Woo Commerce Image

January 24, 2024: Woo Wednesday

Woo Commerce logo

Woo Wednesday Online Meetup at Noon Pacific Time

Join Us At: Meetup.com

Other Upcoming Meetups (Pacific Time)

Dallas/Fort Worth WordPress: Event PageFeaturing Eric L.

WORDPRESS HELP-DESK SUPPORT: List of WP Meetup Groups – By Eagle

Baltimore WP – Online Privacy in 2024: January 24th @ 4:00 pm

S.C.C. WP – Take Your WordPress Site to the Next Level! January 24th @ 7:00 pm

Learn WP – Livestream – Reviewing Gutenberg 17.5: January 25th @ 7:30 am

Meetup Live – Amplify Your Message with Graphic Design: January 25th @ 3:00 pm

Tampa Bay Technology Ctr – Monthly WP Meetup: January 25th @ 4:00 pm

Downstate WP (Champaign, IL,) – Monthly Meetup: January 26th @ 10:00 am

Learn WP – Optimizing WP for Core Web Vitals & Performance: January 27th @ 1:00 am

Augmented Reality – Accessibility with Apple Vision Pro: January 27th @ 11:00 am

Learn WP – Creating an About page using patterns: January 30th @ 1:00 pm

Woo News

WooCommerce Logo

WooCommerce 8.5.1 Released

From the Woo Developer Blog

Highlights:

This release includes the fix for the known issue in WooCommerce 8.5, and these additional fixes:

  • Fix fatal error. Do not access change_feature_enable() statically. #43428
  • Fixed a bug that prevented notice templates from being overwritten. #43506
  • Fix – Limit cookie deduping to WooCommerce cookies only. #43504
  • Fix WooCommerce Settings and Analytics commands with tags breaking the command palette #43269
  • Fix product prices not being updated on scheduled automatically. #43497
  • Fix Mini-Cart total price disappearing when hovering or focusing the Mini-Cart button #43550
  • Fix – Use GMT date when fetching orders to auto-cancel. #43641

During the development and testing of this fix, we identified additional issues that are important enough to be addressed in the point release. These additional fixes are now being reviewed and tested. The issues we’re focused on fixing are:

  1. Fix commands with tags breaking the command palette #43269
  2. WordPress auth cookies are removed by WooCommerce 8.5.0 #43463
  3. 8.5 RC notice templates #43342

Store Editing Snaps: January 01 – 12

From the Woo Developer Blog

Product Collection Block

Product Collection: Make sure all variations are taken into account when choosing collection (#43273)

Product Gallery Block

Product Gallery block: Prevent page from scrolling when pop-up is open (#43378)
Hide sale badge if product image is disabled (#43334)

Store Customization

Increase Pexels product images width to 400px to have a better resolution (#43174)
Show default patterns and products if the images request fails (#43157)

Frontend Filters

[Experimental] Add: Filter blocks migration (#43218)

Templating logic update

Add e2e tests for user customization of block templates (#43426 and #43471)

Other Notable PRs / Issues

  • Fix Mini-Cart price disappearing on hover (#43550)
  • Fix commands with tags breaking the command palette (#43269)
  • Prevent Command Palette scripts to enqueue unnecessary scripts in the editor (#43221)

What’s New in PCI DSS 4.0? The Major Changes You Need to Know

From SecureFrame

“PCI 4.0 is the latest major iteration of the payment card industry standard and implements significant changes in requirements, focusing more on maintaining continuous security as well as adding new methods to meet requirements.

The main goal of PCI DSS 4.0 is to continue to evolve the standard to meet the changing needs of the payment card industry and the new technologies being implemented daily.”

Highlights

1. Adding a customized approach for implementing and validating PCI DSS

The most significant change is its implementation of a brand new method of meeting requirements called the customized approach.

Customized approach provides organizations with the flexibility to meet the security objectives of PCI DSS requirements using new technology and innovative controls. This allows organizations to meet strict PCI DSS requirements in a more customized and flexible way.

2. Updated requirements

In addition, there have been major improvements to requirements in PCI DSS 4.0. These include: 

  • Additional authentication controls, including strict multi-factor authentication requirements when accessing the cardholder data environment
  • Updated password requirements, including increasing password length requirement from 8 characters to 12
  • Changing requirements around shared, group, and generic accounts
  • Clearly defined roles and responsibilities needed for each requirement

3. New requirements

New requirements have also been implemented to prevent and detect new and ongoing threats against the payment industry, including phishing, e-commerce, and e-skimming attacks.

4. Enhanced PCI DSS assessment reports

Finally, enhancements have been made to the self-assessment questionnaire (SAQ) document as well as to the Report on Compliance (RoC) template to help guide organizations when self-attesting and assessors when documenting results.

Podcasting to Sell: The ultimate guide to launching a podcast

From the General Woo Blog

“Nine out of ten podcasts don’t get past the third episode!”

  • Ninety percent of podcasts don’t publish past episode three. That’s 2.7 million who quit.
  • Of the 300,000 left, 90% will quit after 20 episodes. That’s another 270,000 gone.
  • To be in the top 1% of podcasts in the world, you only need to publish 21 episodes of your podcast.
  • Your competition is not the three million podcasts. It’s the 30,000 podcasters who didn’t quit.

