Released on: Monday, 07 September 2020 14:42
Removed support for Internet Explorer. We have removed support for Internet Explorer from our CSS. IE11 will still work with our software but it will always be displaying its mobile view, even on desktop. Microsoft has already announced that it will stop supporting IE11 in Microsoft Teams beginning November 30, 2020 and terminate all IE11 support in August 2021. We decided to remove IE support starting September 2020 because it was adding unnecessary bloat to our code and prevented us from implementing features we needed. Not to mention that this seven year old browser is barely used anymore.
Inherit the base font size instead of defining a fixed one. In the past, our software was setting a base font size of 12.5px. While this is a fairly reasonable size for able bodied users on most desktop and mobile displays it doesn't work well for users with accessibility requirements necessitating a bigger font size or users who otherwise need scaled text for any reason. We changed our CSS framework to inherit the document's base font size to mitigate this issue.
Improve default header and body fonts for similar cross-platform "feel" without the need to use custom fonts. Our software used to require two custom fonts Montserrat and Open Sans for header and body text respectively. These fonts were not shipped with it to maintain a reasonable download size. As a result, we fell back to using your platform's default sans-serif font which would sometimes not be the best choice for readability. We are not using your platform's preferred fonts for UI headers and body text, giving our software a more readable and native appearance.
.htaccess Maker: Automatically compress static resources will now use Brotli compression with priority if it's supported by both the server (mod_brotli) and the client (accepts encoding "br").. Brotli is a newer compression format which offers better compression ratio than GZip. It is natively supported by Apache 2.4 when the relevant Apache module is loaded. It reduces the amount of data transferred, making your site load much faster.All modern browsers support it. As long as your Apache server loads mod_brotli all you need to do is regenerate your .htaccess with Admin Tools to support Brotli compression.
Improve the UX of the URL Redirect form page. Having already tried naming the fields From/To, Old URL/New URL, Existing URL/New URL in the past it would appear that people are split exactly evenly in their understanding of what is redirecting to what. In this version we are labelling the fields as "Visiting This" and "Takes You Here". There is no room for misunderstanding anymore.
Add .xsl to the default allowed extensions for .htaccess Maker's Site Protection feature. Do not confuse this with XLS (Excel files). XSL files are used by the browser to transform an XML document to a different format, e.g. HTML the browser can render. This is typically used in site maps by plugins such as Yoast SEO to let the browser display the sitemap.xml file in a way that the human visiting it can understand better. Please note that even though XSL files were not allowed by default in the past your sitemap.xml file was still being read and understood by Google and other search engine, despite errors you were getting when visiting it with your browser.
Obsolete files were not deleted during installation/update. This was mostly a problem for the now removed DFIShield feature which clashed with some form plugins. Even though we removed the feature and its configuration UI its file would be left behind, causing a problem that you had no way to fix.
Bug fixes and minor improvements. Please take a look at the CHANGELOG below.
We officially support only the latest released version of WordPress 4.9 and 5.x.
While our software should run on any WordPress version newer than 3.8 (with several features only working fully or at all on WordPress 4.4 and later) we VERY STRONGLY recommend using the latest version of WordPress only. Newer versions of WordPress address security issues which can not be guarded against through a web application firewall / security plugin. Moreover, newer WordPress versions address bugs and features which by themselves are not security issues but can be used to facilitate the compromise of a site. For example, support for the UTF8MB4 character code may have been billed as “Emoji support” but, in fact, addresses a whole class of very sinister database attacks, hinging on the way MySQL quashes extended characters in plain UTF8 mode, which are impossible to address in a generic firewall.
In short: trying to have a secure site with old code that contains known vulnerabilities is an exercise in futility. Do the smart thing, update WordPress first, then use a security plugin to tighten your security.
We only officially support using our software with PHP 5.6, 7.2, 7.3 or 7.4. We strongly advise you to run the latest available version of PHP on a branch currently maintained by the PHP project for security reasons. Older versions of PHP have known major security issues which are being actively exploited to hack sites and they have stopped receiving security updates, leaving you exposed to these issues.
Our software should still run on PHP 7.0 and 7.1. However, we do not test with these versions and we no longer treat breaking support for these obsolete PHP versions of PHP as a bug.
Our software will not run on versions of PHP older than 5.6 such as 5.5, 5.4, 5.3 or even older.