WordPress 6.8 will use bcrypt for password hashing

The underlying algorithm that’s used to hash and store user passwords in the database will be changed in WordPress 6.8 from phpass portable hashing to bcrypt. The adoption of bcrypt hardens password security in WordPress by significantly increasing the computational cost of cracking a password hash.

In addition, application passwords, user password reset keys, personal data request keys, and the recovery mode key will switch from using phpass to the cryptographically secure but fast BLAKE2b hashing algorithm via Sodium.

No action needs to be taken by site owners or users as a result of these changes. Passwords and security keys that were saved in prior versions of WordPress will continue to work after updating to 6.8. Users don’t need to change or reset their passwords, logged in users will remain logged in, and their sessions will remain valid.

When a user first subsequently logs in after the update – or when they next change their password – their password will automatically get rehashed with bcrypt and resaved in the database. Application passwords and security keys will not get automatically rehashed, but an existing hash will remain valid if it was generated prior to WordPress 6.8 and used before it expires.

Note that post passwords will continue to use phpass portable hashing for now. This may change in the future after further investigation has been done on how best to improve the hashing and checking mechanism of post passwords.

Portability

Hashes that are generated by the phpass portable hashing algorithm are portable between different sites, environments, and servers. This portability doesn’t change with this switch to bcrypt and BLAKE2b, so you can move your database from one server to another and update to newer versions of PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher and WordPress and the password hashes will continue to function as expected.

Updates to password handling functions

The wp_hash_password() and wp_check_password() functions have been updated to use the PHP native password_hash() and password_verify() functions with the bcrypt algorithm and SHA-384 pre-hashing. Both functions retain support for the $wp_hasher global object in case that’s being used to implement an alternative hashing mechanism.

The wp_check_password() function retains support for passwords that were hashed using phpass, which means existing password hashes won’t be invalidated.

A new wp_password_needs_rehash() function has been introduced as a wrapper for password_needs_rehash(). If a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party needs to adjust its logic then the password_needs_rehash filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. can be used. The function is also pluggable, so it can be overridden if absolutely necessary.

Pre-hashing with SHA-384 is implemented in order to avoid the 72 byte length limit imposed on passwords by bcrypt. Password hashes are therefore stored with a $wp prefix to distinguish them from vanilla bcrypt hashes which may be in use via a plugin. By default this means the full prefix will be $wp$2y$.

New fast hashing functions

The following functions have been introduced as wrappers for the cryptographically secure but fast BLAKE2b algorithm via Sodium:

  • wp_fast_hash()
    Used to hash a string that is randomly generated using sufficiently high entropy, preferably over 128 bits for values that don’t have a corresponding expiry mechanism.
  • wp_verify_fast_hash()
    Used to verify a hash generated via wp_fast_hash(), with fallback support for phpass portable hashes.

Do developers need to do anything?

Code that calls wp_hash_password() and wp_check_password() will continue to work as expected and does not need to change.

Code that directly handles phpass hashes may need to be updated, for example:

  • Code that assumes the existence of the $P$ prefix on hashes. The code will need to be updated to handle the new prefixes and hashing algorithms, specifically the $wp$2y$ prefix for a bcrypt hash and the $generic$ prefix for a BLAKE2b hash, but it must also retain support for the old $P$ prefix used by phpass portable hashes. Ideally such code would be updated so it doesn’t need to inspect the prefix of a hash at all, but that is dependent on the implementation.
  • Code that otherwise directly interacts with the hashed value of a user password. If such hashes are validated directly, this should be done via wp_check_password().
  • Code that otherwise directly interacts with the hashed value of an application password, password reset key, personal data request key, or the recovery mode key. If such hashes are validated directly, this should be done via the new wp_verify_fast_hash() function.
  • Any plugin that overwrites the pluggable wp_hash_password() and wp_check_password() functions. Unless these functions specifically implement another hashing algorithm, they can be removed in order to allow the bcrypt implementation in 6.8 to take effect.

Alternative authentication mechanisms such as single sign-on (SSO), social login, or one-time login are unlikely to be affected by this change, however you should still verify whether your specific implementation includes any handling of password hashes or security keys. Multi-factor (MFA and 2FA) implementations are also unlikely to be affected by this change.

What about Argon2?

