Make WordPress Core

Opened 4 years ago

Closed 2 years ago

#50118 closed enhancement (maybelater)

Site Health Issue - a little less dramatic sounding?

Reported by: karinclimber's profile karinclimber Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.2
Component: Site Health Keywords:
Focuses: administration Cc:

Description

I would like to propose making the site-health notification a little less dramatic sounding?

We have had several clients email us about their "Site Health" showing "Critical" when there is one plugin due to be updated (and we like to wait sometimes on those when it is a huge update - like the big Yoast update that required 4 bug fixes for instance) or if there isn't a backup theme.

Not sure why a backup theme is needed - if there is an issue with your theme and you can access your dashboard, you can just grab a free theme. If you can't, you can download one for free from https://wordpress.org/themes/ and upload it via FTP. (And to complicate that further, it is recommended practice to remove unused themes and plugins - sooo... )

It would be nice if this could at least be done using at least less dramatic terminology - like "suggestions" or "recommendations" instead of "Critical" that to a non-techy person, sounds like their site is about to explode.

Attachments (2)

Screen Shot 2020-05-07 at 2.23.05 PM.png (123.2 KB) - added by karinclimber 4 years ago.
So dramatic - one plugin due to be updated is not a "critical" issue.
Screen Shot 2020-05-08 at 9.58.18 AM.png (49.7 KB) - added by karinclimber 4 years ago.
Remove inactive themes, then when removed, there is a critical warning to add a backup theme.

Download all attachments as: .zip

Change History (14)

@karinclimber
4 years ago

So dramatic - one plugin due to be updated is not a "critical" issue.

#1 follow-up: @Ipstenu
4 years ago

Not sure why a backup theme is needed - if there is an issue with your theme and you can access your dashboard, you can just grab a free theme.

Because if the active theme breaks, WordPress can try to load your site with a backup theme :) That will then allow you to access the dashboard, if the broken theme is preventing it.

As for the criticality of plugin updates, unless we have a way to differentiate between a critical update and a general one, having people be highly aware of applying those updates ASAP remains best practice. It is a little overblown in most cases, but we don't have a better way at the moment :(

#2 @knutsp
4 years ago

So dramatic - one plugin due to be updated is not a "critical" issue.

I disagree. It may be. Zero day vulnerabilities - like yesterday's for Elementor Pro.

For themes: WordPress may switch to the default theme when the active theme become broken, so this is recommended.

#3 @eatingrules
4 years ago

I think @karinclimber brings up a good point. The goal is to spur users to take action, but that doesn't mean we should cause undue alarm and panic.

"Critical" implies "urgent" -- which is not always the case with these recommendations...and I think it's the urgency that is causing the concern. Perhaps we could use the word "Important" instead? I think that would be more accurate (we all agree plugin updates are important), and less alarming.

#4 in reply to: ↑ 1 @eatingrules
4 years ago

Another example is #49923 -- the creator of this ticket proposes that having WP_AUTO_UPDATE_CORE defined and enabled is not a "critical" issue... If this recommendation section was called "Important" instead, it would be more accurate and less controversial.

#5 @eatingrules
4 years ago

  • Summary changed from Site Health Issue to Site Health Issue - a little less dramatic sounding?

#6 @SergeyBiryukov
4 years ago

  • Component changed from General to Site Health

#7 @karinclimber
4 years ago

So my issue with all of this is that another site has a notification in Site Health to remove inactive themes. That is conflicting advice and is totally confusing to users. So, delete all the inactive themes, then get a critical notification that you need a backup theme. That's kind of silly.

I understand updating a plugin when there is a risk, such as Elementor/ the Ultimate Add-Ons plugin yesterday, but sometimes you want to wait a day or two to let the bugs get worked out. Yoast released 4 bug fixes after their last update, WP Recipe Maker (a lot of our clients use this) released 3 bug fixes within a day of the initial update. I just think that the wording does not need to be as frightening. It would be great if plugin security patches could be auto-updated like core security patches are. (I know that is not very practical logistically.)

The funny part of all of this is Andrew @eatingrules and I were talking about this and he had more than one plugin that needed to be updated on his site and was not receiving a "Critical" message, while some of our clients have just one and are receiving that message.

@karinclimber
4 years ago

Remove inactive themes, then when removed, there is a critical warning to add a backup theme.

#8 @knutsp
4 years ago

The default theme does no count as inactive, so the wording of that message could be better, clarifying "except %(name-of-default-theme)%", in case it is installed.

#9 @eatingrules
4 years ago

  • Type changed from feature request to enhancement

I'd like to bump this up again to reiterate that we should change the word "Critical" to "Important."

One definition of "Critical" is "having the potential to become disastrous; at a point of crisis."

One definition of "Important" is "of great significance or value; likely to have a profound effect on success, survival, or well-being."

As we've seen in the discussion above, not all of the issues that are flagged as "Critical" meet the definition.

For example, not having a backup theme installed, or not having an updated plugin that is working fine (without a security vulnerability) is not critical. But, based on current best practices, it seems the consensus would be that all these items would meet the definition of "Important."

Will this solve all confusion? No -- and the best long-term solution would be to enhance the messaging further (as also discussed above). But in the meantime, I think "Important" a more accurate word to use, and it will help reduce anxiety for non-technical users.

#10 @Presskopp
4 years ago

related #49923 (if not duplicate)

#11 @Clorith
4 years ago

  • Version set to 5.2

Looking at the definitions provided by @eatingrules, I still think "Critical" applies, as having an outdated plugin or theme with a zero-day in it (to use a previous examples from this ticket) would have the potential of becoming disastrous.

If we had a way of guaranteeing some structure on versioning for plugins and themes, then we could change the classification depending on numbers, but unfortunately we don't at this time, which unfortunately means that taking a worst case look at things is the best practice right now.

I'm aware that this just reiterates on points already made, but so far nothing has truly changed that perception. Could some things also be considered less than critical, yet still above recommendations, possibly, but then we'd be introducing more complexity here.

I also suspect that introduction of auto-updates for plugins and themes which came with WordPress 5.5 will reduce the impact of these specific checks in the site Site Health status overall, since users are less likely to end up having reports about them.

#12 @Clorith
2 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to maybelater
  • Status changed from new to closed

I'm closing this out as maybelater. This means that if things change in the future to give more granular indication of what kind of updates are missing, we can definitely revisit the topic at that time.

IT is of course still possible to discuss this ticket even while the ticket is closed.

Note: See TracTickets for help on using tickets.