WordPress.org has pushed out a forced security update for the Loginizer plugin, which is active on more than 1 million websites. The plugin offers brute force protection in its free version, along with other security features like two-factor auth, reCAPTCHA, and PasswordLess login in its commercial upgrade.
Last week security researcher Slavco Mihajloski discovered an unauthenticated SQL injection vulnerability, and an XSS vulnerability, that he disclosed to the plugin’s authors. Loginizer version 1.6.4 was released on October 16, 2020, with patches for the two issues, summarized on the plugin’s blog:
1) [Security Fix] : A properly crafted username used to login could lead to SQL injection. This has been fixed by using the prepare function in PHP which prepares the SQL query for safe execution.
2) [Security Fix] : If the IP HTTP header was modified to have a null byte it could lead to stored XSS. This has been fixed by properly sanitizing the IP HTTP header before using the same.
Loginizer did not disclose the vulnerability until today in order to give users the time to upgrade. Given the severity of the vulnerability, the plugins team at WordPress.org pushed out the security update to all sites running Loginizer on WordPress 3.7+.
In July, 2020, Loginizer was acquired by Softaculous, so the company was also able to automatically upgrade any WordPress installations with Loginizer that had been created using Softaculous. This effort, combined with the updates from WordPress.org, covered a large portion of Loginizer’s user base.
Any #WordPress install with @loginizer probably isn't using another WAF solution. As you can notice from the graph 600k+500k active installs were updated upside down, so … Preauth SQLi in it, reported by me. Update! Crunching write up :) https://t.co/gkEVWun9wtpic.twitter.com/XWXVMYO1ED
The automatic update took some of the plugin’s users by surprise, since they had not initiated it themselves and had not activated automatic updates for plugins. After several users posted on the plugin’s support forum, plugin team member Samuel Wood said that “WordPress.org has the ability to turn on auto-updates for security issues in plugins” and has used this capability many times.
Mihajloski published a more detailed proof-of-concept on his blog earlier today. He also highlighted some concerns regarding the systems WordPress has in place that allowed this kind of of severe vulnerability to slip through the cracks. He claims the issue could have easily been prevented by the plugin review team since the plugin wasn’t using the prepare function for safe execution of SQL queries. Mihajloski also recommended recurring code audits for plugins in the official directory.
“When a plugin gets into the repository, it must be reviewed, but when is it reviewed again?” Mihajloski said. “Everyone starts with 0 active installs, but what happens on 1k, 10k, 50k, 100k, 500k, 1mil+ active installs?”
Mihajloski was at puzzled how such a glaring security issue could remain in the plugin’s code so long, given that it is a security plugin with an active install count that is more than many well known CMS’s. The plugin also recently changed hands when it was acquired by Softaculus and had been audited by multiple security organizations, including WPSec and Dewhurst Security.
Mihajloski also recommends that WordPress improve the transparency around security, as some site owners and closed communities may not be comfortable with having their assets administered by unknown people at WordPress.org.
“WordPress.org in general is transparent, but there isn’t any statement or document about who, how and when decides about and performs automatic updates,” Mihajloski said. “It is kind of [like] holding all your eggs in one basket.
“I think those are the crucial points that WP.org should focus on and everything will came into place in a short time: complete WordPress tech documentation for security warnings, a guide for disclosure of the bugs (from researchers, but also from a vendor aspect), and recurring code audits for popular plugins.”
With SmartCrawl and The Hub, you can manage WordPress SEO with modules that will optimize your website or network for more traffic and better search engine results.
Access to SmartCrawl can be all done right from The Hub’s dashboard for all of your sites, making keeping on top of your SEO more streamlined, accessible, and easy!
You can quickly view and get into your site’s content analysis’, scans, reports, and more. Plus, most of the features can be enabled in one click.
All of this is done from The Hub’s SEO tab or the SEO section in The Hub overview.
You’ll be creating clear, targeted content and rank higher in Google. Also, you’ll keep up with the SERPs by continuously being able to monitor tabs on improvements and optimization.
1. Instantly Run and Set Up Automated SEO Checkups
From the SEO section in The Hub, you can quickly view your SEO score and see when your last SEO checkup was.
The SEO Checkup will run a full SEO scan of your WordPress site and provide a comprehensive report of how good your site is optimized for search engine optimization and social media.
To instantly run a checkup and get a full report about what you need to fix or adjust on your site to make it more SEO friendly, click Run Checkup.
A checkup is completed with one tap of a button.
It will run a check-up and let you know if your score has changed at all. It’s as simple as that to get a glimpse of where you’re at with your SEO.
To get this set up automatically, click on the gear icon. The gear icon will open a new tab in SmartCrawl’s Reporting dashboard.
From here, you can enable scheduled checkups in one-click. Once enabled, you can add recipients and schedule daily, weekly, or monthly reports. Plus, you can choose the day of the week and time.
Pick whatever date and time are convenient for you.
See our SEO Score documentation for detailed information about using this section.
Now that we have our reports set up let’s…
2. Access SEO Checkup and Site Crawler Reports with One-Click
The SEO Checkup area in The Hub offers you a comprehensive report on how optimized your WordPress site is for search engines. It shows you the number of issues you have and how many of them have been resolved or ignored.