Servers that support Argon2 can enable its usage with this single line of code in WordPress 6.8 and later:

add_filter( 'wp_hash_password_algorithm', fn() => PASSWORD_ARGON2ID );

If necessary, the password_algos() function should be used to first check for argon2id support. Unfortunately it’s not possible to rely on Argon2 being available on all servers because it requires both libargon2 to be available on the server and for PHP to be built with Argon2 support enabled. The sodium_compat library does not provide an implementation of Argon2.

Acknowledgements

We can’t pretend that switching to bcrypt for user-generated passwords is a recent proposal. Ideally the switch would have been made back when the increase to the minimum supported version of PHP facilitated this change. However, this change has now been made and it helps future-proof further improvements to password hashing, including increases to the bcrypt cost in newer versions of PHP.

Many thanks go to the Roots team for maintaining their bcrypt password hashing package for WordPress as well as the many contributors on the TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. tickets and GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ pull requests.

Further technical information

Further technical information, technical FAQs, and implementation details can be seen on the GitHub pull request for this change and in the discussion on the Trac ticket.

In case you need to know:

  • User passwords are stored as a hash in the wp_users.user_pass field in the database.
  • Application passwords are stored as a hash in a JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. serialized object in the wp_usermeta table using the _application_passwords key.
  • User password reset keys are stored as a hash in the wp_users.user_activation_key field in the database.
  • Personal data request keys are stored as a hash in the wp_posts.post_password field in the database against the post that represents the personal data request.
  • The recovery mode key is stored as a hash in the recovery_keys option in the wp_options database table.

Thanks to @desrosj and @joehoyle for helping review this post.

#6-8, #dev-notes

Agenda, Dev Chat, Feb 12, 2025

The next WordPress Developers Chat will take place on Wednesday at 15:00 UTC in the core channel on Make WordPress Slack.

The live meeting will focus on the discussion for upcoming releases, and have an open floor section.

Additional items will be referred to in the various curated agenda sections below. If you have ticketticket Created for both bug reports and feature development on the bug tracker. requests for help, please continue to post details in the comments section at the end of this agenda.

Announcements

Introducing Core Team Reps for 2025. Thanks to @francina, @audrasjb, and @benjamin_zekavica for taking over the CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Team RepTeam Rep A Team Rep is a person who represents the Make WordPress team to the rest of the project, make sure issues are raised and addressed as needed, and coordinates cross-team efforts. role for 2025.

Forthcoming releases

Next major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope.: 6.8

We are currently in the WordPress 6.8 release cycle. Read more about the release squad, timeline and focus for this release.

Next maintenance release: 6.7.2

WordPress 6.7.2 was released on February 11. Review the next minor release milestone.

Next GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ release: 20.3

The next Gutenberg release will be 20.3. It is scheduled for February 19 and will include the following issues.

Discussions

The discussion section of the agenda is to provide a place to discuss important topics affecting the upcoming release or larger initiatives that impact the Core Team. To nominate a topic for discussion, please leave a comment on this agenda with a summary of the topic, any relevant links that will help people get context for the discussion, and what kind of feedback you are looking for from others participating in the discussion.

Topics this week

  • Proposal: Make unit testunit test Code written to test a small piece of code or functionality within a larger application. Everything from themes to WordPress core have a series of unit tests. Also see regression. tickets easier to distinguish@desrosj followed up to this proposal by opening a Meta Trac ticket requesting the addition of a `tests` focus to give this a try.

Highlighted posts

You can keep up to date with the major Editor features that are currently in progress by viewing these Iteration issues.

Open floor

Any topic can be raised for discussion in the comments, as well as requests for assistance on tickets. Tickets in the milestone for the next major or maintenance release will be prioritized.

Please include details of tickets / PRs and the links in the comments, and if you intend to be available during the meeting for discussion or if you will be async.

Props to @francina and @benjamin_zekavica for reviewing the agenda.

#6-8, #agenda, #dev-chat

Proposal: Make unit test tickets easier to distinguish

This is a follow-up of a conversation in #core on Slack.

Currently there is no easy way to identify TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. tickets specifically for adding unit tests. Some are added to the Build/Test Tools component, however the tests are not really “tools”. The reason for this is that unit tests, just like build and test tools, are “non-production code”. That means they can be committed at any time during the WordPress development cycle and do not follow the general milestones-based workflow.

Additionally, many tickets for adding unit tests are marked as “enhancements”. Following the release cycle workflow, enhancements cannot be committed during betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. and RCrelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta).. However, in practice unit tests can be committed at any time. It can be difficult to isolate these today, as the Trac search form lacks a filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. for such tickets, which makes triaging a bit harder.

