Brand new 3.8 version is available now, bringing several important security features, new shortcodes, various updates to the Rich Snippets, JavaScript improvements and several bugs fixed.
Before we go on, make sure to check out the previous post related to the changes Google has made to the Rich Snippets related to reviews and ratings.
Rich Snippets Changes
In line with the changes, Google has made recently, the snippets implementation in the plugin has gone through some changes. Legacy snippets support has been removed because there is no way to make it compatible with the Google changes when we already have a snippet type system in place. That system has been tweaked and improved a bit, few settings changed.
To make sure your snippets are in line with Google changes, make sure to run Rich Snippets Update from the Tools panel, removing legacy settings from the database and updating some existing settings too.
Security Enhancements
In recent months there were increasing reports about bots probing the AJAX endpoint in WordPress related to the rating plugin. And while we can’t do anything to stop that – AJAX URL in WordPress is public, so anyone can send traffic to it, a lot has been done to make sure that actions related to the rating plugin are secure. To further improve that, the new version includes few more tests for each request, and most importantly, a unified handler for all AJAX related errors that not only send error messages, but it sends proper HTTP response codes for these errors. This means that in a lot of cases, bots that start getting these errors will stop their probes.
And, there is another security-related feature called Request Throttle. With it, you can limit the rate of votes coming from one IP or one user. In normal cases, the user can’t vote more than once every few seconds when the voting is handled properly through website and plugin controls. But, if someone crafts elaborate bot that can mimic the request sent by the plugin on normal vote, that bot can effectively send votes directly to the AJAX endpoint at a very high rate. With Throttle control that is made less likely, because you can limit the number of votes to one every few seconds.
And, finally, next week (September 30, 2019), our in house security plugin GD Security Toolbox Pro will be updated with a very important feature: it can hook into GD Rating System AJAX error handler and pick up all the error reports and log them into the security log, with options to auto-ban IP’s that exceed preset limits. This way plugin can automatically take care of bots and other malicious actors trying to exploit the website though rating plugin.
New Shortcodes
The plugin has 4 new shortcodes that are very useful to show or hide content inside the post based on the information: the user has voted or user has not voted for the current post or specific post. Here is the example block with two shortcodes for voted and not voted, and at first you will see not voted message. Vote, reload the page to see it change.
You have voted, thank you!
And more
There are many updates under the hood, in JavaScript with the improved actions and filters and improved error handling, changes in various addons. Also, this version fixes several bugs discovered in the past couple of weeks related to rich snippets, shortcodes and WP REST API implementation. And, Multi Ratings Addon has been also updated with similar changes related to JavaScript.
And, as always, please report any issues you may find with the new version.
