Introducing Twenty Twenty-Four

The original post can be found here.

When it comes to designing a website, one size doesn’t fit all. We understand that every WordPress user has unique needs and goals, whether you’re an aspiring entrepreneur, a passionate photographer, a prolific writer, or a bit of them all. That’s why we are thrilled to introduce Twenty Twenty-Four, the most versatile default theme yet—bundled with WordPress 6.4 and ready to make it uniquely yours.

A theme for every style

Unlike past default themes, Twenty Twenty-Four breaks away from the tradition of focusing on a specific topic or style. Instead, this theme has been thoughtfully crafted to cater to any type of website, regardless of its focus. The theme explores three different use cases: one designed for entrepreneurs and small businesses, another for photographers and artists, and a third tailored for writers and bloggers. Thanks to its multi-faceted nature and adaptability, Twenty Twenty-Four emerges as the perfect fit for any of your projects.

As you dive into its templates and patterns, you will notice how the new Site Editor functionality opens up different pathways for building your site seamlessly.

Patterns at every step

Whether you’re looking to craft an About page, showcase your work, handle RSVPs, or design captivating landing pages, Twenty Twenty-Four has got you covered. Choose from an extensive collection of over 35 beautiful patterns to customize and suit your needs.

For the first time, this theme features full-page patterns for templates like homepage, archive, search, single pages, and posts. Some are exclusively available during the template-switching and creation process, ensuring you have the right options when you need them.

Moreover, you can take advantage of a variety of patterns for page sections, such as FAQs, testimonials, or pricing, to meet your site’s most specific requirements.

With this diverse pattern library, Twenty Twenty-Four offers a flexible canvas to quickly assemble pages without having to start from scratch—saving you time and energy in the creation process. Just let your creativity flow and explore the possibilities!

Screenshots of Twenty Twenty-Four patterns.

Site editing in its finest form

Twenty Twenty-Four ushers in a new era of block themes by bringing together the latest WordPress site editing capabilities. Discover newer design tools such as background image support in Group blocks and vertical text, providing an intuitive and efficient way to create compelling, interactive content.

Find image placeholders with predefined aspect ratio settings within patterns, allowing you to drop images that perfectly fill the space. To go one step further, make your visuals interactive by enabling lightboxes. Ideal for showcasing galleries or portfolio images, this feature allows your visitors to expand and engage with them in full-screen mode. Activate it globally for all images throughout your site or for specific ones.

For a smoother browsing experience on your site, you can disable the “Force page reload” setting in the Query Loop block. This allows the necessary content to be loaded dynamically when switching between different pages without needing a full-page refresh.

Elegance with purpose

Twenty Twenty-Four goes beyond versatility with a beautiful aesthetic inspired by contemporary design trends, giving your website a sleek and modern look. Key design elements include:

  • Cardo font for headlines: The Cardo font adds a touch of elegance to your site, creating a sophisticated visual experience.
  • Sans-serif system font for paragraphs: The sans-serif font ensures that your texts are cleaner and easier to read, enhancing overall readability.
  • Eight style variations: Twenty Twenty-Four presents a light color palette for a fresh and inviting appearance out-of-the-box, but you can customize it with seven additional style variations. Each includes fonts and colors carefully curated to work beautifully alongside the patterns and templates.
  • Sans-serif variations: Besides the default styles, the theme offers two additional sans-serif variations, providing more choices for your site’s typography.

Along with its design, Twenty Twenty-Four has been meticulously optimized for performance. This ensures that your website not only looks great but also delivers a fast and efficient user experience.

More information can be found in the following links:

The Twenty Twenty-Four theme was designed by Beatriz Fialho and made possible thanks to the passion and tireless work of more than 120 contributors.

Alert: WordPress Security Team Impersonation Scams

The original post can be found here.

The WordPress Security Team is aware of multiple ongoing phishing scams impersonating both the “WordPress team” and the “WordPress Security Team“ in an attempt to convince administrators to install a plugin on their website which contains malware.

The WordPress Security Team will never email you requesting that you install a plugin or theme on your site, and will never ask for an administrator username and password.

If you receive an unsolicited email claiming to be from WordPress with instructions similar to those described above, please disregard the emails and indicate that the email is a scam to your email provider.

These emails link to a phishing site that appears to be the WordPress plugin repository on a domain that is not owned by WordPress or an associated entity. Both Patchstack and Wordfence have written articles that go in to further detail.

Official emails from the WordPress project will always:

  • Come from a @wordpress.org or @wordpress.net domain.
  • Should also say “Signed by: wordpress.org” in the email details section.
Screenshot of email sent by a WordPress.org email account. The details include "mailed-by wordpress.org" and "signed-by wordpress.org".

The WordPress Security Team will only communicate with WordPress users in the following locations:

The WordPress Plugin team will never communicate directly with a plugin’s users but may email plugin support staff, owners and contributors. These emails will be sent from plugins@wordpress.org and be signed as indicated above.

The official WordPress plugin repository is located at wordpress.org/plugins with internationalized versions on subdomains, such as fr.wordpress.org/plugins, en-au.wordpress.org/plugins, etc. A subdomain may contain a hyphen, however a dot will always appear before wordpress.org.

A WordPress site’s administrators can also access the plugin repository via the plugins menu in the WordPress dashboard.

As WordPress is the most used CMS, these types of phishing scams will happen occasionally. Please be vigilant for unexpected emails asking you to install a theme, plugin or linking to a login form.

The Scamwatch website has some tips for identifying emails and text messages that are likely to be scams.

As always, if you believe that you have discovered a security vulnerability in WordPress, please follow the project’s Security policies by privately and responsibly disclosing the issue directly to the WordPress Security team through the project’s official HackerOne page.


Thank you Aaron Jorbin, Otto, Dion Hulse, Josepha Haden Chomphosy, and Jonathan Desrosiers for their collaboration on and review of this post.

WordPress 6.4.1 Maintenance Release

WordPress 6.4.1 is now available!

The original article can be found here.

This minor release features four bug fixes. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement or view the list of tickets on Trac.

WordPress 6.4.1 is a short-cycle release. If you have sites that support automatic background updates, the update process will begin automatically. If your site does not update automatically, you can also update from your Dashboard.

You can download WordPress 6.4.1 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”.

For more information on this release, please visit the HelpHub site.

Thank you to these WordPress contributors

This release was led by Aaron Jorbin and Tonya Mork. Thank you to everyone who tested the RC and 6.4.1, and raised reports.

WordPress 6.4.1 would not have been possible without the contributions of the following people. Their quick and concerted coordination to deliver maintenance fixes into a stable release is a testament to the power and capability of the WordPress community.

@afragen @clorith @desrosj @pbiron @schlessera @azaozz @davidbaumwald@tomsommer @nexflaszlo @howdy_mcgee @baxbridge @earnjam @timothyblynjacobs@johnbillion @flixos90 @joedolson @jeffpaul @zunaid321 @courane01 @audrasjb@tacoverdo @ironprogrammer @webcommsat @otto42 @barry @chanthaboune@rajinsharwar @aaroncampbell @peterwilsoncc @anandau14 @iandunn @matthewjho@coffee2code @boogah @jason_the_adams @joemcgill @johnjamesjacoby @jrf@renehermi @dlh @mukesh27 @sumitbagthariya16 @starbuck @sergeybiryukov@ravipatel

How to contribute

To get involved in WordPress core development, head over to Trac, pick a ticket, and join the conversation in the #core channel. Need help? Check out the Core Contributor Handbook.

Thanks to @jeffpaul and @webcommsat for proofreading.