WordPress is one of the most popular open-source projects in the world, with 70 developers contributing 4,969 commits to the core in 2019. Knowing that, it’s probably not surprising to learn that there’s usually a new WordPress release every single month (if not more like two or three)!
Some of these releases are full new versions or critical security patches, in which we recommend updating all your sites to the latest version fairly quickly. Others are minor fixes or even release candidates that are less critical to update right away or even optional (in the case of beta releases).
How to update WordPress
If your sites are on a managed WordPress host, updates are probably automatically taken care of for you. Flywheel, for example, updates major versions two weeks after release and security updates 24-72 hours after release. Of course, you can always manually update your site yourself or opt out of major version updates if you need more time for testing.
If you’re not working with a managed provider yet, you’ll likely have to manually update your sites to the latest version via the WordPress admin panel. This is very easy to do, but can be time-consuming if you manage lots of client sites.
To update WordPress manually, simply log into wp-admin and look for a notification at the top of the homepage prompting you to update. Click that, and you’re good to go!
Even if your hosting provider takes care of updates for you, it’s still a good idea to be in the know about the latest WordPress version. Then you can make sure your sites are ready for the upgrade and can take advantage of any important new features (like the recent Gutenberg Editor)!
To help you stay up to date with the most current WordPress version, we’ve created this changelog where we’ll publish the details of major version updates, security releases, and maintenance releases.
The latest WordPress version is 5.3.2, a maintenance update that was released on Dec. 18th, 2019. Other recent versions include:
- WordPress 5.3.1 Security and Maintenance Release
- WordPress 5.3 “Kirk”
- WordPress 5.2.4 Security Release
- WordPress 5.2.3 Security and Maintenance Release
- WordPress 5.2.2 Maintenance Release
- WordPress 5.2.1 Maintenance Release
WordPress 5.3.2 Maintenance Release
Released on December 18th, 2019.
This maintenance release features 5 fixes and enhancements. Some high-severity tickets were opened shortly after WordPress 5.3.1 was released, so the team pushed this release to solve those issues.
Highlights of the WordPress 5.3.2 updates include:
- Ensuring that
get_feed_build_date()correctly handles a modified post object with an invalid date.
- Fixing a file name collision in
wp_unique_filename()when uploading a file with upper case extension on non case-sensitive file systems.
- Fixing PHP warnings in
wp_unique_filename()when the destination directory is unreadable.
- Fixing the colors in all color schemes for buttons with the
- Using a proper delta comparison when checking the post date to set
WordPress 5.3.1 Security and Maintenance Release
Released on December 13th, 2019.
This update features 46 fixes and enhancements, including a number of security improvements. For this reason, updating is highly recommended!
This security release includes fixes for:
- An issue where an unprivileged user could make a post sticky via the REST API.
- An issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Hardening wp_kses_bad_protocol() to ensure it’s aware of the named colon attribute.
- A stored XSS vulnerability using block editor content.
On top of these security updates, WordPress 5.3.1 also introduces several maintenance fixes, such as:
- Avoiding thumbnails overwriting other uploads when filename matches, and excluding PNG images from scaling after upload.
- Ensuring administration email verification uses the user’s locale instead of the site locale.
WordPress 5.3 “Kirk”
Released on November 12th, 2019.
WordPress 5.3, named after jazz multi-instrumentalist Rahsaan Roland Kirk, brings some great improvements to the publishing experience. This version includes the new default theme, Twenty Twenty, which takes full advantage of the block editor to offer new levels of flexibility and design. It also features a variable font for the first time (Inter by Rasmus Andersson), which is easy to read for users and easy to load for browsers.
The block editor was also a major focus of this update, with over 150 new features and usability improvements!
I won’t list them all, but here are some of the highlights:
- Improved image support, specifically for non-optimized, high-resolution photos from a phone or camera.
- Accessibility improvements, including a new Navigation mode that will help users jump from block to block when navigating the dashboard with a keyboard (instead of tabbing through every control).
- Predefined layouts, which makes it easy for content creators to arrange content in advanced designs.
- Additional style options, including the ability to control the text and background color of Heading blocks, support for fixed-width columns in the Columns block, and a new Group block that can be used for creating colorful sections throughout the page.
Beyond the block editor and Twenty Twenty, WordPress 5.3 also introduces some basic improvements that everyone will appreciate. Images will now automatically rotate on upload based on the embedded orientation data – a feature that was first proposed nine years ago! And now when you log into a site as an administrator, you’ll occasionally be asked to verify your email address. This should help reduce the chance of getting locked out in the event that your address changes.
For more information about WordPress 5.3, check out the official release.
WordPress 5.2.4 Security Release
Released on October 14th, 2019.
This security update fixes six bugs that are found in WordPress versions earlier than and including 5.2.3.
This security release includes fixes for:
- An issue where stored XSS (cross-site scripting) could be added via Customizer.
- A method of viewing unauthenticated posts.
- A method to poison the cache of JSON GET requests via the Vary: Origin header.
- A server-side request forgery in the way that URLs are validated.
- Issues related to referrer validation in the admin.
WordPress 5.2.3 Security and Maintenance Release
Released on September 5th, 2019.
This security update fixes bugs that are found in WordPress versions earlier than and including 5.2.2, along with a few additional feature enhancements. Updating is highly recommended!
This security release includes fixes for:
- Issues where cross-site scripting (XSS) vulnerabilities could be found in post previews by contributors, stored comments, and shortcode previews.
- Issues where validation and sanitization of a URL could lead to an open redirect or XSS attacks.
- Reflected XSS during media uploads and in the dashboard.
WordPress 5.2.2 Maintenance Release
Released on June 18th, 2019.
This maintenance release fixes 13 bugs and includes improvements to the Site Health feature released in WordPress 5.2.
Highlights of the tickets completed in the 5.2.2 Maintenance Release include:
- Dashboard elements don’t always have clear focus states or tab order
- Make Site Health page access be filterable
- Theme update links show in Customizer but don’t work
WordPress 5.2.1 Maintenance Release
Released on May 21st, 2019.
This maintenance release fixes 33 bugs (nice work, core contributors!) and includes improvements to the block editor, accessibility, internationalization, and the Site Health feature released in WordPress 5.2.
Highlights of the tickets completed in the 5.2.1 Maintenance Release include:
- Gutenberg right-to-left (RTL) typing issues
- At least one function in /wp-includes/sodium_compat/src/Core32 that timed out on 32-bit servers
- wp_targeted_link_rel filter that shouldn’t be applied to “Custom HTML” widget
- Editor: Update packages for WordPress 5.2.1
WordPress is constantly evolving and improving thanks to the dedicated team of developers working on the core. For more information about any and all WordPress versions, be sure to check out the Release Archive.
Tired of updating your sites?
Once you start to manage multiple WordPress sites, even these easy updates to the core can start to become a tedious task on your to-do list. That’s where a managed WordPress host comes in.
When you partner with Flywheel, we’ll automatically handle WordPress updates for you, so you never have to worry about them again! (Unless you manually want to, of course.) On top of WordPress updates, you’ll get all the benefits of our cloud hosting platform, 24/7 support team, workflow tools, and more.
Ready to discover the stress-free way to manage lots of WordPress sites?