Olga Gleckler 5:20 pm on March 25, 2026
Tags: #wcasia2026, contributor day ( 16 )

Join Core at WordCamp Asia 2026 Contributor Day (April 9, Mumbai & Online)

On April 9th, 2026, the CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Teams will gather at Jio World Convention Centre, Mumbai, India, for Contributor DayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/ at WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. Asia — alongside the WordPress 7.0 release celebration.

This is both a milestone moment and a working day. For more details, check the full event schedule.

Please prepare your setup at home

To have a successful day, it is essential to make everything ready. Take it seriously 📝

Downloading and installing software takes time, and trying to make things quick can lead to missing steps and a whole day of debugging in frustration. Let’s make it all calmly ahead of time and, as a result, enjoy the day. Start with forking the wordpress-develop repo to your own GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged by the repository owner. https://github.com/ account and launching it locally.

Make a checkmark that it is working ✅ and be ready to enjoy the day 🚀

WordPress 7.0 Release (rescheduled)

The WordPress 7.0 release cycle is extended, check the Extending the 7.0 Cycle post. This means that we will not have a release party on Contributor Day, but this also opens an opportunity to contribute to the 7.0 release right on Contributor Day.

To understand what needs to be done for 7.0, check the The Path Forward for WordPress 7.0 post.

Testing and real-world validation are valuable at all times. Consider preparing a local or staging copy of a real site to test WordPress 7.0 thoroughly. Sometimes new features or bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. fixes are working fine for themselves but can cause side effects or incompatibilities in some circumstances. So testing in different browsers, on different environments, or, for example, with old versions of GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ to see if there will be no conflictconflict A conflict occurs when a patch changes code that was modified after the patch was created. These patches are considered stale, and will require a refresh of the changes before it can be applied, or the conflicts will need to be resolved. can bring new insights.

Basic level testing should include checks for all essential system functionality, such as:

Post creation
Media handling
Categories and taxonomies
Editor interactions
PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. compatibility
Theme behavior

Real environments surface real issues.

👉🏻 To find out more about contribution in testing, check the Core Test Team at WCAsia 2026: Contributor Day post.

Meet the Core teams table leads

These experienced contributors will guide you during the day on dedicated tables and online in SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/ 🙌🏻

Rutvik Savsani,
Core

Pathan AmaanKhan,
Core

Aditya Dhade,
Core Performance

Weston Ruter,
Core Performance

Aslam Doctor,
Core AI

Deepak Gupta,
Core AI

Gajendra Singh,
Core AI

David Levine,
Core AI online

Isabel Brison,
Core Editor

Mayank Tripathi,
Core Editor

Rodrigo Primo,
WPCSWordPress Community Support A public benefit corporation and a subsidiary of the WordPress Foundation, established in 2016.

👉🏻 We are looking to have more online table leads. Please leave a comment if you are ready to lead one of the tables online at the time of the event.

What About Tickets?

If you are planning to work on TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. tickets or Gutenberg issues, be mindful that:

Work started on Contributor Day may land in 7.1 or later.
That’s normal.
Open sourceOpen Source Open Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL. is iterative.

We encourage contributors to pick tickets that can make progress in a few focused hours — while remaining flexible in case release-related priorities arise.

Core Includes Gutenberg and AI

At WordCamp Asia, Core work will also include:

Gutenberg (the Editor)
Testing efforts
Documentation improvements
Performance and accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility)
Core AI exploration (where applicable)

Contributors interested in AI-related efforts are encouraged to review the AI Team handbook beforehand.

Prepare at home 🏠

Contributor Days are significantly more productive when environments are ready.

Please set up in advance:

Docker or local environment
Node.js / npm
Composer
WordPress develop repository
Test suite
A working local installLocal Install A local install of WordPress is a way to create a staging environment by installing a LAMP or LEMP stack on your local computer.

Download dependencies ahead of time. Shared conference Wi-Fi can slow installations considerably.

If you intend to focus on testing, prepare:

A local copy of a real site
Or staging environments

Prepared contributors contribute. Unprepared contributors troubleshoot setup all day.

Docker / WordPress Development

To get started right away working with us on WordPress and the Gutenberg Editor, please make sure your technical setup is ready. You’ll need a laptop and access to all the accounts we’ve linked for you above.

WordPress Core

If you’d like to contribute directly to WordPress Core, you should start by forking the WordPress Development Repository. Then, make your changes in your own branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch".. Once ready, submit a pull request referencing the related ticketticket Created for both bug reports and feature development on the bug tracker. number. The system will automatically detect the number and link your patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. to the corresponding ticket.

➡️ Go to the repository
➡️ follow instructions in the README.md

WordPress Gutenberg Editor

To contribute to the Gutenberg Editor, you don’t necessarily need Docker. Simply fork the Gutenberg repository, make your changes in a new branch, and submit a pull request. The only requirement is a recent version of Node.js. But we do RECOMMEND setting up a local environment to test changes BEFORE submitting a PR.

➡️ Go to the repository
➡️ Setup instructions can be found here

For Experienced Contributors

We especially encourage experienced Core contributorsCore Contributors Core contributors are those who have worked on a release of WordPress, by creating the functions or finding and patching bugs. These contributions are done through Trac. https://core.trac.wordpress.org to:

Help onboard newcomers
Pair on tickets
Guide first patches
Support testing coordination
Share context

Contributor Day is one of the strongest entry points into long-term contribution. Mentorship on this day has lasting impact. Consider becoming a “Contributor Buddy” — follow WordCamp Asia 2026 news to find our more about this initiative 🙌🏻

For New Contributors

If this is your first time:

You do not need to know everything.
You do need curiosity and preparation (The software installation we keep talking about).
You are welcome.

And if you can’t travel — you can still contribute online.

Core work happens daily in Slack and Trac.

Continue Beyond April 9

If Contributor Day sparks your interest, join the New Core Contributor Meetings held on the 2nd and 4th Thursdays of each month at 17:00 UTC. Check the meetings schedule.

These sessions help newcomers:

Understand workflows
Ask questions
Find tickets
Build confidence

Contributor Day is not about collecting badges.

It’s about becoming someone who shape WordPress. It is a step to your new identity of someone who does and achieves more 💪🏻

In an era where AI can assist with code, what remains uniquely human is collaboration, judgment, and community stewardship 💭

That is what Core contribution builds.

We look forward to collaborating in Mumbai — and online 🫶🏻

Thanks to @isabel_brison, @rutviksavsani, @james-roberts and @jeffpaul for reviewing the article.

#wcasia2026, #contributor-day

Jeffrey Paul 3:27 am on March 25, 2026
Tags: 7-0 ( 67 )

WordPress 7.0 Release Candidate Phase

Note: The 7.0 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch". was created on 26 March. This post should be considered obsolete for the RCrelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). phase of the 7.0 release cycle. Refer to the updated post for expectations and policies in place.

