6.8.0

TL;DR

WordPress 6.8 introduces significant performance improvements with the new Speculation Rules API for faster page loading, enhanced block editor capabilities, and important security updates. This release focuses on improving user experience through better accessibility, refined UI elements, and expanded developer tools while maintaining backward compatibility.

The update brings notable features like speculative loading to preload pages before users click links, improved block hooks functionality, better media handling for PNG uploads, and enhanced theme development tools including support for organizing pattern files into sub-folders. Security improvements include reintroducing MD5 password hash support for backward compatibility while maintaining strong security practices.

Highlight of the Release

• Speculative Loading: New Speculation Rules API for preloading pages before users click links
• Block Hooks Improvements: Better handling of block hooks with parent blocks and post content
• Media Enhancements: Full-size PNG image generation and support for URLs without extensions
• Developer Tools: Simplified block type registration and theme pattern organization
• Accessibility: Improved skip links, ARIA attributes, and motion preferences support
• Security Updates: Reintroduced MD5 password hash support for backward compatibility

Migration Guide

Updating to WordPress 6.8

Most sites should experience a smooth upgrade to WordPress 6.8 as this release maintains backward compatibility. However, there are a few areas where developers might need to make adjustments:

Speculation Rules API

The new Speculation Rules API is enabled by default with conservative settings. If you notice any issues with page preloading:

1. You can customize the behavior using the wp_speculation_rules_configuration filter:

   add_filter('wp_speculation_rules_configuration', function($config) {
       // Disable speculative loading completely
       return null;
       
       // Or customize the configuration
       // return [
       //     'mode' => 'prefetch', // or 'prerender'
       //     'eagerness' => 'conservative', // or 'moderate', 'eager'
       // ];
   });
   

2. To exclude specific URL patterns from speculative loading, use:

   add_filter('wp_speculation_rules_href_exclude_paths', function($excluded_paths) {
       $excluded_paths[] = '/my-custom-path/*';
       return $excluded_paths;
   });
   

Block Type Registration

If you're using the new wp_register_block_types_from_metadata_collection() function:

1. Ensure your block metadata PHP manifest file is properly formatted
2. Remove individual calls to register_block_type() or register_block_type_from_metadata() for blocks included in your collection
3. Update any code that relies on the timing of block registration

Theme Development

For theme developers:

1. If you're organizing pattern files into sub-folders, ensure your patterns follow the expected naming conventions

2. If you need to filter pattern files before auto-registration, use the new filter:

   add_filter('wp_theme_get_pattern_files', function($files) {
       // Modify $files array as needed
       return $files;
   });
   

3. If you're using :focus-visible in your theme.json, ensure it's properly configured:

   {
       "styles": {
           "elements": {
               ":focus-visible": {
                   "color": {
                       "text": "var(--wp--preset--color--accent)"
                   }
               }
           }
       }
   }
   

REST API Changes

If you're working with the REST API:

1. Update any code that processes HEAD requests to handle the new optimized response format
2. If you're using the user endpoint with search functionality, you can now specify search columns:

   wp.apiRequest({
       path: '/wp/v2/users?search=john&search_columns=display_name,user_email'
   })
   

Media Handling

If you're working with media uploads:

1. Be aware that PNG uploads now generate full-sized images
2. The wp_prevent_unsupported_mime_type_uploads filter can be used to control whether unsupported image types are blocked:

   add_filter('wp_prevent_unsupported_mime_type_uploads', function($prevent, $mime_type) {
       // Allow all uploads regardless of server support
       return false;
   }, 10, 2);
   

Upgrade Recommendations

Recommendation Level: Standard Upgrade

WordPress 6.8 is a recommended upgrade for all WordPress users. This release includes important performance improvements, security enhancements, and bug fixes that benefit all sites.

