The jQuery that current ships as part of WordPress is (as of WP 5.4.1) an older version of jQuery. As in ancient. This plugin allows you to instead use a much more modern version of jQuery, with optional compatibility for scripts that need the older jQuery calls.
This plugin also optionally allows you to securely select a public CDN for jQuery, including the appropriate Subresource Integrity (SRI) and CrossOrigin attributes. Using a CDN can speed up the loading of your website as there is a good chance a client visiting your website already has the identical file in their browser cache and does not need to fetch it again.
When a CDN is used, a small amount of code is added to your pages to provide a fallback where jQuery and the jQuery Migrate plugin are served from your site if either the CDN can not be reached by the client or if the SRI check fails.
The updated jQuery will not replace the core jQuery for administration pages. This is to avoid potential breakage of administrative pages.
The options for this plugin are managed from the WordPress ‘Dashboard’ in the ‘Settings’ area, using the ‘jQuery Options’ menu option within the ‘Settings’ area.
There are four configurable options you can customize.
‘Use Migrate Plugin’ option
Enabled by default.
You may disable compatibility with scripts that require older versions of jQuery. This is not recommended.
The jQuery Migrate plugin provides compatibility with jQuery 1.9 through 3.0. It is enabled by default and provides compatibility with the version of jQuery that currently (WP 5.4.1) ships in WordPress, which is jQuery version 1.12.4.
Scripts written to use the version of jQuery that ships with WordPress may be registered with a dependency of
jquery-core but use functions that are no longer supported in jQuery 3.5.1. When ‘Use Migrate Plugin’ is enabled, scripts that are registered with a dependency of
jquery-core will trigger enqueuing of the Migrate plugin so that those scripts written for the older jQuery will still work. When ‘Use Migrate Plugin’ is disabled, then enqueuing of the Migrate plugin will only happen if scripts explicitly specify
jquery as a dependency.
If some jQuery scripts break even with ‘Use Migrate Plugin’ enabled, they are likely written for jQuery prior to version 1.9. The only option in that case is to not use this plugin until you have upgraded that very old code.
It is highly recommended you update such old code as soon as possible, whether or not you plan to use this plugin.
Please note that WordPress has provided jQuery for years, this results in many plugins and themes using jQuery out of convenience when they really did not need to.
‘Use Content Distribution Network’ option
Disabled by default.
By default, the updated jQuery scripts are served from within this WordPress plugin. This is because responsible plugin and theme developers do not (in my opinion) utilize third party resources by default.
I recommend you enable this option however doing so will result in front-end pages being served that reference a Third Party Resource. Links to those services and their privacy policies follows the section on Plugin Options.
‘Use Subresource Integrity’ option
Enabled by default.
This option only has meaning when the ‘Use Content Distribution Network’ option is enabled.
This option will add a Subresource Integrity hash that browsers can use to verify the resource retrieved is valid opposed to a modified possible trojan.
The only logical reason I can think of to disable this option is if you already have a different plugin that manages Subresource Integrity.
‘Select Public CDN Service’ option
Set to ‘jQuery.com CDN’ by default.
This option only has meaning when the ‘Use Content Distribution Network’ option is enabled.
This option lets you select which public CDN you wish to use from a list of five Public CDN services that are listed at https://jquery.com/download/#using-jquery-with-a-cdn
For many websites, the default ‘jQuery.com CDN’ is probably the best choice but it may not be the best choice for all websites, depending upon where the majority of your users are located geographically and which public CDN has a better response time in that geographical region.
External Third Party Services
This plugin always sets the
crossorigin="anonymous" attribute in association with the Third Party Service. This attribute instructs the browser not to send cookies or any other authentication information to the third party when retrieving the resource. Most modern browsers respect this attribute but some may not.
By default, the plugin will set the
integrity="[[expected base64 encoded hash]]" attribute in association with the Third Party Service. This instruct the browser not to use the downloaded resource if the hash does not match, protecting your users from possible trojans.
For SRI, this plugin uses the hashes associated with the files as provided by https://jquery.com/download/ with one exception (see the Hard-coded SRI Hashes section of this readme).
These are the potential third party services:
The default CDN used by this plugin when a CDN is enabled.
Link to service: https://code.jquery.com/
jQuery.com CDN is actually powered by StackPath.
Link to service: https://www.stackpath.com/
When you have a CDN enabled and have selected the CloudFlare CDNJS option then
the CloudFlare CDNJS service will be used.
Link to service: https://cdnjs.com/libraries/jquery/
For jQuery, CDNJS is powered by CloudFlare.
Link to service: https://www.cloudflare.com/
When you have a CDN enabled and have selected the jsDelivr option then the
jsDelivr CDN will be used.
Link to service: https://www.jsdelivr.com/
When you have a CDN enabled and have selected the Microsoft CDN option then the Microsoft CDN will be used.
