Woo Commerce Image

April 3, 2024: Woo Wednesday

Woo Commerce logo

Woo Wednesday Online Meetup at Noon Pacific Time

Join Up At: Meetup.com

Other Upcoming Meetups (Pacific Time)

Dallas/Fort Worth WordPress: Event PageFeaturing Eric L.

WORDPRESS HELP-DESK SUPPORT: List of WP Meetup Groups – By Eagle

WP Accessibility – Demystifying European Accessibility Laws: April 4th @ 8:00 am

Seattle WP -Freelancers Meetup: April 4th @ 10:00 am

Buffalo WP – Monthly Meetup: April 4th @ 4:00 pm

Santa Cruz / San Jose WP – HelpDesk: April 4th @ 6:00 pm

Midcities WP – Round Table Discussion: April 6th @ 11:00 am

Cambridge WP – Secure Your Site,Backups & Security: April 8th @ 11:00 am

San Diego WP – Monthly Help Desk: April 8th @ 6:00 pm

Learn WP – Building custom blocks with the Interactivity API: April 9th @ 7:00 am

Woo News

Woo Commerce Image

WooCommerce 8.7 Released: Product Collection Block Enhancements, Receipt Rendering Engine and More

From the Woo Developer Blog, By Alvaro

New in 8.7.0:

Known Issue with Gutenberg 17.9.0

“The latest Gutenberg release 17.9.0 includes a bug that causes the New Product Editor to crash when the user attempts to edit the product description in the Full Editor mode (see issue). The New Product Editor is behind a feature flag, meaning the New Product Editor is unavailable by default. The issue would have affected you if you had the New Product Editor enabled through Settings >> Advanced >> Features >> New Product Editor.

To allow further use of the New Product Editor, we disabled the Full Editor of the product description in the 8.7 release if Gutenberg 17.9 is installed. The New Product Editor is working as expected otherwise.”

Changes to Store API loading for performance

From the Woo Developer Blog, by Vedjain

“The Store API provides a public endpoint for customer-facing cart, checkout, and product functionality. You can read more about Store API on the GitHub documentation page: WooCommerce Store API.

When a WooCommerce block, such as the mini cart block or the product collection block is being used on a public page, we preload a response from a relevant Store API endpoint as part of the page load (See Hydration Class). This prevents an extra request and shows meaningful information to the visitor quickly. However, this would also cause slowness because we would need to perform a REST API operation as part of the page load.

From WooCommerce version 8.9 (scheduled to be released in the second week of May), we are changing this behavior to reduce the amount of code that we load (see PR: 45134). Instead of sending a request over REST API, which loads all REST API controllers, we will only load the controller we need to get the response.”

Core Web Vitals: A guide for Woo store owners

From the General Woo Blog, by Cody Landefeld

“For today’s online shoppers, every single second counts. That’s why Google has put a spotlight on Core Web Vitals, a set of metrics that measure how quickly and smoothly your website loads and interacts with visitors. And let’s be honest, as Woo store owners, we all know that a good user experience leads to more sales.”

The three core components for your Core Web Vitals are:

  • Largest Contentful Paint (LCP): This measures how long it takes for the largest element on your page to load. Think of it as the “first impression” your site makes on visitors. Aim for an LCP of 2.5 seconds or less.
  • First Input Delay (FID): This measures how responsive your site is to user interaction, like clicking a button or tapping a link. A good FID is under 100 milliseconds.
  • Cumulative Layout Shift (CLS): This measures how much your page layout shifts around as content loads. Think of it as the “jiggly screen” effect that can frustrate users. Keep your CLS below 0.1 for a smooth experience.

5 Best WooCommerce Notification Plugin 2024

From the Tech Edvocate, by Matthew Lynch

“Online stores are all about engagement and interaction. A good WooCommerce notification plugin can play a crucial role in enhancing user experience, building customer loyalty, and boosting sales. These plugins notify customers about new offers, order statuses, price drops, and much more. As we move into 2024, let’s look at the 5 best WooCommerce notification plugins that have stood out for their functionality and reliability.”

Word News

Image of Regina Carter

Current Version of WordPress is 6.5

From WordPress.org, by Matt Mullenweg

.”..WordPress 6.5 “Regina,” inspired by the dynamic versatility of renowned jazz violinist Regina Carter.”

