// The Wire — Updated 09:00 GMT Weekly

WordPress
news.

Every Monday morning we pull the canonical WordPress feeds — core, plugins, Wordfence, Patchstack, WP Tavern, the lot — and re-write them in plain English. Vulnerabilities reported straight. Everything else, properly. Source link on every item. Click through and verify.

Filter:
[CORE]3 Jul 2026· WordPress Core

WordPress 7.1 Bug Scrub: Ritualized Maintenance for the Inert

The schedule for the WordPress 7.1 bug scrubs has been released, providing a formal calendar for the community to sift through a pile of tickets that likely should have been resolved years ago. These sessions represent the core of the WordPress experience: a group of volunteers gathering to triage the technical debt of a monolithic CMS that remains stubborn in its complexity. Participants will spend their hours identifying which bugs are actually features and which ones will be deferred to version 7.2. It is a process of curation rather than innovation. In an era where AI-native platforms are building software without the baggage of two decades of legacy code, the WordPress core team continues its tradition of manual, painstaking oversight. If you enjoy the sensation of watching a glacier move while calling it progress, these sessions are the highlight of the development cycle.
[CORE]3 Jul 2026· WordPress Core

WordPress 7.1 Party Planning: Same Chaos, Different Version Number

The project maintainers have announced the release party schedule for WordPress 7.1. It is exactly what you would expect from the software that powers the internet via an increasingly fragile stack of legacy decisions. We are being invited to celebrate a minor iteration as if it were a breakthrough in modern engineering. In reality, it is a coordinated attempt to ensure the core remains functional enough to support an ecosystem of bloated page builders and conflicting plugins. These 'parties' serve as a deadline for a community that spends more time arguing about block editor philosophy than fixing the fundamental sprawl. Expect the usual rituals: a frantic last-minute scramble to squash regressions that should have been caught in beta, followed by a theatrical digital gathering to congratulate everyone on keeping the system from collapsing. It is less of a celebration and more of a maintenance window with a social media budget.
[CORE]3 Jul 2026· WordPress Core

WordPress Discovers Mobile Phones, Asks Users to Fix the Mess

WordPress core is currently engaged in the noble pursuit of figuring out how a layout should look on a device that isn't a desktop monitor from 2008. The latest 'Call for Testing' focuses on responsive styling, a concept the rest of the web mastered around the time the first iPhone appeared. Rather than shipping a robust, finished product, the project is outsourcing its quality control to any remaining enthusiasts willing to click through the block editor's persistent quirks. The goal is to ensure that basic site elements don't overlap or disappear when a screen shrinks—functions that should be foundational in a modern CMS, yet remain experimental in the block-based era. It is yet another admission that the massive architectural shift toward blocks is still tripping over basic CSS principles. If you enjoy doing free labor for a software project that remains perpetually in its 'awkward teenager' phase, now is your chance to help them find the padding settings.
Security[SECURITY]2 Jul 2026· Wordfence

Wordfence Intelligence Weekly Report: June 22 – 28, 2026

The latest Wordfence Intelligence report for the final week of June 2026 offers the usual technical autopsy of the WordPress ecosystem. It serves as a stark catalog of the architectural rot developers continue to ignore while chasing the next disruptive feature. We see the familiar cycle: a premium plugin ships with a glaring security oversight, a researcher finds it, and a patch is eventually issued to a fraction of the affected user base. This week’s list includes various vulnerabilities—SQL injections, Cross-Site Scripting (XSS), and Broken Access Control—that remain remarkably consistent in their lack of sophistication. There is something almost nostalgic about seeing SQLi bugs in 2026; it suggests that for all the talk of modern web standards, the underlying foundation is still remarkably porous. If you are still running these plugins, the recommendation is the same as it was a decade ago: update immediately and hope your site is still there in the morning.
[CORE]2 Jul 2026· WordPress Core

Core bloated further as 'Merge Proposals' attempt to mask platform fatigue

The latest proposal to expand WordPress core abilities is less a leap forward and more of a tired shuffle. In an era where lean, AI-native competitors are stripping away the friction of web development, the legacy platform responds by bolting more features onto a foundation already groaning under two decades of debt. The internal drive to expand core functionality ignores the reality that most users are desperate for less complexity, not more built-in distractions. This isn't innovation; it is maintenance by committee. By attempting to absorb more responsibilities into the central software, the project continues its trajectory toward a monolithic architecture that feels increasingly out of place in a modern stack. While the marketing suggests 'empowerment,' the practical result is usually a heavier footprint and another set of menus for developers to ignore while they look for the exit. The platform isn't evolving so much as it is diluting its remaining utility through sheer bulk.