You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- WordPress’ WSOD protection feature appears half-baked, Garners security doubts

WordPress’ WSOD protection feature appears half-baked, Garners security doubts
WordPress’ WSOD protection feature appears half-baked, Garners security doubts- January 25, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_350982164.jpg)
- Experts suggest that WordPress’ new feature ‘White Screen Of Death (WSOD) Protection’ can be altered to block security plugins from functioning.
- The feature is expected to release with WordPress 5.1 by the end of the year.
As the name suggests, the ‘White Screen Of Death’ error simply replaces a WordPress site with a blank white screen. In order to resolve this, the WordPress Foundation had planned to bundle a feature with the software in the next release.
Designated as ‘WSOD Protection’, the feature allows a website owner to recover from crashes. However, developers hint that WSOD Protection might actually lead to security vulnerabilities in WordPress.
Weak protection
As explained in an article by ZDNet, the aim of WSOD Protection was actually to facilitate easy migration to PHP 7.x servers. As more improvements were made over a period, security researchers saw many flaws showing up in the feature.
Slavco Mihajloski, a cybersecurity expert, believes that low-level exploits in WordPress plugins could cause fatal PHP errors which the WSOD Protection feature would react to.
Mihajloski contends that when WSOD Protection comes into the picture, it will only pause the plugin following which attackers can even disable firewalls, two-factor authentication, brute-force prevention, and other security plugins.
On the other hand, WordPress has not mentioned any patches to fix the issue. But, it is rumored that its developers might add the WP_DISABLE_FATAL_ERROR_HANDLER option to the wp-config.php configuration file that will allow site owners to disable the new security feature.
- + Aware
Get such articles in your inbox
News
-
Previous News Dissecting SmokeLoader malware downloader and its activities
- January 26, 2019
- |
- Malware and Vulnerabilities
-
Next News Cryptocurrency stealing trojan Razy now manipulates search results
- January 25, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Dissecting SmokeLoader malware downloader and its activities
- January 26, 2019
- |
- Malware and Vulnerabilities
-
Next News Cryptocurrency stealing trojan Razy now manipulates search results
- January 25, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
