Issue #211 | March 18, 2025 | Reading time: 18 mins
Hello!
This week on The WP Week Newsletter, we cover significant developments in the WordPress ecosystem, including Newfold Digital’s drastic reduction in its Five for the Future pledge from 329 hours to just 20, impacting contributions from Yoast and YITH. WordPress 6.8 Beta 2 has been released, introducing a new function for streamlined block registration and enhanced internationalization.
On the security front, over 1,000 WordPress sites have been compromised with JavaScript backdoors, and a high-severity vulnerability in the All-in-One WP Migration plugin has been patched.
The WordPress Security Report 2024 by Patchstack and Sucuri revealed nearly 8,000 vulnerabilities last year, with 96% in plugins. Discussions at the WP:25 virtual conference highlighted the future of WordPress, including AI integration and enterprise adoption.
Don’t forget to subscribe and listen to the podcast version of this newsletter, where you can hear more details and discussions about these topics and more.
See you next week!
Team WP-CONTENT.CO
🙌 This weekly newsletter is kindly sponsored by Kinsta, Omnisend, and WP Job Openings
🗣️TALK OF THE TOWN
Newfold Digital has significantly scaled back its contributions to WordPress, reducing its Five for the Future pledge from 329 hours per week to just 20. The move means Newfold-owned Yoast and YITH are no longer pledging any hours, with all contributions now brought under Bluehost.
📰 WORDPRESS & AROUND
All the updates around WordPress and its closely related technologies
The beta 2 is now available for download and testing. We can expect beta 3 later today.
- More efficient block type registration in WordPress 6.8: WordPress 6.8 introduces a new function wp_register_block_types_from_metadata_collection(), which allows plugins to register multiple block types with a single function call.
- A helpful performance warning for developers in the ‘useSelect’ hook: WordPress will now display a warning when SCRIPT_DEBUG is enabled to help consumers identify possible performance bottlenecks.
- Internationalization improvements in WordPress 6.8: Various internationalization (i18n) improvements are in WordPress 6.8 such as Localized PHPMailer messages, Plugin update emails in the admin’s locale, and so on.
- WooCommerce 9.8-RC-1 is delayed: Initially scheduled for Monday, March 17, 2025, the release of WooCommerce 9.8-RC1 has been postponed to Monday, March 24, 2025. This is due to an issue with WordPress 6.8 Beta 2 where the Site Editor fails to load when WooCommerce is active.
- WooCommerce Blocks client files relocated to complete monorepo merge: The WooCommerce team has completed the the WooCommerce Blocks client monorepo merge as of March 5, 2025. This has been done to improve the structure and consistency of the WooCommerce codebase.
- Over 1,000 WordPress sites infected with JavaScript backdoors enabling persistent attacker access: The JavaScrip code injects four backdoors allowing attackers multiple re-entry points. These backdoors enable attackers to install a fake plugin, modify critical files, add unauthorized SSH keys, and execute remote commands. The malware is being served via cdn.csyndication[.]com, with nearly 908 affected websites identified so far.
- WordPress backup plugin vulnerability affects 5+ million websites: An unauthenticated PHP object injection vulnerability was patched and users are to update to the latest version immediately.
- Pocket Casts’ web player is now available to all: The web player is now accessible to all and no subscription is required.
- Google updates structured data requirements for return policies: Google requires e-commerce stores to specify in their structured data which country their return policies apply to.
- Meta wants its advertisers to connect to Google Analytics: Meta is offering advertisers early access to ad system updates in return for integrating Google Analytics with their ad accounts.
- Google to replace Google Assistant with Gemini: Google will be replacing Google Assistant with Gemini later this year, this is across mobile phones, tablets, cars and devices that connect to your phone, such as headphones and watches and even some TV-connected devices.
- Google publishes new robots.txt explainer: Google published a new Robots.txt refresher explaining how Robots.txt enables publishers and SEOs to control search engine crawlers and other bots (that obey Robots.txt). The documentation includes examples of blocking specific pages (like shopping carts), restricting certain bots, and managing crawling behavior with simple rules.
- Google opens Gemini Deep research to free users (With Limits): Google announced it will make its Deep Research feature available to all users for free on a limited basis, while introducing several updates to Gemini. With this rollout, Gemini is now equipped with enhanced reasoning capabilities, personalization features, and expanded app connectivity.
👥 COMMUNITY NEWS
Updates and News from the WordPress Community
Patchstack along with Sucuri have published the annual WordPress Security Report and finding reveals that in 2024, 7,966 new vulnerabilities were found of which 96% of the vulnerabilities were uncovered in plugins, and 4% were found in themes. When it comes to WordPress Core, only seven vulnerabilities were found. Also, Cross-Site Scripting (XSS) remains the most widespread vulnerability.
- WP:25 recap: The future of WordPress: Tom Willmot gave a recap of the recently concluded WP:25 virtual conference, highlighting key discussions on the future of WordPress, including AI integration, Full Site Editing (FSE), enterprise adoption, and the evolution of open source. In the closing session Mary Hubbard, Executive Director of WordPress, talked to Noel about what’s next for the world’s favourite CMS in the coming year.
