A Wapuu named Gandalf now reads every plugin release before your site does. WordPress.org holds new plugin and theme updates up to 24 hours while an AI review pass hunts for malware before auto-updates ship. That’s 78,000+ plugins and themes, over 400 million plugin installs, behind one gate.

The same week showed both sides of gatekeeping. UpdraftPlus patched an unauthenticated bypass on 3 million sites: the threat the gate exists for. SiteGround force-installed an AI plugin on a million customer sites: the overreach that makes people distrust gatekeepers. Walls protect. Walls also decide for you.

While we argued about gates, CERN walked on stage at WordCamp Europe and said home.cern now runs on WordPress. The software we stress-test all week is the one serious institutions keep betting on. Hold both thoughts.

This newsletter is part of the WordPress Weekly called WPStack.

Top Stories

Protect The Shire. Matt Mullenweg announced the cooldown June 5: every new plugin and theme release now waits up to 24 hours while an AI review pass, fronted by a new Wapuu named Gandalf, scans it before auto-update distribution. With 69 plugins on over a million sites each, urgent-fix timing just changed. I pushed three Core Forms patches in two days this month... under this gate, hotfix two queues while users stay broken.

UpdraftPlus auth bypass patched. CVE-2026-10795 (CVSS 8.1) let unauthenticated attackers run UpdraftCentral RPC commands as the connected admin, up to remote code execution; fixes shipped June 5 (free 1.26.5, premium 2.26.5) and Wordfence blocked 4,987 exploit attempts in 24 hours. Only UpdraftCentral-connected sites are exploitable; on 3 million installs, update first.

React 19 reverted in Gutenberg. Gutenberg 23.3.0 shipped React 19, plugins bundling the React 18 jsx-runtime crashed, and 23.3.2 rolled it back June 4, with React 19 still committed for WordPress 7.1 in August. Core Forms just retired a legacy gutenberg-block.js, so this compat checklist sits on my desk too.

CERN moves home.cern to WordPress. The Drupal switch landed June 5, announced live in the WordCamp Europe keynote: 183,000+ content items, 580 WordPress sites on one Kubernetes-based service, 2.5 years of work by five or six people. CERN plans to open source its Gutenberg auto-migration tool; watch it if you pitch enterprise migrations.

Hosting benchmarks return after three years. Kevin Ohashi rebuilt Review Signal’s testing on Orderly Ape, his open-source k6 platform, after Grafana Cloud would have cost roughly $250K; Pressable took Top Tier in all six segments it entered, with 5.1ms budget-tier static responses. My hosting recommendations run on 2023 data... time to re-check every one.

SiteGround’s AI Agent backlash. SiteGround auto-installed and auto-activated its AI Agent plugin fleet-wide in late May; it now sits at 1M+ installs and a 1.3/5 rating, 59 of 64 reviews one-star. Where host convenience ends and consent begins is the argument every host is watching.

Core, Gutenberg & WooCommerce

WooCommerce 10.9 beta. Final lands June 23: native email logging under WooCommerce > Status > Logs, deferred draft orders against orphaned checkout rows, and Abilities API coverage for products and orders. Half my store tickets start with “did the order email send”; logging deletes that category.

Gutenberg 23.3’s dashboard experiment. The June 3 release previews a widget-based wp-admin dashboard where you add, move, and resize widgets like Quick Draft and Site Health. wp-admin redesigns keep dying in mockups; one users can drag around is the first I’d bet on.

Client-side media processing. Browsers decode, resize, and encode every image sub-size via wasm-vips before upload (AVIF, WebP, HEIC, UltraHDR, JPEG XL, GIF-to-video), targeting WordPress 7.1 core, Chromium-only for now. Image CPU moving off shared hosting rewrites the pitch for the server-side optimization plugins I’ve configured for years.

Unicode email addresses in trunk. is_email() and sanitize_email() now accept addresses like grå@grå.org on utf8mb4, validation matches the WHATWG spec, and a new WP_Email_Address class exposes ASCII and Unicode forms. Core Forms validates email on every submission; I’m testing each ASCII-assuming integration before this ships.

