WordPress Release: 5.1.1

TL;DR

WordPress 5.1.1 is a maintenance and security release that addresses several bugs and security issues from the 5.1 release. Key improvements include fixes for comment filtering, multisite functionality, PHP version checking, and UI elements. This release enhances site security, improves user experience, and ensures better compatibility across different environments. Site administrators should update to this version as soon as possible to benefit from these important fixes.

Highlight of the Release

• Enhanced security with improved comment content filtering
• Added new filter wp_is_php_version_acceptable for stricter PHP version checking
• Fixed multisite functionality with proper site checking and metadata handling
• Added ability to specify direct links for PHP updates via new environment variable or filter
• Fixed UI issues in Custom HTML widgets and Menus screen

Migration Guide

No significant migration steps are required for this maintenance release. WordPress 5.1.1 is a backward-compatible update focused on bug fixes and security improvements.

If you're using custom code that relies on the deprecated wpmu_new_blog hook in multisite environments, note that this release restores the expected metadata that was missing in 5.1.0, which should fix any compatibility issues you might have experienced.

Upgrade Recommendations

This is a security and maintenance release that addresses several important bugs and security issues. All WordPress site administrators should update to version 5.1.1 as soon as possible.

The update process is straightforward:

1. Back up your website before updating
2. Update through your WordPress dashboard or via your preferred method
3. Test your site functionality after the update

If you're running a version older than 5.1, consider updating directly to 5.1.1 to benefit from all the improvements and fixes in the 5.1.x series.

Bug Fixes

Comment System Fixes

• Improved handling of rel="nofollow" attributes in comments
• Enhanced comment content filtering for better security
• Fixed comment-reply.js loading to allow it to be included in the HTML header as a dependency of other scripts

Multisite Fixes

• Fixed wp_insert_site() to properly check the result of get_site()
• Restored expected metadata in the deprecated wpmu_new_blog hook:
  • Includes public, archived, mature, spam, deleted, lang_id, and WPLANG in the $meta data
  • Ensures backward compatibility for code still using this hook

UI and Widget Fixes

• Fixed Custom HTML widget editing by removing unnecessary change event that was causing issues with "Done" and "Save" buttons
• Fixed background styling on the Menus screen to apply to the correct elements
• Fixed mismatched opening/closing tags in the WordPress 5.1 About page

Other Fixes

• Removed trailing spaces from translatable strings
• Minified loading.gif image for better performance

New Features

New PHP Update Assistance

• Added support for specifying direct links where users can update their PHP version
• Implemented through either the WP_DIRECT_UPDATE_PHP_URL environment variable or the wp_direct_php_update_url filter
• When configured, an "Update PHP" button appears in the dashboard widget for sites running outdated PHP versions

Enhanced PHP Version Checking

• Introduced new wp_is_php_version_acceptable filter to make PHP version warning checks stricter
• The filter only runs if the wordpress.org API already considers the PHP version acceptable
• Ensures that plugins or hosting providers can only make version checks stricter, not looser

Security Updates

Comment Security Enhancements

• Improved filtering of comment content to prevent potential security issues
• Enhanced handling of rel="nofollow" attributes in comment links
• These changes help protect sites from potential comment-based vulnerabilities and spam

Performance Improvements

Image Optimization

• Further minified the loading.gif image after the upgrade of grunt-contrib-imagemin in WordPress 5.0
• Implemented through the grunt precommit:image task
• Results in smaller file sizes and faster loading times

Impact Summary

WordPress 5.1.1 is primarily a maintenance and security release that addresses several bugs and enhances security, particularly around comment handling. The release improves multisite functionality by fixing site insertion and restoring expected metadata in deprecated hooks, which is crucial for backward compatibility.

For site administrators, the release adds new capabilities for PHP version management, including a new filter for stricter version checking and the ability to provide direct update links to users. These improvements help site owners better manage PHP compatibility and encourage updates to more secure PHP versions.

The release also fixes several UI issues, including problems with Custom HTML widgets, menu screen styling, and the About page. Performance is slightly improved through image optimization.

Overall, this release enhances WordPress stability, security, and user experience without introducing breaking changes, making it an important update for all WordPress installations.