WordPress 5.1 Improves Security With Site Health Mechanism

The new version of the open-source blogging and content management system improves performance and warns administrators about outdated versions of PHP.

wordpress 4.7.3

WordPress 5.1 became generally available on Feb. 21, providing users of the popular open-source blogging and content management system (CMS) with updates to improve site operations and site health.

WordPress is one of the most widely deployed CMS technologies, powering over 30 percent of all websites on the internet. The new WordPress release follows the open-source project's tradition of naming releases after famous Jazz musicians by code-naming the 5.1 release Betty, after jazz vocalist Betty Carter. Among the key new features in the release is a check to warn users if they are running older, unsupported versions of the PHP programming language that is needed to operate WordPress.

"Following WordPress 5.0 — a major release which introduced the new block editor — 5.1 focuses on polish, in particular by improving the overall performance of the editor," WordPress founder Matt Mullenweg wrote in a blog post. "In addition, this release paves the way for a better, faster, and more secure WordPress with some essential tools for site administrators and developers."

WordPress 5.0 was released on Dec. 6, marking the first major version change for the open-source project since version 4.0 was released in September 2014. The new block editor known as Gutenberg defines every piece of content as a block, which can be customized and used wherever needed.

Mullenweg wrote that in the 5.1 update, the block editor should feel smoother for users and start faster overall. He added that users should expect to see even more performance gains from the editor in future releases of WordPress as the feature is refined and improved.

Site Health

While WordPress has been providing automated update mechanisms to help sites stay secure since at least the WordPress 3.7 release in October 2013, it has only focused on the application side and not on the underlying software infrastructure. 

WordPress is typically deployed onto a LAMP (Linux/ Apache/MySQL/PHP) infrastructure stack, with the open-source PHP programming language as a primary element of that stack. There are many versions of PHP, and not all of them are considered to be safe or secure. PHP developers announced in 2018 that as of January 2019, they would no longer support the PHP 5.x series, which is still widely deployed by WordPress hosts.

According to WordPress' own statistics, as of Feb. 22, over 50 percent of WordPress sites are running PHP 5.6 or below.

To help keep the underlying infrastructure updated, WordPress 5.1 introduces a new Site Health mechanism that will serve a notice to site administrators that are running outdated versions of PHP. 

"The current threshold for which PHP versions to display the notice will be anything below 5.6," WordPress developer Felix Arntz wrote in a blog post. "While the lowest PHP version still receiving security updates is currently 7.1, the idea is to not go all the way there at the beginning to limit the support load." 

The PHP warning is part of a larger effort within WordPress with Site Health that aims to help promote safe configurations of WordPress.

"It encourages and hints to users that if they run a website, they should have a routine of checking and updating not just WordPress but underlying technologies that the site is built on," WordPress developer Alain Schlesser wrote about Site Health. "It also builds positive website ownership and habits."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.