard. You can now block requests based on the user agent, adding an additional layer of protection for your application powered by the VIP CDN.

What’s New?

This feature allows you to block requests from specific user agents, such as AI crawlers and unwanted bots, before they even reach your application. With better control of the traffic accessing your site, you can ensure that unwanted traffic doesn’t impact your app’s performance.

Rules for managing User Agent blocks can be managed in the VIP Dashboard, from the User Agents page, located under the Security Controls section of the VIP Dashboard. Requests can be blocked based on exact or partial matches of user agent strings.

Why This Matters

  • Edge-Based Denial: Requests are blocked at the VIP CDN, reducing application load and ensuring faster response times for legitimate users.
  • No Deployments Required: Easily enable and manage this feature directly from the VIP Dashboard — no code changes or deployments needed.
  • Granular Control: Set rules to block full or partial user-agent strings for better control over your traffic.
  • Independent of IP Restrictions: Use this feature alone or combine it with IP address restrictions for enhanced security.

If you’re currently using the VIP_Request_Block class in your application code to manage user agent blocks, we’ve created a guide to help you transition to this new, easier method of restricting access.

Find out more about this feature in our documentation. 

New Plugin Vulnerabilities Overview 

We’re introducing a new feature in the VIP dashboard that highlights the importance of proactive security management for your WordPress environment. Starting today, a new graph will display plugin vulnerabilities over time, giving you a clear view of security risks tied to plugins. 

You can access this new graph in the Vulnerability Statistics tab on the Plugin page in the Code section of the dashboard.

Why This Matters

We often hear that users struggle to get a comprehensive picture of their site’s security, particularly when it comes to plugin vulnerabilities. This feature aggregates vulnerability data to show you trends over time. The more vulnerabilities that are open, the higher the security risk. A rise in vulnerability curves correlates to an increased need for swift action.

Find out more about the plugin panel in the VIP Dashboard in our documentation. 

Looking Ahead

In future releases, we plan to refine this feature by allowing deeper insights into how the data can be used to strengthen security practices. A soon to be released feature will help you to stay on top of vulnerabilities by allowing you to get notified when certain thresholds get breached.

Stay proactive, stay secure.

New Parse.ly Report: “Your Year in Content” Report

We’re excited to introduce Your Year in Content, a year-end report that provides a high-level view of your site’s content performance over the past calendar year.

What’s included

This report compiles key metrics at the site level, helping you assess your content strategy and impact:

  • Total performance metrics – Yearly page views and visitor counts tallied in one place.
  • Top content analysis – Your top 5 posts, most engaging sections, and highest-impact authors.
  • Key content insights – Additional data to give you a full picture of your year’s performance, such as your top-tweeted post or top search-driven post.

Why it matters

  • Inform strategy – Use past performance to guide future content decisions.
  • Team recognition – Highlight top-performing content and contributors.
  • Annual planning – Leverage insights to set data-driven goals for the year ahead.

How to access your report

Your Year in Content report is available now! To view it, replace {{SITEID}} with your site’s ID, such as wpvip.com in the below URL.

http://dash.parsely.com/{{SITEID}}/year-in-content 

Note: This report is available only at the individual site level and will not appear in the reporting section of the Parse.ly dashboard.

New Feature Release: Parse.ly Custom Report Capability

We’re pleased to announce the launch of the custom report capability in Parse.ly, an enhancement to the report generation process that gives you greater flexibility and control over your data. This feature allows you to preview and customize your data before generating your final report.

Why this matters

Modern content teams need adaptable reporting tools to make informed decisions. With the new report generation tool, you can:

  • Personalize report structures by customizing the layout.
  • Edit or rearrange sections and metrics to match your needs.
  • Preview data before finalizing your report, ensuring accuracy.

This feature is particularly valuable for teams that rely on tailored insights, allowing them to generate reports that align with their specific reporting needs.

Which reports can I customize?

The first phase of this release makes the new report available within the Details Report. Future updates will extend this capability to additional pre-built reports. No special setup is required to start using this capability.

You can learn more about the custom report capability here. If you have any questions, send us an email at [email protected]—we’re happy to assist!

Notice: Deprecation of Legacy Authentication in the VIP Dashboard on February 28, 2025

As previously announced, we are deprecating our legacy authentication method in favor of VIP Authentication in the VIP Dashboard. All users who log in via GitHub or WordPress.com are required to upgrade to VIP Authentication to maintain access to the VIP Dashboard. If you’ve already upgraded to VIP Authentication, no additional action needs to be taken.

Deadline for Upgrade

Date: Friday, February 28, 2025

After this date, permissions for your VIP Dashboard user account will be revoked, and you will not be able to view any applications or organizations you previously had access to. 

FAQs

  • Who is affected? Users who log in to the VIP Dashboard via GitHub or WordPress.com. This does not affect users who log in using SSO.
  • What action is needed? Upgrade to VIP Authentication. If you’ve already upgraded to VIP Authentication, no additional action needs to be taken.
  • What if I miss the deadline? If you do not upgrade in time and lose access to the VIP Dashboard, your permissions can be reinstated by contacting an Org Admin for your organization. You will need to set up Multi-Factor Authentication (MFA) on VIP Authentication once your permissions are reinstated.
  • What if users in my Organization missed the deadline? If someone from your team hasn’t upgraded on time, they will need to be re-invited to the VIP Dashboard. You can follow these instructions to add them again.

How to upgrade

Here’s how to upgrade to VIP Authentication. Users logging in with SSO do not need to upgrade.

  1. Visit dashboard.wpvip.com/opt-in to start the upgrade process.
  2. Log in to the VIP Dashboard using WordPress.com or GitHub as you normally would.
  3. You may be prompted by WordPress.com or GitHub to authorize the VIP Dashboard to access your account information.
  4. Once authorized, use your current MFA method to verify your identity.
  5. You will then land in the new VIP Authentication setup screen. Select either a passkey, an authenticator app, or SMS as your new authentication method to set up.
  6. After the setup, make sure to save your backup codes in a safe place.
  7. And that’s it! Once VIP Authentication is set up, you can add or edit authentication methods directly from the VIP Dashboard Settings page.

If you have any issues with the upgrade, please contact our support team.