The next version of WordPress CMS 5.1 will add a new (controversial) feature to the popular platform. It's called WSOD Protection from white-screen-of-death.
As described by WordPress developer Felix Arntz, the feature will allow WordPress to identify what causes PHP errors and what plugin or theme is the cause of the WSOD appearance.
The WSOD protection feature will stop the plug-in or bug-causing code and allow the administrator to gain access to the dashboard to investigate, disable, or delete the bug-causing plug-in.
The WordPress development team began working on WSOD Protection a few months ago. The feature is part of a large general project that aims to help with the upcoming PHP 5.x updates for using the latest versions (7.x).
WSOD Protection was originally created to allow site owners to recover from an error after upgrading to PHP 7.x, but WordPress developers realized that the feature could be used to detect bugs after updates to plugins or issues WordPress.
But the new feature is not so safe.
The bug hunter Slavco Mihajloski he says that attackers could use low-end and sometimes harmless exploits in WordPress plugins to cause a bug in PHP to cause WSOD.
The WSOD feature is designed to interrupt the execution of the bug-causing plugin, and Mihajloski argues that attackers could use this behavior to disable security plugins such as software firewalls, two-factor authentication, brute protection force and other safety-oriented add-ons.
The WordPress development team in response added a new option to the wp-config.php configuration file that will allow administrators to disable WSOD protection. The new option is called WP_DISABLE_FATAL_ERROR_HANDLER.
We do not know at this time whether WSOD Protection will be enabled by default or not when WordPress 5.1 is released, but the functionality is still dangerous, regardless of adding the new option to wp-config.php.
Security experts recommend that administrators should only use WSOD Protection temporarily when upgrading PHP, the WordPress kernel or the themes and plugins.