Hey everyone. The last month has been full of highs and lows, and July has probably been the biggest month for the platform to date in terms of development. This is largely due to finally being able to get MAMP working as intended and finally getting a version of the platform running on a local dev server so I have much more freedom playing around with potential new features without the risk of it breaking absolutely everything. I apologise as this is a really big update post.
First off, several people have rightly complained about the speed of their websites on the platform, so most of the focus has been on resolving that. The good news is that things are now running faster than they ever have been!
The first thing I did upon receiving these complaints was disable several behind-the-scenes processes which contribute in their own ways to server load, including automatic site-backups, and an action log. The action log basically logged each and every action taken on the platform, such as site updates and login attempts. This was originally added for security but the way each action was logged did add to the server load and the information provided wasn’t particularly helpful by any means. I replaced this with a new & lightweight firewall solution which allowed me to see more clearly what’s going on and run an investigation.
After deep investigation, I discovered that those pesky brute-force bots were still hard at work trying to break into your websites, even-though several months earlier I implemented a patch to ensure they’d never be able to get access the way they were trying.
The earlier patch came in 2 parts, first was obscuring the url to the login page they were using so they’d need a “key” to access it directly, and the second was adding a CAPTCHA, so that even if they did manage to access the login page, they’d also need to correctly solve Google’s reCAPTCHA. I figured doing this would cause the bots to eventually realise the changes and give up/move on. I was wrong. It turns out they were still very hard at work trying their darndest in vein to break in, and even-though they couldn’t solve Google’s reCAPTCHA, they could still submit the form which still put the server to work, and the numbers in which they were trying was the main issue which caused the platform to operate so slowly.
Before when I first noticed these brute-force bots, I also noticed they were all coming from different IP addresses, each time they’d try to log in they’d switch their IP and try again, so simply blocking the offending IPs would not stop them. This time round though I was able to find a pattern with the type of browser they were using (which doesn’t actually exist), so successfully blocked access to the platform for these bots entirely. Upon blocking the bots I noticed a significant improvement in speed and resource usage, but I didn’t stop there.
Throughout the investigation I also spotted a huge wave of hits to a number of sites from so-called spy-bots. I looked into these offending bots and found they provide absolutely no benefit to the sites they were visiting, and were using a LOT of resources on their travels. These bots have also been blocked from accessing the platform, further reducing server load and improving the overall speed of the platform.
The new firewall also allowed me to impose limits on the number of times somebody can attempt to login in any given period before temporarily blocking them access to try again, and also throttle bots that get too resource-hungry.
Again I didn’t stop there in my attempts to speed up the platform.. Finally, the platform has been upgraded from PHP 5.6 to PHP 7.0 which promises faster running processes, and the database has also been cleaned up.
Since making all of these changes I’ve noticed a considerable improvement in load times and server resource usage, but unfortunately it all happened a little too late for a few customers who decided to jump ship. It won’t stop me carrying on, and if anything, has given me more motivation to push forwards to be the best I can possibly be.
Thanks to the new dev server allowing me more freedom with development, there’s a new app in town! Say hello to the new ‘Sticky Shopping Cart Tab’ app.
The Sticky Shopping Cart Tab app will add a new cart icon to the side of the screen which when clicked will show the contents of a user’s shopping cart and provide quick links to checkout.
There’s also a few customisation options which can be found in the Customiser.
This feature has been highly requested and I’m glad to be able to say it’s now available to all users, and can be found in the Basic plan category of the Apps screen.
Another new addition in July is the Shipstation Integration app, which allows integration with the popular fulfilment service Shipstation. The Shipstation Integration app is also available to all users and can be found in the Basic plan category of the Apps screen in your admin panel.
Several apps were updated last month to provide additional features & fixes. I won’t go into too much detail with these so here’s an overview list..
Checkout Addons App
Updates & Features:
- Renewals processed with Subscriptions app will include addons from the original order.
- Fixed admin order filtering for select addons with values that contain spaces.
- Ensure required checkbox addons are validated at checkout.
- Fixed a compatibility issue with One Page Checkout app.
