[ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Class for looking up a site's health based on a user's WordPress environment. 4 * 5 * @package WordPress 6 * @subpackage Site_Health 7 * @since 5.2.0 8 */ 9 10 class WP_Site_Health { 11 private static $instance = null; 12 13 private $mysql_min_version_check; 14 private $mysql_rec_version_check; 15 16 public $is_mariadb = false; 17 private $mysql_server_version = ''; 18 private $health_check_mysql_required_version = '5.5'; 19 private $health_check_mysql_rec_version = ''; 20 21 public $php_memory_limit; 22 23 public $schedules; 24 public $crons; 25 public $last_missed_cron = null; 26 public $last_late_cron = null; 27 private $timeout_missed_cron = null; 28 private $timeout_late_cron = null; 29 30 /** 31 * WP_Site_Health constructor. 32 * 33 * @since 5.2.0 34 */ 35 public function __construct() { 36 $this->maybe_create_scheduled_event(); 37 38 // Save memory limit before it's affected by wp_raise_memory_limit( 'admin' ). 39 $this->php_memory_limit = ini_get( 'memory_limit' ); 40 41 $this->timeout_late_cron = 0; 42 $this->timeout_missed_cron = - 5 * MINUTE_IN_SECONDS; 43 44 if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) { 45 $this->timeout_late_cron = - 15 * MINUTE_IN_SECONDS; 46 $this->timeout_missed_cron = - 1 * HOUR_IN_SECONDS; 47 } 48 49 add_filter( 'admin_body_class', array( $this, 'admin_body_class' ) ); 50 51 add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_scripts' ) ); 52 add_action( 'wp_site_health_scheduled_check', array( $this, 'wp_cron_scheduled_check' ) ); 53 } 54 55 /** 56 * Return an instance of the WP_Site_Health class, or create one if none exist yet. 57 * 58 * @since 5.4.0 59 * 60 * @return WP_Site_Health|null 61 */ 62 public static function get_instance() { 63 if ( null === self::$instance ) { 64 self::$instance = new WP_Site_Health(); 65 } 66 67 return self::$instance; 68 } 69 70 /** 71 * Enqueues the site health scripts. 72 * 73 * @since 5.2.0 74 */ 75 public function enqueue_scripts() { 76 $screen = get_current_screen(); 77 if ( 'site-health' !== $screen->id && 'dashboard' !== $screen->id ) { 78 return; 79 } 80 81 $health_check_js_variables = array( 82 'screen' => $screen->id, 83 'nonce' => array( 84 'site_status' => wp_create_nonce( 'health-check-site-status' ), 85 'site_status_result' => wp_create_nonce( 'health-check-site-status-result' ), 86 ), 87 'site_status' => array( 88 'direct' => array(), 89 'async' => array(), 90 'issues' => array( 91 'good' => 0, 92 'recommended' => 0, 93 'critical' => 0, 94 ), 95 ), 96 ); 97 98 $issue_counts = get_transient( 'health-check-site-status-result' ); 99 100 if ( false !== $issue_counts ) { 101 $issue_counts = json_decode( $issue_counts ); 102 103 $health_check_js_variables['site_status']['issues'] = $issue_counts; 104 } 105 106 if ( 'site-health' === $screen->id && ! isset( $_GET['tab'] ) ) { 107 $tests = WP_Site_Health::get_tests(); 108 109 // Don't run https test on development environments. 110 if ( $this->is_development_environment() ) { 111 unset( $tests['direct']['https_status'] ); 112 } 113 114 foreach ( $tests['direct'] as $test ) { 115 if ( is_string( $test['test'] ) ) { 116 $test_function = sprintf( 117 'get_test_%s', 118 $test['test'] 119 ); 120 121 if ( method_exists( $this, $test_function ) && is_callable( array( $this, $test_function ) ) ) { 122 $health_check_js_variables['site_status']['direct'][] = $this->perform_test( array( $this, $test_function ) ); 123 continue; 124 } 125 } 126 127 if ( is_callable( $test['test'] ) ) { 128 $health_check_js_variables['site_status']['direct'][] = $this->perform_test( $test['test'] ); 129 } 130 } 131 132 foreach ( $tests['async'] as $test ) { 133 if ( is_string( $test['test'] ) ) { 134 $health_check_js_variables['site_status']['async'][] = array( 135 'test' => $test['test'], 136 'has_rest' => ( isset( $test['has_rest'] ) ? $test['has_rest'] : false ), 137 'completed' => false, 138 'headers' => isset( $test['headers'] ) ? $test['headers'] : array(), 139 ); 140 } 141 } 142 } 143 144 wp_localize_script( 'site-health', 'SiteHealth', $health_check_js_variables ); 145 } 146 147 /** 148 * Run a Site Health test directly. 149 * 150 * @since 5.4.0 151 * 152 * @param callable $callback 153 * @return mixed|void 154 */ 155 private function perform_test( $callback ) { 156 /** 157 * Filters the output of a finished Site Health test. 158 * 159 * @since 5.3.0 160 * 161 * @param array $test_result { 162 * An associative array of test result data. 163 * 164 * @type string $label A label describing the test, and is used as a header in the output. 165 * @type string $status The status of the test, which can be a value of `good`, `recommended` or `critical`. 166 * @type array $badge { 167 * Tests are put into categories which have an associated badge shown, these can be modified and assigned here. 168 * 169 * @type string $label The test label, for example `Performance`. 170 * @type string $color Default `blue`. A string representing a color to use for the label. 171 * } 172 * @type string $description A more descriptive explanation of what the test looks for, and why it is important for the end user. 173 * @type string $actions An action to direct the user to where they can resolve the issue, if one exists. 174 * @type string $test The name of the test being ran, used as a reference point. 175 * } 176 */ 177 return apply_filters( 'site_status_test_result', call_user_func( $callback ) ); 178 } 179 180 /** 181 * Run the SQL version checks. 182 * 183 * These values are used in later tests, but the part of preparing them is more easily managed 184 * early in the class for ease of access and discovery. 185 * 186 * @since 5.2.0 187 * 188 * @global wpdb $wpdb WordPress database abstraction object. 189 */ 190 private function prepare_sql_data() { 191 global $wpdb; 192 193 if ( $wpdb->use_mysqli ) { 194 // phpcs:ignore WordPress.DB.RestrictedFunctions.mysql_mysqli_get_server_info 195 $mysql_server_type = mysqli_get_server_info( $wpdb->dbh ); 196 } else { 197 // phpcs:ignore WordPress.DB.RestrictedFunctions.mysql_mysql_get_server_info,PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved 198 $mysql_server_type = mysql_get_server_info( $wpdb->dbh ); 199 } 200 201 $this->mysql_server_version = $wpdb->get_var( 'SELECT VERSION()' ); 202 203 $this->health_check_mysql_rec_version = '5.6'; 204 205 if ( stristr( $mysql_server_type, 'mariadb' ) ) { 206 $this->is_mariadb = true; 207 $this->health_check_mysql_rec_version = '10.0'; 208 } 209 210 $this->mysql_min_version_check = version_compare( '5.5', $this->mysql_server_version, '<=' ); 211 $this->mysql_rec_version_check = version_compare( $this->health_check_mysql_rec_version, $this->mysql_server_version, '<=' ); 212 } 213 214 /** 215 * Test if `wp_version_check` is blocked. 216 * 217 * It's possible to block updates with the `wp_version_check` filter, but this can't be checked 218 * during an Ajax call, as the filter is never introduced then. 219 * 220 * This filter overrides a standard page request if it's made by an admin through the Ajax call 221 * with the right query argument to check for this. 222 * 223 * @since 5.2.0 224 */ 225 public function check_wp_version_check_exists() { 226 if ( ! is_admin() || ! is_user_logged_in() || ! current_user_can( 'update_core' ) || ! isset( $_GET['health-check-test-wp_version_check'] ) ) { 227 return; 228 } 229 230 echo ( has_filter( 'wp_version_check', 'wp_version_check' ) ? 'yes' : 'no' ); 231 232 die(); 233 } 234 235 /** 236 * Tests for WordPress version and outputs it. 237 * 238 * Gives various results depending on what kind of updates are available, if any, to encourage 239 * the user to install security updates as a priority. 240 * 241 * @since 5.2.0 242 * 243 * @return array The test result. 