“This latest version of WordPress puts more power into the details. It offers new and improved ways to fine-tune and enhance your site-building experience, letting you take control in ways that make it your own. You’ll find new ways to manage your site’s typography, more comprehensive revisions available in more places, and a collection of Site Editor updates paired with impressive performance gains to help you get things done smoother and faster.

“Regina” also marks the introduction of some breakthrough developer tools that will start transforming how you use and extend blocks to craft engaging experiences. The Interactivity API opens up a world of creative front-end possibilities, while the Block Bindings API makes dynamic connections between blocks and data seamless. These, among other developer-focused improvements and updates, are ready to help you evolve how you build with WordPress.”

XSS Vulnerability Affects Beaver Builder WordPress Page Builder

From Search Engine Journal, by Roger Montti

“The popular Beaver Builder WordPress Page Builder was found to contain an XSS vulnerability that can allow an attacker to inject scripts into the website that will run when a user visits a webpage.”

Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks

From Hacker News
“The WP-Members Membership Plugin is currently installed on over 60,000 WordPress websites.”

“Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal.

The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said.

The activity is part of a previously documented attack wave in which compromised WordPress sites were used to inject crypto drainers such as Angel Drainer directly or redirect site visitors to Web3 phishing sites containing drainer malware.

The latest iteration is notable for the fact that the injections – found on over 700 sites to date – don’t load a drainer but rather use a list of common and leaked passwords to brute-force other WordPress sites.”

Update Chrome now! Google patches possible drive-by vulnerability

From Malwarebytes Lab, by Peter Arntz

“Google has released an update to Chrome which includes seven security fixes. Version 123.0.6312.86/.87 of Chrome for Windows and Mac and 123.0.6312.86 for Linux will roll out over the coming days/weeks.”

XSS flaw in WordPress WP-Members Plugin can lead to script injection

From Security Affairs, by Pierluigi Paganini

“Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection.

The Unauthenticated Stored Cross-Site Scripting vulnerability was reported to Wordfence by the WordPress developer Webbernaut as part of the company Bug Bounty Extravaganza.”

Google agrees to destroy browsing data collected in Incognito mode

From the Verge. by Lauren Feiner

“Google agreed to destroy or de-identify billions of records of web browsing data collected when users were in its private browsing “Incognito mode,” according to a proposed class action settlement filed Monday.

The proposed settlement in Brown v. Google will also mandate greater disclosure from the company about how it collects information in Incognito mode and put limits on future data collection. If approved by a California federal judge, the settlement could apply to 136 million Google users. The 2020 lawsuit was brought by Google account holders who accused the company of illegally tracking their behavior through the private browsing feature.”

AT&T resets account passcodes after millions of customer records leak online

From TechCrunch, by Zack Whittaker

“AT&T has reset millions of customer account passcodes after a huge cache of data containing AT&T customer records was dumped online earlier this month, TechCrunch has exclusively learned.

The U.S. telco giant initiated the passcode mass-reset after TechCrunch informed AT&T on Monday that the leaked data contained encrypted passcodes that could be used to access AT&T customer accounts.

A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher. TechCrunch alerted AT&T to the security researcher’s findings.”

In a statement provided Saturday, AT&T said: “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”

Data Confirms A Surge In WordPress Vulnerabilities

From TechCrunch, by Roger Montti

“WordPress security researchers at Patchstack published their annual State of WordPress Security whitepaper that showed an increase of high and critical severity vulnerabilities, highlighting the importance of security for all websites on the WordPress platform.”

List Of Most Popular Plugins With Vulnerabilities

  1. Essential Addons for Elementor  1M+ installations (severity rating 9.8)
  2. WP Fastest Cache 1M+ installations (severity rating 9.3)
  3. Gravity Forms 940k installations (severity rating 8.3)
  4. Fusion Builder 900k  installations (severity rating 8.5)
  5. Flatsome (Theme) 618k installations (severity rating 8.3)
  6. WP Statistics 600k installations (severity rating 9.9)
  7. Forminator 400k installations (severity rating 9.8)
  8. WPvivid Backup and Migration 30ok installations (severity rating 8.8)
  9. JetElements For Elementor 30ok installations  (severity rating 8.2)

Tax Time Is Open Season for Scammers. Here’s How to Protect Yourself

From Headline News

“There are several common types of scams during tax season, so people should be on the lookout for red flags, said Amy Nofziger, director of victim support at the AARP Fraud Watch Network.”

Free Resources

GenCraft

AI Art Image and Video Generator