2023 news

WooCommerce database format finally fixed​

woocommerce-high-performance-order-storage.jpg


Anyone running a larger WooCommerce shop knows the amount of custom... well, "fiddling" is the right word, needed to keep it running smoothly.

With WordPress' blogging roots, it was built to use posts database entries for the products as well. For years, this has been the Achilles' heel of WooCommerce as a web-shop platform.

Now, in October 2023, WooCommerce has introduced the "High-Performance Order Storage" or HPOS (IT people just love acronyms 🙃 ).

This creates new database tables (with their own indexes) for storing the orders information. WooCommerce is now performant and scalable (for huge shops) out-of-the-box.

In my experience with a few existing shops, the update to the new system went smoothly.

Some more details about this can be found on the WooCommerce blog:
https://woocommerce.com/posts/platform-update-high-performance-order-storage-for-woocommerce/
 

New website favicon policy by Google​

According to the latest Google's documentation, it is no longer enough to just upload a favicon to your website's root directory.

Now, you must place an invisible link to your favicon's .ico file in your home page's header. Here's an example of what that link looks like for this forum:

Code:
<link rel="icon" href="https://www.bikegremlin.net/favicon.ico">

The path to the favicon file can be either absolute or relative. Here's an example of a relative path, with the favicon file named "favicon.ico" and placed in the website's root directory:

Code:
<link rel="icon" href="/favicon.ico">

The general criteria for the favicon file (resolution, format etc.) hasn't changed.

The relevant link:

https://developers.google.com/search/docs/appearance/favicon-in-search

Update 2024:
I wrote a brief tutorial:
How to add favicon link to the WordPress header?

Relja
 
Last edited:

Cloudflare problems​

Cloudflare service is having some problems at the moment.

A huge number of websites uses Cloudflare's proxy, DNS and CDN - including BikeGremlin websites and forum.

I'm not sure anyone knows what exactly went wrong or when it will be fixed.

Incident report (WayBack machine link)
 

PHP 8.3 version is out​

Latest & greatest PHP 8.3 version has been published:
https://www.php.net/releases/8.3/en.php

Here's the official update docummentation:
https://www.php.net/manual/en/migration83.php

Apparently, there are some "breaking changes" so developers (including the WordPress theme and plugin ones) will have a lot of work on their hands in order to assure their stuff works on the new version.

The upside is that it will surely bring a 0.001% better performance and security, just like the other most recent updates. :)

My recommendation is to wait for at least 6 more months until it is all patched, and then double check if your software fully supports and works stably on the latest (by that time probably patched at least once) PHP version.
 

Elementor 3.18.0 vulnerability​

Apparently, it is still unpatched** (**see the note below) and allows users with a "Contributor" or higher access rights to upload and execute code on the server.

WordFence says: "It may be best to uninstall the affected software and find a replacement."

I think that this may not be necessary if your site's users with Contributor or higher access rights are trusted.
WordPress user hierarchy:

  • Super Admin – somebody with access to the site network administration features and all other features. See the Create a Network article.
  • Administrator (slug: ‘administrator’) – somebody who has access to all the administration features within a single site.
  • Editor (slug: ‘editor’) – somebody who can publish and manage posts including the posts of other users.
  • Author (slug: ‘author’) – somebody who can publish and manage their own posts.
  • Contributor (slug: ‘contributor’) – somebody who can write and manage their own posts but cannot publish them.
  • Subscriber (slug: ‘subscriber’) – somebody who can only manage their profile.
WordFence report on the issue:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/elementor/elementor-3180-authenticatedcontributor-arbitrary-file-upload-to-remote-code-execution-via-template-import

Note​

At the time of writing, Elementor patch 3.18.1 is published, and its changelog says:

* Fix: Improved code security enforcement in File Upload mechanism
* Fix: Error appears on front when using various 3rd party plugins and Themes
* Fix: Reverted Elementor Editor is slow when using Safari 17 and Firefox on macOS

I'm yet to confirm if the noted security problem was really fixed with the patch.