Some suggestions

During the discussion in #core, several ideas were proposed about how this can be made to work better. And while there isn’t currently much traction on adding E2E tests to CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., any option explored should take this test type into account. In no particular order:

  • Component: A new Tests component, which would be exempt from the general workflow, similar to Build/Test Tools. Example component filter.
  • Focus: A tests focus, similar to the existing docs focus. Example focus filter.
  • Keyword: A tests-only keyword to identify that it’s for unit/E2E tests only, and serve to filter tickets for triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. reports. Example keyword filter.
  • Milestone: An Any Time milestone could indicate when this type of ticketticket Created for both bug reports and feature development on the bug tracker. could be committed, being primarily reserved for tests- and docs-only tickets. Example milestone filter.
  • Type: A test ticket type, to clearly differentiate from the current defect (bug)enhancement, and task (blessed) types. Example type filter.
  • Type (alternative): A new non-production type could be introduced to broadly cover any ticket that does not affect build/production code. Example type filter.

I think that any of the proposed solutions would make searching and triaging test-oriented tickets a bit easier. Some are more flexible in that it’s easier to combine terms (focuses and keywords).

What are your thoughts on these ideas to make test-only tickets easier to distinguish? Please help continue the discussion in the comments below!

Thanks @costdev and @ironprogrammer for the suggestions and reviews.

#proposal, #trac

Introducing Core Team Reps for 2025

Now that the nominations process for Core Team Reps has concluded, I’m pleased to announce that @francina and @audrasjb have agreed to serve as CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Team Reps for 2025 with @benjamin_zekavica joining them in a mentorship role to start the year. This team brings deep experience to the role, with both @francina and @audrasjb having served multiple times, going back to 2020. This structure ensures continuity while also allowing us to welcome new contributors to this role.

About our new Team Reps

Francesca Marano

Francesca Marano is the Head of Partnership at Patchstack, a cyber security company helping companies and software developers to identify & patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. vulnerabilities in open-source code. Francesca co-led the release of WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ 5.3, 5.4, 6.2, and 6.3. She mentored multiple releases, including 5.6, the first-ever women and non-binary squad. She served as the Core Team global representative and previously as the Community Team RepTeam Rep A Team Rep is a person who represents the Make WordPress team to the rest of the project, make sure issues are raised and addressed as needed, and coordinates cross-team efforts.. One of the things she is most proud of is the blogblog (versus network, site) C+B, which she founded in 2013. It helped many creative female entrepreneurs find their path throughout the years. As an accomplished educator, community leader, and public speaker, you can find her around the world talking about WordPress, community, open-source, women in tech, leadership, and small businesses.

Jb Audras

Jb Audras hails from Ardèche (France), is currently the CTO of Whodunit, a well-known French WordPress agency, and is one of the WordPress Core Committers. He started using WordPress in 2007, has already served as the AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) Team Rep and Core Team Rep a few years ago. Jb led multiple maintenance and security releases and played a key role in a dozen major releases, most recently as the Core Tech Lead of WP 6.6 or Triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. Lead for WordPress 6.8. When not contributing to WordPress, Jb can be found in various cliffs, seeking new climbing challenges.

Benjamin Zekavica

Benjamin Zekavica is a web developer from Aachen, Germany, with 16 years of experience in the field. A dedicated WordPress user since 2013, he has been actively involved in the community since 2015. He contributed to WordPress 6.5 as the Design Lead and has been working on the GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ project since version 5.0. Beyond development, Benjamin is deeply engaged in the WordPress community, serving as a mentor for the Core Team and actively participating in WordCamps as an attendee, volunteer, organizer, and speaker. His passion for open-source collaboration and community building makes him a valued contributor to the WordPress ecosystem.

About the Team Rep role

The role of Team Rep in the WordPress project dates back to 2012. Anyone who serves as a “Team Rep” is responsible for communicating on behalf of the Core team to the other contributor groups via team updates, as well as occasional cross-team chats. While not formally part of the role description, folks serving in this role have also facilitated the Core team’s weekly Dev Chat meetings for the past several years. Full details on the Team Rep role is on the Team Update site.

The role is intentionally called “Team Rep” rather than “Team Lead” because it is primarily an administrative position. While people elected as Team Reps will generally come from the pool of folks that people think of as experienced leaders, the Team Rep role is designed to change hands regularly.

