WPBeginner » News http://www.wpbeginner.com Beginner's Guide for WordPress Sat, 02 May 2015 02:16:35 +0000 en-US hourly 1 http://wordpress.org/?v=4.2.1 WordPress 4.2.1 – Security Release Fixes Zero Day XSS Vulnerability – Update Now http://www.wpbeginner.com/news/wordpress-4-2-1-security-release-fixes-zero-day-xss-vulnerability-update-now/ http://www.wpbeginner.com/news/wordpress-4-2-1-security-release-fixes-zero-day-xss-vulnerability-update-now/#comments Mon, 27 Apr 2015 18:49:43 +0000 http://www.wpbeginner.com/?p=27624 Just 3 days after the release of WordPress 4.2, a security researcher found a Zero day XSS Vulnerability that affects WordPress 4.2, 4.1.2, 4.1.1, 4.1.3, and 3.9.3. This allows an attacker to inject JavaScript into comments and hack your site. WordPress team responded fast and… Read More »

To leave a comment please visit WordPress 4.2.1 – Security Release Fixes Zero Day XSS Vulnerability – Update Now on WPBeginner.

]]>
Just 3 days after the release of WordPress 4.2, a security researcher found a Zero day XSS Vulnerability that affects WordPress 4.2, 4.1.2, 4.1.1, 4.1.3, and 3.9.3. This allows an attacker to inject JavaScript into comments and hack your site. WordPress team responded fast and fixed the security issue in WordPress 4.2.1, and we strongly recommend that you update your sites immediately.

WordPress XSS Security

Jouko Pynnönen, a security researcher at Klikki Oy, who reported the issue described it as:

If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.

Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.

This particular vulnerability is similar to the one reported by Cedric Van Bockhaven which was patched in the WordPress 4.1.2 security release.

Unfortunately, they did not use proper security disclosure and instead posted the exploit publicly on their site. This means that those who do not upgrade their site will be in serious risks.

Update: We have learned, that they tried contacting WordPress security team but failed to get a timely response.

If you haven’t disabled automatic updates, then your site will automatically update.

Once again, we strongly advise that you update your site to WordPress 4.2.1. Make sure to backup your site before you update.

To leave a comment please visit WordPress 4.2.1 – Security Release Fixes Zero Day XSS Vulnerability – Update Now on WPBeginner.

]]>
http://www.wpbeginner.com/news/wordpress-4-2-1-security-release-fixes-zero-day-xss-vulnerability-update-now/feed/ 13
What’s New in WordPress 4.2 http://www.wpbeginner.com/news/whats-new-in-wordpress-4-2/ http://www.wpbeginner.com/news/whats-new-in-wordpress-4-2/#comments Thu, 23 Apr 2015 19:17:41 +0000 http://www.wpbeginner.com/?p=27489 WordPress 4.2 was released just a few minutes ago. This is the first major WordPress release of 2015. It fixes many issues and adds some great new features to WordPress. Sadly, some really cool features were dropped because they were not yet ready to be… Read More »

To leave a comment please visit What’s New in WordPress 4.2 on WPBeginner.

]]>
WordPress 4.2 was released just a few minutes ago. This is the first major WordPress release of 2015. It fixes many issues and adds some great new features to WordPress. Sadly, some really cool features were dropped because they were not yet ready to be shipped. In this article, we will show you what’s new in WordPress 4.2 and which features you should try after updating your sites.

WordPress 4.2 Features

This is a major WordPress release, which means your site will not get automatically updated unless you are using managed WordPress hosting. You will have to initiate the update from your WordPress dashboard. As always, don’t forget to backup your WordPress site before updating.

New and Improved Press This Tool

WordPress 4.2 comes with the new and improved Press This tool.

Installing Press This tool for WordPress

It is a simple bookmarklet that you can drag and drop to your browser’s bookmarks bar or add to your mobile homescreen. This allows you to easily share any content from anywhere on the web to your WordPress site with a simple click or tap.

Using Press This tool on your mobile phones

Press This will now automatically find images, excerpt, and title for the content you are sharing and embed it to a post on the fly. This will make sharing content a lot faster and easier for many users.

New Characters & Emoji Support in WordPress 4.2

Emoji are natively available on all modern devices including mobile phones. WordPress didn’t support emoji natively. WordPress 4.2 resolved this by adding the native support for emoji. You can now use emojis anywhere on your WordPress site.

Using Emojis on a WordPress site from a mobile phone

The support for Emoji was made possible by the underlying work done to add native support for Chinese, Japanese, Korean characters. WordPress 4.2 will automatically switch your utf-8 database to utf8mb4. This change will also allow musical and mathematical symbols and even hieroglyphs.

While many users may not be as excited about Emoji support, the support for more language characters is a huge improvement for a very large global WordPress user base.

Faster Plugin Updates

Plugin updates required you to click on the update link and wait for a page to load which showed update progress. Then after the update you were able to move on to do whatever you were doing. This will change in WordPress 4.2 which now comes with a faster one-click plugin updates.

Faster plugin updates in WordPress 4.2

Earlier in our What’s coming in WordPress 4.2 article, we showed you faster plugin install feature. It was similar to the update feature but allowed users to install plugins without reloading page. This feature was dropped during the beta.

More Auto Embeds

Just like YouTube videos, Tweets, and many other services, Tumblr and Kickstarter are now included into oEmbed whitelist in WordPress. You can now paste a link from Tumblr or Kickstarter and see it automatically embedded into the post.

