[wp-trac] [WordPress Trac] #52783: Health Check mis-reports https functionality in certain situations

WordPress Trac noreply at wordpress.org
Fri Apr 9 21:41:10 UTC 2021 

#52783: Health Check mis-reports https functionality in certain situations
-------------------------------------------------+-------------------------
 Reporter:  Ipstenu                              |       Owner:
                                                 |  peterwilsoncc
     Type:  defect (bug)                         |      Status:  reopened
 Priority:  normal                               |   Milestone:  5.7.1
Component:  Site Health                          |     Version:  5.7
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests commit      |     Focuses:
  fixed-major                                    |
-------------------------------------------------+-------------------------

Comment (by flixos90):

 > If the site does not have https, the odds of them getting to wp-admin's
 health check _without_ their browser yelling at them about security, is so
 high, it puts into question the efficacy of us saying "Hey, this is bad."

 This only applies if they have a browser that is strict about this. Users
 on older browsers (which are also more likely to not use HTTPS on their
 own websites) will not be informed about this by their browsers.

 Even if these users don't care as much about security, more and more of
 their audience is using browsers that warn about insecure websites and may
 even prevent them from visiting them. So at this point it becomes a more
 severe issue even from the point of losing potential audience.

 > without improved docs WordPress is offloading support issues to hosts by
 reporting the issue as critical rather than a warning.
 >
 > At some stage soon, I think it ''ought'' to be bumped up to critical
 again but it needs to be at WordPress's expense rather than hosting
 companies' support teams.

 I don't fully agree, but I get the point; instead of discarding this, it
 would be great to define what kind of documentation ''is'' expected so
 that we can point users to it. What do you suggest?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52783#comment:49>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list