Woo Commerce logo

October 18, 2023 Woo Wednesday

Woo in purple & White

Woo Wednesday Online Meetup at Noon Pacific Time

Join Up At: Meetup.com

Other Upcoming Meetups (Pacific Time)

Dallas/Fort Worth WordPress: Event PageFeaturing Eric L.

WORDPRESS HELP-DESK SUPPORT: List of WP Meetup Groups – By Eagle

Learn WP – Recap Notes for the WordPress Training Team: October 18th @ 5:00 pm

Bakersfield WP – Virtual Meetup: October 18th @ 7:00 pm

Milwaukee North WP – Users Group: October 19th @ 7:00 am

Learn WP – WordPress 6.4 improvements – developer edition: October 19th @ 7:00 am

Cincinnati WP – WordPress Virtual Working Lunch: October 19th @ 8:30 am

North East WP (England) – Mobile vs Desktop Responsive Layout: Oct. 19th @ 10:00 am

West Orlando WP – WordPress as a Paintbrush: October 19th @ 3:00 pm

San Jose/Santa Cruz WP – Help Desk: October 19th @ 6:00 pm

Seattle WP – Monthly Meetup: October 19th @ 6:30 pm

Maui WP – Monthly Meetup: October 19th @ 8:00 pm

Kadence Amplify: Web Conference: October 20th @ 7:00 am

LA Tech: Networking Next Level: October 21st @ 8:00 am

San Diego WP – Web Help – Meet and Greet: October 23rd @ 6:00 pm

Woo News

WooCommerce 8.2.1 Released

  • We’ve rolled back a change introduced in 8.2.0 that automatically selected all global attribute terms when adding a global attribute to a product. #40729

You can download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from your WordPress admin screen.

As usual, if you spot issues in WooCommerce core, please log them in detail on GitHub. Found a security issue? Please submit a report via HackerOne.

WooCommerce Blocks 11.3.1 Release Notes

The latest version of WooCommerce Blocks, version 11.3.1, is now available for download on WordPress.org and GitHub.

Notable Changes

We’ve fixed a regression where merchants adding a new “All Products” block would see an error on the frontend page preventing the block from displaying correctly.

Changelog

Bug Fixes

Cart and Checkout Blocks: Your feedback on most common extensibility requests

“The new WooCommerce Cart and Checkout blocks are built with conversions and ease of use in mind. In this pursuit, we have made deliberate design and engineering choices to enhance the overall experience. As a result, this requires a new approach to extensibility, which diverges from tradition hook and filter methods and instead leverages more focused extensibility interfaces to ensure the best developer and user experience.

We’re committed to increasing our investment in this domain to simplify the process of making extensions compatible and facilitating the implementation of their features for a seamless shopping experience. In this article, we’ll provide a concise overview of the most common extensibility requests, link to relevant GitHub discussions, followed by a preview of our upcoming roadmap.”

Platform Upgrade: High-Performance Order Storage for WooCommerce

“On October 10th, WooCommerce introduced an upgrade that will speed up your WooCommerce store. Among other improvements, High-Performance Order Storage (HPOS) will enable a better, faster checkout experience for your customers and faster order processing for you.”

State of the Woo 2023: WooCommerce Highlights AI-Powered Future and Continued Core Blockification

WooSesh 2023, the virtual conference for WooCommerce store builders, kicked off today with the State of the Woo address. This year’s theme is “Next Generation Commerce,” featuring advances across the e-commerce industry, as well as WooCommerce core and the wider ecosystem of tools and payment integrations.

WooCommerce CEO Paul Maiorana began the presentation with a few stats on Woo’s growth in 2023:

  • 4.4M+ live websites currently using WooCommerce (StoreLeads.app Woo usage)
  • 33% of the top 1 million online store are powered by Woo
  • 8.9% of the internet is powered by Woo (W3Techs)
  • 270M+ Woo downloads to date (WooCommerce internal data)
  • 908 products in the Marketplace
  • 66 languages supported

Maiorana highlighted a few e-commerce trends the company is watching, including the expansion of chatbots, on-site search, and AR. WooCommerce is seeing more merchants attracting non-local buyers through cross-boarder selling strategies, with high-growth stores focused on expanding across countries, languages, channels, and payment methods. Maiorana said customers are now expecting seamless experiences across devices and store must be fast, smooth, and intuitive from screen to screen.

Maiorana also shared insights from WooExperts, officially endorsed WooCommerce agencies, who are seeing an increase in merchants embracing multi-channel selling, diversified payment options, and immersive buying experience that leverage AI, AR, virtual try-ons, and 3D images.”

Word News

WordPress 6.3.2 – Maintenance and Security release

“This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

WordPress 6.3.2 is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 4.1 and later.

