WordPress 5.6 has been rolled out with dozens of improvements and new alternatives. Code named Simone, WordPress 5.6 has got a great reaction, most probably as it did not damage the rest.
The essence of what’s different in WordPress 5.6 perhaps also be defined as most usually just right, a few meh, and one abhorrent factor.
What’s So Good?
Enable jQuery Migrate Plugin Updated
The shutting couple updates had been moderately rocky due to millions of internet websites crashing or by chance modernizing with WordPress’s beta model.
The most prominent doable aspect was previously with the jQuery Migrate updates and deprecations.
WordPress 5.6 regulated to steer obvious of the inheritance jQuery plugin difficulties proficient with the WordPress 5.5 substitute in August 2020. That up-gradation caused sites to cease operating in myriad and unforeseen methods.
The purpose why those problems were prevented this time is since WordPress 5.6 modernized the Enable jQuery Migrate plugin to prevent a repeat of sites malfunctioning.
At the time the plugin is running and the administrator is logged in, it will identify old jQuery and log it, showing a layout at the page’s top to indicate the difficulty.
The plugin recognizes jQuery problems from page to page since the pages are given to the administrator as they browse the website.
You have a choice to execute similar logging utilizing pages given to them, but WordPress cautions that this could build vital server load, as well as suggests not switching it on.
Besides, with a deprecation log page, it is possible to show the plugins held for the signs. Once the plugin is updated the publisher can remove the old log and continue browsing once again to view if the Enable jQuery Migrate recognizes extra problems.
WordPress declared:
“With the above in mind, the Enable jQuery Migrate Helper plugin was updated for the release of WordPress 5.6, this provides a temporary downgrade path to run legacy jQuery on a site when needed.
The reason this is considered a temporary solution is that the older version of jQuery no longer receives security updates, and the legacy version will not be patched manually if anything should occur that warrants updates to it.”
The Meh
WordPress 5.6 is exporting with their initial edition of WordPress that is PHP 8 compatible, the latest edition of PHP that was published in November. Nevertheless, this compatibility is intended to be considered as beta compatible.
WordPress PHP 8 news ended up being meh since it manages to be good and less than good news.
As remarked in the formal administration of PHP 8 Compatibility and WordPress 5.6:
“WordPress Core aims to be compatible with PHP 8.0 in the 5.6 release (currently scheduled for December 8, 2020). Significant effort has been put towards making WordPress 5.6 compatible with PHP 8 on its own, but it is very likely that there are still undiscovered issues remaining.”
Publishers need to test first before updating their PHP version since plugins and themes at this point will likely not be available for PHP 8.
This is why the announcement of WordPress constructed PHP 8 compatibility as the first step due to latent compatibility bugs and because plugins and themes perhaps not be compatible so far.
As per WordPress, “5.6 marks the first steps toward WordPress Core support for PHP 8.”
The Ugly
Another feature in WordPress 5.6 version is that if completely exploited could direct a whole website takeover. WP 5.6 presents the REST API validation with Application Passwords Feature (APF).
The Application Passwords Feature lets third-party applications connect to your site and append functionality.
As per WordPress, “Thanks to the API’s new Application Passwords authorization feature, third-party apps can connect to your site seamlessly and securely. This new REST API feature lets you see what apps are connecting to your site and control what they do. “
Nevertheless, as per the WordPress security plugin administrator Wordfence, it is possible to use a social engineering attack against a website administrator to get administrator details.
Social engineering is basically a hacking technique that depends on fooling into giving access or information.
For instance, Phishing is a kind of social engineering where an intruder might email a victim acting as their bank, demanding that they change their login credentials.
A link is available in the email redirects to a copycat website that looks like a brand site where the victim inserts their ID and password, which is then collected to get access to their account.
As per Wordfence, “An attacker could trick a site owner into clicking a link requesting an application password, naming their malicious application whatever they wanted…
Since application passwords function with the permissions of the user that generated them, an attacker could use this to gain control of a website.”
Do you know what was the issues in WordPress 5.5?