The WordPress newsletter for site owners, every weekend.
Six minutes. The week's WordPress news translated, contextualised, and pushed back on when it deserves it. Free. Unsubscribe any time.
The latest issue
Shipped July 10, 2026Issue 9: WordPress backs off, patches up, and counts the cost
WordPress 7.0.1 patches a registration spam hole and 31 other bugs. The Classic block stays after a reversed plan, and plugin sales data shows real strain.
Past issues
The archiveIssue 8: AI gets official access, a customs deadline, and Elementor's reset
The EU's customs exemption ended July 1, and shipments now get rejected for bad HS codes. Elementor just cut 30% of its staff to chase AI.
Issue 7: Security patches, a classic exit, and a community loss
Update Ultimate Member now or attackers can reset admin passwords. Avada Builder also needs a patch. A 13-year backdoor hit 44 WordPress plugins.
Issue 6: Bad week for trusted updates
Trusted plugin updates spread malware this week. OptinMonster, TrustPulse, and ShapedPlugin Pro were all compromised. Check your admin accounts now.
Issue 5: Security got stricter
WordPress added a 24-hour delay before plugin auto-updates. UpdraftPlus patched a site takeover bug. Update now if you ever connected it to UpdraftCentral.
Issue 04: Patch now, watch 7.1
Three plugins have critical flaws under active attack. Burst Statistics, Everest Forms Pro, and Kirki all need updating before anything else this week.
Issue 3: Update now, lock it down
WordPress 7.0 had a strong first week. Most sites can update with confidence. WP Maps Pro has a critical flaw that lets attackers create admin accounts.
Issue 2: Test 7.0, patch checkout now
WordPress 7.0 is out. A critical FunnelKit flaw is stealing payment data from checkout pages. Recurring malware usually means a server breach.
Issue 1: 7.0 Gets Real
WordPress 7.0 is nearly out. Burst Statistics and Avada Builder both have critical flaws to patch now. The AI plugin for WordPress hits 1.0 this week.