- Preserve addon tax settings when taxes are globally disabled in store settings.
Social Login App
Updates & Features:
- The linked profiles table on the My Account page now looks better on mobile screens.
- Properly include & verify the state parameter in OAuth requests to prevent CSRF login attacks.
- Fixed a CSRF issue with the “Unlink Social Account” action.
- Fixed open redirect issue with login redirect URLs
- Don’t display the “Link your account” notice on Thank You page for logged out users.
Updates & Features:
- Query arguments for posts & products shown in the Members Area sections are now filterable.
- When dripping content for delayed access, the amount of time a membership may have been paused when reactivating the membership and resuming access to restricted content is now taken into consideration.
- When redirecting non-members off from restricted content, if they login they are redirected back to content they have access to.
- Once a subscription is cancelled or trashed, it’s now automatically unlinked from an associated membership.
- Restricted or delayed content can be filtered so excepts or default restriction messages can be replaced.
- Improved compatibility with Dynamic Pricing app.
- Better handling & performance.
- When a customer switches between subscriptions, the Membership tied to the subscription variation moved away from will no longer be linked to it and stay cancelled.
- Restricting the purchase of a subscription variation while the purchase of the parent variable subscription product is no restricted may not prevent non-members to purchase that subscription variation product.
- When a product is both on sale and part of a membership plan’s discount rules, if a user is logged in and is not a member of that plan, the sale price label doesn’t show the original standard price before the sale price.
- When a guest customer adds a product to a cart, then logs in as a member that should get a membership discount for that product, the mini-cart did not reflect the price change before visiting the cart page or adding more products to cart.
- Correct member count when viewing plan list.
- Products set on sale didn’t display the “On Sale” badge.
- Correctly display labels for content types in Members Area.
- Disable discounts for subscription renewals to make sure that renewal order prices are honoured also in manually created subscription.
- Expired memberships no longer display the “View” link for the members area.
- When discounting subscriptions sign up fees is enabled, the cart totals may have not accounted for the sign up fee discount in the calculation.
- Check if a subscription-tied membership should really expire by comparing it to either the subscription’s or membership’s expiry date.
- Do not reactivate paused memberships upon Subscriptions app (re)activation unless they are tied to an active subscription.
- Members could not be correctly sorted by member name in the admin dashboard screen.
A large number of updates were implemented to the platform core. The bulk of it applied to the Page builder and Customiser.
The most notable new features to come to the Page Builder are the new responsive margin & padding options, column in column support, new user experience when dragging and dropping items on pages and the way changes are rendered (no more full-page loaders when saving a module or dragging and dropping an item), the ability to drag & drop columns, vertically aligning columns, and the ability to trigger buttons to open popover lightboxes.
Notable new features for the customiser are submenu indicators, the ability to change the logo for sticky headers, the ability to add an author box to blog post pages, and the ability to change the number of columns on product category pages.
Apps Admin page
- Removed “x-Alpha” test category.
- Renamed “Addons” to “Apps” in empty search results.
Updates & Features:
- Added settings to vertically centre or top align content in full height rows and equal height columns.
- Added “bottom” as an alignment option for row contents.
- Added settings to add a video background to a row using external links instead of the media library.
- Added colour connection for row backgrounds.
- Added field connections for row background videos.
- Added YouTube and Vimeo support for row backgrounds.
- Added the option to enable audio for YouTube and Vimeo row backgrounds.
- Vimeo and YouTube scripts are now only loaded in the Page Builder UI when a video from those services is present.
- Saved rows in Page Builder UI are now sorted alphabetically.
- Updated language files.
- Added a dot indicating whether the Page builder is enabled or not on the Page builder’s launch links.
- Updated user role access settings.
- Added caching for registering templates.
- Changed priority of UI script loading.
- Multiple calls to Google Fonts from Customiser and Page Builder are now combined into one request.
- Removed the loading graphic when saving settings. Elements are now slightly faded until they are updated.
- Module and row duplicating is now instantaneous instead of having to wait with a loading graphic.
