Store Locator Plus® PHP 8 Compatible & Relisting Status

Posted by lcleveland in Store Locator Plus, WPSLP

This past week we published an updated version of the base Store Locator Plus® WordPress plugin for version 5.12.4.  This patch allows Store Locator Plus® to run in PHP 8 environments despite WordPress itself clearly stating PHP 8 is NOT officially supported in the core WordPress install.

Unfortunately you still need to go to our main WordPress site to get the latest release.   The WordPress plugin team has yet to approve our plugin for listing in the direct despite providing a patch for the initial security concern during the summer of 2021.

Speaking of Relisting…

We have been working on literally hundreds of code changes to meet the new strict demands of the WordPress plugin team.  They insisted on a full code scan and review of all data I/O calls and required that we publish hundreds of escaping and sanitizing methods throughout.  While some of these updates did help close potential security holes, many of the changes flagged by the “AI bot code sniffer” were not true security weaknesses; This highlights a notable concern when humans employ digital intelligence tools to make decisions — but that is a debate for another day.

For now, we have spent hundreds of hours running the scanning tools we found for analyzing the code, evaluating thousands of warnings, and addresses dozens of legitimate concerns.  We worked around hundreds of false flags in the reports. The end result is a new version of the base plugin that is a good bit more secure against potential security issues.

The latest problems uncovered in testing have not come about from our security updates, but uncovered fundamental breaking changes in WordPress core.     WordPress has put the emphasis on block themes and the supporting core utilities that support them.   This has broken fundamental features of WordPress and has changed the order of precedence in which their hooks-and-filters are called.   This leads to notably different behavior in plugins and themes — not just Store Locator Plus®. Thankfully our QA team has found the issues with these new WordPress behaviors before we released our latest update and we have been working diligently to resolve them.   Our hope is the new 5.13 release not only passes the WordPress security scan but also works better than our 5.12 release when it comes to new block-based themes while retaining full compatibility with legacy themes.

With that said, we are hoping to pass our QA tests soon and have a new 5.13 release officially listed in the WordPress plugin directory.     Then we can start focusing on new features and a user experience overhaul that all of our customers can enjoy — including our SaaS customers.

Speaking of the SaaS version, thankfully none of these security things impact the SaaS version.   For those of you that switched over to the Saas release — we’ll have new features and UX updates coming your way later this year!

Store Locator Plus® Updates For WP Directory Relisting

Posted by lcleveland in Store Locator Plus, WPSLP

It has been a while since we’ve had updates for the Store Locator Plus® plugin and SaaS service.   We’ve been busy over the past year adding new development staff and getting them up-to-speed in order to address new demands presented by the WordPress Plugin Team in order to get Store Locator Plus® re-listed in the plugin directory.    Their demands to shore up potential weaknesses in the main plugin turned out to be a major project.

Over the past 8 months the development team has updated nearly 1,000 lines of code in the base plugin.  It is important to note that these changes did NOT fix known security breaches or exploits; The changes were done primarily to address hypothetical what-if security concerns in the plugin.   While the updates do little to improve security of the plugin and have a minor negative impact on performance, the changes were necessary in order to meet the new WordPress Plugin Team guidelines for getting our plugin re-listed.

Finally, after 8 months of effort we are nearing the finish line.   We are now testing an updated 5.13.X prerelease version of the Store Locator Plus® plugin.      Once we have finished our own internal testing and all base functionality has been approved, we will re-submit the plugin for re-listing on the WordPress directory.

While this is a milestone that has been in the works for a long time, it is only the first step in many new changes that are planned for the coming year.   Our lead architect, along with the rest of the development team, have a lot of great new ideas to improve our product.    The 10-year-old technology is ready for an overhaul using modern standards.    A vastly improved user experience is in the works as well as a much improved turn-key experience with a tighter WordPress Plugin integration with our SaaS platform.

We are excited to get past this year-long maintenance and security cycle and start building new things for our customers.

In the meantime, if anyone is interested in helping us test the prerelease version of Store Locator Plus® 5.13, please reach out via the contact form and we’ll send you an early release at no charge.     Our Premier Subscription holders can already download the prerelease from their account downloads page.

We appreciate your patience while we get things rebooted on the WordPress directory.  We look forward to providing improved user experiences and application performance in the coming months.

Store Locator Plus® 5.9 Security Update Released (WordPress Plugin)

Posted by lcleveland in Store Locator Plus, WPSLP

Store Locator Plus® 5.9 was released today for our WordPress plugin customers.   The update addresses several security concerns in the AJAX and REST libraries included with Store Locator Plus®.   Despite several articles being released prematurely from security companies in the WordPress market, we are unaware of any compromises to WordPress sites due to this vulnerability.

Unfortunately the folks that manage the WordPress plugin directory de-listed Store Locator Plus® almost immediately, despite our ongoing communication that we were working on patching the reported vulnerabilities.    As such, many of our WordPress plugin users are now unable to update the WordPress plugin to install the latest 5.9 release automatically from within their site dashboard.

Upgrading Store Locator Plus® On WordPress

Users that wish to upgrade to the latest 5.9 release will need to follow these steps until further notice:

  1. If you do not already have an account at WordPress.StoreLocatorPlus.com with the Store Locator Plus® base plugin as a prior purchase, you will need to purchase it.
    1. Go to https://wordpress.storelocatorplus.com/
    2. Click the Add To Cart Link
    3. Complete your purchase
  2. Login to your WordPress.StoreLocatorPlus.com account and download the base plugin.
    1. Go to https://wordpress.storelocatorplus.com/
    2. Click on My Account (top right of screen on the menu bar)
    3. Click on the Downloads entry on the account menu (top-middle of the page).
    4. Download Store Locator Plus®
  3. Deactivate and Delete Store Locator Plus® from your website plugins.   It will not remove your settings or locations.
    1. Login to your website as a site administrator.
    2. Go to plugins.
    3. Find the Store Locator Plus® plugin, hover over the entry on the plugin list.
    4. Deactivate the Store Locator Plus® plugin (this may deactivate your premium Store Locator Plus® add ons)
    5. Delete the Store Locator Plus® plugin.
  4. Upload and activate the updated 5.9 version of Store Locator Plus®.
    1. While staying logged in as an administrator on your site go to plugins.
    2. Click the Add New button.
    3. Click the Upload Plugin button next to the “Add Plugins” title.
    4. Select the Store Locator Plus® slp4.zip file you downloaded from our WordPress store.
    5. Go back to the main Plugins dashboard on your site, listing all plugins.
    6. Check off ALL the Store Locator Plus® plugins, including the newly-uploaded Store Locator Plus® base plugin and any premium add-ons you may have.
    7. From the menu on the top or bottom of the plugin list, choose “Activate” and click Apply.

For those that do not have an existing purchase of the Store Locator Plus® base plugin for WordPress and do NOT wish to purchase a copy from our store, you can wait until the folks that manage the WordPress plugin directory review our latest release and re-list it in the WordPress plugin store.  We are hoping this happens soon, but they are very busy and it could take up to a month for them to review our updates.

For Our SaaS Customers

For our customers using our SaaS service, none of this applies to you.  All security patches and updates are automatically provided as part of the service.   The security concerns in the self-managed WordPress plugin that are being discussed do not affect your site in any way.    SaaS users are not hosting data or access endpoints for AJAX or REST on their servers, and thus have no vulnerabilities like those discussed in the various Store Locator Plus® security bulletins.