Version 1.0

The first release in which we will start to show our long term vision. It will focus on low hanging security improvements, introduction of core plugins and deprecation of many things we do not believe that they have a place in core.

Minimum requirements:

  • PHP 7.0 or above
  • MySQL 5.0 or above (or MariaDB compatible version)
  • For install running on Apache, mod_rewrite
  • PHP modules: MySQLi, Zip

Major discrepancies with WordPress:

  • Support for plain and numerical URLs eliminated
  • Theme and plugin editing eliminated
  • edit_files, edit_plugins, and edit_themesĀ  capabilities removed

Security improvements

Prevention of user enumeration

Performance improvements

  • Removal of the emoji JS based shim from the front end
  • Various obsolete code removal

Follows list of minor versions and their related issues.

1.0.0

Remove the user's website setting UI
Labeled as deprecation, users

Default user display name should not expose private details
Labeled as security, users

Make user display name a simple text input
Labeled as users

Deprecate the UI for user first and last name, and nickname
Labeled as deprecation, users

Remove any mention of user names from the UI
Labeled as deprecation, users

Deprecate the default category related code
Labeled as deprecation

Deprecate the calendar and archeive widgets
Labeled as deprecation

Remove comment moderation queue based on words
Labeled as deprecation

Remove deprecated and unused CSS
Labeled as deprecation

Remove deprecated and unused JS libraries
Labeled as deprecation

Deprecate usage of the old mysql php module in favour of mysqli
Labeled as deprecation, refactor

Remove dead code that is executed only for unsupported server configuration
Labeled as bloat removal

Remove conversions of smilies into images
Labeled as deprecation

Remove the emoji related shim code
Labeled as deprecation

Simplify wp_salt
Labeled as refactor

Deprecate the random_int shim
Labeled as deprecation

Remove the user option to fully turn off "visual" editing
Labeled as deprecation

errors display on login and reset passward forms should not disclose the existance of user names and emails
Labeled as Privacy, security

Remove the shim for the _ function
Labeled as bloat removal

Remove the array_replace_recursive shim
Labeled as bloat removal

Remove the json_encode and json_decode shims
Labeled as bloat removal

Remove the spl_autoload_register
Labeled as bloat removal

Deprecate the "the_meta" function
Labeled as bloat removal

Remove the "featured" section in theme installation screen
Labeled as branding, themes

Remove the "beta", "featured" and "recommended" sections in plugin installation screen
Labeled as branding, plugins

Deprecate the post meta management from the post editing screen
Labeled as deprecation

Change all meta_key columns to VARCAR(191)
Labeled as invalid

Deprecate the category and tags converter
Labeled as deprecation

Deprecate password protected posts
Labeled as deprecation

Make all classes not final
Labeled as refactor

Deprecate CSS editing in the customizer
Labeled as breaking backward compatibility, deprecation

Deprecate HTML editing in the text widget
Labeled as breaking backward compatibility, deprecation

Deprecate theme and plugin editor
Labeled as deprecation

Deprecate plain and numeric urls
Labeled as breaking backward compatibility, deprecation

deprecate post formats
Labeled as breaking backward compatibility, deprecation

Remove comment black listing based on words
Labeled as deprecation

rename the upgrade directory to .upgrade
Labeled as security, upgrade

Deprecate the usage of the pclzip library
Labeled as bloat removal

Use const instead of define everywhere it can be applicable
Labeled as performance

wp-config-sample.php should not have a php extension/be "executable"
Labeled as security

Remove stupid check that php is running from install.php
Labeled as bloat removal

Remove RSD related HTML generation and code
Labeled as bloat removal, deprecation

remove the rel profile link tag from the header
Labeled as bloat removal, default theme

Remove the generator meta
Labeled as bloat removal

Deprecate the meta widget
Labeled as deprecation

replace salt generation by wordpress.org with one generated by calmpress.org
Labeled as branding, security

Actually deprecate the dprecated WordPress core functions
Labeled as deprecation

Deprecate the ping on post related code
Labeled as deprecation

remove hello dolly plugin
Labeled as bloat removal

Remove post by email
Labeled as deprecation

Depracate support for pingbacks/trackbacks
Labeled as deprecation, spam

Remove the link manager
Labeled as deprecation

Better password hashing
Labeled as breaking backward compatibility, security

Stop forcing wordpress spelling as WordPress
Labeled as content editing

prevent user name enumaration/leakage
Labeled as Privacy, security

Still in development

Compatibility with WPcli
Labeled as wpcli

Edit the configuration file from the admin
Labeled as configuration

Move the inclusion of wp-settings.php from the wp-config.php file to load.php
Labeled as refactor

If there are no options belonging to the writing settings group, do not show "writing" as part of the settings menu
Labeled as UX

Revert the gutenberging of default content
Labeled as WordPress 5.0 merge

Make user signup a core plugin
Labeled as core plugins, deprecation

Merge WordPress 5.0 in the 1.0 version
Labeled as WordPress 5.0 merge

Always add rel="noopener noreferrer" to link with target="_blank"
Labeled as WordPress 5.0 merge, security

Investigate reverting changes in kses done for gutenberg
Labeled as WordPress 5.0 merge, security

Remove all of the importers from the tools section except for the WordPress one
Labeled as deprecation

Move the manual post excerpt functionality into a core plugin
Labeled as core plugins, deprecation

Add compatibility checks for max PHP and MySQL versions
Labeled as upgrade

Distribute default .htaccess as part of the full install.
Labeled as apache, install, security

Design a way to install plugins and themes from outside of the wordpress repository
Labeled as core plugins, plugins, themes

On install comments should be off
Labeled as comments, spam

Offer to try and save the newly generated config via FTP if file can not be written
Labeled as install

When installing on apache verify that mod_rewrite is active
Labeled as apache, install

check on install that a site is on https or local host
Labeled as install, security

Replace gravatars with material design based avatars
Labeled as Privacy, breaking backward compatibility, comments

Authors should be a taxonomy and not being related to the user actually posting the content
Labeled as breaking backward compatibility, content editing

Deprecate HTML editing of post content in the editor
Labeled as core plugins, deprecation

Allow access only to known file types outside of the uploads and wp-admin directories
Labeled as apache, nginx, performance, security

rename wp-config.php to .wp-config.php and refactor it to contain only configuration
Labeled as refactor, security

Protect directories and files starting with a dot (.) from being accessed externally in htaccess
Labeled as apache, security

Backup functionality which is part of core
Labeled as backup/restore

comments should not accept html
Labeled as comments

Deprecate support for XML-RPC, move into core plugin
Labeled as core plugins, deprecation

improve build tools to make development easier
Labeled as dev tools

safe mode
Labeled as

Prevent user name/email leakage via the sign in form
Labeled as Privacy, security