Store Locator Plus® 5.9 Security Update Released (WordPress Plugin)

Store Locator Plus® 5.9 was released today for our WordPress plugin customers.   The update addresses several security concerns in the AJAX and REST libraries included with Store Locator Plus®.   Despite several articles being released prematurely from security companies in the WordPress market, we are unaware of any compromises to WordPress sites due to this vulnerability.

Unfortunately the folks that manage the WordPress plugin directory de-listed Store Locator Plus® almost immediately, despite our ongoing communication that we were working on patching the reported vulnerabilities.    As such, many of our WordPress plugin users are now unable to update the WordPress plugin to install the latest 5.9 release automatically from within their site dashboard.

Upgrading Store Locator Plus® On WordPress

Users that wish to upgrade to the latest 5.9 release will need to follow these steps until further notice:

  1. If you do not already have an account at WordPress.StoreLocatorPlus.com with the Store Locator Plus® base plugin as a prior purchase, you will need to purchase it.
    1. Go to https://wordpress.storelocatorplus.com/
    2. Click the Add To Cart Link
    3. Complete your purchase
  2. Login to your WordPress.StoreLocatorPlus.com account and download the base plugin.
    1. Go to https://wordpress.storelocatorplus.com/
    2. Click on My Account (top right of screen on the menu bar)
    3. Click on the Downloads entry on the account menu (top-middle of the page).
    4. Download Store Locator Plus®
  3. Deactivate and Delete Store Locator Plus® from your website plugins.   It will not remove your settings or locations.
    1. Login to your website as a site administrator.
    2. Go to plugins.
    3. Find the Store Locator Plus® plugin, hover over the entry on the plugin list.
    4. Deactivate the Store Locator Plus® plugin (this may deactivate your premium Store Locator Plus® add ons)
    5. Delete the Store Locator Plus® plugin.
  4. Upload and activate the updated 5.9 version of Store Locator Plus®.
    1. While staying logged in as an administrator on your site go to plugins.
    2. Click the Add New button.
    3. Click the Upload Plugin button next to the “Add Plugins” title.
    4. Select the Store Locator Plus® slp4.zip file you downloaded from our WordPress store.
    5. Go back to the main Plugins dashboard on your site, listing all plugins.
    6. Check off ALL the Store Locator Plus® plugins, including the newly-uploaded Store Locator Plus® base plugin and any premium add-ons you may have.
    7. From the menu on the top or bottom of the plugin list, choose “Activate” and click Apply.

For those that do not have an existing purchase of the Store Locator Plus® base plugin for WordPress and do NOT wish to purchase a copy from our store, you can wait until the folks that manage the WordPress plugin directory review our latest release and re-list it in the WordPress plugin store.  We are hoping this happens soon, but they are very busy and it could take up to a month for them to review our updates.

For Our SaaS Customers

For our customers using our SaaS service, none of this applies to you.  All security patches and updates are automatically provided as part of the service.   The security concerns in the self-managed WordPress plugin that are being discussed do not affect your site in any way.    SaaS users are not hosting data or access endpoints for AJAX or REST on their servers, and thus have no vulnerabilities like those discussed in the various Store Locator Plus® security bulletins.

 

Store Locator Plus® Updates On The Way

Store Locator Plus® recently hired a new developer to help work on both front end and back end code.  It is part of a renewed focus on providing routine monthly updates to the Store Locator Plus® platform.    Changes will roll out slowly at first, with a focus on the WordPress plugins as our new development team learns the ins-and-outs of the platform.   Our end goal is to vastly improve the platform with several key objectives in sight — to improve overall security, to improve the performance, and most importantly to improve the user experience.

Store Locator Plus® 5.7 was recently released to the WordPress community with several key security updates.   These updates will help ensure proper data security and integrity on sites that run the standalone WordPress plugin offering.   The security updates are automatically being included in the SaaS platform and require no action on the part of our SaaS platform users.

We are working on version 5.8 for both the WordPress plugins and the SaaS platform, which will include further security updates as well as some JavaScript performance updates as we start to employ new coding standards in the JavaScript engine.

Once we get the foundation solid, we will start working on the User Experience and feature requests.   If there is something you’d like to see in our SaaS offering, please let us know in the forums or by reaching out to us via the email form.

Inconsistent Google Map Coordinates – Kansas City Has Moved

One of the issues we run into fairly regularly is our Store Locator Plus® customers get no locations back when they search for a city where they know they do, in fact, have locations. Recently this came up with a customer that was searching Kansas City. If they type Kansas City, MO or Kansas City, KS the would see their locations. So what was going on?

Kansas City – November 2018

Way back in November 2018, Google Maps decided that Kansas City was at 39.0119, -98.48424

We’re not in Kansas City anymore…

Kansas City, November 2018

Kansas City – January 2019

Today, performing the very same address search for Kansas City yields a completely different result. Today Kansas City is in a far more reasonable location at 39.0997265, -94.5785667

Kansas City, January 2019

What Is Going On?

Both location requests pass the same URL to Google Maps JavaScript API with the region and language set properly. Google, however, likes to change their map data sets and lookup algorithms frequently. This is just one more specific case where historical evidence shows that Google Map locations move — at least with the “purposefully lower quality” data set provided via the Maps JavaScript API.

In years of testing we’ve found that some locations move by as much as a quarter-mile EVERY MONTH. It is the inherent “jitter” Google seems to have built into their published maps data. You may even find that if you search Google Maps for Kansas City today it has already moved from the above location.

Their own map service puts it here: 39.0915821,-94.8565881

Google Maps.com — where is Kansas City

Which happens to be pretty darn close to what Open Street Maps is telling us at 39.094, -94.537 — a service we use to cross-reference data on our MySLP service.

Want Kansas City To Stay Put?

MySLP uses an aggregate data set from multiple providers and is constantly refined by user input and our customer service staff to provide more accurate results. Unlike Google – our MySLP users CAN get better results and email real human beings that can fix location data NOW.