WordPress Release: 4.6.0

TL;DR

WordPress 4.6 "Pepper" introduces significant improvements to the user experience with streamlined updates, native system fonts for faster loading, content recovery, and enhanced link management. This release focuses on performance, stability, and accessibility while introducing new developer tools like the WP_Post_Type and WP_Term_Query classes. The update also includes important bug fixes and security improvements, making it a recommended upgrade for all WordPress sites.

Highlight of the Release

• Streamlined updates for plugins and themes with fewer page refreshes
• Native system fonts for faster admin interface loading
• Content recovery with browser-based draft saving
• Improved editor link management with inline URL validation
• New WP_Post_Type and WP_Term_Query classes for developers
• Enhanced meta registration API
• Improved HTTP API with Requests library integration
• Support for Unicode 9.0 emoji

Migration Guide

For Theme Developers

If your theme relies on the .update-message CSS class in the plugins list table, you may need to update your styling. WordPress 4.6 has changed how update messages are displayed, but basic back-compatibility styling has been maintained for margin and padding.

For Plugin Developers Using Meta Registration

The meta registration API has been significantly refactored in WordPress 4.6. If you're using register_meta(), note the following changes:

1. The function signature has changed to support an array of arguments:

   register_meta( $object_type, $meta_key, $args );
   

2. Object subtype handling has been removed, and registration is now based solely on object type.

3. No guarantee of uniqueness is made across object subtypes. Registered meta keys should be uniquely prefixed to avoid conflicts.

For Developers Using HTTP API

The HTTP API now uses the Requests library internally. While most code should continue to work without changes, note the following:

1. The return value structure has changed slightly, with the response object now available at the http_response key in the returned array.

2. All non-GET/HEAD requests now put arguments in the form body by default.

3. If you're working with cookies or proxies, review the updated handling in the new implementation.

For Developers Using Term Queries

If you're filtering 'terms_clauses', be aware that the 'orderby' clause is now passed without the 'ORDER BY' prefix. This change ensures compatibility with the new WP_Term_Query class.

Upgrade Recommendations

WordPress 4.6 is a recommended upgrade for all WordPress installations. The release includes important security fixes, performance improvements, and new features that enhance the overall WordPress experience.

For most users, the automatic update process should work smoothly. If you have heavily customized your WordPress installation or use many plugins, it's recommended to:

1. Back up your website before updating
2. Test the update on a staging environment if possible
3. Update all plugins and themes to their latest versions
4. After updating, check your site thoroughly to ensure everything works as expected

Developers should review the migration guide for changes that might affect custom code, particularly around the meta registration API, HTTP API, and term queries.

The performance improvements and bug fixes in this release make it worthwhile to update as soon as possible, especially for sites experiencing issues with the editor, media handling, or plugin updates.

Bug Fixes

Update/Install Fixes

• Fixed plugin updates from the details modal on the WordPress Updates screen and Dashboard
• Corrected the update count after translation updates
• Fixed issues with the Shiny Updates postMessage handler to prevent conflicts with third-party messages
• Improved error handling for plugin and theme updates
• Fixed visual feedback during theme and plugin deletion

Media and Embeds

• Fixed issues with featured images in embeds
• Prevented srcset attributes from breaking due to spaces in filenames
• Fixed YouTube embeds with the [video] shortcode
• Improved handling of cropped images in image_get_intermediate_size()
• Fixed clean-up of prior image edits when IMAGE_EDIT_OVERWRITE is true

Customizer Fixes

• Fixed panel indentation in Firefox
• Ensured that WP_Customize_Nav_Menu_Section can represent placeholder nav menus
• Fixed issues with WP_Customize_Setting::value() for multidimensional settings

Multisite and Network

• Added a nonce to the "Cancel" URL when changing a site's admin email
• Fixed logic for displaying Edit User links after adding a user
• Improved security with hash_equals() for hash comparisons

Taxonomy and Terms

• Fixed issues with WP_Term_Query and the 'terms_clauses' filter
• Corrected handling of shared terms that have not yet been split
• Fixed WP_Error usage in WP_Tax_Query

Comments

• Fixed caching of SELECT FOUND_ROWS() query results
• Improved blacklist checking by stripping HTML tags from comment content
• Fixed JavaScript errors in comment moderation

PHP 7 Compatibility

• Fixed PHP 7 compatibility issues in Twenty Thirteen and Twenty Fourteen themes
• Improved handling of reference parameters for PHP 7.0.9+ compatibility

New Features

Streamlined Updates

WordPress 4.6 introduces a streamlined update experience for plugins and themes. Updates now happen in the background without page refreshes, making the process faster and more intuitive. The update process provides better visual feedback and improved error messages when issues occur.