Now that WordPress 7.0 has entered the Release Candidate phase, the following policies are in place.

These policies mainly cover how and when CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. committers can commit. For non-committing contributors, this post may help explain why Core committers make certain decisions.

Committing to Trunktrunk A directory in Subversion containing the latest development code in preparation for the next major release cycle. If you are running "trunk", then you are on the latest revision.

Due to a technical issue that must be resolved before the 7.0 branch is created, branching has been delayed until RC2 later this week (see #64393 and the relevant pull request for background on the issue).

As a result, all commits to trunk will require double sign-off by two core committers until the 7.0 branch is created.

The dev-feedback keyword should be used to request a second committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component.’s review, dev-reviewed should be added to indicate a second committer has reviewed and approved the commit to the 7.0 branch. Commits to the test suite do not require double sign-off.

String Freeze

RC1 release marks the hard string freeze point of the release cycle. While this normally means the Polyglots teamPolyglots Team Polyglots Team is a group of multilingual translators who work on translating plugins, themes, documentation, and front-facing marketing copy. https://make.wordpress.org/polyglots/teams/ can begin translating strings from the upcoming release into their local language, a version-specific branch is required. As a result, strings will not be available for translationtranslation The process (or result) of changing text, words, and display formatting to support another language. Also see localization, internationalization. until the 7.0 branch is created.

Despite this, the normal rules for hard string freeze will be followed:

No new strings are permitted. Exceptions can be made for critical strings (the About page, for example) provided they are properly tagged with the i18n-change keyword in TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. and the Polyglot team is made aware.
Existing strings can be removed and/or duplicated if needed.

Seek guidance from the Polyglots team reps for any strings reported as buggy. A buggy string is one that can not be translated to all languages in its current form.

Tickets on the WordPress 7.0 milestone

For the remainder of the cycle, only two types of tickets may be placed on/remain on the 7.0 milestone:

Regressions: bugs that have been introduced during the WordPress 7.0 development cycle, either to existing or new features.
Test suite expansion: tests can be committed at any time without regard to code or string freezes. This can cover either new or existing features.

Bumping Trunk to WordPress 7.1-alpha

After the 7.0 branch is created following RC2, a follow-up post will be published announcing that trunk is open for commits related to the next version of the software.

Props @desrosj, @amykamala, @jorbin for peer review.

#7-0

John Blackbourn 2:00 am on March 25, 2026

WordPress 6.9.2 retrospective

The WordPress 6.9.2 release on March 10th wasn’t the smoothest, so some members of the Security Team did an internal retrospective to identify how the project can continue to improve release processes, with the aim of ensuring that users continue to have trust in minor releases. Here’s an overview of what went well, what didn’t go so well, and all the action points as a result.

6.9.2

The Security Team decided on a plan to fully ship 6.9.2 prior to starting the backports that are provided as a courtesy to older branches. Normally the commits to trunktrunk A directory in Subversion containing the latest development code in preparation for the next major release cycle. If you are running "trunk", then you are on the latest revision., the currently supported branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch"., and relevant backportbackport A port is when code from one branch (or trunk) is merged into another branch or trunk. Some changes in WordPress point releases are the result of backporting code from trunk to the release branch. branches are all completed before the release process starts, but this increases the time to release the supported branch and greatly increases the time pressure on the team.

The team agreed that it was a good idea to handle trunk and 6.9 prior to committing the backports, that the approach worked well, and that it facilitated shipping 6.9.2 as fast as possible.

6.9.3

Shortly after the release, an issue in 6.9.2 was reported on the support forums that affected classic themes using an unusual approach to template loading. The team paused the backport work to investigate, and decided that it warranted a fast-follow 6.9.3 release out of an abundance of caution.

The fix was shipped in 6.9.3, around eight hours after 6.9.2.

7.0 betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 4

It’s uncommon for a security release of WordPress to ship during the beta period of the next major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope.. This is not intentional, the situation simply doesn’t arise often. In the twenty year history of WordPress it appears to have happened three times previously (3.9.2, 4.0.1, and 6.3.2).

Shortly after the release of 6.9.2, several community members asked if a new beta of WordPress 7.0 would be released containing the security fixes. This was not originally planned but of course makes sense, as the project should encourage as many people as possible to test beta releases and not leave them on a known insecure version until the next scheduled beta.

As a result, WordPress 7.0 beta 4 was released at the same time as 6.9.3 and included both the security fixes from 6.9.2 and the template loading fix from 6.9.3.

6.9.4

Around twenty hours after 6.9.2 was released, the Security Team received a report that some of the fixes listed in the release announcement for 6.9.2 were missing from the package. The team quickly determined that three of the ten commits that were made to trunk did not get successfully merged into the 6.9 branch and were missing from the package as a result.

The merge commits were missed due to human error, but the problem should have been easily caught by the release process. There is no step in the minor releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. process to independently double check that all commits were successfully merged into the active branch. Sounds obvious in hindsight, but it’s a checklist oversight that’s never been spotted.

Backports

Officially only the latest version of WordPress is supported. The Security Team historically has a practice of backporting security fixes, as necessary, as a courtesy to sites on older versions in the expectation the sites will be automatically updated.

Backporting the fixes from 6.9.2/6.9.3 to 22 older branches proved to be very time consuming. While several of the branches were ready ahead of time, several were still being worked on close to release.

Backports back to 6.4 were completed by end of day on Tuesday March 10th.
Backports back to 5.3 were completed by end of day on Wednesday March 11th, mainly due to time constraints from contributors.
Remaining backports were blocked by a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. with the wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ svn server pre-commit hook that prevented pushing to the 5.2 branch and earlier, and issues with branches not syncing to the build server. The wordpress.org systems team members applied several fixes, and backports back to 4.7 were released by end of day on Friday March 13th.
The 6.0 branch (which will be version 6.0.12) remains unreleased due to an unresolved issue with the build. At the time of writing this branch remains unprotected.

Backporting security fixes to a large number of branches (22 at the time of writing) continues to be a source of contention between the security team and project leadership. While the effort required from the security team to backport fixes to a branch is generally proportional to the age of the branch, the bulk of the work is actually taken up by the human processes that are needed to manage such a large number of branch releases. The team are in the planning stages of some work to increase automation and streamline the backporting processes so time from human contributors can be better spent elsewhere.

