The latest round of WordPress news is not a random collection of product updates. May 2026 shows several older trends becoming operational: WordPress 7.0 is close to release, AI is moving into infrastructure, marketplace economics are changing, and plugin security is again exposing the difference between a maintained stack and a fragile one.
In March we covered WordPress 7.0, market share and AI pressure. This update is narrower and more practical. The question is no longer whether AI will influence WordPress. It is already showing up in release planning, WooCommerce APIs, product packaging and risk management.
WordPress 7.0 is close, but with a more cautious feature set
The key technical milestone is WordPress 7.0 RC4 and the accompanying Field Guide. RC4 means the release is very close to stable. It also shows a more pragmatic release cycle than the earlier marketing around 7.0 suggested.
Real-time collaboration was one of the most visible planned features, but it has been removed from core for this release after technical issues. That matters for agencies and site owners because a release candidate is not a wishlist. It is the point where compatibility, testing and operational discipline matter more than roadmap ambition.
The stable release is scheduled for 20 May 2026, roughly six weeks after the original WordCamp Asia target. In parallel, the WordPress AI team is aiming for AI Experiments 1.0 on 19 May, one day before core 7.0, with an experiment that requires admin approval before plugins can use stored AI credentials. That pairing matters: core ships Abilities API infrastructure while the plugin team hardens permission boundaries.
Before a production rollout, teams should verify:
- theme and plugin compatibility,
- custom blocks and editor behaviour,
- WooCommerce, LMS, membership and editorial workflows,
- integrations using REST API, WP-CLI or custom endpoints.
For complex commercial sites, updating on day one is still a poor default. Test on staging, compare logs, check business-critical flows, then schedule the production window.
StellarWP retiring is more than a brand cleanup
The reported retirement of StellarWP by Liquid Web is not surprising in itself. After acquisitions, larger groups often simplify brand architecture. Kadence, LearnDash, The Events Calendar and GiveWP are more recognisable product names than the umbrella brand.
The more important issue is communication. Trade reporting describes a rocky product migration and customer backlash, while Liquid Web’s own announcement focused on Kadence, LearnDash, The Events Calendar and GiveWP without naming StellarWP in the headline story. Former StellarWP leadership reportedly left throughout 2025 after disagreements with post-acquisition strategy. Whether or not you follow the drama, the operational lesson is the same: when the umbrella brand disappears faster than the licence portal updates, clients call their agency first.
For agencies, this is a reminder to keep a dependency map. For every critical plugin, know who owns it, how often it ships, what changed after any acquisition and what the fallback plan is if the product direction changes.
Envato weakens the old marketplace logic
Envato’s move away from the old exclusive author economics is also significant. ThemeForest and CodeCanyon helped define how WordPress themes and smaller plugins were sold during the 2010s. That model had real flaws: heavy bundled themes, lock-in, uneven support and difficult migrations. Still, it gave many businesses a fast route to market.
From 1 July 2026, Envato moves every ThemeForest and CodeCanyon seller to a flat 50% revenue share, ending the old exclusive tier that paid authors more for listing only on Envato. Loyal exclusive authors take the hardest hit. The timing fits a longer pattern: when Shutterstock bought Envato in 2024, press releases highlighted Envato Elements subscribers, not marketplace authors.
The new revenue model makes Envato less compelling as an exclusive home for authors. More product teams will likely build direct sales channels, documentation hubs, private licensing systems and GitHub-based development flows. For buyers, that means more choice, but also more due diligence.
The practical question is no longer “is this item popular on a marketplace?” It is “can this vendor maintain the product, support it clearly and keep it compatible with the stack we run?”
CERN on WordPress is the enterprise benchmark, not a novelty
CERN adopted WordPress as its future CMS after evaluating around 100 platforms. The organisation is migrating more than 1,000 websites, which is the kind of programme most agencies never touch in marketing copy but recognise instantly in procurement and governance meetings.