Native System Fonts

The admin interface now uses native system fonts instead of remote fonts, resulting in faster loading times and a more native feel. The interface will automatically use San Francisco on Mac OS X/macOS, Segoe UI on Windows, Roboto on Android, and other appropriate system fonts.

Content Recovery

WordPress now saves your content locally in the browser while you write, providing an additional layer of protection against lost drafts. If your browser crashes or you accidentally close the tab, your content will be recovered when you return to the editor.

Improved Editor Link Management

The editor now features inline link checking that validates URLs as you type them. This helps prevent broken links by alerting you to malformed URLs before you publish.

Resource Hints API Enhancements

WordPress 4.6 expands the Resource Hints API with support for dns-prefetch and preconnect hints, allowing developers to optimize performance by pre-resolving domains and establishing early connections.

Security Updates

Improved Hash Comparison

WordPress 4.6 now uses hash_equals() when comparing hashes in multisite functions, which helps mitigate timing attacks that could potentially expose sensitive information.

Enhanced Plugin and Theme Management

Security improvements in the plugin and theme management system include:

• Moving capability checks earlier in Ajax handlers for plugin updates and deletions
• Better validation of messages in the Shiny Updates postMessage handler
• Improved error handling and user feedback for failed operations

Filesystem Security

The filesystem API has been improved to properly clean up temporary files when they can't be opened, preventing potential security issues with leftover temporary files.

Input Validation and Sanitization

Several improvements to input validation and sanitization have been implemented:

• Better handling of comment blacklist checks by stripping HTML tags
• Improved URL validation in the editor
• Enhanced sanitization of meta values through the updated meta registration API

Performance Improvements

Faster Admin Interface Loading

The switch to native system fonts has significantly reduced the loading time of the admin interface by eliminating the need to download web fonts. This results in a more responsive experience, especially on slower connections.

Enhanced Memory Limit Handling

WordPress 4.6 introduces improved memory limit handling with the new wp_raise_memory_limit() function. This provides more efficient memory management for memory-intensive processes and prevents unnecessary memory limit changes when the current limit is already sufficient.

Resource Hints for Performance

The expanded Resource Hints API allows for better performance optimization through dns-prefetch and preconnect hints. These hints enable browsers to pre-resolve domains and establish early connections, reducing the time needed to load external resources.

Improved Query Caching

Several improvements to query caching have been implemented:

• Better caching of comment query results
• Optimized WP_Site_Query and WP_Network_Query to avoid storing unnecessary data in the cache
• More efficient handling of term queries

HTTP API Enhancements

The integration with the Requests library improves the performance and reliability of HTTP requests, with better handling of cookies, proxies, and various HTTP methods.

Impact Summary

WordPress 4.6 "Pepper" represents a significant step forward in improving the WordPress user experience while maintaining backward compatibility. The streamlined updates system reduces friction for site administrators, making it easier to keep sites secure and up-to-date. The switch to native system fonts improves performance across all devices and creates a more familiar, native feel to the admin interface.

For content creators, the improved editor with link validation and content recovery features provides a more reliable writing experience with fewer interruptions and less risk of losing work. These quality-of-life improvements make WordPress more accessible to new users while providing tangible benefits to experienced users.

Developers benefit from new APIs and classes that improve code organization and performance. The introduction of WP_Post_Type and WP_Term_Query classes, along with the refactored meta registration API, provides more structured and efficient ways to work with WordPress core data.

The focus on accessibility improvements throughout the admin interface ensures WordPress remains usable for all users, regardless of ability. Combined with the internationalization enhancements, WordPress 4.6 continues the project's commitment to being a truly global platform.

Overall, WordPress 4.6 delivers meaningful improvements to performance, stability, and user experience while providing developers with new tools to build better websites and applications.