Action points

As a result of the issues with 6.9.2, its fast-follow releases, 7.0 beta 4, and backporting, the security team and coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. team have some action points that will be addressed in the coming days and weeks:

Add unit testunit test Code written to test a small piece of code or functionality within a larger application. Everything from themes to WordPress core have a series of unit tests. Also see regression. coverage for handling stringable objects in the template_include filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. that was addressed in 6.9.3. While this is not strictly supported, the otherwise full front end breakage that can occur means we’re essentially locked in to supporting it now.
Update minor release checklist page to:
- Add info about double verification of merge commits
- Update the TTL adjustment to be a requirement instead of a nice to have
- Remove outdated noise from the checklist, including codex changes
- As a general rule, there should be no reason to skip a step unless it’s clearly documented why that might happen
- Add planning info about releasing a minor during a beta or RCrelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). phase
- Before bumping versions and performing a tagging commit, the built asset on the Test Build Processes workflow should be used to confirm things work as expected.
Backport related Build/Test Tool changes to older branches.
- Ensure PHPUnit reports notices and warnings as exceptions.
- Ensure all local environment scripts have catch() mechanisms in place.
Create ways to make it easier to test built assets on the Test Build Processes workflow.
- Playground supports testing this asset from a pull request but not an individual commit.
- A script could be created to download the built asset and extract the zip file into the build directory locally for testing.

Longer term, Matt Mullenweg has asked what AI-assisted tooling can be used to review changes going into releases in order to assess risk of breakage, generally assist with review, and improve quality control. This is a wider concern not specific to security releases. Hopefully we’ll hear more about that in due course.

Thanks to @peterwilsoncc, @dmsnell, @audrasjb, and @sergeybiryukov for reviewing this post prior to publishing.

Matt Mullenweg 11:24 pm on March 24, 2026

Rethinking Left Navigation

It’s nice that plugins can hook into the left nav wherever they want, but there’s no hierarchy and things can get pretty mixed up.

Perhaps we have all the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. WP stuff first, then at the end we have plugins, and below Plugins, plugins can register a top-level left nav if they want, and all their universe can live beneath that menu item, but there’s a clear way to get in and out of bigger ones like WooCommerce.

Being at the bottom isn’t great, but we could allow pinning or just have the most three-recently accessed plugins at the top under Dashboard, which would naturally give top billing to plugins like a LMS or ecommerce where the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. becomes the main thing people are doing with the site.

Jorge Costa 9:40 pm on March 24, 2026
Tags: 7-0 ( 67 ), dev-notes ( 618 ), dev-notes-7-0 ( 21 )

Client-Side Abilities API in WordPress 7.0

WordPress 6.9 introduced the Abilities API. The APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. provides a common interface that AI agents, workflow automation tools, and plugins can use to interact with WordPress. In WordPress 7.0 we continued that work and now provide a counterpart JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com API that can be used to implement client-side abilities like navigating, or inserting blocks. This work is fundamental to integrate with browser agents/extensions and WebMCP.

Two packages

The client-side Abilities API is split into two packages:

@wordpress/abilities: A pure state management package with no WordPress server dependencies. It provides the store, registration functions, querying, and execution logic. Use this when you only need the abilities store without loading server-registered abilities. This package could also be used in non-WordPress projects.
@wordpress/core-abilities :The WordPress integration layer. When loaded, it automatically fetches all abilities and categories registered on the server via the REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/ (/wp-abilities/v1/) and registers them in the @wordpress/abilities store with appropriate callbacks.

Getting started

To use the Abilities API in your pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party., you need to enqueue the appropriate script module.

When your plugin needs server-registered abilities

If your plugin needs access to abilities registered on the server (e.g., coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. abilities), enqueue @wordpress/core-abilities. This is the most common case:

add_action( 'admin_enqueue_scripts', 'my_plugin_enqueue_abilities' );
function my_plugin_enqueue_abilities() {
    wp_enqueue_script_module( '@wordpress/core-abilities' );
}

This will load both @wordpress/core-abilities and its dependency @wordpress/abilities, and automatically fetch and register all server-side abilities.

When your plugin only registers client-side abilities

If your plugin only needs to register and work with its own client-side abilities on a specific page, without needing server-registered abilities, you can enqueue just @wordpress/abilities:

add_action( 'admin_enqueue_scripts', 'my_plugin_enqueue_abilities' );
function my_plugin_enqueue_abilities( $hook_suffix ) {
    if ( 'my-plugin-page' !== $hook_suffix ) {
        return;
    }
    wp_enqueue_script_module( '@wordpress/abilities' );
}

Importing in JavaScript

Abilities API should be imported as a dynamic import, for example:

const {
    registerAbility,
    registerAbilityCategory,
    getAbilities,
    executeAbility,
} = await import( '@wordpress/abilities' );

If your client code is also a script module relying on @wordpress/scripts, you can just use the following code like any other import:

import {
    registerAbility,
    registerAbilityCategory,
    getAbilities,
    executeAbility,
} from '@wordpress/abilities';

Registering abilities

Register a categoryCategory The 'category' taxonomy lets you group posts / content together that share a common bond. Categories are pre-defined and broad ranging. first

Abilities are organized into categories. Before registering an ability, its category must exist. Server-side categories are loaded automatically when @wordpress/core-abilities is enqueued. To register a client-side category:

const { registerAbilityCategory } = await import( '@wordpress/abilities' );

registerAbilityCategory( 'my-plugin-actions', {
    label: 'My Plugin Actions',
    description: 'Actions provided by My Plugin',
} );

Category slugs must be lowercase alphanumeric with dashes only (e.g., data-retrieval, user-management).

Register an ability

const { registerAbility } = await import( '@wordpress/abilities' );

registerAbility( {
    name: 'my-plugin/navigate-to-settings',
    label: 'Navigate to Settings',
    description: 'Navigates to the plugin settings page',
    category: 'my-plugin-actions',
    callback: async () => {
        window.location.href = '/wp-admin/options-general.php?page=my-plugin';
        return { success: true };
    },
} );

Input and output schemas

Abilities should define JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. Schema (draft-04) for input validation and output validation:

registerAbility( {
    name: 'my-plugin/create-item',
    label: 'Create Item',
    description: 'Creates a new item with the given title and content',
    category: 'my-plugin-actions',
    input_schema: {
        type: 'object',
        properties: {
            title: { type: 'string', description: 'The title of the item', minLength: 1 },
            content: { type: 'string', description: 'The content of the item' },
            status: { type: 'string', description: 'The publish status of the item', enum: [ 'draft', 'publish' ] },
        },
        required: [ 'title' ],
    },
    output_schema: {
        type: 'object',
        properties: {
            id: { type: 'number', description: 'The unique identifier of the created item' },
            title: { type: 'string', description: 'The title of the created item' },
        },
        required: [ 'id' ],
    },
    callback: async ( { title, content, status = 'draft' } ) => {
        // Create the item...
        return { id: 123, title };
    },
} );

When executeAbility is called, the input is validated against input_schema before execution and the output is validated against output_schema after execution. If validation fails, an error is thrown with the code ability_invalid_input or ability_invalid_output.