On behalf of @mikachan and myself (@joemcgill), thank you for allowing us to serve in the role during the past year. It’s an absolute honor to be able to support this amazing community of individuals who share their time, energy, and talents with the WordPress software project. Congratulations to our new Team Reps! We are confident that the role is in very capable hands.

#team-reps

Roadmap to 6.8

WordPress 6.8 is set to be released on April 15th, 2025. This release continues refining foundational features introduced in previous versions, focusing on improving data views, query loops, and blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. interactions. It introduces a more streamlined design experience with a “Zoom Out” editing approach, expanded style controls, and enhanced typography options. Additionally, new “Write” and “Design” modes provide users with greater flexibility when editing content. APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. developments, including the Block HooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. and Block Bindings APIs, aim to enhance extensibility, while speculative loading integration and performance optimizations seek to improve site speed. AccessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) improvements and ongoing support for PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher 8.x ensure WordPress remains user-friendly and forward-compatible.

As always, what’s shared here is being actively pursued, but doesn’t necessarily mean each will make it into the final release of WordPress 6.8.

For a more detailed look at the work related to the block editor in WordPress 6.8, please refer to the 6.8 release cycle page and review the currently open Iteration issues. These Iteration issues reflect actively scoped work targeted for this release. Additionally, to gain insight into ongoing developments and future enhancements, you can explore the discussions and updates shared in the latest Gutenberg pull requests and tracking issues.

Design Improvements

The design focus will be on polish and fix, clearing ‘needs design feedback‘ issues.

The Style Book provides a comprehensive overview of your site’s colors, typography, and block styles in an organized layout. Each block example and style group is labeled, making it easy to preview and understand your theme’s current design settings. For classic themes that support the Style Book, site patterns have been relocated to Appearance > Design > Patterns, consolidating all design-related functionality from the Site Editor into one place. Previously, patterns were listed under Appearance > Patterns.

In zoom-out mode, users can now apply different section styles and designs directly from the toolbar, cycling through them and inspecting them in the context of the rest of the page. This enhancementenhancement Enhancements are simple improvements to WordPress, such as the addition of a hook, a new feature, or an improvement to an existing feature. streamlines the decision-making and production process (#67140).

Another user experience improvement can be found in the list of fonts: Each font family is now previewed in the font picker dropdown and gives users a better indication as to what the font will look like (#67118).

The outcome of the Image manipulation methods are now better communicated in the block editor. The success notices are now displayed at the bottom of the editor. The notices also come with a handy Undo link to revert to the original if necessary (#67314, #67312).

Design tools

  • Post Comments Link: Add Border Support. (#68450)
  • Post Template: Add Border and Spacing Support. (#64425)
  • Query Total: Add Border Support. (#68323)
  • Background supports: Add default controls supports. (#68085)
  • Block supports: Show selected item in font family select control. (#68254)
  • Fix: Ensure consistency in editor tools for navigation buttons and delete options. (#67253)
  • Global Styles: Fix handling of booleans when stabilizing block supports. (#67552)

Support for Speculative Loading

Building upon the success of the Speculative Loading plugin, which has over 40,000 active installations, WordPress 6.8 plans to integrate speculative loading into coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. This feature utilizes the Speculation Rules API to prefetch URLs dynamically based on user interaction, aiming to improve performance metrics like Largest Contentful Paint (LCP). The current proposal has default configuration employing conservative prefetching to ensure safety and compatibility, but feedback is requested on this. Developers will have access to filters for customization, allowing adjustments to the speculative loading behavior as needed (#62503).

Polishing the Query LoopLoop The Loop is PHP code used by WordPress to display posts. Using The Loop, WordPress processes each post to be displayed on the current page, and formats it according to how it matches specified criteria within The Loop tags. Any HTML or PHP code in the Loop will be processed on each post. https://codex.wordpress.org/The_Loop.

By polishing the query loop we are focusing on enhancements like filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. by year, pagination, fetching results by adding offset, block spacing improvements, Sticky post not working when query type is default in editor, query loop depth set etc.

(This data comes from WordPress 6.8 Editorial Tasks and GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ releases from 19.4 to 20.2.)

Refining Data Views

Working on enhancements like Reduce the size of action buttons in Grid layout, Table layout improvements, Density option in table layout , Use badge component in dataview grids, Remove popover max height.

Working on fixing and enhancing List layouts, grid layouts, text truncation, padding and spacing in grid and list.

