A WordPress publication · Launched May 2026
WordPress, without the developer-speak.
A smart, opinionated publication about what's actually happening in WordPress, written for WordPress site owners and for the developers and consultants who advise them.
This week's roundup
Read in full Issue 06 / Weekend Within · June 19
Issue 6: Bad week for trusted updates
Trusted plugin updates spread malware this week. OptinMonster, TrustPulse, and ShapedPlugin Pro were all compromised. Check your admin accounts now.
Inside this issue
01
Security Trusted plugin channels caused the biggest risks this week.
02
Core WordPress 7.1 should help editorial teams, not just developers.
Recently
All articles June 24
Update Ultimate Member Now: Attackers Can Hijack Admin Accounts
Ultimate Member 2.11.4 and earlier lets contributor-level attackers reset admin passwords. Update to version 2.12.0 now.
Security
2 min
June 24
WooCommerce 10.9: Track Failed Order Emails and a Faster Checkout
WooCommerce 10.9 adds failed order email logs, reduces checkout database load, and cleans up the admin for store owners.
commerce
2 min
June 23
WordPress 7.1 Will Hide the Classic Block From the Inserter
From WordPress 7.1, the Classic block is hidden from the block inserter. Existing Classic blocks stay intact and fully editable. Adding new ones will require a developer filter.
Block Editor
2 min
June 22
WordPress 7.1 May Give Your Site a Built-In Content Standards Hub
A merge proposal would add a Knowledge post type and Guidelines feature to WordPress 7.1, giving site owners a built-in place to store editorial rules.
WordPress Updates
2 min
June 22
The Official WordPress Swag Store Has a New Look
Mercantile, the official WordPress swag store, has been rebuilt on blocks and WooCommerce running WordPress 7.0.
WordPress Updates
2 min
June 19
Avada Builder has a critical file deletion flaw
Avada Builder users should update now. A patched flaw can let attackers delete server files without logging in.
Security
2 min