What’s New With Kernl – July 2018

I hope everyone in the northern hemisphere is enjoying their summer and for those of you in the southern hemisphere, stay warm! It was a nice month for Kernl with lots of good structural changes and a few new features rolled out.

  • SendOwl Integration – If you use SendOwl to distribute your plugin or theme you can now validate license keys with Kernl. This means that every time a customer checks to see if an update is available Kernl will first validate their SendOwl license.
  • Analytics Aggregate Data – Kernl Analytics now uses aggregate data to populate charts. This means that charts load instantly versus taking a few seconds as they did before. This was a big change and enables us to do neat things in the future like calculating changes over time.
  • Analytics Domains – In addition to using aggregate data to populate charts Kernl Analytics now has improved domain list support. Data is properly paginated, populated via aggregates for speed, and searchable.
  • Version Number Improvements – Kernl now supports version numbers such as 10.2.2-alpha or 9.2.1-beta. Previously the alpha|beta tags at the end were not supported.
  • Download Graph Bug Fix – A customer reported that the download chart in the plugin/theme detail pages weren’t quite right. This bug has been fixed.
  • License Management  – The license management page was occasionally showing duplicates. This bug has been fixed.

Thats it for this month!

 

 

What’s New With Kernl – June 2018

It’s been a great month for Kernl! Lots of new features, some bug fixes, and few updates to the license checking on the plugin and theme update checker files. Lets dive in!

Features

  • Gumroad License Validation – You can now use Kernl to validate your Gumroad licenses! This can be enabled for plugins or themes by going to the product edit screen, clicking the “License Management” tab, and then selecting “Validate Gumroad License?” at the bottom.
  • Kernl Referral Program – Kernl has a referral program. For every 3 referrals you send us we’ll give you a free month. Customers signing up with your referral code get their first 3 months free.
  • Restrict Updates to a Maximum Version – If you use Kernl’s license management you can now restrict update availability to a maximum version. For example if the current version of your product was 1.5.0 and you gave the user a license for < 1.6.0, then they would receive updates all the way through 1.5.X. This is a great way to drive more sales of your product!
  • Plugin/Theme PHP Update Check Files – The license error display behavior of these files has been greatly improved. The error dismisses when it’s supposed to, only shows up on the updates and plugin|theme page, and the license error message can now be customized. It is highly recommended that you update. The file is also versioned now so knowing when to update in the future will be much easier.

Other

  • Purchase Code Deprecation – Kernl’s old purchase code frontend interface has been hidden behind a feature flag. The goal is the have the old purchase code functionality completely removed by the end of July.
  • Copy Versions from Product to Product – To support special development styles, you can move versions of a product to another product. This is inherently dangerous and only toggled on for the person who requested it. If you think this might be useful please reach out to jack@kernl.us.
  • You can now easily click to a customer’s page from the License Management page.
  • A bug was fixed where the customer filter would stay set even after you had navigated away from that page.
  • Numerous copy changes were made on the License Management page and on the marketing site.
  • Some feature flags were removed from features that have proved to be stable.
  • The main route for plugin update checks (also the highest traffic route on Kernl) was refactored to use async/await instead of promise chains. This makes it much easier to maintain and improve.

Tips to Keep a WordPress Site Safe

If you want to get a website developed for your business you should definitely take a look at WordPress. It can be considered one of the most convenient methods available for getting a website up and running. But when you are building your website with WordPress, you should never overlook security.

When you are done with creating your website you are open to a whole world. If you have not integrated the necessary security precautions your website might face some serious security issues. Your website might contain sensitive data like; customers credit card details and personal details. Therefore, if you have not taken precautions, you and your customers may be exposed to a considerable risk of being hacked.

Once a hacker gets into your website they can not only steal your information but also destroy all the information of your website. The most dangerous part of such destruction is you can never undo such disastrous act. Therefore it is your duty to take the necessary precautions to discourage hackers and keep your data safe and let the business continue to run smoothly.

Below are some security precautions you can think consider for your website. By taking these steps you can help seriously reduce the chance that you’ll get hacked.

