In this issue of Delicious Brain Bytes, we track the final progress of WordPress 6.9 RC1 and the new Abilities API, explore the security advancements of the FAIR/Patchstack collaboration, preview the future of ACF Blocks, and much more!
WordPress 6.9 and the Abilities API
The final major WordPress release of 2025 is right around the corner. WordPress 6.9 Release Candidate 1 is now available, putting the release on track for its scheduled launch on December 2, 2025. The core team encourages all developers and users to test the RC1 build to ensure stability, particularly since new features like the improved Site Editor experience and the universal Command Palette are included.
The 6.9 release includes several key developer updates, such as enhancements to the DataViews components and the Interactivity API. However, the most foundational change is the introduction of the Abilities API.
The Abilities API is a new foundational system designed to transform how plugins, themes, and WordPress core expose their functionality. It allows developers to register self-contained units of functionality—an “ability”—with standardized inputs, outputs (using JSON Schema), and permissions.
This system is a key part of the broader AI Building Blocks initiative. By registering abilities using the new PHP functions, developers make their plugin features discoverable and executable by AI agents, automation tools, and other systems. Registered abilities are automatically exposed through a new REST API endpoint (wp-abilities/v1), creating a unified, machine-readable registry of functions. This eliminates the need for isolated functions or custom AJAX handlers, simplifying integration and offering developers a predictable method for building the next generation of AI-powered WordPress solutions.
Developers are urged to begin testing the RC1 and exploring the detailed documentation for the Abilities API now. You can download and test RC1 via the WordPress Beta Tester plugin or view the Abilities API documentation here.
A New Era for Custom Blocks with ACF
The Advanced Custom Fields (ACF) team is hosting a webinar to showcase the latest advancements in ACF Blocks and how modern developers are leveraging them for efficient, creative WordPress solutions.
The session will cover the full spectrum of ACF’s power, from fine-tuning the client editing experience to establishing structured data for the emerging “agentic web.” Speakers Rob Stinson and Iain Poulson will provide a quick “ACF 101” refresher before diving into a live demo of features from recent releases, highlighting how custom block creation has taken a significant leap forward. The team will also address how pairing ACF PRO with managed hosting platforms like WP Engine can unlock new workflow opportunities.
This session is designed to empower developers to build more efficient and creative solutions. The live webinar takes place on Wednesday, November 19, 2025, at 10am CT / 4pm GMT. Secure your spot now and discover the new capabilities transforming the custom block creation experience.
Solving the Plugin Discovery Crisis
A new plugin called Hidden Gems aims to fundamentally change how developers and users find quality software in the WordPress ecosystem. The plugin addresses a core issue: the default plugin directory prioritizes popular tools with millions of installs, leaving thousands of excellent, lesser-known plugins flying under the radar.
The Hidden Gems plugin solves this by adding a dedicated tab to the “Add New Plugin” screen, using a smart discovery logic built on “quality over popularity.” It defines a “hidden gem” as a plugin that maintains excellent ratings (3+ stars) but has low installation counts (often filtered to under 10K). This logic ensures that users bypass poor-quality, unknown plugins and well-known, established ones to find truly innovative solutions before they become mainstream.
For plugin developers, this tool creates a pathway for quality to be recognized without requiring a massive marketing budget. For users, it offers a competitive advantage by surfacing niche solutions and high-quality alternatives. The plugin includes advanced filtering options based on installation limits, quality thresholds, and more.
You can read the full story behind the plugin’s creation here and find the plugin itself on GitHub.
Big Savings on Developer Tools
It’s the best time of year to pick up new developer tools! We’re offering new customers big savings on the essential plugins trusted by top developers and agencies worldwide. Whether you’re trying to move a complex website, offload a massive media library, or structure cutting-edge content, this is the best time to invest in the power and efficiency you need.
This sale covers WP Migrate Pro, WP Offload Media, WP Offload SES, ACF PRO, and NitroPack, giving you the chance to build your perfect tech stack at the lowest price of the year. Please note that all discounts listed below are for new customers only.
Here’s a breakdown of the incredible deals available on WP Engine’s developer-focused plugins:
- WP Migrate Pro: The ultimate site-moving plugin is on sale! Save up to 50% on your first year and stop losing time to manual, complicated migrations.
- WP Offload Media: Reduce your server load and speed up media delivery by offloading files to the cloud. Save up to 40% on your first year.
- WP Offload SES: Guarantee reliable email delivery for all your mission-critical site functions. Save up to 20% on your first year.
- ACF PRO: The foundation for content modeling, including Repeaters, Flexible Content, and ACF Blocks v3! Get the tools trusted by pros with up to 40% off licenses for the first year.
- NitroPack: Achieve top scores on Core Web Vitals and get an instant site speed boost! Save up to 40% on plans (excluding the Starter Plan). This special discount replaces any existing evergreen deal.
The time to invest in efficiency, performance, and structure is now, with savings on every tool you need to build faster, more stable, and more profitable client sites.
The sale runs from November 17th through December 5th, 2025. Make sure to get these deals now and upgrade your entire WordPress workflow!
FAIR and Patchstack Build Security MVP at CloudFest Hackathon
As reported in The Repository, the decentralized architecture of the FAIR Package Manager recently took a major step toward robust security integration at the inaugural CloudFest USA Hackathon. A collaborative team from FAIR and Patchstack built a Minimum Viable Product (MVP) for the FAIR Software Security Assistant.
The project’s goal was to surface vulnerability warnings directly in the WordPress admin by translating Patchstack’s vulnerability data into FAIR’s trust labeling model. This model allows independent organizations to attach verified trust signals to plugins. FAIR technical steering committee co-chair Carrie Dils noted the process was crucial for figuring out “how we talk to the API, how we turn that into labels, and how we build rules around those labels.”
The resulting policy engine will allow hosts or site owners to define automated rules—such as automatically hiding critically vulnerable plugins from the search screen—addressing supply-chain security directly during plugin discovery. This MVP demonstrates a model where decentralization and security are designed to work together.
Understanding WP Engine’s Smart Search AI Model Context Protocol (MCP) Server
The Smart Search AI MCP Server is a powerful new feature in WP Engine’s AI Toolkit that transforms your WordPress site into a dynamic, real-time knowledge base for any external Large Language Model (LLM) you connect to it. When enabled, this server responds to requests from AI tools formatted using the Model Context Protocol (MCP) standard.
In this article, Fran Agulto discusses what MCP is, how to work with the Smart Search AI MCP Server, and how it enhances the Smart Search AI product.
Protecting Your WordPress Media: Private Files, Signed URLs, and Access Control
The WordPress media library serves us well for public content, but what about premium assets, private documents, or confidential client data? The default setup makes every uploaded file publicly accessible via a direct URL. This is a critical limitation for membership sites, digital product stores, and businesses sharing sensitive information.
Relying on direct links in your wp-content/uploads folder means anyone who finds the URL can access your content. This is a significant security risk and, for some sites, a potential loss of revenue.
In this article, we address that challenge. We’ll explore a solution to move beyond basic file storage and achieve granular control over your WordPress media, ensuring your valuable or confidential files are securely delivered only to those with proper authorization.
What’s the most interesting news you’ve come across recently? Pop by Twitter and let us know.