Commit Graph

128 Commits

Author SHA1 Message Date
Felix Arntz 7f4f1ead61 Site Health: Ensure persistent object cache check short-circuit filter also short-circuits multisite.
Follow up to [54053].

See #56040.

Built from https://develop.svn.wordpress.org/trunk@54054


git-svn-id: http://core.svn.wordpress.org/trunk@53613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-01 17:47:09 +00:00
Sergey Biryukov acf94cb859 Site Health: Some documentation and test improvements for `WP_Site_Health`:
* Add a `@coversDefaultClass` annotation to address `@covers ::get_test_page_cache" is invalid` notices.
* Rename data providers to start with the `data_` prefix and match the test method names, for consistency.
* Move data providers next to the test methods they are used in.
* Move `::get_test_page_cache()` closer to `::get_test_persistent_object_cache()`, for a bit more predictable placement.
* Fix a typo in `::get_test_persistent_object_cache()` description.

Follow-up to [53955], [54043], [54044], [54045].

See #56041.
Built from https://develop.svn.wordpress.org/trunk@54047


git-svn-id: http://core.svn.wordpress.org/trunk@53606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-01 15:28:16 +00:00
Sergey Biryukov 7a94e6c200 Site Health: Minor i18n cleanup in page cache and persistent object cache tests.
Includes:
* Moving leading and trailing spaces out of a translatable string.
* Using the established format for translator comments.
* Using a consistent typography for the apostrophe.

Follow-up to [53955], [54043].

See #56041.
Built from https://develop.svn.wordpress.org/trunk@54044


git-svn-id: http://core.svn.wordpress.org/trunk@53603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-01 00:19:18 +00:00
Felix Arntz fab7a3bb92 Site Health: Introduce page cache check.
This changeset adds a new `page_cache` check which determines whether the site uses a full page cache, and in addition assesses the server response time. If no page cache is present and the server response time is slow, the check will suggest use of a page cache.

A few filters are included for customization of the check:
* `site_status_good_response_time_threshold` filters the number of milliseconds below which the server response time is considered good. The default value is based on the `server-response-time` Lighthouse audit and can be altered using this filter.
* `site_status_page_cache_supported_cache_headers` filters the map of supported cache headers and their callback to determine whether it was a cache hit. The default list includes commonly used cache headers, and it is filterable to support e.g. additional cache headers used by specific vendors.

Note that due to the nature of this check it is only run in production environments.

Props furi3r, westonruter, spacedmonkey, swissspidy, Clorith.
Fixes #56041.

Built from https://develop.svn.wordpress.org/trunk@54043


git-svn-id: http://core.svn.wordpress.org/trunk@53602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-31 22:46:11 +00:00
Felix Arntz 7322419ced Site Health: Update persistent object cache check documentation URL.
The anchor for the relevant documentation section had changed since the original code had been written.

Props furi3r.
See #56040.

Built from https://develop.svn.wordpress.org/trunk@54042


git-svn-id: http://core.svn.wordpress.org/trunk@53601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-31 22:19:12 +00:00
Felix Arntz 09369981e1 Site Health: Introduce persistent object cache check.
This changeset adds a new `persistent_object_cache` check which determines whether the site uses a persistent object cache, and if not, recommends it if it is beneficial for the site. A support resource to learn more about object caching has been created and is linked in the check.

A few filters are included for customization of the check, aimed primarily at hosting providers to provide more specific information in regards to their environment:

* `site_status_persistent_object_cache_url` filters the URL to learn more about object caching, so that e.g. a hosting-specific object caching support resource could be linked.
* `site_status_persistent_object_cache_notes` filters the notes added to the check description, so that more fine tuned information on object caching based on the environment can be provided.
* `site_status_should_suggest_persistent_object_cache` is a short-circuit filter which allows using entirely custom logic to determine whether a persistent object cache would make sense for the site.
* `site_status_persistent_object_cache_thresholds` filters the thresholds in the default logic to determine whether a persistent object cache would make sense for the site, which is based on the amount of data in the database.

Note that due to the nature of this check it is only run in production environments.

