It has been a while since we’ve had updates for the Store Locator Plus® plugin and SaaS service. We’ve been busy over the past year adding new development staff and getting them up-to-speed in order to address new demands presented by the WordPress Plugin Team in order to get Store Locator Plus® re-listed in the plugin directory. Their demands to shore up potential weaknesses in the main plugin turned out to be a major project.
Over the past 8 months the development team has updated nearly 1,000 lines of code in the base plugin. It is important to note that these changes did NOT fix known security breaches or exploits; The changes were done primarily to address hypothetical what-if security concerns in the plugin. While the updates do little to improve security of the plugin and have a minor negative impact on performance, the changes were necessary in order to meet the new WordPress Plugin Team guidelines for getting our plugin re-listed.
Finally, after 8 months of effort we are nearing the finish line. We are now testing an updated 5.13.X prerelease version of the Store Locator Plus® plugin. Once we have finished our own internal testing and all base functionality has been approved, we will re-submit the plugin for re-listing on the WordPress directory.
While this is a milestone that has been in the works for a long time, it is only the first step in many new changes that are planned for the coming year. Our lead architect, along with the rest of the development team, have a lot of great new ideas to improve our product. The 10-year-old technology is ready for an overhaul using modern standards. A vastly improved user experience is in the works as well as a much improved turn-key experience with a tighter WordPress Plugin integration with our SaaS platform.
We are excited to get past this year-long maintenance and security cycle and start building new things for our customers.
In the meantime, if anyone is interested in helping us test the prerelease version of Store Locator Plus® 5.13, please reach out via the contact form and we’ll send you an early release at no charge. Our Premier Subscription holders can already download the prerelease from their account downloads page.
We appreciate your patience while we get things rebooted on the WordPress directory. We look forward to providing improved user experiences and application performance in the coming months.
The security improvements are based on feedback from the user community and are not related to direct reports of security threats. The security concerns only impact users of the self-managed WordPress plugins. The vast majority of the work was done on administrative access and sanitizing of input values. SaaS users are not impacted by these issues.
- Enterprise clients using cluster map markers may have experience map outages , this is resolved.
- Enterprise clients using the location loading indicator set to ‘circle’ had issues with the map not displaying, this is resolved.
Updating Your Location Software
The Software as a Service version of the application was updated overnight. Users of the SaaS platform do not need to take any action to receive the latest features and patches.
The above issues also impacted all WordPress plugin users and require updating to the latest release. The folks at WordPress.com have yet to approve our latest updates and re-list the main plugin. You’ll need to manually uninstall and re-install the main Store Locator Plus® plugin, which can be purchased from our WordPress plugin store.
Store Locator Plus® 5.9 was released last week as a security update for the WordPress plugin community. The plugin was reviewed by the WordPress Directory staff. They chose to keep the plugin closed for what they deemed “potential future issues” with the plugin as well as requests for several changes to follow what they deem “best practices”. Of note in this review is that they did not cite any of the publicly reported vulnerabilities that closed the plugin in the first place as remaining open.
In other words, all reported vulnerabilities were apparently addressed to their satisfaction.
However, they have opted to keep the plugin closed until we can update our coding style. While we are willing to work toward their new “best design practices” for coding style, this is going to take some time. For example, the latest 5.10.1 release of the Store Locator Plus® plugin has replaced the PHP standard <?= shorthand with the longer <?php echo syntax per the WordPress Plugin Directory Team’s request. Not a security issue, but something they requested we change before being re-listed. This requires that we run a full internal test if the updated code before it can be released to the general public.
While we wait for the WordPress Plugin Directory Team to approve re-listing, our self-managed WordPress plugin users can only receive updates to the Store Locator Plus® plugin. You can find this in the WordPress plugin store. You can learn more about the update process in our 5.9 Security Update Released news post.
While we hope that the folks over at WordPress.com deem our plugin worthy of being re-listed in the near future, we have no control over what they will come back with during each review. It could be weeks or months before the plugin is available again in the standard directory with one-click updates being available.
This is one of the biggest advantages to being on the SaaS offering, no need to manually update your locator software. EVER.