1.  Stay Updated

Be aware of the latest threats in the digital world. You should at least know the basic information of the possible threats and which will help you decide what  precautions you should take. There are few websites which can assist you to get up to date information. You can take a look at those websites and then you will be able to stay updated with ease.

2.  Lock Down Your Access Control

Make sure that your basic precautions are tough enough to discourage a hacker. Never use easy-to-guess passwords and usernames. It is much better if you change the default database prefix from wp to a harder and more random prefix. You can even limit login attempts. If there is more than one user on your WordPress website, you need to introduce strong security policies for all of those users. Following these precautions can give you the peace of mind of knowing that your website cannot be hacked by guessing the password.

3.  Software updates are crucial

It is important to update your software regularly. Do not neglect the updates. What if the most recent update is about security vulnerability and you have neglected it? Hackers are quick to become familiar with security issues in WordPress, so take advantage of the security updates that WordPress provides. Ideally you should automatically install all core WordPress updates.

4.  Install Security Ninja

If you’re wondering how to keep your WordPress site safe, you must take a look at the security plugins available as well. That’s where Security Ninja comes into play. It is one of the best and most popular security plugins available WordPress users. Security Ninja makes it easy to secure your WordPress site.

Security Ninja only takes a minute to scan your whole site for security issues and then helps you deal with them one by one. Easy and efficient!

WP Security Ninja

5.  Maintain a strong network security system

You should pay a good attention to the security your network. You never know if users in your office inadvertently provide easy access to your servers. Therefore, make sure that you have taken action to:

  • Expire user logins after a short idle period
  • Frequently change the passwords
  • Use strong passwords and never write them down.
  • Scan all the peripherals whenever you use them with the computer

6.  Try a Web Application Firewall (WAF)

WAF can be software, hardware or can be a combination of both. It stands between your web server and the data connection to read each and every bit of data transmitted. WAFs have the ability of blocking malicious accesses and hacking attempts to provide you the peace in mind. There are some built-in firewall options available in WordPress for you to try out. You can take a look at them as well. 

Again, we advise checking the Security Ninja PRO plugins which now feature a Cloud Firewall that will protect you.

7.  Install security applications

Although not affective as WAF’s, security applications can make hacking attempts difficult to a certain extent. There are free and paid applications available to download. These are good in preventing automated hacking attempts

8.  Use SSL

You have the option of using an encrypted SSL protocol when transferring your users’ sensitive data. In fact, this can protect your information from being read by unauthorized persons. Setting up SSL with WordPress is pretty easy and should be considered an important step in securing any WordPress installation.

9.  Backing up

Last but not least, you should back up your website’s data both online and offline very often. This will be useful if any damage is caused to your website. Use an automated backup system to backup the website multiple times a day.

Kernl Now Supports Update Icons

Have you ever wished that Kernl supported plugin update icons? Well, your wish is our command!

Before

As you can see, before this change the icon displayed on the WordPress update dashboard for Kernl-based plugins was the default “power cord” image.

Kernl Plugin Update Icon - Before

After

Now you can upload your own icon to Kernl and have it displayed in the update dashboard.

Kernl Plugin Update Icon - After

Getting Started

Using the new plugin update icon feature is easy.

  1. Add the latest version of the plugin_update_check.php file to your plugin.
  2. Upload an icon (64×64) to Kernl in the plugin meta tab.

How to upload new plugin icon

That’s it! Deploy your update so that all of your customers get the new plugin_update_check file and Kernl will start serving your update icon when you release your next update.

If you have any questions or need help getting set up, shoot and email to jack@kernl.us

Introducing Kernl Analytics

Have you ever wanted to know what version of WordPress your customer is running? Or perhaps what version of your plugin or theme? Maybe you have a plugin or theme that’s installed on hundreds or thousands of sites and you want to know which ones?  If you answered “yes” to any of these questions, Kernl Analytics is just what you’re looking for!

analytics product versions

Kernl Analytics gives you insights into how your customers are using your plugin or theme. If you’re an agency, Kernl analytics gives you quick insights into the websites that you manage. Using our domains feature you can see what domains your plugin or theme is installed on, as well as what WordPress version is installed. Looking for PHP version or what language the site is displayed in? That’s coming soon!