Props furi3r, tillkruss, spacedmonkey, audrasjb, Clorith.
Fixes #56040.

Built from https://develop.svn.wordpress.org/trunk@53955


git-svn-id: http://core.svn.wordpress.org/trunk@53514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-29 16:54:12 +00:00
Sergey Biryukov de97f21367 Coding Standards: Remove extra space in two conditionals.
This fixes WPCS errors in `WP_Site_Health::get_test_plugin_version()` and `::get_test_theme_version()`:

* `Expected exactly one space between closing parenthesis and opening control structure; " " found.`
* `Expected 1 space(s) after closing parenthesis; found 2`

Follow-up to [53816].

See #56134.
Built from https://develop.svn.wordpress.org/trunk@53817


git-svn-id: http://core.svn.wordpress.org/trunk@53376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-03 14:32:12 +00:00
Sergey Biryukov 1f39318123 Site Health: Improve the wording in plugin and theme version tests.
This displays a more appropriate message in case the site does not have any active plugins or installed themes.

Follow-up to [44986], [45099], [45336].

Props Presskopp, costdev, martin.krcho, Clorith, SergeyBiryukov.
Fixes #56134.
Built from https://develop.svn.wordpress.org/trunk@53816


git-svn-id: http://core.svn.wordpress.org/trunk@53375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-03 13:09:09 +00:00
Sergey Biryukov 7997df84a8 Site Health: Remove unused variables in `WP_Site_Health::get_test_plugin_version()`.
Follow-up to [44986].

Props david.binda, mukesh27.
Fixes #55683.
Built from https://develop.svn.wordpress.org/trunk@53355


git-svn-id: http://core.svn.wordpress.org/trunk@52944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-05 16:29:08 +00:00
Sergey Biryukov 0c12438eed Code Modernization: Rename parameters that use reserved keywords in `wp-admin/includes/class-wp-site-health.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:
* Renames the `$class` parameter to `$class_name` in `WP_Site_Health::test_php_extension_availability()`.
* Renames some other parameters for consistency.

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #55327.
Built from https://develop.svn.wordpress.org/trunk@53117


git-svn-id: http://core.svn.wordpress.org/trunk@52706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-10 14:29:04 +00:00
audrasjb 223cda987f Administration: Replace contracted verb forms for better consistency.
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.

Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes #38913.
See #39176.

Built from https://develop.svn.wordpress.org/trunk@52978


git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-22 16:25:03 +00:00
audrasjb e05557e222 Administration: Replace "Current theme" with "Active theme" in user facing strings.
This change replaces "Current theme" with "Active theme" in user-facing strings. It brings better consistency across the Administration.

Props Presskopp, audrasjb, costdev.
Fixes #54770.

Built from https://develop.svn.wordpress.org/trunk@52580


git-svn-id: http://core.svn.wordpress.org/trunk@52170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-15 08:44:03 +00:00
Peter Wilson 88b1019dc3 Upgrade/install: Revert upgrader rollback features.
Revert the rollback features introduced for theme and plugin upgrades during the WordPress 5.9 cycle. A bug (suspected to be in third party virtualisation software) causes the upgrades to fail consistently on some set ups. The revert is to allow contributors further time to investigate mitigation options.

Reverts [52337], [52289], [52284], [51951], [52192], [51902], [51899], [51898], [51815].

Props pbiron, dlh, peterwilsoncc, galbaras, SergeyBiryukov, afragen, costdev, bronsonquick, aristath, noisysocks, desrosj, TobiasBg, hellofromTonya, francina, Boniu91.
See #54543, #54166, #51857.



Built from https://develop.svn.wordpress.org/trunk@52351


git-svn-id: http://core.svn.wordpress.org/trunk@51943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-10 00:06:04 +00:00
johnjamesjacoby 6d451fb64b Admin/UI-Copy: reword some "we" usages.
This changes some admin-area, user-facing text, to better match the guidelines and recommendations set forth in the make/core handbook, specifically:

> the word “we” should be avoided (...) unless its made very clear which group is speaking

(There are several more usages of "we" that will receive this same scrutiny in future commits/releases.)

