WordPress, the world’s most popular CMS, is getting new cybersecurity features in its upcoming release, version 5.2. In essence, many of these features are what the user base has been requesting for years. Today, we’re going to see what’s under the lid.
From the new version and onwards, the updates will be signed with the Ed25519 public-key signature system. In other words, you will be able to verify the package before installing it. All in all, this is an important step towards preventing supply-chain attacks on WordPress-powered websites.
A modern cryptographic library
Finally, WordPress is getting a modern cryptographic library – the Libsodium library. Mcrypt, which is now deprecated, will be removed for cybersecurity purposes. Libsodium will become a part of WordPress’ source code.
New section dedicated to the health of the website
Here, you can generate a cybersecurity check designed for the purpose of finding any vulnerabilities that may be present. After the process is completed, a report is generated, along with concrete steps on how to fix the problems.
This is another cybersecurity feature that WordPress users will be pleased to hear about. Back when 5.1 was released, WordPress showed a warning if the server was running an outdated version of PHP. Version 5.2 will introduce WSOD protection, also known as “Fatal error protection”, which is like a safe mode for websites that are running WordPress. In other words, if a PHP fatal error is encountered, the feature is designed to temporarily disable themes so a webmaster can fix the error.