Kernl Analytics Domains

To enable Kernl analytics, go to the plugin or theme list in Kernl and click the black “Analytics” button. Because of the nature of gathering and storing this information at scale, Kernl Analytics is an add-on to your current Kernl subscription that costs $10 / month. The Kernl Analytics subscription also comes with a free 30 day trial so that you can try it. The Kernl Analytics subscription covers all of your plugins and themes regardless of how many you have or how many sites they’re installed on.

We’re super excited about providing WordPress plugin and theme analytics for you and hope you are too!

Feature Flags – Managing a WordPress Beta Program

Let’s say that you’re an author of a premium (i.e. paid for) WordPress plugin or theme. You’ve been hard at work on an amazing new feature but it really needs some testing before it goes out to all of your customers. How do you manage this process? What’s the best way to get new code into the hands of your beta users with the least effort on your part? This blog post is going to walk you through the process of using Kernl Feature Flags to easily manage a beta program without having two separate builds of your product.

Table of contents

What is a feature flag and how does it work?

Feature flagging is a software best practice for controlling the release of features (sometimes called “gating”). Feature flagging is important because it allows you to turn features on/off without having to do a deploy. But how does this impact you? How does it make things easier?

Feature flags allow you to manage beta programs with a single version of your product. What most people currently do is have 2 version of their product at any given time: The live version (what everyone sees) and the beta version (what your beta users see).  Wouldn’t it be easier to just have one version, one deployment process, and highly granular control over who sees what features?

Feature Flags Product View

For example, in the image above you can see that I have two feature flags: “GitLab CI” and “Download Invoice”. Right now they are both active and people can see the features that they represent. If I decided to change “Download Invoice” to inactive, the feature would be immediately deactivated in my plugin. I wouldn’t have to do another deploy and release a new version to make it happen. It happens automatically in the code that’s already with your customers.

Seems great right? Let’s do a full example so you can truly appreciate the power of feature flags.

Example: Adding a feature flag to the Kernl Example Plugin

The Kernl Example Plugin is intentionally very simple. The goal of the plugin is to show off Kernl’s various features while not overwhelming the person who is looking at it. To illustrate how and why feature flags are awesome, let’s add a simple setting to the “Settings -> General” menu.

The example plugin currently looks like this:

<?php
/**
* Plugin Name: Kernl Example Plugin
* Plugin URI: https://kernl.us
* Description: The Kernl Plugin for testing.
* Version: 3.3.0
* Author: Jack Slingerland
* Author URI: http://re-cycledair.com
*/
require 'plugin_update_check.php';

$MyUpdateChecker = new PluginUpdateChecker_2_0 (
    'https://kernl.us/api/v1/updates/5544bd7e5b8ae0fc1fa5e7a5/',
    __FILE__,
    'kernl-example-plugin',
    1
);
?>
All it does is require “plugin_update_check.php” and instantiate the update checker. Let’s make things a little more complicated by adding a setting to the example plugin.

Add a setting to the plugin

// This is added below plugin update instantiation.

function feature_flagged_settings_api_init() {
   add_settings_section(
        'feature_flagged_setting_section',
        'Feature Flag Example Settings in General',
        'feature_flagged_setting_section_callback_function',
        'general'
    );
   add_settings_field(
        'feature_flag_setting_name',
        'My Feature Flag Setting',
        'feature_flag_setting_callback_function',
        'general',
        'feature_flagged_setting_section'
    );
   register_setting( 'reading', 'feature_flag_setting_name' );
}
add_action( 'admin_init', 'feature_flagged_settings_api_init' );

function feature_flagged_setting_section_callback_function() {
   echo '<p>This section is hidden completely behind a Kernl Feature Flag.</p>';
}

function feature_flag_setting_callback_function() {
    echo '<input name="feature_flag_setting_name" id="feature_flag_setting_name" type="checkbox" value="1" class="code" ' . checked( 1, get_option( 'feature_flag_setting_name' ), false ) . ' /> This checkbox is hidden behind a feature flag.';
}
 The above code simply uses the ‘admin_init’ hook to call the WordPress Settings API and add a menu item. It looks like this when you run the code:
Feature Flags Example Setting Image
 Awesome! We’re off to a great start. Now let’s wrap this in a feature flag so only our beta user’s can see it.

