Virtualization Technology News and Information
New WordPress Stability Feature Could Be Causing More Harm Than Good


With WordPress CMS 5.1, users may now, to a certain extent, leave their WSOD (white screen of death) worries behind them. This new version is said to come with a feature that helps the platform detect any fatal PHP errors and determine the causes. The reason why the WSOD is so abhorred is that it makes a WordPress site inaccessible to both administrators as well as visitors.

Now, the white screen of death is often caused by either coding errors or memory limit exhaustion. The feature at least helps administrators pinpoint the exact cause of the PHP errors, whether it's because of a plugin or a theme that causes these errors.

Think of it a safe mode that disables all non-essentials from running so that you're able to determine the cause of the errors. And while this does indeed prove as a time-saving feature that allows administrators to detect flaws in their website quickly, the mere fact that the feature disables plugins should already be a cause for concern, especially when many of these plugins are essential in maintaining the security of a website.

Hackers are incredibly relentless with their campaigns, and any pause in security could easily become an opening through which a hacker can gain access to the website. In fact, according to researcher, Slavco Mihajloski, hackers could potentially "weaponize" this feature as a spear tip in their attack when they force a PHP error onto a website, which will then prevent the website's security plugins from initiating. And from there, they can simply permanently disable these plugins. This begs the question of whether or not you're willing to sacrifice the security of your website for the ability to pinpoint the flaws in your code much quicker and more accurately.

Now, there are many factors that should be considered whether this ability is worth risking your website security for. And while you can simply critique this feature and suggest that there should be a better method that doesn't disable security plugins, we all know that we may have to wait for some time before that solution gets implemented. WordPress Development experts will always be the best people to consult regarding scenarios like this.

In the meantime, we need to work with the tools that are currently at our disposal. So, the decision ultimately lies in what your website contains and whether or not hackers would even have any interest in breaching your security.

For example, if you run an established blog that holds weight in its chosen industry, then you can bet that there will be hackers who will attempt to exploit this lapse in security.

On the other hand, if you own a website that does not necessarily hold much weight, or an audience even, you can bet that hackers aren't going to have much of an interest in your blog because, well, qui bono (who benefits)? What exactly are they going to gain by attacking you?


Published Friday, February 01, 2019 1:36 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2019>