The WordPress content management system (CMS) is set to receive an assortment of new security features today that will finally add the protection level that many of its users have desired for years.
These features are expected to land with the official release of WordPress 5.2, expected for later today. Included are support for cryptographically-signed updates, support for a modern cryptography library, a Site Health section in the admin panel backend, and a feature that will act as a White-Screen-of-Death (WSOD) protection – letting site admins access their backend in the case of catastrophic PHP errors. With WordPress being installed on around 33.8 percent of all internet sites, these features are set to put some fears at ease in regards to some attack vectors.
Probably the biggest and the most important of today’s new security features is WordPress’ offline digital signatures system. Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package’s authenticity before applying it to a local site.