Tumblr auto embed in WordPress

Theme Switching in Customizer

WordPress 4.2 comes with some great improvements in the customizer. You can now switch themes directly from theme customizer and make changes. This will enable users to quickly preview themes and customize themes without even activating them.

Theme Switching in WordPress 4.2

Under The Hood Changes

Messages generated by JavaScript calls to the server will now be readable by screen-readers. Plugin authors and developers can use wp.a11y.speak() to send audible notifications.

Terms shared by multiple taxonomies will now be split when one of them is updated.

Complex ordering support with meta query clauses is now supported by WP_Query, WP_Comment_Query, and WP_User_Query.

There are some minor changes in the default WordPress color scheme.

There are many bug fixes and other under the hood improvements. You can see a full list of changes here.

We hope you liked this overview of what’s new in WordPress 4.2. We are particularly excited about faster plugin update feature. What are you excited about?

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

To leave a comment please visit What’s New in WordPress 4.2 on WPBeginner.

]]>
http://www.wpbeginner.com/news/whats-new-in-wordpress-4-2/feed/ 11
What’s Coming in WordPress 4.2 (Features and Screenshots) http://www.wpbeginner.com/news/whats-coming-in-wordpress-4-2-features-and-screenshots/ http://www.wpbeginner.com/news/whats-coming-in-wordpress-4-2-features-and-screenshots/#comments Mon, 23 Mar 2015 12:13:38 +0000 http://www.wpbeginner.com/?p=26411 After the release of WordPress 4.1, the development of the next major release started in full swing. WordPress 4.2 will be the first major release of 2015, and it is planned to be released by end of April. There are a lot of exciting things… Read More »

To leave a comment please visit What’s Coming in WordPress 4.2 (Features and Screenshots) on WPBeginner.

]]>
After the release of WordPress 4.1, the development of the next major release started in full swing. WordPress 4.2 will be the first major release of 2015, and it is planned to be released by end of April. There are a lot of exciting things happening around it. In this article, we will show you what’s coming in WordPress 4.2 with features and screenshots.

You can try out the beta version on your computer or on a staging environment by using the WordPress Beta Tester plugin.

WordPress 4.2

New and Improved Emoji Support

Do you use Emoji’s in your text messages, facebook statuses, etc? Well, now you can use it in your WordPress blog posts as well.

Emojis are cool and fun way to express your feelings in a text-based communication. WordPress had basic emoticons for a long time, and even though it was possible for users to add emoji support to WordPress, it was not supported by the core.

With WordPress 4.2 your WordPress sites will have built-in emoji support. If you are using a mobile device, you can easily add emojis to your posts, comments, categories, and in most places where you can write text. This includes post slugs as well.

Native support for emojis in WordPress 4.2

Update: We realized that a lot of users weren’t as excited about Emojis and would have preferred other features. We wanted to highlight that Emoji support came out from the underlying work that had to be done to improve WordPress database and make it possible to use Han characters (Chinese, Japanese, Korean, etc) natively in WordPress.

As you can imagine, this is a huge thing for a large population of the world.

Switching Theme in Customizer

WordPress 4.2 will bring improvements to the way you install, browse, and preview themes using the WordPress customizer. You will now be able to switch, preview, and activate themes from the theme customizer screen.

Theme switcher in WordPress 4.2

You can also click on the ‘Add New’ button to browse and install new themes.

Faster Plugin Installation and Updates

Plugin installation will be streamlined in WordPress 4.2. Now users will be able to install plugins directly from the ‘Add New Plugin’ or search results.

Faster plugin installation in WordPress 4.2

Plugins will not only be installed, but they will also be activated. This will reduce one step and two page loads from the plugin installation process.

If you want to install a plugin and not activate it, then you will have to go back to Installed Plugins screen and deactivate the plugin.

Same goes for the updates, users will be able to update plugins from the Installed Plugins screen without leaving the page.

New and Improved Press This Button

Press This is a little-known tool in WordPress that is gaining a rebirth in WordPress 4.2. There are two major improvements.

Press This in WordPress 4.2

The first one is the bookmarklet that you can drag and drop to your browser’s bookmarks bar. Simply click on the Press This bookmark when you want to post about a topic you are viewing on the web. It will open your WordPress post editor inside a popup, and it will automatically fetch the page title, image, and an excerpt from the page with a link back to the original source.

Press This popup in the upcoming WordPress 4.2

You can use it anywhere on the web. If you are on an oEmbed enabled site like YouTube, Twitter, Vimeo, Instagram, then it will automatically fetch the embed code as well.

The second Press This tool is a simple link which you can open in your mobile browser and add it to your home screen / bookmark it.

Adding Press This to your Home Screen in mobile devices

Under The Hood Improvements

There are some minor changes in the default color scheme for the WordPress admin area. (#31234)

Shared terms across different taxonomies will now split when one of them is updated. This will resolve the issue of shared terms showing updates from different taxonomies. (#5809)

New feature in wp.a11y.speak() function will allow screen readers to be able to read response generated by JavaScript. (#31368)

We hope this article gave you a glimpse of what’s coming in WordPress 4.2. Let us know which features you are excited about, and what you would like to see in the future release of WordPress?

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

To leave a comment please visit What’s Coming in WordPress 4.2 (Features and Screenshots) on WPBeginner.

]]>
http://www.wpbeginner.com/news/whats-coming-in-wordpress-4-2-features-and-screenshots/feed/ 54