244 */ 245 public function get_test_wordpress_version() { 246 $result = array( 247 'label' => '', 248 'status' => '', 249 'badge' => array( 250 'label' => __( 'Performance' ), 251 'color' => 'blue', 252 ), 253 'description' => '', 254 'actions' => '', 255 'test' => 'wordpress_version', 256 ); 257 258 $core_current_version = get_bloginfo( 'version' ); 259 $core_updates = get_core_updates(); 260 261 if ( ! is_array( $core_updates ) ) { 262 $result['status'] = 'recommended'; 263 264 $result['label'] = sprintf( 265 /* translators: %s: Your current version of WordPress. */ 266 __( 'WordPress version %s' ), 267 $core_current_version 268 ); 269 270 $result['description'] = sprintf( 271 '<p>%s</p>', 272 __( 'We were unable to check if any new versions of WordPress are available.' ) 273 ); 274 275 $result['actions'] = sprintf( 276 '<a href="%s">%s</a>', 277 esc_url( admin_url( 'update-core.php?force-check=1' ) ), 278 __( 'Check for updates manually' ) 279 ); 280 } else { 281 foreach ( $core_updates as $core => $update ) { 282 if ( 'upgrade' === $update->response ) { 283 $current_version = explode( '.', $core_current_version ); 284 $new_version = explode( '.', $update->version ); 285 286 $current_major = $current_version[0] . '.' . $current_version[1]; 287 $new_major = $new_version[0] . '.' . $new_version[1]; 288 289 $result['label'] = sprintf( 290 /* translators: %s: The latest version of WordPress available. */ 291 __( 'WordPress update available (%s)' ), 292 $update->version 293 ); 294 295 $result['actions'] = sprintf( 296 '<a href="%s">%s</a>', 297 esc_url( admin_url( 'update-core.php' ) ), 298 __( 'Install the latest version of WordPress' ) 299 ); 300 301 if ( $current_major !== $new_major ) { 302 // This is a major version mismatch. 303 $result['status'] = 'recommended'; 304 $result['description'] = sprintf( 305 '<p>%s</p>', 306 __( 'A new version of WordPress is available.' ) 307 ); 308 } else { 309 // This is a minor version, sometimes considered more critical. 310 $result['status'] = 'critical'; 311 $result['badge']['label'] = __( 'Security' ); 312 $result['description'] = sprintf( 313 '<p>%s</p>', 314 __( 'A new minor update is available for your site. Because minor updates often address security, it’s important to install them.' ) 315 ); 316 } 317 } else { 318 $result['status'] = 'good'; 319 $result['label'] = sprintf( 320 /* translators: %s: The current version of WordPress installed on this site. */ 321 __( 'Your version of WordPress (%s) is up to date' ), 322 $core_current_version 323 ); 324 325 $result['description'] = sprintf( 326 '<p>%s</p>', 327 __( 'You are currently running the latest version of WordPress available, keep it up!' ) 328 ); 329 } 330 } 331 } 332 333 return $result; 334 } 335 336 /** 337 * Test if plugins are outdated, or unnecessary. 338 * 339 * The tests checks if your plugins are up to date, and encourages you to remove any 340 * that are not in use. 341 * 342 * @since 5.2.0 343 * 344 * @return array The test result. 345 */ 346 public function get_test_plugin_version() { 347 $result = array( 348 'label' => __( 'Your plugins are all up to date' ), 349 'status' => 'good', 350 'badge' => array( 351 'label' => __( 'Security' ), 352 'color' => 'blue', 353 ), 354 'description' => sprintf( 355 '<p>%s</p>', 356 __( 'Plugins extend your site’s functionality with things like contact forms, ecommerce and much more. That means they have deep access to your site, so it’s vital to keep them up to date.' ) 357 ), 358 'actions' => sprintf( 359 '<p><a href="%s">%s</a></p>', 360 esc_url( admin_url( 'plugins.php' ) ), 361 __( 'Manage your plugins' ) 362 ), 363 'test' => 'plugin_version', 364 ); 365 366 $plugins = get_plugins(); 367 $plugin_updates = get_plugin_updates(); 368 369 $plugins_have_updates = false; 370 $plugins_active = 0; 371 $plugins_total = 0; 372 $plugins_need_update = 0; 373 374 // Loop over the available plugins and check their versions and active state. 375 foreach ( $plugins as $plugin_path => $plugin ) { 376 $plugins_total++; 377 378 if ( is_plugin_active( $plugin_path ) ) { 379 $plugins_active++; 380 } 381 382 $plugin_version = $plugin['Version']; 383 384 if ( array_key_exists( $plugin_path, $plugin_updates ) ) { 385 $plugins_need_update++; 386 $plugins_have_updates = true; 387 } 388 } 389 390 // Add a notice if there are outdated plugins. 391 if ( $plugins_need_update > 0 ) { 392 $result['status'] = 'critical'; 393 394 $result['label'] = __( 'You have plugins waiting to be updated' ); 395 396 $result['description'] .= sprintf( 397 '<p>%s</p>', 398 sprintf( 399 /* translators: %d: The number of outdated plugins. */ 400 _n( 401 'Your site has %d plugin waiting to be updated.', 402 'Your site has %d plugins waiting to be updated.', 403 $plugins_need_update 404 ), 405 $plugins_need_update 406 ) 407 ); 408 409 $result['actions'] .= sprintf( 410 '<p><a href="%s">%s</a></p>', 411 esc_url( network_admin_url( 'plugins.php?plugin_status=upgrade' ) ), 412 __( 'Update your plugins' ) 413 ); 414 } else { 415 if ( 1 === $plugins_active ) { 416 $result['description'] .= sprintf( 417 '<p>%s</p>', 418 __( 'Your site has 1 active plugin, and it is up to date.' ) 419 ); 420 } else { 421 $result['description'] .= sprintf( 422 '<p>%s</p>', 423 sprintf( 424 /* translators: %d: The number of active plugins. */ 425 _n( 426 'Your site has %d active plugin, and it is up to date.', 427 'Your site has %d active plugins, and they are all up to date.', 428 $plugins_active 429 ), 430 $plugins_active 431 ) 432 ); 433 } 434 } 435 436 // Check if there are inactive plugins. 437 if ( $plugins_total > $plugins_active && ! is_multisite() ) { 438 $unused_plugins = $plugins_total - $plugins_active; 439 440 $result['status'] = 'recommended'; 441 442 $result['label'] = __( 'You should remove inactive plugins' ); 443 444 $result['description'] .= sprintf( 445 '<p>%s %s</p>', 446 sprintf( 447 /* translators: %d: The number of inactive plugins. */ 448 _n( 449 'Your site has %d inactive plugin.', 450 'Your site has %d inactive plugins.', 451 $unused_plugins 452 ), 453 $unused_plugins 454 ), 455 __( 'Inactive plugins are tempting targets for attackers. If you’re not going to use a plugin, we recommend you remove it.' ) 456 ); 457 458 $result['actions'] .= sprintf( 459 '<p><a href="%s">%s</a></p>', 460 esc_url( admin_url( 'plugins.php?plugin_status=inactive' ) ), 461 __( 'Manage inactive plugins' ) 462 ); 463 } 464 465 return $result; 466 } 467 468 /** 469 * Test if themes are outdated, or unnecessary. 470 * 471 * Сhecks if your site has a default theme (to fall back on if there is a need), 472 * if your themes are up to date and, finally, encourages you to remove any themes 473 * that are not needed. 474 * 475 * @since 5.2.0 476 * 477 * @return array The test results. 478 */ 479 public function get_test_theme_version() { 480 $result = array( 481 'label' => __( 'Your themes are all up to date' ), 482 'status' => 'good', 483 'badge' => array( 484 'label' => __( 'Security' ), 485 'color' => 'blue', 486 ), 487 'description' => sprintf( 488 '<p>%s</p>', 489 __( 'Themes add your site’s look and feel. It’s important to keep them up to date, to stay consistent with your brand and keep your site secure.' ) 490 ), 491 'actions' => sprintf( 492 '<p><a href="%s">%s</a></p>', 493 esc_url( admin_url( 'themes.php' ) ), 494 __( 'Manage your themes' ) 495 ), 496 'test' => 'theme_version', 497 ); 498 499 $theme_updates = get_theme_updates(); 500 501 $themes_total = 0; 502 $themes_need_updates = 0; 503 $themes_inactive = 0; 504 505 // This value is changed during processing to determine how many themes are considered a reasonable amount. 506 $allowed_theme_count = 1; 507 508 $has_default_theme = false; 509 $has_unused_themes = false; 510 $show_unused_themes = true; 511 $using_default_theme = false; 512 513 // Populate a list of all themes available in the install. 514 $all_themes = wp_get_themes(); 515 $active_theme = wp_get_theme(); 516 517 // If WP_DEFAULT_THEME doesn't exist, fall back to the latest core default theme. 518 $default_theme = wp_get_theme( WP_DEFAULT_THEME ); 519 if ( ! $default_theme->exists() ) { 520 $default_theme = WP_Theme::get_core_default_theme(); 521 } 522 523 if ( $default_theme ) { 524 $has_default_theme = true; 525 526 if ( 527 $active_theme->get_stylesheet() === $default_theme->get_stylesheet() 528 || 529 is_child_theme() && $active_theme->get_template() === $default_theme->get_template() 530 ) { 531 $using_default_theme = true; 532 } 533 } 534 535 foreach ( $all_themes as $theme_slug => $theme ) { 536 $themes_total++; 537 538 if ( array_key_exists( $theme_slug, $theme_updates ) ) { 539 $themes_need_updates++; 540 } 541 } 542 543 // If this is a child theme, increase the allowed theme count by one, to account for the parent. 