WordPress is a great way to build a website. So great about a third of the Internet uses it now! Unfortunately though it is also not the most secure way, actually not by far. In the latest version 5.2 WordPress finally starts to address much needed security issues. We just hope this is the first step in a long line of security upgrades. WordPress the content management system (CMS) is set to receive several new security features today that will finally add the protection users have wanted for years.
- Included is cryptographically-signed updates, this adds support for a modern cryptography library.
- A Site Health section in the admin panel backend.
- A feature that will act as White-Screen-of-Death (WSOD) protection. Site admins will still be able to access their backend in the case of catastrophic PHP errors.
These features will fend off some fears in regards to certain attack vectors.
The most hands on upgrade is the Site Health section.
This section includes two pages. Site Health Status and Site Health Info. The Site Health Status page will run a set of basic security checks and deliver a report with what comes up. It also will have recommendations to fix any issues found. WordPress site owners and developers of security plugins can also write their own code to expand security checks to more areas of the WordPress site. I can see this section really taking off to enable all user levels to have much more secure WordPress websites.
The servehappy feature is also very help and easy to use
I can’t tell you how many WordPress sites are stuck on old, slow, and unsecure PHP versions because plugins and themes break when upgrading. It’s a hard decision to upgrade when you have to start the whole design over or remove a beloved plugin but realistically you need to always keep WordPress updated to the latest version. Otherwise it will get hacked eventually. Ideally I would not get to comfortable with any theme. The maker and go MIA anytime and it will fall behind with what WordPress needs. The only truly safe themes to use are the default WordPress themes but needless to say, they are not the greatest looking.
What’s next?
Improving WordPress security will not stop here. The next release of version 5.2. Another project includes Gossamer, which is scheduled for WordPress 5.4. Project Gossamer aims to port the same code-signing system used for the main WordPress updates into a framework that developers can use to code-sign updates for WordPress themes and plugins as well. This will keep developers on their toes when deciding the future of their project. This kind of forces them to make things better and more available to be updated.