- WP Publisher Success Week e-book now available: State of Digital Publishing has released an e-book featuring insights and highlights from last month’s WP Publisher Success Week 2025 event.
- OSS Capital revamped website launching this week: Joseph Jacks, the Founder and General Partner of OSS Capital confirmed this via X and that the new website will be powered by WordPress and will be using the WordPress VIP platform.
- The official Wapuu mascot for WordCamp Europe 2025 unveiled: The Wapuu was designed by Ioanna Aravani and Sophie Porte from the WCEU Design Team and is inspired by the Basel Carnival.
- New milestone for Amelia Booking for Appointments and Events Calendar plugin: The plugin has now surpassed 80,000 active installations.
- Kadence Blocks has officially surpassed 500,000 active installs: A major milestone for the Kadence Blocks project and its growing community.
- Matt Medeiros on what happens if open-source WordPress only sees two major updates: Matt Medeiros on X started a discussion based on Matt’s recent message on the #core-committers Slack channel regarding a proposed timeline for WordPress releases. Several community members expressed their opinion. Robert DeVore said, “The community innovates as it always has. Then Automattic will buy/borrow the relevant pieces that stand out during that time as it always has.” and Sinan said, “ as long as there are bug and security updates I dont care about anything else it can even stay as it is 10 years community will keep develop and innovate”.
- Jack Forge on the biggest financial opportunities in the next year: According to him it will be in code audits of AI-built products. He also stated how a skilled programmer can use it to their advantage to start an audit business, advertise, and secure work.
- Eric Karkovack will be the new host for The WP Minute’s short-form show: He will take over this role from Matt Medeiros and will focus on creating content that helps WordPress freelancers learn and grow.
- Kinsta is now sponsoring Tammie Lister and Junko Nukaga for their contributions towards WordPress: Tammie Lister and Junko Nukaga are now sponsored by Kinsta. In addition to Kinsta, BigScoots is also sponsoring Tammie Lister.
- WP Engine wins Gold Stevie® Award for outstanding customer service: WP Engine’s Customer Experience (CX) team has won the Gold Stevie Award for Customer Service Department of the Year in Computer Services, marking another milestone in their history of exceptional support. WP Engine has been consistently recognized for its exceptional customer service, winning multiple Stevie Awards since 2015. WP Engine also recently introduced its new Agency Hosting Plans.
- Peter Tarka highlighted Dribbble’s terms of service change: The key update states that designers and clients who connect through Dribbble must process payments on the platform. Designers are no longer allowed to share contact details (such as email, phone numbers, or social media) before a payment is made. However, after the payment is completed, both parties can exchange contact information.
🚀 NEW PROJECTS
- Rémi Corson on building a TailwindCSS editor directly into Gutenberg: On X, he shared a video snippet of his project, which integrates a TailwindCSS editor into Gutenberg.
- Introducing Monitor by Fueled+10up: Monitor by Fueled+10up is a unified site health tracking tool.
- PHPacker launched: Willem Leuverink has launched PHPacker, which allows users to package any PHP script or PHAR into a standalone, cross-platform executable.
- All new Polls Block plugin: Bhargav Bhandari has created the Polls Block plugin that allows users to add customizable polls to any post or page.
- Head Meta Pro version launched: Jeff Starr has launched Head Meta Pro, the premium/pro version of the free plugin hosted at WordPress.org, Head Meta Data.
🔖 INTERESTING READS & PODCASTS
More posts and podcasts from the WordPress Community you don’t want to miss
- Why WordPress is a tough sell for marketing students: The Progress Planner team has launched a new blog series called, Progress for WordPress their perspectives on the latest WordPress news and trends. In this post, the discussion is centered around the challenge of introducing WordPress to complete beginners, particularly marketing students, the hurdles, and what WordPress needs to do.
- The value of open source software research by Harvard: The study highlights key insights, including how a $4.15 billion investment in open-source software (OSS) creates $8.8 trillion in value for businesses. It also reveals that without OSS, companies would have to spend 3.5 times more on software than they do today, among other findings.
- 16 Years of rtCamp: Expansion, innovation, and new frontiers: As rtCamp turns 16, Founder & CEO Rahul Bansal reflects on the company’s expansion, ongoing commitment to open-source, and new ventures beyond WordPress. Rahul Bansal, also appeared as a guest on the WP Tavern Jukebox podcast, where they discussed working with enterprise clients in the WordPress space, the opportunities in the enterprise space, and more.
- Can poor-performing YouTube Shorts affect views for longer form content?: Jamie Marsland breaks down how poor-performing Shorts negatively affect engagement on longer videos and how to prevent it.
- Adam Zieliński on code contributions he is proud of: In this post, Adam Zieliński highlighted the technical contributions he’s particularly proud of, including WordPress Playground, Blueprints, Data Liberation, and more.
- From 2017 to Now: How influencer marketing has transformed in WordPress space: Lana Miro who has been working with content creators for seven years analyses how influencer marketing has evolved over these years. She states that initially, there was less competition, and brands were eager to experiment with affiliate marketing and collaborations. Growing an audience felt more organic due to fewer content creators. Today, the landscape is more competitive, requiring higher-quality, well-planned content.