Plus, you can view your next scheduled check and edit accordingly.
All of your SEO Checkup reporting is in one place.
By clicking on Issues, you’ll have a new tab open up that will display your SEO score. You’ll also see your last checkup, the SEO issues, and your next scheduled report.
The current SEO score, last SEO checkup, SEO issues, and more are displayed here.
If you scroll down to the Checkup section below this area, you can review all of your SEO issues with a yellow exclamation point. You’ll also see all of the resolved issues, indicated by a green checkmark.
Scroll down to see all of the issues that need to be addressed and taken care of.
Furthermore, you’re able to view your issues that need taken care of or resolved by clicking on Resolved and Ignored from The Hub.
Find out what issues are resolved and ignored by clicking on either of these two options.
When it comes to site crawler reports, all of that is done in The Hub’s Site Crawler area.
From here, you can run Site Crawler to detect any URL issues (e.g. broken links, 404s, multiple redirections, etc.) that might interfere with rankings in search engines.
All the Issues, Missing URLs, and Total URLs are on display. You can also schedule your next scan, run a scan, and see when the last site crawl scan was completed.
View all the issues and more from this area.
By clicking on View Issues, you can view all of the issues that the site crawler discovered. It will open up a new tab in SmartCrawl’s dashboard. The number of issues is then displayed.
Scrolling down, you can view each issue in detail, ignore them, list occurrences (to see where these links can be found), and redirect any broken URL to a new link.
By tapping on the gear icon, you can list occurrences, redirect, or ignore any issue.
You can quickly run a new scan by clicking New Scan or get one set up by clicking Set Up.
The next scheduled scan will also appear here when implemented.
To run a regular URL crawl and have reports sent to your inbox, all it takes is a flip of a switch. Once you’ve done this, you can add recipients and set a daily, weekly, or monthly schedule. Also, you can set the day of the week and time to have reports sent out.
Run a report and add recipients.
You’re now all set up for automated reporting to keep track of your site’s SEO!
3. Automatically Generate Detailed Sitemaps
With The Hub and SmartCrawl, you can automatically generate a sitemap and regularly send updates to Google. A sitemap ensures that your site stays as SEO friendly as possible consistently.
Get started by clicking on Site Crawler in The Hub dashboard.
Clicking on Site Crawler is all you need to do to get started.
This will open up a new tab in SmartCrawl’s dashboard. Here, you can see that SmartCrawl’s sitemap is activated, and it provides the URL where the sitemap is available. You can also switch to the WordPress core sitemap if you’d prefer.
Disable SmartCrawl’s sitemap with one-click if you’d prefer to use WordPress instead.
To see the difference between WordPress’ and SmartCrawl’s sitemap, you can find out more here.
From this point, you can choose which post types, archives, and taxonomies you’d like to add to your sitemap in one-click.
You can include Posts, Pages, Categories, and Tags.
Add any URLs you want to include in your sitemap that isn’t a part of your default pages, posts, or custom post types. Likewise, you can exclude any posts IDs as well.
Add the URL for inclusions and post IDs for posts you’d like to exclude.
Also, include Custom URLs you’d like to exclude by entering them in.
If you have any issues with SEO, it’s important to review them and clean them up. With The Hub, checking and fixing any SEO issue can be done quickly and easily.
In the SEO Checkup area, you can access problems and get them fixed by clicking Issues.
Head over to Issues to take care of — you guessed it — issues.
This will open up a new tab in SmartCrawl’s dashboard, where you can review your SEO recommendations highlighted in yellow.
In this example, you can see that Microdata and Link Text are potential issues.
Now you can get a detailed look at each issue by clicking on the dropdown by each one. When doing so, you’ll get an Overview, Status, and a look at How to Fix.
From here, you can Ignore the issue or fix it with SmartCrawl’s recommendations.
Clicking on Add Schema Markup will get you on your way to fixing this particular issue.
Once all of the issues are resolved, they’ll be highlighted green, and you’ll be all set.
5. Control How Pages, Posts, and Custom Posts Display in Search Engines
Appearances are important — especially when it comes to SEO. You can customize your titles and meta to be more Google-friendly and easily searchable right from The Hub’s Titles & Meta section.
This section shows you the Homepage and the number of Public Post Types.
Take control of how your site appears in search engines with titles and meta descriptions.
To start setting up how your pages, posts, and custom posts appear in search engines, click on either Titles & Meta, Homepage, or Public Post Types. All three options will open up a new tab in SmartCrawl where you can start editing.
As you can see, the Homepage tab is selected.
This is all done from the Homepage section. From here, you can customize your homepage title and description.
It shows you recommendations of the number of characters to use (which will highlight in green when good), a live Google preview, and also offers other pointers (e.g. keep things simple).
An example page and description.
In this area, you can also enable OpenGraph, enhancing how your content appears when it’s shared on social media. You’re also able to enable Twitter cards and enable Indexing in one-click, which is for adjusting whether you want your site to appear in search results.
Tweak and adjust accordingly.
The set up is the same as the Homepage for editing the titles & meta for Post Types, Taxonomies, and Archives. You can get to any of these areas from the top of the page.
