WordPress 5.2 released with modern cryptographic library updates

WordPress gets an update that includes security and website health check features

WordPress released an update including security features that helps to put at ease all the users' fears regarding attack vectors.

WordPress adds the improved protection level to the content management system that users have wanted for years.^[1] The official release of WordPress 5.2 includes fixes for 33 bugs, block editor and accessibility features.^[2] Support for cryptographically-signed updates, modern cryptography library, Site Health section in the admin panel, PHP error protection also is in this long-awaited update.

WordPress announced this latest version release with all these security updates themselves in the blog post.^[3] The newest version, also called Jaco in honor of jazz bassist Jaco Pastorius, includes the addition of two new pages designed to debug common configuration issues and space for developers to add information for website managers. All these features are going to enhance the experience for developers. As the co-founder of WordPress, Matt Mullenweg states:

There are even more robust tools for identifying and fixing configuration issues and fatal errors. Whether you are a developer helping clients or you manage your site solo, these tools can help get you the right information when you need it.

The new feature of Site Health

The first WordPress 5.2 security feature that users should notice after the update is the Site Health section in the Tool menu of the admin panel. Two new pages – Site Health Status and Site Health Info work by running a set of essential security scans and delivering reports about the indications. Reports should include the findings as well as recommendations on how to fix the issues. In addition to the multiple tests, site owners and developers can write security tests and expand these checks to more areas.

The section of Site Health Info provides information about the server setup and website. These server details are meant to be shared with IT specialists for support and debugging purposes when needed. Information includes data about the inial WordPress install, the server, plugins, themes, and file storage. This feature helps to self-service the site through common configuration issues and other elements that improve the healthy online presence.

A modern cryptographic library included in the newest WordPress version

Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises, is one of the developers involved in the latest WordPress update creation. He claims that after this 5.2 version, hackers need to come up with more sophisticated attacks. This news makes people calmer regarding possible malware or attacker issues.^[4] Adding the support of cryptographically-signed updates is essential for preventing cyber threats and malicious actors.

Arciszewski also worked on renewing the cryptographic library with the new modern one. Libsodium library is added to the WordPress CMS, starting with this 5.2 version. It replaces the old version mcrypt in all cryptographic operations. It also means that developers of themes and plugins can start supporting this software library. Scott Arciszewski even issued a post about this WordPress update, explaining all the details about the cryptography function replacement for developers.^[5]