WordCamp Europe, Supply Chain Attack, More Acquisitions 🗞️ July 2024 WordPress News w/ WPShout

Core WordPress news

WordPress 6.6 betas and release candidates

In June, we got our first looks at WordPress 6.6, as the next major version worked its way through the beta and release candidate process.

The first beta was released at the beginning of the month on June 4. After releasing a total of three betas, the first release candidate for version 6.6 dropped on June 25.

I’ll have more on the new features and changes in next month’s news post. But here’s a very quick rundown on what to expect from WordPress 6.6:

• Several improvements to the Site Editor
• Partial overrides for synced patterns
• Pattern management for classic themes
• A new Grid block to give you more control over grid-based layouts
• Automatic update rollbacks for plugins – if updating a plugin breaks your site, WordPress can automatically roll back to the previous version

WordPress 6.6 is currently scheduled for release on July 16. As always, that date could change if something comes up near the release date.

WordPress 6.5.5 was released on June 24

While WordPress 6.6 has been working its way through the release schedule, WordPress 6.5 also got some fixes in late June.

On June 24, WordPress 6.5.5 was pushed out. It’s a security and maintenance release that includes three security fixes and three bug fixes.

Because it’s a minor release focused on security and maintenance, you should apply WordPress 6.5.5 ASAP if you haven’t done so already.

The WordPress.org Theme Directory got its redesign

In several recent news roundups, I’ve been writing about the piece-by-piece redesign going on at WordPress.org, with the Plugin Directory getting a facelift in May.

In mid-June, the Theme Directory finally got its chance for a glow-up. The new design matches the changes at the Plugin Directory, along with the rest of the updates to WordPress.org.

The actual listing page for a single theme hasn’t changed much, beyond a style update. However, there are bigger adjustments to some other parts:

• In the theme previewer interface, you can now apply different style variations and patterns (for block themes).
• The filtering system has gotten a big update, with a new interface and options.

In addition to the style changes, the new Theme Directory design is also now powered by blocks, which has been another focus of the redesign process.

WordPress plugin, theme, and product news

WordPress.com Studio is now available for Windows

In a recent news roundup, I wrote about the release of WordPress.com Studio, Automattic’s new free local WordPress development tool.

When it first launched, there was only a Mac version. But in late May, they publicly launched the Windows version, as well. Now, you can experiment with WordPress.com Studio regardless of your computer’s operating system.

If local WordPress development is part of your workflow, give it a try and see if it can help you improve your setup.

Metorik publishes the 2024 edition of Metorik Insights for WooCommerce

If you run a WooCommerce store (or just an eCommerce store in general), I recommend checking out the 2024 edition of the Metorik Insights for WooCommerce!

The report includes a bunch of stats and details about tons of different WooCommerce data points, including average order value based on users’ devices, order milestones, and lots more.

For example, while Metorik found that 62% of customers placed their orders on mobile devices, the average order value from desktop shoppers was almost double that of mobile shoppers.

You can download the free report by entering your email and name.

Bluehost launches its AI WordPress website creation tool

In early June, Bluehost launched its new WordPress-powered AI Website Creator tool.

Users can answer a few questions to describe their website and goals and then the tool will use AI to turn that information into a unique website.

While the AI website creation part is new, the setup still relies heavily on Bluehost’s WonderSuite for everything that comes after. 

If you want to learn more, the WonderSuite page has been updated with the AI website builder functionality. Search Engine Journal also posted about its release.

WordPress business news

All In One SEO acquired LowFruits

In a half-WordPress/half-SaaS marriage, All In One SEO (Awesome Motive) acquired the LowFruits keyword research tool.

If you’re not familiar with LowFruits, its goal is to help you discover low-difficulty keywords in a more effective way than the “keyword difficulty” score in tools like Ahrefs.

A big part of helping you find those opportunities was looking for keywords that had forums like Reddit and Quora ranking in the top positions. However, given Google’s changes to prioritize Reddit and Quora, that approach is no longer quite as effective in my opinion. This is because Quora and Reddit now appear on pretty much every query, even competitive ones (such as “best web host”).

While I have no insights into the sale, I can’t help but wonder if those types of changes had anything to do with the LowFruits founder’s desire to sell.

LowFruits does use other metrics to discover “weak spots,” so it didn’t rely just on the presence of forums. It also has other features, such as keyword clustering. Nonetheless, I always found the forum feature to be the most useful part.

Based on the acquisition announcement post, LowFruits will continue to operate independently of All In One SEO.

AI Bud plugin acquired

AI Bud is a freemium AI plugin that helps people use AI in WordPress for text generation, image generation, chatbots, and more. While it’s not as popular as some similar plugins like AI Engine and AI Power, it’s carved out a solid user base for itself, with 3,000 active installs according to WordPress.org.

In June, the plugin got a new owner, when Ahmad Hussein acquired the plugin from Çağdaş Dağ.

Both of them tweeted some of their thoughts on their half of the process:

Hostinger surpassed €100 million in revenue in 2023

If you read the results of our 2024 WordPress hosting survey, there were some big changes in terms of popularity as Hostinger overtook GoDaddy as the most popular host among our survey respondents.

This isn’t the only thing that’s gone well for Hostinger this year. Back in March, Hostinger also earned a spot on the WordPress.org recommended host lists. Previously, that spot had been held by SiteGround, but SiteGround was removed in 2023.

At the very end of May, Hostinger posted the actual numbers behind its growth, which I think is the interesting part. In 2023, Hostinger managed to hit €110.2 in revenue, which was helped by a whopping 57% growth in 2023. 

If those numbers continue, we could be looking at a new dominant player in the WordPress hosting space.

