WordPress 7.0 landed this week, and it deserves a real test cycle. AI inside WordPress now looks practical, not experimental. At the same time, one WooCommerce flaw needs an immediate patch. Another malware case shows when WordPress cleanup will never solve the problem.

WordPress and AI: 7.0 changes your workflow

WordPress 7.0 landed this week, and it changes daily site management more than most core releases. The big shifts sit in the admin area. You get a cleaner dashboard, better editing controls, new blocks, and a central place to manage AI connections. Our WordPress 7.0 guide covers the site-owner view.

That AI piece matters most. WordPress now treats generative AI as part of the platform, not a random add-on. This will push more plugins toward one shared setup for providers, permissions, and tools.

The official AI plugin also hit 1.0.0. Its most useful addition is request logging, which shows admins what prompts and responses AI tools send and receive. That gives you better control over cost, privacy, and team use.

The editor roadmap also looks useful. Gutenberg 23.2 adds more phone and tablet style controls in site-wide design settings. A new image editor test also brings freeform crop, rotation, and flip into one popup.

Takeaway: test WordPress 7.0 on a staging site before you update production. Check your theme, forms, SEO plugin, and any AI add-ons. Then plan for another major release in August. WordPress 7.1 already targets that window.

Security: Stop checkout theft and repeat infections

Stores that use Funnel Builder by FunnelKit need action now. Attackers already exploit a critical flaw that injects fake analytics scripts into checkout pages and steals payment data. Our security note on the FunnelKit flaw explains what to check.

Update Funnel Builder to 3.15.0.3 immediately. Next, open Settings > Checkout > External Scripts and remove anything you do not recognize. If your store used an affected checkout, treat this as a card data incident and contact your payment provider today.

Another security story delivered a blunt lesson. Wordfence traced one stubborn WordPress reinfection to a server-level backdoor inside a CyberPanel and SnappyMail setup. The attacker controlled the server itself, so they could rewrite WordPress files after every cleanup. Our breakdown explains the pattern.

Takeaway: if malware keeps coming back, stop repeating the same WordPress cleanup. Isolate the site and ask your host to inspect the server, not just the plugins. If you run your own VPS, a virtual private server, with CyberPanel, review that stack first.


End of article