#177 – WordPress.org Supply Chain Attack Aftermath, Force Reset Passwords for Plugin Authors


Following the WordPress.org supply chain attack, the Plugin Review Team has taken the appropriate measures to safeguard the users and has also highlighted the best practices to follow to keep one’s account secure. Also, we are now just two weeks away from the release of WordPress 6.6.

Don’t forget to subscribe and listen to the podcast version of this newsletter on Amazon Music, Apple Podcasts, Spotify, and Google Podcasts, where you can hear more details and discussions about these topics and more.

See you next week!


This weekly newsletter is kindly sponsored by Omnisend and Gutenkit


Boost your sales with email & SMS—without breaking the bank
Check it out  →

GutenKit – Page Builder Blocks

50+ blocks and 500+ templates to transform your Gutenberg experience.
Check it out  →


All the updates around WordPress and its closely related technologies

Keeping your plugin committer accounts secure

Following the recent supply chain attack, the post focuses on the best practices for WordPress.org accounts, particularly those with plugin committer and owner-level access. Also, the Plugin Review Team has initiated a force reset password for all plugin authors, as well as other users whose information was found by security researchers in data breaches.

  • WordPress 6.6 RC1 released: The first release candidate (RC1) for WordPress 6.6 is ready for download and testing. We can expect the RC2 later today.
  • WordPress 6.6 field guide: This guide outlines major developer features and breaking changes in 6.6 and is published in the Release Candidate cycle to help inform WordPress extending developers Core developers, and others.
  • WordPress 6.6 release candidate phase: WordPress core committer Jb Audras has highlighted the various policies in place now that WordPress 6.6 has entered the RC phase.
  • WordPress 6.6 ready to be translated: WordPress 6.6, scheduled for July 19, 2024, is now ready to be translated on translate.wordpress.org.
  • WordPress 6.6 source of truth: Anne McCarthy has published the source of truth for WordPress 6.6, which allows the community to get the latest information about the upcoming version quickly.
  • Proposal: Block variation aliases: The proposal seeks to make several changes to the Block Variations for WordPress 6.7 such as add a variation-specific class name to the block wrapper, implement server-side detection of the active block variation, and include the variation name in block markup persisted in the database. The feedback for this proposal is open till July, 14, 2024.
  • Reactivating inactive meetup groups: The WordPress Community Team’s next project will focus on reviving inactive meetup groups. The goal of the initiative is to encourage activities in the groups that have been inactive and optimize our meetup group network by focusing on active and engaged groups.
  • Proposal to integrate Slack workspaces from local WP Communities into Slack Enterprise Grid: The proposal seeks to migrate the local WordPress communities currently on free Slack plans, into a consolidated Enterprise Grid plan. The various benefits of this migration have been provided such as data continuity and access, enhanced Security and compliance, and improved collaboration across workspaces.
  • Google reveals its methods for measuring search quality: Google measures search results using surveys, experts, and user behavior. Improving quality leads to trickier searches and ongoing challenges.
  • Google completes June 2024 spam update rollout: Google has officially confirmed the completion of its June 2024 spam update, a week-long process aimed at enhancing search result quality by targeting websites that violate the company’s spam policies.
  • Google on the 2 types of searches it still struggles with: Google still struggles with complex search queries, particularly those using “not” and prepositions, despite AI advancements.


New Features in WordPress 6.6


A collection of web security and vulnerability news and updates for the past week

An inside look at the malware and techniques used in the WordPress.org supply chain attack

Wordfence analysis on the recent supply chain attack on WordPress.org, by focusing on the five plugins that were initially affected. Later, Wordfence uncovered several plugins that were compromised besides the initials ones.


Be one of the first ones to explore some fresh plugins and themes

Vitrum theme

A theme suitable for portfolio websites.



Updates and News from the WordPress Community

Metorik Insights Report for WooCommerce

Metorik has published its first Insights Report for WooCommerce and according to it 43% of the stores are using a child theme, the average number of active plugins per store is 58, and the top four plugins are  Stripe Gateway, Facebook for Woo, Paypal Payments, Mailchimp for Woo, and Subscriptions. To access the report one needs to sign up which is completely free.


More blog posts and podcasts from WordPress Community you don’t want to miss


Handpicked fresh guides from WordPress circle


Do not miss a WordPress event ever again


Just the best deals of the week, again, handpicked by yours truly!


  • 4 Months free offer on hosting plans of WP Engine (Coupon Code- FREEDOMTOCREATE)
  • 15% off yearly plans at Videvo (Coupon Code – WPV15)


Latest from WP-CONTENT.CO

Basel, Switzerland, has been selected as the host city for…

In some cases, resolving functionality issues with a WordPress plugin…

WordPress 6.5.4 was released on June 05 with 5 bug…


This weekly newsletter is kindly sponsored by Omnisend and Gutenkit

Built with Newsletter Glue.