WordPress Plugin Framework
In September 2013 we made a decision to build a WordPress plugin framework and rebuild all of our plugins on the framework. The initial build took just on 8 weeks and once built and further 8 weeks to rebuild our plugins with the framework. At the time we believed that advantages of creating a plugin framework would be:
- Mobile responsive admin interface
- Make life easier with admins who have multiple a3rev plugins as the admin panels all have the same layout and settings.
- The ability to roll out updates to the framework quickly
This week we saw again how brilliant the WordPress Plugin framework is at giving us the ability to roll out plugin updates to users. On Monday the 1st of June 2015 we started an upgrade to the framework to harden security.
This task was a major change to the way that the framework handles writing css changes to the dynamic stylesheets that happens when an admin saves Changes that have been made with the Dynamic Stylesheet settings.
The upgrade was finished and fully tested in those 2 days. Over the next 2 days (Wednesday and Thursday) the new code was merged into the Framework of 51 plugins and released to users with these Security hardening upgrades.
From the changelogs:
- Tweak – Security Hardening. Removed all php file_put_contents functions in the plugin framework and replace with the WP_Filesystem API
- Tweak – Security Hardening. Removed all php file_get_contents functions in the plugin framework and replace with the WP_Filesystem API
- Fix – Update dynamic stylesheet url in uploads folder to the format //domain.com/ so it’s always is correct when loaded as http or https
Writing to the Dynamic stylesheets via the WP_Filesystem API rather then the php PUT and GET function is far more secure as the only person who can write to the file is the site owner. If you are interested in more reading on this – read this excellent post Tutorial: Using the WP_Filesystem
More WordPress Plugin Framework Upgrades
We are currently working on a major feature upgrade to the a3rev WordPress Plugin Framework. Without giving to much away the Feature Upgrade is a mobile first UI and UX overhaul of the admin panel layout and settings. We how to start rolling that out early next week. Stay tuned.