Props audrasjb, johnbillion, marybaum, peterwilsoncc, sergeybiryukov, shital-patel.

Fixes  #46057.
Built from https://develop.svn.wordpress.org/trunk@51979


git-svn-id: http://core.svn.wordpress.org/trunk@51568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 17:37:57 +00:00
Sergey Biryukov 0e2f9ad5b6 Coding Standards: Correct alignment in `WP_Site_Health::get_test_update_temp_backup_writable()`.
This fixes an `Equals sign not aligned with surrounding assignments; expected 1 space but found 6 spaces` WPCS warning.

Follow-up to [51815].

See #51857, #53359.
Built from https://develop.svn.wordpress.org/trunk@51951


git-svn-id: http://core.svn.wordpress.org/trunk@51540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 16:52:57 +00:00
hellofromTonya 234877c9c3 Coding Standards: Add `public` visibility to methods in `src` directory.
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.

Why `public`?

With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.

Props costdev, jrf.
See #54177.
Built from https://develop.svn.wordpress.org/trunk@51919


git-svn-id: http://core.svn.wordpress.org/trunk@51512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 17:52:58 +00:00
Sergey Biryukov 0f2d2264b5 Site Health: Use an integer value as a fallback in the available disk space check.
This avoids a few type problems further in the code: boolean divided by a number, or passing `false` to `size_format()` which is documented to accept integers or strings only.

Follow-up to [51815].

Props TobiasBg.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@51898


git-svn-id: http://core.svn.wordpress.org/trunk@51491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-09 02:50:56 +00:00
Sergey Biryukov dcca93232b Upgrade/Install: Create a temporary backup of plugins and themes before updating.
This aims to make the update process more reliable and ensures that if a plugin or theme update fails, the previous version can be safely restored.

* When updating a plugin or theme, the old version is moved to a temporary backup directory:
 * `wp-content/upgrade/temp-backup/plugins/[plugin-slug]` for plugins
 * `wp-content/upgrade/temp-backup/themes/[theme-slug]` for themes.

* If the update fails, then the temporary backup kept in the `upgrade/temp-backup` directory is restored to its original location.
* If the update succeeds, the temporary backup is deleted.

To further help troubleshoot plugin and theme updates, two new checks were added to the Site Health screen:
* A check to make sure that the `temp-backup` directory is writable.
* A check that there is enough disk space available to safely perform updates.

To avoid confusion: The `temp-backup` directory will NOT be used to "roll back" a plugin to a previous version after a completed update. This directory will simply contain a transient backup of the previous version of a plugin or theme being updated, and as soon as the update process finishes, the directory will be empty.

Props aristath, afragen, pbiron, dd32, poena, TimothyBlynJacobs, audrasjb, mikeschroder, a2hosting, hellofromTonya, KZeni, galbaras, richards1052, Boniu91, mai21, francina, SergeyBiryukov.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@51815


git-svn-id: http://core.svn.wordpress.org/trunk@51422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-15 18:41:00 +00:00
Sergey Biryukov 65ff35bb75 Site Health: Move the Imagick entry higher in the list of recommended PHP extensions.
This better matches its position in the [https://make.wordpress.org/hosting/handbook/server-environment/#php-extensions Hosting Team's handbook] recommendations.

Follow-up to [44986], [46268], [51804].

See #52654.
Built from https://develop.svn.wordpress.org/trunk@51805


git-svn-id: http://core.svn.wordpress.org/trunk@51412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-12 10:09:57 +00:00
Sergey Biryukov e76b896881 Site Health: Add Intl to the list of recommended PHP extensions.
**Why is the PHP Intl extension important?**

WordPress is a global, international software, with support for a multitude of languages and with infinite combinations. Approximately half of the installations are in a language that is not the default (English), and this leads us to think about localization, transliteration, encoding conversions, calendar operations, collation… in short, everything you have with the different languages and formats that are around the planet. And this is what the [https://www.php.net/manual/en/intro.intl.php PHP Intl extension] provides.

