WordPress Security News 2026
Find all WordPress security alerts, critical plugin and theme vulnerabilities, and essential updates to protect your professional site. Each article is curated to help you understand real risks without technical jargon.
Discover our WordPress services
How to Find and Delete Duplicate Images in WordPress Automatically
Every time you upload a photo, WordPress creates five or ten different hidden size variations to fit your theme. These extra files consume your storage and slow your site backups. Plus, most of these
JavaScript Performance Optimization: 17 Essential Techniques
JavaScript is a staple of modern web development. It helps make websites interactive, dynamic, and engaging. At the same time, when unoptimized, it can also seriously hamper loading speed, which is wh
How I Display WooCommerce Reviews Anywhere in WordPress (& Boost Sales)
Hiding your best WooCommerce reviews on product pages is like keeping your top salespeople in the back room. When reviews are scattered or hidden, most visitors never see them. And that means missed c
WordPress 7.0 Beta 5
WordPress 7.0 Beta 5 is ready for download and testing! This version of the WordPress software is still under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended to test Beta 5 on a test server and...
How modern block themes are changing WordPress hosting
Managed WordPress hosting exists to run WordPress well. It provides an environment tuned for how WordPress behaves under load, how it handles caching , and how it executes PHP. Block themes do not cha
WordPress 6.9.4 Release
WordPress 6.9.4 is now available WordPress 6.9.2 and WordPress 6.9.3 were released yesterday, addressing 10 security issues and a bug that affected template file loading on a limited number of sites. The WordPress Security Team has discovered that not all of the security fixes were fully applied,...
Manage hundreds of sites with Kinsta’s WP Admin auto-login
For an agency managing dozens or hundreds of WordPress sites, site management isn’t just a technical challenge—it’s a race against time and a battle for security. Every time a team member jumps from o
#208 – Behind the Scenes at the CloudFest Hackathon
In this WP Tavern episode, Nathan Wrigley explores the CloudFest Hackathon, an event bringing together open source enthusiasts to collaborate on innovative projects in just three days. Carole Olinger, the Hackathon lead, details the organising process and project selection, talking about cross-CMS...
Your Browser Becomes Your WordPress
For nearly two decades, WordPress has been known for a simple, powerful idea: that anyone should be able to get online and start creating with minimal friction. The famous five-minute install captured that spirit for an earlier era of the web. Today, we’re introducing my.WordPress.net, a new take...
From Idea to Launch: How to Start a Health Blog in WordPress
You don’t need a medical degree or a nutrition qualification to start a health blog that actually helps people. Many people are looking for simple, relatable advice and shared experiences instead of c
WordPress 6.9.3 and 7.0 beta 4
WordPress 6.9.2 was released earlier today and addressed 10 security issues. A few users have subsequently reported an issue where the front end of their site was appearing blank after updating to 6.9.2. The issue has been narrowed down to some themes using an unusual approach to loading template...
WordPress 6.9.2 Release
WordPress 6.9.2 is now available This is a security release that features several fixes. Because this is a security release, it is recommended that you update your sites immediately. You can download WordPress 6.9.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then...
How to set up custom MyKinsta notifications with the Kinsta API to catch issues before they impact users
A WordPress site consists of many moving parts that must work in perfect sync with server processes. PHP, the database, and the CDN must operate smoothly together. When this harmony fails, performance
Website Speed Audit: How to Test and Monitor Your Website Performance
Want to understand what a website speed audit really is and how to run one correctly? You’re in the right place. A website speed audit isn’t just a quick test. It’s a global performance approach where
WordPress 7.0 Beta 3
WordPress 7.0 Beta 3 is available for download and testing! This beta version of the WordPress software is still under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, you should evaluate Beta 3 on a test server and...
#207 – Rob Ruiz on WP Rig and the Future of Theme Development
In this episode, Nathan Wrigley interviews Rob Ruiz, current maintainer of WP Rig, a free WordPress theme development toolkit and starter theme. Rob Ruiz shares his journey from designer to theme developer, discusses the benefits of WP Rig for both beginners and agencies, and highlights how it...
The 8 Best Real User Monitoring Tools in 2026
Want to know the best real user monitoring tools to measure performance? Of course, you want to know how your site truly feels for your customers! Is the checkout smooth or frustrating? Does the page
Vulnerability & Patch Roundup — February 2026
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes o
WordPress 7.0 Beta 2
WordPress 7.0 Beta 2 is now ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, you should evaluate Beta 2 on a test server and site. You can test...
#206 – Jonathan Desrosiers on WordPress Sustainability, Community Engagement, and Release Strategies
In this episode, Nathan Wrigley speaks with Jonathan Desrosiers about tying WordPress releases to flagship community events like WordCamps. They discuss the logistical challenges, especially around scheduling, international holidays, and global contributor coverage. The conversation explores the...
DEV: <h1> in the Right Direction
Welcome to DEV, your fortnightly feast of WordPress workflows, web wrangling, and weird findings. As always, we’re serving up release rundowns, roadmap revelations, and resource recommendations to kee
WordPress 7.0 Beta 1
WordPress 7.0 Beta 1 is ready for download and testing! This beta release is intended for testing and development only. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, use a test environment or local site to explore the new...
#205 – Matt Cromwell on Redefining WordPress Product Growth in a Crowded Ecosystem
In this episode, Nathan Wrigley talks with Matt Cromwell about Matt’s new agency, Roots and Fruit, which is aimed at helping WordPress product businesses grow sustainably. They discuss shifts in the WordPress ecosystem, the importance of focusing on the entire product experience (not just code),...
Introducing Client Notes in the Hub: Record Everything You Need to Know, Right on Their Profile
Managing clients means remembering a lot. Meeting outcomes, special requests, project preferences, follow-up tasks… the list goes on. And when that information lives across email threads, documents, a
#204 – Russell Aaron on the Hidden Settings Page You Never Knew Existed options.php
In this episode, Nathan Wrigley talks with Russell Aaron about the little-known WordPress admin page “options.php.” Russell Aaron explains what the page does, displaying and allowing edits to the entire wp_options table, and discusses its usefulness and risks. They cover why it exists, who can...
DEV: .AU Over There! Yes, You!
Welcome to DEV, your fortnightly snapshot of what’s evolving across WordPress. We’ll meet you somewhere between “finished” and “shipping,” with the latest developments, ongoing experiments, and commun
Beyond Login Screens: Why Access Control Matters
As breach costs go up and attackers focus on common web features like dashboards, admin panels, customer portals, and APIs, weak access control quickly leads to lost data, broken trust, and costly inc
Website Speed Optimization: How to Improve Load Times & Performance in 2026
Do you want a fast-loading website? Of course you do! This guide to website speed optimization explains how to optimize a website step by step, using simple, proven techniques. We cover the most commo
Piloting the AI Leaders Micro-Credential
Today, we are happy to announce our first WordPress-focused micro-credential, designed to help students build practical AI skills, earn a recognized credential, and connect more directly to job opportunities. The program, AI Leaders, is a workforce-oriented credential rooted in WordPress and open...
#203 – Miriam Schwab on Elementor’s Decade of Growth and the Future With AI
In this episode, Miriam Schwab discusses her journey in the WordPress space, from running an agency to founding Strattic, which was later acquired by Elementor. Now serving as Elementor’s Head of WordPress, she shares insights on Elementor’s growth, their careful approach to major updates, and...