WordPress finally added some much needed security.
First, let me start this article off by stating that if you use WordPress as your content management system (CMS), you should know by now that you should always update your website for the fact that it will decrease your chances of being hacked as well as other issues that you could come across.
Aside from updating your plugins and theme you should always update our WordPress install when a new version is released.
The most recent version of WordPress is 5.2 and it’s a huge update that finally addresses some security concerns that users have had for years now.
In version 5.1, WordPress introduced the site health check feature that can help you improve the speed and security of your website, which is a great since both are critical when it comes to maintaining a site.
Now with version 5.2, WordPress really out did themselves by adding two new pages to help webmasters debug common configuration issues.
There is also a new addition for the site health check where web developers can add debugging information for those who maintain the website.
One of the most frustrating things for website owners is when they come across a PHP error because it could either take down thee site or mess with the design and/or functionality.
In the 5.2 update, WordPress added PHP Error Protection, which will allow people to safely fix fatal errors with a lesser chance of having to deal with the “white screen of death.”
PHP Error Protection will also help you deactivate any plugins that are causing problems with your site by going into a recovery mode that will pause any plugins or themes that are messing things up.
WordPress also added some accessibility updates, plugin compatibility checks, new dashboard icons, new PHP version, new body hook tag, privacy updates s as well as some other minor things.
The best update that WordPress added in 5.2 has to be cryptographically-signed updates because it’s a digital signature system that will digitally sign its update packages with the Ed25519 public-key signature system. This will allow the local installation to be able to verify the update package’s authenticity before making the updates to any WordPress website.
In English, this means that your website will make your site more safe because it will keep hackers from being able to use a supply-chain attack on your site as well as any other WordPress site that has version 5.2 installed.
As Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises points out, it wasn’t that hard to hack the WordPress update server prior to this update.
“Before WordPress 5.2, if you wanted to infect every WordPress site on the Internet, you just had to hack [the WordPress] update server,” said Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises, and one of the developers involved in securing the WordPress update system.
“After WordPress 5.2, you would need to pull off the same attack and somehow pilfer the signing key from the WordPress core development team.”
ZDNet.com
Like I mentioned at the beginning of this article, it’s always important to update your WordPress site for security reasons, now it’s even more important to install version 5.2.
You can head on over to WordPress.org for more information on the latest update.
Leave a Reply