**What do we as the WordPress Community gain from this extension?**

This extension provides a lot of functions for better internationalization support, including but not limited to:
* [https://www.php.net/manual/en/collator.compare.php collator_compare()] to compare Unicode text strings
* [https://www.php.net/manual/en/numberformatter.format.php numfmt_format()] to format a number according to the selected locale
* the [https://www.php.net/manual/en/normalizer.normalize.php normalization] of characters
* the [https://www.php.net/manual/en/messageformatter.formatmessage.php formatting] of messages
* getting the [https://www.php.net/manual/en/intlcalendar.getfirstdayofweek.php first day of the week] according to the locale.


In addition to functionality and ease of development, the extension can also help improve security, with classes like `Spoofchecker` that can tell you [https://www.php.net/manual/en/spoofchecker.areconfusable.php if ‘google.com’, ‘goog1e.com’ can confuse the user], or functions related to Internet domains, both to convert an [https://www.php.net/manual/en/function.idn-to-ascii.php IDN domain to text] and [https://www.php.net/manual/en/function.idn-to-utf8.php text to IDN].

**Hosting Team Recommendation**

Taking into account that WordPress continues to grow, the Hosting Team has considered a good recommendation, but not an obligation, for all hosts that work with WordPress to offer this extension, by default, to all users.

Reference: [https://make.wordpress.org/hosting/2021/05/20/why-hosters-should-install-the-php-intl-extension/ Why hosters should install the PHP-intl extension].

Follow-up to [44986], [46268].

Props zodiac1978, JavierCasares, jrf, Clorith, josklever.
Fixes #52654.
Built from https://develop.svn.wordpress.org/trunk@51804


git-svn-id: http://core.svn.wordpress.org/trunk@51411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-11 18:20:59 +00:00
John Blackbourn 8935467410 Site Health: Standardise site health check status message punctuation.
Fixes #53594

Built from https://develop.svn.wordpress.org/trunk@51519


git-svn-id: http://core.svn.wordpress.org/trunk@51130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-30 19:38:57 +00:00
John Blackbourn 00a0c0f3d5 Docs: Fix the documentation for the `$tests` parameter of the `site_status_tests` filter.
Tests are contained within `direct` and `async` properties of this array, not directly in the array itself. This also clarifies the properties that differ between direct and async tests.

See #53399, #46573

Built from https://develop.svn.wordpress.org/trunk@51297


git-svn-id: http://core.svn.wordpress.org/trunk@50906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-01 20:37:57 +00:00
Sergey Biryukov f637014b61 Site Health: Remove unnecessary `function_exists()` checks from `WP_Site_Health::get_tests()`.
By the time the tests run, both `wp_is_site_protected_by_basic_auth()` and `rest_url()` functions are available, so there is no need to check for their existence.

Follow-up to [44986], [51057].

Props Clorith, costdev, SergeyBiryukov.
Fixes #52642.
Built from https://develop.svn.wordpress.org/trunk@51066


git-svn-id: http://core.svn.wordpress.org/trunk@50675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-03 11:14:56 +00:00
Clorith 918610fb88 Site Health: Conditionally run Authorization header test.
The test to confirm if Authorization headers can be used and recognized by WordPress needs to include a username and password combination that WordPress can compare against during the testing phase. The inclusion of credentials here would unfortunately also invalidate any existing basic auth session for the site, for example if the user had added this as an extra layer of security on their back-end.

This test is now skipped if the `wp_is_site_protected_by_basic_auth()` function detects that basic auth is being used, since the act of using basic auth to access the site confirms that this feature is working as expected in the first place.

Props WebDragon, TimothyBlynJacobs, costdev.
Fixes #52642.
Built from https://develop.svn.wordpress.org/trunk@51057


git-svn-id: http://core.svn.wordpress.org/trunk@50666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-02 00:51:57 +00:00
Clorith c47c99900c Site Health: Skip REST tests during scheduled events.
This change fixes a false positive that would appear during scheduled events, by only running the REST test when a user visits the Site Health page, meaning an active session is available.

The test checking if the REST API is available, includes a parameter for `context=edit` to make sure the block editor can function properly. This means a user session with editor capabilities is required for the test to pass, which is not the case during a scheduled event.

