Author Archives: Jacob

New Feature: Insights & Metrics

In December, we announced the availability of our Insights & Metrics panel. Thanks to your feedback, we have diligently improved the experience and are proud to announce new features and improvements today.

Your site is vital to your business. That’s why you partner with WordPress VIP. Application Insights & Metrics gives you the visibility and tools you need to accurately assess the performance and stability of your applications.

Many of you have used this feature in beta to better understand how your application performs directly from the VIP Dashboard. Here is a short demo of what both new and returning users can expect with the official release of Insights and Metrics.

You may have noticed significant improvements to time selection in the demo. We frequently heard the need for more precise controls, and now you have them–including the ability to share a link to a specific time period for improved collaboration.

There are hundreds of metrics you can look at to access your site. The Insights & Metrics panel is designed by our WordPress experts to put the most important numbers at your fingertips.

The Insights & Metrics panel shows metrics for:

Origin response time – measure how fast your application responds.
Origin and Edge response codes – quickly track down any application errors.
PHP Process – understand application load.
Slow MySQL queries – zero in on queries slowing down your users.
Cache hit rate – ensure that your application takes full advantage of the VIP’s edge CDN.

To get started, log in to your account on the VIP Dashboard and select “Performance” then “Insights & Metrics” for any application.

Read our documentation on the Insights & Metrics panel.

And we aren’t done yet. In the coming weeks, we will begin a closed beta of anomaly detection to highlight when important metrics move beyond historical norms.

New Release: GraphQL for Block Data API

The Block Data API has been successfully serving millions of requests a day, and it is just getting better. We are excited to announce you can now retrieve Block Data via GraphQL.

What is the Block Data API?

The Block Data API is an API for retrieving block editor posts structured as pure JSON data, eliminating the need to parse HTML to get just the data you need. While primarily designed for use in headless architectures with WordPress, the Block Data API can be used anywhere a developer needs to represent block markup as structured data.

If you aren’t familiar with the Block Data API, you can read a full overview on what it does and how it works.

What is GraphQL?

GraphQL is an open-source data query and manipulation language. With GraphQL, developers can request the specific, typed data they need more efficiently than with a traditional REST API.

How do I activate the Block Data API with GraphQL?

Our documentation has instructions on activating the API. The plugin README has information on how to integrate with the WPGraphQL plugin to provide a GraphQL API.

Where can I find more information/documentation?

The project Readme has comprehensive information on the Block Data API and its functions.

Reminder: DNSSEC implementation for convenience domain

On January 2, 2024 we announced that WordPress VIP will implement DNS Security Extensions (DNSSEC) for the go-vip.net domain on February 2, 2024.

This post does not contain any changes from the original post, it serves as a reminder.

No action is required on your part.

If your domain points to a go-vip.net domain via an ALIAS, ANAME, or CNAME, DNS record, or if you access an unlaunched site at the go-vip.net domain, you will benefit from this enhancement. Our team has worked diligently to ensure a smooth transition for all applications, and we anticipate no downtime or complications.

What is DNSSEC?

DNSSEC is an advanced security protocol designed to protect Internet users from a range of cyber threats. It adds a layer of security to the Domain Name System (DNS), which is responsible for converting domain names (like go-vip.net) into IP addresses.

DNSSEC validates DNS responses with cryptographic proof, ensuring the resolution process is secure. Protecting your site from threats such as DNS spoofing and cache poisoning, techniques that allow attackers to redirect your visitors to a fraudulent site.

We have not experienced such attacks on the go-vip.net domain, but security is a top concern, and we want to prevent this possibility.

If you have further questions about this change or how it affects your domains, you can open a ticket with VIP Support.

Notice: DNSSEC implementation for convenience domain

WordPress VIP will implement DNS Security Extensions (DNSSEC) for the go-vip.net domain on February 2, 2024.

No action is required on your part.

What is DNSSEC?

We have not experienced such attacks on the go-vip.net domain, but security is a top concern, and we want to prevent this possibility.

If you have further questions about this change or how it affects your domains, you can open a ticket with VIP Support.

New Release: Block Governance Plugin

Today we are excited to announce the release of the WordPress VIP Block Governance Plugin to all WordPress VIP customers.

What is the Block Governance Plugin

The WordPress VIP Block Governance plugin provides the ability to limit the types of blocks that can be added to the block editor and the styles that can be applied to them. The rules applied for block and style options can also be defined by specific post types and/or user roles.

Applying block and style rules with the WordPress VIP Block Governance plugin enables the rules of a design system to be encoded into a site’s block editor, and for the complexities of content creation to be reduced for editors.

How do I activate the Block Governance Plugin?

To begin using it, follow the instructions provided here.

Where can I find more information/documentation?

The project Readme has comprehensive information on the plugin and its functions.

HTTP/2 and curl Security Updates

VIP has completed work to mitigate two unrelated, recently disclosed security vulnerabilities.

VIP constantly maintains the security of our infrastructure. We don’t announce that every mitigation has been completed, but these issues were widespread, significant, and well known, so we wanted to be clear that you are protected on VIP.

HTTP/2 Protocol

On October 10, 2023 Cloudflare, Google, Amazon, and others posted about a newly discovered and actively exploited vulnerability in the HTTP/2 protocol that lets attackers launch very large scale attacks with very few resources. Nearly every web server in the world, including those at VIP, use this protocol and were susceptible.

Soon after the disclosure, a patch was created that will be included in the next version of the affected software. We have deployed this patch to all of our web servers ahead of the general release. This deployment was complete within hours of the vulnerability being announced.

Please note that this vulnerability could only be used to trigger a denial of service issue – it cannot be used to steal or modify user data, access your systems, etc. VIP has no evidence that sites were affected via this method.

curl

On October 3, 2023, the founder and lead developer of curl and libcurl, a low-level library used in many applications, announced a significant vulnerability and that a fix would be available in a new version to be released on October 11, 2023.

We were prepared for rapid deployment of that new version across our infrastructure and completed that within hours as well. Your site is now protected against this issue.

Summary

The VIP team mitigated both of these highly impactful security incidents as part of our ongoing promise to assure your sites are secure, reliable, and lightning fast. We have not seen any malicious activity related to these issues at this time.

Your site is protected from both of these incidents, and no further action is necessary on your part.

New in Beta: Block Data API

We’re pleased to announce the beta availability of a new Block Data API. It is now released for you to begin testing.

What is the Block Data API?

Animation detailing how the block API functions

For many use cases, it’s helpful to access blocks in WordPress as pure JSON data instead of HTML. Doing so eliminates the need to write parsing layers to transform markup into JSON, and to keep those translation layers up to date with every version of Gutenberg. All of this saves developer time and effort.

While options have existed for accomplishing this with GraphQL when accessed via REST, translation layers were required. The Block Data API is a new REST API endpoint to retrieve the Gutenberg blocks of a single WordPress post.

What are some use cases for the Block Data API?

There are several known use cases for the Block Data API. These include:

Power your Node.js front end with less reliance on dangerouslySetInnerHTML.
Send data about your blocks to Machine Learning and AI applications.
Use blocks in mobile applications with reduced processing.

This is not a comprehensive list. As we go through the beta period, we’d love your feedback on how you use the Block Data API, what works well for you, and what you’d like to see improved.

While the API is in beta, you can offer that feedback by opening a GitHub issue. When it is released, we can provide support via normal means.

How do I get access to the Block Data API?

To install the plugin, go here and follow the instructions that have been provided

Where can I find more information/documentation?

The project Readme has comprehensive information on the plugin and its functions.