Adjust the title & meta in all of these categories.
You can also adjust additional settings in the Settings area, including separators (page break between variables) and character length.
6. Optimize Your WordPress Site’s Social Appearance
Control how your pages and posts appear on social media with a few clicks, leading to better engagement and traffic, from the Social tab in The Hub.
You can enable OpenGraph, Twitter Cards, and also turn on Pinterest Verification.
The social tab in The Hub has quick access to get your social SEO in check.
OpenGraph adds metadata to your pages to make them appear amazing when shared on popular social networks.
It will use your default titles, descriptions, and feature images.
To enable it, click on OpenGraph. It will open up a new tab in SmartCrawl, and you can have it functioning instantly.
OpenGraph is one-click away!
With Twitter Cards, you can add metadata to your pages to make the appearance of your posts better with rich photos, videos, and media experiences. In return, this helps drive traffic to your site.
Like OpenGraph, you can enable it in one-click. You also have the choice of including an image or not. Plus, there’s a preview of what a post will look like.
You get a nice preview of what it looks like with an image on Twitter.
Turning on Pinterest Verification will verify your website with Pinterest. This will attribute your website when your site’s content is pinned to the social platform.
It’s done by adding your website to Pinterest and copying the meta tag to SmartCrawl. Once confirmed, you’ll get a notification.
Once you’re verified, you’ll get this message.
And it will reflect that you’re connected in The Hub.
There are other ways to optimize your SEO in The Hub that you can set up quickly and easily. Here’s a rundown of what else you can do.
Automatic Linking
Set up Automatic Linking in just a couple of clicks so that it will look for keywords that match pages & posts around your WordPress site and automatically link them.
Just hit Activate to set it up.
Get started in one-click.
From here, SmartCrawl will confirm with you that you want to get started. And then, you set up what post types to allow to link to and where to insert links.
Click to link on posts, pages, comments, and also insert links, too.
You can also add Custom Links, Excluded Keywords, and Minimum & Maximum lengths, which limits the number of characters and link amounts.
Along with that, include Optional Settings like:
Allow autolinks to empty taxonomies
Prevent linking in heading tags
Process only single posts and pages
Process RSS feeds
Case sensitive matching
Prevent duplicate links
Open links in a new tab
Nofollow autolinks
A lot can be done to fine-tune your automatic linking and improve your SEO.
Schema
Schema is set up to let search engines know whether you’re an organization or a person, and then from there add all of your social profiles. This is so search engines know what social profiles to attribute your web content to.
Where you’ll set up Schema in The Hub.
There is a ton you can do with Schema. You can add your website details, logo, descriptions, corporate contacts, set up a contact page, and social media accounts.
As you can see, there’s a lot you can add to Schema.
There’s also an option to enable Google Sitelinks Search, which adds a mini search box under the main result for users to search your website directly when searching on Google.
When enabled, you can enhance a user’s search results on Google.
Beyond this, there are advanced settings and plenty more you can add, such as special pages, structured data, and author options. For more detailed information on Schema, be sure to read our documentation.
MozRank
Moz is the industry leader in SEO reports and this feature allows you to integrate with their API.
With MozRank activated, it will provide reports that tell you how your site is performing against the competition with all of the crucial SEO measurement tools, like ranking, links, and more.
From The Hub, you can click Activate to get started.
It’s easy to activate and set up an account.
You’ll have to set up an account with MozRank to get it to function. Once you have an account and enter your credentials into SmartCrawl, you’ll begin to see metrics specific to your site. Also, you’ll be able to see individual stats per post in the post editor.
The Hub has a Your Reports area, where you can automatically run SEO checkups and site crawler, followed by an email report.
It will display what reports you have activated and you can get access to them in one-click.
Your reports are accessible and easily accessed right from The Hub.
Once accessed, you can modify recipients of the reports, schedule, view SEO issues, and more.
Content Analysis
The Content Analysis area will recommend improvements to your content to give it the best ranking possible. You can see your Overall SEO Analysis and Overall Readability Analysis.
The analysis is then marked as Good or Poor and Easy, Okay, or Difficult.
Once clicking on an analysis, SmartCrawl offers some detailed information, and you can make the recommended improvements.
From here, make some improvements and your SEO will improve.
Content Analysis is a sure way to keep your SEO in good shape and improve as necessary.
Your SEO Has it All with The Hub and SmartCrawl
With The Hub and SmartCrawl, your SEO is always in check, and assessing how well it’s optimized is always just a few clicks away. Your site’s ranking will always be up to par with detailed reports, internal linking, social enhancements, and more!
And that’s not all. We’re constantly upping the SEO game and improving The Hub, so be sure to check out our Roadmap to see what’s next.
Plus, for more detailed information, you can always refer to our documentation on The Hub and SmartCrawl.
As you can see, with The Hub and SmartCrawl, your SEO has it all!
RingCentral, Inc., a provider of global enterprise cloud communications, collaboration, and contact center solutions, today announced a new high-volume SMS service that enables businesses to send SMS messages and updates to their customers rapidly. Using this service, developers can build customized apps using RingCentral’s business communications platform. RingCentral also offers the service via pre-built applications available in the RingCentral App Gallery.