Props szaqal21, TimothyBlynJacobs, hermpheus.
Fixes #52112.
Built from https://develop.svn.wordpress.org/trunk@50939


git-svn-id: http://core.svn.wordpress.org/trunk@50548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-20 11:09:56 +00:00
Sergey Biryukov 63ea8284a3 Docs: Miscellaneous DocBlock corrections.
See #52628.
Built from https://develop.svn.wordpress.org/trunk@50916


git-svn-id: http://core.svn.wordpress.org/trunk@50525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-15 17:38:05 +00:00
Clorith eea98a5426 Site Health: Support custom sub-menus and pages.
Allow developers to extend the Site Health screen with their own custom navigation tabs and pages.

This implements a new filter, `site_health_navigation_tabs`, which takes an associated array of tab identifiers/slugs, and tab labels, allowing developers to add their own subpage to the Site Health interface as new tabs.

To output a custom page, or add to an existing page, the `site_health_tab_content` action is triggered whenever the `tab` query argument is present and not empty. This action includes the current tab as its argument, which a developer would match against to only output content when relevant.

Props ramiy for initial patch.
Fixes #47225.
Built from https://develop.svn.wordpress.org/trunk@50764


git-svn-id: http://core.svn.wordpress.org/trunk@50373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-17 01:14:01 +00:00
Sergey Biryukov 0cd72ec474 Site Health: Correct test result status for the HTTPS test.
The supported status values for Site Health tests are `good`, `recommended`, and `critical`.

Follow-up to [50660].

Props TimothyBlynJacobs.
Fixes #52783.
Built from https://develop.svn.wordpress.org/trunk@50710


git-svn-id: http://core.svn.wordpress.org/trunk@50319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-14 13:02:08 +00:00
Peter Wilson 7442fe63a0 Site Health: Reduce false reports of HTTPS failures.
Reduce severity of failing HTTPS tests from critical to warning. Stop reporting failures if the site is being accessed over HTTPS but `wp_is_https_supported()` indicates a lack of support.

Props annalamprou, AnotherDave, ayeshrajans, bobbingwide, Clorith, dragongate, eatsleepcode, gab81, geoffrey1963, Ipstenu, k3nsai, mmuyskens, nicegamer7, peterwilsoncc, pwallner, SergeyBiryukov, TimothyBlynJacobs, Toru.
Fixes #52783.

Built from https://develop.svn.wordpress.org/trunk@50659


git-svn-id: http://core.svn.wordpress.org/trunk@50271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 03:24:08 +00:00
Peter Wilson 0b9c7b7cdf Site Health: Update loopback test to `POST` to wp-cron.
Replace loopback health check URL with a `POST` request to `wp-cron.php` in the WordPress install directory. This more closely represents how WordPress uses loopback requests.

A `POST` request is used to cause `wp-cron.php` to exit prior to running any cron jobs. This allows the test to indicate success quicker and accounts for sites that set the `DISABLE_WP_CRON` constant to avoid running cron jobs on loopback requests.

Props clorith, peterwilsoncc, TimothyBlynJacobs.
Fixes #52547.


Built from https://develop.svn.wordpress.org/trunk@50399


git-svn-id: http://core.svn.wordpress.org/trunk@50010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-22 00:51:09 +00:00
Peter Wilson c6af819b3a Site Health: Use home page for loopback test.
Use `home_url()` for asynchronous loopback test to ensure correct results on sites with WordPress installed elsewhere, for example WordPress in a sub-directory.

Props Levdbas.
Fixes #52547.


Built from https://develop.svn.wordpress.org/trunk@50381


git-svn-id: http://core.svn.wordpress.org/trunk@49992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-17 23:10:04 +00:00
Sergey Biryukov ea2ff553e9 Site Health: Clarify the recommendation in file uploads test when `post_max_size` is defined as `0`.
This adds a more descriptive text in scenarios where `post_max_size` and `upload_max_filesize` differ, and `post_max_size` is set to a value of `0`.

In some scenarios, PHP may read `0` as a literal zero size, and not as unlimited, which it also means in other scenarios.