Zoom out to compose with patterns

With patterns getting more feature-rich and pervasive. This effort aims to provide a new, high-level approach to building and interacting with your site, with several key features in development:

  • Improvements to UXUX User experience for dragging patterns (e.g. Hide Zoom Out Inserters when dragging into canvas).
  • UX improvement on Zoom Out (e.g. Rely on Zoom level instead of Zoom Out, Zoom Out shortcut on Windows, Add Keyboard shortcut in editor, Move default background to the iframeiframe iFrame is an acronym for an inline frame. An iFrame is used inside a webpage to load another HTML document and render it. This HTML document may also contain JavaScript and/or CSS which is loaded at the time when iframe tag is parsed by the user’s browser. component, Zoom animation scrollbar fix)
  • Zoom out: fix for inserter

Follow this iteration issue for more information.

API launches and iterations

Interactivity API (Not on track for WordPress 6.8)

In WordPress 6.7, work focused on important improvements to enhance the stability and simplicity of the Interactivity API internals, the introduction of new APIs like getServerState/getServerContext and wp_interactivity_get_element, improvements to the types, and progress on the Gallery block lightbox and Query block’s Instant Search.

In WordPress 6.8, the primary focus will be on:

  • Enhancing client-side navigation, advancing full page client-side navigation while addressing and improving the limitations of region-based client-side navigation.
  • Finishing the lightbox of the Gallery Block and the Instant Search functionality for the Query and Search Blocks.

Work is also continuing to improve the documentation. Follow this tracking issue for more information.

  • Support length property on strings and arrays on the server
  • Interactivity API directives support invalidinvalid A resolution on the bug tracker (and generally common in software development, sometimes also notabug) that indicates the ticket is not a bug, is a support request, or is generally invalid. data attribute characters on the server
  • Support for marking store actions that require synchronous event access (#68097)

Follow this iteration issue and this Trac view for more information.

Block Hooks API

The Block Hooks API is an extensibility mechanism that allows you to dynamically insert blocks into block themes. In WordPress 6.8, work will continue on improvements of Block Hooks.

HTMLHTML HyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers. API

HTML API enhancements will be focused on HTML process speed improvements and new features like introducing safe composable HTML templating, Inner and outer HTML support.

Follow this iteration issue for more information.

Security enhancements

Various security-related enhancements are planned for WordPress 6.8, the most significant of which is the switch to using bcrypt for password hashing. This includes improvements to the algorithm that’s used for storing application passwords and security keys. A dedicated post will be published soon on make/core covering these changes in detail.

Additional performance improvements

A variety of initiatives are also focused on improved loading times like Lazy load post metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress., Lazy load user capabilities in wp_user object, ORDER by RAND() speed improvements, cache the result of get_uploaded_header_images(), Improve cache generation in WP_Query class, and Cache duplicate calls to WP_Theme_JSON::sanitize.  In preparation for the WordPress 6.8 release, several key performance improvements have been implemented in the block editor and collectively contribute to a more responsive and efficient editing experience.

  • Navigation Block Optimization: Addressed performance issues in the site editor when handling navigation blocks with multiple submenu items, enhancing responsiveness during template editing (#68875).
  • Selector Efficiency Enhancements: Improved the isBlockVisibleInTheInserter selector to prevent unnecessary computations, resulting in a more efficient block editor experience (#68898).
  • StyleBook Resizing Improvement: Resolved issues causing unsmooth resizing in the StyleBook for classic themes, leading to a more fluid user experience (#68978).
  • Event Handling Optimization: Introduced the withSyncEvent action wrapper utility to streamline event handling, reducing potential performance bottlenecks (#68097).
  • Inserter Selector Optimization: Implemented changes to avoid unbounded requests in inserter selectors, enhancing the efficiency of block retrieval processes (#66817).

Follow this Trac view or this performance project board label for more information.

Continued Accessibility improvements

In WordPress 6.8, we are continuing our work on Accessibility enhancements including Audit of storybook components and Improvements on Grid layout semantics/navigation.

