WordPress 5.6 has been released with many improvements and new features. Code named Simone (honoring singer Nina Simone), WordPress 5.6 has been met with a positive reaction, possibly because it didn’t break anything.
The substance of what’s going on in WordPress 5.6 can be described as generally great, some meh and one issue that is bad.
The last two updates were somewhat rocky due to millions of sites breaking or unintentionally updating with a beta version of WordPress.
The greatest potential issue was with the jQuery Migrate deprecations and updates.
WordPress 5.6 figured out how to stay away from the legacy jQuery plugin issues experienced with the WordPress 5.5 update in August 2020. That was the update that made sites stop working in horde and sudden ways.
The reason those issues were avoided this time around is because WordPress 5.6 updated the Enable jQuery Migrate plugin to maintain a strategic distance from a repeat of websites crashing.
When the plugin is active and the publisher is signed in, the plugin will detect outdated jQuery and log it, presenting a display at the top of page to signal the issue.
The plugin identifies jQuery issues from page to page as the pages are served to the publisher as they browse the website.
There is an option to perform similar logging using pages served to users are browsing the site, but WordPress warns that this could make critical server load and suggests not turning it on.
There is a deprecation log page that shows the plugins responsible for the warnings. After updating a plugin the publisher can clear the old log and resume browsing again to check if the Enable jQuery Migrate plugin detect extra issues.
“With the above in mind, the Enable jQuery Migrate Helper plugin was updated for the release of WordPress 5.6, this provides a temporary downgrade path to run legacy jQuery on a site when needed.
The reason this is considered a temporary solution, is that the older version of jQuery no longer receives security updates, and the legacy version will not be patched manually if anything should occur that warrants updates to it.”
One of the new features in version 5.6 that the WordPress team are rightfully proud of also contains a possible downside to it that if completely abused could lead to a full site takeover.
WP 5.6 introduces the REST API confirmation with Application Passwords Feature
The App Passwords Feature allows outsider applications to connect with your site and add functionality.
According to WordPress:
“Thanks to the API’s new Application Passwords authorization feature, third-party apps can connect to your site seamlessly and securely. This new REST API feature lets you see what apps are connecting to your site and control what they do. “
However, according to WordPress security plugin publisher Wordfence, a social engineering attack could be used against a site admin to get admin credentials.
Social engineering is a hacking strategy that depends on fooling into giving data or access.
For instance, Phishing is a form of social engineering where an attacker may email a victim posing as their bank, mentioning that they reset their login credentials.
A link in the email leads to a copycat website that looks like a bank site where the victim enters their user name and password which is then collected to acquire access to their banking account.
Wordfence describes a social engineering attack where a criminal could make an application that impersonates a trusted App, leading the website publisher to give a password and allow a secure connection with their site. Wordfence describes the complexity of this attack as “trivial.”
According to Wordfence:
“An attacker could trick a site owner into clicking a link requesting an application password, naming their malicious application whatever they wanted…
Since application passwords function with the permissions of the user that generated them, an attacker could use this to gain control of a website.”
WordPress 5.6 is to a great extent a success. There’s much that is so right with it. While it is not a serious step forward it has gradual improvements into site design functionality and improvements to functionality.
That this release figures out how to keep away from the drama of the last two releases makes this update a success considering there’s as yet half a month left in 2020.
We at CodeLedge, provide Sweden’s best WordPress Development services. We are experts at making a creative and light weight eye catching websites for every type of businesses. Feel free to talk with us at firstname.lastname@example.org or get a quote from here.