Recipe slide from the MakeStories WordPress plugin.
Earlier today, MakeStories launched version 2.0 of its plugin for creating Web Stories with WordPress. In many ways, this is a new plugin launch. The previous version simply allowed users to connect their WordPress installs to the MakeStories site. With the new version, users can build and edit their stories directly from the WordPress admin.
Version 2.0 of the plugin still requires an account and a connection with the MakeStories.io website. However, it is simple to set up. Users can log in without leaving their WordPress admin interface. This API connection means that user-created Stories are stored on the MakeStories servers. If an end-user wanted to jump platforms from WordPress to something else, this would allow them to take their Stories with them.
“One of the things we would like to assure is your content is still yours, and none of the user data is being consumed or analyzed by us,” said Pratik Ghela, the founder and product manager at MakeStories. “We only take enough data to help serve you better.”
The plugin is a competing solution to the official Web Stories plugin by Google. While the two share similarities in the final output (they are built to utilize the same front-end format for creating Stories on the web), they take different paths to get there.
The two share similarities on the backend too. However, MakeStories may be more polished in some areas. For example, it allows users to zoom in on the small canvas area. Having the ability to reorder slides from the grid view also feels more intuitive.
“The main unique selling proposition of our plugin is that it comes with a guarantee of the MakeStories team,” said Ghela. “We as a team have been building this for over two years, and we are proud to be one of the tools that has stood the test of time, and competition and is still growing at a very fast pace.”
The team also wants to make the Story-creating process faster, safer, and rewarding. The goal is to cater to designers, developers, and content creators. Ghela also feels like his team’s support turnaround time of a few hours will be the key to success and is a good reason for users to give this plugin a try before settling on something else.
“We feel that our goal is to see Web Stories flourish,” he said. “And we may have different types of users looking out for various options. So, the official plugin from Google and the one from MakeStories at least opens up the options for users to choose from. And we feel that the folks at Google are also building a great editor, and, at the end of the day, it’s up to the user to select what they feel is the best.
Technically, MakeStories is a SaaS (software as a service) product. Even though it is a free plugin, there will eventually be a commercial component to it. Currently, it is free at least until the first quarter of 2021, which may be extended based on various factors. There is no word on what pricing tiers may be available after that.
“There will always be a free tier, and we have always stood for it that your data belongs to you,” said Ghela. “In case you do not like the pricing, we will personally assist you to port out from using our editor and still keep the data and everything totally intact.”
Diving Into the Plugin
Story management screen.
MakeStories is a drag-and-drop editor for building Web Stories. It works and feels much like typical design editors like Gimp or Photoshop. It shares similarities with QuarkXPress or InDesign, for those familiar with page layout programs. In some ways, it feels a lot like a light-colored version of Google’s Web Stories plugin with more features and a slightly more intuitive interface.
The end goal is simple: create a Story through designing slides/pages that site visitors will click through as the narrative unfolds.
The plugin provides a plethora of shapes, textures, and animations. These features are easy to find and implement. It also includes free access to images, GIFs, and videos. These are made possible via API integrations with Unsplash, Tenor, and Pexels.
MakeStories includes access to 10 templates at the moment. However, what makes this feature stand out is that end-users can create and save custom templates for reuse down the road.
Editing a Story from a predesigned template.
One of the more interesting, almost hidden, features is the available text patterns. The plugin allows users to insert these patterns from a couple of dozen choices. This makes it easier to visualize a design without having to build everything from scratch.
Inserting a text pattern and adjusting its size.
While the editing process is a carefully-crafted experience that makes the plugin worth a look, it is the actual publishing aspect of the workflow that is a bit painful. Traditional publishing in WordPress means hitting the “publish” button to make content live. This is not the case with the MakeStories plugin. It takes you through a four-step process of entering various publisher details, setting up metadata and SEO, validating the Story content, and analytics. It is not that these steps are necessarily bad. For example, MakeStories lets you know when images are missing alt text, which is needed information screen readers. The problem is that it feels out of place to go through all of these details when I, as a user, simply want my content published. And, many of these details, such as the publisher (author), should be automatically filled in.
Updating a Story is not as simple as hitting an “update” button either. The system needs to run through some of the same steps too.
Ghela said the publishing process might be a bit tough but will prove fruitful in the end. The plugin takes care of the technical aspects of adding title tags, meta, and other data on the front end after the user fills in the form fields.
“We will definitely work on improving the flow as the community evolves and improve it a lot to be easier, faster, and, most importantly, still very customizable,” he said.
The MakeStories team has no plans of stopping at its current point on the roadmap. Ghela sounded excited about some of the upcoming additions they are planning, including features like teams, branding, easy template customization, polls, and quizzes.
Many will ultimately hesitate to use any plugin that implements Web Stories given Google’s history of dropping projects. There is also a feeling that the format is a bit of a fad and will not stand the test of time.
“We greatly believe in AMP and Web Stories as a content format,” said Ghela. “We, as an agency, have been involved a lot in AMP and have done a lot of experiments with it, including a totally custom WooCommerce site in fully-native, valid AMP with support for variable products, subscriptions, and other functionalities.”