Who Should Update Immediately:

• Sites experiencing performance issues (will benefit from the Speculation Rules API)
• Sites with accessibility requirements (will benefit from improved ARIA attributes and skip links)
• Developers working with block themes and patterns (will benefit from new organization options)
• Anyone concerned about security (will benefit from improved password handling)

Update Timing Considerations:

• As with any major WordPress update, it's recommended to:
  • Back up your site before updating
  • Test the update on a staging environment if possible
  • Update themes and plugins to their latest versions
  • Check compatibility with critical plugins

Plugin and Theme Compatibility:

• Most plugins and themes should continue to work without issues
• Plugins that heavily modify the admin interface or block editor may need updates
• Custom themes that implement their own block patterns should work fine, with new organization options available

Technical Considerations:

• The new Speculation Rules API is enabled by default but can be disabled or customized via filters
• Sites with custom password hashing implementations should work properly with the improved password handling
• Developers using the REST API should review the performance optimizations for HEAD requests

Overall, WordPress 6.8 is a solid update that improves performance, security, and developer experience while maintaining backward compatibility. The benefits of updating outweigh potential risks for most sites.

Bug Fixes

Media Handling Fixes

• PNG Upload Handling: Fixed a limitation that prevented PNG uploads from generating full-sized images. This resolves an issue where using the image_editor_output_format filter would not generate full-sized images as expected.

• Image URLs Without Extensions: Enabled download_url() to fetch and verify file types even when the URL doesn't contain a file extension. This allows URL downloads to handle media endpoints like istockphoto.com that use file IDs and formatting parameters.

• Upload Error Dismissal: Fixed the dismiss button functionality on upload errors by improving the event attachment behavior.

Block Editor Fixes

• Block Template Conflicts: Fixed both visual and functional bugs related to template selection in the editor when having a custom block template registered with the same slug as another block template.

• Preview Links: Ensured that preview links show autosave content to logged-in users, allowing post authors to properly preview changes to a published post prior to publication.

• Layout Support Classes: Fixed layout support classes to be generated with a stable ID, resolving issues with the Interactivity API's client-side navigation feature.

Theme and Template Fixes

• Parent Theme Resolution: Fixed an issue where calling WP_Theme::is_block_theme() before themes are set up resulted in the parent theme not being resolved.

• Skip Link Positioning: Fixed skip link positioning in multiple bundled themes to ensure they are the first focusable item on the page and visible across all viewport sizes.

• Menu Accessibility: Fixed ARIA attributes in menus across multiple bundled themes and added support for dismissing submenus with the Esc key.

REST API Fixes

• Malformed URLs: Added graceful handling for requests with malformed rest_route query string parameters to prevent fatal errors.

• HEAD Requests: Fixed issues with HEAD requests when using the _fields filter by ensuring the response body is an empty array instead of null.

Other Fixes

• Pagination Links: Fixed an issue where pagination links weren't consistent with the chosen permalink structure regarding trailing slashes.

• Logo Cropping: Fixed a failure in the customizer site logo cropping functionality.

• Date/Time Handling: Added sanitization to WP_Locale::get_month() to prevent PHP warnings caused by undefined array keys.

New Features

Speculative Loading with Speculation Rules API

WordPress 6.8 introduces support for the Speculation Rules API, which improves performance by preloading URLs before users click on them. This feature:

• Configures prefetch for most links with conservative eagerness by default
• Provides the wp_speculation_rules_configuration filter to customize behavior
• Excludes certain URL patterns like /wp-admin/* or URLs with query parameters
• Offers the wp_speculation_rules_href_exclude_paths filter to expand excluded URL patterns
• Allows adding custom speculation rules via the wp_load_speculation_rules action

Block Hooks Improvements

A new function, apply_block_hooks_to_content_from_post_object, has been introduced to improve block hooks functionality:

• Colocates logic for wrapping content in a parent block with ignoredHookedBlocks information
• Ensures proper insertion of hooked blocks into first_child or last_child positions
• Works even with "classic" markup that doesn't contain blocks

Enhanced Block Type Registration

The new wp_register_block_types_from_metadata_collection() function simplifies the developer experience:

• Allows registering multiple block types with a single function call
• Works with generated block metadata PHP manifest files
• Eliminates the need for individual calls to register_block_type()

Theme Pattern Organization

Theme developers can now organize pattern files into sub-folders:

• Pattern files in a theme's /patterns/ directory can be organized into sub-directories
• All patterns are automatically located by the WP_Theme::get_block_patterns() method
• A new filter allows modifying the list of pattern files before auto-registration