Permission callbacks

Abilities can include a permissionCallback that is checked before execution:

registerAbility( {
    name: 'my-plugin/admin-action',
    label: 'Admin Action',
    description: 'An action only available to administrators',
    category: 'my-plugin-actions',
    permissionCallback: () => {
        return currentUserCan( 'manage_options' );
    },
    callback: async () => {
        // Only runs if permissionCallback returns true
        return { success: true };
    },
} );

If the permission callback returns false, an error with code ability_permission_denied is thrown.

Querying abilities

Direct function calls

const {
    getAbilities,
    getAbility,
    getAbilityCategories,
    getAbilityCategory,
} = await import( '@wordpress/abilities' );

// Get all registered abilities
const abilities = getAbilities();

// Filter abilities by category
const dataAbilities = getAbilities( { category: 'data-retrieval' } );

// Get a specific ability by name
const ability = getAbility( 'my-plugin/create-item' );

// Get all categories
const categories = getAbilityCategories();

// Get a specific category
const category = getAbilityCategory( 'data-retrieval' );

Using with ReactReact React is a JavaScript library that makes it easy to reason about, construct, and maintain stateless and stateful user interfaces. https://reactjs.org and `@wordpress/data`

The abilities store (core/abilities) integrates with @wordpress/data, so you can use useSelect for reactive queries in React components:

import { useSelect } from '@wordpress/data';
import { store as abilitiesStore } from '@wordpress/abilities';

function AbilitiesList() {
	// Get all abilities reactively
	const abilities = useSelect(
		( select ) => select( abilitiesStore ).getAbilities(),
		[]
	);

	// Filter by category
	const dataAbilities = useSelect(
		( select ) =>
			select( abilitiesStore ).getAbilities( {
				category: 'data-retrieval',
			} ),
		[]
	);

	// abilities and dataAbilities update automatically when the store changes
}

Executing abilities

Use executeAbility to run any registered ability, whether client-side or server-side:

import { executeAbility } from '@wordpress/abilities';

try {
    const result = await executeAbility( 'my-plugin/create-item', {
        title: 'New Item',
        content: 'Item content',
        status: 'draft',
    } );
    console.log( 'Created item:', result.id );
} catch ( error ) {
    switch ( error.code ) {
        case 'ability_permission_denied':
            console.error( 'You do not have permission to run this ability.' );
            break;
        case 'ability_invalid_input':
            console.error( 'Invalid input:', error.message );
            break;
        case 'ability_invalid_output':
            console.error( 'Unexpected output:', error.message );
            break;
        default:
            console.error( 'Execution failed:', error.message );
    }
}

For server-side abilities (those registered via PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher and loaded by @wordpress/core-abilities), execution is handled automatically via the REST API. The HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. method used depends on the ability’s annotations:

readonly: true: uses GET
destructive: true + idempotent: true: uses DELETE
All other cases: uses POST

Annotations

Abilities support metadata annotations that describe their behavior:

registerAbility( {
    name: 'my-plugin/get-stats',
    label: 'Get Stats',
    description: 'Returns plugin statistics',
    category: 'my-plugin-actions',
    callback: async () => {
        return { views: 100 };
    },
    meta: {
        annotations: {
            readonly: true,
        },
    },
} );

Available annotations:

Annotation	Type	Description
`readonly`	`boolean`	The ability only reads data, does not modify state
`destructive`	`boolean`	The ability performs destructive operations
`idempotent`	`boolean`	The ability can be called multiple times with the same result

Unregistering

Client-registered abilities and categories can be removed:

const { unregisterAbility, unregisterAbilityCategory } = await import( '@wordpress/abilities' );

unregisterAbility( 'my-plugin/navigate-to-settings' );
unregisterAbilityCategory( 'my-plugin-actions' );

Server-side abilities

Abilities registered on the server via the PHP API (wp_register_ability(), wp_register_ability_category()) are automatically made available on the client when @wordpress/core-abilities is loaded. WordPress core enqueues @wordpress/core-abilities on all adminadmin (and super admin) pages, so server abilities are available by default in the admin.

Plugins that register server-side abilities do not need any additional client-side setup. The abilities will be fetched from the REST API and registered in the client store automatically.

#7-0, #dev-notes, #dev-notes-7-0

Felix Arntz 9:18 pm on March 24, 2026
Tags: #core-ai ( 3 ), 7-0 ( 67 ), dev-notes ( 618 ), dev-notes-7-0 ( 21 )

Introducing the AI Client in WordPress 7.0

WordPress 7.0 includes a built-in AI Client — a provider-agnostic PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. that lets plugins send prompts to AI models and receive results through a consistent interface. Your pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. describes what it needs and how it needs it. WordPress handles routing the request to a suitable model from a provider the site owner has configured.

This post explains the API surface, walks through code examples, and covers what plugin developers need to know.

The entry point: `wp_ai_client_prompt()`

Every interaction starts with:

$builder = wp_ai_client_prompt();

This returns a WP_AI_Client_Prompt_Builder object, a fluent builder that offers a myriad of ways to customize your prompt. You chain configuration methods and then call a generation method to receive a result:

$text = wp_ai_client_prompt( 'Summarize the benefits of caching in WordPress.' )
    ->using_temperature( 0.7 )
    ->generate_text();

You can pass the prompt text directly as a parameter to wp_ai_client_prompt() for convenience, though alternatively the with_text() method is available for building the prompt incrementally.

Text generation

Here’s a basic text generation example:

$text = wp_ai_client_prompt( 'Write a haiku about WordPress.' )
    ->generate_text();

if ( is_wp_error( $text ) ) {
    // Handle error.
    return;
}

echo wp_kses_post( $text );

You can pass a JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. schema so that the model returns structured data as a JSON string:

$schema = array(
    'type'  => 'array',
    'items' => array(
        'type'       => 'object',
        'properties' => array(
            'plugin_name' => array( 'type' => 'string' ),
            'category'    => array( 'type' => 'string' ),
        ),
        'required' => array( 'plugin_name', 'category' ),
    ),
);

$json = wp_ai_client_prompt( 'List 5 popular WordPress plugins with their primary category.' )
    ->as_json_response( $schema )
    ->generate_text();

if ( is_wp_error( $json ) ) {
    // Handle error.
    return;
}

$data = json_decode( $json, true );

You can request multiple response candidates as variations for the same prompt:

$texts = wp_ai_client_prompt( 'Write a tagline for a photography blog.' )
    ->generate_texts( 4 );

Image generation

Here’s a basic image generation example:

use WordPress\AiClient\Files\DTO\File;

$image_file = wp_ai_client_prompt( 'A futuristic WordPress logo in neon style' )
    ->generate_image();

if ( is_wp_error( $image_file ) ) {
    // Handle error.
    return;
}

echo '<img src="' . esc_url( $image_file->getDataUri() ) . '" alt="">';

generate_image() returns a File DTO with access to the image data via getDataUri().

