Store Locator Plus® 5.9 Security Update Released (WordPress Plugin)

Posted by lcleveland in Store Locator Plus, WPSLP

Store Locator Plus® 5.9 was released today for our WordPress plugin customers.   The update addresses several security concerns in the AJAX and REST libraries included with Store Locator Plus®.   Despite several articles being released prematurely from security companies in the WordPress market, we are unaware of any compromises to WordPress sites due to this vulnerability.

Unfortunately the folks that manage the WordPress plugin directory de-listed Store Locator Plus® almost immediately, despite our ongoing communication that we were working on patching the reported vulnerabilities.    As such, many of our WordPress plugin users are now unable to update the WordPress plugin to install the latest 5.9 release automatically from within their site dashboard.

Upgrading Store Locator Plus® On WordPress

Users that wish to upgrade to the latest 5.9 release will need to follow these steps until further notice:

  1. If you do not already have an account at WordPress.StoreLocatorPlus.com with the Store Locator Plus® base plugin as a prior purchase, you will need to purchase it.
    1. Go to https://wordpress.storelocatorplus.com/
    2. Click the Add To Cart Link
    3. Complete your purchase
  2. Login to your WordPress.StoreLocatorPlus.com account and download the base plugin.
    1. Go to https://wordpress.storelocatorplus.com/
    2. Click on My Account (top right of screen on the menu bar)
    3. Click on the Downloads entry on the account menu (top-middle of the page).
    4. Download Store Locator Plus®
  3. Deactivate and Delete Store Locator Plus® from your website plugins.   It will not remove your settings or locations.
    1. Login to your website as a site administrator.
    2. Go to plugins.
    3. Find the Store Locator Plus® plugin, hover over the entry on the plugin list.
    4. Deactivate the Store Locator Plus® plugin (this may deactivate your premium Store Locator Plus® add ons)
    5. Delete the Store Locator Plus® plugin.
  4. Upload and activate the updated 5.9 version of Store Locator Plus®.
    1. While staying logged in as an administrator on your site go to plugins.
    2. Click the Add New button.
    3. Click the Upload Plugin button next to the “Add Plugins” title.
    4. Select the Store Locator Plus® slp4.zip file you downloaded from our WordPress store.
    5. Go back to the main Plugins dashboard on your site, listing all plugins.
    6. Check off ALL the Store Locator Plus® plugins, including the newly-uploaded Store Locator Plus® base plugin and any premium add-ons you may have.
    7. From the menu on the top or bottom of the plugin list, choose “Activate” and click Apply.

For those that do not have an existing purchase of the Store Locator Plus® base plugin for WordPress and do NOT wish to purchase a copy from our store, you can wait until the folks that manage the WordPress plugin directory review our latest release and re-list it in the WordPress plugin store.  We are hoping this happens soon, but they are very busy and it could take up to a month for them to review our updates.

For Our SaaS Customers

For our customers using our SaaS service, none of this applies to you.  All security patches and updates are automatically provided as part of the service.   The security concerns in the self-managed WordPress plugin that are being discussed do not affect your site in any way.    SaaS users are not hosting data or access endpoints for AJAX or REST on their servers, and thus have no vulnerabilities like those discussed in the various Store Locator Plus® security bulletins.

 

Store Locator Performance Improves

Posted by lcleveland in Map Software, MySLP SaaS, Store Locator Plus, WPSLP

Store Locator Plus® was updated today with a number of improvements over the 5.2 release.   Users will find that the Locations management screen is much faster when the screen options sets pagination length to more than 100 records.  The update also ensures that those users that set their location list to more than 512 locations can still use the Export options available in the Professional and Enterprise level of service, or that have the Power add on installed if using the WordPress plugins.

SaaS Performance Boost

While the 5.3 release of Store Locator Plus® includes a number of performance enhancements across-the-board, our SaaS service has received some additional updates that allow us to process location and map requests a little faster.   This is thanks to working with a controlled software stack where we know the exact version of WordPress, PHP, and all the libraries involved to squeeze as much performance as possible from the code.

Users should notice faster response when loading the map on a page, especially on sites with more than a few dozen locations being displayed.

Read More “Store Locator Performance Improves”

Store Locator Server Upgrade

Posted by lcleveland in MySLP SaaS, Store Locator Plus, WPSLP
Cluster Teamwork

All of the Store Locator Plus® web properties are now living on an updated server cluster.   The new configuration, a load-balanced cluster, will provide zero-downtime maintenance window and faster performance under peak load;  These upgrades will be most noticeable for our SaaS users.

What Changed?

Our prior server configuration used a failover configuration.   In that type of configuration a web server handles 100% of the load and if it fails a second duplicate server that is in standby takes over.  This provides limited downtime with reduced costs; However, it also means there are routine service outages when the underlying software (Operating System, web services, web apps) are updated.

The current configuration, put into place over the weekend with zero downtime, uses a load balanced configuration.  In this configuration two-or-more servers mirror each other and are all online and answering web requests at the same time.  Requests are split between the servers with a goal of maintaining an average load of just under 50%.  This ensures that if one server fails the service stays up-and-running while a replacement server is automatically brought online to assist in web services.

The load balanced cluster also provides an added benefit of horizontal scalability. Failover style server could only be pushed up to a bigger server with more CPUs and RAM and faster network interfaces; a process that meant building ever-bigger servers with higher costs and longer maintenance window downtime.     The load balanced cluster configuration monitors server loads across the cluster and adds a new server automatically at set performance limits.   This ensures that there is a less-than-5-minute response time to adding capacity whenever there is a spike in usage.

Read More “Store Locator Server Upgrade”