Word News

WordPress 6.4 Shirely Horn

Current Version of WordPress is 6.4.2

Roadmap to WordPress 6.5

From WordPress.Org

“WordPress 6.5 is set to be released on March 26th, 2024. This release brings greater design control and optionality, more robust block capabilities with new APIs, access to current block theme functionality to classic themes, and the start of the new admin redesign. More specifically, these significant features include the Font Library for easy global font management, support for Appearance Tools in Classic Themes for more expansive design options, and more robust revisions across the editing experience (including revisions for template parts and templates). New APIs like Interactivity, Custom Fields, and Block Binding expand block capabilities and underpin features like partial sync patterns, and PHP compatibility work ensures alignment with PHP versions. Rollback for plugin and theme updates enhances safety, and bug fixes address various components for an improved user experience. The first taste of the admin redesign as part of phase 3 efforts are planned for this release in an iterative and contained way by bringing a new experience to the template, template part, and pattern lists within the Site Editor.”

New Google Requirements

From Google

Starting September 30, 2024, Google Workspace accounts will only allow access to apps using OAuth. Password-based access (with the exception of App Passwords) will no longer be supported. POP and IMAP are NOT going away and can still be enabled with apps that connect using OAuth.

What do you need to know?

Access through basic authentication makes accounts more vulnerable to hijacking attempts. Moving forward, only apps that support a more modern and secure access method called OAuth will be able to access Google Workspace accounts.

Access to LSAs will be turned off in two stages:

  1. Beginning June 15, 2024 – The LSA settings will be removed from the Admin console and can no longer be changed. Enabled users can connect after that time, but disabled users will no longer be able to access LSAs. This includes all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP. The IMAP enable/disable settings will be removed from users’ Gmail settings. If you’ve been using LSAs prior to this date, you can continue using them until September 30, 2024.
  2. Beginning September 30, 2024 – Access to LSAs will be turned off for all Google Workspace accounts. CalDAV, CardDAV, IMAP, and POP will no longer work when signing in with just a password — you will need to login with a more secure type of access called OAuth.

What do you need to do?

In order for your end users to continue using these types of apps with their Google Workspace accounts, they must switch to a more secure type of access called OAuth (a list of affected users is attached). This authentication method allows apps to access accounts with a digital key instead of requiring a user to reveal their username and password. We recommend that you share the user instructions (in this PDF file) with individuals in your organization to help them make the necessary changes. Alternatively, if your organization is using custom tools, you can ask the developer of the tool to update it to use OAuth. Developer instructions are also in this PDF file.

MDM configuration

If your organization uses a mobile device management (MDM) provider to configure IMAP, CalDAV CardDAV, or POP profiles, these services will be phased out according to the timeline below:

  1. Beginning June 15, 2024 – MDM push of password based IMAP, CalDAV, CardDAV, and POP will no longer work for customers who try to connect for the first time. If you use Google MDM, you will not be able to turn on “Custom Push Configuration” settings for CalDAV and CardDAV.
  2. Beginning September 30, 2024 – MDM push of password based IMAP, CalDAV, CardDAV, and POP will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will re-add their Google accounts to iOS devices using OAuth. If you use Google MDM, “Custom push configuration-CalDAV” and “Custom push configuration-CardDAV” (more details about the settings here) will stop being effective.

Other less secure apps

  • For any other LSA, ask the developer of the app you are using to start supporting OAuth.

Scanners and other devices

For scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails, configure to use OAuth, use an alternative method, or configure an App Password for use with the device. If you replace your device, look for one that sends email using OAuth.

Massive 26 Billion Record Leak: Dropbox, LinkedIn, Twitter All Named

From Forbes.com

“Security researchers have warned that a database containing no less than 26 billion leaked data records has been discovered. The supermassive data leak, or mother of all breaches as the researchers refer to it, is likely the biggest found to date.”

LoanDepot says 16.6M customers had ‘sensitive personal’ information stolen

From TechCrunch

“About 16.6 million LoanDepot customers had their “sensitive personal” information” stolen in a cyberattack earlier this month, which the loan and mortgage giant has described as a ransomware attack.

The loan company said in a filing with federal regulators on Monday that it would notify the affected customers of the data breach.

LoanDepot did not say what kind of sensitive and personal customer data was stolen.”

ACF WordPress Plugin Vulnerability Affects Up To 2+ Million Sites

From Search Engine Journal

“Advanced Custom Fields (ACF) WordPress plugin with over 2 million installations announced the release of a security update, version 6.2.5 that patches a vulnerability, the severity of which is not known and only limited details were released about the vulnerability.

While it’s not known what kind of exploits are possible or the extent of damage that an attacker could cause, ACF did advise that the vulnerability requires a contributor level access or higher, which to a certain extent makes it more difficult to launch an attack.”

MemberPress Launches First-of-Its-Kind WordPress Coaching Plugin

From HJ News

This plugin called “Coach Kit” is first in the industry to combine membership, online course, and coaching functions, as well as support for recurring revenue streams, in a single platform

HIGHLIGHTS

  • Membership management that allows a user to sell coaching services, and to sell their coaching program to other practitioners
  • “Cohort” function that enables lead coaches to hire and manage under-coaches
  • Research-based program structure designed around “habits” and “milestones”
  • Integrated, automated reminder system
  • Granular content paywalling
  • Client management pathways
  • Integrated individual and community messaging function
  • On-site self-scheduling capability
  • Integrated online course builder
  • Integrated page styler
  • Recurring payments support
  • Built-in global payment processing through the Stripe gateway

Free Resources

Visualizer

“A powerful and easy to use plugin used to create, manage and embed interactive, responsive charts & tables into your WordPress posts and pages.

The plugin uses Google Visualization API, DataTables.net and ChartJS to add responsive & animated charts, graphs and tables, which support cross-browser compatibility and display perfectly on mobile devices. You can greatly customize all aspects of the charts and tables, and import the data from Excel, CSV, Google Sheets and more!”