544 if ( is_child_theme() ) { 545 $allowed_theme_count++; 546 } 547 548 // If there's a default theme installed and not in use, we count that as allowed as well. 549 if ( $has_default_theme && ! $using_default_theme ) { 550 $allowed_theme_count++; 551 } 552 553 if ( $themes_total > $allowed_theme_count ) { 554 $has_unused_themes = true; 555 $themes_inactive = ( $themes_total - $allowed_theme_count ); 556 } 557 558 // Check if any themes need to be updated. 559 if ( $themes_need_updates > 0 ) { 560 $result['status'] = 'critical'; 561 562 $result['label'] = __( 'You have themes waiting to be updated' ); 563 564 $result['description'] .= sprintf( 565 '<p>%s</p>', 566 sprintf( 567 /* translators: %d: The number of outdated themes. */ 568 _n( 569 'Your site has %d theme waiting to be updated.', 570 'Your site has %d themes waiting to be updated.', 571 $themes_need_updates 572 ), 573 $themes_need_updates 574 ) 575 ); 576 } else { 577 // Give positive feedback about the site being good about keeping things up to date. 578 if ( 1 === $themes_total ) { 579 $result['description'] .= sprintf( 580 '<p>%s</p>', 581 __( 'Your site has 1 installed theme, and it is up to date.' ) 582 ); 583 } else { 584 $result['description'] .= sprintf( 585 '<p>%s</p>', 586 sprintf( 587 /* translators: %d: The number of themes. */ 588 _n( 589 'Your site has %d installed theme, and it is up to date.', 590 'Your site has %d installed themes, and they are all up to date.', 591 $themes_total 592 ), 593 $themes_total 594 ) 595 ); 596 } 597 } 598 599 if ( $has_unused_themes && $show_unused_themes && ! is_multisite() ) { 600 601 // This is a child theme, so we want to be a bit more explicit in our messages. 602 if ( $active_theme->parent() ) { 603 // Recommend removing inactive themes, except a default theme, your current one, and the parent theme. 604 $result['status'] = 'recommended'; 605 606 $result['label'] = __( 'You should remove inactive themes' ); 607 608 if ( $using_default_theme ) { 609 $result['description'] .= sprintf( 610 '<p>%s %s</p>', 611 sprintf( 612 /* translators: %d: The number of inactive themes. */ 613 _n( 614 'Your site has %d inactive theme.', 615 'Your site has %d inactive themes.', 616 $themes_inactive 617 ), 618 $themes_inactive 619 ), 620 sprintf( 621 /* translators: 1: The currently active theme. 2: The active theme's parent theme. */ 622 __( 'To enhance your site’s security, we recommend you remove any themes you’re not using. You should keep your current theme, %1$s, and %2$s, its parent theme.' ), 623 $active_theme->name, 624 $active_theme->parent()->name 625 ) 626 ); 627 } else { 628 $result['description'] .= sprintf( 629 '<p>%s %s</p>', 630 sprintf( 631 /* translators: %d: The number of inactive themes. */ 632 _n( 633 'Your site has %d inactive theme.', 634 'Your site has %d inactive themes.', 635 $themes_inactive 636 ), 637 $themes_inactive 638 ), 639 sprintf( 640 /* translators: 1: The default theme for WordPress. 2: The currently active theme. 3: The active theme's parent theme. */ 641 __( 'To enhance your site’s security, we recommend you remove any themes you’re not using. You should keep %1$s, the default WordPress theme, %2$s, your current theme, and %3$s, its parent theme.' ), 642 $default_theme ? $default_theme->name : WP_DEFAULT_THEME, 643 $active_theme->name, 644 $active_theme->parent()->name 645 ) 646 ); 647 } 648 } else { 649 // Recommend removing all inactive themes. 650 $result['status'] = 'recommended'; 651 652 $result['label'] = __( 'You should remove inactive themes' ); 653 654 if ( $using_default_theme ) { 655 $result['description'] .= sprintf( 656 '<p>%s %s</p>', 657 sprintf( 658 /* translators: 1: The amount of inactive themes. 2: The currently active theme. */ 659 _n( 660 'Your site has %1$d inactive theme, other than %2$s, your active theme.', 661 'Your site has %1$d inactive themes, other than %2$s, your active theme.', 662 $themes_inactive 663 ), 664 $themes_inactive, 665 $active_theme->name 666 ), 667 __( 'We recommend removing any unused themes to enhance your site’s security.' ) 668 ); 669 } else { 670 $result['description'] .= sprintf( 671 '<p>%s %s</p>', 672 sprintf( 673 /* translators: 1: The amount of inactive themes. 2: The default theme for WordPress. 3: The currently active theme. */ 674 _n( 675 'Your site has %1$d inactive theme, other than %2$s, the default WordPress theme, and %3$s, your active theme.', 676 'Your site has %1$d inactive themes, other than %2$s, the default WordPress theme, and %3$s, your active theme.', 677 $themes_inactive 678 ), 679 $themes_inactive, 680 $default_theme ? $default_theme->name : WP_DEFAULT_THEME, 681 $active_theme->name 682 ), 683 __( 'We recommend removing any unused themes to enhance your site’s security.' ) 684 ); 685 } 686 } 687 } 688 689 // If no default Twenty* theme exists. 690 if ( ! $has_default_theme ) { 691 $result['status'] = 'recommended'; 692 693 $result['label'] = __( 'Have a default theme available' ); 694 695 $result['description'] .= sprintf( 696 '<p>%s</p>', 697 __( 'Your site does not have any default theme. Default themes are used by WordPress automatically if anything is wrong with your chosen theme.' ) 698 ); 699 } 700 701 return $result; 702 } 703 704 /** 705 * Test if the supplied PHP version is supported. 706 * 707 * @since 5.2.0 708 * 709 * @return array The test results. 710 */ 711 public function get_test_php_version() { 712 $response = wp_check_php_version(); 713 714 $result = array( 715 'label' => sprintf( 716 /* translators: %s: The current PHP version. */ 717 __( 'Your site is running the current version of PHP (%s)' ), 718 PHP_VERSION 719 ), 720 'status' => 'good', 721 'badge' => array( 722 'label' => __( 'Performance' ), 723 'color' => 'blue', 724 ), 725 'description' => sprintf( 726 '<p>%s</p>', 727 sprintf( 728 /* translators: %s: The minimum recommended PHP version. */ 729 __( 'PHP is the programming language used to build and maintain WordPress. Newer versions of PHP are faster and more secure, so staying up to date will help your site’s overall performance and security. The minimum recommended version of PHP is %s.' ), 730 $response ? $response['recommended_version'] : '' 731 ) 732 ), 733 'actions' => sprintf( 734 '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 735 esc_url( wp_get_update_php_url() ), 736 __( 'Learn more about updating PHP' ), 737 /* translators: Accessibility text. */ 738 __( '(opens in a new tab)' ) 739 ), 740 'test' => 'php_version', 741 ); 742 743 // PHP is up to date. 744 if ( ! $response || version_compare( PHP_VERSION, $response['recommended_version'], '>=' ) ) { 745 return $result; 746 } 747 748 // The PHP version is older than the recommended version, but still receiving active support. 749 if ( $response['is_supported'] ) { 750 $result['label'] = sprintf( 751 /* translators: %s: The server PHP version. */ 752 __( 'Your site is running an older version of PHP (%s)' ), 753 PHP_VERSION 754 ); 755 $result['status'] = 'recommended'; 756 757 return $result; 758 } 759 760 // The PHP version is only receiving security fixes. 761 if ( $response['is_secure'] ) { 762 $result['label'] = sprintf( 763 /* translators: %s: The server PHP version. */ 764 __( 'Your site is running an older version of PHP (%s), which should be updated' ), 765 PHP_VERSION 766 ); 767 $result['status'] = 'recommended'; 768 769 return $result; 770 } 771 772 // Anything no longer secure must be updated. 773 $result['label'] = sprintf( 774 /* translators: %s: The server PHP version. */ 775 __( 'Your site is running an outdated version of PHP (%s), which requires an update' ), 776 PHP_VERSION 777 ); 778 $result['status'] = 'critical'; 779 $result['badge']['label'] = __( 'Security' ); 780 781 return $result; 782 } 783 784 /** 785 * Check if the passed extension or function are available. 