Connect with us

NEWS

WordPress 5.6 Brings the Good, the Meh and the Ugly

Published

on

WordPress 5.6 has been released with dozens of improvements and new features. Code named Simone (honoring singer Nina Simone), WordPress 5.6 has been met with a positive response, possibly because it didn’t break anything.

The substance of what’s new in WordPress 5.6 can be described as mostly good, some meh and one issue that’s ugly.

The Good

Enable jQuery Migrate Plugin Updated

The last two updates were somewhat rocky due to millions of websites breaking or accidentally updating with a beta version of WordPress.

The biggest potential issue was with the jQuery Migrate deprecations and updates.

WordPress 5.6 managed to avoid the legacy jQuery plugin issues experienced with the WordPress 5.5 update in August 2020. That was the update that caused websites to stop functioning in myriad and unexpected ways.

The reason those issues were avoided this time around is because WordPress 5.6 updated the Enable jQuery Migrate plugin in order to avoid a repeat of websites crashing.

When the plugin is active and the publisher is logged in, the plugin will detect outdated jQuery and log it, presenting a display at the top of page to signal the problem.

The plugin detects jQuery issues from page to page as the pages are served to the publisher as they browse the site.

Advertisement

There is an option to perform similar logging using pages served to users are browsing the site, but WordPress warns that this could create significant server load and recommends not turning it on.

There is a deprecation log page that shows the plugins responsible for the warnings. After updating a plugin the publisher can clear the old log and resume browsing again to see if the Enable jQuery Migrate plugin detect additional issues.

WordPress stated:

“With the above in mind, the Enable jQuery Migrate Helper plugin was updated for the release of WordPress 5.6, this provides a temporary downgrade path to run legacy jQuery on a site when needed.

The reason this is considered a temporary solution, is that the older version of jQuery no longer receives security updates, and the legacy version will not be patched manually if anything should occur that warrants updates to it.”

The Meh

WordPress 5.6 is shipping with their first version of WordPress that is (somewhat) PHP 8 compatible, the newest version of PHP that was released in November. However, this compatibility is meant to be regarded as beta compatible.

Because the WordPress PHP 8 compatibility news manages to be both good and less than good news it ends up being… meh.

As noted in the official guidance of WordPress 5.6 and PHP 8 Compatibility:

“WordPress Core aims to be compatible with PHP 8.0 in the 5.6 release (currently scheduled for December 8, 2020).

…Significant effort has been put towards making WordPress 5.6 compatible with PHP 8 on its own, but it is very likely that there are still undiscovered issues remaining.”

Advertisement

Publishers should test first before upgrading their version of PHP because themes and plugins at this point in time will very likely not be ready for PHP 8.

That’s why WordPress’ announcement framed PHP 8 compatibility as one of the first steps, because of potential compatibility bugs and because themes and plugins may not be compatible yet.

According to WordPress:

“5.6 marks the first steps toward WordPress Core support for PHP 8.”

The Ugly

One of the new features in version 5.6 that the WordPress team are rightfully proud of also contains a potential downside to it that if fully exploited could lead to a full site takeover.

WP 5.6 introduces the REST API authentication with Application Passwords Feature

The App Passwords Feature allows third party apps to connect to your website and add functionality.

According to WordPress:

“Thanks to the API’s new Application Passwords authorization feature, third-party apps can connect to your site seamlessly and securely. This new REST API feature lets you see what apps are connecting to your site and control what they do. “

However, according to WordPress security plugin publisher Wordfence, a social engineering attack could be used against a site administrator to obtain administrator credentials.

Advertisement

Social engineering is a hacking method that relies on tricking into providing information or access.

For example, Phishing is a form of social engineering where an attacker may email a victim posing as their bank, requesting that they reset their login credentials.

A link in the email leads to a copycat site that resembles a bank website where the victim enters their user name and password which is then harvested to obtain access to their banking account.

Wordfence describes a social engineering attack where a criminal could create an app that impersonates a trusted App, leading the site publisher to issue a password and allow a secure connection to their website. Wordfence describes the complexity of this attack as “trivial.”

According to Wordfence:

“An attacker could trick a site owner into clicking a link requesting an application password, naming their malicious application whatever they wanted…

Since application passwords function with the permissions of the user that generated them, an attacker could use this to gain control of a website.”