The company is all-in on the format and feels like it will be around for the long term, particularly if there is a good ecosystem around monetization.
“We think that the initial reactions are because there are not enough proven results and because we never imagined the story format to come to the web,” said Ghela. “There were definitely plugins that did this. Few folks tried to build stories using good ol’ HTML, CSS, and JavaScript. But, the performance and UX were not that great. On the other hand, the engineers at the AMP Team are making sure that everything is just perfect. The UX, load time, WCV Score, just everything.”
He feels that some of the early criticisms are unwarranted and that the web development community should give the format a try and provide feedback.
“The more data we all get, actually gives the AMP team a clear idea of what’s needed, and they can design the roadmap accordingly,” he said. “So, just giving out early reactions won’t help, but constructive criticism and getting back to the AMP team with what you are doing will.”
I'm utilizing phpMyAdmin to deal with my information bases, I have 2 tasks that utilization 2 diverse data set the first uses 'root'@'localhost' and the second is 'root'@'127.0.0.1' I don't have the foggiest idea how I wound up utilizing 2 distinctive worker however it was working fine until I attempted to alter codes with the first undertaking that utilizes 'root'@'localhost', I was attempting to choose from a table to be stacked to a DataGridView when a blunder sprung up saying "Host 'hostname' isn't permitted to interface with this MySQL worker". The second venture is working fine. This lone occurred after I attempt to make a module for interfacing with mysql information base since the previous code for associating with mysql is written in each structure.
We’re excited to announce Ethical Design, a new course in 21st Century Skills from Hope Armstrong and Michelle Zohlman! This 173-minute course encompasses ethical design essentials, confronting dirty data, big picture impacts, and how to apply ethical design practically. In...
Project: Average resistance
A student wants to measure a resistivity of a
material of certain wire of radius 2 mm, and
length of 25 cm. He got the following data
Voltage (V): 100, 90, 80, 70, 60, 50, 40, 30, 20, 7
Current (A): 11, 8, 7, 6, 5.7,5, 3.9, 2.3, 2.1, 1.1
Find the avg?
Besides meetings, how does your company communicate what everyone is working on each week? Meetings? Reports? Klare, Chris, and Marie talk about CodePen’s use of weekly team docs to keep our fully remote team up to date.
Serve dynamic, personalized content instantly with Netlify‘s Edge Handlers. Supercharge your web apps with custom JavaScript logic that runs on the network edge. Modify each request to localize content, serve relevant banner ads, authenticate visitors, and more… all directly from the worldwide location closest to each user.
In back-end development, storage is a common part of the job. Application data is stored in databases, files in object storage, transient data in caches… there are seemingly endless possibilities for storing any sort of data. But data storage isn’t limited only to the back end. The front end (the browser) is equipped with many options to store data as well. We can boost our application performance, save user preferences, keep the application state across multiple sessions, or even different computers, by utilizing this storage.
In this article, we will go through the different possibilities to store data in the browser. We will cover three use cases for each method to grasp the pros and cons. In the end, you will be able to decide what storage is the best fit for your use case. So let’s start!
The localStorage API
localStorage is one of the most popular storage options in the browser and the go-to for many developers. The data is stored across sessions, never shared with the server, and is available for all pages under the same protocol and domain. Storage is limited to ~5MB.
Surprisingly, the Google Chrome team doesn’t recommend using this option as it blocks the main thread and is not accessible to web workers and service workers. They launched an experiment, KV Storage, as a better version, but it was just a trial that doesn’t seem to have gone anywhere just yet.
The localStorage API is available as window.localStorage and can save only UTF-16 strings. We must make sure to convert data to strings before saving it into localStorage. The main three functions are:
setItem('key','value')
getItem('key')
removeItem('key')
They’re all synchronous, which makes it simple to work with, but they block the main thread.
It’s worth mentioning that localStorage has a twin called sessionStorage. The only difference is that data stored in sessionStorage will last only for the current session, but the API is the same.
Let’s see it in action. The first example demonstrates how to use localStorage for storing the user’s preferences. In our case, it’s a boolean property that turns on or off the dark theme of our site.
You can check the checkbox and refresh the page to see that the state is saved across sessions. Take a look at the save and load functions to see how I convert the value to string and how I parse it. It’s important to remember that we can store only strings.
This second example loads Pokémon names from the PokéAPI.
We send a GET request using fetch and list all the names in a ul element. Upon getting the response, we cache it in the localStorage so our next visit can be much faster or even work offline. We have to use JSON.stringify to convert the data to string and JSON.parse to read it from the cache.
In this last example, I demonstrate a use case where the user can browse through different Pokémon pages, and the current page is saved for the next visits.
The issue with localStorage, in this case, is that the state is saved locally. This behavior doesn’t allow us to share the desired page with our friends. Later, we will see how to overcome this issue.
We will use these three examples in the next storage options as well. I forked the Pens and just changed the relevant functions. The overall skeleton is the same for all methods.
The IndexedDB API
IndexedDB is a modern storage solution in the browser. It can store a significant amount of structured data — even files, and blobs. Like every database, IndexedDB indexes the data for running queries efficiently. It’s more complex to use IndexedDB. We have to create a database, tables, and use transactions.
