WordPress performance issues often stem from multiple layered problems rather than a single culprit. This article breaks down the four root causes of slow WordPress sites, starting with hosting, and explains why site speed matters for SEO rankings and conversion rates, with Google's Core Web Vitals as a key ranking factor.

The WordPress Plugins Team is actively recruiting volunteers to review the surging number of plugin submissions, which have quadrupled since 2024 and now exceed 500 per week. Interested contributors need technical WordPress knowledge, strong communication skills, and consistent time commitment, with a two-month training period provided.

WordPress maintains its dominant position in the CMS market with 42.6% global market share as of March 2026, powering between 37.5 million and 605 million websites depending on how sites are counted. The platform continues to lead with 59.9% CMS market share, vastly outpacing competitors like Shopify (5.1%) and Wix (4.2%), while the ecosystem includes over 30,000 themes, 61,000+ free plugins, and WooCommerce's 33.43% eCommerce market share.

xCloud managed WordPress hosting provider integrated Patchstack to protect 320+ customer sites, blocking over 53,000 threats in 90 days. The solution provides centralized, proactive vulnerability protection without performance impact or complex per-site configuration, scaling seamlessly across their managed hosting environment.

WordPress.org conducted a comprehensive audit of repositories under the WordPress and bbPress GitHub organizations, resulting in 20 repositories being archived for no longer meeting active maintenance criteria. Archived repos include legacy feature plugins, short-term experimental projects, and outdated communication repositories, while remaining publicly accessible for reference.

281 vulnerabilities were publicly disclosed with 56 patches now available and 225 remaining unpatched. Critical issues affect popular plugins like W3 Total Cache and Widget Options, with Solid Security Pro offering firewall protection for unpatched vulnerabilities. WordPress 7.0 Beta 2 is available for testing ahead of the April 9 release.

Wordfence Intelligence reported 174 new vulnerabilities affecting 139 WordPress plugins and 28 themes during February 9-15, 2026. With contributions from 64 security researchers, WordPress site owners should review the report to identify and address any vulnerabilities on their installations.

WordPress 7.0 Beta 2 is now available for testing with over 70 bug fixes and improvements across the Editor and Core since Beta 1. The release introduces a new Connectors UI dashboard for intuitive AI provider management, allowing users to centrally manage external AI connections in wp-admin. The final release is scheduled for April 9, 2026.

WordPress VIP has published its major platform release roadmap covering WordPress Core versions 7.0, 7.1, and 7.2 scheduled for April, August, and December 2026 respectively, alongside concurrent Jetpack releases from 15.5 through 16.6. PHP 8.6 is also planned for November 2025, with all dates subject to testing and review before finalization.

The WordPress Themes Team will hold its second monthly meeting on August 26, 2025 at 15:00 UTC in the #themes Slack channel. The meeting will cover weekly updates with an open floor session for community questions and theme-related discussions.

WordPress in 2026 establishes Full Site Editing as the production-ready standard with enhanced block management and design controls in WordPress 6.8. The platform delivers significant performance gains including native AVIF support, Speculation Rules API integration, and Interactivity API v2, alongside practical AI-driven development tools that have matured beyond novelty status.

The WordPress Plugins Team reviewed a record 12,713 plugins in 2025, marking a 40.6% increase from 2024, with weekly submissions doubling to around 330. The team renamed itself to better reflect its expanded responsibilities beyond reviews, incorporating AI-assisted analysis and improved tools like the Plugin Check Plugin to maintain review efficiency despite the surge in submissions.

WordPress 6.9 launched on December 2, 2025, featuring over 400 core updates including improved block collaboration, hideable blocks, and drag-and-drop functionality. The project plans to return to three major releases annually starting 2026, with the first expected in March or April, focusing on postponed features like template activation and the tabs block. The WordPress AI team also released the AI Experiments plugin v0.1.0 to test emerging AI features before core integration.

A comprehensive security report documenting 209 publicly disclosed vulnerabilities, with 75 patches now available and 134 remaining unpatched. WordPress 6.9.3 has been released as a mandatory security update to address vulnerabilities and resolve display issues from the previous version.

A permissions-check vulnerability (CVE-2026-3906) in WordPress 6.9-6.9.1 allows authenticated Subscriber-level users to create notes on any post via the REST API comments controller. The issue stems from incomplete authorization checks in the Notes feature, potentially enabling social engineering or phishing attacks through malicious annotations.

WordPress faced nearly 8,000 security vulnerabilities in 2024, with most originating from unpatched third-party plugins. The article emphasizes the urgent need for automatic updates and highlights how automated exploit tools are making large-scale attacks increasingly feasible, requiring site owners and developers to prioritize security maintenance.

A critical unauthenticated SQL injection vulnerability (CVE-2026-2413, CVSS 7.5) was discovered in the Ally WordPress accessibility plugin, affecting over 400,000 sites. The flaw allows attackers to extract sensitive database data including password hashes through improper SQL query handling. Users should immediately update to version 4.1.0, which was released on February 23, 2026.

WordPress 7.0 will be the first major release of 2026, with alpha beginning November 12, 2025, and beta 1 starting February 19, 2026. The release team, led by Matias Ventura, will focus on testing, bug fixes, and dev notes during the beta phase, with beta 2 scheduled for February 26, 2026.

A practical guide for small business owners on choosing WordPress hosting that prioritizes real security, SEO-friendly speed, reliable backups, and WordPress-savvy support. The article contrasts managed WordPress hosting with shared hosting and highlights common mistakes businesses make when selecting hosting platforms.

WordPress powers 43% of all websites and offers superior stability, SEO capabilities, and security compared to proprietary builders. The platform's open-source nature, vendor independence, and two decades of development make it the most strategic choice for enterprises and startups seeking long-term digital presence.