Category Archives: Technology

Blogposts on blog.futtta.be about internet, web developement, browsers, security, linux, …

Autoptimize: no more broken pages due to CSS/ JS not found!

Leave a reply

When cached HTML links to deleted Autoptimized CSS/ JS the page is badly broken … no more with a new (experimental) option in AO27 to use fallback CSS/ JS which I just committed on the beta branch on GitHub.

For this purpose Autoptimize hooks into template_redirect and will redirect to fallback Autoptimized CSS/ JS if a request for autoptimized files 404’s.

For cases where 404’s are not handled by WordPress but by Apache, AO adds an ErrorDocument directive in the .htaccess-file redirecting to wp-content/autoptimize_404_handler.php. Users on NGINX or MS IIS or … might have to configure their webserver to redirect to wp-content/autoptimize_404_handler.php themselves though, but those are smart cookies anyway, no?

If you want to test, you can download Autoptimize 2.7 beta here and replace 2.6 with it.

Redirecting to AMP (reader mode) for mobile

Leave a reply

I’m not a big fan of AMP but I do have it active here on this blog using the official AMP plugin for WordPress, using it in “Reader” (aka “classic”) mode. That’s as far as I want to take it, but suppose (as was the case for an Autoptimize/ Critical CSS user I was helping out) you want to redirect all mobile traffic to AMP, then you could use below code snippet to do just that.

add_action('init','amp_if_mobile');
function amp_if_mobile() {
  $_request = $_SERVER['REQUEST_URI'];
	if ( strpos( $_request, '?amp' ) === false && strpos( $_request, '&amp' ) === false && ! is_admin() && wp_is_mobile() ) {
    if ( strpos( $_request, '?' ) === false ) {
      $_amp = '?amp';
    } else {
      $_amp = '&amp';
    }
    $amp_url = home_url() . $_request . $_amp;
    wp_redirect( $amp_url );
    exit;
  }
}

It might be a little rough around the edges, but it (mostly) gets the job done ;-)

Autoptimize & Trojan.Cryxos.2960: false positive

Leave a reply

I’ve had a couple of reports of Bitdefender flagging optimized JS as infected by Trojan.Cryxos.2960. I investigated earlier today and this almost certainly is a false positive. If you want you can “solve” this hiccup by excluding wp-includes/js/imagesloaded.min.js from JS optimization.

Async Javascript: urgent update available

Leave a reply

There’s an update for Async Javascript that needs your urgent attention. Update asap!

[Update] I was warned by WordFence about a vulnerability in Async JavaScript that was being actively exploited. Based on their input I updated the plugin to fix the bug. WordFence in the meantime published a post about this and other affected plugins and with regard to AsyncJS writes:

Async JavaScript’s settings are modified via calls to wp-admin/admin-ajax.php with the action aj_steps. This AJAX action is registered only for authenticated users, but no capabilities checks are made. Because of this, low-privilege users including Subscribers can modify the plugin’s settings.

Similar to Flexible Checkout Fields above, certain setting values can be injected with a crafted payload to execute malicious JavaScript when a WordPress administrator views certain areas of their dashboard.

Autoptimize 2.7 with Critical CSS integrated, beta out

Leave a reply

The title says it all; I just pushed the first beta of Autoptimize 2.7 which has some small fixes/ improvements but which most importantly finally sees the “Autoptimize CriticalCSS.com power-up” fully integrated.

Next to the actual integration and switching to object-oriented for most (but not all) of AOCCSS files, there are some minor functional changes as well, most visible ones being buttons to clear all rules and to clear all jobs from the queue.

I hope to be able to release AO27 officially in April, but for that I need the beta thoroughly tested off course. Most important part to test is the critical CSS logic obviously, so if you have the power-up running, download/ install the beta and simply disable the power-up to have Autoptimize fill that void (if the power-up is active, AO refrains from loading it’s own critical CSS functionality).

Autoptimize 2.6 released

4 Replies

I just released AO26, which comes with a bunch of new features, improvements and bugfixes.

  • New: Autoptimize can be configured at network level or at individual site-level when on multisite.
  • Extra: new option to specify what resources need to be preloaded.
  • Extra: add display=swap to Autoptimized (CSS-based) Google Fonts.
  • Images: support for lazyloading of background-images when set in the inline style attribute of a div.
  • Images: updated to lazysizes 5.2.
  • CSS/ JS: no longer add type attributes to Autoptimized resources.
  • Improvement: cache clearing now also integrates with Kinsta, WP-Optimize & Nginx helper.
  • Added “Critical CSS” tab to highlight the criticalcss.com integration, which will be fully included in Autoptimize 2.7.
  • Batch of misc. smaller improvements & fixes, more info in the GitHub commit log.

The release has been tested extensively (automated unit testing, manual testing on several of my own sites and testing by users of the beta-version on Github), but as with all software it is very unlikely to be bug-free. Feel free to post any issue with the update here or to create a separate topic in this forum.

Happy holidays to all!
frank