Breadcrumb NavXT and WooCommerce Compatibility Tips

In general, Breadcrumb NavXT, due to its use of the WordPress API, is compatible with other plugins such as WooCommerce. Occasionally, this is not enough and additional code is required for proper functionality. Other times, as with WooCommerce, proper settings configuration is sufficient.

What You Need

These are the plugins and versions used when performing the testing reported on within this article:

  • WooCommerce – At the time this article was written, 3.1.0 was the latest available version and was the version tested against.
  • Breadcrumb NavXT – Tested against a development release of 5.7.1.

What Works

Since WooCommerce is relatively well behaved, Breadcrumb NavXT can easily generate the expected breadcrumb trail for WooCommerce resources. However, depending on how WooCommerce is setup, Breadcrumb NavXT may need a couple of settings to be changed. In general, the following settings changes are recommended for WooCommerce users:

  • Ensure that the “Products Root Page” in the Breadcrumb NavXT settings page (Settings > Breadcrumb NavXT > Post Types) is set to the same page as the “Shop page” setting in WooCommerce (WooCommerce > Settings > Products > Display).
  • Ensure that “Product Archive Display” is unchecked.
  • Ensure that “Product Hierarchy Display” is checked.

Other Notes

One thing to keep in mind: when changing the “Shop page” in WooCommerce, the “Products Root Page” in Breadcrumb NavXT will likely need to be changed as well. Otherwise, the Products page in the breadcrumb trail will not match the WooCommerce shop page.

-John Havlik

[end of transmission, stay tuned]

A Decade of Breadcrumbs

Ten years a go, I released the first version of Breadcrumb Navigation XT after adopting it from its original maintainer, Michael Woehrer. At that time, I did not fathom the journey I would take with it.

Within the first few months after adopting Breadcrumb Navigation XT, a settings page was added and it took on a new name (now known as Breadcrumb NavXT). Fast forward to today, it has been rewritten from the ground up twice (in 2.0 and 3.0), translated into 18+ languages (counting >80% translation completeness), downloaded more than 4 million times, and used on over 600 thousand sites.

In commemoration of this anniversary, Breadcrumb NavXT 5.7.1 was released today. Originally, the intent was for Breadcrumb NavXT 6.0 to be released. However, Breadcrumb NavXT 6.0 is not ready yet, and a fall release is a more realistic target.

Lastly, in August, I will be giving a presentation at WordCamp Minneapolis/St. Paul 2017 covering the highlights of my decade long journey with Breadcrumb NavXT.

-John Havlik

[end of transmission, stay tuned]

Breadcrumb NavXT 5.7.1

This is the first, and hopefully only, bug fix release of the 5.7 branch of Breadcrumb NavXT. Two bugs were fixed in this release. One relating to the bcn_display_json_ld() function and the other pertaining to the injection of separators in the breadcrumb trail.

Breadcrumb NavXT 5.7.0 introduced the new bcn_display_json_ld() function. However, there was erroneous instance of $linked that caused a PHP warning. This has been resolved in Breadcrumb NavXT 5.7.1.

The second bug involved missing breadcrumb separators after removing a breadcrumb from the trail. Breadcrumb NavXT 5.7.1 uses an improved method of determining when to insert a breadcrumb separator that does not exhibit this behavior.

As always, you can grab the latest version of Breadcrumb NavXT from the Breadcrumb NavXT page. If you experience any issues with this version of Breadcrumb NavXT, please leave a comment on this post detailing the issue.

-John Havlik

[end of transmission, stay tuned]

Breadcrumb NavXT 5.7.0

Holy Schema.org BreadcrumbList compliant JSON-LD breadcrumb trails Batman! Breadcrumb NavXT 5.7.0 introduces a new bcn_display_json_ld() function. Additionally, three bugs were fixed in this release.

The new bcn_display_json_ld() function outputs JSON-LD data that is Schema.org BreadcrumbList compliant. This helps facilitate the display of breadcrumbs in WordPress backed JavaScript applications. Additionally, the selected BreadcrumbList format is supported by Google.

On the bug fix front, the cause of PHP Errors when running the uninstaller from within WP CLI was fixed. Additionally, the cause of a PHP Warning in bcn_breadcrumb_trail::find_type() was resolved. Lastly, a typo in the settings page was fixed.

Looking Forward to 6.0.0

The next release of Breadcrumb NavXT will be 6.0.0. It is scheduled for mid-summer in celebration of 10 years of maintaining Breadcrumb NavXT (originally released as Breadcrumb Navigation XT). Be aware that 6.0.0 will drop the Max Title Length setting (already deprecated in favor of using CSS), along with the associated %ftitle% and %fhtitle% breadcrumb template tags.

Translations

As explained in the Breadcrumb NavXT Translations Moving to Language Packs article, Breadcrumb NavXT has moved away from shipping translations with the plugin. This is the first release to ship without any included translations, all translations are available via language packs, or from the Breadcrumb NavXT Translation Project.

If you would like to contribute to translating Breadcrumb NavXT, please visit the Breadcrumb NavXT Translation Project. A big thanks to all of the translators that have contributed to the translations in the past and continue to contribute.

As always, you can grab the latest version of Breadcrumb NavXT from the Breadcrumb NavXT page. If you experience any issues with this version of Breadcrumb NavXT, please leave a comment on this post detailing the issue.

-John Havlik

[end of transmission, stay tuned]

Use ModSecurity Not A Plugin

When dealing with login attacks against wp-login.php and xmlrpc.php, consider using an application firewall such as ModSecurity rather than a WordPress plugin. Why? ModSecurity runs before the request hits PHP. Thus, WordPress is not even run on these known to be bad requests.

Some Numbers

Prior to enabling ModSecurity rules protecting wp-login.php and xmlrpc.php, these were the most popular files hit across all Weblogs.us WordPress installs. In December of 2016, wp-login.php was 23.48% of all hits, xmlrpc.php was 19.75%—A total of 43.23% all hits for what are really non-user facing pages. Similar behavior had been seen for the months prior as well.

After enabling ModSecurity rules punishing multiple bad login attempts for wp-login.php and xmlrpc.php, their total hits plummeted. In February, they accounted for only 3.78% of all hits. Did the robots go away? No, they were getting 403 errors, nearly 20% of hits resulted in a 403 error.

Caveat Emptor

Implementing successive failed login attack mitigation rules is quite easy on Apache. Rather than repeat how to do this, see Mika’s post WordPress login protection using ModSecurity. Unfortunately, Nginx is a different story. While ModSecurity is available for Nginx, any rule that requires a locationmatch parameter will not work (locationmatch is Apache specific). Instead, a custom location rule for wp-login.php and xmlrpc.php can be generated with ModSecurity enabled and the extra rules applied. It isn’t terribly elegant, but appears to work.

Ease of implementation aside, the performance benefits from blocking malicious login traffic earlier makes using a ModSecurity based implementation worthwhile. At Weblog.us, we dramatically cut down on resource usage by implementing ModSecurity rules for blocking malicious wp-login.php and xmlrpc.php accesses.

-John Havlik

[end of transmission, stay tuned]