WordPress

WordPress 5.6: The Good, the Meh, and the Ugly

Photo of SEO SEO Send an email September 30, 2024
0 5 3 minutes read

WordPress 5.6 has been released with numerous improvements and new features. Code named Simone in honor of singer Nina Simone, the release has received positive feedback, largely because it did not cause any major disruptions.

The Good

Enable jQuery Migrate Plugin Updated

The last two updates had issues due to millions of websites breaking or accidentally updating with a beta version of WordPress. The most significant concern was related to jQuery Migrate deprecations and updates.

WordPress 5.6 avoided the legacy jQuery plugin issues experienced with the WordPress 5.5 update in August 2020, which caused widespread website failures. This time, WordPress 5.6 updated the Enable jQuery Migrate plugin to prevent websites from crashing.

When the plugin is active and the publisher is logged in, it will detect outdated jQuery and log it, displaying a warning at the top of the page. The plugin identifies jQuery issues as pages are navigated by the publisher.

There is an option for similar logging of pages served to users, but WordPress warns this could significantly increase server load and recommends against enabling it.

A deprecation log page shows the plugins responsible for the warnings. After updating a plugin, the publisher can clear the old log and resume browsing to see if the Enable jQuery Migrate plugin detects additional issues.

WordPress stated:

“With the above in mind, the Enable jQuery Migrate Helper plugin was updated for the release of WordPress 5.6. This provides a temporary downgrade path to run legacy jQuery on a site when needed.

The reason this is considered a temporary solution is that the older version of jQuery no longer receives security updates, and the legacy version will not be patched manually if anything should occur that warrants updates to it.”

The Meh

WordPress 5.6 is the first version to be (somewhat) PHP 8 compatible, the latest PHP version released in November. However, this compatibility should be considered as beta.

As noted in the official guidance of WordPress 5.6 and PHP 8 Compatibility:

“WordPress Core aims to be compatible with PHP 8.0 in the 5.6 release (currently scheduled for December 8, 2020).

…Significant effort has been put towards making WordPress 5.6 compatible with PHP 8 on its own, but it is very likely that there are still undiscovered issues remaining.”

Publishers should test thoroughly before upgrading their PHP version because many themes and plugins may not yet be compatible with PHP 8.

According to WordPress:

“5.6 marks the first steps toward WordPress Core support for PHP 8.”

The Ugly

One of the notable features in version 5.6 is the REST API authentication with Application Passwords Feature. This feature allows third-party apps to connect to a website and add functionality.

According to WordPress:

“Thanks to the API’s new Application Passwords authorization feature, third-party apps can connect to your site seamlessly and securely. This new REST API feature lets you see what apps are connecting to your site and control what they do.”

However, WordPress security plugin publisher Wordfence warns that this feature could be exploited for a full site takeover via social engineering. Social engineering is a hacking method that relies on tricking individuals into providing information or access.

For instance, phishing is a form of social engineering where an attacker may send an email posing as a bank, asking the victim to reset their login credentials via a link that leads to a copycat website. The victim’s credentials are then harvested for access to their bank account.

Wordfence describes a scenario where a criminal could create an app that mimics a trusted app, tricking the site publisher into issuing a password and allowing a secure connection to the website. Wordfence describes this attack as "trivial."

According to Wordfence:

“An attacker could trick a site owner into clicking a link requesting an application password, naming their malicious application whatever they wanted…

Since application passwords function with the permissions of the user that generated them, an attacker could use this to gain control of a website.”

Wordfence produced a video to illustrate the potential for such an attack using the new Application Passwords Feature.

WordPress 5.6 Overview

WordPress 5.6 is largely a success, bringing several positive changes. While it may not be a major breakthrough, it introduces incremental improvements to site design and functionality. The fact that this release avoided the issues of the last two releases makes it a win, especially with only a few weeks left in 2020.

Citation

WordPress 5.6 Warnings, Announcements, and Documentation

  • Wordfence article: WordPress 5.6 Introduces a New Risk to Your Site: What to Do
  • Official Announcement: WordPress 5.6 “Simone”
  • Version Documentation WordPress 5.6
  • Handling potential jQuery Issues in WordPress 5.6

Photo of SEO SEO Send an email September 30, 2024
0 5 3 minutes read
Photo of SEO

SEO

Related Articles

Matt Mullenweg Accuses WP Engine of Trying to Curtail His Free Speech Amid Dispute

October 21, 2024

WordPress Announces New Executive Director

October 9, 2024

Executive Director of WordPress Steps Down

October 5, 2024

8% of Automattic’s Employees Choose to Resign

October 5, 2024
Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button