WordPress version 5.6 is the last major WordPress version for 2020, and it brought several new features as well as some minor bug fixes to finish out the year.
As always, it’s good idea to update – especially if there are security patches – but this version of WordPress has a few new features that can cause more trouble than they are worth if you rush into updating.
It’s definitely worth taking a few minutes to be fully aware of what you’re getting into.
New WordPress 5.6 Features
A new features called “application passwords” has the potential to both add functionality, conveiance, and security risks if it’s not used carefully.
Application passwords allow you to give an application permission to perform actions on behalf of a user.
It doesn’t take much imagination to see how an attacker could socially-engineer a site administrator into granting an application password to a malicious app. From there, the application can perform actions with the same permissions as the user who granted access. If the site admin granted access with an admin-level account, then the attacker can basically do anything they want.
In general, if you don’t know exactly what you’re doing, you’re better of not using this feature. While it definitely has potential to make things easier, it could also very easily lead to a site-wide takeover.
Currently, WordPress will automatically apply minor updates. These updates go through significant testing, and are generally not going to cause issues with plugin incompatibility or site crashes.
If you start a brand-new WordPress site on version 5.6, WordPress will now automatically apply major updates (5.6→5.7) as well.
Sites that have upgraded to WordPress 5.6 from a previous version will not have this feature enabled by default. Sites coming from 5.5 (and older) will still only have minor updates (and security patches) automatically applied by default. These sites can opt-in to major release auto-updates, though, if they would like to.
New PHP and jQuery
These two mainly apply to plugin developers or WordPress admins that want to see “behind the curtain” a little bit.
WordPress 5.6 will continue it’s jQuery update that began in version 5.5. In version 5.5, the jQuery Migrate .1x script was removed. In 5.6, WordPress will update to the latest jQuery version and update jQuery Migrate to version 3.3.2.
In additional “backend” changes, WordPress 5.6 will begin beta compatibility with PHP 8. This does not mean you should update your web hosting to run PHP 8 (yet). This means that if you’re running a stock site without 3rd-party plugins or themes you likely won’t run into issues.
For production sites running even a few plugins, though, it’s too early to try to update. It is on the horizon, though, so plugin developers can start making sure their plugins are compatible with this current PHP version.
When to Update?
While the changes in here aren’t huge, if your website is mission-critical, make sure to test your changes in a development environment before running on your primary site.
If you don’t run a lot of custom (or out-of-date) plugins, chances are everything will be fine. If you need help, though, feel free to get in touch with me.