WordPress 4.3 Now Available

WordPress Hosting

WordPress 4.3 is now available for download and upgrade. New features in 4.3 make it even easier to format your content and customize your site.

Menus in the Customizer

Create your menu, update it, and assign it, all while live-previewing in the customizer. The streamlined customizer design provides a mobile-friendly and accessible interface. With every release, it becomes easier and faster to make your site just the way you want it.

Continue reading

Posted in Application News | Leave a comment

WordPress 4.2.4 Security Release

WordPress Hosting

WordPress 4.2.4 is now available for download and upgrade.

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress 4.2.4 addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.

WordPress 4.2.4 also fixes four bugs. For more information on all of the changes, see the release notes or consult the list of changes.

Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.

Posted in Application News | Leave a comment

WordPress 4.2.3 Security Release

WordPress 4.2.3 is now available for download and upgrade.

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress Hosting

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site.

Version 4.2.3 fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft and it contains fixes for 20 bugs from 4.2.

For more information on all of the changes, see the release notes or consult the list of changes.

Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.

Posted in Application News | Leave a comment

WordPress 4.1 Now Available

WordPress 4.1 is now available for download and upgrade. New features in WordPress 4.1 help you focus on your writing, and the new default theme lets you show it off in style.

WordPress Hosting

Introducing Twenty Fifteen

gallery

The newest default theme, Twenty Fifteen, is a blog-focused theme designed for clarity.

Twenty Fifteen has flawless language support, with help from Google’s Noto font family.

The straightforward typography is readable on any screen size.

Your content always takes center stage, whether viewed on a phone, tablet, laptop, or desktop computer.


Distraction-free writing

Sometimes, you just need to concentrate on putting your thoughts into words. Try turning on distraction-free writing mode. When you start typing, all the distractions will fade away, letting you focus solely on your writing. All your editing tools instantly return when you need them.


The Finer Points

Choose a language

Right now, WordPress 4.1 is already translated into over forty languages, with more always in progress. You can switch to any translation on the General Settings screen.

Log out everywhere

If you’ve ever worried you forgot to sign out from a shared computer, you can now go to your profile and log out everywhere.

Vine embeds

Embedding videos from Vine is as simple as pasting a URL onto its own line in a post. See the full list of supported embeds.

Plugin recommendations

The plugin installer suggests plugins for you to try. Recommendations are based on the plugins you and other users have installed.


Under the Hood

Complex Queries

Metadata, date, and term queries now support advanced conditional logic, like nested clauses and multiple operators — A AND ( B OR C ).

Customizer API

The customizer now supports conditionally showing panels and sections based on the page being previewed.

<title> tags in themes

add_theme_support( 'title-tag' ) tells WordPress to handle the complexities of document titles.

Developer Reference

Continued improvements to inline code documentation have made the developer reference more complete than ever.

Posted in Application News | Leave a comment

WordPress 4.0.1 Security Release

WordPress 4.0.1 is now available for download and upgrade.

This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress Hosting

Sites that support automatic background updates will be updated to WordPress 4.0.1 automatically. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (Older versions than 3.7.x are no longer supported so it is recommended to upgrade to the latest version)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site.
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests.
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008.
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address.

Version 4.0.1 also fixes 23 bugs with 4.0 and two hardening changes, including better validation of EXIF data that are extracted from uploaded photos.

For more information on all of the changes, see the release notes or consult the list of changes.

Posted in Application News | Leave a comment

SSLv3 Disabled Due to POODLE Bug

Engineers at Google found a new vulnerability in SSL version 3.0 (SSLv3) and they call it POODLE (Padding Oracle On Downgraded Legacy Encryption). The vulnerability allows an attacker to add padding to a request in order to then calculate the plaintext of encryption using the SSLv3 protocol. Effectively, this allows an attacker to compromise the encryption when using the SSLv3 protocol. Full details have been published by Google in a paper.

Who does this affect?

SSLv3 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

However, the only group of users who will be seriously affected by this bug is those who are still using Internet Explorer 6 on Windows XP (both are already at their End of Life).

