WordPress 5.2 finally gets the security features a third of the Internet deserves

View Larger Image

WordPress 5.2 finally gets the security features a third of the Internet deserves. The WordPress content management system (CMS) is set to receive an assortment of new security features today that will finally add the protection level that many of its users have desired for years.

These features are expected to land with the official release of WordPress 5.2.

Included are support for cryptographic-ally-signed updates, support for a modern cryptography library, a Site Health section in the admin panel back-end, and a feature that will act as a White-Screen-of-Death (WSOD) protection –letting site admins access their back-end in the case of catastrophic PHP errors.

With WordPress being installed on around 33.8 percent of all internet sites, these features are set to put some fears at ease in regards to some attack vectors.

CRYPTOGRAPHIC-ALLY-SIGNED UPDATES

Probably the biggest and the most important of today’s new security features is WordPress’ offline digital signatures system.

Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package’s authenticity before applying it to a local site.

Adding support for cryptographic-ally-signed updates is an important step in preventing threat actors from carrying out a supply-chain attack on all WordPress sites, something that security firms have warned for more than two years now.

“Before WordPress 5.2, if you wanted to infect every WordPress site on the Internet, you just had to hack [the WordPress] update server,”

said Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises, and one of the developers involved in securing the WordPress update system.

“After WordPress 5.2, you would need to pull off the same attack and somehow pilfer the signing key from the WordPress core development team.”

WORDPRESS GETS A MODERN CRYPTOGRAPHIC LIBRARY

But Arciszewski’s work on the WordPress CMS did not end here. He also contributed to WordPress replacing an aging cryptographic library with one that’s fit for modern times.

Starting with WordPress 5.2, the CMS will support the Libsodium library for all cryptographic operations, instead of the now-deprecated and removed mcrypt.

Libsodium is now part of the WordPress CMS source code, along with Arciszewski’s sodium_compat library that works as a polyfill for older PHP servers that don’t support Libsodium.

WordPress now joins the ranks of modern web-dev tools that natively support Libsodium, such as PHP 7.2+, Magento 2.3+, and Joomla 3.8+.

Furthermore, with Libsodium’s addition to the WordPress CMS core, this also means plugin and theme developers can start supporting it as well.

Arciszewski published today a blog post with basic advice for WordPress plugin and theme developers on how to replace old mcrypt cryptographic functions with libsodium ones.

NEW SITE HEALTH SECTION

But the first WordPress 5.2 security features that users will spot in today’s release are not the changes to the CMS’ code, but the new “Site Health” section in the admin panel’s Tools menu.

This section includes two new pages –namely Site Health Status and Site Health Info.

The Site Health Status page works by running a set of basic security checks and delivering a report with the findings, along with recommendations to fix any discovered issues.

This section comes with a series of bundled tests, but site owners and developers of security plugins can also write their own to expand security checks to more areas of a WordPress site.

WordPress 5.2 finally gets the security features a third of the Internet deserves

The second section, named Site Health Info, is what its name implies. It provides a plethora of information about the website and server setup and is meant for debugging purposes or when needing to share server details with an IT professional for support services.

Info is provided about the WordPress install, the underlying server, plugins, themes, and file storage usage.

WordPress 5.2 finally gets the security features a third of the Internet deserves

SERVEHAPPY FEATURE

Another new security feature included with WordPress 5.2 is the Servehappy project, which was initially scheduled to be released with WordPress 5.1 but was split in two, with one part of the project shipping with WordPress 5.1 and the other half being shipped today, with WordPress 5.2.

WordPress 5.1 included the ability to show warnings when WordPress servers were running on servers with outdated PHP versions.

WordPress 5.2, released today, will include a feature called ‘White Screen Of Death’ (WSOD) protection, also known as “Fatal error protection,” and works as a “Safe Mode” for WordPress sites.

WSOD protection works by temporarily disabling themes and plugins when a PHP fatal error is encountered, so that site admins can regain access to their sites’ back-ends and fix the error.

WordPress 5.2 finally gets the security features a third of the Internet deserves

The feature was initially scheduled for WordPress 5.1 but was delayed to v5.2 after security researchers raised several scenarios in which hackers could have abused the WSOD protection system to turn off WordPress security plugins and launch attacks on WordPress sites.

FUTURE PLANS

But work on improving WordPress security will not stop with the release of the 5.2 version. Other projects include project Gossamer, scheduled for WordPress 5.4.

Project Gossamer aims to port the same code-signing system used for the main WordPress updates into a framework that developers can use to code-sign updates for WordPress themes and plugins as well.

Context in Outbound Links for High Ranking SEO(Opens in a new browser tab)

What’s behind this 1,000-character phishing URL?(Opens in a new browser tab)

Networking The Complete Reference, Third Edition(Opens in a new browser tab)

ATM hacking has gotten so easy, the malware’s a game(Opens in a new browser tab)

B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers(Opens in a new browser tab)

1.8 Million Users Attacked by Android Banking Malware, 300% Increase Since 2017(Opens in a new browser tab)

IoT devices pose a significant cybersecurity risk than most realize(Opens in a new browser tab)

Hacking Autonomous Vehicles: Is This Why We Don’t Have Self-Driving Cars Yet?(Opens in a new browser tab)

JavaScript infinite alert prank lands 13-year-old Japanese girl in hot water(Opens in a new browser tab)

Flipboard Account Security Notice(Opens in a new browser tab)

Over 164 Million U.S. Adults Enjoy Playing Video Games(Opens in a new browser tab)

Introduction to Scratch – Lifelong Kindergarten Group(Opens in a new browser tab)

Google has created a maths AI that has already proved 1200 theorems(Opens in a new browser tab)

Bernard Aybout2019-08-25T10:03:07-04:00

About the Author: Bernard Aybout

I'm a loving father, and husband. A computer / IT enthusiast.I've used and enjoyed computers / gadgets since I was young, and enjoy teaching young minds how to code, because it teaches them how to think.Today with YouTube, Fakebook, Twitter, etc... and social media garbage our youth are losing the ability to think on their own and solve problems.I believe this is a serious epidemic as kids today dont understand that technology is a tool. This tool is being abused, and its underlying effects are taking its toll on kids behavior's, and learning.