UPDATE:
The vulnerability has been patched in Elementor 3.18.2 version.
 
Last edited:

WordPress 6.4.2 Maintenance & Security Release​

It's a very good idea to update your WordPress to the version 6.4.2 this ASAP.

The 6.4.2 patch fixes a potential remote code execution vulnerability that, according to WP.org (BikeGremlin bolded the text): "is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs."

Note:
I could not confirm this, but it seems reliable enough info, and as far as I could test, the 6.4.2 patch is stable and works fine.

The full report on WP.org website:
https://wordpress.org/news/2023/12/wordpress-6-4-2-maintenance-security-release/
 

LiteSpeed Cache 6.0 is out​

One of the best (if not the best) WordPress caching plugins got a new major release: version 6.0.
My tutorial on how to configure LiteSpeed Cache for WordPress.
LiteSpeed does a lot of stuff and it does it well. Better than any other caching plugin I've tried (and I've tried a lot of them). OK, maybe WProcket, a paid plugin, comes close, on some sites it even has a slight advantage.

However, the plugin's complexity means that problems can occur with updates. There are many different hosting server setups and other WordPress plugins. So it is objectivelly quite difficult to find every bug and problem during the beta testing phase. Hell, below, you can see a (short) list of problems I've had with LiteSpeed updates, despite having tested in a staging environment before pushing it to live - I had just missed to notice those problems in time.
My problems with LiteSpeed updates:
This is why I would suggest you wait until the first patch is released before updating (6.0.1). Having said that, it's fair to note there is one security-related patch:
"CloudFlare CDN setting vulnerability patch. (Gulshan Kumar #541805)"

As far as I know, this is not a critical ("serious") vulnerability, but the final decision about whether to update is yours.

A list of updated stuff:

6.0 – Dec 12 2023​

  • 🌱Image Optimize Parallel pull. (⭐ Contributed by Peter Wells #581)
  • 🌱Cache CLI Crawler.
  • 🌱Cache New Vary Cookies option.
  • 🌱Media New Preload Featured Image option. (Ankit)
  • Core Codebase safety review. (Special thanks to Rafie Muhammad @ Patchstack)
  • Purge Purge will not show QC message if no queue is cleared.
  • Purge Fixed a potential warning when post type is not as expected. (victorzink)
  • Conf Server IP field may now be emptied. (#111647)
  • Conf CloudFlare CDN setting vulnerability patch. (Gulshan Kumar #541805)
  • Crawler Suppressed sitemap generation msg when running by cron.
  • Crawler PHP v8.2 Dynamic property creation warning fix. (oldrup #586)
  • VPI VPI can now support non-alphabet filenames.
  • VPI Fixed PHP8.2 deprecated warning. (Ryan D)
  • ESI Fixed ESI nonce showing only HTML comment issue. (Giorgos K.)
  • 🐞Page Optimize Fixed a fatal PHP error caused by the WHM plugin’s Mass Enable for services not in use. (Michael)
  • 🐞Network Fix in-memory options for multisites. (Tynan #588)
  • Network Correct Disable All Features link for Multisite.
  • 🐞Image Optimize Removing original image will also remove optimized images.
  • Image Optimize Increased time limit for pull process.
  • Image Optimize Last pull time and cron tag now included in optimization summary.
  • Image Optimize Fixed Elementors Slideshow unusal background images. (Ryan D)
  • 🐞Database Optimize Fix an issue where cleaning post revisions would fail while cleaning postmeta. (Tynan #596)
  • Crawler Added status updates to CLI. (Lars)
  • 3rd WPML product category purge for WooCommerce. (Tynan #577)
You can register a BikeGremlin forum account and subscribe to this thread to get email notifications about any new news. :)
 

Adverts

Back
Top Bottom