The June 16, 2026 WordPress supply-chain incident was not just a plugin update story. It exposed how CDN access, third-party scripts, and cleanup gaps can leave sites exposed.
WordPress 7.1 shifts image resizing and format work into the browser. Site owners should test plugins, CSP, fallbacks, and CDN-backed media before rollout.