Blog

WordPress

Posted on — Last updated on July 9, 2024

WordPress Popular Posts 5.4: Widget block improvements plus prep work for CSP support

Version 5.4.0 allows the Widget block to be page caching friendly, provides WPML/Polylang support for it, and preps the code for future WordPress CSP work.

This release focuses entirely on bringing the WordPress Popular Posts block up to the same level of robustness as the classic WordPress Popular Posts widget, plus some goodies!

On July 20th, 2021 the WordPress team released version 5.8, “Tatum”, to the public. One of the major changes introduced with this release is the new Widgets screen – widgets are now handled as blocks, the UI changed a lot as well from what we all were familiarized with, and as with any big changes this also introduced some issues for widgets -like WPP’s- that weren’t really prepared for it.

I started working on the new WordPress Popular Posts block only a few weeks before WordPress 5.8 was launched after learning that it was decided by the WP team that the new Widgets screen was good enough to be shipped with 5.8. Seeing the amount of complaints online about the new Widgets screen I’d say that the WP team may have rushed things a bit.

Anyways, now that the dust has settled and that it’s been a few weeks since 5.8’s release I had some time to polish the new WPP block some more.

The WPP Block is no longer considered an experimental feature

With version 5.4 the WPP block has abandoned the “experimental” phase and is now available to everyone. You can add the WPP block to your sidebar via the new Widgets screen and/or to your posts & pages via the Block editor without needing to enable WPP’s Experimental Features.

The block is now fully compatible with sites that use caching plugins and / or sites that use Polylang or WPML to translate their contents to other languages (more on this below).

Keep in mind though that the WPP block is still a WIP, breaking changes in future block updates are to be expected so keep an eye on the changelog to make sure you don’t miss anything. The WordPress Popular Posts block is on par with the classic WordPress Popular Posts widget and will be its replacement in the near future. If you’re using the classic WordPress Popular Posts widget please consider migrating to its block counterpart soon.

Page Caching plugins support

Due to time constraints and the fact that I’m still learning how to develop Gutenberg blocks the WPP block was initially released with some missing features that the classic WordPress Popular Posts widget has, like the ability to load itself via AJAX to prevent page caching plugins from caching your popular posts list.

Adding this functionality to the WPP block required implementing a new REST API endpoint since the existing ones were not really fit for the job. Maybe we can have the classic WordPress Popular Posts widget use this new endpoint in the future which would hopefully improve its compatibility with some popular page builders, like Elementor for example.

Anyways, if you’re using the WPP block on your website and you have a caching plugin installed on it as well (eg. W3 Total Cache) please:

  1. Make sure that the Ajaxify Widget feature is enabled (Settings > WordPress Popular Posts > Tools, under Data).
  2. Clear your site’s cache at least once for changes to apply right away.

Polylang & WPML support

Another one of the features that the new WPP block was missing was Polylang/WPML support. Now it works exactly the same way as the classic WPP widget as in it’ll translate posts into the currently active language (as long as there’s a translation available of course).

If you’re using WPML or Polylang on your website please give the WPP block a try and if you spot something that needs my attention open a support topic so I can look into it.

CSP Support

CSP stands for Content Security Policy and it’s a browser security mechanism that helps detect and mitigate certain types of attacks, like Cross Site Scripting and data injection attacks.

The WordPress team has been working for some time now on implementing CSP in core to harden the security of the Dashboard interface (see Remove inline event handlers and JavaScript URIs for Strict CSP-compatibility) which is a very welcomed change, making things more secure is always a good thing.

One of the requested features on that ticket is to remove / ban the usage of inline script tags via CSP directives. This is not an simple task for the WP team though because the Dashboard uses inline scrips everywhere and for everything. Moving all the inline code to external JavaScript files without breaking the WP Dashboard in the process may require quite some work.

Another approach as suggested by one of the commenters is to keep inline script tags in the codebase but “sign” them with nonces which -in theory- would allow blocking the execution of dynamically injected script tags. There were some comments raising concerns regarding the technical challenges of this solution so we’ll see how this pans out.

On WPP’s side though changes were made so that the plugin doesn’t use inline script tags in none of its admin screens. Whatever the WP team decides on doing regarding CSP, WPP will be ready for it.

Other changes

Here’s a short list of other worth-noting improvements and fixes that were included with version 5.4 (in no particular order):

  • The Widget block wasn’t displaying its header due to some last-minute changes introduced with the release of WPP version 5.3.6. This has been fixed on 5.4.0.
  • User @schweizerschoggi reported on wordpress.org that the wpp_excerpt_more filter hook wasn’t working as intended, also fixed on version 5.4.0.
  • A new filter hook called wpp_title_more has been added to allow the customization of the prefix added to shortened post titles. It works exactly the same way as the wpp_excerpt_more filter hook except its for post titles.

Minor Updates & Hotfixes

5.4.2

Version 5.4.2, published on September 6th 2021, fixes a rare issue that prevented the Statistics dashboard from loading.

A few people had reported the issue within the last couple of years but it wasn’t until very recently that the cause was finally identified. Zsolt, a plugin user, posted on the forum that the Statistics chart stopped working only when selecting the “Modern” Admin Color Scheme via the Users > Profile menu.

Thanks for the detective work, Zsolt!

5.4.1

Version 5.4.1, published on August 23rd 2021, is a hot fix release that corrects an issue where the new WordPress Popular Posts block (introduced with version 5.3.4 as an experimental feature and enabled for everyone with version 5.4.0) loaded some Gutenberg editor JavaScript files on the public-facing area of the website.

If you’re using a caching plugin (eg. WP Super Cache, W3 Total Cache, WP Rocket, etc) please make sure to flush its cache after upgrading to this version so changes are applied immediately to your website.

This release also introduces a new filter hook called wpp_block_editor_support that allows you to disable WPP’s Block Editor support (should you need it for some reason).

Finally, the Parameters section that you could previously find via Settings > WordPress Popular Posts > Parameters has now been moved to the Wiki (see Parameters).