WordPress 3.5 Beta 1 has been released and can be easily upgraded to with the Beta Tester plugin. This is the first beta release, so it’s not recommended for live sites, but plugin and theme developers, and anyone with a keen eye for bugs, are encouraged to try it out now.
This new release includes tons of changes to how images are handled, a new color picker, keyboard navigation, support for favorited plugins from the official directory, and much more.
If you run into any bugs, please check the known and fixed issues first, report them if they have not already been reported or fixed, and visit the support forums if you need any help.
Twenty Twelve, the new default theme for WordPress 3.5, has also been released separately and is available for anyone running WordPress 3.4.2 or higher.
XML-RPC is enabled by default in 3.5, but I personally think that’s a bad decision from a security perspective. There’ve been serious XML-RPC vulnerabilities in the past, but they weren’t an issue for most users because it was disabled by default.
The benefit of enabling it by default is that people who want to use it don’t have to spend 15 seconds turning it on. The downside is that it creates a new attack vector for hackers. Doesn’t seem worth it to me.
For anyone who’s concerned about security, you can disable it with the new ‘xmlrpc_enabled’ filter. See http://core.trac.wordpress.org/ticket/21509
Also, doesn’t this violate the 80% rule?
“The rule of thumb is that the core should provide features that 80% or more of end users will actually appreciate and use. If the next version of WordPress comes with a feature that the majority of users immediately want to turn off, or think they’ll never use, then we’ve blown it.” — http://wordpress.org/about/philosophy/
I’m pretty confident that far less than 80% of WP users even know what XML-RPC is, let alone use it.
To be clear, I had nothing to do with the decision and am unclear on the background myself, but I think what you’ve said above is actually why they did it.
From the blog post, this was intended to make using the mobile apps easier, and the mobile apps are quite popular. As of now, using one of the mobile apps requires a confusing, “Huh, what’s XML-RPC?” step, whereas enabling it by default in 3.5 seems to be intended to avoid such confusion.
That’s a good point, James. I hadn’t considered the popularity of the apps themselves when judging the popularity of XML-RPC, even though they are tied together.
Even with that, though, I still don’t think the majority of installations actually use either of them, and it’s really not that hard to explain to someone how to turn on a single setting. So, when combined with the potential security risks, my personal opinion is that it should remain disabled by default. I can see the validity of other opinions, though.
It’s fairly easy to turn off, though; you just need to add this to a functionality plugin:
add_filter( ‘xmlrpc_enabled’, ‘__return_false’ );
Will give wordpress 3.5 a try soon , thanks for this nice update !
Well although this beta version has some improvements for images but still a lot of work needs to be done on uploading image function and quick insertion of images and setting post featured thumbnail. Hope to see better image insertion support in upcoming WordPress versions
So, how long do I need to wait to update for the next version after this beta release? I have a live site, any advice appreciated
I’ve read elsewhere that the new 2012 theme has some compatibility issues with older versions of i.e. I tend to use the default themes as a learning tool and I was hoping to pick up some tips on making the site more responsive. Has anyone here had any experience with this so far?
Twenty Twelve makes use of some advanced CSS 3 techniques which are not supported in IE 8 or earlier. Because of this, visitors with the older IE browsers will see something very similar to the mobile version.
So, it still works with earlier versions of IE, it’s just not as pretty as it would be under Firefox, Chrome, Safari, Opera, or IE 9.