WooCommerce’s experimental dual API. Opt-in and PHP 8.1+ in 10.9: plain PHP classes with attributes, a build script generating the GraphQL side, products and coupons only as proof of concept. Every headless Woo build I’ve touched bolts GraphQL on via third-party plugins; first-party matters even this early.

Plugins, Themes & Products

ACF 6.8.4. AJAX handlers now check the nonce matches the expected field type, and ACF PRO satisfies dependencies declared against the free advanced-custom-fields slug. Third security-bearing ACF release in three weeks; update without ceremony.

Official WordPress browser extension. Jake Goldman’s WP Detective is becoming an official WordPress project at Mullenweg’s request: beta on Chrome and Safari, Fabian Kaegy co-building, testers wanted before 1.0. It moves admin-bar controls into the browser chrome, outside wp-admin.

Elementor 4.1.2 and 4.1.3. Two patches in three days fix Global Classes pages failing to publish or losing live-site styles, plus Cloud Library screenshot errors. On the v4 Atomic Editor, these aren’t optional.

Jetpack 15.9. The Donations block gains a Tips variation, modal display, and per-frequency amounts, and Jetpack Search adds an AI Agent Access toggle: owners opt in before AI assistants answer from site content. I covered agent-access risk in my AI tools guide; opt-in is the consent model SiteGround skipped.

Divi 5.7. June 10 adds a gradient editor, gradient variables, gradient text fill, and text-stroke settings alongside 72 bug fixes; an agentic Divi AI Agent is in development. Variables are the design-system primitive Divi 4 never had, worth knowing before migrating legacy sites.

Security & Performance

55,202 plugins, benchmarked. Marcin Dudek activated every WordPress.org plugin in an isolated container and measured homepage TTFB: 90.8% add 10ms or less, the median is 0ms, and only 64 add over 5MB of peak memory. This is the dataset I’ll cite when a client wants plugins deleted instead of a profiler run.

Everest Forms Pro exploited via eval(). CVE-2026-3300 (CVSS 9.8) passes calculation-field input straight to eval(); patched in 1.9.13 in March, exploited since April 13, 29,300+ attempts blocked, and a rogue “diksimarina” admin to audit for before updating. I build forms for a living: eval() on user input is the bug class you design out, not sanitize around.

Kirki exploited to hijack admin accounts. CVE-2026-8206 (CVSS 9.8) lets unauthenticated attackers point Kirki’s password-reset endpoint at any account and route the reset link to an inbox they control; patched in 6.0.7 on May 18, exploited since June 2, and roughly 40% of its 500,000 installs still run vulnerable 6.0.0-6.0.6. Kirki ships bundled with themes, so it’s running on sites whose owners never picked it: update to 6.0.7 or deactivate it today.

Wordfence’s Q1 threat report. 2,738 new WordPress vulnerabilities in one quarter (up 23.7%), the “common and dangerous” class nearly doubled (up 98%), and 16 billion brute-force attempts blocked. Weekly patching plus a WAF is the floor now, not the ceiling.

Business of WordPress

Court finds Mullenweg “evasive”. Judge Ajay Krishnan ruled June 5 that Mullenweg “appeared to be evasive or to waste time” in his 21-hour deposition, gave WP Engine three more hours, and ordered WP Engine to open Asana, Jira, Figma, and Miro and unredact a strategy-deck line on trademark licensing. Hearings hit June 24-25; trial stays September 2027.

Mullenweg skipped WordCamp Europe. He stayed home “to stay close to loved ones going through difficult times,” so Mary Hubbard and Matías Ventura fronted the June 6 closing keynote, a live look at how WordPress leadership gets delegated.

Tutorials Worth Reading

What’s new for developers, June 2026. The official checklist: the media editor modal is now the default crop experience, Playground’s wp-now is deprecated for Playground CLI, and the React 19 migration list (render(), hydrate(), and friends) is the part to finish first.

