With
WordPress CMS 5.1, users may now, to a certain extent, leave their WSOD (white
screen of death) worries behind them. This new version is said to come with a
feature that helps the platform detect any fatal PHP errors and determine the
causes. The reason why the WSOD is so abhorred is that it makes a WordPress
site inaccessible to both administrators as well as visitors.
Now,
the white screen of death is often caused by either coding errors or memory
limit exhaustion. The feature at least helps administrators pinpoint the exact
cause of the PHP errors, whether it's because of a plugin or a theme that
causes these errors.
Think
of it a safe mode that disables all non-essentials from running so that you're
able to determine the cause of the errors. And while this does indeed prove as
a time-saving feature that allows administrators to detect flaws in their
website quickly, the mere fact that the feature disables plugins should already
be a cause for concern, especially when many of these plugins are essential in
maintaining the security of a website.
Hackers
are incredibly relentless with their campaigns, and any pause in security could
easily become an opening through which a hacker can gain access to the website.
In fact, according to researcher, Slavco Mihajloski, hackers could potentially
"weaponize" this feature as a spear tip in their attack when they force a PHP
error onto a website, which will then prevent the website's security plugins
from initiating. And from there, they can simply permanently disable these
plugins. This begs the question of whether or not you're willing to sacrifice
the security of your website for the ability to pinpoint the flaws in your code
much quicker and more accurately.
Now,
there are many factors that should be considered whether this ability is worth
risking your website security for. And while you can simply critique this
feature and suggest that there should be a better method that doesn't disable
security plugins, we all know that we may have to wait for some time before
that solution gets implemented. WordPress
Development experts will always be the best people to
consult regarding scenarios like this.
In
the meantime, we need to work with the tools that are currently at our
disposal. So, the decision ultimately lies in what your website contains and
whether or not hackers would even have any interest in breaching your security.
For
example, if you run an established blog that holds weight in its chosen
industry, then you can bet that there will be hackers who will attempt to
exploit this lapse in security.
On
the other hand, if you own a website that does not necessarily hold much
weight, or an audience even, you can bet that hackers aren't going to have much
of an interest in your blog because, well, qui
bono (who benefits)? What exactly are they going to gain by attacking you?
##