[wp-trac] [WordPress Trac] #54598: Site Health makes downright wrong and dangerous suggestions

WordPress Trac noreply at wordpress.org
Sun Aug 28 13:52:53 UTC 2022 

#54598: Site Health makes downright wrong and dangerous suggestions
--------------------------+------------------------------
 Reporter:  peterhoegsg   |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Site Health   |     Version:
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by Clorith):

 The checks are aimed at non-technical users, if you have set up your site
 to be version controlled, then it is fair to assume that you are aware
 that you can ignore, or filter out, checks that are then irrelevant to
 you, at least that is the thought behind it.

 That said, I will happily address some of your concerns with the thought
 behind them, they can all have nuances, but they are aimed at the majority
 of users.

 1. Background updates are tied into automated security updates, a feature
 WordPress core will continue to recommend, it is one of the most important
 tools we have right now to help keep the internet as safe as we can (given
 WordPress' current market share, this is incredibly important).

 2. Having files not be writable by WordPress may impact the automated
 updates (if it can't write the new files, you may end up with broken
 updates). Writing to files is also used by other elements of WordPress in
 some way (for example the theme and plugin editors), but the focus and
 intent here is on the security aspect, and the ability to write updates
 without breaking a site.

 3. (and 4) As noted, inactive plugins or themes can still be queried
 directly, and depending on the code in these, may be vectors for security
 incidents of varying degrees. If you have suggestions for better wording
 to relay the ''potential'' risk of leaving unused code laying around in a
 strong enough manner to incite action, but not sound like fear mongering,
 I'm very open to hearing that though.


 I'm not sure if "Set what kind of user you are" is something that would
 make sense from a core perspective, but that would be a whole other
 ticket, and not related to the Site Health component. As noted, there are
 already filters for managing what checks and information is available,
 alongside multiple plugins that provide interfaces for managing these
 screens to help as well.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54598#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list