WordPress 5.2 brings support for cryptographically signed updates, modem cryptography library, a site health section in the admin panel, and a feature that enables White-Screen-of-Death (WSOD) protection, which will help site admins access their backends in case of PHP errors. WordPress is used by 33.8% of all internet sites, the new security-oriented features will help in improving the user’s trust in the WordPress CMS platform.
Cryptography signed updates
The most important addition in the recent update is an offline digital signatures system. The WordPress team will digitally sign its update packages to help users verify the authenticity of update packages. The updates will be signed with the Ed25519 public-key signature system. Added support for cryptographically signed updates is an important step in preventing suspicious actors from supply-chain attack on all WordPress sites.
Earlier, it was easy to infect every WordPress site on the internet by simply hacking the update sever. With the new cryptographic signed updates, it is extremely difficult to crack the security of update packages.
Site health section
The feature that all users will spot in today’s update is the new “Site Health” section in the admin panel. The section includes two pages – Site Health Status and Site Health Info. The page runs basic security checks and delivers a report with the findings, along with recommendations to fix any discovered issue.
Another security feature in WordPress 5.2 is Servehappy. It shows warnings when WordPress servers are running on servers with outdated PHP versions. This was initially scheduled for WordPress 5.1 but later it was delayed to v5.2 after security researchers discovered various use-cases on how hackers can abuse addition of Servehappy project. WordPress 5.2 also includes a feature called ‘White Screen of Death’ (WSOD) protection.