Webby Monks

The Blog

Explore the modern web development, digital marketing and inbound practices.

All about WordPress 4.7 “Vaughan” Plus its Security and Maintenance Updates


WordPress is awesome. Now, we’re expecting amazing updates and new features with the latest release of WordPress 4.7. This is the major update by WordPress in years. And yes it has many new features, which will make publisher’s life easy and developer’s life simple.

The major update named “Vaughan” after the legendary jazz singer Sarah “Sassy” Vaughan.  It is available for download and you can update in your WordPress dashboard. Let’s scroll down to find more about the new features to create your site set up the way you want!

Watch to know more about WordPress 4.7

Main Highlights of WordPress 4.7

Twenty Seventeen: This is a brand new default theme with immersive featured images and video header. Wow, videos in your website’s header- Isn’t it amazing?


It focuses on business websites and front page is completely customizable with many other sections. This gives you a freedom to create a front page in a style you desire. Create your website in a personalized style with the help of widgets, navigation, a logo, social menus, custom colors, and more.

Takeaway: Get a video enabled header to your business or personal website with lots of new and customized features.

Edit Shortcuts: This is a new feature added to the latest version, which you can use in customizing your website with live preview. You’ll be able to edit or customize only those features where the related icons gets visible. The feature enable you customizing the website faster than ever.

Takeaway: Get the desired look and feel to your website while having real-time preview with Edit Shortcuts.

Smoother Menu Building: Unlike the last version to create a custom menu you need not to set or create pages/categories in advance. Here with the latest WordPress 4.7 you can add new pages while creating menu. This way whenever you’ll be making your customization live, the pages will be ready for publishing content and other updates. How smooth it has got to build a WP site using this new amendment, Isn’t it?


Takeaway: The new feature will help the developer’s community in building menus and pages easier and faster. Publishers and WordPress admin will be able to update content faster.

Custom CSS: This is a new feature added to update your website. By making some visual tweaks you can make a website look perfect.


Takeaway:  Please make a note, adding inline CSS is not good for SEO and it also affects page speed.  Thus, Monks recommend not to use this feature without expert’s consultation.

PDF Thumbnail Preview:  Now document management in your WordPress editor has got easy. It provides you with the thumbnail images while uploading PDFs. Managing different PDF files in your WordPress editor has become easier than ever.


Takeaway: Get the thumbnail preview while selecting any PDF document for publishing and distributing across the network.

Multilingual Dashboard: Get the dashboard in your favorite language with the WordPress 4.7. You’ll get the different language options in your user profile. Select the favorite language and get it on your dashboard.


Takeaway: It will help site administrator to get help from native people.

WP REST API: This helps you in accessing your website data through easy-to-use HTTP REST API. No need to install any plugin to make this happen as this functionality is inbuilt with the latest version of WordPress 4.7.


Takeaway:  Grab your website’s data in a simple JSON format.

Here comes some more happiness and we call it Developer’s Delight. 

Post Type Templates: Extend your template building capabilities with Post Type Templates. Start creating awesome templates and themes for your WordPress website.

Takeaway: Theme developers will get a new functionality to craft themes with more flexibility. Isn’t it amazing?

Custom Bulk Action: WP_Hook code is modernized and enabling much more functionalities with bulk action like edit, delete and export/import etc.

WordPress 4.7.1 – Security + Maintenance Update

This is the first update after releasing the new version of WordPress, Vaughan. It is a combination of security upgrade and maintenance update.

The Main Highlights

 The first security update is about REST API, which were exposing user’s data to public. Now with the latest version this issue has been resolved.

Cross-site scripting via a plugin update: Cross-site scripting (XSS) enables attackers to inject client side scripts, which exposed the site data to other users.

Meanwhile, XSS via theme and XSS via plugin vulnerability observed and gets resolved with the latest version.

Also, weak cryptographic security for multi-site activation key gets resolved.

WordPress 4.7.2: Security Release

WordPress 4.7.2 is a core security update to fill all the security loopholes in the latest version.

WP_Query, the heart of the development process found a SQL injection when passing unsafe data. With the latest security update WordPress has resolved this issue.

But, a cross-site scripting (XSS) vulnerability discovered and have solved in the posts list table.

Moreover, an unauthenticated privilege escalation vulnerability observed in a REST API endpoint.  The issue gets solved with the security update 4.7.2 makes your website more secure than ever.

WordPress 4.7.3: Security + Maintenance Update

March 6, 2017 WordPress has released the latest update on security and maintenance. The security update released by WordPress is the cure to the 6 security issues observed in the last security update 4.7.2.

  1. Cross-site scripting (XSS) through media file metadata
  2. Redirect URL validation can be tricked with control characters
  3. Administrator can delete unintended files using the plugin deletion functionality
  4. Cross-site scripting (XSS) through video URL in YouTube embeds
  5. Taxonomy term names for cross-site scripting (XSS)
  6. Cross-site request forgery (CSRF) results into excessive use of server resources

Along with these security fixes it also includes 39 maintenance fixes to the WordPress 4.7. This simply indicates the stability of the WordPress core.

WordPress 4.7.4 Maintenance Update

After a little more than a month and a half and some 60 million downloads, WordPress has put out a WordPress 4.7.4 maintenance release which contains some 47 fixes and enhancements. The main fixes out of these 47 are:

  1. Incompatibilities between upcoming Chrome version and the visual editor.
  2. Inconsistencies in media handling.
  3. Improvements to the REST API.

WordPress 4.7.5: Security & Maintenance Updates

The latest WordPress updates, WordPress 4.7.5 has resolved 6 security related issues and 3 maintenance fixes. Following are the glimpse of 6 security updates that WP team has recently updated to create a safer WordPress. Have a look at these and get your WordPress site updated immediately.

  • Improved redirect validation in the HTTP class
  • Standardize handling of post meta data values in the XML-RPC API
  • Capability checks for post meta data in the XML-RPC API
  • Solved the Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog
  • Resolved the Cross Site Scripting (XSS) vulnerability while uploading very large files
  • Also, resolved the Cross Site Scripting (XSS) vulnerability in customizer

Also, WP team come up with 3 maintenance updates to create a better WordPress for all. Let’s get updated with these upgrades to build an awesome WordPress- altogether.

  • Bug fixed while using Shift-Click to select a range of check-boxes, which wasn’t working since the release of 4.7.3 update and it is useful for the administration community
  • Bump Akismet External: 4.7.x/4.8 Edition
  • REST API Js Client enabled connecting to multiple endpoints at the same time, which means enabling a multisite environment and you can talk to two of the subsites at the same time.

Thus, it is clearly evident that WordPress puts out frequent updates to bring out the best possible features for its users. Now that’s the kind of CMS we would love to work on, bringing out better versions every now and then.

Monks are WordPress Experts and we love WordPress because of all the awesomeness it brings forth. We would love to help you update your WordPress website to the latest version.

The following two tabs change content below.
Nick Patel
Nick is a Tech Monk working as a Marketing Head at WebbyMonks. He loves to explore cutting edge technology and share his write-ups through this blog. An avid learner, WordPress lover, passionate technology enthusiasts, and interested in everything tech. While not writing for technology you can find him fishing, shooting with camera, and brewing more filter coffee. On a lighter note, he is here to learn, explore, and overcome technology while falling in love with the tiny nonsense of daily life.

WCAG 2.0 Guidelines to Make Your Website Accessible to All


Know more about WCAG 2.0 Compliance

Thank you