WSOD protection feature bumped from WordPress 5.1

Earlier this week security concerns were raised about the WSOD (White Screen Of Death) feature which was planned to be released in the upcoming WordPress 5.1 release.

The feature got as far as beta 2 but has been withdrawn so the security concerns can be properly addressed.

The decision to revert a new feature so late in the development cycle is rare and unusual for WordPress. But the decision was made due to the complexity of the feature.

The security concerns included:

  • A plugin could be paused due to another plugin using excessive resources
    This would cause confusion for administrators as the cause of the issue will be hard to determine.
  • Malicious code could selectively pause another plugin
    An attacker could pause a security plugin while performing an attack – leaving the site falsely appearing protected by the security plugin.

The WSOD feature is part of the Site Health Check project which aims to increase the increase the PHP version supported by WordPress. With plans to make PHP 5.6 the the minimum version in April 2019 the WSOD feature should help avoid critical errors which could lock administrators out of their websites.

Work will continue on the feature with the aim of it being released in WordPress 5.2.