Opened 18 months ago
Last modified 18 months ago
#49963 new enhancement
Security of failed update/rollback
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | major | Version: | 5.5 |
| Component: | Upgrade/Install | Keywords: | dev-feedback |
| Focuses: | privacy | Cc: |
Description
As discussed on the previous devchat in case of failed update/rollback there are email notifications.
Idea is good: any errors related to Core, Plugin or Theme update should be reported to an email of admin as soon as possible.
But in the real world there are too few properly configured mail servers in wordpress and servers at all. Actually there is no good documentation how to set up email: https://wordpress.org/search/mail
In addition there are a lot of lazy administrators with email addresses like admin@… or something similar.
Thus so many really important mails about failed update/rollback will be send to /dev/null. It is security issue because website will be inconsistent state indefinite amount of time (for example login plugin not updated and not rollbacked).
- Do you know how many wordpress installs have properly configured mails?
- How to motivate admins to use real email addresses?
- Maybe there is sense to prepare good documentation about mailing in wordpress?
- Should auto-updates plugin works at all wothout properly configured emergency notifications?
- Original Github Issue: https://github.com/WordPress/wp-autoupdates/issues/83
- Feature Plugin: WP Auto-updates https://make.wordpress.org/core/2020/02/26/feature-plugin-wp-auto-updates/
We ran into this issue when discussing Recovery Mode as well. That was one of the motivating reasons for the Admin Email Verification screen introduced in 5.3.