The next major release will be version 6.4 planned for 7 November 2023.

of the vulnerability enabled site access that was then leveraged by threat actors to deploy plugins and backdoors, as well as create admin accounts that would ensure persistence, a Sucuri report revealed.”

WordPress 6.3.2 Security Update For 8 Vulnerabilities

The following eight vulnerabilities were recently discovered and patched:

  • A vulnerability in the WordPress core that allows arbitrary shortcode execution
  • Potential disclosure of user email addresses by unauthenticated hackers using
  • Remote code execution POP Chains vulnerability
  • Cross-site scripting (XSS) vulnerability in the post link navigation block
  • Leaked comment visibility on private posts
  • Reflected cross-site scripting (XSS) vulnerability in the application passwords screen
  • Cross-site scripting (XSS) vulnerability in the footnotes block
  • Cache poisoning Denial of Service (DoS) vulnerability

WordPress 6.4 Release Candidate 1

“The first release candidate (RC1) for WordPress 6.4 is now available!

This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC1 on a test server and site.Reaching this phase of the release cycle is an important milestone. While release candidates are considered ready for release, testing remains vital to ensure that everything in WordPress 6.4 is the best it can be.

This release contains 420 enhancements and 445 bug fixes for the editor, including more than 260 tickets for WordPress 6.4 core. Browse the technical details for all issues recently addressed using these links:”

Preview WordPress Core Pull Requests with Playground

“Adam Zieliński, creator of WordPress Playground, announced today that the WordPress Core PR previewer is now live. Playground is an experimental project that uses WebAssembly (WASM) to run WordPress in the browser. It creates a WordPress instance with admin access without having to install PHP, MySQL, or Apache, making it nearly instantaneous to fire up a test site.

Testing pull requests is one of the most exciting use cases for the Playground project. The newly launched WordPress Core PR previewer can be found at playground.wordpress.net/wordpress.html. Users can enter the PR number or the URL.”

Gutenberg 16.8 Makes Cover Block Smarter, Adds Experimental Pages List in Site Editor

Gutenberg 16.8 was released this week with improvements to existing blocks and some experiments that lay the foundation for Phase 3 focused on collaboration.

The Cover block now automatically sets an overlay color when a user applies the initial background image. If the user doesn’t manually set an overlay color prior to uploading the image, the code extracts the overlay color by computing the average color of the image. Automattic-sponsored core contributor Vicente Canales included a video, which demonstrates how expertly the block selects the most complimentary overlay color.”

WP Photos Directory Surpasses 10,000 Images, Moderators Explore Future Enhancements

“The WordPress Photos Directory crossed a major milestone this week, surpassing 10,000 photos. It’s a growing resource that exists to provide free, publicly-contributed, CC0-licensed photographs. Every photo submitted is moderated by a volunteer.”

WP Contributors Speed Up Twenty Twenty-Four Default Theme Performance by 40%

“WordPress 6.4 will be shipping a new default theme, Twenty Twenty-Four (TT4), expected in early November. This theme is more feature-rich than previous default themes, and contributors have been working on identifying potential performance improvements that can be made ahead of the release.

As a starting point, Google-sponsored Performance team contributor Felix Arntz conducted several benchmarks comparing TT4 with the TT3 block theme. These included overall Web Vitals covering both server-side (TTFB) and client-side (LCP-TTFB), along with a separate server-side load time performance benchmark. Arntz posted a summary of this data.”

Another major WordPress security flaw has been discoverd – so patch now

“A zero-day vulnerability was recently discovered in a highly popular add-on for the WordPress website builder, potentially putting at risk some 200,000 people who are using it. 

Cybersecurity researchers from Wordfence and WPScan (both WordPress security firms) discovered the vulnerability in Royal Elementor Addons and Templates, a website-building add-on kit built by WP Royal.

The vulnerability is tracked as CVE-2023-5360, and has a severity score of 9.8 (critical). By abusing the flaw, threat actors can upload files onto the WP platform, and even bypass different checks the add-on has, such as permitted file types. That, down the road, could enable them to completely take over the vulnerable website (if, for example, they upload a file that allows for remote code execution).”

Backdoor Lurks Behind WordPress Caching Plug-in to Hijack Websites

“Evasive malware disguised as a caching plug-in allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy.”

Free Resources

Forminator

“Forminator’s drag and drop visual builder makes it easy to setup and add forms to your WordPress website. Collect information, make your content interactive and generate more conversions with Forminator.”

Forminator Forms, Surveys, Quizzes, Polls, Calculations and More…

  • Forms – Custom forms for all your needs with as many fields as you like.
  • Polls – Interactive polls to collect users opinions, with lots of dynamic options and settings.
  • Quizzes – Fun or challenging quizzes for your visitors to take and share on social media.
  • Calculations – Collect information, generate leads, take orders, and engage visitors.
  • Payments – Take payments, donations, down payments, sell merch with the included Stripe and PayPal integrations.