WordPress 7.0 standardizes how plugins call AI providers, while leaving developers responsible for access control, cost limits, capability checks and graceful failures.
The June 16, 2026 WordPress supply-chain incident was not just a plugin update story. It exposed how CDN access, third-party scripts, and cleanup gaps can leave sites exposed.
PHP 8.1 is already unsupported, PHP 8.2 loses security support on December 31, 2026, and WordPress recommends PHP 8.3+. CMS hosts should be planning now.
WordPress 7.1 shifts image resizing and format work into the browser. Site owners should test plugins, CSP, fallbacks, and CDN-backed media before rollout.
June 2026 WordPress exploit reports show why businesses need plugin inventory, license visibility, patch tracking, and compromise checks after updates.