Similar to text generation, you can request multiple variations of the same image:

$images = wp_ai_client_prompt( 'Aerial shot of snowy plains, cinematic.' )
    ->generate_images( 4 );

if ( is_wp_error( $images ) ) {
    // Handle error.
    return;
}

foreach ( $images as $image_file ) {
    echo '<img src="' . esc_url( $image_file->getDataUri() ) . '">';
}

Getting the full result object

For richer metadata, e.g. covering provider and model information, use generate_*_result() instead. For example, for image generation:

$result = wp_ai_client_prompt( 'A serene mountain landscape.' )
    ->generate_image_result();

This returns a GenerativeAiResult object that provides several pieces of additional information, including token usage and which provider and which model responded to the prompt. The most relevant methods for this additional metadata are:

getTokenUsage(): Returns the token usage, broken down by input, output, and optionally thinking.
getProviderMetadata(): Returns metadata about the provider that handled the request.
getModelMetadata(): Returns metadata about the model that handled the request (through the provider).

The GenerativeAiResult object is serializable and can be passed directly to rest_ensure_response(), making it straightforward to expose AI features through the REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/.

Available generate_*_result() methods:

generate_text_result()
generate_image_result()
convert_text_to_speech_result()
generate_speech_result()
generate_video_result()

Use the appropriate method for the modality you are working with. Each returns a GenerativeAiResult object with rich metadata.

Model preferences

The models available on each WordPress site depends on which AI providers the administrators of that site have configured in the Settings > Connectors screen.

Since your plugin doesn’t control which providers are available on each site, use using_model_preference() to indicate which models would be ideal. The AI Client will use the first model from that list that is available, falling back to any compatible model if none are available:

$text_result = wp_ai_client_prompt( 'Summarize the history of the printing press.' )
    ->using_temperature( 0.1 )
    ->using_model_preference(
        'claude-sonnet-4-6',
        'gemini-3.1-pro-preview',
        'gpt-5.4'
    )
    ->generate_text_result();

This is a preference, not a requirement. Your plugin should function without it. Keep in mind that you can test or verify which model was used by looking at the full result object, under the providerMetadata and modelMetadata properties.

If you don’t specify a model preference, the first model encountered across the configured providers that is suitable will be used. It is up to the individual provider implementations to sort the provider’s models in a reasonable manner, e.g. so that more recent models appear before older models of the same model family. The three initial official provider plugins (see below) organize models in that way, as recommended.

Feature detection

Not every WordPress site will have an AI provider configured, and not every provider supports every capabilitycapability A capability is permission to perform one or more types of task. Checking if a user has a capability is performed by the current_user_can function. Each user of a WordPress site might have some permissions but not others, depending on their role. For example, users who have the Author role usually have permission to edit their own posts (the “edit_posts” capability), but not permission to edit other users’ posts (the “edit_others_posts” capability). and every option. Before showing AI-powered UIUI User interface, check whether the feature can work:

$builder = wp_ai_client_prompt( 'test' )
    ->using_temperature( 0.7 );

if ( $builder->is_supported_for_text_generation() ) {
    // Safe to show text generation UI.
}

These checks do not make API calls. They use deterministic logic to match the builder’s configuration against the capabilitiescapability A capability is permission to perform one or more types of task. Checking if a user has a capability is performed by the current_user_can function. Each user of a WordPress site might have some permissions but not others, depending on their role. For example, users who have the Author role usually have permission to edit their own posts (the “edit_posts” capability), but not permission to edit other users’ posts (the “edit_others_posts” capability). of available models. As such, they are fast to run and there is no cost incurred by calling them.

Available support check methods:

is_supported_for_text_generation()
is_supported_for_image_generation()
is_supported_for_text_to_speech_conversion()
is_supported_for_speech_generation()
is_supported_for_video_generation()

Use these to conditionally load your UI, show a helpful notice when the feature is unavailable, or skip registering UI altogether. Never assume that AI features will be available just because WordPress 7.0 is installed.

Advanced configuration

System instructions

$text = wp_ai_client_prompt( 'Explain caching.' )
    ->using_system_instruction( 'You are a WordPress developer writing documentation.' )
    ->generate_text();

Max tokens

$text = wp_ai_client_prompt( 'Explain quantum computing in complicated terms.' )
    ->using_max_tokens( 8000 )
    ->generate_text();

Output file type and orientation for images

use WordPress\AiClient\Files\Enums\FileTypeEnum;
use WordPress\AiClient\Files\Enums\MediaOrientationEnum;

$result = wp_ai_client_prompt()
    ->with_text( 'A vibrant sunset over the ocean.' )
    ->as_output_file_type( FileTypeEnum::inline() )
    ->as_output_media_orientation( MediaOrientationEnum::from( 'landscape' ) )
    ->generate_image_result();

Multimodal output

use WordPress\AiClient\Messages\Enums\ModalityEnum;

$result = wp_ai_client_prompt( 'Create a recipe for a chocolate cake and include photos for the steps.' )
    ->as_output_modalities( ModalityEnum::text(), ModalityEnum::image() )
    ->generate_result();

if ( is_wp_error( $result ) ) {
    // Handle error.
    return;
}

foreach ( $result->toMessage()->getParts() as $part ) {
    if ( $part->isText() ) {
        echo wp_kses_post( $part->getText() );
    } elseif ( $part->isFile() && $part->getFile()->isImage() ) {
        echo '<img src="' . esc_url( $part->getFile()->getDataUri() ) . '">';
    }
}

Additional builder methods

The full list of configuration methods is available via the WP_AI_Client_Prompt_Builder class. Key methods include:

Configuration	Method
Prompt text	`with_text()`
File input	`with_file()`
Conversation history (relevant for multi-turn / chats)	`with_history()`
System instruction	`using_system_instruction()`
Temperature	`using_temperature()`
Max tokens	`using_max_tokens()`
Top-p / Top-k	`using_top_p(), using_top_k()`
Stop sequences	`using_stop_sequences()`
Model preference	`using_model_preference()`
Output modalities	`as_output_modalities()`
Output file type	`as_output_file_type()`
JSON response	`as_json_response()`

Error handling

wp_ai_client_prompt() generator methods return WP_Error on failure, following WordPress conventions:

$text = wp_ai_client_prompt( 'Hello' )
    ->generate_text();

if ( is_wp_error( $text ) ) {
    // Handle the error.
}

When used in a REST API callback, both GenerativeAiResult and WP_Error can be passed to rest_ensure_response() directly:

function my_rest_callback( WP_REST_Request $request ) {
    $result = wp_ai_client_prompt( $request->get_param( 'prompt' ) )
        ->generate_text_result();

    return rest_ensure_response( $result );
}

If an error occurs, it will automatically have a semantically meaningful HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. response code attached to it.