- All drag and drop operations now load inline instead of taking over the page with a loading graphic.
- Added module name to the module settings overlay tooltip.
- Added support for Memberships app.
- Added JS config for overriding the offset of waypoint animations.
- Added support for font-weights that have “i” at the end of their value string.
- Added logic to prevent bad JS entered into the layout settings from breaking the builder.
- Updated Google Fonts.
- Removed the “Read More” button from the text editor in the Page Builder UI as it does not work with builder layouts.
- Changed edit button text on the admin edit screen for templates to say “Launch Page Builder”.
- Added the ability to drop columns into columns.
- Added the ability to drag & drop existing columns.
- Made multiple improvements for more accurate dragging & dropping.
- Added responsive settings for margins, padding, and borders.
- Updated content page templates.
- Template images are now loaded via HTTPS.
- Added the ability to add an alpha slider to colour fields.
- Added the “site” parameter to the layout shortcode for inserting layouts from other sites via shortcode.
- Added bottom alignment setting for equal height columns.
- Added filter for countries that block Google domains.
- Added Arial as the default fallback font for Windows users.
- Added a setting in the advanced tab to show rows/modules/columns based on if a user is logged in, logged out, or never show them (they only appear while editing). You can also choose the role logged in users must have to see a row/column/module.
- Added a setting in the advanced tab to reverse the column stacking order on smaller devices.
- Added a button for resizing settings lightboxes so they fill the screen.
- Changed row and module templates to saved rows and modules.
- Tweaked templates admin settings terminology.
- Tweaked draft and discard button terminology.
- Increased size of the publish button.
- Added oEmbed support to editor fields in all modules.
- Added settings to all modules with buttons for fading in icons on hover and choosing a hover opacity for transparent backgrounds.
- Added a no follow setting to modules that have buttons in them.
- Subscribe Form module: iContact Pro support.
- Subscribe Form module: GoDaddy Email Marketing support.
- Subscribe Form module: Enable enter key to submit form.
- Subscribe Form module: Added campaign field for Drip email service.
- Subscribe Form module: MailPoet 3 beta support.
- Subscribe Form module: Added Enormail support.
- Subscribe Form module: Added support for setting a custom subject.
- Subscribe Form module: Accessibility enhancements.
- Subscribe Form module: Added reCAPTCHA support.
- Subscribe Form module: Added MailerLite support.
- Subscribe Form module: Added the option to choose a form or list for ActiveCampaign connections as forms trigger the autoresponder where lists do not.
- Subscribe Form module: Added tags support for AWeber and ActiveCampaign.
- Menu module: Added responsive breakpoint settings.
- Menu module: Added the same mega menu logic as the customiser navigation menu.
- Menu module: Added a submenu spacing setting.
- Menu module: Accessibility enhancements.
- Menu module: The mobile version of a menu now collapses when an anchor link is clicked.
- Menu module: Added “below row” option for mobile menu position.
- Menu module: Added font family setting.
- Menu module: Misc CSS improvements.
- Menu module: Added a setting to collapse inactive items in accordion mode.
- Testimonials module: New setting added to control slider direction.
- Video module: Added field connections.
- Video module: Changed embed field to a code editor.
- Number Counter module: Added field connections.
- Posts module: Added the ability to order posts by meta value.
- Posts module: Pages post modules are now scrolled to when clicking a link to the next page.
- Posts module: Pagination now works separately when multiple Posts modules are on a page.
- Posts module: Added “columns” layout to the layout setting.
- Posts module: Added more layout and styling settings.
- Posts module: A “No posts found” message is now shown when no posts are found.
- Posts module: Added a setting to customise the “No posts found” message.
- Posts module: Added a setting to show a search form if no posts are found.
- Posts module: Added the ability to exclude posts in the content filter for the query.
- Posts module: Added an above title option for the featured image position.
- Post Carousel module: Accessibility enhancements.
- Post Slider module: Accessibility enhancements.
- Contact Form module: Added custom field connections to the email field.
- Contact Form module: Added support for setting a custom subject.
- Contact Form module: Accessibility enhancements.
