WP More

WordPress 7.0 is Here, WCEU is Shrinking and AI Team Shakeup | WP More – Issue 43

WP More

Written by

wpnishat

in

Subscribe to WP More Newsletter

Big WordPress releases, hard numbers, and a leadership change. Everything happended in WordPress Community last week.

Hello WordPressers!

Welcome to this week’s WP More roundup — WP More newsletter issue 43, where you get curated news about WordPress and the WordPress community all in one place.

WordPress 7.0 has landed, the next release is already calling for volunteers, WordCamp Europe’s attendance numbers deserve a closer look, a fresh security report has some uncomfortable findings, and the WordPress AI Team just saw its two founding co-leads step down.

A lot happened. Let’s get into it.

In this Issue:

  • WordPress 7.0 “Armstrong” is officially out
  • WordPress 7.1 is already looking for volunteers
  • WordCamp Europe 2026 attendance is down, and the data tells an interesting story
  • Over half of WordPress sites have a plugin with a known vulnerability
  • James LePage and Felix Arntz step down from the WordPress AI Team

WordPress 7.0 “Armstrong” is officially here

Named after jazz legend Louis Armstrong, WordPress 7.0 marks the start of a new phase for the platform. The headline feature is AI infrastructure, this release lays the groundwork for AI across the WordPress experience. Alongside that, you get a modernized dashboard, new design tools, and enhanced development capabilities.

It’s a major release. If you haven’t updated yet, now’s the time to check your plugins for compatibility and plan your upgrade.

Read the full release post on WordPress.org here.

With 7.0 shipped, the team is already moving on to what comes next.

WordPress 7.1 is calling for volunteers

The ink is barely dry on 7.0 and planning for WordPress 7.1 is already underway. The proposed release date is August 19, 2026, and the Make WordPress Core team is looking for contributors to join the release squad.

Whether you’ve helped with a release before or this would be your first time, there are roles for different skill levels and time commitments. This is one of the most direct ways to contribute to WordPress core.

Read the full call on Make WordPress Core here.

While we talk about the future of WordPress, let’s look at how the community’s biggest annual event is faring.

WordCamp Europe’s attendance numbers are worth reading carefully

Jean Galea published a detailed breakdown of four years of WordCamp Europe data, and the picture is more specific than most headline takes suggest.

Actual attendance figures (using organizer-verified counts): Berlin 2019 had 2,734 attendees. Athens 2023 and Torino 2024 were essentially flat at around 2,545 and 2,584 respectively. Then Basel 2025 dropped to 1,723 — a 33% fall. Kraków 2026 is expected to land at roughly 1,650–1,800 based on ticket sales and historical show-up rates, which means Basel was the break point, not the start of a continuing slide.

The more telling detail is where the drop happened. Sponsor passes and volunteer tickets held steady across all four years. The contraction came entirely from paying attendees — Stripe and PayPal ticket sales fell from around 2,260 in Athens/Torino to around 1,400 in Basel/Kraków.

On the content side, AI talks jumped from one session in Torino 2024 to eight in Kraków 2026, now 16% of the program. Security talks doubled. Business and agency content nearly disappeared (nine sessions in Athens, two in Kraków). The program itself is smaller: 77 talks in Athens, 49 in Kraków.

Read the full analysis on Jean Galea’s blog here.

The security picture at WCEU matches a real-world study that came out this month.

More than half of WordPress sites have a known vulnerable plugin

GuardingWP scanned 1,981 sites across 40+ verticals and analyzed 424 confirmed WordPress installs. The findings aren’t catastrophic, but they’re not comfortable either.

52.8% of those sites are running at least one plugin with a known CVE — meaning a documented vulnerability with a patch already published, sitting unpatched on the live site. 55.9% of sites leak their WordPress version through the generator meta tag, handing attackers a shortcut to finding relevant exploits. 93.2% are missing one or more modern security headers like HSTS, CSP, or X-Frame-Options. 35.8% still have XML-RPC enabled. And 15.9% of version-disclosing sites are on a WordPress branch that no longer receives security backports.

The report notes that most of these issues are fixable in about 10 minutes. The reason they persist is that nothing breaks visibly when you ignore them, until something does.

Read the full report on GuardingWP here.

And while we’re talking about the AI layer that WordPress 7.0 introduced, the team that built it just saw its leadership change.

James LePage and Felix Arntz step down from the WordPress AI Team

The two founding co-reps of the WordPress AI Team are moving on. James LePage and Felix Arntz stepped back from their leadership roles after what LePage described as taking WordPress AI “from 0 to 1” over the past year.