Query Block Sticky Posts Option

The Query block now includes an option to ignore sticky posts:

• New ignore value for the sticky query argument
• When used, sticky posts will not be prepended at the top
• Posts will display in their natural order

REST API Improvements

Several enhancements to the REST API:

• Added site reading options (page_for_posts, page_on_front, show_on_front) to the index
• Support for search_columns in the user endpoint
• Performance improvements for HEAD requests
• Additional template data fields for active themes

Security Updates

Password Hashing Improvements

WordPress 6.8 reintroduces support for passwords hashed with MD5 while maintaining strong security:

• Reinstates the ability for users to log in to accounts where passwords are hashed using MD5
• Preserves the ability to reset passwords directly in the database using SQL queries or database administration tools
• Automatically upgrades MD5 hashed passwords to bcrypt when users successfully log in
• Maintains backward compatibility while encouraging the use of stronger hashing algorithms

Application Password Handling

Corrected the fallback behavior for application passwords that don't use a generic hash:

• Application passwords not hashed using BLAKE2b are now checked using wp_check_password()
• Provides full backward compatibility support for application passwords created via overridden wp_hash_password() functions
• Ensures proper authentication regardless of the hashing algorithm used

Security Improvements for readme.html

Enhanced security for the readme.html file:

• Added noindex,nofollow meta tag to prevent search engines from indexing this file
• Removed outdated Cafelog links from license.txt and readme.html files as the domain was purchased by another entity providing unsafe content

REST API Security

Improved handling of malformed REST API requests:

• Added graceful exit for requests with malformed rest_route query string parameters
• Prevents potential fatal errors from occurring with malformed URLs
• Enhances overall API robustness against invalid inputs

Performance Improvements

Speculative Loading

The introduction of the Speculation Rules API significantly improves performance by starting to load URLs before users click on them:

• Implements prefetch for links with conservative eagerness by default
• Reduces perceived page load times by preloading content users are likely to visit
• Intelligently excludes certain URL patterns to avoid unnecessary resource usage

REST API Performance Enhancements

Several improvements to REST API performance:

• Optimized handling of HEAD requests by not preparing response bodies
• Controllers now specifically handle HEAD requests to avoid performing needless work
• This reduces API response time and server resource usage

Block Type Registration Optimization

The new block type registration system improves performance:

• wp_register_block_types_from_metadata_collection() function reduces overhead by handling multiple block types in a single call
• Uses centralized block metadata PHP manifest files instead of parsing individual JSON files
• Reduces the number of file operations and processing required during block registration

Query Performance Improvements

Fixed a performance regression in WP_Query:

• Optimized how WP_Query::the_post() determines whether to traverse posts for cache warming
• Improved handling of different query field types (all, ids, etc.)
• Prevents unnecessary database queries when starting the loop

Calendar Function Caching

Improved caching within the get_calendar() function:

• Fixed incorrect cache collisions for different parameter values
• Ensured parameter equivalents generate the same cache key
• Improved cache efficiency by properly handling different parameter combinations

Impact Summary

WordPress 6.8 delivers significant performance improvements through the new Speculation Rules API, which preloads pages before users click links, creating a faster browsing experience. This release also enhances the block editor with improved block hooks functionality and adds a new option to ignore sticky posts in the Query block.

For developers, WordPress 6.8 introduces several powerful tools including simplified block type registration with wp_register_block_types_from_metadata_collection(), support for organizing theme pattern files into sub-folders, and REST API improvements. Theme developers gain support for the :focus-visible pseudo-selector in theme.json and a new filter for theme pattern files.

Accessibility receives substantial attention with improved skip links in bundled themes, better ARIA attributes in menus, and support for prefers-reduced-motion in the Customizer. Security is enhanced with improved password handling that maintains backward compatibility while encouraging stronger hashing algorithms.

Media handling sees notable improvements with full-size PNG image generation, support for uploading images from URLs without extensions, and better error messages. The release also includes numerous bug fixes and performance optimizations across the platform.

Overall, WordPress 6.8 represents a balanced update that improves the experience for all types of users while maintaining WordPress's commitment to backward compatibility and progressive enhancement.