Dynamic endpoints and bot traffic. Kinsta shows how cart, checkout, search, and admin-ajax requests burn PHP threads and database connections while cached pages shrug off the same flood. I run FlyingPress plus Cloudflare APO in production; dynamic-endpoint bot load is the gap page caching can’t close.

Faster WooCommerce monorepo builds. Christopher Allford cut cold builds 60% (96s to 37.1s) and watch memory 84% (24.4GB to 3.9GB) by swapping TypeScript’s compiler for esbuild and type-checking at lint. The pattern copies to any slow JS toolchain.

Quick Bits

• Gutenberg 23.4.0 RC1 un-gates client-side media processing and adds upload retry with exponential backoff, previewing 7.1’s media stack.

• WordPress 7.0 shipped a known keyboard regression: arrow keys can’t reach ancestor blocks, open since March 17, an accessibility miss my forms work makes me allergic to.

• WordPress 7.0.1 targets late June as core recruits 7.0.x release managers.

• SureCart 4.4.0 adds checkout login prompts, access-code login, and name-your-own-price invoices.

• Yoast SEO 27.8 trims database queries on multi-author sites and fixes React 19 rendering ahead of 7.1.

• Rank Math 1.0.272 ships four MCP tools (link report, post SEO meta, post links, schema) so AI assistants can audit your SEO data directly. June 10, and squarely the agent-access story again.

• FluentCommunity 2.6.0 adds welcome banners and first-comment moderation and patches a private-space approval bypass, so update first.

• Bricks 2.3.7 patches Gutenberg styling, query loop, and WooCommerce regressions from the 2.3 cycle.

Deals

Some links below are affiliate links.

WP Scheduled Posts lifetime deal, $39. WPDeveloper’s editorial-calendar plugin: $39 lifetime for 5 sites (74% off the $149 regular price), $78 for 10, $117 for unlimited, and the Sumo Day promo on AppSumo stacks an extra 10% off through June 11. That’s today.

Events & Community

WCEU 2026 recap. 2,458 attendees from 81 countries at ICE Kraków, 49 talks, and a closing fireside pointing at Studio Code, the agent-based coding tool. Recordings are hitting WordPress.tv now. Next: WordCamp US in Phoenix, August 16-19; WCEU 2027 in Málaga, May 27-29.

Collaborative editing outreach for 7.1. Anne McCarthy launched an FSE-style program June 3 to get real-time co-editing ready for 7.1, running until August 18, recruiting real sites on varied hosting. Outreach testing hardened FSE; whether it’s a strict enough gate for a flagship feature, I’ll test myself.

Jukebox #220: Cathy Mitchell. The WordCamp Canada 2026 lead organizer (November 5-6, Vancouver) on shrinking sponsorship budgets and youth recruitment via WordPress Campus Connect: the forces deciding whether WordCamps keep existing.

WordCamp Mannheim runs July 3-4 at Schloss Mannheim across four tracks, the biggest European camp in the next 30 days.

WordCamp Rajshahi lands July 2-3 in Bangladesh, South Asia’s next camp and a deep plugin-developer bench.

From My Desk

Best AI Tools for Managing WordPress Websites in 2026. My layer-by-layer map of the AI-for-WordPress stack: coding agents, MCP servers as the agent-to-site bridge, and in-dashboard plugins. The closing stack is what I run in production, plus the agent-access risks nobody’s pricing in.

How to Add Bulk Nofollow in WordPress. Written after applying nofollow to 9,000+ outbound links across 1,400 posts: a render-time filter with an affiliate whitelist, or a database rewrite when the attribute must live in post HTML. The 9,000 links were mine; the tutorial is the cleanup, written down.

Final Take

WordPress spent years treating its update pipeline like plumbing. This week it became infrastructure worth guarding, and every story orbits that shift: gates you choose (Jetpack’s toggle), gates chosen for you (SiteGround), gates with courtrooms attached (WP Engine). Watch June 23 for WooCommerce 10.9, late June for 7.0.1, June 24-25 for the hearings... and do the React 19 homework before 7.1 turns it into a deadline.