WordPress incorporates essential new security features in its latest update, WordPress 5.2, which is currently rolling out to websites around the world. The world's most popular content management system (CMS) adds support for cryptographically signed updates, a modern crypto library, a site health section in the admin panel, and WSOD (white screen of death) protection. Starting with WordPress 5.2, the WordPress team will digitally sign their update packages using the ED25519 public key signing system. This will allow a local installation to verify the authenticity of the update package before applying it to a local site and can even help prevent supply chain attacks on all WordPress sites. Scott Arciszewski, Director of Development at Paragon Initiatives Enterprises, explained how WordPress 5.2 would make it more difficult for cybercriminals to launch attacks against the cyber platform against ZDNet, stating: "Before WordPress 5.2, if you wanted to infect every WordPress site on the Internet, you just he had to hack (the WordPress update server). After WordPress 5.2, he had to launch the same attack and somehow steal the signing key from the WordPress Development Team."
WordPress 5.2
WordPress aims to improve website security with its new "Site Integrity" section in the Tools menu of the Admin Panel, which includes two new pages: Site Health Status and Site Health Information. The Site Status page runs a set of basic security checks and provides a report with conclusions and recommendations on how to resolve any detected issues. The site's health information section provides a lot of useful information about a website and its server settings. Information on installing WordPress, using file storage, plugins, and themes is also provided. The Serverhappy project is another new security feature included in the latest version of WordPress. While WordPress 5.1 included the ability to display warnings when WordPress installations were running on servers with outdated PHP versions, WordPress 5.2 includes WSOD protection that functions as a safe mode for WordPress sites. WSOD protection can temporarily disable themes and plugins when a fatal PHP error occurs, so that site administrators can access their sites backends and fix the error. The improved security of a system used by 33,8% of the world's websites is a welcome addition, especially after Alert Logic recently discovered a vulnerability in the plugin. WP Live Chat for WordPress that could allow attackers to upload arbitrary malicious files to vulnerable systems. via ZDNet