The main updates in this release are:
- Automatic Updates
- Improved Search
- More Secure Passwords
- Improved Globalisation Support
Download the latest version from wordpress.org.
Fastest Release To Reach Half Million
After this release, lead Developer Andrew Nacin post a tweet to show this release has the fastest ever WordPress release to reach half a million downloads, in less than 24 hours.
592,948 downloads of WordPress 3.7 in 24 hours. (Fastest release to half a million.) http://t.co/aYacdbn203— Andrew Nacin (@nacin) October 25, 2013
Not even a week has past and it has already reached one million downloads.
You can view the current download count here.
In the past when there is a new WordPress version release the site admin would have to log into the admin area and manually update their website.
But this can be a problem if there is a site where the admin user doesn't log in often, the website will never get updated. WordPress are aware of this and have followed other software releases, such as Chrome and decided to build in a feature that will automatically update WordPress to the latest version. If this release is a minor update for maintenance or security reasons your website could have an exposed security loophole and just because you haven't updated WordPress your website could be at risk.
This update means that the admin user will no longer have to login to update WordPress, it will automatically check if any updates are available and update the core in the background.
This is done by using the new WP_Automatic_Updater class located in /wp-admin/includes/class-wp-updater.php. This is not just for core updates it can also be used to automatically update themes and plugins. With this new class there are lots of information in the codex to use the auto updater class.
Types Of Releases
With WordPress there are 3 types of releases.
- Core code updates
- Minor core updates, maintenance and security
- Major core code
By default WordPress will only update for minor core updates, but this can be changed by adding a new constant variable to your wp-config.php file.
// Auto update all 3 types of releases define('WP_AUTO_UPDATE_CORE', true); // Disable all 3 types of releases define('WP_AUTO_UPDATE_CORE', false); // Only auto update minor changes define('WP_AUTO_UPDATE_CORE', 'minor');
The auto update feature has come with a number of new filters you can use to configure the auto update.
To use these filter you need to return a boolean value depending if you want the update, best done with the __return_true and __return_false callback functions.
allow_dev_auto_core_updates will allow you to get the nightly WordPress Dev updates automatically (should not be used on your live site).
add_filter( 'allow_dev_auto_core_updates', '__return_true' );
If you want to turn off just all minor updates then you will use the filter allow_minor_auto_core_updates and return false, remember this is set to true by default.
add_filter( 'allow_minor_auto_core_updates', '__return_false' );
If you want to just turn on auto update for the any major core updates use the filter allow_major_auto_core_updates.
add_filter( 'allow_major_auto_core_updates', '__return_true' );
Plugin And Theme Updates
If you are using a plugin or theme that is hosted on the WordPress repository then can turn on auto updates for these files. This is turned off by default but you can use 2 new filters to turn this on for plugins or themes.
add_filter( 'auto_update_plugin', '__return_true' ); add_filter( 'auto_update_theme', '__return_true' );
Disable Core Updates
The development team at WordPress want to ensure every site has the latest version of WordPress running their site, this is why the process of setting up auto updates started. It's not advised by the core development team but they have made it possible to turn off auto updates for your site.
To disable all core updates use the filter auto_update_core and return false.
add_filter( 'auto_update_core', '__return_false' );
You can even disable all auto updates by using the constant variable AUTOMATIC_UPDATER_DISABLED or the automatic_updater_disabled filter.
// WordPress constant to disable updates define( 'AUTOMATIC_UPDATER_DISABLED', true ); // WordPress filter to disable updates add_filter( 'automatic_updater_disabled', '__return_true' );
More Secure Password Meter
You always hear stories about WordPress not being secure. This is simply not the case, the WordPress core code is very secure, it's maintained by hundreds of developers and security experts to make sure that the core code is very secure.
One of the biggest ways to hack a WordPress site is a brute force attack on the login page, this is when a script is ran on the wp-login.php page to try and gain access to the admin area. Because this page is located at the root by default on every WordPress install it's easy to find this page, then the script will enter the most common usernames, admin or webmaster and proceed to randomly enter passwords to gain access.
There are a few things you can do to protect your site from this type of attack, only allow access to the login page from certain IPs, password protect the page with htaccess or install the limit login plugin which will lock out an IP address after 3 failed logins.
But the best way to protect your admin area is still to simply use a strong password, the main reason why your site is hacked is because you haven't used a strong password.
Now WordPress uses an improved password meter developed by dropbox to let users know if they are using a strong password. WordPress now uses the password meter zxcvbn which you can use for your own projects by cloning the project on github.
For a while the search results that come back from the in-built search queries haven't been very useful. The way posts are returned is ordered by the date of when the article was published, unlike most search engines which will return results in a relevance order. In this release WordPress have changed the search functionality to become more useful by now returning the posts in order of relevance.
So now when you search for the full title of a post this will now be returned as the first post where as before this could appear lower down on the list depending on when it was published.
Improved Globalisation Support
Along with automatic updates to the core code WordPress have added auto updates for localized versions of language files, allowing other languages to receive faster and more complete translations.
The WP_Query class has been updated to include more options for querying your posts by date.
Added parameters are:
- after (string/array) - See WP_Date_Query::build_mysql_datetime()
- before (string/array) - See WP_Date_Query::build_mysql_datetime()
- inclusive (boolean) - For after/before, whether exact value should be matched or not
- compare (string) - See WP_Date_Query::get_compare()
- column (string) - Column to query against. Default: 'post_date'
- relation (string) - OR or AND, how the sub-arrays should be compared. Default: AND
Developer Function Updates
Mutlisites have been given a new function that has been needed for a while, to get a list of all sites in your network you used to be able to use the function get_blog_list(). But this was deprecated in version 3.0 because of performance problems and has been replaced by the function wp_get_sites() which returns an array of all sites currently on the network.
There are many other development improvements on that can be found in 3.7.
Download the latest version now from WordPress.org.