WordPress 5.2 released with support for cryptographically-signed updates, a modern cryptographic library.

0
25
Wordpress 5.2 update
Wordpress 5.2 update

It’s time to ensure your WordPress website is updated to the latest 5.2 update!

They’ve fixed a number of security issues, and provided a number of cool features too.

Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package’s authenticity before applying it to a local site.

Adding support for cryptographically-signed updates is an important step in preventing threat actors from carrying out a supply-chain attack on all WordPress sites, something that security firms have warned for more than two years now.

“Before WordPress 5.2, if you wanted to infect every WordPress site on the Internet, you just had to hack [the WordPress] update server,” said Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises, and one of the developers involved in securing the WordPress update system.

“After WordPress 5.2, you would need to pull off the same attack and somehow pilfer the signing key from the WordPress core development team.”

Another new security feature included with WordPress 5.2 is the Servehappy project, which was initially scheduled to be released with WordPress 5.1 but was split in two, with one part of the project shipping with WordPress 5.1 and the other half being shipped today, with WordPress 5.2.

WordPress 5.1 included the ability to show warnings when WordPress servers were running on servers with outdated PHP versions.

WordPress 5.2, released today, will include a feature called ‘White Screen Of Death’ (WSOD) protection, also known as “Fatal error protection,” and works as a “Safe Mode” for WordPress sites.