Create an On/Off feature flag

Kernl has extensive documentation for feature flag usage, but it all boils down to:

  1. Add the feature flag library to your plugin/theme.
  2. Create a feature flag product in Kernl. A good rule here is 1 plugin / theme to 1 feature flag product.
  3. Create a flag.
  4. Instantiate the feature flag library and wrap your code.
  5. Manage who see’s the feature using Kernl.

So let’s do step one. If you’re using Composer, follow the directions in the feature flag documentation. If not, you can go to https://github.com/wpkernl/WPFeatureFlags and download the WPFeatureFlags.php file and drop it into your plugin or theme.

<?php
// ... snip ...
require 'plugin_update_check.php';
require 'WPFeatureFlags.php';
// ... snip ...
Easy. Next, go to Kernl and add a new product in the Feature Flags section.
Feature Flags Add Product Button
When you click “Add Product” you’ll get to choose a product name. Since I’m using feature flags with my example plugin, I’ll name mine “Kernl Example Plugin”.
Feature Flags Add Product Modal
After you click save, you’ll see the new product at the bottom of your feature flag product list.
Feature Flags Created product in product list
Now here is something important! See the “key” next to your product’s name? You’ll need that to instantiate the WPFeatureFlags class. I’d go ahead and copy it to your clipboard now.
Next up, let’s add a simple feature flag for this new setting we’re adding. This is the thing that will control visibility for all of our users. Click “Manage Flags” in the product menu, and then click the “Add Flag” button. You’ll be presented with this screen.
Add / Edit Feature Flags screen
All the options look straight-forward, but let’s go over them anyways.
  • Active – Will this feature be toggled on or off for everyone.
  • Name – A descriptive name. I’m filling this in with “General Setting Checkbox Example”.
  • Identifier – This is how we identify the flag in code, so I like to make it short and easy to understand. I’ll be using “GENERAL_SETTINGS_CHECKBOX”.
  • Flag Type – Kernl has 3 different types of feature flags for your enjoyment.
    • On/Off – As expected, this toggles the feature on and off for every user. No granularity here, but super useful for quickly disabling things. We’ll be starting with this flag.
    • Individual – You can select specific users that a feature will be toggled on for. This is what we’ll be using eventually, but there are some caveats that come with it.
    • Percentage – Kernl will roll out your feature to a percentage of your user base. Nice if you don’t want to specify individual users, but also don’t want the feature turned on for everyone.

Edit feature flags example

When things are filled out, press save and get ready to move on.

Now that we have our feature flag created, let’s instantiate the WPFeatureFlag class and wrap our code.

<?php
/**
* Plugin Name: Kernl Example Plugin
* Plugin URI: https://kernl.us
* Description: The Kernl Plugin for testing.
* Version: 3.3.0
* Author: Jack Slingerland
* Author URI: http://re-cycledair.com
*/
require 'plugin_update_check.php';
require 'WPFeatureFlags.php';

$MyUpdateChecker = new PluginUpdateChecker_2_0 (
  'https://kernl.us/api/v1/updates/5544bd7e5b8ae0fc1fa5e7a5/',
  __FILE__,
  'kernl-example-plugin',
  1
);

// We add the feature flag code inside the init() function
// so that we can have access to who the current user is.
function feature_flagged_settings_api_init() {
  // The feature flag product key. Remember the key I said you should add to your clipboard? This is it.
  $kernlFeatureFlagProductKey = '5a24035ee48da05271310a71';

  // The user identifier is how Kernl identifies the user requesting flags.
  // This should be unique for every user.
  $current_user = wp_get_current_user();
  $user_login = $current_user->user_login;
  $site_url = get_site_url();
  $userIdentifier = "{$site_url} - {$user_login}";

  $kff = new kernl\WPFeatureFlags($kernlFeatureFlagProductKey, $userIdentifier);

