WordPress.org

Make WordPress Core

Opened 4 months ago

Last modified 4 months ago

#49963 new enhancement

Security of failed update/rollback

Reported by: mahnunchik Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version: trunk
Component: Upgrade/Install Keywords: dev-feedback
Focuses: privacy Cc:

Description

As discussed on the previous devchat in case of failed update/rollback there are email notifications.

Idea is good: any errors related to Core, Plugin or Theme update should be reported to an email of admin as soon as possible.

But in the real world there are too few properly configured mail servers in wordpress and servers at all. Actually there is no good documentation how to set up email: https://wordpress.org/search/mail

In addition there are a lot of lazy administrators with email addresses like admin@… or something similar.

Thus so many really important mails about failed update/rollback will be send to /dev/null. It is security issue because website will be inconsistent state indefinite amount of time (for example login plugin not updated and not rollbacked).

  1. Do you know how many wordpress installs have properly configured mails?
  2. How to motivate admins to use real email addresses?
  3. Maybe there is sense to prepare good documentation about mailing in wordpress?
  4. Should auto-updates plugin works at all wothout properly configured emergency notifications?

Change History (2)

#1 @TimothyBlynJacobs
4 months ago

  • Keywords has-privacy-review removed

We ran into this issue when discussing Recovery Mode as well. That was one of the motivating reasons for the Admin Email Verification screen introduced in 5.3.

#2 @mahnunchik
4 months ago

Hi @TimothyBlynJacobs

Email verification system is good, but there is The email is correct security killer button... I'm fixing right now one more website with admin@… admin email address 🤦

Note: See TracTickets for help on using tickets.