786 * 787 * Make the check for available PHP modules into a simple boolean operator for a cleaner test runner. 788 * 789 * @since 5.2.0 790 * @since 5.3.0 The `$constant` and `$class` parameters were added. 791 * 792 * @param string $extension Optional. The extension name to test. Default null. 793 * @param string $function Optional. The function name to test. Default null. 794 * @param string $constant Optional. The constant name to test for. Default null. 795 * @param string $class Optional. The class name to test for. Default null. 796 * @return bool Whether or not the extension and function are available. 797 */ 798 private function test_php_extension_availability( $extension = null, $function = null, $constant = null, $class = null ) { 799 // If no extension or function is passed, claim to fail testing, as we have nothing to test against. 800 if ( ! $extension && ! $function && ! $constant && ! $class ) { 801 return false; 802 } 803 804 if ( $extension && ! extension_loaded( $extension ) ) { 805 return false; 806 } 807 if ( $function && ! function_exists( $function ) ) { 808 return false; 809 } 810 if ( $constant && ! defined( $constant ) ) { 811 return false; 812 } 813 if ( $class && ! class_exists( $class ) ) { 814 return false; 815 } 816 817 return true; 818 } 819 820 /** 821 * Test if required PHP modules are installed on the host. 822 * 823 * This test builds on the recommendations made by the WordPress Hosting Team 824 * as seen at https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions 825 * 826 * @since 5.2.0 827 * 828 * @return array 829 */ 830 public function get_test_php_extensions() { 831 $result = array( 832 'label' => __( 'Required and recommended modules are installed' ), 833 'status' => 'good', 834 'badge' => array( 835 'label' => __( 'Performance' ), 836 'color' => 'blue', 837 ), 838 'description' => sprintf( 839 '<p>%s</p><p>%s</p>', 840 __( 'PHP modules perform most of the tasks on the server that make your site run. Any changes to these must be made by your server administrator.' ), 841 sprintf( 842 /* translators: 1: Link to the hosting group page about recommended PHP modules. 2: Additional link attributes. 3: Accessibility text. */ 843 __( 'The WordPress Hosting Team maintains a list of those modules, both recommended and required, in <a href="%1$s" %2$s>the team handbook%3$s</a>.' ), 844 /* translators: Localized team handbook, if one exists. */ 845 esc_url( __( 'https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions' ) ), 846 'target="_blank" rel="noopener"', 847 sprintf( 848 ' <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span>', 849 /* translators: Accessibility text. */ 850 __( '(opens in a new tab)' ) 851 ) 852 ) 853 ), 854 'actions' => '', 855 'test' => 'php_extensions', 856 ); 857 858 $modules = array( 859 'curl' => array( 860 'function' => 'curl_version', 861 'required' => false, 862 ), 863 'dom' => array( 864 'class' => 'DOMNode', 865 'required' => false, 866 ), 867 'exif' => array( 868 'function' => 'exif_read_data', 869 'required' => false, 870 ), 871 'fileinfo' => array( 872 'function' => 'finfo_file', 873 'required' => false, 874 ), 875 'hash' => array( 876 'function' => 'hash', 877 'required' => false, 878 ), 879 'json' => array( 880 'function' => 'json_last_error', 881 'required' => true, 882 ), 883 'mbstring' => array( 884 'function' => 'mb_check_encoding', 885 'required' => false, 886 ), 887 'mysqli' => array( 888 'function' => 'mysqli_connect', 889 'required' => false, 890 ), 891 'libsodium' => array( 892 'constant' => 'SODIUM_LIBRARY_VERSION', 893 'required' => false, 894 'php_bundled_version' => '7.2.0', 895 ), 896 'openssl' => array( 897 'function' => 'openssl_encrypt', 898 'required' => false, 899 ), 900 'pcre' => array( 901 'function' => 'preg_match', 902 'required' => false, 903 ), 904 'imagick' => array( 905 'extension' => 'imagick', 906 'required' => false, 907 ), 908 'mod_xml' => array( 909 'extension' => 'libxml', 910 'required' => false, 911 ), 912 'zip' => array( 913 'class' => 'ZipArchive', 914 'required' => false, 915 ), 916 'filter' => array( 917 'function' => 'filter_list', 918 'required' => false, 919 ), 920 'gd' => array( 921 'extension' => 'gd', 922 'required' => false, 923 'fallback_for' => 'imagick', 924 ), 925 'iconv' => array( 926 'function' => 'iconv', 927 'required' => false, 928 ), 929 'mcrypt' => array( 930 'extension' => 'mcrypt', 931 'required' => false, 932 'fallback_for' => 'libsodium', 933 ), 934 'simplexml' => array( 935 'extension' => 'simplexml', 936 'required' => false, 937 'fallback_for' => 'mod_xml', 938 ), 939 'xmlreader' => array( 940 'extension' => 'xmlreader', 941 'required' => false, 942 'fallback_for' => 'mod_xml', 943 ), 944 'zlib' => array( 945 'extension' => 'zlib', 946 'required' => false, 947 'fallback_for' => 'zip', 948 ), 949 ); 950 951 /** 952 * An array representing all the modules we wish to test for. 953 * 954 * @since 5.2.0 955 * @since 5.3.0 The `$constant` and `$class` parameters were added. 956 * 957 * @param array $modules { 958 * An associative array of modules to test for. 959 * 960 * @type array ...$0 { 961 * An associative array of module properties used during testing. 962 * One of either `$function` or `$extension` must be provided, or they will fail by default. 963 * 964 * @type string $function Optional. A function name to test for the existence of. 965 * @type string $extension Optional. An extension to check if is loaded in PHP. 966 * @type string $constant Optional. A constant name to check for to verify an extension exists. 967 * @type string $class Optional. A class name to check for to verify an extension exists. 968 * @type bool $required Is this a required feature or not. 969 * @type string $fallback_for Optional. The module this module replaces as a fallback. 970 * } 971 * } 972 */ 973 $modules = apply_filters( 'site_status_test_php_modules', $modules ); 974 975 $failures = array(); 976 977 foreach ( $modules as $library => $module ) { 978 $extension = ( isset( $module['extension'] ) ? $module['extension'] : null ); 979 $function = ( isset( $module['function'] ) ? $module['function'] : null ); 980 $constant = ( isset( $module['constant'] ) ? $module['constant'] : null ); 981 $class_name = ( isset( $module['class'] ) ? $module['class'] : null ); 982 983 // If this module is a fallback for another function, check if that other function passed. 984 if ( isset( $module['fallback_for'] ) ) { 985 /* 986 * If that other function has a failure, mark this module as required for usual operations. 987 * If that other function hasn't failed, skip this test as it's only a fallback. 988 */ 989 if ( isset( $failures[ $module['fallback_for'] ] ) ) { 990 $module['required'] = true; 991 } else { 992 continue; 993 } 994 } 995 996 if ( ! $this->test_php_extension_availability( $extension, $function, $constant, $class_name ) && ( ! isset( $module['php_bundled_version'] ) || version_compare( PHP_VERSION, $module['php_bundled_version'], '<' ) ) ) { 997 if ( $module['required'] ) { 998 $result['status'] = 'critical'; 999 1000 $class = 'error'; 1001 $screen_reader = __( 'Error' ); 1002 $message = sprintf( 1003 /* translators: %s: The module name. */ 1004 __( 'The required module, %s, is not installed, or has been disabled.' ), 1005 $library 1006 ); 1007 } else { 1008 $class = 'warning'; 1009 $screen_reader = __( 'Warning' ); 1010 $message = sprintf( 1011 /* translators: %s: The module name. */ 1012 __( 'The optional module, %s, is not installed, or has been disabled.' ), 1013 $library 1014 ); 1015 } 1016 1017 if ( ! $module['required'] && 'good' === $result['status'] ) { 1018 $result['status'] = 'recommended'; 1019 } 1020 1021 $failures[ $library ] = "<span class='dashicons $class'><span class='screen-reader-text'>$screen_reader</span></span> $message"; 1022 } 1023 } 1024 1025 if ( ! empty( $failures ) ) { 1026 $output = '<ul>'; 1027 1028 foreach ( $failures as $failure ) { 1029 $output .= sprintf( 1030 '<li>%s</li>', 1031 $failure 1032 ); 1033 } 1034 1035 $output .= '</ul>'; 1036 } 1037 1038 if ( 'good' !