The June 16, 2026 WordPress supply-chain incident was not just a plugin update story. It exposed how CDN access, third-party scripts, and cleanup gaps can leave sites exposed.
PHP 8.1 is already unsupported, PHP 8.2 loses security support on December 31, 2026, and WordPress recommends PHP 8.3+. CMS hosts should be planning now.
WordPress 7.1 shifts image resizing and format work into the browser. Site owners should test plugins, CSP, fallbacks, and CDN-backed media before rollout.
June 2026’s WordPress reporting keeps pointing to the same operational lesson: premium-plugin blind spots, slow patch uptake, and even compromised vendors all create the same need. Businesses need a reliable plugin inventory and a post-patch response process, not just a reminder to click update.
WordPress 7.0 makes AI features much easier to ship by moving prompt routing and provider connection management into core. That speeds up delivery, but it also makes connector governance the real decision point: provider choice, credential handling, fallback behavior, capability checks, and how features fail when WordP
WordPress moved Unicode email support from a May 22, 2026 core proposal into active WordPress 7.1 testing on June 10, 2026. The change itself makes sense. The real cost sits in older validation, storage, masking, and CRM hand-offs that still assume email means ASCII.
WordPress 7.0 shipped on May 20, 2026. Then, on May 27, the React 19 migration note clarified what custom WordPress teams need to hear plainly: if you run custom blocks or admin UIs, compatibility testing now belongs in a proper engineering budget, not on a casual post-update checklist.
WordPress.org's June 5, 2026 cooldown on plugin and theme auto-updates turns plugin management into release work. The sensible response is to document the plugin estate, understand dependencies, review custom code, and stop treating updates as a background task.
WooCommerce scheduled actions still sit behind order updates, payments, renewals, customer emails, and webhooks. Because Action Scheduler still relies on WP-Cron unless a store hardens the runner, backlogs remain an operations issue with direct commercial consequences.
MariaDB 10.6 reaches end of life on July 6, 2026. For WordPress and Drupal hosting, that turns older database setups from a background infrastructure detail into a defined upgrade project with version selection, testing, and rollback planning attached.