Wordfence produced a video describing and demonstrating the potential for a social engineering attack compromising the new Application Passwords Feature:

Wordfence Description of WordPress Application Passwords Feature Vulnerability to Social Engineering

Advertisement

WordPress 5.6 Overview

WordPress 5.6 is largely a success. There’s much that is so right with it. While it’s not a major advance it does have incremental improvements into site design functionality and improvements to functionality.

That this release manages to avoid the drama of the last two release makes this update a win considering there’s still a few weeks left in 2020.

Citation

WordPress 5.6 Warnings, Announcements and Documentation

Wordfence article:
WordPress 5.6 Introduces a New Risk to Your Site: What to Do

Official Announcement: WordPress 5.6 “Simone”

Version Documentation WordPress 5.6

Handling potential jQuery Issues in WordPress 5.6

Searchenginejournal.com

Advertisement

NEWS

Google December Product Reviews Update Affects More Than English Language Sites? via @sejournal, @martinibuster

Published

on

Google’s Product Reviews update was announced to be rolling out to the English language. No mention was made as to if or when it would roll out to other languages. Mueller answered a question as to whether it is rolling out to other languages.

Google December 2021 Product Reviews Update

On December 1, 2021, Google announced on Twitter that a Product Review update would be rolling out that would focus on English language web pages.

The focus of the update was for improving the quality of reviews shown in Google search, specifically targeting review sites.

A Googler tweeted a description of the kinds of sites that would be targeted for demotion in the search rankings:

“Mainly relevant to sites that post articles reviewing products.

Think of sites like “best TVs under $200″.com.

Goal is to improve the quality and usefulness of reviews we show users.”

Advertisement

Advertisement

Continue Reading Below

Google also published a blog post with more guidance on the product review update that introduced two new best practices that Google’s algorithm would be looking for.

The first best practice was a requirement of evidence that a product was actually handled and reviewed.

The second best practice was to provide links to more than one place that a user could purchase the product.

The Twitter announcement stated that it was rolling out to English language websites. The blog post did not mention what languages it was rolling out to nor did the blog post specify that the product review update was limited to the English language.

Google’s Mueller Thinking About Product Reviews Update

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Product Review Update Targets More Languages?

The person asking the question was rightly under the impression that the product review update only affected English language search results.

Advertisement

Advertisement

Continue Reading Below

But he asserted that he was seeing search volatility in the German language that appears to be related to Google’s December 2021 Product Review Update.

This is his question:

“I was seeing some movements in German search as well.

So I was wondering if there could also be an effect on websites in other languages by this product reviews update… because we had lots of movement and volatility in the last weeks.

…My question is, is it possible that the product reviews update affects other sites as well?”

John Mueller answered:

“I don’t know… like other languages?

My assumption was this was global and and across all languages.

But I don’t know what we announced in the blog post specifically.

Advertisement

But usually we try to push the engineering team to make a decision on that so that we can document it properly in the blog post.

I don’t know if that happened with the product reviews update. I don’t recall the complete blog post.

But it’s… from my point of view it seems like something that we could be doing in multiple languages and wouldn’t be tied to English.

And even if it were English initially, it feels like something that is relevant across the board, and we should try to find ways to roll that out to other languages over time as well.

So I’m not particularly surprised that you see changes in Germany.

But I also don’t know what we actually announced with regards to the locations and languages that are involved.”

Does Product Reviews Update Affect More Languages?

While the tweeted announcement specified that the product reviews update was limited to the English language the official blog post did not mention any such limitations.

Google’s John Mueller offered his opinion that the product reviews update is something that Google could do in multiple languages.

Advertisement

One must wonder if the tweet was meant to communicate that the update was rolling out first in English and subsequently to other languages.

It’s unclear if the product reviews update was rolled out globally to more languages. Hopefully Google will clarify this soon.

Citations

Google Blog Post About Product Reviews Update

Product reviews update and your site

Google’s New Product Reviews Guidelines

Write high quality product reviews

John Mueller Discusses If Product Reviews Update Is Global

Watch Mueller answer the question at the 14:00 Minute Mark

[embedded content]

Searchenginejournal.com

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

Entireweb
en_USEnglish