WordPress 5.4.1 is now available!
This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 5.4.1 is a short-cycle security and maintenance release. The next major release will be version 5.5.
You can download WordPress 5.4.1 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Security Updates
Seven security issues affect WordPress versions 5.4 and earlier. If you haven’t yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues:
- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
- Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block
- Props to Nick Daugherty from WordPress VIP / WordPress Security Team who discovered an XSS issue in
wp-object-cache - Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.
- Props to Weston Ruter for fixing a stored XSS vulnerability in the WordPress customizer.
- Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure.
Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.
For more information, browse the full list of changes on Trac, or check out the version 5.4.1 HelpHub documentation page.
In addition to the security researchers mentioned above, thank you to everyone who helped make WordPress 5.4.1 happen:
Alex Concha, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andy Fragen, Andy Peatling, arnaudbroes, Chris Van Patten, Daniel Richards, DhrRob, Dono12, dudo, Ehtisham Siddiqui, Ella van Durpe, Garrett Hyder, Ian Belanger, Ipstenu (Mika Epstein), Jake Spurlock, Jb Audras, John Blackbourn, John James Jacoby, Jonathan Desrosiers, Jorge Costa, K. Adam White, Kelly Choyce-Dwan, MarkRH, mattyrob, Miguel Fonseca, Mohammad Jangda, Mukesh Panchal, Nick Daugherty, noahtallen, Paul Biron, Peter Westwood, Peter Wilson, pikamander2, r-a-y, Riad Benguella, Robert Anderson, Samuel Wood (Otto), Sergey Biryukov, Søren Brønsted, Stanimir Stoyanov, tellthemachines, Timothy Jacobs, Toro_Unit (Hiroshi Urabe), treecutter, and yohannp.
The WordPress ecosystem is chock full of outstanding free software. Why, you could build an entire website using an attractive free theme and a selection of highly-functional plugins.
But free solutions aren’t always the best ones. This is especially the case for web designers who build sites for clients. Sometimes, commercial software is needed to achieve professional-grade results.
Investing in commercial themes and plugins can often be the right choice for your project. However, it also brings a certain set of responsibilities. These are things that designers often overlook. Unfortunately, doing so can lead to problems down the road.
Therefore, it’s important to think about what using commercial WordPress software means. Today, we’ll take a look how you can keep things running smoothly both now and in the future.
Unlimited Downloads: 1200+ WordPress Themes
WordPress Themes, WooCommerce Themes, Plugins, Web Templates, Design Assets, and much more!
Licensing and Payment Issues
On the surface, the question of who pays for a particular piece of software may seem obvious. It should be the client’s responsibility, right? Well, it’s a bit more complicated.
If the software in question, let’s say a WooCommerce extension, is going to be used exclusively for the client’s website – they should be the one to pay. Whether you purchase the software and bill them later or have them buy it directly (the better option), your client should be the license holder in this case.
However, a lot of themes and plugins these days have developer licensing options. This allows a web designer to purchase a single license for use on a predetermined number of projects – sometimes even unlimited. This muddies the waters a bit.
At best, it can be a win-win situation. You get to utilize a trusted product without licensing hassles and your client reaps the benefits of it.
Still, there is the potential for future issues. As your work evolves, you may not necessarily use a particular theme or plugin forever. If that software has yearly license renewals, you may be stuck purchasing it anyway – just so your existing client websites don’t fall out-of-date.
Leaving Clients in a Lurch
One of the biggest issues with commercial software in the WordPress space isn’t the software itself – it’s mismanagement by designers.
If you’ve ever inherited a website from another designer, you may have witnessed this first-hand. A theme or plugin is in use, but incredibly outdated. Yet, the license key required to install an update is nowhere to be found. Or, worse yet, the software was directly customized by the previous designer – making an update even more precarious.
This may not be a big deal – at least not right away. But eventually something will go wrong. The more updates applied to your WordPress install, the more likely it is that the old software will break.
Nothing in the WordPress ecosystem is frozen in time. Things are constantly changing. In that sense, leaving a client with something that can’t be updated is akin to leaving a hidden trap. At some point, their site is going to become entangled in it.
And, when it involves critical components such as themes or page builder plugins, the effort and cost to make repairs can be significant.
Best Practices for Commercial Themes and Plugins
So, how can we take advantage of commercial offerings while doing right by our clients? Here are a few ideas:
Always Use Licensed Software
One of the biggest mistakes a designer can make is using unlicensed software on a client’s website. For example, taking a plugin that was licensed for one domain and installing it on another.
Functionally speaking, this puts the site at risk as the plugin can’t be updated. Beyond that, it’s also hurting that plugin’s author as well.
It should probably go without saying, but we’ll say it anyway: Only install plugins and themes if they are licensed for your project.
Inform Clients of Licensing Requirements
It’s important that clients understand their role in staying on top of software licensing. They should have all relevant license keys for software they’ve purchased. It will come in handy if they need to reference it later on.
In addition, clients should be aware of when licenses will renew and why it’s important to stay updated. At that point, it’s out of our hands. The best we can do is educate clients in hopes that they follow through.
Customize the Right Way
Like everything else in web development, it’s important to make any commercial theme or plugin customizations in a sustainable manner. This means using child themes and WordPress hooks as opposed to directly editing files.
This helps to ensure that any customizations won’t be lost during future software updates. Otherwise, your clients may be in for an unwelcomed surprise when a feature no longer works as intended.
Hand off Projects That Can Be Updated
Launching a website and handing it off to a client is a time of optimism. Everything is new, fresh and functional. But if a piece of commercial software can’t be updated in the future, that good feeling won’t last.
Make sure that any commercial themes and plugins can be upgraded via the WordPress dashboard. This helps to ensure that your client’s new website will receive the latest features, along with bug and security fixes.
If a particular component has to be updated manually, let your client know. This way, you can work as a team and plan ahead.
A Little Effort; A Lot of Benefits
It may sound like using commercial software with WordPress is a hassle. Actually, it only becomes a problem if we neglect the accompanying responsibilities.
More than anything, the key to keeping things humming along is communication. Clients need to know what needs to be done, how much it will cost and why it’s important to keep up with licensing. This will prevent the vast majority of issues from ever popping up.
In addition, web designers must build and hand over their projects to clients with sustainability in mind. This means that every component of a website is able to be updated now and five years from now.
So, use your favorite commercial themes and plugins without hesitation. Just make sure that you’re utilizing them with the future in mind.
The post A Guide to Using Commercial WordPress Themes and Plugins appeared first on Speckyboy Design Magazine.
