WordPress is one of the most popular open-source projects in the world, with 70 developers contributing 4,969 commits to the core in 2019. Knowing that, it’s probably not surprising to learn that there’s usually a new WordPress release every single month (if not more like two or three)!
Some of these releases are full new versions or critical security patches, in which we recommend updating all your sites to the latest version fairly quickly. Others are minor fixes or even release candidates that are less critical to update right away or even optional (in the case of beta releases).
How to update WordPress
If your sites are on a managed WordPress host, updates are probably automatically taken care of for you. Flywheel, for example, updates major versions two weeks after release and security updates 24-72 hours after release. Of course, you can always manually update your site yourself or opt out of major version updates if you need more time for testing.
If you’re not working with a managed provider yet, you’ll likely have to manually update your sites to the latest version via the WordPress admin panel. This is very easy to do, but can be time-consuming if you manage lots of client sites.
To update WordPress manually, simply log into wp-admin and look for a notification at the top of the homepage prompting you to update. Click that, and you’re good to go!
Even if your hosting provider takes care of updates for you, it’s still a good idea to be in the know about the latest WordPress version. Then you can make sure your sites are ready for the upgrade and can take advantage of any important new features (like the recent Gutenberg Editor)!
To help you stay up to date with the most current WordPress version, we’ve created this changelog where we’ll publish the details of major version updates, security releases, and maintenance releases.
The latest WordPress version is 5.4.2, a security and maintenance release that came out on June 10th, 2020. Other recent versions include:
- WordPress 5.4.1 Security and Maintenance Release
- WordPress 5.4 “Adderley”
- WordPress 5.3.2 Maintenance Release
- WordPress 5.3.1 Security and Maintenance Release
- WordPress 5.3 “Kirk”
- WordPress 5.2.4 Security Release
- WordPress 5.2.3 Security and Maintenance Release
- WordPress 5.2.2 Maintenance Release
- WordPress 5.2.1 Maintenance Release
WordPress 5.4.2 Security and Maintenance Release
Released on June 10th, 2020.
WordPress 5.4.2 features 23 bug fixes and 6 security patches, so it’s recommended you update to the latest version. If you haven’t updated to version 5.4, there’re also updated versions of 5.3 and earlier that fix the bugs for you!
Highlights of the WordPress 5.4.2 security updates include:
- Fixing an open redirect issue in
- Fixing an authenticated XSS issue via theme uploads.
- Fixing an issue where
set-screen-optioncan be misused by plugins leading to privilege escalation.
- Fixing an issue where comments from password-protected posts and pages could be displayed under certain conditions.
WordPress 5.4.1 Security and Maintenance Release
Released on April 29th, 2020.
WordPress 5.4.1 features 17 bug fixes and 7 security patches, so it’s highly recommended you update to the latest version if you haven’t already.
Highlights of the WordPress 5.4.1 security updates include:
- Fixing an issue where password reset tokens weren’t properly invalidated.
- Fixing an issue where certain private posts could be be unauthenticated.
- Fixing XSS issues in the Customizer, search block,
wp-object-cache, and file uploads.
WordPress 5.4 “Adderley”
Released on March 31st, 2020.
This major release, named after American jazz trumpeter Nat Adderley, is all about giving you more ways to make your pages come to life without sacrificing speed (in your workflow or your page load time). Let’s start with block updates.
Naturally, enhancements to the Gutenberg Editor were a big focus of this release. Here are some of the new things you’ll see!
- Two new blocks! “Social Icons” and “Buttons,” to increase interactions on your page.
- New color options, such as gradients for Buttons and Covers and added color functionality for Group and Columns blocks.
- A streamlined process for placing and replacing media in blocks.
- The option to have the Media+Text block link to something.
On top of all the block updates, WordPress 5.4 brings cleaner UI and easier navigation. You’ll find things like block breadcrumbs, better tabbing and focus when navigating with the keyboard, and a faster editor load time. (51% faster time to type!)
To round it out, this version also helps with some privacy-related matters (like being able to see progress as you process export and erasure requests), and a number of enhancements specifically for developers.
Here are a few highlights!
- You can add custom fields to menu items natively, thanks to two new actions.
- Blocks are easier to style, and no longer have negative margins and default padding.
- There are two new APIs for block variations and gradients.
- The block editor now supports TikTok in embeds.
WordPress 5.3.2 Maintenance Release
Released on December 18th, 2019.
This maintenance release features 5 fixes and enhancements. Some high-severity tickets were opened shortly after WordPress 5.3.1 was released, so the team pushed this release to solve those issues.
Highlights of the WordPress 5.3.2 updates include:
- Ensuring that
get_feed_build_date()correctly handles a modified post object with an invalid date.
