News in the WordPress world, February 2016
WordPress 4.5 Beta 1 is almost ready for testing
As always, the new release includes tons of bug fixes and new features. Here is a quick preview of some of the new features:
- Performance improvements to the customizer, to help refreshing only the things you’ve changed.
- More Markdown-like patterns in the Visual Editor
- Jetpack’s Site Logo feature will most likely be added to Core.
- A 7-year old ticket was closed, and you can log in using your account email address instead of a username!
A few other Feature Plugins might still make it to 4.5, and are listed here.
Make sure to check the list, you might be interested in some features, like 2 Factor Authentication or the Fields API; you can test them by installing the plugins right from your dashboard.
WordPress REST API News: what should be in WordPress 4.5?
There was a lot of discussion about this in the past few weeks. The WP REST API just hit version 2.0, and while it’s still very much a work in progress, the team would like to merge the 4 first endpoints in WordPress 4.5:
These endpoints are mostly ready, short of a few things to iron out, like password-protected posts, or sticky posts.
WordPress’ project lead, Matt Mullenweg, would rather wait until more endpoints are created, until the API supports everything you can do in wp-admin, and only then merge the endpoints into WordPress. While full parity isn’t necessarily his end goal, what he seems to be most interested in is releasing a product that is as much a “minimum viable product” as it is a “minimum lovable product”.
This has created some controversy, and it’s still not clear what will happen with the WP REST API in the next few weeks. The community seems divided between 3 different options:
- Will the 4 endpoints be merged into 4.5 as is?
- Will the 4 endpoints need to be polished and fully complete before to be merged?
- Will more endpoints have to created to reach a wp-admin parity before anything is merged?
You can read more about this here:
- REST API meeting summary, Feb 4
- Progressive Enhancement With the WordPress REST API
- Chicken and Eggs
- WordPress Contributors Look for a Path Forward for the WP REST API
- Complete coverage should not be a requirement for core inclusion of WordPress REST API endpoints
Do you use Woocommerce on sites with a very large inventory?
You probably know how hard it can be to maintain good performance and a good Search feature on large Woocommerce sites. Lucky for us, 10up just released ElasticPress WooCommerce, a free plugin in the W.org plugin repository allowing you to run Woocommerce queries through Elasticsearch instead of your local database. All you need is a server running Elasticsearch, and the ElasticPress plugin (also free).
Critical Security Vulnerability Discovered in Elegant Themes Products
If you use an Elegant Themes product, be it a theme or a plugin, go update now!
An information disclosure vulnerability was found in the Divi Builder (included in our Divi and Extra themes, as well as our Divi Builder plugin) which resulted in the potential for user privilege escalation. If properly exploited, it could allow registered users, regardless of role, on your WordPress installation to perform a subset of actions within the Divi Builder, including the ability to manipulate posts.