Controlling AI availability

For granular control, the wp_ai_client_prevent_prompt filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. allows preventing specific prompts from executing:

add_filter(
    'wp_ai_client_prevent_prompt',
    function ( bool $prevent, WP_AI_Client_Prompt_Builder $builder ): bool {
        // Example: Block all prompts for non-admin users.
        if ( ! current_user_can( 'manage_options' ) ) {
            return true;
        }
        return $prevent;
    },
    10,
    2
);

When a prompt is prevented:

No AI call is attempted.
is_supported_*() methods return false, allowing plugins to gracefully hide their UI.
generate_*() methods return a WP_Error.

Architecture

The AI Client in WordPress 7.0 consists of two layers:

PHP AI Client (wordpress/php-ai-client) — A provider-agnostic PHP SDK bundled in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. as an external library. This is the engine that handles provider communication, model selection, and response normalization. Since it is technically a WordPress agnostic PHP SDK which other PHP projects can use too, it uses camelCase method naming and makes use of exceptions.

WordPress wrapper — Core’s WP_AI_Client_Prompt_Builder class wraps the PHP AI Client with WordPress conventions: snake_case methods, WP_Error returns, and integration with WordPress HTTP transport, the Abilities API, the Connectors/Settings infrastructure, and the WordPress hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. system.

The wp_ai_client_prompt() function is the recommended entry point. It returns a WP_AI_Client_Prompt_Builder instance that catches exceptions from the underlying SDK and converts them to WP_Error objects.

Credential management

API keys are managed through the Connectors API. AI provider plugins that register with the PHP AI Client’s provider registry get automatic connector integration — including the Settings > Connectors adminadmin (and super admin) UI for API key management. Plugin developers using the AI Client to build features do not need to handle credentials at all.

Official provider plugins

WordPress Core does not bundle any AI providers directly. Instead, they are developed and maintained as plugins, which allows for more flexible and rapid iteration speed, in accordance with how fast AI evolves. The AI Client in WordPress Core provides the stable foundation, and as an abstraction layer is sufficiently detached from provider specific requirements that may change overnight.

While anyone is able to implement new provider plugins, the WordPress project itself has developed three initial flagship implementations, to integrate with the most popular AI providers. These plugins are:

Separately available: Client-side JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com API

A JavaScript API with a similar fluent prompt builder is available via the wp-ai-client package. It uses REST endpoints under the hood to connect to the server-side infrastructure. This API is not part of Core, and it is still being evaluated whether this approach is scalable for general use. Because the API allows arbitrary prompt execution from the client-side, it requires a high-privilege capability check, which by default is only granted to administrators. This restriction is necessary to prevent untrusted users from sending any prompt to any configured AI provider. As such, using this approach in a distributed plugin is not recommended.

For now, the recommended approach is to implement individual REST API endpoints for each specific AI feature your plugin provides, and have your JavaScript functionality call those endpoints. This allows you to enforce granular permission checks and limit the scope of what can be executed from the client-side. It also keeps the actual AI prompt handling and configuration fully scoped to be server-side only.

MigrationMigration Moving the code, database and media files for a website site from one server to another. Most typically done when changing hosting companies. from php-ai-client and wp-ai-client

If you have been using these packages in your plugin(s) before, here’s what to know.

Recommended: require WordPress 7.0

The simplest path is to update your plugin’s Requires at least headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. to 7.0 and remove the Composer dependencies on wordpress/php-ai-client and its transitive dependencies.

Replace any AI_Client::prompt() calls with wp_ai_client_prompt().

For the wordpress/wp-ai-client package, if you are not using the package’s REST API endpoints or JavaScript API, you can simply remove it as a dependency, since everything else it does is now part of WordPress Core.

If you must support WordPress < 7.0

PHP AI Client (`wordpress/php-ai-client`)

If your plugin still needs to run on WordPress versions before 7.0 while also bundling wordpress/php-ai-client, you will need a conditional autoloader workaround. The PHP AI Client and its dependencies are now loaded by Core on 7.0+, so loading them again via Composer will cause conflicts (duplicate class definitions).

The solution: only register your Composer autoloader for these dependencies when running on WordPress versions before 7.0:

if ( ! function_exists( 'wp_get_wp_version' ) || version_compare( wp_get_wp_version(), '7.0', '<' ) ) {
    require_once __DIR__ . '/vendor/autoload.php';
}

Due to how Composer’s autoloader works — loading all dependencies at once rather than selectively — a more granular approach was not feasible. This means the conditional check needs to wrap the entire autoloader. Alternatively, break your PHP dependencies apart in two separate Composer setups, one that can always be autoloaded, and another one for the wordpress/php-ai-client package and its dependencies only, which would be conditionally autoloaded.

WP AI Client (`wordpress/wp-ai-client`)

The wordpress/wp-ai-client package handles the WordPress 7.0 transition automatically. On 7.0+, it disables its own PHP SDK infrastructure (since Core handles it natively) but keeps the REST API endpoints and JavaScript API active, as those aren’t in Core yet.

You can continue loading this package unconditionally. It detects the WordPress version and only activates the parts that aren’t already provided by Core. No conditional loading needed. However, make sure to stay up to date on this package, because it will likely be discontinued soon, in favor of moving the REST API endpoints and JavaScript API into GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/. There are ongoing discussions on whether these should be merged into Core too, see #64872 and #64873.

See the WP AI Client upgrade guide for additional migration details.

Additional resources

TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. ticketticket Created for both bug reports and feature development on the bug tracker.: #64591
PHP AI Client (bundled library)
WP AI Client (original package, now mostly merged into Core)
Original merge proposal

Props to @gziolo @nilambar @laurisaarni @justlevine for reviewing this post.

#core-ai, #7-0, #dev-notes, #dev-notes-7-0

Jb Audras 6:28 am on March 24, 2026
Tags: 7-0 ( 67 ), agenda ( 1,128 ), core ( 727 ), dev chat ( 905 )

Dev Chat Agenda – March 25, 2026

The next WordPress Developers Chat will take place on Wednesday, March 25, 2026, at 15:00 UTC in the core channel on Make WordPress Slack.

The live meeting will focus on the discussion for upcoming releases, and have an open floor section.

The various curated agenda sections below refer to additional items. If you have ticketticket Created for both bug reports and feature development on the bug tracker. requests for help, please continue to post details in the comments section at the end of this agenda or bring them up during the dev chat.