  • Review usage of target=”_blank” in the adminadmin (and super admin)
  • Title attributes galore. They serve no useful purpose.
  • Submit buttons on form fields in the Add Media panel
  • Semantic elements for non-link links
  • Enhancement: Add a wrong password message on password protected posts
  • Code Editor: Linter (HTMLHint) should show error if checkbox doesn’t have associated <label>
  • Media uploader does not restrict file upload `accepts` parameters based on current context
  • Twenty Twenty: with horizontal menu, submenu should be dismissible
  • Add prefixes to all admin notices (Warning, Error, Success, Info)
  • Improve the admin notices accessibility
  • Fix and improve arranging metaboxes
  • Add a mechanism for accessible tooltips in core
  • Twenty Twenty: Menu + Search can cause a scroll jump on close
  • Excess text read with errors in Media Library
  • The WordPress core password reset needs to pre-populate the username to meet WCAGWCAG WCAG is an acronym for Web Content Accessibility Guidelines. These guidelines are helping make sure the internet is accessible to all people no matter how they would need to access the internet (screen-reader, keyboard only, etc) https://www.w3.org/TR/WCAG21/. 2.2
  • Validation of custom links in admin menu not accessible
  • Simplify add_new_item labels for core post types
  • Update the screen-reader-text CSSCSS Cascading Style Sheets. class and its local implementations
  • Missing “submit” button – bad accessibility
  • Bring in lighter background for admin
  • Add padding and color changes to buttons and inputs
  • Change font weight of settings and other similar labels
  • Adjust background alternate row on post and page tables
  • core/site-title block adds aria-current to the blogblog (versus network, site) page when it is not the front page
  • get_custom_logo does not apply the aria-current attribute in all cases
  • Improve HTML semantics in Site Health Info tables
  • Consider removing title attributes from Classic Editor scripts

Follow this tracking issue and this Trac view for more information.

Find something missing? Want to help?

If you have something you’re working on that you don’t see reflected in this post, please share a comment below so we can all be aware! If you’re reading this and want to help, a great place to start is by looking through each issue associated with each area or by diving into the Polish board where a curated set of issues are in place that anyone can jump in on.

Props @annezazu, @jeffpaul, @joemcgill, @flixos90, @fabiankaegy, @mamaduka, @johnbillion, @joedolson, @karmatosed for prepublish review.

#6-8, #release-roadmap

Agenda, Dev Chat, Feb 5, 2025

The next WordPress Developers Chat will take place on Wednesday at 15:00 UTC in the core channel on Make WordPress Slack.

The live meeting will focus on the discussion for upcoming releases, and have an open floor section.

Additional items will be referred to in the various curated agenda sections below. If you have ticketticket Created for both bug reports and feature development on the bug tracker. requests for help, please continue to post details in the comments section at the end of this agenda.

Announcements

The Nominations for 2025’s Core Team Reps are now closed. An announcement about next steps will be made soon.

Forthcoming releases

Next major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope.: 6.8

We are currently in the WordPress 6.8 release cycle. Read more about the release squad, timeline and focus for this release.

Next maintenance release: 6.7.2

WordPress 6.7.2 is scheduled for February 11, with a RCrelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). planned on February 4.

Review the next minor release milestone.

Next GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ release: 20.2

The next Gutenberg release will be 20.2, tentatively scheduled for February 5. It will include the following issues.

Discussions

The discussion section of the agenda is to provide a place to discuss important topics affecting the upcoming release or larger initiatives that impact the CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Team. To nominate a topic for discussion, please leave a comment on this agenda with a summary of the topic, any relevant links that will help people get context for the discussion, and what kind of feedback you are looking for from others participating in the discussion.

Topics this week

Editor Updates

You can keep up to date with the major Editor features that are currently in progress by viewing these Iteration issues.

Needs decision:

  • Patterns – Alternative ways to preview and select starter content on page creation – The purpose of showing starter content patterns on page creation is to help users who find it difficult to work on an empty canvas
  • Global Styles – Should custom CSS be moved out of global_styles and into it’s own dedicated function? – An issue occurs when a third party pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party enqueues a stylesheet via wp_enqueue_scripts without specifying a priority

Aiming to include in 6.8

Needs design:

Needs design feedback:

Some in progress bugs/enhancements:

Props to @krupaly2k for pulling together these updates.

Open floor

Any topic can be raised for discussion in the comments, as well as requests for assistance on tickets. Tickets in the milestone for the next major or maintenance release will be prioritized.

Please include details of tickets / PRs and the links in the comments, and if you intend to be available during the meeting for discussion or if you will be async.

Props to @mamaduka for reviewing the agenda.

#6-8, #agenda, #dev-chat

WordPress 6.7.2 Release Planning

WordPress 6.7.2 is scheduled to be the next maintenance release for the 6.7 version. Its release will follow the following preliminary schedule:

  • February 4, 2025 – Release Candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). made available and announced here on the make/coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. site.
  • February 11, 2025 – Final release made available.