== $result['status'] ) { 1039 if ( 'recommended' === $result['status'] ) { 1040 $result['label'] = __( 'One or more recommended modules are missing' ); 1041 } 1042 if ( 'critical' === $result['status'] ) { 1043 $result['label'] = __( 'One or more required modules are missing' ); 1044 } 1045 1046 $result['description'] .= $output; 1047 } 1048 1049 return $result; 1050 } 1051 1052 /** 1053 * Test if the PHP default timezone is set to UTC. 1054 * 1055 * @since 5.3.1 1056 * 1057 * @return array The test results. 1058 */ 1059 public function get_test_php_default_timezone() { 1060 $result = array( 1061 'label' => __( 'PHP default timezone is valid' ), 1062 'status' => 'good', 1063 'badge' => array( 1064 'label' => __( 'Performance' ), 1065 'color' => 'blue', 1066 ), 1067 'description' => sprintf( 1068 '<p>%s</p>', 1069 __( 'PHP default timezone was configured by WordPress on loading. This is necessary for correct calculations of dates and times.' ) 1070 ), 1071 'actions' => '', 1072 'test' => 'php_default_timezone', 1073 ); 1074 1075 if ( 'UTC' !== date_default_timezone_get() ) { 1076 $result['status'] = 'critical'; 1077 1078 $result['label'] = __( 'PHP default timezone is invalid' ); 1079 1080 $result['description'] = sprintf( 1081 '<p>%s</p>', 1082 sprintf( 1083 /* translators: %s: date_default_timezone_set() */ 1084 __( 'PHP default timezone was changed after WordPress loading by a %s function call. This interferes with correct calculations of dates and times.' ), 1085 '<code>date_default_timezone_set()</code>' 1086 ) 1087 ); 1088 } 1089 1090 return $result; 1091 } 1092 1093 /** 1094 * Test if there's an active PHP session that can affect loopback requests. 1095 * 1096 * @since 5.5.0 1097 * 1098 * @return array The test results. 1099 */ 1100 public function get_test_php_sessions() { 1101 $result = array( 1102 'label' => __( 'No PHP sessions detected' ), 1103 'status' => 'good', 1104 'badge' => array( 1105 'label' => __( 'Performance' ), 1106 'color' => 'blue', 1107 ), 1108 'description' => sprintf( 1109 '<p>%s</p>', 1110 sprintf( 1111 /* translators: 1: session_start(), 2: session_write_close() */ 1112 __( 'PHP sessions created by a %1$s function call may interfere with REST API and loopback requests. An active session should be closed by %2$s before making any HTTP requests.' ), 1113 '<code>session_start()</code>', 1114 '<code>session_write_close()</code>' 1115 ) 1116 ), 1117 'test' => 'php_sessions', 1118 ); 1119 1120 if ( function_exists( 'session_status' ) && PHP_SESSION_ACTIVE === session_status() ) { 1121 $result['status'] = 'critical'; 1122 1123 $result['label'] = __( 'An active PHP session was detected' ); 1124 1125 $result['description'] = sprintf( 1126 '<p>%s</p>', 1127 sprintf( 1128 /* translators: 1: session_start(), 2: session_write_close() */ 1129 __( 'A PHP session was created by a %1$s function call. This interferes with REST API and loopback requests. The session should be closed by %2$s before making any HTTP requests.' ), 1130 '<code>session_start()</code>', 1131 '<code>session_write_close()</code>' 1132 ) 1133 ); 1134 } 1135 1136 return $result; 1137 } 1138 1139 /** 1140 * Test if the SQL server is up to date. 1141 * 1142 * @since 5.2.0 1143 * 1144 * @return array The test results. 1145 */ 1146 public function get_test_sql_server() { 1147 if ( ! $this->mysql_server_version ) { 1148 $this->prepare_sql_data(); 1149 } 1150 1151 $result = array( 1152 'label' => __( 'SQL server is up to date' ), 1153 'status' => 'good', 1154 'badge' => array( 1155 'label' => __( 'Performance' ), 1156 'color' => 'blue', 1157 ), 1158 'description' => sprintf( 1159 '<p>%s</p>', 1160 __( 'The SQL server is a required piece of software for the database WordPress uses to store all your site’s content and settings.' ) 1161 ), 1162 'actions' => sprintf( 1163 '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 1164 /* translators: Localized version of WordPress requirements if one exists. */ 1165 esc_url( __( 'https://wordpress.org/about/requirements/' ) ), 1166 __( 'Learn more about what WordPress requires to run.' ), 1167 /* translators: Accessibility text. */ 1168 __( '(opens in a new tab)' ) 1169 ), 1170 'test' => 'sql_server', 1171 ); 1172 1173 $db_dropin = file_exists( WP_CONTENT_DIR . '/db.php' ); 1174 1175 if ( ! $this->mysql_rec_version_check ) { 1176 $result['status'] = 'recommended'; 1177 1178 $result['label'] = __( 'Outdated SQL server' ); 1179 1180 $result['description'] .= sprintf( 1181 '<p>%s</p>', 1182 sprintf( 1183 /* translators: 1: The database engine in use (MySQL or MariaDB). 2: Database server recommended version number. */ 1184 __( 'For optimal performance and security reasons, we recommend running %1$s version %2$s or higher. Contact your web hosting company to correct this.' ), 1185 ( $this->is_mariadb ? 'MariaDB' : 'MySQL' ), 1186 $this->health_check_mysql_rec_version 1187 ) 1188 ); 1189 } 1190 1191 if ( ! $this->mysql_min_version_check ) { 1192 $result['status'] = 'critical'; 1193 1194 $result['label'] = __( 'Severely outdated SQL server' ); 1195 $result['badge']['label'] = __( 'Security' ); 1196 1197 $result['description'] .= sprintf( 1198 '<p>%s</p>', 1199 sprintf( 1200 /* translators: 1: The database engine in use (MySQL or MariaDB). 2: Database server minimum version number. */ 1201 __( 'WordPress requires %1$s version %2$s or higher. Contact your web hosting company to correct this.' ), 1202 ( $this->is_mariadb ? 'MariaDB' : 'MySQL' ), 1203 $this->health_check_mysql_required_version 1204 ) 1205 ); 1206 } 1207 1208 if ( $db_dropin ) { 1209 $result['description'] .= sprintf( 1210 '<p>%s</p>', 1211 wp_kses( 1212 sprintf( 1213 /* translators: 1: The name of the drop-in. 2: The name of the database engine. */ 1214 __( 'You are using a %1$s drop-in which might mean that a %2$s database is not being used.' ), 1215 '<code>wp-content/db.php</code>', 1216 ( $this->is_mariadb ? 'MariaDB' : 'MySQL' ) 1217 ), 1218 array( 1219 'code' => true, 1220 ) 1221 ) 1222 ); 1223 } 1224 1225 return $result; 1226 } 1227 1228 /** 1229 * Test if the database server is capable of using utf8mb4. 1230 * 1231 * @since 5.2.0 1232 * 1233 * @return array The test results. 1234 */ 1235 public function get_test_utf8mb4_support() { 1236 global $wpdb; 1237 1238 if ( ! $this->mysql_server_version ) { 1239 $this->prepare_sql_data(); 1240 } 1241 1242 $result = array( 1243 'label' => __( 'UTF8MB4 is supported' ), 1244 'status' => 'good', 1245 'badge' => array( 1246 'label' => __( 'Performance' ), 1247 'color' => 'blue', 1248 ), 1249 'description' => sprintf( 1250 '<p>%s</p>', 1251 __( 'UTF8MB4 is the character set WordPress prefers for database storage because it safely supports the widest set of characters and encodings, including Emoji, enabling better support for non-English languages.' ) 1252 ), 1253 'actions' => '', 1254 'test' => 'utf8mb4_support', 1255 ); 1256 1257 if ( ! $this->is_mariadb ) { 1258 if ( version_compare( $this->mysql_server_version, '5.5.3', '<' ) ) { 1259 $result['status'] = 'recommended'; 1260 1261 $result['label'] = __( 'utf8mb4 requires a MySQL update' ); 1262 1263 $result['description'] .= sprintf( 1264 '<p>%s</p>', 1265 sprintf( 1266 /* translators: %s: Version number. */ 1267 __( 'WordPress’ utf8mb4 support requires MySQL version %s or greater. Please contact your server administrator.' ), 1268 '5.5.3' 1269 ) 1270 ); 1271 } else { 1272 $result['description'] .= sprintf( 1273 '<p>%s</p>', 1274 __( 'Your MySQL version supports utf8mb4.' ) 1275 ); 1276 } 1277 } else { // MariaDB introduced utf8mb4 support in 5.5.0. 1278 if ( version_compare( $this->mysql_server_version, '5.5.0', '<' ) ) { 1279 $result['status'] = 'recommended'; 1280 1281 $result['label'] = __( 'utf8mb4 requires a MariaDB update' ); 1282 1283 $result['description'] .= sprintf( 1284 '<p>%s</p>', 1285 sprintf( 1286 /* translators: %s: Version number. */ 1287 __( 'WordPress’ utf8mb4 support requires MariaDB version %s or greater. Please contact your server administrator.' ), 1288 '5.5.0' 1289 ) 1290 ); 1291 } else { 1292 $result['description'] .