At WordCamp Europe 2026 in Kraków, CERN Web Manager Joachim Valdemar Yde and platform engineer Francisco Borges Aurindo Barros are scheduled to open the conference with Two worlds collide: WordPress at CERN. For European agencies, that is a useful reference when a client asks whether WordPress still belongs in “serious” infrastructure conversations. The hard part is not picking core. It is roles, editorial workflow, multilingual governance and update policy across hundreds of properties.
AI is becoming WordPress infrastructure
The most important AI news is not about copy generation. It is about infrastructure.
WordPress AI Experiments 0.9.0 continues work around comment moderation, content experiments and admin approval for sensitive capabilities. WooCommerce is moving towards GraphQL, Abilities API and MCP adapter workflows. The direction is clear: AI agents should not merely read site data. They should be able to perform controlled actions with explicit permissions.
For commercial projects, that raises practical questions:
- who pays for token usage,
- which data may leave WordPress,
- how agent actions are logged,
- when human approval is mandatory,
- how read-only access is separated from actions that change orders, products or content.
This is where serious WordPress engineering work sits in 2026. The value is not adding another chatbot. The value is designing permissions, audit trails, cost controls and reliable operational boundaries.
Security remains the least glamorous but most expensive risk
Recent warnings around Avada Builder, ManageWP phishing and Burst Statistics show the same pattern from different angles. Popular WordPress tools attract attackers, and one compromised administrator or platform account can affect many sites at once.
Not every security story this month was negative. GravityKit shipped cryptographic package signing for its commercial suite, verifying updates before they install. That is still rare in WordPress commercial plugins, and it is the kind of control enterprise clients ask about after the next supply-chain headline.
Maintenance in 2026 cannot mean “press update and hope”. It needs multi-factor authentication, separate operator accounts, update staging, admin activity monitoring and a list of critical plugins with clear ownership.
The headline trend is AI, but the operational reality is still security. A site with experimental agent workflows and weak account controls is not modern. It is exposed.
What this means for WordPress teams
The May update points to a more fragmented but more capable WordPress ecosystem. Core is becoming more cautious with release quality. WooCommerce is preparing for agent-oriented workflows. Marketplaces are losing some of their old gravity. Product groups are consolidating brands after acquisitions. Large institutions such as CERN are betting on WordPress at scale. Security still decides whether a stack is professionally maintained.
For site owners, this is not a reason to panic. It is a reason to treat WordPress as a platform, not a one-off installation. The sensible next steps are staging for 7.0, a plugin ownership review, marketplace licence checks for any ThemeForest or CodeCanyon dependencies, and one controlled AI workflow with measurable value.
Divi 5 and page builder economics
Elegant Themes has been shipping Divi 5 with rebuilt architecture aimed at lighter DOM output than Divi 4. That does not remove theme lock-in, but it changes the performance conversation for sites still on Divi-heavy stacks.
May’s Envato commission changes push more authors toward direct sales channels. If you are weighing native blocks against commercial builders, see Gutenberg vs Elementor vs Divi in 2026 for the audit matrix we use on client projects.
LoopConf and conference season
LoopConf ran as an online WordPress developer conference in May 2026, alongside WordCamp Europe in Kraków (where CERN opens the programme). Neither event changes core code, but they concentrate the plugin authors and migration playbooks teams rely on during 7.0 rollout week.
WooCommerce 10.8 and the agent-ready stack
WooCommerce 10.8 pre-release notes and the planned 10.9 work on GraphQL, Abilities API, and an MCP adapter are the commerce-side mirror of core’s AI infrastructure story. For stores, the practical test is not demo chatbots. It is whether product reads, cart mutations, and order status changes can be exposed with explicit capabilities and audit logs before any agent gets write access.
Further reading on WordPress 7.0
This article is an ecosystem roundup. For Abilities API, MCP adapters, and implementation detail, see the complete guide to WordPress 7.0 and AI integration.
