Blue Angle Fighter Planes

September 20, 2023 Woo Wednesday

Woo in purple & White

Woo Wednesday Online Meetup at Noon Pacific Time

Join Up At: Meetup.com

Other Upcoming Meetups (Pacific Time)

Dallas/Fort Worth WordPress: Event PageFeaturing Eric L.

WORDPRESS HELP-DESK SUPPORT: List of WP Meetup Groups – By Eagle

Bakersfield WP – Virtual WordPress Wednesday: September 20th @ 7:00 pm

Milwaukee North WP – Monthly User Group: September 21st @ 7:00 am

Learn WP – Common APIs – Options, September 21st @ 7:00 am

West Orlando WP – Gen Herres, Accessibility on a Deadline: September 21st @ 7:00 am

Philadelphia WP – WCUS Recap, WCEU Vision w/R. Kalinka: September 21st @ 4:00 pm

San Jose/Santa Cruz WP – Help Desk: September 21st @ 6:00 pm

Maui WP – Monthly Meetup: September 21st @ 8:00 pm

West Orlando WP – Fourth Friday Collaboration Meetup: September 22nd @ 8:00 am

Hudson Valley: Content that Turns Visitors into Customers: September 23rd @ 6:30 am

Canada Code Camp – Create your 1st Website W/AI-No Code: September 26th @ 7:00 pm

Learn WP – Build better blocks with ‘create-block’ package: September 27th @ 7:00 am

Woo News

WooCommerce 8.1.1 Fix Release

  • Security: an ajax endpoint used within the order editor was returning user meta data. This was previously fixed in our 7.0.1 release, but was regrettably reintroduced. More details are available in this dev advisory. #40221
  • We resolved a problem leading to the duplication of order meta data, potentially impacting merchants who have enabled HPOS (High-Performance Order Storage) alongside compatibility mode (sync). #40148

You can download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from your WordPress admin screen.

WooCommerce Vulnerability Reintroduced from 7.0.1

Last year we were alerted to a security issue (thanks to David Anderson) that would potentially allow users with specific capabilities (and, by default, this would include the Shop Manager role) to view user data for all users. This has the possibility of exposing sensitive information. Generally, and within WooCommerce, the information stored as user metadata is not sensitive, however it is possible for other plugins to store sensitive data should they elect to. We are not aware of any cases in which this would pose a risk in WooCommerce on its own.

We identified the issue and released a fix in version 7.0.1. However, this patch did not make its way into 7.2 so the vulnerability was re-introduced with that version and has been present up until now.

We have deployed a fix for the vulnerability in version 8.1.1 that is now available.

These vulnerabilities were identified as part of our ongoing HackerOne responsible disclosure program. At this time, we have no evidence of the vulnerability being exploited in the wild.”

Getting to Know Woo: A Series on the Cart and Checkout Blocks

“Over the past months, the Cart and Checkout blocks were available as optional features in WooCommerce Core. Now, the time has come to transition the Cart and Checkout blocks out of the Beta phase and make them the default experience for all new users in the upcoming November release of WooCommerce Core.

As we introduce the Cart and Checkout blocks in WooCommerce Core, it’s important to note that several existing extensions currently integrated with the checkout flow will require updates for seamless compatibility.

Third-party developers must ensure their extensions are compatible with this new experience to deliver a cohesive shopping journey for our valued merchants. You can check the list of the supported extensions available in the woocommerce.com marketplace here.”

Getting to Know Woo: Understanding the Architecture of Cart and Checkout Blocks

“…first installment of our series on getting to know the Cart and Checkout blocks, today we will walk through the main architecture of these blocks. From managing data and order processing to store aesthetics, we’ll dissect their functions and limitations”

What’s New With WooCommerce: The First Edition

The original What’s New with Woo (WNWW) is a monthly newsletter from the Woo team that features a number of short updates on the WooCommerce product and ecosystem. 

To help spread the word, we’re launching a new blog series that expands on the newsletter content, giving readers more information and context on the shared updates. 

The monthly newsletter isn’t going anywhere, so if you’d like to receive updates in your inbox, you can subscribe to What’s New With Woo here.”

Word News

WordPress 6.3.1 Maintenance Release

“…minor release features 4 bug fixes in Core and 6 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.”

WordPress is coming to the fediverse

“WordPress released version 1.0.0 of the ActivityPub plugin last week, allowing users to connect their WordPress blog to other social media platforms on the fediverse like Mastodon. Once bloggers install the new plugin, users can follow them on other platforms and see their posts directly on those feeds. The update also makes it possible for bloggers to receive updates from all authors on their blogs, not just individual author accounts.”

Azure Launches Free Playground for WordPress on App Service

~ From InfoQ

“One year after introducing WordPress on Azure App Service, Microsoft has started offering a free hosting tier for developers to explore with WordPress on Azure without incurring any costs (almost).

The new WordPress playground relies on App Service F1 free tier and on Azure Database for MySQL free trial and may entail charges depending on your subscription type to those services.

In particular, while App Service F1 will not generate any cost, database usage is chargeable for “pay as you go” plans or when the usage limit of 750 hours per month for 12 months is exceeded. So, in order to ensure they will not pay for the WordPress playground, developers should monitor and track their database usage.”

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

~ From Magnet Forensics

“In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults”

AI bots are so good at mimicking the human brain and vision that CAPTCHAs are useless

~ From Quartz

“…a research paper (pdf) published last month that has yet to be peer reviewed indicates that AI-automated attacks on various CAPTCHA schemes have been successful. The study, conducted by a group of researchers including three from the University of California, Irvine, one from ETH Zurich, one from the Lawrence Livermore National Laboratory, and one from Microsoft, showed that AI bots are now better than humans at decoding the CAPTCHAs. They even create an impression of humans being more robots than the bots that the CAPTCHAs try to keep out. And they even do it much faster.”

Google September 2023 Helpful Content Update – Changes To The Algorithm

~ From SEO Journal

  • Google loosened the guidance on AI generated content
  • Helpful Content System is cracking down on third-party content hosted on subdomains or the main part of the website
  • New warnings on attempts to fake updates to pages and faking freshness
  • Google’s Gary Illyes offers insights on how the Helpful Content System determines sitewide signals
  • New guidance on how to recover from a Helpful Content Update

WP Tavern Launches Forums

“…forums can help expand conversations that originate on the Tavern, especially within the comments of a post. Our new forums are powered by bbPress, which enables readers to create discussions by visiting the comment section of an article and clicking on “Create forum topic from comment” based on comments that you find particularly insightful.

Under the forum called “Discussion” you will find topics that have been created based on article comments. This offers readers a way to engage further with comments that spark larger discussions, long after the article has been published and comments have closed. This feature is available alongside traditional bbPress forums where logged-in users can create topics.”

Developers Claim Damaged Trust Following Public Confrontations with WordPress Leadership

“The WordPress community is ending two days of heated discussions that rapidly descended into a mire of unbridled emotional confrontations across multiple social channels, following a tweet from John Blackbourn that raised concerns about WordPress.com plugin listings outranking WordPress.org on Google Search.

Developers expressed concerns about the SEO impact of the practice of cloning WordPress.org’s plugin directory for use on WordPress.com, with no backlinks to the original plugin. Another concern is that it perpetuates the longstanding confusion between WordPress.org and WordPress.com.”

Free Resources

Luancy

“Free design software that keeps your flow with AI tools and built-in graphics”