WordPress Release: 3.7.0

TL;DR

WordPress 3.7 "Basie" introduces automatic background updates for security releases, a more robust password system, improved search results, and better global support. This release focuses on enhancing WordPress's core functionality with behind-the-scenes improvements that make the platform more secure, stable, and efficient without requiring user intervention.

Highlight of the Release

• Automatic background updates for security releases
• Stronger password recommendations with improved password meter
• Enhanced search results with better relevance sorting
• Improved global support with better language pack handling
• Rollback functionality for failed updates

Migration Guide

Preparing for Automatic Updates

While automatic updates for security releases are enabled by default, you may want to customize this behavior:

1. To disable automatic updates completely, add define('AUTOMATIC_UPDATER_DISABLED', true); to your wp-config.php file.

2. To control which types of updates happen automatically, use the new filters:

   • auto_update_core
   • auto_update_plugin
   • auto_update_theme
   • auto_update_translation

3. To disable update notification emails, use the auto_core_update_send_email filter.

Password System Changes

If you've built custom password strength meters or password handling, you may need to update your code to work with the new zxcvbn library.

Search Relevance Changes

If you rely on specific search result ordering, note that feeds of search results no longer order by relevance by default. Use orderby=relevance to explicitly request relevance-based ordering.

Upgrade Recommendations

Upgrade Priority: High

WordPress 3.7 is a security and maintenance release that introduces important behind-the-scenes improvements. The automatic background updates feature alone makes this a highly recommended upgrade for all WordPress sites.

1. Backup your site before upgrading as always
2. Update all plugins and themes to their latest versions
3. Perform the WordPress core update

This release is focused on security and stability improvements, making it a relatively low-risk upgrade with significant benefits. The automatic update system will help keep your site secure going forward with minimal intervention required.

Bug Fixes

Core Functionality Fixes

• Fixed URL handling for custom post type URLs in url_to_postid()
• Corrected handling of search results in feeds
• Fixed issue with Quick Edit for pages with parent relationships
• Resolved issue with post author modification during quick edits for post types that don't support authors
• Fixed handling of sticky posts to avoid counting auto-drafts
• Corrected handling of attachment links for future and private posts
• Fixed issue with wp-activate.php causing 404 errors

UI and Admin Fixes

• Fixed display issues with broken themes on dashboard and themes page
• Improved handling of theme searches to prevent query string accumulation
• Fixed customizer URL handling for sites without trailing slashes
• Improved post UI responsiveness with better column switching
• Fixed bulk actions in list tables when executing searches
• Improved handling of the default role when the current default is removed

Security and Performance Fixes

• Improved password reset key security with proper hashing
• Fixed memory limit detection for PHP configurations using G (gigabyte) shorthand
• Backported qmail fix from PHPMailer upstream
• Improved handling of Last-Modified headers for comment feeds
• Enhanced file permission handling during updates

New Features

Automatic Background Updates

WordPress now automatically updates in the background for security releases, ensuring your site stays protected without requiring manual intervention. The system includes:

• Automatic security updates for the core WordPress installation
• Email notifications for successful and failed updates
• Rollback functionality if an update fails
• Intelligent detection of version control systems to prevent conflicts
• Pre-flight checks to ensure updates will succeed

Enhanced Password System

The password system has been completely revamped with:

• New password strength meter using the zxcvbn library
• Better recommendations for creating strong passwords
• More accurate assessment of password security

Improved Search Results

Search functionality has been enhanced with:

• Better relevance-based sorting
• Improved handling of search feeds
• Option to explicitly request relevance-based ordering

Better Global Support

Language handling has been improved with:

• Enhanced translation update system
• Dedicated "Update Translations" button
• Better core translation information handling

Security Updates

Password Security

• Password reset keys are now properly hashed in the database, improving security of the password reset process
• Improved password handling with proper trimming in wp_hash_password()
• Enhanced password strength meter provides better security guidance

Update Security

• Automatic background updates for security releases ensure sites are protected from known vulnerabilities quickly
• Improved file permission handling during updates (minimum 0755 for directories, 0644 for files)
• Better detection of version control systems to prevent update conflicts

SSL Improvements

• Improved SSL awareness for pingback URLs
• Better handling of SSL for plugin information API endpoints
• Enhanced theme-compat SSL support

Performance Improvements

Database Performance

• Improved handling of expired transients, now deleted during database upgrades
• Better handling of database queries in option functions
• Enhanced handling of post metadata

Update Process Improvements

• More efficient file verification during updates
• Improved handling of maintenance mode to minimize disruption
• Better disk space management during updates with pre-flight checks
• Optimized language pack updates with improved caching

UI Performance

• Optimized accessibility JavaScript on the Menus screen to prevent browser crashes with large menus
• Improved handling of image resizing to prevent zero-pixel dimensions

Impact Summary

WordPress 3.7 "Basie" represents a significant shift in how WordPress handles updates and security. The introduction of automatic background updates for security releases means WordPress sites will be more secure with less manual intervention required from administrators. This is perhaps the most impactful change in this release, as it helps protect millions of WordPress sites from known vulnerabilities much more quickly than before.

The improved password system provides better security guidance to users, helping them create stronger passwords and better understand password security. Combined with the enhanced password reset process, this makes WordPress accounts more secure overall.

Search improvements make content discovery more effective, while the enhanced global support with better language handling makes WordPress more accessible to non-English users worldwide.

For developers, the release includes numerous bug fixes and performance improvements that make the platform more stable and reliable. The new hooks for customizing automatic updates provide flexibility for those who need more control over the update process.

Overall, WordPress 3.7 is focused on behind-the-scenes improvements that make the platform more secure, stable, and efficient without requiring significant changes to how users interact with WordPress.