See https://www.php.net/manual/en/ini.core.php#ini.post-max-size for details, as PHP 5.3.4 introduced this behavior for literal zero interpretation when the content type of a request is `application/x-www-form-urlencoded` or is not registered with PHP.

Props Clorith, pixolin, helen, ratneshk.
Fixes #51466.
Built from https://develop.svn.wordpress.org/trunk@50263


git-svn-id: http://core.svn.wordpress.org/trunk@49908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-09 12:05:07 +00:00
Felix Arntz dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00
Felix Arntz 9d348e26f3 Security, Site Health: Improve accuracy in messaging about HTTPS support.
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.

* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.

Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.

Built from https://develop.svn.wordpress.org/trunk@50072


git-svn-id: http://core.svn.wordpress.org/trunk@49773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-29 19:10:58 +00:00
whyisjake d3d95965dd Site Health: Update php update strings to not overpromise performance.
Fixes #52327.

Props chanthaboune, SergeyBiryukov, audrasjb, Clorith, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@50041


git-svn-id: http://core.svn.wordpress.org/trunk@49742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-28 00:17:58 +00:00
TimothyBlynJacobs 33cb202f07 Site Health: Use a front-end URL for loopback tests.
In [49154] the async Site Health tests were changed to use the REST API instead of admin-ajax. An unintended side effect of this change was that the loopback tests which tried to ping the site's `admin_url()` were no longer authenticated because admin-cookies aren't provided to the REST API.

This commit adjusts the loopback test to use the front-end `site_url` which checks that cron will function properly. A follow-up ticket will focus on tests that will cover the file editor checks.

Props Clorith.
Fixes #52097.
See #48105.

Built from https://develop.svn.wordpress.org/trunk@49917


git-svn-id: http://core.svn.wordpress.org/trunk@49616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-02 20:09:08 +00:00
Felix Arntz c81db1f6e6 Security, Site Health: Detect HTTPS support and encourage switching.
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.

* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.

Props Clorith, flixos90, miinasikk, westonruter.
Fixes #47577.

Built from https://develop.svn.wordpress.org/trunk@49904


git-svn-id: http://core.svn.wordpress.org/trunk@49603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-23 19:13:04 +00:00
Sergey Biryukov 05125ed8bf Site Health: Add missing i18n for the App Passwords documentation link.
Follow-up to [49334].

Props tai.
Fixes #51815.
Built from https://develop.svn.wordpress.org/trunk@49650


git-svn-id: http://core.svn.wordpress.org/trunk@49387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-18 15:04:05 +00:00
TimothyBlynJacobs 2df94804d4 Site Health, App Passwords: Test if the Authorization header is populated correctly.
App Passwords rely on the Authorization header to transport the Basic Auth credentials. For Apache web servers, WordPress automatically includes a RewriteRule to populate the value for servers running in CGI or FastCGI that wouldn't ordinarily populate the value. 

This tests if the header is being filled with the expected values. For Apache users, we direct the user to visit the Permalinks settings to flush their permalinks. For all other users, we direct them to a help document on developer.wordpress.org.

Props Clorith, marybaum, TimothyBlynJacobs.
Fixes #51638.

Built from https://develop.svn.wordpress.org/trunk@49334


git-svn-id: http://core.svn.wordpress.org/trunk@49095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-27 18:32:07 +00:00
Sergey Biryukov ecf8e59918 Docs: Add a `@since` note about `async_direct_test` key to the `site_status_tests` filter.
Follow-up to [49232].

See #51547.
Built from https://develop.svn.wordpress.org/trunk@49266


git-svn-id: http://core.svn.wordpress.org/trunk@49028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-21 14:55:09 +00:00
Sergey Biryukov e38c5ca7d4 Upgrade/Install: Introduce a wrapper for the `auto_update_{$type}` filter checks.
This allows for cleaner checks whether auto-updates are forced for a plugin or theme.

Follow-up to [48750].

