[wp-trac] [WordPress Trac] #49963: Security of failed update/rollback
WordPress Trac
noreply at wordpress.org
Mon Apr 20 20:31:29 UTC 2020
#49963: Security of failed update/rollback
-----------------------------+---------------------------------------------
Reporter: mahnunchik | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: trunk
Severity: major | Keywords: dev-feedback has-privacy-review
Focuses: privacy |
-----------------------------+---------------------------------------------
As discussed on the [[https://make.wordpress.org/core/2020/04/16/devchat-
meeting-summary-april-15-2020/|previous devchat]] in case of failed
update/rollback there are email notifications.
Idea is good: any errors related to Core, Plugin or Theme update should be
reported to an email of admin as soon as possible.
But in the real world there are too few properly configured mail servers
in wordpress and servers at all. Actually there is no good documentation
how to set up email: https://wordpress.org/search/mail
In addition there are a lot of ''lazy'' administrators with email
addresses like admin at example.com or something similar.
Thus so many **really important mails** about failed update/rollback will
be send to `/dev/null`. It is security issue because website will be
inconsistent state indefinite amount of time (for example login plugin not
updated and not rollbacked).
1. Do you know how many wordpress installs have properly configured mails?
2. How to motivate admins to use real email addresses?
3. Maybe there is sense to prepare good documentation about mailing in
wordpress?
4. Should auto-updates plugin works at all wothout properly configured
emergency notifications?
* Original Github Issue: https://github.com/WordPress/wp-
autoupdates/issues/83
* Feature Plugin: WP Auto-updates
https://make.wordpress.org/core/2020/02/26/feature-plugin-wp-auto-updates/
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49963>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list