WooCommerce 5.5.2 Fixes Performance Issues Found After Forced Security Update

WooCommerce has shipped version 5.5.2 as a follow-up to the forced security update that patched a SQL Injection vulnerability last week. The vulnerability impacted versions 3.3 to 5.5 of the WooCommerce plugin, as well as versions 2.5 to 5.5 of the WooCommerce Blocks feature plugin. The team created a patch for more than 90 releases, which was sent as a forced security update from WordPress.org, due to the potential severity of impact for millions of WooCommerce installations.

Shortly after the automatic update rolled out, many store owners started reporting serious performance issues on both WordPress.org and GitHub. Some users reported database crashes after receiving the automatic security patch in 5.5.1. One user reported a painfully slow, endless query that was “crippling to our operations,” with similar reports on GitHub of this same query “causing the entire server to go down.”

Those with a large number of products in their databases were impacted more frequently. “We run a fairly big DB – 17k products,” one user said. “This has been a nightmare.”

Store owners affected by this issue had resorted to downgrading to the previous releases at WooCommerce’s recommendation. They shared temporary workarounds to disable the query while WooCommerce investigated the issue. The problem was reported so frequently that it became a high priority for the team to fix.

A week ago, WooCommerce developer Adrian Duffell reported back that they had determined the cause was twofold:

  1. A slow SQL query used to retrieve the products that are low in stock. This SQL has been in WooCommerce for a number of releases.
  2. A REST API request, which executes this SQL query, is called more frequently in WooCommerce 5.5 than in previous versions.

A combination of these factors was causing the degraded server performance when users updated to WooCommerce 5.5. A fix was released in WooCommerce Admin 2.4.4 three days ago, and the fix was also added to core today in 5.5.2. Users who had put workarounds in place are advised to remove them after updating to the latest release.


3 responses to “WooCommerce 5.5.2 Fixes Performance Issues Found After Forced Security Update”

  1. I think the problem with security issues is there is often a ‘knee-jerk’ reaction to fixing them rather than taking the methodical approach of fixing it properly to avoid large scale problems as reported.

    Whilst there are good intentions here, I think sometimes more planning needs to be made before deploying to production environments hastily.

    • Testing before release in real world environments like an average shop with at least a few 100 products and variants and a few 100 customer accounts with purchase history and typical million-in-use plugins for SEO etc. would help.

      As long as testing is only based on some automated unit tests or at most simple fresh installed sites with 3-5 products, the described problems will occur again and again…

    • I disagree in this particular case. A very serious issue was found and corrected in a massive number of versions. Yes, a quality issue slipped in, but look at the speed it was resolved.

      In general I feel your point in valid, often times there is a knee jerk reaction to security issues and perhaps this issue could have been avoided with a little more planning. But the severity of the situation appears to have warranted immediate action and I’m sure those shop managers (with whom I am included) would rather have a couple days of bad performance than the dread of being hacked.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: