[ad_1] WP Engine has launched Faust.js, a new headless framework that is open source and designed to work in any Node hosting environment. The framework is built on Next.js, which can handle both static site generation and server side rendering. It uses GraphQL for data fetching and is the only framework that allows developers to query the WPGraphQL API without having to know GraphQL queries ahead of time. Faust.js was in its earlier stages when WP Engine hired WPGraphQL creator and maintainer Jason Bahl. The company has been heavily investing in headless infrastructure development, hiring more engineers for projects aimed at reducing the friction of using WordPress as a headless CMS. This is the main thrust of the new framework – to allow developers to build scalable, better performing sites with modern frontend tools while preserving WordPress’ rich publishing experience. Faust.js includes content previews, support for custom post types, and built-in authentication to support paywalls, e-commerce, membership sites, and other functionality that has traditionally been difficult for headless sites. How does Faust.js differ from existing headless solutions like the React-based Frontity framework? Developers building headless sites are curious after Automattic acquired Frontity and the framework’s maintainers exited to work full-time on Gutenberg. Using a community-supported headless framework can be a risky bet for enterprise clients when its creators and maintainers are no longer able to contribute. “Frontity and Faust are similar, the main difference is that Frontity focuses on providing a framework on-top of React where Faust is primarily built with Next.js support in-mind,” Faust.js creator William Johnston said. “This small distinction is meaningful and means when you are using Faust you can take advantage of all the amazing benefits of Next. It also lets Faust focus specifically on how to make Headless WordPress a better experience, without having to come up with a comprehensive solution for front-end, node-base, static/server-side applications.“ When asked how Faust stacks up to Frontity in a comment on Reddit, WP Engine developer relations engineer Kellen Mace highlighted a few other major differences between the frameworks. Frontity only works with the WP REST API and Faust uses WPGraphQL “for more efficient queries.” “Technically, Faust is built in ‘layers,’ so even if you choose to build your frontend app using SvelteKit, Nuxt, etc. you can still leverage several of the tools Faust provides,” Mace said. “We’ll have more documentation coming out on using it with other JS frameworks in the near future. Using it with Next.js gives you the most ‘bang for your buck,’ however.” Johnston confirmed that certain elements of Faust (the core/React pieces), are already working with the React-based GatsbyJS framework. Faust is less opinionated about the frontend and is more centered around making the WordPress publishing experience better. A demo of Faust in action is available at developers.wpengine.com. The framework, which includes NPM packages and a WordPress plugin, can be found on GitHub, but its maintainers caution that there will be breaking changes in the future. Developers who are interested in learning more about Faust.js can check out the documentation or listen to the most recent episode of the DE{CODE} podcast where Johnston discusses headless WordPress and introduces the framework. Like this: Like Loading… [ad_2] Source link
Continue readingTag Archives: Framework
Extendify Patches Vulnerabilities in the Redux Framework Plugin – WP Tavern
[ad_1] Wordfence has published two vulnerabilities that affect users of the Redux Framework plugin, which has more recently come to be know as the “Gutenberg Template Library & Redux Framework” on WordPress.org. Extendify purchased the plugin from its creator, Dōvy Paukstys, in November 2020, in a deal that was not highly publicized. It is currently active on more than 1 million WordPress sites. Throughout most of its history, Redux has been known as a popular options framework for themes and plugins. In 2020, Paukstys relaunched the framework with a focus on Gutenberg templates. Users can now browse more than 1,000 templates from inside the block editor. It is this new template-browsing feature that was found to be vulnerable in Wordfence’s recent security report, due to a lax permissions check on the WP REST API endpoints the plugin uses to process requests in its template library. On August 3, 2021, Wordfence disclosed one high-severity vulnerability described as an “Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion” and a lower-severity “Unauthenticated Sensitive Information Disclosure” vulnerability to the plugin’s owners. The report published this week describes the nature of the threat: One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any post or page via the REST API. A second vulnerability allowed unauthenticated attackers to access potentially sensitive information about a site’s configuration. Extendify responded immediately and shipped a patched version (4.2.13) of the Redux Framework on August 11, 2021. At the time of publishing, more than 71% of sites using the Redux Framework plugin are running on older versions that remain vulnerable. Users are advised to update to the latest version in order to get the security patch, especially now that Wordfence has published an article showing how attackers could potentially exploit these vulnerabilities. Like this: Like Loading… [ad_2] Source link
Continue reading