If you want to learn more about the company, we recently updated the Hostinger review on our sister-site Themeisle to include hands-on insights from some Themeisle colleagues who host their personal sites with Hostinger.

Bluehost and Automattic court WordPress agencies

In June, both Bluehost and Automattic announced new programs to help them build closer relationships with WordPress agencies.

Bluehost announced its new Agency Partner Program, which includes affiliate commissions, product discounts, education resources, priority customer support, and more, as covered in this post from Search Engine Journal.

A bit earlier in the month, Automattic also announced its new Automattic for Agencies program, which offers opportunities for WordPress.com, Jetpack, and WooCommerce. Agencies can more easily refer to and resell all the products in the Automattic bundle.

Agencies will get a 20% revenue share on new subscriptions and 50% on new migrations to WordPress.com, along with other perks like volume-based discounts for WordPress.com.

If you run a WordPress agency, I think it’s worth it to give these programs a look.

Themisle acquired the Redirection for Contact Form 7

In a final bit of acquisition news, Themeisle, the sister site of WPShout, has acquired the Redirection for Contact Form 7 plugin.

This plugin does exactly what it sounds like – it lets you redirect people to any URL after they submit one of your Contact Form 7 forms.

Here’s a tweet from Ionut Neagu announcing the acquisition, which happened in early June.

Important security notes

Ongoing supply chain attack affects thousands of WordPress sites

Unlike previous news posts, I’m going to give this security issue its own section because it seems more sophisticated than other attacks.

On June 24, Wordfence posted about an ongoing supply chain attack. A malicious actor had been able to compromise developers’ WordPress.org accounts and use this to commit malicious code to the plugins associated with those WordPress.org accounts.

The malicious actor was able to access their accounts because developers re-used credentials that had already been compromised.

When users of those plugins updated the version of the plugin used on their sites, the malicious actor was able to infect those users’ sites with malicious code.

Here are some of the compromised plugins, some of which have already been patched (or closed, in the case of some plugins):

• Social Warfare 4.4.6.4 – 4.4.7.1 (patched in 4.4.7.3).
• Blaze Widget 2.2.5 – 2.5.2 (patched in 2.5.3)
• Wrapper Link Element 1.0.2 – 1.0.3 (patched in 1.0.4)
• Contact Form 7 Multi-Step Addon 1.0.4-1.0.5 (patched in 1.0.6)
• Simply Show Hooks 1.2.2 (reverted to 1.2.1 to remove the vulnerability)
• WP Server Health States 1.7.6 (patched in 1.7.8)
• PowerPress Podcasting Plugin by Blubrry 11.9.3 – 11.9.4 (patched in 11.9.6)
• SEO Optimized Images 2.1.2 (patched in 2.1.4)

Some other plugin developers had their accounts compromised, but the malicious actor was not able to push out the malicious code because of the various safeguards.

For more details, I recommend checking out these posts from Wordfence:

Other notable vulnerabilities

In addition to plugins affected by the ongoing supply chain attack, here are some other notable vulnerabilities that were discovered in June.

Almost all of these have been patched already, but you’ll want to make sure you apply the update if you’re using one of these plugins.

• Icegram Express – Unauthenticated SQL Injection via optin published on June 20 and patched in version 5.7.24
• Quiz Maker – Unauthenticated SQL Injection via ‘ays_questions’ Parameter published on June 24 and patched in version 6.5.8.4.
• Woody Code Snippets – Authenticated (Contributor+) Remote Code Execution published on June 14 and patched in version 2.5.1.
• WishList Member – Authenticated (Subscriber+) Remote Code Execution published on June 20 and not patched at the time of writing this news post.
• Quiz and Survey Maker – Authenticated (Contributor+) SQL Injection published on June 6 and patched in version 9.0.2.
• LifterLMS – Authenticated (Contributor+) SQL Injection via Shortcode published on June 4 and patched in version 7.6.3.
• Visualizer – Authenticated (Subscriber+) SQL Injection published on June 6 and patched in version 3.11.2.
• Dokan Pro – Unauthenticated SQL Injection published on June 11 and patched in version 3.11.0.

WordCamp and community news

WordCamp Europe 2024 recaps

In the biggest community news of the past month, WordCamp Europe 2024 was held in mid-June in Torino, Italy.

Over 2,500 people made the trek to Italy for three days of WordPress goodness.

If you weren’t able to attend, you can still see the talks on the WordPress YouTube page. There are full streams for each day and track.

A number of people also posted WordCamp Europe 2024 recaps. Here are some good ones if you’re interested:

Where will WordCamp Europe 2025 be? It’s official

Now that WordCamp Europe 2024 is over, people are naturally wondering where the 2025 event will be held.

After putting out a call for host cities, four cities applied for the honors:

• Krakow, Poland
• Granada, Spain
• Valencia, Spain
• Basel, Switzerland

After mulling those options, the decision was made to host WordCamp Europe 2025 in Basel, Switzerland.

The event will be held on June 5-7, and there’s already a WordCamp Europe 2025 website.

There’s been a decline in in-person attendance at WordPress events

While WordCamp Europe just set some attendance records, the overall picture for in-person events isn’t quite as positive.

According to data posted at the end of May, global unique attendees at events are down heavily, which has been a trend since the COVID-19 pandemic.

While 2023 did bring big improvements over 2022, the overall number of unique attendees is still significantly lower than it was in 2019. In 2019, that number was 41,697, while it was just 22,637 in 2023.

So far, the 2024 numbers don’t seem to be on track to get anywhere near those 2019 numbers. In fact, I’m not sure if they’ll even surpass 2023 (though it’s hard to tell, yet).

If you want to view the full data and share your thoughts on the issue, you can read this post at WordPress.org.

That sums up our July 2024 WordPress news roundup. Anything I’ve missed?