= sprintf( 1293 '<p>%s</p>', 1294 __( 'Your MariaDB version supports utf8mb4.' ) 1295 ); 1296 } 1297 } 1298 1299 if ( $wpdb->use_mysqli ) { 1300 // phpcs:ignore WordPress.DB.RestrictedFunctions.mysql_mysqli_get_client_info 1301 $mysql_client_version = mysqli_get_client_info(); 1302 } else { 1303 // phpcs:ignore WordPress.DB.RestrictedFunctions.mysql_mysql_get_client_info,PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved 1304 $mysql_client_version = mysql_get_client_info(); 1305 } 1306 1307 /* 1308 * libmysql has supported utf8mb4 since 5.5.3, same as the MySQL server. 1309 * mysqlnd has supported utf8mb4 since 5.0.9. 1310 */ 1311 if ( false !== strpos( $mysql_client_version, 'mysqlnd' ) ) { 1312 $mysql_client_version = preg_replace( '/^\D+([\d.]+).*/', '$1', $mysql_client_version ); 1313 if ( version_compare( $mysql_client_version, '5.0.9', '<' ) ) { 1314 $result['status'] = 'recommended'; 1315 1316 $result['label'] = __( 'utf8mb4 requires a newer client library' ); 1317 1318 $result['description'] .= sprintf( 1319 '<p>%s</p>', 1320 sprintf( 1321 /* translators: 1: Name of the library, 2: Number of version. */ 1322 __( 'WordPress’ utf8mb4 support requires MySQL client library (%1$s) version %2$s or newer. Please contact your server administrator.' ), 1323 'mysqlnd', 1324 '5.0.9' 1325 ) 1326 ); 1327 } 1328 } else { 1329 if ( version_compare( $mysql_client_version, '5.5.3', '<' ) ) { 1330 $result['status'] = 'recommended'; 1331 1332 $result['label'] = __( 'utf8mb4 requires a newer client library' ); 1333 1334 $result['description'] .= sprintf( 1335 '<p>%s</p>', 1336 sprintf( 1337 /* translators: 1: Name of the library, 2: Number of version. */ 1338 __( 'WordPress’ utf8mb4 support requires MySQL client library (%1$s) version %2$s or newer. Please contact your server administrator.' ), 1339 'libmysql', 1340 '5.5.3' 1341 ) 1342 ); 1343 } 1344 } 1345 1346 return $result; 1347 } 1348 1349 /** 1350 * Test if the site can communicate with WordPress.org. 1351 * 1352 * @since 5.2.0 1353 * 1354 * @return array The test results. 1355 */ 1356 public function get_test_dotorg_communication() { 1357 $result = array( 1358 'label' => __( 'Can communicate with WordPress.org' ), 1359 'status' => '', 1360 'badge' => array( 1361 'label' => __( 'Security' ), 1362 'color' => 'blue', 1363 ), 1364 'description' => sprintf( 1365 '<p>%s</p>', 1366 __( 'Communicating with the WordPress servers is used to check for new versions, and to both install and update WordPress core, themes or plugins.' ) 1367 ), 1368 'actions' => '', 1369 'test' => 'dotorg_communication', 1370 ); 1371 1372 $wp_dotorg = wp_remote_get( 1373 'https://api.wordpress.org', 1374 array( 1375 'timeout' => 10, 1376 ) 1377 ); 1378 if ( ! is_wp_error( $wp_dotorg ) ) { 1379 $result['status'] = 'good'; 1380 } else { 1381 $result['status'] = 'critical'; 1382 1383 $result['label'] = __( 'Could not reach WordPress.org' ); 1384 1385 $result['description'] .= sprintf( 1386 '<p>%s</p>', 1387 sprintf( 1388 '<span class="error"><span class="screen-reader-text">%s</span></span> %s', 1389 __( 'Error' ), 1390 sprintf( 1391 /* translators: 1: The IP address WordPress.org resolves to. 2: The error returned by the lookup. */ 1392 __( 'Your site is unable to reach WordPress.org at %1$s, and returned the error: %2$s' ), 1393 gethostbyname( 'api.wordpress.org' ), 1394 $wp_dotorg->get_error_message() 1395 ) 1396 ) 1397 ); 1398 1399 $result['actions'] = sprintf( 1400 '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 1401 /* translators: Localized Support reference. */ 1402 esc_url( __( 'https://wordpress.org/support' ) ), 1403 __( 'Get help resolving this issue.' ), 1404 /* translators: Accessibility text. */ 1405 __( '(opens in a new tab)' ) 1406 ); 1407 } 1408 1409 return $result; 1410 } 1411 1412 /** 1413 * Test if debug information is enabled. 1414 * 1415 * When WP_DEBUG is enabled, errors and information may be disclosed to site visitors, 1416 * or logged to a publicly accessible file. 1417 * 1418 * Debugging is also frequently left enabled after looking for errors on a site, 1419 * as site owners do not understand the implications of this. 1420 * 1421 * @since 5.2.0 1422 * 1423 * @return array The test results. 1424 */ 1425 public function get_test_is_in_debug_mode() { 1426 $result = array( 1427 'label' => __( 'Your site is not set to output debug information' ), 1428 'status' => 'good', 1429 'badge' => array( 1430 'label' => __( 'Security' ), 1431 'color' => 'blue', 1432 ), 1433 'description' => sprintf( 1434 '<p>%s</p>', 1435 __( 'Debug mode is often enabled to gather more details about an error or site failure, but may contain sensitive information which should not be available on a publicly available website.' ) 1436 ), 1437 'actions' => sprintf( 1438 '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 1439 /* translators: Documentation explaining debugging in WordPress. */ 1440 esc_url( __( 'https://wordpress.org/support/article/debugging-in-wordpress/' ) ), 1441 __( 'Learn more about debugging in WordPress.' ), 1442 /* translators: Accessibility text. */ 1443 __( '(opens in a new tab)' ) 1444 ), 1445 'test' => 'is_in_debug_mode', 1446 ); 1447 1448 if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { 1449 if ( defined( 'WP_DEBUG_LOG' ) && WP_DEBUG_LOG ) { 1450 $result['label'] = __( 'Your site is set to log errors to a potentially public file.' ); 1451 1452 $result['status'] = ( 0 === strpos( ini_get( 'error_log' ), ABSPATH ) ) ? 'critical' : 'recommended'; 1453 1454 $result['description'] .= sprintf( 1455 '<p>%s</p>', 1456 sprintf( 1457 /* translators: %s: WP_DEBUG_LOG */ 1458 __( 'The value, %s, has been added to this website’s configuration file. This means any errors on the site will be written to a file which is potentially available to all users.' ), 1459 '<code>WP_DEBUG_LOG</code>' 1460 ) 1461 ); 1462 } 1463 1464 if ( defined( 'WP_DEBUG_DISPLAY' ) && WP_DEBUG_DISPLAY ) { 1465 $result['label'] = __( 'Your site is set to display errors to site visitors' ); 1466 1467 $result['status'] = 'critical'; 1468 1469 // On development environments, set the status to recommended. 1470 if ( $this->is_development_environment() ) { 1471 $result['status'] = 'recommended'; 1472 } 1473 1474 $result['description'] .= sprintf( 1475 '<p>%s</p>', 1476 sprintf( 1477 /* translators: 1: WP_DEBUG_DISPLAY, 2: WP_DEBUG */ 1478 __( 'The value, %1$s, has either been enabled by %2$s or added to your configuration file. This will make errors display on the front end of your site.' ), 1479 '<code>WP_DEBUG_DISPLAY</code>', 1480 '<code>WP_DEBUG</code>' 1481 ) 1482 ); 1483 } 1484 } 1485 1486 return $result; 1487 } 1488 1489 /** 1490 * Test if your site is serving content over HTTPS. 1491 * 1492 * Many sites have varying degrees of HTTPS support, the most common of which is sites that have it 1493 * enabled, but only if you visit the right site address. 1494 * 1495 * @since 5.2.0 1496 * @since 5.7.0 Updated to rely on {@see wp_is_using_https()} and {@see wp_is_https_supported()}. 1497 * 1498 * @return array The test results. 1499 */ 1500 public function get_test_https_status() { 1501 $result = array( 1502 'label' => __( 'Your website is using an active HTTPS connection' ), 1503 'status' => 'good', 1504 'badge' => array( 1505 'label' => __( 'Security' ), 1506 'color' => 'blue', 1507 ), 1508 'description' => sprintf( 1509 '<p>%s</p>', 1510 __( 'An HTTPS connection is a more secure way of browsing the web. Many services now have HTTPS as a requirement. HTTPS allows you to take advantage of new features that can increase site speed, improve search rankings, and gain the trust of your visitors by helping to protect their online privacy.' ) 1511 ), 1512 'actions' => sprintf( 1513 '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 1514 /* translators: Documentation explaining HTTPS and why it should be used. */ 1515 esc_url( __( 'https://wordpress.org/support/article/why-should-i-use-https/' ) ), 1516 __( 'Learn more about why you should use HTTPS' ), 1517 /* translators: Accessibility text. */ 1518 __( '(opens in a new tab)' ) 1519 ), 1520 'test' => 'https_status', 1521 ); 1522 1523 if ( ! wp_is_using_https() ) { 1524 $result['status'] = 'critical'; 1525 $result['label'] = __( 'Your website does not use HTTPS' ); 1526 1527 if ( is_ssl() ) { 1528 $result['description'] = sprintf( 1529 '<p>%s</p>', 1530 sprintf( 1531 /* translators: %s: URL to General Settings screen. */ 1532 __( 'You are accessing this website using HTTPS, but your <a href="%s">WordPress Address</a> is not set up to use HTTPS by default.' ), 1533 esc_url( admin_url( 'options-general.php' ) ) 1534 ) 1535 ); 1536 } else { 1537 $result['description'] = sprintf( 1538 '<p>%s</p>', 1539 sprintf( 1540 /* translators: %s: URL to General Settings screen. */ 1541 __( 'Your <a href="%s">WordPress Address</a> is not set up to use HTTPS.' ), 1542 esc_url( admin_url( 'options-general.php' ) ) 1543 ) 1544 ); 1545 } 1546 1547 if ( wp_is_https_supported() ) { 1548 $result['description'] .