- Fixing a file name collision in
wp_unique_filename()when uploading a file with upper case extension on non case-sensitive file systems.
- Fixing PHP warnings in
wp_unique_filename()when the destination directory is unreadable.
- Fixing the colors in all color schemes for buttons with the
- Using a proper delta comparison when checking the post date to set
WordPress 5.3.1 Security and Maintenance Release
Released on December 13th, 2019.
This update features 46 fixes and enhancements, including a number of security improvements. For this reason, updating is highly recommended!
This security release includes fixes for:
- An issue where an unprivileged user could make a post sticky via the REST API.
- An issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Hardening wp_kses_bad_protocol() to ensure it’s aware of the named colon attribute.
- A stored XSS vulnerability using block editor content.
On top of these security updates, WordPress 5.3.1 also introduces several maintenance fixes, such as:
- Avoiding thumbnails overwriting other uploads when filename matches, and excluding PNG images from scaling after upload.
- Ensuring administration email verification uses the user’s locale instead of the site locale.
WordPress 5.3 “Kirk”
Released on November 12th, 2019.
WordPress 5.3, named after jazz multi-instrumentalist Rahsaan Roland Kirk, brings some great improvements to the publishing experience. This version includes the new default theme, Twenty Twenty, which takes full advantage of the block editor to offer new levels of flexibility and design. It also features a variable font for the first time (Inter by Rasmus Andersson), which is easy to read for users and easy to load for browsers.
The block editor was also a major focus of this update, with over 150 new features and usability improvements!
I won’t list them all, but here are some of the highlights:
- Improved image support, specifically for non-optimized, high-resolution photos from a phone or camera.
- Accessibility improvements, including a new Navigation mode that will help users jump from block to block when navigating the dashboard with a keyboard (instead of tabbing through every control).
- Predefined layouts, which makes it easy for content creators to arrange content in advanced designs.
- Additional style options, including the ability to control the text and background color of Heading blocks, support for fixed-width columns in the Columns block, and a new Group block that can be used for creating colorful sections throughout the page.
Beyond the block editor and Twenty Twenty, WordPress 5.3 also introduces some basic improvements that everyone will appreciate. Images will now automatically rotate on upload based on the embedded orientation data – a feature that was first proposed nine years ago! And now when you log into a site as an administrator, you’ll occasionally be asked to verify your email address. This should help reduce the chance of getting locked out in the event that your address changes.
For more information about WordPress 5.3, check out the official release.
WordPress 5.2.4 Security Release
Released on October 14th, 2019.
This security update fixes six bugs that are found in WordPress versions earlier than and including 5.2.3.
This security release includes fixes for:
- An issue where stored XSS (cross-site scripting) could be added via Customizer.
- A method of viewing unauthenticated posts.
- A method to poison the cache of JSON GET requests via the Vary: Origin header.
- A server-side request forgery in the way that URLs are validated.
- Issues related to referrer validation in the admin.
WordPress 5.2.3 Security and Maintenance Release
Released on September 5th, 2019.
This security update fixes bugs that are found in WordPress versions earlier than and including 5.2.2, along with a few additional feature enhancements. Updating is highly recommended!
This security release includes fixes for:
- Issues where cross-site scripting (XSS) vulnerabilities could be found in post previews by contributors, stored comments, and shortcode previews.
- Issues where validation and sanitization of a URL could lead to an open redirect or XSS attacks.
- Reflected XSS during media uploads and in the dashboard.
WordPress 5.2.2 Maintenance Release
Released on June 18th, 2019.
This maintenance release fixes 13 bugs and includes improvements to the Site Health feature released in WordPress 5.2.
Highlights of the tickets completed in the 5.2.2 Maintenance Release include:
- Dashboard elements don’t always have clear focus states or tab order
- Make Site Health page access be filterable
- Theme update links show in Customizer but don’t work
WordPress 5.2.1 Maintenance Release
Released on May 21st, 2019.
This maintenance release fixes 33 bugs (nice work, core contributors!) and includes improvements to the block editor, accessibility, internationalization, and the Site Health feature released in WordPress 5.2.
Highlights of the tickets completed in the 5.2.1 Maintenance Release include:
- Gutenberg right-to-left (RTL) typing issues
- At least one function in /wp-includes/sodium_compat/src/Core32 that timed out on 32-bit servers
- wp_targeted_link_rel filter that shouldn’t be applied to “Custom HTML” widget
- Editor: Update packages for WordPress 5.2.1
WordPress is constantly evolving and improving thanks to the dedicated team of developers working on the core. For more information about any and all WordPress versions, be sure to check out the Release Archive.
Need to get a simple WordPress site live in as little time as possible? We have everything you need to make it happen with this go-live checklist! Follow along here and we’ll have your site living and breathing on Flywheel in approximately 30 minutes.