📆 This is the January 2024 edition of “This Month in WordPress with CodeinWP.”
Howdy, WordPress fans.
We are back with our latest batch of WordPress news from the past month, which just so happens to be the last WordPress news from 2023.
December is usually a quiet month, which makes sense given that a solid chunk of the WordPress community is enjoying the holidays. However, that doesn’t mean there’s nothing to talk about.
In the biggest news, Matt Mullenweg gave his annual State of the Word address, which includes a recap of what happened in 2023 as well as a preview of what’s to come in 2024.
Beyond that, some malicious actors are impersonating the WordPress Security Team to gain control of people’s sites, UpdraftPlus was briefly suspended from WordPress.org for a somewhat silly reason, and we recapped some of the most interesting articles from 2023.
Without further introduction, let’s get into all the WordPress news from the past month.
January 2024 WordPress News with CodeinWP
State of the Word 2023 on December 11
As I mentioned above, the biggest WordPress news from December is almost always Matt Mullenweg’s State of the Word address, which recaps how WordPress did over the past year and also sets the roadmap for the next year and beyond.
As is normally the case, Matt started with a look back at WordPress in 2023, including some key events and numbers. Most notably, May 27, 2023, marked WordPress’s 20th anniversary, which is pretty impressive.
Matt also detailed some notable accomplishments and launches, such as WordPress Playground, the Twenty Twenty-Four default theme, WordPress’s improvements in scalability, and more.
After covering what already happened, Matt then shifted to a focus on the future, with some thoughts on WordPress in 2024. Here are a few key trends that Matt discussed:
- Collaboration – 2024 will mark Phase 3 of the Gutenberg project, which is focused on adding collaboration features to the WordPress editor and other areas of WordPress. This part was covered by Matías Ventura, the Lead Architect of the Gutenberg project.
- Data liberation – it should be easier for people to control and migrate their data between different platforms, websites, and so on. Most notably, to make it as easy as possible for users from other platforms to migrate to WordPress.
If you want to check out the full 42-minute address yourself, you can find it here on YouTube.
If you’d rather have someone summarize things for you (in more detail than what I did above), here are some of the better 2023 State of the Word recaps that I found:
Watch out for people impersonating the WordPress Security Team
In case there weren’t already enough people doing scummy stuff on the internet, there’s a new scam going around targeting WordPress site owners.
People have started receiving impersonated emails claiming to be from the “WordPress Team” or the “WordPress Security Team.”
The goal of these emails is to convince site administrators to install a malware-filled plugin on their sites. The malicious actor does this by claiming something like “The WordPress [sic] Security Team has identified a Remote Code Excecution [sic] on your site” and then asking users to install the plugin. It also might reference something like “CVE-2023-45124.“
The plugin looks like it comes from WordPress.org, even going so far as to mimic the WordPress.org plugin listing page. However, it’s not the real WordPress.org site. Instead, they try to spoof it by using names like
This email is especially tricky because WordPress 6.4.2 (released in early December – more on it below) did fix a Remote Code Execution vulnerability. So these malicious actors are basing their fake emails somewhat on reality.
Moral of the story? Don’t trust anything from someone who spells WordPress as “WordPress.” But more seriously – be on the lookout for emails like this and never install plugins from strangers.
The issue is widespread enough that it was posted on the WordPress.org news blog. You can also find more detailed posts from Patchstack and from Wordfence, both of which include screenshots of the emails and the fake WordPress.org plugin listing page.
You may also be interested in:
- Jetpack AI Writing Assistant, Liquid Web Acquired, Reusable Blocks Rebrand 🗞️ July 2023 WordPress News w/ CodeinWP
- WordPress 6.2 Released, Gutenberg Phase 3 Features, WordPress Site Building Challenge 🗞️ April 2023 WordPress News w/ CodeinWP
- WordPress.com Plugin Directory, Patchstack Bad News, ActivityPub 1.0 🗞️ October 2023 WordPress News w/ CodeinWP
Popular UpdraftPlus plugin briefly suspended from WordPress.org
If you’re not familiar with UpdraftPlus, it’s one of the most popular (if not the most popular) WordPress backup plugins in existence. Millions of site owners rely on UpdraftPlus to back up their sites and keep their data safe.
That’s why it’s a big deal that the plugin was temporarily closed on WordPress.org for what seems like some fairly minor issues.
The main problem seems to have been something very basic – UpdraftPlus was adding its own news to the built-in WordPress news widget (that appears in the Dashboard tab in users’ WP Admin dashboards), along with a designator that the news came from UpdraftPlus.
Apparently, this is against the rules at WordPress.org, which led to UpdraftPlus being suspended. This happened even though UpdraftPlus asked for users’ consent to do so and had been adding news for multiple years without issue.
Now, I don’t think the rule itself is bad – I’m fine with plugins not being allowed to insert their own news in the core WordPress news widget.
But given that the issue had nothing to do with security, suspending the plugin seems like a large overreaction when suspending it actually leads to much larger issues for users’ sites.
What’s more, once the plugin was initially suspended, UpdraftPlus was originally not able to be listed again until they fixed other minor issues. It seems like the initial suspension triggered some other checks. Given that the suspension came right before Christmas (December 23), this was obviously a tough time for the UpdraftPlus team to scramble to get things fixed.
Thankfully, saner heads prevailed at some point, and UpdraftPlus was re-listed again shortly after its suspension.
In hindsight, though, I don’t think it makes sense to suspend such an important plugin over such a minor infraction. While I understand the “rules are rules” mindset, more priority should be given to the millions of users whose sites could be negatively affected by the change.
While the UpdraftPlus plugin on their sites would not stop working, it stops them from being able to get updates and also triggers automated alerts in many WordPress security plugins, such as Wordfence. These alerts could mislead users into thinking there was an actual security issue in the UpdraftPlus plugin and affect sites’ backup processes.
For more details about what happened, including a response from the UpdraftPlus developer, you can read this support thread. The thread also includes posts from a number of users who were startled by receiving an alert email from Wordfence.
That sums up our January 2024 WordPress news roundup. Anything we missed?
Don’t forget to join our crash course on speeding up your WordPress site. Learn more below:
Layout and presentation by Karol K.