  // This says "For the product defined above, does this flag exists, and if so, is it active for the given user?".
  if ($kff->active("GENERAL_SETTINGS_CHECKBOX")) {
    add_settings_section(
      'feature_flagged_setting_section',
      'Feature Flag Example Settings in General',
      'feature_flagged_setting_section_callback_function',
      'general'
    );

    add_settings_field(
      'feature_flag_setting_name',
      'My Feature Flag Setting',
      'feature_flag_setting_callback_function',
      'general',
      'feature_flagged_setting_section'
    );

    register_setting( 'reading', 'feature_flag_setting_name' );
  }
}

add_action( 'admin_init', 'feature_flagged_settings_api_init' );

function feature_flagged_setting_section_callback_function() {
  echo'<p>This section is hidden completely behind a Kernl Feature Flag.</p>';
}

function feature_flag_setting_callback_function() {
  echo'<input name="feature_flag_setting_name" id="feature_flag_setting_name" type="checkbox" value="1" class="code" '.checked( 1, get_option( 'feature_flag_setting_name' ), false ) .' /> This checkbox is hidden behind a feature flag.';
}

?>
Now that we have the feature flag in our code, let’s talk about some of the optimizations the WPFeatureFlag library has. One of the nice things about WordPress and PHP is that the code itself is stateless. Meaning that without some storage mechanism (MySQL, Redis, Memcache) the entire page and all of it’s data is rebuilt from scratch on every request. This is great for fast development cycles but not always for performance.
The WPFeatureFlag library helps with performance by storing flags for a given user as a WordPress transient for 5 minutes. This way repeated page requests by a user don’t constantly call Kernl and introduce network latency on the request. Kernl’s feature flag API is heavily cached but it’s better for the end user if flags are served out of your own store. What this means for you is that your user’s won’t see changes for a maximum of 5 minutes when you toggle a flag on/off. This is usually fine, but if you need shorter or longer intervals you can use the API directly.
That being said, go ahead and toggle the feature flag off in Kernl. In 5 minutes (or less) you’ll see the setting disappear from the admin. No code deploy needed. “That’s great!” you say, but what about beta program management? Easy. Let’s change this flag to an “individual” flag.

Create an individually targeted feature flag

The video below show’s you how to create an individually targeted feature flag. It’s the same as the on/off flag, except that you get to pick which user’s see the feature. One caveat with this is that if Kernl hasn’t seen the user yet we can’t target them. Why? Because we don’t know how to identify a user that we haven’t seen. If you went to target an individual user without having identified them yet, you would need to register them manually.

Now that the flag is targeted at an individual, that selected person will be able to see the menu setting. This is a contrived example, but you can see how this can be easily expanded to running a beta program. The best part is that you don’t need to have multiple versions of your plugin/theme out there. You can simply release one version, and toggle on features for specific people. In the future Kernl will support making groups of users so managing beta programs will be even easier!

If you have questions feel free to drop them in the comments!

Further Reading on Feature Flags

There’s a lot of great reading out there on feature flags and their uses. If you’re looking for more information about them, I highly recommend these resources.

What’s New With Kernl – December 2017

Happy December everyone! It’s been a busy month at Kernl. We’ve got a few great new features completed, some infrastructure updates, and a few bug fixes. Let’s get started.

Features

  • Customer Management – With the release of our new License Management product we introduced the concept of “customers”. As one would expect, a customer is someone who you assign a license to. The reason we introduced this was so that you could have multiple licenses associated to a single person and easily manage those from a single place. This is a huge improvement over the previous iteration and I highly recommend that you check it out. Hop over to the “License Management’ page and then click “Manage Customers”.
  • Customer Management API – In addition to the new customer management area in the app you can now access the customer management API. There are a lot of different ways that people purchase your plugins and themes so exposing a rich API is the best way to allow integration with Kernl. If you’d like to learn more, check out the documentation.
  • Purchase Code Migration – If you are a user of the legacy “purchase code” system you can now migrate all of your existing purchase codes over to the new license management system. When you go to the license management page there is a big call-out at the top when you can migrate your purchase codes. If you do this, make sure to update your plugin_update_check or theme_update_check file and where you instantiate the Kernl update class. Documentation for using the new license management system can be found here.
  • License Domain Restrictions – You can now restrict updates that are secured by license management to specific domains.

