WordPress 4.0 Designed for Improved Security, Usability, Stability

The latest version of open-source content management system provides user enhancements and tightens SSL security.

WordPress 4.0 Update

The open-source WordPress blogging and content management system received a major update Sept. 4. WordPress 4.0 provides improved stability and bug fixes as well as multiple usability improvements.

WordPress has emerged in recent years to become one of the most popular CMS technologies in use today. WordPress is available as a free publicly hosted platform on WordPress.com and as open-source software from WordPress.org that users can self-host.

As has been the case for the last several WordPress releases, the latest update is named after a famous Jazz musician. For the WordPress 4.0 release, the name is "Benny" in honor of famed jazz musician Benny Goodman. WordPress 3.7 was named after Count Basie, WordPress 3.8 after Oscar Peterson and WordPress 3.9 after Jimmy Smith.

A major focus over the last several releases of WordPress has been an emphasis on doing less with more and optimizing the administrative interface. With 4.0, that effort goes a step further and includes enhancements aimed at helping authors write posts. Formatting options remain at the top of the edit window in an effort to make it easier for authors to format posts.

The improved editing process was driven partly by WordPress bug #28328, submitted by developer Mark Jaquith.

"The post editor feels like it has been relegated to a box of medium importance on the edit/compose screen," Jaquith wrote. "The height of the screen isn't used to full advantage, and editing is a frustrating scrolling-box-within-a-scrolling-box situation with a lot of distractions."

Another big area of enhancement is with an improved media embedding feature. Prior to the 4.0 release, authors needed to preview or publish a post before they could see embedded media.

While the core of WordPress includes lots of functionality, the extensibility of the platform by way of third-party plug-ins has made the system particularly attractive. With WordPress 4.0, a new plug-in browser is designed to make it easier for site owners to discover and install plug-ins.

From a security perspective, there are no big fixes in the WordPress 4.0 update, but there are some security feature enhancements. One of them is defined by WordPress bug #27954, which adds the ability to force Secure Sockets Layer (SSL) and to enable HTTPS secure connections everywhere on a given site.

WordPress 4.0 also makes sure that cookies are secured, as well, when SSL and HTTPS are in use.

"In the situation where a site is only served over SSL, then all cookies should have the secure flag set," WordPress bug #28427 states.

Ever since the WordPress 3.7 release in October 2013, the platform has had an automatic update mechanism for bug and security fixes. The system was last triggered in August for the WordPress 3.9.2 update, fixing a critical denial-of-service vulnerability. The update to WordPress 4.0 is a major release and not something that triggers the auto-update mechanism. As such, users will need to update their own sites either by downloading the WordPress 4.0 software from WordPress.org or from within an existing WordPress site's dashboard.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.