The auto industries race to the electric and autonomous car
Gallery
The auto industries race to the electric and autonomous car
March 29th, 2023
What is Chat GPT AI/ML?
Gallery
What is Chat GPT AI/ML?
March 28th, 2023
Stay ergonomically healthy while working on computers
Gallery
Stay ergonomically healthy while working on computers
March 25th, 2023
Robotics in Healthcare: The Future of Robots in Medicine
Gallery
Robotics in Healthcare: The Future of Robots in Medicine
March 23rd, 2023
14-Year-Old College Student Dreams In Code
Gallery
14-Year-Old College Student Dreams In Code
March 23rd, 2023
CompTIA Security+ Certification Guide – Introduction
Gallery
CompTIA Security+ Certification Guide – Introduction
March 11th, 2023
Should I buy a Dell Alienware laptop?
Gallery
Should I buy a Dell Alienware laptop?
June 4th, 2020
Cybersecurity Analyst (CSA+) Exam Study Guide
Gallery
Cybersecurity Analyst (CSA+) Exam Study Guide
May 30th, 2020
Top Tools for Ethical hacking in 2020
Gallery
Top Tools for Ethical hacking in 2020
May 26th, 2020
What Bill Gates said about the internet in a Microsoft internal memo 25 years ago today: It’s a ‘tidal wave’
Gallery
What Bill Gates said about the internet in a Microsoft internal memo 25 years ago today: It’s a ‘tidal wave’
May 26th, 2020
The Guide to Ethical Hacking
Gallery
The Guide to Ethical Hacking
May 24th, 2020
Intel to buy Moovit for $1B to boost autonomous car division
Gallery
Intel to buy Moovit for $1B to boost autonomous car division
May 19th, 2020
Security experts say health care industry is prized target for cyber criminals
Gallery
Security experts say health care industry is prized target for cyber criminals
December 28th, 2019
What does your car know about you? We hacked a Chevy to find out
Gallery
What does your car know about you? We hacked a Chevy to find out
December 28th, 2019
Russia ‘successfully tests’ its unplugged internet
Gallery
Russia ‘successfully tests’ its unplugged internet
December 28th, 2019
Chinese hacker group caught bypassing 2FA
Gallery
Chinese hacker group caught bypassing 2FA
December 28th, 2019
City of Toronto data at risk of cyber attack: report
Gallery
City of Toronto data at risk of cyber attack: report
November 3rd, 2019
How to reduce the risk posed by vulnerabilities in IoT/ICS networks?
Gallery
How to reduce the risk posed by vulnerabilities in IoT/ICS networks?
October 11th, 2019
Ontario government moving more services online changing procurement process
Gallery
Ontario government moving more services online changing procurement process
October 7th, 2019
$The dark web represents only a fraction of the rest of the internet$
The dark web represents only a fraction of the rest of the internet
Gallery
The dark web represents only a fraction of the rest of the internet
September 15th, 2019
Google is about to have a lot more ads on phones
Gallery
Google is about to have a lot more ads on phones
September 15th, 2019
Microsoft warns wormable Windows bug could lead to another WannaCry
Gallery
Microsoft warns wormable Windows bug could lead to another WannaCry
September 15th, 2019
How to make Windows 10 look and feel like Windows 7
Gallery
How to make Windows 10 look and feel like Windows 7
September 8th, 2019
Why JavaScript developers are choosing TypeScript
Gallery
Why JavaScript developers are choosing TypeScript
September 8th, 2019
Hackers attack Confluence Servers, hijack power for cryptocurrency mining
Gallery
Hackers attack Confluence Servers, hijack power for cryptocurrency mining
September 8th, 2019
Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims
Gallery
Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims
September 8th, 2019
Tesla’s software lead is so big it should worry other automakers, AI expert says
Gallery
Tesla’s software lead is so big it should worry other automakers, AI expert says
September 8th, 2019
$25 Raspberry Pi add-on gets you started with edge computing AI
Gallery
$25 Raspberry Pi add-on gets you started with edge computing AI
September 8th, 2019
The Ultimate Guide to Online Privacy – Critical Info for 2020
Gallery
The Ultimate Guide to Online Privacy – Critical Info for 2020
September 7th, 2019
Freedom Mobile hit by data breach,15,000 customers affected
Gallery
Freedom Mobile hit by data breach,15,000 customers affected
September 7th, 2019

WordPress 5.2 finally gets the security features a third of the Internet deserves

CRYPTOGRAPHIC-ALLY-SIGNED UPDATES

WORDPRESS GETS A MODERN CRYPTOGRAPHIC LIBRARY

NEW SITE HEALTH SECTION

SERVEHAPPY FEATURE

FUTURE PLANS

Related Videos:

Related Posts:

About the Author: Bernard Aybout