- Contact Form module: Added reCAPTCHA support.
- Contact Form module: Added settings for customising the button.
- Contact Form module: The recipient’s email address is no longer visible in the markup.
- Accordion module: Accessibility enhancements.
- Accordion module: Removed outline when an item has focus.
- Accordion module: Added a setting that makes the first item open by default.
- Tabs module: Accessibility enhancements.
- Content Slider module: Accessibility enhancements.
- Icon module: Accessibility enhancements.
- Icon Group module: Added settings to choose individual icon colours and link targets.
- Button module: Added the ability to open a lightbox via a button.
- Heading module: Added settings to set the line-height and letter spacing.
- Gallery & Photo modules: Added a loader icon when opening a lightbox.
- Gallery module: Captions are now displayed in the lightbox.
- Separator module: Added settings to set the width and alignment.
- Removed the Text Widget from the module list in favour of the Text Editor & HTML modules. Sites previously using the Text Widget will still render and they can still be edited, they just won’t be able to add new text widgets.
- Fixed JS error in Row > Background > Slideshow on touch-enable devices.
- Increased the video ratio to 16:9 to fix the top/bottom black border on responsive layout.
- Changed span to div element for the Accordion label to avoid possible W3C validation error.
- Disabled click event while transitioning on Posts Carousel, Posts Slider, and Testimonial modules to avoid skipping slide item.
- Fixed Posts module infinite scroll if Posts Slider module is on the same page.
- Added sans-serif as Google Fonts fallback.
- Pagination issue with Posts module if page URL has a query parameter.
- Make sure submenu closes on pages with scroll-to link.
- Featured image should now be displayed below title and beside text for both left & right position Posts module list.
- Fixed Posts module when multiple authors are selected.
- Fixed a JS error if breakpoint was left blank in global settings. Now a required numeric field.
- Fixed read more link in the Posts module not going below the content and causing line-height issues in the list layout.
- Fixed colour picker closing when the mouse goes outside of the picker during drag.
- Fixed comments showing in the Posts module when they shouldn’t.
- Fixed Social Sharing app icons not showing in the Posts module.
- Fixed line-height issue with the Map module.
- Fixed some module assets not being re-rendered when working in the Page Builder.
- Fixed some photos not going full-width on mobile.
- Fixed colour picker alpha slider.
- Fixed unescaped attributes in the Heading module causing HTML errors.
- Fixed non-breaking space in the Number module.
- Fixed Posts Carousel & Posts Gallery icons always showing even when set not to display.
- Fixed photo fields showing incorrect selection when switching site to HTTPS.
- Fixed validation errors with Map module.
- Fixed linking to a specific tab in the Tabs module.
- Fixed SSL mixed content issues with the Slideshow module.
- Fixed the thumbnail navigation in the Slideshow module not showing on touch enabled desktops.
- Fixed a PHP warning in the Post Slider module with random ordering when using an offset.
- Fixed Maps module trying to open the Google Maps app in the Facebook Messenger app.
- Fixed posts with double quotes in their names breaking suggest fields.
- Fixed row text colour overriding colours set in the Pricing Table module.
- Fixed row and column text colours affecting select inputs.
- Fixed live preview issues for nested columns when editing the parent column.
- Fixed issues with equal height columns and nested columns.
- Fixed HTML validation error with the Icon module.
- Fixed Content Slider module’s navigation arrows not showing in IE11.
- Fixed the lightbox not working in the Photo module.
- Fixed broken slideshow backgrounds when no transition speed is set.
- Fixed Gallery module lightbox ordering when using the collage layout.
- Fixed multiple colour picker issues by changing the mode to HSV.
- Fixed negative column and module margins covering row overlay actions.
- Fixed SSL issues caused by the YUI3 script.
- Fixed module animations not running when the module is too far down the page.
- Fixed lightbox close button being hidden by the admin bar.
- Fixed full height rows overlapping in IE 11.
- Fixed double slash in the pagination URL for the Posts module.
- Fixed equal height columns not vertically aligning in FireFox.