According to CloudFlare, 0.09% of all traffic across their network is SSLv3. For HTTPS traffic, 0.65% across their network uses SSLv3. The good news is most of that traffic is actually attack traffic and some minor crawlers. For real visitor traffic, today 3.12% of CloudFlare’s total SSL traffic comes from Windows XP users. Of that, 1.12% Windows XP users connected using SSLv3. In other words, even on an out-of-date operating system, 98.88% Windows XP users connected using TLSv1.0+ — which is not vulnerable to this vulnerability.

Our Response

We will be disabling SSLv3 across all of our servers as this is a serious vulnerability with no patch in sight (as SSLv3 is very old) and most web browsers will be dropping support for SSLv3 after this POODLE incident anyway.

If you receive any complaints from your website visitors who are affected by the decision to disable SSLv3, we highly recommend that you suggest them to stop using Internet Explorer 6 and switch to a modern browser like Google Chrome, Mozilla Firefox, Safari and Opera.

For those of you who are not aware, even Microsoft is discouraging Windows XP users from using Internet Explorer 6 with their IE 6 Countdown website since the year 2011.

(Poodle image via Flickr, CC license.)

Posted in General | Leave a comment

WordPress 4.0 Now Available

WordPress 4.0 is now available for download and upgrade. This release brings you a smoother writing and management experience.

WordPress Hosting

Manage your media with style

gallery

Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.


Working with embeds has never been easier



Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.

We’ve expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.


Focus on your content



Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools available at all times.


Finding the right plugin

gallery

There are more than 30,000 free and open source plugins in the WordPress plugin directory. WordPress 4.0 makes it easier to find the right one for your needs, with new metrics, improved search, and a more visual browsing experience.

Posted in Application News | Leave a comment

WordPress 3.9.2 Security Release

WordPress 3.9.2 is now available for download and upgrade.

This is an important security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress Hosting

This release fixes a possible denial of service issue in PHP’s XML processing.

WordPress 3.9.2 also contains other security changes:

  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default).
  • Prevents information disclosure via XML entity attacks in the external GetID3 library.
  • Adds protections against brute attacks against CSRF tokens.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

For more information on all of the changes, see the release notes or consult the list of changes.

Posted in Application News | Leave a comment

WordPress 3.9.1 Maintenance Release

WordPress 3.9.1 is now available for download and upgrade.

WordPress Hosting

This maintenance release fixes 34 bugs in 3.9, including numerous fixes for multisite networks, customizing widgets while previewing themes, and the updated visual editor.

It also include some improvements to the new audio/video playlists feature and some adjustments to improve performance.

For a full list of changes, consult the list of tickets and the changelog.

If you are one of the millions already running WordPress 3.9, you will be automatically upgraded to 3.9.1 within the next 24 hours with the automatic background updates.

Posted in Application News | Leave a comment

WordPress 3.9 Now Available

WordPress 3.9 is now available for download and upgrade. This release features a number of refinements.

WordPress Hosting

A smoother media editing experience

editor

Improved visual editing

The updated visual editor has improved speed, accessibility, and mobile support. You can paste into the visual editor from your word processor without wasting time to clean up messy styling. (Yeah, we’re talking about you, Microsoft Word.)

 

image

Edit images easily

With quicker access to crop and rotation tools, it’s now much easier to edit your images while editing posts. You can also scale images directly in the editor to find just the right fit.

 

dragdrop

Drag and drop your images

Uploading your images is easier than ever. Just grab them from your desktop and drop them in the editor.

 

 


Gallery previews

gallery

Galleries display a beautiful grid of images right in the editor, just like they do in your published post.


Do more with audio and video

WP Media Element


Live widget and header previews

Add, edit, and rearrange your site’s widgets right in the theme customizer. No “save and surprise” — preview your changes live and only save them when you’re ready.

The improved header image tool also lets you upload, crop, and manage headers while customizing your theme.


Stunning new theme browser

theme

Looking for a new theme should be easy and fun. Lose yourself in the boundless supply of free WordPress.org themes with the beautiful new theme browser.

Posted in Application News | Leave a comment