What's New in version 5.1.1:

  • WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.
  • This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
  • WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.
  • Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

Other highlights of this release include:

  • Hosts can now offer a button for their users to update PHP.
  • The recommended PHP version used by the “Update PHP” notice can now be filtered.
  • Several minor bug fixes.

What's New in version 5.0:

  • We've made some big upgrades to the editor. Our new block-based editor is the first step toward an exciting new future with a streamlined editing experience across your site. You'll have more flexibility with how content is displayed, whether you are building your first site, revamping your blog, or write code for a living.

Building with Blocks:

  • The new block-based editor won't change the way any of your content looks to your visitors. What it will do is let you insert any type of multimedia in a snap and rearrange to your heart's content. Each piece of content will be in its own block; a distinct wrapper for easy maneuvering. If you're more of an HTML and CSS sort of person, then the blocks won't stand in your way. WordPress is here to simplify the process, not the outcome.

We have tons of blocks available by default, and more get added by the community every day. Here are a few of the blocks to help you get started:

  • Paragraph
  • Heading
  • Preformatted
  • Quote
  • Image
  • Gallery
  • Cover
  • Video
  • Audio
  • Columns
  • File
  • Code
  • List
  • Button
  • Embeds
  • More

Freedom to Build, Freedom to Write:

  • This new editing experience provides a more consistent treatment of design as well as content. If you're building client sites, you can create reusable blocks. This lets your clients add new content anytime, while still maintaining a consistent look and feel.

A Stunning New Default Theme:

  • Introducing Twenty Nineteen, a new default theme that shows off the power of the new editor.

Designed for the block editor:

  • Twenty Nineteen features custom styles for the blocks available by default in 5.0. It makes extensive use of editor styles throughout the theme. That way, what you create in your content editor is what you see on the front of your site.

Simple, type-driven layout:

  • Featuring ample whitespace, and modern sans-serif headlines paired with classic serif body text, Twenty Nineteen is built to be beautiful on the go. It uses system fonts to increase loading speed. No more long waits on slow networks!

Versatile design for all sites:

  • Twenty Nineteen is designed to work for a wide variety of use cases. Whether you're running a photo blog, launching a new business, or supporting a non-profit, Twenty Nineteen is flexible enough to fit your needs.

What's New in version 4.9.8:

  • If Gutenberg is not installed or activated, the callout will be shown to Admin users on single sites, and Super Admin users on multisites.
  • If Gutenberg is installed and activated, the callout will be shown to Contributor users and above.
  • If the Classic Editor plugin is installed and activated, the callout will be hidden for all users.
  • The type of request being confirmed is now included in the subject line for all privacy confirmation emails.
  • Improved consistency with site name being used for privacy emails in multisite.
  • Pagination for Privacy request admin screens can now be adjusted.
  • Increased the test coverage for several core privacy functions.

What's New in version 4.9.6 RC 2:

Bug fixes:


  • #44064 – Define $title and $parent_file in privacy.php
  • #44045 – GDPR WP Pointer dismiss link can be unreachable
  • #44050 – Privacy: Abandoned heading in WP_Privacy_Policy_Content::get_default_content()
  • #44048 – Privacy: exclude the wrapper from the default policy content
  • #44075 – GDPR inline documentation improvements
  • #44062 – Don't show privacy feature pointer to new users
  • #44065 – Remove is-dismissible class from notice when privacy info has changed
  • #44057 – It's not obvious what to do if menu bubble for policy update appears
  • #44056 – Fix markup for table of contents on privacy policy guide
  • #44076 – Add wp_page_for_privacy_policy to populate_options()
  • #44026 – Export and Erase Personal Data tables misaligned under 782px
  • #43491 – Automatically create a Privacy Policy page when installing WordPress
  • #44063 – Privacy policy guide: do not remove the “Suggested text has changed” bubble on saving the policy page
  • #44046 – GDPR Privacy Policy Link in wp-login.php page can overflow other links
  • #44055 – Don't show notice to the privacy policy guide when user cannot view the guide
  • #44054 – Escape the comment link output in the wp_comments_personal_data_exporter() function.
  • #44093 – Proposed Adjustment to Privacy Settings buttons
  • #44092 – Export/Erase tools: CSS issues with next_steps buttons with some locales
  • #44091 – Rename exports folder to avoid deleting other files
  • #44079 – Require 'manage_privacy_options' capability to edit the privacy policy page

What's New in version 4.9.5:

WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:

  • Don't treat localhost as same host by default.
  • Use safe redirects when redirecting the login page if SSL is forced.
  • Make sure the version string is correctly escaped for use in generator tags.
  • Thank you to the reporters of these issues for practicing ?coordinated security disclosure: xknown of the WordPress Security Team, Nitin Venkatesh (nitstorm), and Garth Mortensen of the WordPress Security Team.

Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:

  • The previous styles on caption shortcodes have been restored.
  • Cropping on touch screen devices is now supported.
  • A variety of strings such as error messages have been updated for better clarity.
  • The position of an attachment placeholder during uploads has been fixed.
  • Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.
  • Improved compatibility with PHP 7.2.