= sprintf( 1549 '<p>%s</p>', 1550 __( 'HTTPS is already supported for your website.' ) 1551 ); 1552 1553 $result['actions'] = sprintf( 1554 '<p><a href="%s">%s</a></p>', 1555 esc_url( admin_url( 'options-general.php' ) ), 1556 __( 'Update your site addresses' ) 1557 ); 1558 } else { 1559 $result['description'] .= sprintf( 1560 '<p>%s</p>', 1561 __( 'Talk to your web host about supporting HTTPS for your website.' ) 1562 ); 1563 } 1564 } 1565 1566 return $result; 1567 } 1568 1569 /** 1570 * Check if the HTTP API can handle SSL/TLS requests. 1571 * 1572 * @since 5.2.0 1573 * 1574 * @return array The test results. 1575 */ 1576 public function get_test_ssl_support() { 1577 $result = array( 1578 'label' => '', 1579 'status' => '', 1580 'badge' => array( 1581 'label' => __( 'Security' ), 1582 'color' => 'blue', 1583 ), 1584 'description' => sprintf( 1585 '<p>%s</p>', 1586 __( 'Securely communicating between servers are needed for transactions such as fetching files, conducting sales on store sites, and much more.' ) 1587 ), 1588 'actions' => '', 1589 'test' => 'ssl_support', 1590 ); 1591 1592 $supports_https = wp_http_supports( array( 'ssl' ) ); 1593 1594 if ( $supports_https ) { 1595 $result['status'] = 'good'; 1596 1597 $result['label'] = __( 'Your site can communicate securely with other services' ); 1598 } else { 1599 $result['status'] = 'critical'; 1600 1601 $result['label'] = __( 'Your site is unable to communicate securely with other services' ); 1602 1603 $result['description'] .= sprintf( 1604 '<p>%s</p>', 1605 __( 'Talk to your web host about OpenSSL support for PHP.' ) 1606 ); 1607 } 1608 1609 return $result; 1610 } 1611 1612 /** 1613 * Test if scheduled events run as intended. 1614 * 1615 * If scheduled events are not running, this may indicate something with WP_Cron is not working 1616 * as intended, or that there are orphaned events hanging around from older code. 1617 * 1618 * @since 5.2.0 1619 * 1620 * @return array The test results. 1621 */ 1622 public function get_test_scheduled_events() { 1623 $result = array( 1624 'label' => __( 'Scheduled events are running' ), 1625 'status' => 'good', 1626 'badge' => array( 1627 'label' => __( 'Performance' ), 1628 'color' => 'blue', 1629 ), 1630 'description' => sprintf( 1631 '<p>%s</p>', 1632 __( 'Scheduled events are what periodically looks for updates to plugins, themes and WordPress itself. It is also what makes sure scheduled posts are published on time. It may also be used by various plugins to make sure that planned actions are executed.' ) 1633 ), 1634 'actions' => '', 1635 'test' => 'scheduled_events', 1636 ); 1637 1638 $this->wp_schedule_test_init(); 1639 1640 if ( is_wp_error( $this->has_missed_cron() ) ) { 1641 $result['status'] = 'critical'; 1642 1643 $result['label'] = __( 'It was not possible to check your scheduled events' ); 1644 1645 $result['description'] = sprintf( 1646 '<p>%s</p>', 1647 sprintf( 1648 /* translators: %s: The error message returned while from the cron scheduler. */ 1649 __( 'While trying to test your site’s scheduled events, the following error was returned: %s' ), 1650 $this->has_missed_cron()->get_error_message() 1651 ) 1652 ); 1653 } elseif ( $this->has_missed_cron() ) { 1654 $result['status'] = 'recommended'; 1655 1656 $result['label'] = __( 'A scheduled event has failed' ); 1657 1658 $result['description'] = sprintf( 1659 '<p>%s</p>', 1660 sprintf( 1661 /* translators: %s: The name of the failed cron event. */ 1662 __( 'The scheduled event, %s, failed to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.' ), 1663 $this->last_missed_cron 1664 ) 1665 ); 1666 } elseif ( $this->has_late_cron() ) { 1667 $result['status'] = 'recommended'; 1668 1669 $result['label'] = __( 'A scheduled event is late' ); 1670 1671 $result['description'] = sprintf( 1672 '<p>%s</p>', 1673 sprintf( 1674 /* translators: %s: The name of the late cron event. */ 1675 __( 'The scheduled event, %s, is late to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.' ), 1676 $this->last_late_cron 1677 ) 1678 ); 1679 } 1680 1681 return $result; 1682 } 1683 1684 /** 1685 * Test if WordPress can run automated background updates. 1686 * 1687 * Background updates in WordPress are primarily used for minor releases and security updates. 1688 * It's important to either have these working, or be aware that they are intentionally disabled 1689 * for whatever reason. 1690 * 1691 * @since 5.2.0 1692 * 1693 * @return array The test results. 1694 */ 1695 public function get_test_background_updates() { 1696 $result = array( 1697 'label' => __( 'Background updates are working' ), 1698 'status' => 'good', 1699 'badge' => array( 1700 'label' => __( 'Security' ), 1701 'color' => 'blue', 1702 ), 1703 'description' => sprintf( 1704 '<p>%s</p>', 1705 __( 'Background updates ensure that WordPress can auto-update if a security update is released for the version you are currently using.' ) 1706 ), 1707 'actions' => '', 1708 'test' => 'background_updates', 1709 ); 1710 1711 if ( ! class_exists( 'WP_Site_Health_Auto_Updates' ) ) { 1712 require_once ABSPATH . 'wp-admin/includes/class-wp-site-health-auto-updates.php'; 1713 } 1714 1715 // Run the auto-update tests in a separate class, 1716 // as there are many considerations to be made. 1717 $automatic_updates = new WP_Site_Health_Auto_Updates(); 1718 $tests = $automatic_updates->run_tests(); 1719 1720 $output = '<ul>'; 1721 1722 foreach ( $tests as $test ) { 1723 $severity_string = __( 'Passed' ); 1724 1725 if ( 'fail' === $test->severity ) { 1726 $result['label'] = __( 'Background updates are not working as expected' ); 1727 1728 $result['status'] = 'critical'; 1729 1730 $severity_string = __( 'Error' ); 1731 } 1732 1733 if ( 'warning' === $test->severity && 'good' === $result['status'] ) { 1734 $result['label'] = __( 'Background updates may not be working properly' ); 1735 1736 $result['status'] = 'recommended'; 1737 1738 $severity_string = __( 'Warning' ); 1739 } 1740 1741 $output .= sprintf( 1742 '<li><span class="dashicons %s"><span class="screen-reader-text">%s</span></span> %s</li>', 1743 esc_attr( $test->severity ), 1744 $severity_string, 1745 $test->description 1746 ); 1747 } 1748 1749 $output .= '</ul>'; 1750 1751 if ( 'good' !== $result['status'] ) { 1752 $result['description'] .= $output; 1753 } 1754 1755 return $result; 1756 } 1757 1758 /** 1759 * Test if plugin and theme auto-updates appear to be configured correctly. 1760 * 1761 * @since 5.5.0 1762 * 1763 * @return array The test results. 1764 */ 1765 public function get_test_plugin_theme_auto_updates() { 1766 $result = array( 1767 'label' => __( 'Plugin and theme auto-updates appear to be configured correctly' ), 1768 'status' => 'good', 1769 'badge' => array( 1770 'label' => __( 'Security' ), 1771 'color' => 'blue', 1772 ), 1773 'description' => sprintf( 1774 '<p>%s</p>', 1775 __( 'Plugin and theme auto-updates ensure that the latest versions are always installed.' ) 1776 ), 1777 'actions' => '', 1778 'test' => 'plugin_theme_auto_updates', 1779 ); 1780 1781 $check_plugin_theme_updates = $this->detect_plugin_theme_auto_update_issues(); 1782 1783 $result['status'] = $check_plugin_theme_updates->status; 1784 1785 if ( 'good' !== $result['status'] ) { 1786 $result['label'] = __( 'Your site may have problems auto-updating plugins and themes' ); 1787 1788 $result['description'] .