What's New in WordPress 5.7

Published On04 Mar 2021

What's New and Improved in WordPress 5.7 WordPress 5.7, the first major WordPress version for 2021, will be released on 9th of March. It brings several improvements in block editor as always, accessibility improvements with the colors used in the admin panel, and several other improvements in usability and security.

WordPress 5.7 is also the first release after W3Tech reported that WordPress is now powering over 40% of all web sites.

Esperanza Emily Spalding is an American Jazz musician, singer, composer, and songwriter. WordPress 5.7 "Esperanza" is named after her, following WordPress's tradition of naming major versions in honor of Jazz musicians.

HTTPS Upgrade prompt in Site Health

In WordPress 5.7, there is a new Site Health section prompt if the site is using plan HTTP, and if the site supports HTTPS but not using HTTPS, an ease one-click prompt to upgrade.

If the site supports HTTPS, a message with Your website does not use HTTPS, followed by "Your WordPress Address and Site Address are not set up to use HTTPS. HTTPS is already supported for your website." shows up, with a "Update your site to use HTTPS" button.

WordPress 5.7 - Your website does not use HTTPS This option will be offered only if the home page URL and site WordPress site URL are the same.

If the site cannot use HTTPS due to a certificate error, but it already has an HTTPS URL, there will be a message with title "There are problems with the HTTPS connection of your website", followed by a description "Your WordPress Address is set up to use HTTPS, but the SSL certificate appears to be invalid.". Note that this check is made at the server, rather than at the browser. This means that WordPress will consider the site uses an invalid certificate even if the browser accepts the actual HTTPS certificate. This might be a common occurrence in locally-hosted web sites, because they use an HTTPS certificate that the browser trusts, but does not belong to PHP/WordPress root certificate store.

WordPress 5.7 - There are problems with the HTTPS connection of your website For sites that do not use HTTPS, nor can support it, it will still show a message shown prompting ("Your website does not use HTTPS", and " Your WordPress Address and Site Address are not set up to use HTTPS.") to upgrade to HTTPS, with a link to WordPress documentation.

Web hosts are given hooks to alter the target URL, and modify various aspects of this change.

WordPress 5.7 - There are problems with the HTTPS connection of your website The upgrade to HTTPS is made easier by WordPress core itself, by dynamically updating existing plain-HTTP URLs to HTTPS. This eliminates the painstaking of making bulk changes to existing database content with plugins for bulk search-replace features.

A new wp_replace_insecure_home_url function is added that makes it does the actual string-replace operations. However, WordPress already adds necessary hooks to automatically replace HTTP URLs to HTTPS.

Using a Content-Security-Policy header with upgrade-insecure-requests directive, or Strict-Transport-Security header instructs the browser to automatically upgrade all requests, no matter they are passed through WordPress or not.

Password Reset action/button improvements

A new option to reset passwords of other users is added in WordPress 5.7. This option is added as a Bulk Action in Admin Dashboard → Users page.

WordPress 5.7 - User Password bulk reset Additionally, there is a Quick Action for each user, plus an option in the edit page of each user profile if the logged in user is an administrator.

WordPress 5.7 - User Password Reset button

Iframe Lazy Loading

Similar to HTTPS URL replacement, WordPress 5.7 also replaces iframe tags with a lazy loading, but adding load="lazy" attribute.

This applies to dynamic content such as oEmbed blocks, custom HTML, Block Editor iframes, Classic Editor content, etc.

WordPress 5.7 - iframe lazy loading The existing wp_lazy_loading_enabled, filter applies to iframes as well. Additionally, there is a new wp_iframe_tag_add_loading_attr filter, that works similar to existing wp_img_tag_add_loading_attr, to control the attribute for individual iframes.

Robots Tag API

All WordPress 5.7 sites contain a new HTML <meta> tag, to the <head> section.

<meta name="robots" content="max-image-preview:large" />

Search engines interpret this as a hint to show a bigger preview in discover pages and search results.

A new filter called wp_robots allows finer control of this robots tag. In fact the max-image-preview:large value is added via a filter function.

add_filter('wp_robots', 'wp_robots_max_image_preview_large');

function wp_robots_max_image_preview_large(array $robots) {
    if (get_option('blog_public')) {
        $robots['max-image-preview'] = 'large';
    }
    return $robots;
}

Application Password Improvements

Application Passwords feature added recently to WordPress receives improvements in WordPress 5.7.

  • New capabilities: Application Password-related capabilities are added and used in the Rest API: create_app_password, list_app_passwords, read_app_password, edit_app_password, delete_app_passwords, and delete_app_password.
  • Applications Password names must be unique per-user: When a user adds a new Application Password, the name is checked to be unique for that user. Existing passwords are not affected.

PHP 8 Compatibility

WordPress already passes the whole test suit on PHP 8. WordPress 5.7 also includes a small number of PHP 8 compatibility fixes, so WordPress 5.7 on PHP 8 should be more stable.

The changes include removal of the @ error suppression operator for fatal errors because in PHP 8.0, the @ operator no longer silences fatal errors. This does not apply to @ operator use cases where it tries to silent PHP warnings/notices/etc.

Editor and UI updates

WordPress also contains several improvements in the editor and other UI updates such as accessibility updates with proper color contrast.

WordPress 5.7 ships with Gutenberg 9.9. All its new features are nicely documented and demonstrated at What's new in Gutenberg 9.9.


WordPress 5.7 is a major update with several bug fixes and improvements. It brings improvements to the front-end with editor updates, accessibility improvements, and other improvements to underlying frameworks with jQuery being one of the most important.

WordPress 5.7 will be released on 9th of March 2020. The full changelog of WordPress 5.7 is available at WordPress core Trac.

Recent Articles on PHP.Watch

All ArticlesFeed 
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian

A guide for Debian and Ubuntu on how to install PHP 8.4 on a new server or how to upgrade an existing PHP setup to PHP 8.4.
How to fix `mysql_native_password` not loaded errors on MySQL 8.4

How to fix mysql_native_password not loaded errors on MySQL 8.4

How to fix the SQLSTATE[HY000] [1524] Plugin 'mysql_native_password' is not loaded errors caused in MySQL 8.4 no longer enabling the mysql_native_password plugin by default.
How to fix PHP Curl HTTPS Certificate Authority issues on Windows

How to fix PHP Curl HTTPS Certificate Authority issues on Windows

On Windows, HTTPS requests made with the Curl extension can fail because Curl has no root certificate list to validate the server certificates. This article discusses the secure and effective solutions, and highlights bad advice that can leave PHP applications insecure.
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.

Support PHP.Watch — If you find the articles, version information, Codex, and other PHP.Watch contributions useful, consider supporting through GitHub Sponsors. Your sponsorship helps dedicate more time to creating valuable content and improving the PHP community. Together, we can keep the momentum going — thank you for your support!

Thanks to the highest tier sponsor: @TomasVotruba for your generous support to keep PHP.Watch moving 💜