WordPress just unleashed more chaos in April 2025 than most platforms see in a year. If you run a site, build for clients, or just want your blog to stay safe, this roundup is your cheat sheet. One major WordPress release is all we get for the whole year, Automattic has basically stepped back from core development, and security? Hundreds of plugin and theme vulnerabilities dropped-many still waiting on patches.
The WordPress ecosystem is shifting fast, and if you don’t keep up, you risk getting left behind-or getting hacked. This round breaks down the most insane news, the security threats you can’t ignore, and the new features and risks that could make or break your business. Keep reading for the wildest WordPress news of April 2025.
Dina Restaurant Bar Demo
We’ll start this roundup with our Dina restaurant WordPress theme. It got even more versatile with the launch new Bar demo in April 2025. This sixth pre-made site layout is designed specifically for modern bars, cocktail lounges, and nightlife venues, giving users a fast track to a sleek, professional web presence.
The Dina Bar demo comes packed with six essential pages – Home, Menu, Events, Gallery, About, and Contact-so bar owners can showcase their atmosphere, promote upcoming events, and display their menu with ease. Built with the Elementor page builder, the demo is fully customizable and supports one-click import, letting users launch a stunning bar website in minutes. Like all Dina demos, it’s 100% responsive.
WordPress 6.8 Released as the Only Major Update in 2025
WordPress 6.8 Released as the Only Major Update in 2025
WordPress 6.8, released on April 15, 2025, stands out as the only major update for the platform this year-a major departure from the usual release cadence. This decision was made after a meeting of nearly 30 core contributors and project leaders, prompted by a dramatic decline in corporate contributions, especially from Automattic, which slashed its weekly development hours from nearly 4,000 to just 16. The slowdown is directly linked to ongoing legal disputes between Automattic and WP Engine, as well as broader concerns about project governance and sustainability.
Despite the scaled-back development, WordPress 6.8 delivers meaningful improvements focused on refining the site-building experience, streamlining workflows, and enhancing design tools. Notable features include speculative loading for faster navigation, major usability upgrades in the Site Editor, expanded support for classic themes, and a significant security boost with the adoption of bcrypt password hashing. While the immediate functionality of WordPress remains strong, the community is watching closely to see how reduced development resources and shifting contributor dynamics will shape the platform’s future.
Phishing Campaign Targets WooCommerce Users
Fake Security Vulnerability Phishing Campaign Targets WooCommerce Users
WooCommerce store owners were hit by a large-scale, sophisticated phishing campaign that targeted admins with fake security patch emails. These emails, appearing to come from addresses like [email protected], warned recipients of a fabricated “critical security vulnerability” supposedly discovered around mid-April, urging them to urgently download and install a patch to protect their stores.
However, the download link led victims to a cleverly spoofed website using a lookalike domain (such as “woocommėrce.com” with an accented “ė”), where the so-called patch was actually a malicious plugin. Once installed, this plugin created hidden admin accounts, deployed web shells, and gave attackers full control over the compromised site, enabling them to steal data, inject ads, or even launch ransomware attacks. Security experts and WooCommerce emphasized that legitimate updates are only distributed through official channels, and urged users to avoid clicking suspicious links, only install plugins from trusted sources, and report any phishing attempts to their email providers.
WordPress.com Launches AI-Powered Site Builder, Sparking Debate
WordPress Try Our New AI Website Builder for Free
WordPress.com shook up the website-building world by launching its new AI-powered site builder, and the buzz hasn’t stopped since. This tool lets anyone – from bloggers and freelancers to small business owners-spin up a full website just by describing their idea in a few sentences. No more hunting for templates or sweating over layouts; the AI handles everything from structure to content and images, all through a simple chatbot interface. The process is fast, intuitive, and designed to get users online in minutes, not hours.
But this launch is sparking big debates across the WordPress community. Some see it as a game-changer that lowers the barrier for millions who never thought they could build a site. Others worry about what it means for custom design, developer jobs, and the future of creative web work. Right now, the AI builder is best for basic sites – it can’t handle e-commerce or complex integrations yet – but Automattic says more features are on the way. One thing is clear: with WordPress.com betting big on AI, the future of website creation just got a lot more interesting-and a lot more automated.
Sassy Social Share and MaxButtons Plugins Fix Serious Flaws
Sassy Social Share and MaxButtons Plugins Fix Serious Flaws
Two of WordPress’s most popular plugins – Sassy Social Share and MaxButtons, each with over 100,000 active installs-rolled out crucial security updates to fix major vulnerabilities. Sassy Social Share patched an open redirection flaw (in version 3.3.74) that could have allowed attackers to redirect users from trusted sites to malicious ones, opening the door for phishing attacks and scams. Meanwhile, MaxButtons addressed a stored cross-site scripting (XSS) vulnerability (fixed in version 9.8.4), which could have enabled attackers to inject malicious scripts into admin pages, potentially compromising site security and user data. Site owners are strongly urged to update both plugins immediately to stay protected against these threats and keep their WordPress sites secure.
WordCamp Canada 2025: Call for Speakers Opens
This fall, speak at WordCamp Canada 2025
WordCamp Canada 2025, scheduled for October 16-17 at Carleton University’s Richcraft Hall in Ottawa, Ontario, made waves in April by opening its Call for Speakers on April 23. This national-scale event, one of only two of its kind worldwide, is seeking passionate WordPress enthusiasts to present on cutting-edge topics like the future of WordPress in an AI-driven world, keeping the web open amidst closed platforms, and pushing the boundaries of innovation. With submissions open until June 15, the event promises to be a hub for groundbreaking ideas and community connection, drawing attendees from across Canada and beyond. Set against the scenic backdrop of the Rideau River, WordCamp Canada 2025 is gearing up to be an unmissable gathering for developers, designers, and business owners alike.
WordPress in 2025 Report: Enterprise Game-Changer
The “WordPress in 2025” report, authored by Noel Tock and published in February 2025, has sent ripples through the CMS world by positioning WordPress as a powerhouse for enterprise solutions. Highlighting game-changing features like Full Site Editing (FSE), which allows no-code customization of entire websites, the report underscores how WordPress empowers marketing teams to build and tweak sites without developers. It also dives into the platform’s AI potential, envisioning an intelligent content ecosystem with agent-driven workflows, and champions WordPress’s hybrid CMS model-blending visual editing with API flexibility – over stagnant headless and proprietary systems. Tock argues that open-source innovation will outpace closed platforms, especially in turbulent markets, making WordPress a strategic bet for businesses planning their 5-year digital roadmaps.
Elementor Q2 Roadmap Event
Q2 2025 Elementor Roadmap Recap
Elementor hosted its Q2 Roadmap Event, unveiling the highly anticipated Editor V4 Alpha, hailed as the most transformative update in the platform’s history. This next-generation editor introduces powerful CSS classes, a unified Style Tab for consistent styling across elements, and fully customizable responsive design options, empowering web creators with unprecedented control and efficiency.
Upcoming features teased during the event include variables for site-wide design management, new atomic components, and a completely modernized UI, all set to redefine how professionals approach website design. With a focus on cleaner code, lighter DOM structures, and improved performance, Editor V4 marks a significant leap forward. Early access sign-ups are now open, inviting beta testers to explore this game-changing update before its full rollout.
Got thoughts on these wild updates or curious about a specific story? Drop a question or let us know what you’d like to dive deeper into!
