id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 45888 Provide Opt-Out for WSOD Protection TimothyBlynJacobs TimothyBlynJacobs "[44524] introduced WSOD protection. Security related plugins need a way to opt-out of this behavior. Without an opt-out mechanism, a fatal error caused by an edge case can be used to completely disable security protections provided by a plugin. Even if that fatal error is not preventing the user from logging into or accessing their site. This opens up a wide surface for attackers to bypass security protections provided by plugins. A drop-in was added in the WSOD protection, but another plugin shouldn't be adding or modifying a drop-in unless that is its main purpose. Instead, plugins should be able to opt-out by specifying a plugin header. For instance `Allow Pausing: false`. There were concerns about providing a way for plugins to opt-out. But if the original intention of WSOD protection is to allow people to safely upgrade PHP versions without worrying about crashing their site, then it stands to reason that the majority of the offending plugins won't have specified this header since they haven't updated their codebases in quite some time. Another concern was that ""proper"" plugins shouldn't be causing fatal errors. This is untenable. Any plugin of substantial size can have fatal errors. Particularly when there are millions of different ways WordPress sites can be configured. I was requested to upload a PR to GitHub: https://github.com/wp-core-php/wordpress-develop/pull/4" enhancement closed normal Site Health 5.1 major invalid has-patch servehappy