Jetpack 4.2 brings you performance improvements along with some important security updates and enhancements to existing Jetpack modules.
Jetpack requires a connection to the WordPress.com servers which helps offload processes from your own server and also opens up a wealth of features that you can use to speed up your site, protect your site, and increase engagement of your readers. All of these features rely on the communication between WordPress.com and your site.
Since these features rely on that back and forth communication, we’ve focused in this release to make that communication channel even more efficient. Below are some key points highlighting the improvements in performance comparing Jetpack version 4.1.x to Jetpack 4.2.
- Front end database queries reduced by 69% for all front-end page views.
- Reduced wp-admin database queries by 43%.
- Memory usage improved by over 20% when the site is viewed by logged out users.
- Improved load time by 9.9% on shared hosting environments
Please note these numbers don’t reflect all types of WordPress installs and plugin configurations. In these comparisons, we’re running the latest version of WordPress (4.5.3) and Jetpack is the only plugin installed. You might see different results with other setups and server configurations.
All of these features rely on the communication, and syncing of some data, between WordPress.com and your site. This data begins to sync when Jetpack is installed and connected to a WordPress.com User ID.
If you’d like to read in more detail about what we sync, why, and what we do with it, please refer to this support page.
Our development team is always working to make Jetpack secure and safe to use on your sites. In Jetpack 4.2, we continue that work and have fixed a few vulnerabilities in this release.
- Contact Form: we made changes to avoid potential formula injections in Contact Form submission exports.
- General: XSS Vulnerability due to the misuse of the
add_query_arg() function. Kudos to Karim Valiev, Mail.Ru Security Team
- General: More changes to harden Jetpack security by implementing the
hash_equals() function in an effort to avoid timing attacks when comparing strings. Thanks to Scott Arciszewski.
- Shortcodes: Added several new parameters to the Dailymotion shortcode.
- Custom CSS: added support for
font-feature-settings in the Custom CSS Editor.
A big thank you to everyone who contributed to Jetpack 4.2:
Alex Mills, Andrei Lupu, Andrew Duthie, Brandon Hubbard, Brandon Kraft, Chase Livingston, Dan Walmsley, Derek Smart, Dion Hulse, Elio Rivero, Enej Bajgoric, Ephraim Gregor, Eric Binnion, George Stephanis, Jeremy Herve, Jesse Friedman, Josiah Sprague, Lance Willett, Martin Falkus, Miguel Lezama, Nick Daugherty, Oscar Lopez, Rich Collier, Sam Hotchkiss, Tunghsiao Liu, and Will Woodward.
Jetpack 4.2.1 is being released to address a few issues in 4.2.
- We fixed a conflict between Jetpack and W3 Total Cache that blocked some site owners from accessing their dashboard.
- We fixed some issues with Publicize and Custom Post Types.
- Now, very large Multisite networks with millions of users can be synchronized with WordPress.com.
Special thanks to those who contributed to Jetpack 4.2.1:
Daniel Walmsley, Enej Bajgoric, Eric Binnion, and Sam Hotchkiss
If you’d like to learn more about these releases and the other changes brought to Jetpack, you can check the full changelog here.