WordPress published a list of changes that will be coming to WordPress 6.0. This article will focus on significant improvements in the editor block, which will make the creation of websites and webpages not just easy but exciting.
It is a lot of ways that WordPress 6.0 fulfills many of the goals that the Gutenberg block-based editor had promised.
WordPress Gutenberg Blocks
Indeed, the WordPress block-based system had previously received complaints from users who believed it was not yet enough.
WordPress 6.0 provides notable improvements that align it with what people expect from an editor for websites that are supposed to be user-friendly.
A lot of these enhancements require theme designers to be able to accept the latest changes. In particular, they should provide theme.json settings files that allow users to switch between various designs and patterns for pages.
Although WordPress 6.0 does not represent a final goal WordPress is moving towards (there are many more enhancements coming), it is an important milestone.
Page Creation Patterns In WordPress 6.0
WordPress 6.0 includes page patterns. This is a method for users to choose from several patterns to aid them in creating their websites. For instance, they can choose patterns suitable on a website’s contact page, our page about us, an article page, etc.
The page designs aren’t included with WordPress core. WordPress core.
Page patterns are a feature now available to theme designers to make use of.
The function of page patterns can be used for themes that are not Gutenberg in addition to the Gutenberg blocks themes.
Global Styles Switcher
With WordPress 6.0 themes, developers can include a variety of style presets that will instantly alter the appearance and feel of the website.
This could be one of the most significant changes coming to WordPress.
A global switcher for style is an essential feature in WordPress. It allows theme developers to make it easy for WordPress users to alter how their websites appear and make them distinctive.
In the podcast, Channing Ritter, the Design Director at Automattic, mentioned how the new style switcher could benefit.
These configuration documents (Theme.json) regulate the colors fonts, colors of custom CSS pages, the width of a page, and other variables that determine what a page appears like.
Code Improvements For Image, Quote, List, And Group Blocks
The most notable improvement was removing the DIV tag that is placed around each image. This makes the code slightly more compact, and having less code is always more efficient.
The old way:
<div class=”wp-block-image alignleft”><figure><img src=”someimage.jpg” alt=”” width=”100″ height=”100″/></figure></div>
The new way:
<figure class=”wp-block-image alignleft”><img src=”someimage.jpg” alt=”” width=”100″ height=”100″/></figure>
This is only true for themes that can support the latest theme.json file.
Another modification is eliminating HTML elements, also known as ” divs,” which are automatically added blocks with alignments said to them.
There are other improvements
- Separator block updated to ensure that the block that supports color settings
- Block Editor miscellaneous dev Notifications to WordPress 6.0
WordPress 6.0 Deserves To Be Called A Major Release
The changes mentioned above are one of the improvements that will be made available with WordPress 6.0. There are additional improvements for WordPress accessibility, performance improvements to Bootstrap/Load, cache API, performance improvements to the way the media are handled, and 97 enhancements and 131 bug fixings.
Vulnerability Found in WordPress Anti-Malware Firewall
A mirrored XSS security vulnerability has been patched Anti-Malware Security and Brute-Force Firewall WordPress Plugin.
A well-known WordPress antivirus plugin was vulnerable to a reflected vulnerability in cross-site scripting. This kind of vulnerability allows an attacker to hack into an administrator user of the website affected.
Affected WordPress Plugin
The plugin that was found to be containing vulnerabilities is Anti-Malware Security and Brute-Force Firewall, which is used by more than 200 000 websites.
Anti-Malware Security, as well as Brute-Force Firewall, is a plugin that protects websites by acting as a firewall (to stop threats from entering the site) and also as an antivirus scanner to detect security threats that could be in the form of attacks through backdoors, database injections, and so on.
A premium version protects websites from attacks using brute force that tries to figure out usernames and passwords and protects from DDoS attacks.
Reflected Cross-Site Scripting Vulnerability
The plugin was discovered to have a security flaw that permitted an attacker to start a Reflected Cross-Site scripting (reflected by XSS) attack.
A cross-site scripting vulnerability reflected in this instance occurs when the WordPress website fails to restrict what information can be entered into the website.
This inability to limit (sanitize) the content being uploaded is, in essence closing the front gate of the website open and permitting almost everything to upload.
An attacker exploits this flaw by uploading a malicious script and then having the website reflect it.
Suppose an administrator with permissions browses an untrusted URL that an attacker created. In that case, the script gets activated by the administrator-level licenses stored within the target’s browser.
Update to Version 4.20.96 Recommended
It is recommended that you make backups to your WordPress files before updating any theme or plugin.
The latest version, 4.20.96 of the Anti-Malware Security and Brute-Force Firewall WordPress plugin, includes an update for the vulnerability.
Downloaders of this plugin are advised to upgrade the software to the latest version, 4.20.96.
WP Engine Ending Support for .htaccess
WP Engine announced that .htaccess would not be supported anymore. It’s true; this could be the next step for web hosting.
WordPress hosted by managed host WP Engine announced that it would end service for .htaccess directives. WP Engine has started End-of-Life (EOL) procedures to wind off the usage of .htaccess for their server. They have set a date in October 2022 when they will complete the end of Support.
The usage of .htaccess as an application to manage websites is so deep-rooted that the notion of not supporting .htaccess could be an issue. Some believe that if clients don’t create a custom .htaccess, the hosting services may not be appropriate for how websites are built today.
A closer look at the work WP Engine is doing shows that this decision is logical and, more importantly, could become an expected feature of high-performance web hosting.
Why WP Engine Deprecating .htaccess Support
WP Engine’s main reasons for leaving .htaccess behind were based on achieving efficiency gains by removing .htaccess from the level of the website and taking advantage of the performance gains that come with modern technologies.
WP Engine estimates that this modification will not impact the majority of websites it hosts since most sites use an initial version .htaccess that WordPress creates.
.htaccess and Site Performance
.htaccess is a method to manage certain aspects of a website, such as redirecting requests for one URL to a different URL redirecting requests from unsecured HTTP URLs, redirecting them to secured HTTP, and blocking IP addresses belonging to malicious hackers and scrapers in addition to many other purposes.
.htaccess is an application file utilized by servers running an Apache Open Source Server software (for example, Nginx servers that run as reverse proxy servers to Apache).
Utilizing .htaccess files is a well-established and well-established method of managing websites.
But, one thing that might not be widely examined or discussed is that using .htaccess files isn’t an effective method of controlling actions like blocking IP addresses or redirecting URLs.
When .htaccess files get very large, they could have an adverse impact on SEO as well as conversion-related metrics, such as the Time to First Byte (TTFB) is a measure that determines the time it takes for a server’s server to start downloading resources from a web page.
Based on a test conducted by StrategiQ, which measured the effect on performance, .htaccess for performance found that .htaccess files could be detrimental to the implementation of servers and their ability to scale.
Will WP Engine Users Be Inconvenienced?
WP Engine offers ways to navigate around .htaccess files with the help of what they refer to as web Rules. Web Rules allow users to control IP-based allow/deny rules and set header responses.
WP Engine’s WP Engine-controlled hosting platform uses redirects in three methods.
- Bulk transferred in the WP Engine’s Nginx configuration
- Bulk is imported into the WordPress plugin known as Redirection
- Bulk imports to The Yoast SEO Plugin redirect manager
I have used Redirection as a Redirection WordPress plugin for a few websites I have, and I’ve found it simple to handle head and redirects.