WordPress’ WSOD protection feature appears half-baked, Garners security doubts

• Experts suggest that WordPress’ new feature ‘White Screen Of Death (WSOD) Protection’ can be altered to block security plugins from functioning.
• The feature is expected to release with WordPress 5.1 by the end of the year.

As the name suggests, the ‘White Screen Of Death’ error simply replaces a WordPress site with a blank white screen. In order to resolve this, the WordPress Foundation had planned to bundle a feature with the software in the next release.

Designated as ‘WSOD Protection’, the feature allows a website owner to recover from crashes. However, developers hint that WSOD Protection might actually lead to security vulnerabilities in WordPress.

Weak protection

As explained in an article by ZDNet, the aim of WSOD Protection was actually to facilitate easy migration to PHP 7.x servers. As more improvements were made over a period, security researchers saw many flaws showing up in the feature.

Slavco Mihajloski, a cybersecurity expert, believes that low-level exploits in WordPress plugins could cause fatal PHP errors which the WSOD Protection feature would react to.

Mihajloski contends that when WSOD Protection comes into the picture, it will only pause the plugin following which attackers can even disable firewalls, two-factor authentication, brute-force prevention, and other security plugins.

On the other hand, WordPress has not mentioned any patches to fix the issue. But, it is rumored that its developers might add the WP_DISABLE_FATAL_ERROR_HANDLER option to the wp-config.php configuration file that will allow site owners to disable the new security feature.