Specific times will be decided in advance and adjustments to the schedule may be made. All adjustments will be noted in this post.

Minor or Maintenance releases of WordPress are intended as bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.-fix releases. If you have a tracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. ticketticket Created for both bug reports and feature development on the bug tracker. that you think should be considered, please put it in the 6.7.2 milestone. If you have a GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ issue, please add it to the 6.7.x Editor Tasks board. If you lack bug gardening capabilities and have a ticket or issue you wish to highlight for 6.7.2, please add a comment here.

Note: except in extreme situations, only bug fixes will be considered and generally only bugs that have been introduced during the 6.7 cycle.

Get involved with 6.7.2

Bug Scrubs will happen in the #core room during the following times:

Each of the open tickets is going to require development work along with testing and review. You can also run your own scrubs to help ensure that all of the correct tickets are fixed in this release. Additionally, while the intent is for no new translated strings in this release, some locales have strings in 6.7 in need of translation.

General coordination for the release will happen in the #6-7-release-leads channel and decisions around code for the release will be made in the #core room.

This minor releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. will be led by myself (@jorbin), building off work started by @cbravobernal and @desrosj.

Thank you to @desrosj, @jeffpaul, and @joemcgill for pre-publication review.

#6-7, #6-7-2, #6-7-x

Performance Chat Summary: 28 January 2025

The full chat log is available beginning here on Slack.

Announcements

  • All meetings will be held fortnightly, following a set agenda laid out in this document
  • With the start of 2025, we are looking for new Team Reps to represent the CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Performance Team within the overall WordPress project. If you have someone to nominate or you would like to volunteer yourself, please leave a comment!
    https://make.wordpress.org/performance/2025/01/13/core-performance-team-rep-nominations-for-2025/
    • Being a Team RepTeam Rep A Team Rep is a person who represents the Make WordPress team to the rest of the project, make sure issues are raised and addressed as needed, and coordinates cross-team efforts. is a great way to contribute, for both new and seasoned contributors. So if you’re new and unsure about it, please don’t hesitate. We are around for onboarding and guidance as needed

Discussion

  • @spacedmonkey working on #57496, #58001 and #59592 all of which could use more eyes on them
  • @mukesh27 The initial context related issue for blocks has been fixed for 6.8 and committed! https://core.trac.wordpress.org/changeset/59662
  • @flixos90 looking for reviews for https://github.com/WordPress/wordpress-develop/pull/7860, which is for #62503. Since this is a new performance feature, it would be great to get eyes soon – we probably would want to merge this sooner than later to have ample time for testing
  • @joemcgill left an update on #62126 – TL;DR, this one I was reviewing that needs to be picked up and the original reporter hasn’t responded so it’s likely a puntpunt Contributors sometimes use the verb "punt" when talking about a ticket. This means it is being pushed out to a future release. This typically occurs for lower priority tickets near the end of the release cycle that don't "make the cut." In this is colloquial usage of the word, it means to delay or equivocate. (It also describes a play in American football where a team essentially passes up on an opportunity, hoping to put themselves in a better position later to try again.) unless someone else wants to give it a look.
  • @mukesh27 For accurate sizes, opened two PRs, #1795 and #1818, and currently discussing with @joemcgill the best path forward to address the issue for nested blocks. Received some valuable feedback from Joe, which is being implemented

Our next chat will be held on Tuesday, February 11, 2025 at 16:00 UTC in the #core-performance channel in Slack

#core-performance, #hosting, #performance, #performance-chat, #summary

WordPress 6.7.1 Release Schedule

Since WordPress 6.7 was released last week, contributors have kept a close eye on incoming reports to the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ Support Forums, TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress., and the GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ repository on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/. Though volume has not been meaningfully higher than normal after a major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope., most reports are describing a small set of issues that should be addressed expeditiously.

Schedule

WordPress 6.7.1 will be targeted for release on Thursday, November 21, 2024 with a very specific focus of only fixing bugs there were introduced in the 6.7 release. The goal is to deliver a small handful of high-impact bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. fixes for added stability prior to the busy online commerce holiday week consisting of Black Friday, Cyber Monday, and Giving Tuesday.

