This past week we published an updated version of the base Store Locator Plus® WordPress plugin for version 5.12.4. This patch allows Store Locator Plus® to run in PHP 8 environments despite WordPress itself clearly stating PHP 8 is NOT officially supported in the core WordPress install.
Unfortunately you still need to go to our main WordPress site to get the latest release. The WordPress plugin team has yet to approve our plugin for listing in the direct despite providing a patch for the initial security concern during the summer of 2021.
Speaking of Relisting…
We have been working on literally hundreds of code changes to meet the new strict demands of the WordPress plugin team. They insisted on a full code scan and review of all data I/O calls and required that we publish hundreds of escaping and sanitizing methods throughout. While some of these updates did help close potential security holes, many of the changes flagged by the “AI bot code sniffer” were not true security weaknesses; This highlights a notable concern when humans employ digital intelligence tools to make decisions — but that is a debate for another day.
For now, we have spent hundreds of hours running the scanning tools we found for analyzing the code, evaluating thousands of warnings, and addresses dozens of legitimate concerns. We worked around hundreds of false flags in the reports. The end result is a new version of the base plugin that is a good bit more secure against potential security issues.
The latest problems uncovered in testing have not come about from our security updates, but uncovered fundamental breaking changes in WordPress core. WordPress has put the emphasis on block themes and the supporting core utilities that support them. This has broken fundamental features of WordPress and has changed the order of precedence in which their hooks-and-filters are called. This leads to notably different behavior in plugins and themes — not just Store Locator Plus®. Thankfully our QA team has found the issues with these new WordPress behaviors before we released our latest update and we have been working diligently to resolve them. Our hope is the new 5.13 release not only passes the WordPress security scan but also works better than our 5.12 release when it comes to new block-based themes while retaining full compatibility with legacy themes.
With that said, we are hoping to pass our QA tests soon and have a new 5.13 release officially listed in the WordPress plugin directory. Then we can start focusing on new features and a user experience overhaul that all of our customers can enjoy — including our SaaS customers.
Speaking of the SaaS version, thankfully none of these security things impact the SaaS version. For those of you that switched over to the Saas release — we’ll have new features and UX updates coming your way later this year!