Minor Features & Bug Fixes

  • The web app has been upgraded from Angular 1.3.x to Angular 1.6.6. This is one of the first steps in a migration path forward to the next generation of Angular and a web app UI refresh.
  • You are now able to refresh the Git repository list that Kernl has with the press of a button. Before you had to disconnect/re-connect the integration.
  • In the interest of moving quickly, the first pass of license management and customer management did not have any tests written for it. This month we added a suite of tests around both APIs so that they remain stable.
  • Our back end application servers have been upgraded to Node.js 8.9.1. This brings security updates as well as new language features.
  • The license management documentation was updated to include links to the WordPress Settings API documentation. Kernl doesn’t make any assumptions about how your plugin or theme is developed, but people often ask what the easiest way to get licenses into their app is. The WordPress Settings API is likely the easiest, so it’s now mentioned in the documentation.
  • Meta tags have been added to the marketing site so that shares to Twitter look richer.
  • There was a bug in feature flags where individually targeted flags did not toggle on/off correctly.
  • All packages on all servers have been updated with the latest security fixes.

That’s all for this month! Have a great holiday season everyone!

What’s New With Kernl – November 2017

Happy November! The last month was all heads down on one new feature: License Management.

Features

  • WordPress License Management – As many of you know Kernl has had “Purchase Codes” for awhile now. It was clunky to use but generally very effective at it’s goal. License Management is the next generation of Kernl’s purchase code system. It’s less clunky, easier to understand, and doesn’t need to be tied to a plugin or theme. You can access it via the “License Management” button in the main menu. Pricing and usage limits can be viewed in the billing area.

What’s next?

Part of the new License Management system is the concept of customers. Ideally you should be able to tie multiple licenses to a single customer and manage them effectively through Kernl’s web interface or API. The new license management system was launched with a very simplified version of customer management, so the next month will be dedicated to making the customer management experience on Kernl amazing!

Introducing WordPress License Management with Kernl

For the past several years Kernl has been trusted with securing access to many people’s hard work via our license management system. We recently re-imagined our entire WordPress license management system, so we want to introduce it to you.

WordPress License Management

If you’ve ever sold a plugin or theme out on the open market, worrying about your plugin getting pirated is often at the top of your mind. One way to mitigate some of that risk is to use a license management solution. Kernl’s new license management system allows you to restrict access to your plugin or theme by forcing customers to activate before functionality is enabled. We can also check license codes before updates to your plugin or theme are downloaded, allowing you to restrict how many free upgrades a customer receives.

To summarize:

  • Kernl allows you to manage license keys for your product.
  • Kernl will restrict the number of updates a license is allowed to download for your product.
  • Kernl has a REST API that can allow you to restrict usage of your plugin until a license has been activated.

License Management Example

So how might you use Kernl’s WordPress license management? An example will illustrate this best.

The example above has a function to validate if a user’s license is valid. This can be used anywhere in your code to expose functionality only if the Kernl license is valid.

Restricting Update Downloads with WordPress License Management

If you would like to simply prevent your customers from downloading updates to your plugin or theme for free, just add the license parameter when you instantiate the Kernl update check class. This works the same for both plugins and themes.

The only difference between the sample above and a normal Kernl update instantiation is the inclusion of the ‘license’ property, which tells which license to try and validate with.

Going Forward

Want to give Kernl WordPress license management a try? Check out https://kernl.us and sign up. It’s free for 30 days and doesn’t require a credit card! In addition to license management and updates, we also have some great features like WordPress continuous deployment and feature flags.

What’s New With Kernl – October 2017

This month wasn’t a big feature month for Kernl, but there were some smaller bug fixes and infrastructure updates that are helping us serve our customers better. In addition to that, we also put out a short survey. Thanks to everyone who responded!

Changes & Bug Fixes

  • We are now able to automatically manage your BitBucket deploy keys. No more manually adding them!
  • Fixed & removed some flaky integration tests for feature flags.
  • Updated the documentation to reflect the BitBucket deploy key change.
  • Added some instrumentation around managing repository deploy keys and webhooks.
  • Upgraded application servers to Node.js 8.6.
  • A new cookie signature was deployed this month to fix a bug with authentication. You likely needed to re-authenticate because of it.
  • Upgraded all packages on our servers

Thats it for this month!