WordPress 3.7 Rollout

By Alicia Cermak | November 2013


It's that time again! Wordpress 3.7, dubbed "Basie" for jazz legend Count Basie, came out October 24th, and was quickly followed up by the 3.7.1 maintenance release on October 29th.

There are some nice updates in 3.7, but I'd say the most notable thing about it is that it's the first upgrade released on the new WordPress development cycle. In the past, WordPress was developed by one big team, and everyone worked toward one big release. If one feature or set of features was delayed, the big release was often delayed along with it. Starting with 3.7, WordPress has moved to a plugin-based development cycle, meaning some sections of the code have been broken up into self contained initiatives that are worked on in small groups. By splitting off into these smaller teams with smaller to-do lists, the overall WordPress team gains more granular control over individual featuresets, and things can be released as they are completed. This should result in constant smaller releases rather than the sporadic big releases we've seen in the past. In fact, WordPress 3.8 is already scheduled for December!

For everyday users, there are three changes you will notice right away: fully automated upgrades, improved search, and an improved password strength meter.

Fully Automated Upgrades

The change in 3.7 that everyone's talking about is the addition of fully automated background upgrades. For sites with auto-upgrades enabled, minor releases will be installed for you automatically without any action required from you. I was asleep when the 3.7.1 upgrade was deployed on my personal blog - I didn't lift a finger, and simply woke up to an email notifying me of the change. You'll still be prompted for major upgrades (for now), but this could truly be a game-changer when it comes to rapidly implementing important security releases.

Improved Search

WordPress search has always been a little iffy. The issues harken back to its roots as a blog platform - search results were ordered based on when something was posted. On a blog, newer content is often more relevant content, so while it wasn't great, it at least made some sense. Now that WordPress is a fullblown CMS for all kinds of sites with content that doesn't get changed much, search needed to be tweaked to reflect that. In 3.7, search results are ranked based on relevancy - for example, if you search for the exact title of one of your posts, that post is going to be your first result, regardless of how old the post is.

More Intelligent Password Strength Meter

In recent years, my biggest complaint about WordPress has been its lack of strong password enforcement - you're one weak password away from someone worming their way into your site and transforming it into one big male enhancement ad! In WordPress 3.7, the existing password strength meter has been improved to detect passwords that look good on the surface (hey, "abc123" has letters AND numbers!) but aren't good in practice for various reasons, including their location on the keyboard (such as "asdfjkl") or pop culture references ("starwars")

In 3.6.1, a very popular password, "trustno1" (X-Files fans will recognize that as Fox Mulder's password) was rated Medium based on its length and combination of letters and numbers:


In WordPress 3.7.1, it is detected as a common password and classified as Very weak:


This is a great step, but it's still far from perfect - WordPress will still accept weak passwords, so it's up to users to pay attention to the meter and tweak their passwords accordingly.

Now that the dust has settled and some cleanup has been done with the WordPress 3.7.1 maintenance release, ArcStone clients should be seeing 3.7.1 on their sites soon. We like to be a little cautious when it comes to WordPress upgrades, so you won't be seeing those automated upgrade emails just yet, but expect to see them in the future once we've had a chance to really put the system through its paces!

Topics: Design and Technology