Announcements 📢

WordPress 7.0 Updates

WP 7.0 unplanned Beta 6 released on March 20, 2026
WP 7.0 RC1 was delayed to March 24, 2026
New Dev Notesdev note Each important change in WordPress Core is documented in a developers note, (usually called dev note). Good dev notes generally include a description of the change, the decision that led to this change, and a description of how developers are supposed to work with that change. Dev notes are published on Make/Core blog during the beta phase of WordPress release cycle. Publishing dev notes is particularly important when plugin/theme authors and WordPress developers need to be aware of those changes.In general, all dev notes are compiled into a Field Guide at the beginning of the release candidate phase.:
- Introducing the Connectors API in WordPress 7.0

General

2027 Default Theme call for volunteers

Discussions 💬

The discussion section of the agenda is for discussing important topics affecting the upcoming release or larger initiatives that impact the CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Team. To nominate a topic for discussion, please leave a comment on this agenda with a summary of the topic, any relevant links that will help people get context for the discussion, and what kind of feedback you are looking for from others participating in the discussion.

Open floor 🎙️

Any topic can be raised for discussion in the comments, as well as requests for assistance on tickets. Tickets in the milestone for the next major or maintenance release will be prioritized.

Please include details of tickets / PRs and the links in the comments, and indicate whether you intend to be available during the meeting for discussion or will be async.

#7-0, #agenda, #core, #dev-chat

Amy Kamala 9:47 pm on March 20, 2026
Tags: 7.0, development ( 17 )

WordPress 7.0 Beta 6

WordPress 7.0 BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 6 is ready for download and testing!

This version of the WordPress software is still under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended to test Beta 6 on a test server and site.

WordPress 7.0 Beta 6 can be tested using any of the following methods:

PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party.	Install and activate the WordPress Beta Tester plugin on a WordPress install. (Select the “Bleeding edgebleeding edge The latest revision of the software, generally in development and often unstable. Also known as trunk.” channel and “Beta/RCrelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). Only” stream.)
Direct Download	Download the Beta 6 version (zip) and install it on a WordPress website.
Command Line	Use this WP-CLI command: `wp core update --version=7.0–beta6`
WordPress Playground	Use the WordPress Playground instance to test the software directly in your browser. No setup required – just click and go!

The scheduled final release date for WordPress 7.0 is still April 9, 2026. The full release schedule can be found here. Your help testing Beta and RC versions is vital to making this release as stable and powerful as possible. Thank you to everyone who helps with testing!

Please continue checking the Make WordPress Core blog for 7.0-related posts in the coming weeks for more information.

What’s new in WordPress 7.0? Check out the Beta 1 announcement and Developer Notes for details and highlights.

This is an extra beta

Testing for issues is critical to the development of any software, and testing works!

Thanks to your help testing, some issues with image optimization, and package size were identified in Beta 5. This Beta ships with a reduced package size, and reverts the Client-side Media Processing feature. Real Time Collaboration is opt-in by default, with a WP_ALLOW_COLLABORATIONconstant available for control at the configuration level. Beta 6 also includes a number of fixes and performance improvements, including a 4x increase to Real Time Collaboration polling intervals to minimize HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. requests and server load.

WordPress 7.0 Beta 6 contains more than 132 updates and fixes since the Beta 5 release, including 74 in the Editor and 57 in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. You can browse the technical details for all issues addressed since Beta 5 using these links:

GitHub commits since March 12, 2026
Closed Trac tickets since March 12, 2026

The next 7.0 release (RC1), is scheduled for Tuesday, March 24th, and the final release on April 9, 2026 is still on track. As always, a successful release depends on your confirmation during testing. So please download and test!

How to test this release

Your help testing the WordPress 7.0 Beta 6 version is key to ensuring that the final release is the best it can be. While testing the upgrade process is essential, trying out new features is equally important. This detailed guide will walk you through testing features in WordPress 7.0.

If you encounter an issue, please report it to the Alpha/Beta area of the support forums or directly to WordPress Trac if you are comfortable writing a reproducible bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. report. You can also check your issue against a list of known bugs.

Curious about testing releases in general? Follow along with the testing initiatives in Make Core and join the #core-test channel onMaking WordPress Slack.

A Beta 6 haiku

A spring flower bud

Beta 6 breaks through the mud

and greets the warm sun.

Props to @4thhubbard, @chaion07, and @ellatrix for proofreading and review.

#7-0-2, #development

Amy Kamala 6:13 pm on March 19, 2026
Tags: 7-0 ( 67 ), releases ( 57 )

WordPress 7.0 Release Candidate 1 delayed

WordPress 7.0 RC1 was originally scheduled to be released today (Thursday, March 19th) starting at 15:00 UTC. However, in preparing for the release some concerns were raised regarding enhancements for Real Time Collaboration performance, Client-side Media image optimization, and release package size.

The decision was made to delay the 7.0 RC1 release to Tuesday, March 24th, 2026 at 15:00 UTC to allow time to address concerns and review any necessary work to ensure a quality release.

The rest of the 7.0 release cycle schedule is unchanged.

Props to @4thhubbard, @chaion07, @ellatrix, @desrosj, @courane01, and @marybaum for proofreading and review.

#7-0, #releases

Greg Ziółkowski 9:06 am on March 18, 2026
Tags: 7-0 ( 67 ), dev-notes ( 618 ), dev-notes-7-0 ( 21 )

Introducing the Connectors API in WordPress 7.0

WordPress 7.0 introduces the Connectors APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. — a new framework for registering and managing connections to external services. The initial focus is on AI providers, giving WordPress a standardized way to handle API key management, provider discovery, and adminadmin (and super admin) UIUI User interface for configuring AI services.

This post walks through what the Connectors API does, how it works under the hood, and what pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. developers need to know.

What is a connector?
How AI providers are auto-discovered
The Settings > Connectors admin screen
Authentication and API key management
Public API functions
Overriding connector metadata
The initialization lifecycle
Looking ahead

What is a connector?

A connector represents a connection to an external service. Each connector carries standardized metadata — a display name, description, logo, authentication configuration, and an optional association with a WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ plugin. The system currently focuses on providers that authenticate with an API key, but the architecture is designed to support additional connector types in future releases.

WordPress 7.0 comes with three featured connectors—Anthropic, Google, and OpenAI—accessible from the new Settings → Connectors screen, making installation seamless.

Each connector is stored as an associative array with the following shape:

array(
    'name'           => 'Anthropic',
    'description'    => 'Text generation with Claude.',
    'logo_url'       => 'https://example.com/anthropic-logo.svg',
    'type'           => 'ai_provider',
    'authentication' => array(
        'method'          => 'api_key',
        'credentials_url' => 'https://platform.claude.com/settings/keys',
        'setting_name'    => 'connectors_ai_anthropic_api_key',
    ),
    'plugin'         => array(
        'file' => 'ai-provider-for-anthropic/plugin.php',
    ),
)

How AI providers are auto-discovered

If you’re building an AI provider plugin that integrates with the WP AI Client, you don’t need to register a connector manually. The Connectors API automatically discovers providers from the WP AI Client’s default registry and creates connectors with the correct metadata.

