WordPress 6.7 Review: What Actually Changed in 2024

The release that finally moved the needle

WordPress 6.7 shipped in November 2024. Like most WordPress releases, the announcement post painted it as the biggest update ever. Most aren't. This one — for a change — actually was worth the upgrade for serious sites.

I've been running WordPress sites since 2007. I've seen the releases that mattered (4.7's REST API, 5.0's Gutenberg) and the ones that didn't (most of the 6.x line so far). 6.7 lands closer to the first group. It pushed Twenty Twenty-Five as a default theme, expanded the Site Editor, added the Zoom Out view, and made a few infrastructure changes that quietly speed up most sites.

Here's what's real, what's marketing, and what to do about it.

The performance changes that matter

WordPress 6.7 isn't a major performance release in the way 6.3 was. There's no single big-ticket optimisation. What you do get is incremental gains across the board — the WordPress 6.7 "Rollins" release announcement and the official 6.7 documentation cover the specifics for developers.

Faster query loops in the block editor

The Query Loop block was one of the slower parts of any block-based theme. 6.7 caches the queries more aggressively, which shows up as faster admin page loads when editing template parts. For sites running block themes (Twenty Twenty-Three onwards), expect noticeably snappier editor performance.

Improved auto-sizing for lazy-loaded images

Previously, lazy-loaded images caused minor layout shift on slow connections. 6.7 introduces auto-sizing that calculates dimensions before the image loads, helping your Cumulative Layout Shift (CLS) score. The change is small per page, but adds up across a content-heavy site.

Better template caching

Block theme templates get cached more efficiently. On sites with custom templates per post type, this cuts template resolution time on every page load. Hard to measure on small sites; meaningful on sites with thousands of posts.

What didn't change much

The core PHP performance is roughly the same as 6.6. If you were hoping 6.7 would magically speed up a slow shared-hosting site, it won't. The underlying bottlenecks — slow database queries, unoptimised plugins, weak hosting — all need to be solved separately.

Security updates worth knowing

WordPress 6.7 patched three security issues from earlier versions and shipped some new defaults. The full security details are in the WordPress 6.7 release notes.

Stronger password hashing by default

6.7 moves to bcrypt for new password hashes, replacing the older MD5-based phpass system. Existing passwords get rehashed on next login. This is mostly invisible to users, but it raises the cost of a successful database breach significantly. If an attacker dumps your wp_users table, cracking those hashes is now meaningfully harder.

Better escaping for translation strings

Translation files (.po/.mo) can be a vector for stored XSS in poorly-coded plugins. 6.7 tightens how WordPress handles translated strings in the admin, closing a class of attack that affected several plugins in 2023-2024.

What 6.7 doesn't include

There's no built-in 2FA in core. There's no native firewall. There's no automatic malware scanning. Despite some breathless coverage, the core team has consistently kept these out of WordPress core, leaving them to plugins (Wordfence, Sucuri, WP 2FA).

If you want serious security, you still need to layer it on. See our strategies to strengthen WordPress security for the practical setup.

The Site Editor and Twenty Twenty-Five theme

Twenty Twenty-Five is the new default theme. It's lightweight, well-coded, and built around the Site Editor. Compared to Twenty Twenty-Four, it's faster on initial load and ships with more pre-built patterns.

What's actually new in the Site Editor

• Zoom Out view — see the entire page layout at a glance, drag patterns into place at the section level instead of fiddling with individual blocks
• Section-level styling — apply colour and spacing to whole sections without nested block selection
• Improved navigation editor — managing menus is finally less painful than it has been since the classic menu interface
• Pattern overrides — let editors change content within a pattern without breaking the underlying layout

Where this matters

For sites built on block themes, the Site Editor is now genuinely usable for non-technical content editors. We're starting to recommend it for client sites where we previously would have stuck with a page builder like Elementor.

For sites built on classic themes (most older WordPress sites), none of this affects you. The Site Editor doesn't apply to classic themes, and there's no requirement to migrate.

Should you upgrade?

The short answer: yes, but test on staging first. The longer answer depends on your setup.

Upgrade now if:

• You're on 6.5 or earlier (you're missing security patches)
• You run a block theme and want the Site Editor improvements
• Your hosting auto-updates minor versions but you control major ones

Wait 2-4 weeks if:

• You run mission-critical e-commerce on WooCommerce
• You have heavy custom development with plugins you're not sure are 6.7-compatible
• You don't have a staging environment yet (set one up first, then upgrade)

Don't auto-upgrade if:

• Your site uses page builders that haven't yet certified 6.7 compatibility
• You're on managed hosting that hasn't given the green light
• You haven't backed up in the last week

How to upgrade safely

1. Run a fresh backup (database + files) and verify it restores
2. Clone your site to staging
3. Upgrade staging, run smoke tests on key user journeys
4. Check plugin compatibility — most major plugins shipped 6.7-compatible versions in October 2024
5. Push to production during a low-traffic window
6. Monitor error logs for 48 hours after

What 6.7 won't fix for you

Honest list:

• Slow hosting. WordPress 6.7 doesn't make a ₹150/month shared host fast.
• Plugin sprawl. If you're running 50+ plugins, the Site Editor improvements won't compensate.
• Bad code in your custom theme. A slow theme on 6.7 is still slow.
• No backups. 6.7 still doesn't ship with backup functionality. You still need UpdraftPlus or equivalent.
• No 2FA. Still need a plugin.
• Outdated PHP. 6.7 supports PHP 7.2+ but really wants 8.1 or higher. If you're on 7.4, your hosting is your bigger problem.

Practical upgrade checklist

Before upgrading:

• Database + files backup, restore-tested
• Staging environment ready
• List of installed plugins with current versions
• Note of any custom code in functions.php or custom plugins

On staging:

• Upgrade WordPress core to 6.7
• Update plugins one by one, test after each
• Run through your top 5 user journeys (homepage, product page, checkout, contact form, login)
• Check PageSpeed Insights — note the score before and after
• Test on mobile, not just desktop

On production:

• Pick a low-traffic window (typically 2-5 AM in your main market)
• Backup again immediately before upgrade
• Upgrade core, then plugins
• Monitor error logs for 24-48 hours
• Have rollback steps documented before you start

FAQ

Is WordPress 6.7 stable enough for production? Yes, after the 6.7.1 patch shipped in late November 2024. Wait for at least one minor patch before upgrading mission-critical sites — the rule applies to every WordPress major release.

Will WordPress 6.7 break my plugins? Most major plugins shipped 6.7-compatible versions before launch. Niche or older plugins may have issues. Test on staging — that's why staging exists.

Does WordPress 6.7 require PHP 8? No, it still supports PHP 7.2+. But PHP 8.1 or higher gives you meaningful performance improvements and is what the WordPress core team actually develops against.

Will 6.7 improve my Core Web Vitals? Marginally, through better lazy-loading and template caching. The bigger CWV wins come from image optimisation, hosting upgrades, and caching plugins — not the WordPress version.

Is the Site Editor finally good in 6.7? For block themes, yes, it's now production-ready for most use cases. For classic themes, it doesn't apply. If you're using a page builder like Elementor, the Site Editor is a separate tool you don't need to use.

Want help upgrading or hardening your WordPress site?

We've shipped 200+ WordPress sites since 2007 across India, the US, and the UK. If you want WordPress 6.7 deployed safely or your site audited for security and performance, see our WordPress services or send us a note. We'll tell you what's worth doing and what isn't.