LePage is leaving Automattic entirely to start a new AI project of his own. He joined Automattic through the WPAI acquisition in 2024 and rose to Head of AI, sitting on Automattic’s executive leadership board. Felix Arntz, who joined the team from Google, also stepped back after the year of work getting AI into WordPress core.

Jason Adams is stepping in as the new Core AI Team Rep to lead the effort going forward.

The departures drew warm responses from across the community. Developer Brian Coords called it “one of the biggest impacts on WordPress in recent history.” Automattic’s Rich Tabor noted that LePage “treated AI like a product and ecosystem shift, not just a feature.”

Read the full story on The Repository here.

Other reports from The Repository you might like to read:

Don’t forget to subscribe & support them, they do some amazing, hard-hitting WordPress journalism.

WordPress Must Read

WordPress 7.0 changed what a plugin can be (x.com)

I Love WordPress. There’s Nothing for Me at WordCamp. (regionallyfamous.com) → WordCamp Asia 2026 doubles local speaker representation (wpapac.com)

How Much Does a WooCommerce Store Cost in 2026? (studiowombat.com)

Safely Using AI API Keys in WordPress Connectors (wsform.com)

How to stand out as a WordPress developer (olgagleckler.com)

Hackers abuse Google ads for GoDaddy ManageWP login phishing (bleepingcomputer.com)

Your WordPress AI connector dies on the 4th click: the 30,000 token limit nobody warned you about (designsetgo.dev)

On other WordPress News

Help test new career functionality on WordPress.org (make.wordpress.org)

Hotfix available for #65286 (make.wordpress.org)

Accessibility Improvements in WordPress 7.0 (make.wordpress.org)

WordCamp Asia 2026 Core Committers Meeting (make.wordpress.org)

Open Horizons in Action: What Our First Cohort Has Been Up To (wordpressfoundation.org)

React 19 Upgrade in WordPress (make.wordpress.org)

WordPress 6.9 Server Compatibility (make.wordpress.org)

WooCommerce.com is now running on nightly WC Core: here’s why (developer.woocommerce.com)

PHP support clarification, spring 2026 edition (make.wordpress.org)

Extending Unicode support in email addresses (make.wordpress.org)

Vercel AI Gateway plugin for WordPress (vercel.com)

AI Contributor Weekly Summary – 20 May 2026 (make.wordpress.org)

Media Editor Modal: Call for Testing (make.wordpress.org)

What’s new for developers? (May 2026) (developer.wordpress.org)

Woo’s Artistic Director talks agentic commerce at Stripe Sessions (developer.woocommerce.com)

WordPress 7.0: A new direction forward (youtube.com)

WordPress 7.0 in 7 Minutes (youtube.com)

What’s new in Gutenberg 23.2? (21 May) (make.wordpress.org)

WordPress AI Plugin Hits 1.0 Milestone With New Request Logging and Connector Approvals Experiments (therepository.email)

WordPress Gets an Official Browser Extension, Testers Wanted Ahead of 1.0 (therepository.email)

Automattic’s Radical Speed Month Wraps Up With Podcast, Payment and Publishing Tools Among 400+ Projects (therepository.email)

From WordPress Community

What 8 Years of Building Dynamic WordPress Websites Taught Us (crocoblock.com)

2026 Has Changed Everything About WordPress Security (publishpress.com)

“Do the Woo” has become its own standalone podcast at dothewoo.com (openchannels.fm)

A conference for Nordic WordPress enthusiasts by the community (wpsuomi.fi)

Should Hosting Companies Own WordPress Products? (thewpminute.com)

AI, generate 100 designs for WordPress Playground (adamadam.blog)

Back on WordPress (dannyvankooten.com)

The Case for Content Modeling Without Code (briancoords.com)

If WordPress gets CPTs in Core, we also need custom fields (joost.blog)

The Breach Isn’t the Problem. Your Silence Is. (zant.com)

Legacy software companies are screwed (x.com)

The Ankler moves to new publishing platform created by Ben Thompson (axios.com)

Acquia builds Drupal funding into its partner program (dri.es)

Divi 5.5 Release Notes (elegantthemes.com)

Indebted: The Ugandan WordPress Dream that Flew to Asia (heropress.com)

Conclusion

What a week for WordPress. A major release shipped, the next one is already in planning, WCEU data tells a more specific story than the headlines suggest, security fundamentals still need attention across thousands of sites, and the team that built WordPress AI from scratch has handed the baton to new leadership. The platform keeps moving.

Thanks for reading WP More; if you found this useful, share it with a WordPress friend.

Nishat, WP More

Follow → X.com | LinkedIn | BlueSky | Facebook

Join Our Community → Sub-Reddit | X Community

Subscribe to WP More Newsletter

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts