The next version of WordPress CMS 5.1 will add a new (controversial) feature to the popular platform. It's called WSOD Protection from white-screen-of-death.
As described by WordPress developer Felix Arntz, the feature will allow WordPress to identify what causes PHP errors and what plugin or theme is the cause of the WSOD appearance.
Function protectionWSOD will stop the code of the plugin or theme causing the error and allow the administrator to access the control panel to investigate, disable or delete the plugin causing the errors.
The WordPress development team began working on WSOD Protection a few months ago. The feature is part of a large general project that aims to help with the upcoming PHP 5.x updates for using the latest versions (7.x).
WSOD Protection was originally created to allow site owners to recover from an error after upgrading to PHP 7.x, but WordPress developers realized that the feature could be used to detect bugs after updates to plugins or issues WordPress.
But, the new feature is not so much safe.
The bug hunter Slavko Mihajloski he says that attackers could use low-end and sometimes harmless exploits in WordPress plugins to cause a bug in PHP to cause WSOD.
The WSOD feature is designed to interrupt the implementation of the plugin causing the errors, and Mihajloski argues that attackers could use this behavior to disable security plugins, such as development firewalls, two-factor authentication, brute force protection and other security-focused add-ons.
The WordPress development team in response added a new option to the wp-config.php configuration file that will allow administrators to disable WSOD protection. The new option is called WP_DISABLE_FATAL_ERROR_HANDLER.
We do not know at this time whether WSOD Protection will be enabled by default or not when WordPress 5.1 is released, but the functionality is still dangerous, regardless of adding the new option to wp-config.php.
Security experts recommend that administrators should only use WSOD Protection temporarily when upgrading PHP, the WordPress kernel or the themes and plugins.
________________
- WordPress Meet the story of the most popular CMS
- WordPress is the biggest risk our users
- Facebook: Deleting pages that violate the rules