Here’s what happens during initialization:

Built-in connectors (Anthropic, Google, OpenAI) are registered with hardcoded defaults.
The system queries the AiClient::defaultRegistry() for all registered providers.
For each provider, metadata (name, description, logo, authentication method) is merged on top of the defaults, with provider registry values taking precedence.
The wp_connectors_init action fires so plugins can override metadata or register additional connectors.

In short: if your AI provider plugin registers with the WP AI Client, the connector is created for you. No additional code is needed.

The Settings > Connectors admin screen

Registered connectors appear on a new Settings > Connectors admin screen. The screen renders each connector as a card, and the registry data drives what’s displayed:

name, description, and logo_url are shown on the card.
plugin.file — the value is the plugin’s main file path relative to the plugins directory (e.g., akismet/akismet.php or hello.php). The screen uses it to check whether the associated plugin is installed and active, and shows the appropriate action button.
authentication.credentials_url is rendered as a link directing users to the provider’s site to obtain API credentials.
For api_key connectors, the screen shows the current key source (environment variable, PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher constant, or database) and connection status.

Connectors with other authentication methods are stored in the PHP registry and exposed via the script module data, but currently require a client-side JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com registration for custom frontend UI.

Authentication and API key management

Connectors support two authentication methods:

api_key — Requires an API key, which can be provided via environment variable, PHP constant, or the database (checked in that order).
none — No authentication required.

The authentication method (api_key or none) is determined by the authentication metadata registered with the connector. For providers using api_key, a database setting name is automatically generated using the pattern connectors_{$provider_type}_{$provider_id}_api_key. It’s also possible to set a custom name using setting_name property. API keys stored in the database are not encrypted but are masked in the user interface. Encryption is being explored in a follow-up ticketticket Created for both bug reports and feature development on the bug tracker.: #64789.

For AI providers, there is a specific naming convention in place for environment variables and PHP constants: {PROVIDER_ID}_API_KEY (e.g., the anthropic provider maps to ANTHROPIC_API_KEY). For other types of providers, an environment variable (env_var_name) and a PHP constant (constant_name) can be optionally set to any value.

API key source priority

For api_key connectors, the system looks for a setting value in this order:

Environment variable — e.g., ANTHROPIC_API_KEY
PHP constant — e.g., define( 'ANTHROPIC_API_KEY', 'sk-...' );
Database — stored through the admin screen, e.g. connectors_ai_anthropic_api_key setting

Public API functions

The Connectors API provides three public functions for querying the registry. These are available after init.

`wp_is_connector_registered()`

Checks if a connector is registered:

if ( wp_is_connector_registered( 'anthropic' ) ) {
    // The Anthropic connector is available.
}

`wp_get_connector()`

Retrieves a single connector’s data:

$connector = wp_get_connector( 'anthropic' );
if ( $connector ) {
    echo $connector['name']; // 'Anthropic'
}

Returns an associative array with keys: name, description, type, authentication, and optionally logo_url and plugin. Returns null if the connector is not registered.

`wp_get_connectors()`

Retrieves all registered connectors, keyed by connector ID:

$connectors = wp_get_connectors();
foreach ( $connectors as $id => $connector ) {
    printf( '%s: %s', $connector['name'], $connector['description'] );
}

Overriding connector metadata

The wp_connectors_init action fires after all built-in and auto-discovered connectors have been registered. Plugins can use this hook to override metadata on existing connectors.

Since the registry rejects duplicate IDs, overriding requires an unregister, modify, register sequence:

add_action( 'wp_connectors_init', function ( WP_Connector_Registry $registry ) {
    if ( $registry->is_registered( 'anthropic' ) ) {
        $connector = $registry->unregister( 'anthropic' );
        $connector['description'] = __( 'Custom description for Anthropic.', 'my-plugin' );
        $registry->register( 'anthropic', $connector );
    }
} );

Key points about the override pattern:

Always check is_registered() before calling unregister() — calling unregister() on a non-existent connector triggers a _doing_it_wrong() notice.
unregister() returns the connector data, which you can modify and pass back to register().
Connector IDs must match the pattern /^[a-z0-9_-]+$/ (lowercase alphanumeric, underscores, and hyphens only).

Registry methods

Within the wp_connectors_init callback, the WP_Connector_Registry instance provides these methods:

Method	Description
`register( $id, $args )`	Register a new connector. Returns the connector data or `null` on failure.
`unregister( $id )`	Remove a connector and return its data. Returns `null` if not found.
`is_registered( $id )`	Check if a connector exists.
`get_registered( $id )`	Retrieve a single connector’s data.
`get_all_registered()`	Retrieve all registered connectors.

Outside of the wp_connectors_init callback, use the public API functions (wp_get_connector(), wp_get_connectors(), wp_is_connector_registered()) instead of accessing the registry directly.

The initialization lifecycle

Understanding the initialization sequence helps when deciding where to hook in:

During the init action, _wp_connectors_init() runs and:

Creates the WP_Connector_Registry singleton.
Registers built-in connectors (Anthropic, Google, OpenAI) with hardcoded defaults.
Auto-discovers providers from the WP AI Client registry and merges their metadata on top of defaults.
Fires the wp_connectors_init action — this is where plugins override metadata or register additional connectors.

The wp_connectors_init action is the only supported entry point for modifying the registry. Attempting to set the registry instance outside of init triggers a _doing_it_wrong() notice.

Looking ahead

The Connectors API in WordPress 7.0 was optimized for AI providers, but the underlying architecture is designed to grow. Currently, only connectors with api_key authentication receive the full admin UI treatment. The PHP registry already accepts any connector type — what’s missing is the frontend integration for connectors with different authentication mechanisms.

Future releases are expected to:

Expand support for additional authentication methods beyond api_key and none.
Offer more built-in UI integrations beyond api_key.
Provide a client-side JavaScript registration API for custom connector UI.

When those capabilitiescapability A capability is permission to perform one or more types of task. Checking if a user has a capability is performed by the current_user_can function. Each user of a WordPress site might have some permissions but not others, depending on their role. For example, users who have the Author role usually have permission to edit their own posts (the “edit_posts” capability), but not permission to edit other users’ posts (the “edit_others_posts” capability). land, the wp_connectors_init action will be the primary hook for registering new connector types.

Props to @jorgefilipecosta, @shaunandrews, @flixos90, @westonruter, @justlevine, and others for contributing to the Connectors screen and this dev notedev note Each important change in WordPress Core is documented in a developers note, (usually called dev note). Good dev notes generally include a description of the change, the decision that led to this change, and a description of how developers are supposed to work with that change. Dev notes are published on Make/Core blog during the beta phase of WordPress release cycle. Publishing dev notes is particularly important when plugin/theme authors and WordPress developers need to be aware of those changes.In general, all dev notes are compiled into a Field Guide at the beginning of the release candidate phase..