Managing WP NO. 1 | It's been a while, WP-Optimize, admin-ajax.php, Cloudflare WAF
I'm still alive!
It's been a while. This isn’t easy.
I am sorry that I haven’t been filling your inboxes with excellent WordPress content. But I see you, all 33 of you and hope to keep this up 😊
Now let’s get into it!
📰WordPress News
There’s been a lot going on, but I haven’t been collecting anything to share with you, so there isn’t much here.
🎭WP-Optimize Drama
If you haven’t heard, WP-Optimize pulled in some code from another plugin and, unfortunately, didn’t vet it from the top down. There are lots of people posting about it and giving their take on the whole situation.
Gijo from Flying Press posted something on Twitter about WP-Optimize cheating PageSpeed and other testing tools.
Then WPTavern reported on it rather quickly, which some have taken issue with due to how quickly they published it.
Some people in the community defended WP-Optimize, even putting up a video.
Gijo also posted a video showing how the feature isn’t adequately described, and if you defer all javascript, it’s impossible to turn off the cheating portion.
WP-Optimize responded, WP Tavern posted another article with quotes from the original plugin developer of the code.
WP-Optimize completely rejects false allegations of ‘gaming’ page speed results
WP-Optimize Denies Allegations of Cheating Performance Tools
Here’s the quote from FVM3 Developer Piexoto
Fast forward some time, and I realized that some developers were actually using this to cheat on the tests for their clients, so I felt compelled to make the decision on FVM 3 (already late 2020) to remove this feature, which was met by a lot of protests of angry developers when their clients started complaining that their scores went down.
I tried at that time, to explain that having a good score was not the same as having good web vitals metrics, but eventually I gave up on that, as some people cared more about the test results than the actual performance.
After FVM 3 release, I am basically just maintaining it and doing small bug fixes when reported, as I have to focus on other things. I have removed that function and fixed a couple of bugs that were pending on version 3.2.9 and pushed an update, so thank you for referring this to me.
Just here to inform you might post something further.
WordPress Performance Team - Object Cache Improvements
Looks like @tillkruess is cooking up some performance magic 🧙♂️
🧻News Headlines
🔗WordPress
With the latest version of WooCommerce Blocks, the beta versions of the Cart & Checkout blocks are now available for use within WooCommerce Core.
WordPress Community Engagement: The best WordPress accounts to follow on Twitter
🔐Security
As always, security affects everyone and things, including WordPress and what we use daily while working with WordPress.
Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials
Final Thoughts on Ubiquiti - Kerbs
Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach
Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
Mac users urged to update Zoom, after security patch released for previously-flawed security patch
Signal -Encrypted Messaging Service Hack Exposes Phone Numbers
💼Business
Bizness.
🔗Misc News
This doesn’t belong here.
✍Content Updates
Live Blog!
I’ve been trying to get more into live blogging the issues and struggles I face daily as I love doing it and feel it provides value to people also dealing with the same issues. Check it out!
How admin-ajax.php sucks!
I wrote a short article on how plugin developers use admin-ajax.php for front and backend ajax queries which can cause performance issues for any site. I started listing plugins currently using this method; PixelYourSite was the first plugin I encountered but not the last.
»WordPress Plugins utilizing admin-ajax.php causing Performance Issues
Removing Litespeed Caching Plugin Warning About Other Plugins
Litespeed made an update that now puts an admin notice up whenever you have a plugin that might conflict with the LSCache plugin installed.
» Removing Litespeed Caching Plugin Warning About Other Plugins
Locking Down your WordPress site with Cloudflare WAF Rules
I wrote an article on how to lock down your WordPress site using Cloudflare. You can do this with the free plan. There is also a github bash script that I’ve started working on to help deploy the rules automatically to sites on your Cloudflare account, however it’s a WIP.
» Locking Down your WordPress site with Cloudflare WAF Rules
Dealing with High CPU Usage on your WordPress Server
The title sells itself, started a draft on how to deal with High CPU Usage on a server with multiple WordPress sites.
» Dealing with High CPU Usage on your WordPress Server
👩💻Github Repository Updates
managingwp/wordpress-code-snippets
Improved ajax-log.php a ton, logging those bad admin-ajax.php calls!
Turn your post titles in to links post-title-permalink.php
managingwp/wp-shelltools
Was original gp-tools, but now universal support for everything is the goal and so the repository was renamed to wp-shelltools
Created attackscan.sh which will scan your OLS and Nginx logs for top requests and for common WordPress resource attacks.
managingwp/cloudflare-wordpress-rules
Created a shell script to automate creating firewall rules within Cloudflare.
jordantrizz/zshbop
This newsletter forced me to release v2.4.0 of my ZSH shell script.
Lots of awesome changes!
📁Featured Projects
Snicco
Calvin, who is a regular in the GridPane Self-Managed WordPress Facebook group, has a monorepo with a ton of great projects to improve WordPress for developers.
Submit a Project!
If you know of a project around managing WordPress, let us know!
💸LTD’s (Affiliate Links)
Some are plus exclusive deals, which is a yearly subscription on Appsumo.
WordPress Specific
👊Feedback/Suggestions
I want to hear from you! I’m always looking to improve this newsletter! Let me know your thoughts!