The next version of WordPress CMS 5.1 will add a new (controversial) feature to the popular platform. It's called WSOD Protection from white-screen-of-death.
As described by WordPress developer Felix Arntz, the feature will allow WordPress to identify what is causing errors in PHP and which Plugin or theme is the cause of WSOD.
The WSOD protection feature will stop the plug-in or bug-causing code and allow the administrator to gain access to the dashboard to investigate, disable, or delete the bug-causing plug-in.
The WordPress development team began working on WSOD Protection a few months ago. The feature is part of a large general project that aims to help with the upcoming PHP 5.x updates for using the latest versions (7.x).
WSOD Protection was originally created to allow website owners to recover from an error after the upgrade in PHP 7.x, but WordPress developers realized that the function could be used to detect errors after updates to WordPress plugins or themes.
But the new feature is not so safe.
The bug hunter Slavco Mihajloski he says that attackers could use low-end and sometimes harmless exploits in WordPress plugins to cause an error in PHP to cause a WSOD.
The WSOD feature is designed to interrupt the implementation of the plugin causing the errors, and Mihajloski argues that attackers could use this behavior to disable security plugins, such as for mobile devices to report the firewalls, two-factor authentication, brute force protection and other security-focused add-ons.
The WordPress development team in response added a new option to the wp-config.php configuration file that will allow administrators to disable WSOD protection. The new option is called WP_DISABLE_FATAL_ERROR_HANDLER.
We do not know at this time whether WSOD Protection will be enabled by default or not when WordPress 5.1 is released, but the functionality is still dangerous, regardless of adding the new option to wp-config.php.
Security experts recommend that administrators should only use WSOD Protection temporarily when upgrading PHP, the WordPress kernel or the themes and plugins.
________________
- WordPress Meet the story of the most popular CMS
- WordPress is the biggest risk our users
- Facebook: Deleting pages that violate the rules