Props rebasaurus, garrett-eclipse, SergeyBiryukov.
Fixes #50875.
Built from https://develop.svn.wordpress.org/trunk@49241


git-svn-id: http://core.svn.wordpress.org/trunk@49003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 17:39:07 +00:00
Sergey Biryukov 35681b0e9a Site Health: Introduce the `WP_Site_Health::is_development_environment()` method.
This allows Site Health tests to check if the current environment type is set to `development` or `local`.

Use the new method:
* In HTTPS tests, instead of a hardcoded check for `localhost`.
* In `WP_DEBUG` and `WP_DEBUG_DISPLAY` tests, to set the status to `recommended` instead of `critical`.

Props dkotter, Clorith, DavidAnderson, joyously, knutsp, afragen, SergeyBiryukov.
Fixes #47058.
Built from https://develop.svn.wordpress.org/trunk@49237


git-svn-id: http://core.svn.wordpress.org/trunk@48999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 16:23:07 +00:00
desrosj 8778aa8922 Site Health: Improve the reliability of asynchronous tests.
This change adds additional logic to catch HTTP failures that do not return a `WP_Error` object (for example, a wp-json REST API error error).

This also fixes instances where REST API callbacks performed from cron do not work due to a lack of authentication by introducing a direct callback route that asynchronous tests can register.

Props dd32, clorith, timothyblynjacobs.
Fixes #51547.
Built from https://develop.svn.wordpress.org/trunk@49232


git-svn-id: http://core.svn.wordpress.org/trunk@48994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 14:50:06 +00:00
Sergey Biryukov 651f426b3a General: Remove `noreferrer` from `wp_targeted_link_rel()` and other uses.
When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.

Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.

Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes #49558.
Built from https://develop.svn.wordpress.org/trunk@49215


git-svn-id: http://core.svn.wordpress.org/trunk@48977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-19 23:39:04 +00:00
Sergey Biryukov 0e3147c40e Coding Standards: Replace alias PHP functions with the canonical names.
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.

This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast

In part, this is a follow-up to #47746.

Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193


git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-18 17:27:06 +00:00
TimothyBlynJacobs 039ce3f16f Site Health, REST API: Move async tests to REST API endpoints.
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.

Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.

The existing ajax actions have been maintained for backward compatibility.

Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes #48105.

Built from https://develop.svn.wordpress.org/trunk@49154


git-svn-id: http://core.svn.wordpress.org/trunk@48916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-15 02:00:08 +00:00
Sergey Biryukov e50ac120a3 Site Health: Ensure that the tests returned by `WP_Site_Health::get_tests()` always have the required array keys: `direct` and `async`.
This avoids PHP notices if these keys were accidentally removed using the `site_status_tests` filter.

Props khag7, Ov3rfly, desrosj, Clorith.
Fixes #50858.
Built from https://develop.svn.wordpress.org/trunk@48808


git-svn-id: http://core.svn.wordpress.org/trunk@48570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-17 02:03:04 +00:00
Sergey Biryukov 7cb2ca73a2 Site Health: Rename the `$upload_max_size` variable to `$upload_max_filesize`, for consistency with the PHP setting name.
Follow-up to [48535], [48538], [48539], [48544], [48800].

See #50945.
Built from https://develop.svn.wordpress.org/trunk@48801


git-svn-id: http://core.svn.wordpress.org/trunk@48563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-16 17:54:05 +00:00
Sergey Biryukov 88e668d8e6 Site Health: Only display the warning about the `post_max_size` PHP value when it's lower than `upload_max_filesize`.
Previously, the warning was displayed even if the value was higher than `upload_max_filesize`, which made the report inaccurate, as these values don't necessarily have to match.

Props oakesjosh, jeroenrotty, desrosj, Clorith.
Fixes #50945.
Built from https://develop.svn.wordpress.org/trunk@48800


git-svn-id: http://core.svn.wordpress.org/trunk@48562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-16 17:48:08 +00:00
Sergey Biryukov 1f85e7484f Docs: Consistently use third-person singular verbs for various filter descriptions, per the documentation standards.
See #50768.
Built from https://develop.svn.wordpress.org/trunk@48782


git-svn-id: http://core.svn.wordpress.org/trunk@48544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-11 00:34:08 +00:00