Compared to localStorage , IndexedDB requires a lot more code. In the examples, I use the native API with a Promise wrapper, but I highly recommend using third-party libraries to help you out. My recommendation is localForage because it uses the same localStorage API but implements it in a progressive enhancement manner, meaning if your browser supports IndexedDB, it will use it; and if not, it will fall back to localStorage.
Let’s code, and head over to our user preferences example!
idb is the Promise wrapper that we use instead of working with a low-level events-based API. They’re almost identical, so don’t worry. The first thing to notice is that every access to the database is async, meaning we don’t block the main thread. Compared to localStorage, this is a major advantage.
We need to open a connection to our database so it will be available throughout the app for reading and writing. We give our database a name, my-db, a schema version, 1, and an update function to apply changes between versions. This is very similar to database migrations. Our database schema is simple: only one object store, preferences. An object store is the equivalent of an SQL table. To write or read from the database, we must use transactions. This is the tedious part of using IndexedDB. Have a look at the new save and load functions in the demo.
No doubt that IndexedDB has much more overhead and the learning curve is steeper compared to localStorage. For the key value cases, it might make more sense to use localStorage or a third-party library that will help us be more productive.
Application data, such as in our Pokémon example, is the forte of IndexedDB. You can store hundreds of megabytes and even more in this database. You can store all the Pokémon in IndexedDB and have them available offline and even indexed! This is definitely the one to choose for storing app data.
I skipped the implementation of the third example, as IndexedDB doesn’t introduce any difference in this case compared to localStorage. Even with IndexedDB, the user will still not share the selected page with others or bookmark it for future use. They’re both not the right fit for this use case.
Cookies
Using cookies is a unique storage option. It’s the only storage that is also shared with the server. Cookies are sent as part of every request. It can be when the user browses through pages in our app or when the user sends Ajax requests. This allows us to create a shared state between the client and the server, and also share state between multiple applications in different subdomains. This is not possible by other storage options that are described in this article. One caveat: cookies are sent with every request, which means that we have to keep our cookies small to maintain a decent request size.
The most common use for cookies is authentication, which is out of the scope of this article. Just like the localStorage, cookies can store only strings. The cookies are concatenated into one semicolon-separated string, and they are sent in the cookie header of the request. You can set many attributes for every cookie, such as expiration, allowed domains, allowed pages, and many more.
In the examples, I show how to manipulate the cookies through the client-side, but it’s also possible to change them in your server-side application.
Saving the user’s preferences in a cookie can be a good fit if the server can utilize it somehow. For example, in the theme use case, the server can deliver the relevant CSS file and reduce potential bundle size (in case we’re doing server-side-rendering). Another use case might be to share these preferences across multiple subdomain apps without a database.
Reading and writing cookies with JavaScript is not as straightforward as you might think. To save a new cookie, you need to set document.cookie — check out the save function in the example above. I set the dark_theme cookie and add it a max-age attribute to make sure it will not expire when the tab is closed. Also, I add the SameSite and Secure attributes. These are necessary because CodePen uses iframe to run the examples, but you will not need them in most cases. Reading a cookie requires parsing the cookie string.
A cookie string looks like this:
key1=value1;key2=value2;key3=value3
So, first, we have to split the string by semicolon. Now, we have an array of cookies in the form of key1=value1, so we need to find the right element in the array. In the end, we split by the equal sign and get the last element in the new array. A bit tedious, but once you implement the getCookie function (or copy it from my example :P) you can forget it.
Saving application data in a cookie can be a bad idea! It will drastically increase the request size and will reduce application performance. Also, the server cannot benefit from this information as it’s a stale version of the information it already has in its database. If you use cookies, make sure to keep them small.
The pagination example is also not a good fit for cookies, just like localStorage and IndexedDB. The current page is a temporary state that we would like to share with others, and any of these methods do not achieve it.
URL storage
URL is not a storage, per se, but it’s a great way to create a shareable state. In practice, it means adding query parameters to the current URL that can be used to recreate the current state. The best example would be search queries and filters. If we search the term flexbox on CSS-Tricks, the URL will be updated to https://css-tricks.com/?s=flexbox. See how easy it is to share a search query once we use the URL? Another advantage is that you can simply hit the refresh button to get newer results of your query or even bookmark it.
We can save only strings in the URL, and its maximum length is limited, so we don’t have so much space. We will have to keep our state small. No one likes long and intimidating URLs.
Again, CodePen uses iframe to run the examples, so you cannot see the URL actually changing. Worry not, because all the bits and pieces are there so you can use it wherever you want.
We can access the query string through window.location.search and, lucky us, it can be parsed using the URLSearchParams class. No need to apply any complex string parsing anymore. When we want to read the current value, we can use the get function. When we want to write, we can use set. It’s not enough to only set the value; we also need to update the URL. This can be done using history.pushState or history.replaceState, depending on the behavior we want to accomplish.
I wouldn’t recommend saving a user’s preferences in the URL as we will have to add this state to every URL the user visits, and we cannot guarantee it; for example, if the user clicks on a link from Google Search.