- What is a “Website Care Plan” and what’s included?: Kyle Van Deusen talks about what you should include, avoid, and charge when it comes to a website care plan. From The Admin Bar.
- The accidental engineer: How Milana found her place in WordPress: The post highlights Milana Cap’s journey from being a musician and theater professional to becoming a WordPress engineer. From XWP.
- Building WordPress Plugins with AI: Brian Coords joined Nick Diego and Vikas Singhal on a webinar focused on building WordPress plugins with AI for InstaWP.
- Publishers still choose WordPress: In this episode of the WP Minute+ Podcast, Matt sits down with Steve Burge, founder of PublishPress, to discuss why publishers choose WordPress despite growing competition and shifting industry trends.
- Securing the supply chain, insights from the WordPress 6.8 update with John Blackbourn: In this episode of the Scaling Enterprise WordPress and OSS, hosts Tom, Brad and Karim welcome John Blackburn, director of WordPress Security at Human Made and lead of the WordPress core security team where they discuss the upcoming WordPress 6.8 release and its significant security enhancements, including the switch from pHpass to Bcrypt for password storage and more. From Doo the Woo.
- In conversation with Remkus de Vries: Bud Kraus spoke with Remkus de Vries about his childhood, personal experiences, passion for powerlifting, and his work in WordPress, including performance optimization and his startup, Scanfully.
- 2025 Design in Tech Report (Unedited): Autodesigners on Autopilot: The key takeaways include AI is not replacing designers but transforming how design is done, AI experimentation is becoming significantly cheaper and faster, UX is evolving into AX, reducing UI in favor of direct AI execution and more.
- How to write useful commit messages: Michael Lynch shared insights from his 20 years as a software developer on writing effective commit messages that streamline code reviews and improve long-term maintenance. From Refactoring English.
- The :not selector in use: SilvestarBistrović shared his most common use cases for the :not selector usage.
- 6 Quick tests to score your web accessibility risk: Gen Herres shared six questions you can use to determine your web accessibility risk.
🛠 GUIDE ZONE – HOWTO’S and MORE
Handpicked fresh guides from WordPress circle
- How to disable and lock Gutenberg blocks: From Kinsta
- Change your local site WordPress and PHP versions with Studio: From WordPress.com
- How to identify accessibility charlatans: From Anne Bovelett
- The hitchhiker’s guide to configuring VS Code (and Cursor) for WordPress code standards using PHPCS, PHPCBF, and PHPStan: From Jack Arturo
- Baseline status in a WordPress Block: From CSS-Tricks
- Add categories to a block theme menu: From Ask Design
📆 SAVE THE DATES
Do not miss a WordPress event ever again
- The Dutch PHP Conference 2025 on March 18-21, 2025: The tickets are now available.
- Empower Her: Advancing Women in the Workplace and Beyond on March 18-21, 2025: The registration is still open.
- DE{CODE} 2025 on April 15, 2025: The registrations are now open.
- Web Agency Summit on April 7-11, 2025: The registration is now open.
- PressConf 2025 on April 23-26: A conference for WordPress Professionals and the tickets are now available.
- WordCamp Lisboa 2025 on May 16-17, 2025: Tickets are now available.
- WordCamp Europe on 5-7 June 2025: Tickets are expected to be available soon.
- WordCamp US on August 26-29, 2025: The call for organizers is now open.
- WordCamp Asia 2026: It is tentatively planned for early February 2026 and the call for organizers is now open.
🎁 WORDPRESS DEALS OF THE WEEK
Again, these are the best deals of the week, handpicked by yours!
EXCLUSIVE DEALS
- 4 Months free offer on hosting plans of WP Engine (Coupon Code- FREEDOMTOCREATE)
- 10% off on monthly & annual plans at SureTriggers (Coupon Code- WPCONTENT10)
- 15% off yearly plans at Videvo (Coupon Code – WPV15)
MORE DEALS
- 50% off for the first 6 months on all monthly standard plans at Kinsta
- 50% off on Paid Memberships Pro from February 20th-24th
- 50% off 3 months on Liquid Web’s Bare Metal server hosting
- 40% off for Constellation plugin
This weekly newsletter is kindly sponsored by awesome WordPress Companies 🦸♂️🙌
Last but not least, updates from WP-CONTENT.CO 👇
The WordPress Foundation has successfully obtained trademarks for “Managed WordPress” and “Hosted WordPress” in the UK and Australia…
With the passage of time, many things are bound to change, from preferences to styles and so on….
Mehbub Rashid, a web developer, recently spotted something unusual after searching for a security plugin from the WordPress…
WordPress 6.8, the upcoming first major release of 2025 will make a drastic change as it will replace…
Team WP-CONTENT.CO
Issue #211 | March 18, 2025 | Reading time: 18 mins
This weekly newsletter is kindly sponsored by Kinsta, Omnisend, and WP Job Openings
Built with Newsletter Glue.