Link to service: https://docs.microsoft.com/en-us/aspnet/ajax/cdn/overview
When you have a CDN enabled and have selected the Google CDN option then the Google CDN will be used.
Link to service: https://developers.google.com/speed/libraries
Hard-coded SRI Hashes
This plugin includes hard-coded Subresource Identity public hashes for the minified versions of the jQuery core library and the jQuery Migrate Plugin.
For a better understanding of what SRI is and why hard-coding the hashes is a necessary security feature, please see the file
SubResourceIntegrity.md in this directory.
The hard-coded hashes can be verified against what is published at the https://code.jquery.com/ website.
Click on the minified link for the same version of jQuery (3.5.1) and a window will pop up with a script tag including the same SRI as what is defined by the
PIPJQVSRI constant in
Click on the minified link for the same version of jQuery Migrate (3.3.0) and a window will pop up with a script tag including the same SRI as what is defined by the
PIPJQMIGRATESRI constant in
CloudFlare CDNJS and jdDeliver CDN
The minified jQuery Migrate plugin hosted at CloudFlare CDNJS and jsDelivr CDN have the following addition at the end of the JS file that cause their hash to be different:
For this reason, an SRI specific to them is used when CloudFlare CDNJS or jsDelivr CDN is the selected Public CDN.
This SRI value can be obtained from https://cdnjs.com/libraries/jquery-migrate
Mouse over the minified version and from the menu that appears select Copy SRI and the SRI that matches the file they serve will be copied to your clipboard and if the version is the same, it will match what is defined by the
PIPJQMIGRATESRI_CDNJS constant in
Public CDN Notes
As of May 28th, 2020 the following notes apply.
The Microsoft CDN does not yet have current versions of either the core jQuery library or the Migrate plugin. If you select that CDN, the files will be served from your host until the Microsoft CDN has them.
The Google CDN does not host any version of the jQuery Migrate plugin. If you select that option and have the Migrate plugin enabled, that plugin will be served from the jQuery.com CDN.
Plugin / Theme Compatibility
This plugin does not set the version for jQuery when registering the script. Unfortunately when registering a script with a version in WordPress, it always applies the query tag
?ver=whatever to the end of the resource and doing so with a CDN greatly reduces the odds that a browser will recognize it already has the scripts cached. Some plugins and themes may query for the version of jQuery being used. They should not do so, but some do. They will not get an answer if this plugin has run before they run and they will get the wrong answer if they run before this script has run.
I will try to update this plugin when new versions of jQuery are released but it may not be as fast as some may like. You can bug me by leaving sending an e-mail to pipfroshpress[AT]gmail[DOT]com.
Please note updates to this plugin with new versions of jQuery will not be pushed until that majority of the supported CDNs have the file. New versions also will not be published if the accompanying Migrate plugin does not give support for scripts written for jQuery 1.12.4.
For the included jQuery Migrate plugin, I am less likely to notice when new versions are available but I do check whenever a new version of jQuery itself is released. Again you can bug me if needed.
Development takes place on github at https://github.com/pipfrosch/pipfrosch-jquery
master branch will usually be exactly the same as what is distributed through WordPress except it will have a small
README.md file. The branch
pipjq is where I develop and what is in that branch may not always be stable. When a new release is ready and tested from the
pipjq branch, it will be merged with
master and then repacked for distribution through the WordPress SVN.
Please use the distribution from WordPress rather than from github unless you are testing. The version from WordPress is audited by more eyes than my github.
Versions use the standard
Major.Minor.Tweak scheme using integers for each. Code in my github may have a
pre appended at the end to indicate is not a released version and should not be used on production systems.
The Tweak is incremented by one when a minor change is made, such as adding a new language to the translation support. Generally you can ignore upgrading this plugin when there is just a Tweak bump.
The Minor is incremented by one when a functional bug is fixed or when an update to jQuery or the jQuery Migrate plugin is made that is not a substantial jQuery change. When Minor is bumped, Tweak will reset to
0. Generally you should upgrade when Minor is bumped.
The Major will be incremented when there is an upgrade to jQuery that is significant in nature. Both Minor and Tweak are reset to
0 when Major
Generally you should test an update to Major before updating on a production system just in case some of your jQuery code needs tweaks before deployment.
This plugin is ready for translations but so far does not actually have any. Note that the only strings where translations are beneficial require administrative privileges to see (the Settings). Hopefully translations will soon be made for the benefit of WordPress administrators who have a preferred written language other than English.
If you have a plugin or theme that wants to know about versions, the following options are defined if this plugin is active:
pipjq_plugin_versiondefines the plugin version.
pipjq_jquery_versiondefines the jQuery version.
pipjq_jquery_migrate_versiondefines the jQuery Migrate plugin version
All three those of those options are defined as strings.
You can also get them directly from the defined constants
PIPJQMIGRATE respectively but I do not guarantee that I will continue to specify them with those constant into the long-term future. For example, if I switch to a more OOP approach they may be defined within a class rather than as constants. The options however will always be defined.