Just like cookies, we cannot save application data in the URL as we have minimal space. And even if we did manage to store it, the URL will be long and not inviting to click. Might look like a phishing attack of sorts.
Just like our pagination example, the temporary application state is the best fit for the URL query string. Again, you cannot see the URL changes, but the URL updates with the ?page=x query parameter every time you click on a page. When the web page loads, it looks for this query parameter and fetches the right page accordingly. Now we can share this URL with our friends so they can enjoy our favorite Pokémon.
Cache API
Cache API is a storage for the network level. It is used to cache network requests and their responses. The Cache API fits perfectly with service workers. A service worker can intercept every network request, and using the Cache API, it can easily cache both the requests. The service worker can also return an existing cache item as a network response instead of fetching it from the server. By doing so, you can reduce network load times and make your application work even when offline. Originally, it was created for service workers but in modern browsers the Cache API is available also in window, iframe, and worker contexts as-well. It’s a very powerful API that can improve drastically the application user experience.
Just like IndexedDB the Cache API storage is not limited and you can store hundreds of megabytes and even more if you need to. The API is asynchronous so it will not block your main thread. And it’s accessible through the global property caches.
If you build a browser extension, you have another option to store your data. I discovered it while working on my extension, daily.dev. It’s available via chrome.storage or browser.storage, if you use Mozilla’s polyfill. Make sure to request a storage permission in your manifest to get access.
There are two types of storage options, local and sync. The local storage is self-explanatory; it means it isn’t shared and kept locally. The sync storage is synced as part of the Google account and anywhere you install the extension with the same account this storage will be synced. Pretty cool feature if you ask me. Both have the same API so it’s super easy to switch back-and-forth, if needed. It’s async storage so it doesn’t block the main thread like localStorage. Unfortunately, I cannot create a demo for this storage option as it requires a browser extension but it’s pretty simple to use, and almost like localStorage. For more information about the exact implementation, refer to Chrome docs.
Conclusion
The browser has many options we can utilize to store our data. Following the Chrome team’s advice, our go-to storage should be IndexedDB. It’s async storage with enough space to store anything we want. localStorage is not encouraged, but is easier to use than IndexedDB. Cookies are a great way to share the client state with the server but are mostly used for authentication.
If you want to create pages with a shareable state such as a search page, use the URL’s query string to store this information. Lastly, if you build an extension, make sure to read about chrome.storage.
Do you use Bootstrap 4 in your projects? If so, you may be interested to see these examples of it in action that we’ve collected. From modals, sidebars, and thank you pages, to drag and drop, responsive menus, and buttons, we’ve gathered a few samples of code snippets to help you further how you build your next website. So have a look, play with them on CodePen, bookmark, and be sure to check out our other collections while you’re at it.
Your Web Designer Toolbox
Unlimited Downloads: 500,000+ Web Templates, Icon Sets, Themes & Design Assets
Starting at only $16.50/month!
With so much happening in front-end and UX these days, it can be quite difficult to keep track of important things. Luckily, there are wonderful newsletters and blogs out there that shed light on the latest in the web industry. In fact, with our weeklySmashing Email Newsletter, we aim to achieve that as well.
Every week, we send out useful front-end & UX tips, techniques and tools to help you get better at your work. We couldn’t be more grateful for the trust of 190,000 designers and web developers who are already subscribed. And if you aren’t yet, now there is a good reason to join in!
Your (smashing) email
Design, front-end & UX. 1× a week. You can always
unsubscribe with just 1 click.
The Smashing Prizes
On Tuesday, Oct. 27, we’ll raffle 10 winners from the newsletter list and give away a few Smashing Goodies. If you win, you can choose upto three items from the list below:
We kindly thank you for your trust and ongoing support. And perhaps tell your friends and colleagues about the newsletter as well, if you get a chance. It goes without saying that we’d sincerely appreciate it.
Thanks for being... smashing — now and ever, everyone!
The platforms we’ll discuss in this post target different users, and come with various benefits and limitations. Some of them are basic blogging platforms; others are fully hosted solutions or developer tools. Therefore, it’s crucial to assess your needs and make an informed decision.
Official site of a business leader in electronic asset control. is an excellent, reputable, and widely known digital identity and digital asset control company, offering many services across the globe. The organization's goal is to offer an easy, convenient way to protect your information and boost security for your customers and company.
For those people who are only beginning with then there are many alternatives to think about, from online help to training to a physical center. In order to guard your company and customers you want the best protection possible. You will need technology that fulfills the requirements of your small business. If you need a quick and Effortless solution to your safety demands then offers several alternatives, including:
The Digital Asset Protection service allows you to store and handle digital assets online. This service is intended to prevent unauthorized access to the data and information.
Apart from different services, what grew quickly was the e-mail service. email is freely obtainable in additional than 3 dozen languages with entrancing options. This good email is assessed from any browser at any time of the day from any corner of the planet. Simply a couple of years after once Verizon acquired
Allowance for managing your calendars: The users of this email will subscribe, print, produce or maybe add a calendar. They will manage the programs from the calendar and simply edit them too.
The convenience of making folders: through this good email, users will produce a brand new folder, rename it additionally delete it as per their preference.
It is right the same that if you are victimization any email services that you will even have to face its technical mishaps. There are times once users get pissed off attributable to technical problems like server issues, page not opening, password problems and plenty of additional. The best and quickest answer to those issues is to induce fast facilitate from the techies. Here are some ways in which during which specialists will facilitate]
Allowance for managing your calendars: The users of this email will subscribe, print, produce or maybe add a calendar. They will manage the programs from the calendar and simply edit them too.
The convenience of making folders: through this good email, users will produce a brand new folder, rename it additionally delete it as per their preference.
Saving emails & moving messages: by clicking at the lot of icons, users will merely save their emails and move single or multiple messages to the created folders.
The comfort of deleting multiple emails: not solely the users have the comfort of deleting single or multiple emails at a time however conjointly they will recover any accidentally deleted email at intervals seven days of deletion.
Disable the reading pane: if you dont need the reading pane on your screen, youll disable it by planning to settings then clicking customization.
Official site of a business leader in electronic asset control. is an excellent, reputable, and widely known digital identity and digital asset control company, offering many services across the globe. The organization's goal is to offer an easy, convenient way to protect your information and boost security for your customers and company.
For those people who are only beginning with then there are many alternatives to think about, from online help to training to a physical center. In order to guard your company and customers you want the best protection possible. You will need technology that fulfills the requirements of your small business. If you need a quick and Effortless solution to your safety demands then offers several alternatives, including:
The Digital Asset Protection service allows you to store and handle digital assets online. This service is intended to prevent unauthorized access to the data and information.
Apart from different services, what grew quickly was the e-mail service. email is freely obtainable in additional than 3 dozen languages with entrancing options. This good email is assessed from any browser at any time of the day from any corner of the planet. Simply a couple of years after once Verizon acquired
Allowance for managing your calendars: The users of this email will subscribe, print, produce or maybe add a calendar. They will manage the programs from the calendar and simply edit them too.
The convenience of making folders: through this good email, users will produce a brand new folder, rename it additionally delete it as per their preference.
It is right the same that if you are victimization any email services that you will even have to face its technical mishaps. There are times once users get pissed off attributable to technical problems like server issues, page not opening, password problems and plenty of additional. The best and quickest answer to those issues is to induce fast facilitate from the techies. Here are some ways in which during which specialists will facilitate]
Allowance for managing your calendars: The users of this email will subscribe, print, produce or maybe add a calendar. They will manage the programs from the calendar and simply edit them too.
The convenience of making folders: through this good email, users will produce a brand new folder, rename it additionally delete it as per their preference.
Saving emails & moving messages: by clicking at the lot of icons, users will merely save their emails and move single or multiple messages to the created folders.
The comfort of deleting multiple emails: not solely the users have the comfort of deleting single or multiple emails at a time however conjointly they will recover any accidentally deleted email at intervals seven days of deletion.
Disable the reading pane: if you dont need the reading pane on your screen, youll disable it by planning to settings then clicking customization.
Official site of a business leader in electronic asset control. is an excellent, reputable, and widely known digital identity and digital asset control company, offering many services across the globe. The organization's goal is to offer an easy, convenient way to protect your information and boost security for your customers and company.
For those people who are only beginning with then there are many alternatives to think about, from online help to training to a physical center. In order to guard your company and customers you want the best protection possible. You will need technology that fulfills the requirements of your small business. If you need a quick and Effortless solution to your safety demands then offers several alternatives, including:
The Digital Asset Protection service allows you to store and handle digital assets online. This service is intended to prevent unauthorized access to the data and information.
Apart from different services, what grew quickly was the e-mail service. email is freely obtainable in additional than 3 dozen languages with entrancing options. This good email is assessed from any browser at any time of the day from any corner of the planet. Simply a couple of years after once Verizon acquired
Allowance for managing your calendars: The users of this email will subscribe, print, produce or maybe add a calendar. They will manage the programs from the calendar and simply edit them too.
The convenience of making folders: through this good email, users will produce a brand new folder, rename it additionally delete it as per their preference.
It is right the same that if you are victimization any email services that you will even have to face its technical mishaps. There are times once users get pissed off attributable to technical problems like server issues, page not opening, password problems and plenty of additional. The best and quickest answer to those issues is to induce fast facilitate from the techies. Here are some ways in which during which specialists will facilitate]
Allowance for managing your calendars: The users of this email will subscribe, print, produce or maybe add a calendar. They will manage the programs from the calendar and simply edit them too.
The convenience of making folders: through this good email, users will produce a brand new folder, rename it additionally delete it as per their preference.
Saving emails & moving messages: by clicking at the lot of icons, users will merely save their emails and move single or multiple messages to the created folders.
The comfort of deleting multiple emails: not solely the users have the comfort of deleting single or multiple emails at a time however conjointly they will recover any accidentally deleted email at intervals seven days of deletion.
Disable the reading pane: if you dont need the reading pane on your screen, youll disable it by planning to settings then clicking customization.
Brian, known as Dr. Woo, Hollywood’s most requested tattoo artist, started his love for tattoos at an early age—his first tattoo was at just 14-years-old. But it wasn’t until a decade...
