WordPress Finally Gets the Security Features a Third of the Internet Deserves (zdnet.com) 47
The WordPress content management system (CMS) is set to receive an assortment of new security features today that will finally add the protection level that many of its users have desired for years. From a report: These features are expected to land with the official release of WordPress 5.2, expected for later today. Included are support for cryptographically-signed updates, support for a modern cryptography library, a Site Health section in the admin panel backend, and a feature that will act as a White-Screen-of-Death (WSOD) protection -- letting site admins access their backend in the case of catastrophic PHP errors. With WordPress being installed on around 33.8 percent of all internet sites, these features are set to put some fears at ease in regards to some attack vectors. Probably the biggest and the most important of today's new security features is WordPress' offline digital signatures system. Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package's authenticity before applying it to a local site.
Deletion? (Score:3, Funny)
If it's not deletion then it's not really what the Internet deserves. ;)
You dont deserve security. (Score:2)
In the 21st century proper security should be mandatory and a luxury item for those who choose to buy the up sale.
WSOD protection (Score:3, Insightful)
Seriously, this will be good news if it works. I ran into this once after a theme update, of all things.
Fortunately we had backups, but still - how the heck does a single theme's update kill the entire Wordpress admin panel?
Re: WSOD protection (Score:1)
Re: (Score:2)
Nor, for that matter, has he ever worked in a job supporting customers - who often want something like Wordpress to be available to them, regardless of the opinions of the local BOFH.
Re: (Score:2)
There has always been WSOD protection. It is called ssh. If you have a site that is important enough to require strong security and you can't ssh into the system and fix it you are not a person who should be the admin for said site.
How do you think I fixed it using our backups? But that doesn't make it any less ridiculous that a theme update could do that in the first place.
Plugins are the true vulnerability (Score:5, Insightful)
Until Wordpress implements compartmentalization and permissions within their plugin system, none of this really matters. Any plugin can access any file anywhere and modify it. They can modify your htaccess to redirect to malicious domains they can do what ever they want. Wordpress has a small review process for plugins on their own repository but after that initial review they will never check that crap again even if the plugin destroys sites. I guess this is a step in the right direction though.
Re: (Score:2)
some plugins that add caching features modify htaccess files to point to static cache files and cache files of certain types and wordpress was like "Yep, sounds good to me:"
In The Real World... (Score:2)
The security feature a third of the Internet needs is to not use WordPress. Why is WP's only defense and first selling point always an argumentum ad populum fallacy?
If Mozilla can't handle signed code, why should anyone think the WP team can? WP has been the poster child for how to write PHP badly since 2004.
Re: (Score:3)
WP has been the poster child for how to write PHP badly since 2004.
Is there another way to write PHP?
Re: (Score:2)
That hasn't been apt for a decade. Some people rather sit on their bias contently than learn. That's a good filter for the industry.
There's PHP code less than 10 years old? Why did anyone do that?
Re: (Score:1)
All the signature says is "We approve of this in it's current form." It does not say anything about the safety of whatever this is. The bugs are still there, the only difference is they are "approved" bugs in the sense that they will be allowed to execute and wrought whatever havoc they want if triggered. The bugs are probably* not approved in the "We think this is a good thing" sense.
What code signing is meant to stop, and does a
catastrophic PHP errors (Score:2)
letting site admins access their backend in the case of catastrophic PHP errors
... such as installing PHP?