The release will be lead by myself (@desrosj) and @cbravobernal. If you’re interested in volunteering, please comment below or drop a message in the #6-7-release-squad channel in SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

Date/TimeEvent
Tuesday, November 19, 2024Continued triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors., testing, and committing/backporting fixes.
Wednesday, November 20, 2024 at 13:00PM UTCGutenberg package updates released/pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party update released (if necessary).
Wednesday, November 20, 2024 at 17:00PM UTCWordPress 6.7.1 RC1
Thursday, November 21, 2024 at 13:30PM UTCWordPress 6.7.1 General Release

Targeted Fixes

The following are the high priority items that cumulatively make a fast-follow release necessary:

  • sizes=auto causing images to show smaller than they should (#62413)
  • Translations not being applied properly (#62337)
  • Patterns without categories break the editor when browsing uncategorized patterns (GB-66944/GB-66888)
  • Zoom in doesn’t focus on the right area of the screen based on selected item (a few PRs issues for this)
  • Zoom out button goes missing when plugins register toolbar items (GB-66884)

The following are bugs that should be included if ready, but as understood now are not affecting as many people or are less problematic:

  • Using the Upload button in image-based blocks in Safari unexpectedly converts images to HEIC with a temporary file name (#62447)
  • CategoryCategory The 'category' taxonomy lets you group posts / content together that share a common bond. Categories are pre-defined and broad ranging. management in the Classic Editor is broken (#62440)
  • CSSCSS Cascading Style Sheets. targets changed on the login screen affecting custom logos (#62410)

Finally, the following are minor bug fixes introduced in 6.7 that should also be considered:

  • Horizontal scroll bar in the CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. (#62313)
  • Undefined key warning in wp_salt() (#62424)
  • Untranslatable strings in nav-menu.js (#62402)

There is currently only one ticketticket Created for both bug reports and feature development on the bug tracker. that does not represent a bug introduced during 6.7 being considered: #62331. This is a pretty significant performance problem for sites using GD for image editing that should be considered. It was only discovered 2 weeks ago, too late to be considered for 6.7.

A full list of tickets being considered for 6.7.x minor releases can be found on Trac and the WordPress 6.7.x project board on GitHub.

Props @joemcgill for review.

Agenda, Dev Chat, Jan 22, 2025

The next WordPress Developers Chat will take place on Wednesday at 20:00 UTC in the core channel on Make WordPress Slack.

The live meeting will focus on the discussion for upcoming releases, and have an open floor section.

Additional items will be referred to in the various curated agenda sections below. If you have ticketticket Created for both bug reports and feature development on the bug tracker. requests for help, please continue to post details in the comments section at the end of this agenda.

Announcements

The Nominations for 2025’s Core Team Reps are remain open. Please nominate people in the comments of that post. Self-nominations are welcome. The deadline is January 31, 2025.

Forthcoming releases

Next major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope.: 6.8

We are currently in the WordPress 6.8 release cycle. Read more about the release squad, timeline and focus for this release.

Next maintenance release: 6.7.2

UPDATE: A release schedule for 6.7.2 has just been announced. Current release date is February 11.

Review the next minor release milestone.

Next GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ release: 20.1

The next Gutenberg release will be 20.1, scheduled for January 22. It will include the following issues.

Discussions

The discussion section of the agenda is to provide a place to discuss important topics affecting the upcoming release or larger initiatives that impact the CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Team. To nominate a topic for discussion, please leave a comment on this agenda with a summary of the topic, any relevant links that will help people get context for the discussion, and what kind of feedback you are looking for from others participating in the discussion.

Topics this week

  • Proposal: Moving Dev Chat starting next week, January 29, 2025 to 15:00 UTC. Based on conversation last week, and feedback from the release squad availability, I’m proposing that we change the time of Dev Chat meetings for the 6.8 cycle to 15:00 UTC.
  • [suggestions welcome]

Editor Updates

You can keep up to date with the major Editor features that are currently in progress by viewing these Iteration issues.

  • Show the starter content pattern category on page creation. This touches on the larger new feature slated for 6.8 to use zoom out to power new pages.
  • Try using popover API for image lightbox — Improves accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) of the image lightbox feature.
  • New Block: Implement progress bar block — Kicks off a new possible Core blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience.!

Thanks to @annezazu and @krupaly2k for pulling together these updates.

Open floor

Any topic can be raised for discussion in the comments, as well as requests for assistance on tickets. Tickets in the milestone for the next major or maintenance release will be prioritized.

Please include details of tickets / PRs and the links in the comments, and if you intend to be available during the meeting for discussion or if you will be async.

#6-8, #agenda, #dev-chat