What's New in WordPress 5.7
WordPress 5.7, the first major WordPress version for 2021, will be released on 9th of March. It brings several improvements in block editor as always, accessibility improvements with the colors used in the admin panel, and several other improvements in usability and security.
WordPress 5.7 is also the first release after W3Tech reported that WordPress is now powering over 40% of all web sites.
Esperanza Emily Spalding is an American Jazz musician, singer, composer, and songwriter. WordPress 5.7 "Esperanza" is named after her, following WordPress's tradition of naming major versions in honor of Jazz musicians.
HTTPS Upgrade prompt in Site Health
In WordPress 5.7, there is a new Site Health section prompt if the site is using plan HTTP, and if the site supports HTTPS but not using HTTPS, an ease one-click prompt to upgrade.
If the site supports HTTPS, a message with Your website does not use HTTPS, followed by "Your WordPress Address and Site Address are not set up to use HTTPS. HTTPS is already supported for your website." shows up, with a "Update your site to use HTTPS" button.
This option will be offered only if the home page URL and site WordPress site URL are the same.
If the site cannot use HTTPS due to a certificate error, but it already has an HTTPS URL, there will be a message with title "There are problems with the HTTPS connection of your website", followed by a description "Your WordPress Address is set up to use HTTPS, but the SSL certificate appears to be invalid.". Note that this check is made at the server, rather than at the browser. This means that WordPress will consider the site uses an invalid certificate even if the browser accepts the actual HTTPS certificate. This might be a common occurrence in locally-hosted web sites, because they use an HTTPS certificate that the browser trusts, but does not belong to PHP/WordPress root certificate store.
For sites that do not use HTTPS, nor can support it, it will still show a message shown prompting ("Your website does not use HTTPS", and " Your WordPress Address and Site Address are not set up to use HTTPS.") to upgrade to HTTPS, with a link to WordPress documentation.
Web hosts are given hooks to alter the target URL, and modify various aspects of this change.
The upgrade to HTTPS is made easier by WordPress core itself, by dynamically updating existing plain-HTTP URLs to HTTPS. This eliminates the painstaking of making bulk changes to existing database content with plugins for bulk search-replace features.
A new wp_replace_insecure_home_url function is added that makes it does the actual string-replace operations. However, WordPress already adds necessary hooks to automatically replace HTTP URLs to HTTPS.
Using a Content-Security-Policy header with
upgrade-insecure-requestsdirective, orStrict-Transport-Securityheader instructs the browser to automatically upgrade all requests, no matter they are passed through WordPress or not.
Password Reset action/button improvements
A new option to reset passwords of other users is added in WordPress 5.7. This option is added as a Bulk Action in Admin Dashboard → Users page.
Additionally, there is a Quick Action for each user, plus an option in the edit page of each user profile if the logged in user is an administrator.
Iframe Lazy Loading
Similar to HTTPS URL replacement, WordPress 5.7 also replaces iframe tags with a lazy loading, but adding load="lazy" attribute.
This applies to dynamic content such as oEmbed blocks, custom HTML, Block Editor iframes, Classic Editor content, etc.
The existing wp_lazy_loading_enabled, filter applies to iframes as well. Additionally, there is a new wp_iframe_tag_add_loading_attr filter, that works similar to existing wp_img_tag_add_loading_attr, to control the attribute for individual iframes.
Robots Tag API
All WordPress 5.7 sites contain a new HTML <meta> tag, to the <head> section.
<meta name="robots" content="max-image-preview:large" />Search engines interpret this as a hint to show a bigger preview in discover pages and search results.
A new filter called wp_robots allows finer control of this robots tag. In fact the max-image-preview:large value is added via a filter function.
add_filter('wp_robots', 'wp_robots_max_image_preview_large');
function wp_robots_max_image_preview_large(array $robots) {
if (get_option('blog_public')) {
$robots['max-image-preview'] = 'large';
}
return $robots;
}Application Password Improvements
Application Passwords feature added recently to WordPress receives improvements in WordPress 5.7.
- New capabilities: Application Password-related capabilities are added and used in the Rest API:
create_app_password,list_app_passwords,read_app_password,edit_app_password,delete_app_passwords, anddelete_app_password.
- Applications Password names must be unique per-user: When a user adds a new Application Password, the name is checked to be unique for that user. Existing passwords are not affected.
PHP 8 Compatibility
WordPress already passes the whole test suit on PHP 8. WordPress 5.7 also includes a small number of PHP 8 compatibility fixes, so WordPress 5.7 on PHP 8 should be more stable.
The changes include removal of the @ error suppression operator for fatal errors because in PHP 8.0, the @ operator no longer silences fatal errors. This does not apply to @ operator use cases where it tries to silent PHP warnings/notices/etc.
Editor and UI updates
WordPress also contains several improvements in the editor and other UI updates such as accessibility updates with proper color contrast.
WordPress 5.7 ships with Gutenberg 9.9. All its new features are nicely documented and demonstrated at What's new in Gutenberg 9.9.
WordPress 5.7 is a major update with several bug fixes and improvements. It brings improvements to the front-end with editor updates, accessibility improvements, and other improvements to underlying frameworks with jQuery being one of the most important.
WordPress 5.7 will be released on 9th of March 2020. The full changelog of WordPress 5.7 is available at WordPress core Trac.