- Fixed a bug with the responsive styling of the Heading module.
- Fixed a bug with the toggle behaviour of button style options when the background colour is not set.
- Fixed a bug with row text colours overriding text colours in the Number module.
- Fixed a bug with FontAwesome icons in the headings of Tabs modules converting to a plus icon when clicked.
- Fixed a bug with resizing the Testimonials module on large/medium devices.
- Fixed a number of CSS bugs.
- Fixed a number of issues with the Menu module.
- Fixed editing performance issues with AJAX layout rendering on large pages.
- Fixed the display of SVG files in the Photo module.
- Fixed a bug in the Post Carousel and Post Slider modules that broke the offset setting.
Updates & Features:
- Updated language files.
- New option for mobile navigation breakpoints including the option to have mobile menu always.
- Add support for upcoming product galleries. Option added to switch gallery type.
- Sidebars are now an option on product category archives.
- Submenu indicator added to top bar nav.
- Added an option to enable/disable sidebar on shop & single product pages.
- Updated Google Fonts.
- Moved Social icons settings to General tab.
- Added image size option for archive and single post image.
- Added optional Author box to post pages.
- Sticky navigation can now use a different logo to the main navigation.
- Font Awesome updated.
- Logo text element changed from span to div to fix markup validation when HTML is added.
- Added submenu indicators to main navigation.
- Convert social icons to Font Awesome where used.
- Product archive columns are now configurable.
- The Skin files, Bootstrap & Google Fonts are now enqueued instead of being statically rendered.
- Anchor links are now highlighted in the nav when clicked.
- The mobile menu now closes when an anchor on the same page is clicked.
- Search form now uses HTML placeholder value.
- Added Skype to the social icons settings.
- Fixed missing colour options in Header > Nav Style.
- Fixed an issue where Posted In: and Tags: were being displayed even when empty.
- Fixed a JS error caused by ImagesLoaded not being enqueued.
- Fixed nav style colours for current ancestor/parent menu item.
- Fixed an issue with media library sometimes not being closable when selecting images.
- Fixed a spacing issue in right aligned nav with the search icon.
- Fixed an issue with centre nav inline logo not being vertically aligned.
- Fixed Shop related products position when tabs do not exist.
- Fixed checkbox alignment on Shop checkout forms.
- Fixed W3C validation with nav.
- Fixed a bug in customiser code editor.
- Fixed default backgrounds being blank in presets.
- Fixed JS error when clicking on menu item link that contains hash string.
- Fixed a navigation overflow issue.
- Fixed styling in navigation when ancestor or submenu is active page.
- Fixed small styling issue with mobile mega-menus.
- Fixed an issue where extra padding was being added when fixed nav was enabled on full-width layouts.
- Fixed full-width posts template which was wrongly adding space for a non-existent sidebar.
- Fixed a spacing issue on Safari when fixed header is enabled with a logo.
- Fixed incorrect display of nested submenus in the Custom Menu widget.
- Fixed the no header/footer template still showing a margin when using the vertical nav header.
- Fixed header resizing incorrectly when using the boxed layout.
- Fixed spacing issues with the Shop cart totals section.
- Fixed missing styling for URL inputs.
- Fixed a bug with content padding when using vertical header layouts.
- Fixed a bug with the scroll to top button freezing scrolling on iOS.
- Fixed a bug with Page Builder UI elements going on top of fixed headers.
- Fixed a bug with screen reader text sometimes showing.
- Fixed a bug with double class attributes nav search.
- Fixed a bug with mega-menu headings not showing on mobile.
- Fixed a bug with Shop product category layouts.
- Fixed a bug with long mega-menus going off the page. Long mega-menus now revert to standard dropdowns when there is not enough room.
- Fixed a bug with the logo resizing from 0 to 100% on load when the shrink header option is selected.
- Fixed a bug with the mobile menu’s transition when submenus are present.
That’s just about all for this month! I also finally added some documentation for the Customiser. Plenty more updates are on the way, and I’m also aiming to have some more documentation articles up in August so keep your eyes peeled.