A WordPress publication · Launched May 2026
WordPress, without the developer-speak.
A smart, opinionated publication about what's actually happening in WordPress, written for WordPress site owners and for the developers and consultants who advise them.
This week's roundup
Read in full Issue 06 / Weekend Within · June 19
Issue 6: Bad week for trusted updates
Trusted plugin updates spread malware this week. OptinMonster, TrustPulse, and ShapedPlugin Pro were all compromised. Check your admin accounts now.
Inside this issue
01
Security Trusted plugin channels caused the biggest risks this week.
02
Core WordPress 7.1 should help editorial teams, not just developers.
Recently
All articles June 23
WordPress 7.1 Will Hide the Classic Block From the Inserter
From WordPress 7.1, the Classic block is hidden from the block inserter. Existing Classic blocks stay intact and fully editable. Adding new ones will require a developer filter.
Block Editor
2 min
June 22
WordPress 7.1 May Give Your Site a Built-In Content Standards Hub
A merge proposal would add a Knowledge post type and Guidelines feature to WordPress 7.1, giving site owners a built-in place to store editorial rules.
WordPress Updates
2 min
June 22
The Official WordPress Swag Store Has a New Look
Mercantile, the official WordPress swag store, has been rebuilt on blocks and WooCommerce running WordPress 7.0.
WordPress Updates
2 min
June 19
Avada Builder has a critical file deletion flaw
Avada Builder users should update now. A patched flaw can let attackers delete server files without logging in.
Security
2 min
June 19
Issue 6: Bad week for trusted updates
Trusted plugin updates spread malware this week. OptinMonster, TrustPulse, and ShapedPlugin Pro were all compromised. Check your admin accounts now.
Weekend Within roundup
5 min
June 18
Update Gravity SMTP now, attackers are targeting unpatched sites
Attackers are hitting a Gravity SMTP flaw that can expose email service keys, secrets, and login tokens.
Security
2 min