= sprintf( 1789 '<p>%s</p>', 1790 $check_plugin_theme_updates->message 1791 ); 1792 } 1793 1794 return $result; 1795 } 1796 1797 /** 1798 * Test if loopbacks work as expected. 1799 * 1800 * A loopback is when WordPress queries itself, for example to start a new WP_Cron instance, 1801 * or when editing a plugin or theme. This has shown itself to be a recurring issue, 1802 * as code can very easily break this interaction. 1803 * 1804 * @since 5.2.0 1805 * 1806 * @return array The test results. 1807 */ 1808 public function get_test_loopback_requests() { 1809 $result = array( 1810 'label' => __( 'Your site can perform loopback requests' ), 1811 'status' => 'good', 1812 'badge' => array( 1813 'label' => __( 'Performance' ), 1814 'color' => 'blue', 1815 ), 1816 'description' => sprintf( 1817 '<p>%s</p>', 1818 __( 'Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.' ) 1819 ), 1820 'actions' => '', 1821 'test' => 'loopback_requests', 1822 ); 1823 1824 $check_loopback = $this->can_perform_loopback(); 1825 1826 $result['status'] = $check_loopback->status; 1827 1828 if ( 'good' !== $result['status'] ) { 1829 $result['label'] = __( 'Your site could not complete a loopback request' ); 1830 1831 $result['description'] .= sprintf( 1832 '<p>%s</p>', 1833 $check_loopback->message 1834 ); 1835 } 1836 1837 return $result; 1838 } 1839 1840 /** 1841 * Test if HTTP requests are blocked. 1842 * 1843 * It's possible to block all outgoing communication (with the possibility of allowing certain 1844 * hosts) via the HTTP API. This may create problems for users as many features are running as 1845 * services these days. 1846 * 1847 * @since 5.2.0 1848 * 1849 * @return array The test results. 1850 */ 1851 public function get_test_http_requests() { 1852 $result = array( 1853 'label' => __( 'HTTP requests seem to be working as expected' ), 1854 'status' => 'good', 1855 'badge' => array( 1856 'label' => __( 'Performance' ), 1857 'color' => 'blue', 1858 ), 1859 'description' => sprintf( 1860 '<p>%s</p>', 1861 __( 'It is possible for site maintainers to block all, or some, communication to other sites and services. If set up incorrectly, this may prevent plugins and themes from working as intended.' ) 1862 ), 1863 'actions' => '', 1864 'test' => 'http_requests', 1865 ); 1866 1867 $blocked = false; 1868 $hosts = array(); 1869 1870 if ( defined( 'WP_HTTP_BLOCK_EXTERNAL' ) && WP_HTTP_BLOCK_EXTERNAL ) { 1871 $blocked = true; 1872 } 1873 1874 if ( defined( 'WP_ACCESSIBLE_HOSTS' ) ) { 1875 $hosts = explode( ',', WP_ACCESSIBLE_HOSTS ); 1876 } 1877 1878 if ( $blocked && 0 === count( $hosts ) ) { 1879 $result['status'] = 'critical'; 1880 1881 $result['label'] = __( 'HTTP requests are blocked' ); 1882 1883 $result['description'] .= sprintf( 1884 '<p>%s</p>', 1885 sprintf( 1886 /* translators: %s: Name of the constant used. */ 1887 __( 'HTTP requests have been blocked by the %s constant, with no allowed hosts.' ), 1888 '<code>WP_HTTP_BLOCK_EXTERNAL</code>' 1889 ) 1890 ); 1891 } 1892 1893 if ( $blocked && 0 < count( $hosts ) ) { 1894 $result['status'] = 'recommended'; 1895 1896 $result['label'] = __( 'HTTP requests are partially blocked' ); 1897 1898 $result['description'] .= sprintf( 1899 '<p>%s</p>', 1900 sprintf( 1901 /* translators: 1: Name of the constant used. 2: List of allowed hostnames. */ 1902 __( 'HTTP requests have been blocked by the %1$s constant, with some allowed hosts: %2$s.' ), 1903 '<code>WP_HTTP_BLOCK_EXTERNAL</code>', 1904 implode( ',', $hosts ) 1905 ) 1906 ); 1907 } 1908 1909 return $result; 1910 } 1911 1912 /** 1913 * Test if the REST API is accessible. 1914 * 1915 * Various security measures may block the REST API from working, or it may have been disabled in general. 1916 * This is required for the new block editor to work, so we explicitly test for this. 1917 * 1918 * @since 5.2.0 1919 * 1920 * @return array The test results. 1921 */ 1922 public function get_test_rest_availability() { 1923 $result = array( 1924 'label' => __( 'The REST API is available' ), 1925 'status' => 'good', 1926 'badge' => array( 1927 'label' => __( 'Performance' ), 1928 'color' => 'blue', 1929 ), 1930 'description' => sprintf( 1931 '<p>%s</p>', 1932 __( 'The REST API is one way WordPress, and other applications, communicate with the server. One example is the block editor screen, which relies on this to display, and save, your posts and pages.' ) 1933 ), 1934 'actions' => '', 1935 'test' => 'rest_availability', 1936 ); 1937 1938 $cookies = wp_unslash( $_COOKIE ); 1939 $timeout = 10; 1940 $headers = array( 1941 'Cache-Control' => 'no-cache', 1942 'X-WP-Nonce' => wp_create_nonce( 'wp_rest' ), 1943 ); 1944 /** This filter is documented in wp-includes/class-wp-http-streams.php */ 1945 $sslverify = apply_filters( 'https_local_ssl_verify', false ); 1946 1947 // Include Basic auth in loopback requests. 1948 if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) { 1949 $headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) ); 1950 } 1951 1952 $url = rest_url( 'wp/v2/types/post' ); 1953 1954 // The context for this is editing with the new block editor. 1955 $url = add_query_arg( 1956 array( 1957 'context' => 'edit', 1958 ), 1959 $url 1960 ); 1961 1962 $r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) ); 1963 1964 if ( is_wp_error( $r ) ) { 1965 $result['status'] = 'critical'; 1966 1967 $result['label'] = __( 'The REST API encountered an error' ); 1968 1969 $result['description'] .= sprintf( 1970 '<p>%s</p>', 1971 sprintf( 1972 '%s<br>%s', 1973 __( 'The REST API request failed due to an error.' ), 1974 sprintf( 1975 /* translators: 1: The WordPress error message. 2: The WordPress error code. */ 1976 __( 'Error: %1$s (%2$s)' ), 1977 $r->get_error_message(), 1978 $r->get_error_code() 1979 ) 1980 ) 1981 ); 1982 } elseif ( 200 !== wp_remote_retrieve_response_code( $r ) ) { 1983 $result['status'] = 'recommended'; 1984 1985 $result['label'] = __( 'The REST API encountered an unexpected result' ); 1986 1987 $result['description'] .= sprintf( 1988 '<p>%s</p>', 1989 sprintf( 1990 /* translators: 1: The HTTP error code. 2: The HTTP error message. */ 1991 __( 'The REST API call gave the following unexpected result: (%1$d) %2$s.' ), 1992 wp_remote_retrieve_response_code( $r ), 1993 esc_html( wp_remote_retrieve_body( $r ) ) 1994 ) 1995 ); 1996 } else { 1997 $json = json_decode( wp_remote_retrieve_body( $r ), true ); 1998 1999 if ( false !== $json && ! isset( $json['capabilities'] ) ) { 2000 $result['status'] = 'recommended'; 2001 2002 $result['label'] = __( 'The REST API did not behave correctly' ); 2003 2004 $result['description'] .= sprintf( 2005 '<p>%s</p>', 2006 sprintf( 2007 /* translators: %s: The name of the query parameter being tested. */ 2008 __( 'The REST API did not process the %s query parameter correctly.' ), 2009 '<code>context</code>' 2010 ) 2011 ); 2012 } 2013 } 2014 2015 return $result; 2016 } 2017 2018 /** 2019 * Test if 'file_uploads' directive in PHP.ini is turned off. 2020 * 2021 * @since 5.5.0 2022 * 2023 * @return array The test results. 2024 */ 2025 public function get_test_file_uploads() { 2026 $result = array( 2027 'label' => __( 'Files can be uploaded.' ), 2028 'status' => 'good', 2029 'badge' => array( 2030 'label' => __( 'Performance' ), 2031 'color' => 'blue', 2032 ), 2033 'description' => sprintf( 2034 '<p>%s</p>', 2035 sprintf( 2036 /* translators: 1: file_uploads, 2: php.ini */ 2037 __( 'The %1$s directive in %2$s determines if uploading files is allowed on your site.' ), 2038 '<code>file_uploads</code>', 2039 '<code>php.ini</code>' 2040 ) 2041 ), 2042 'actions' => '', 2043 'test' => 'file_uploads', 2044 ); 2045 2046 if ( ! function_exists( 'ini_get' ) ) { 2047 $result['status'] = 'critical'; 2048 $result['description'] .= sprintf( 2049 /* translators: %s: ini_get() */ 2050 __( 'The %s function has been disabled, some media settings are unavailable because of this.' ), 2051 '<code>ini_get()</code>' 2052 ); 2053 return $result; 2054 } 2055 2056 if ( empty( ini_get( 'file_uploads' ) ) ) { 2057 $result['status'] = 'critical'; 2058 $result['description'] .= sprintf( 2059 '<p>%s</p>', 2060 sprintf( 2061 /* translators: 1: file_uploads, 2: 0 */ 2062 __( '%1$s is set to %2$s. You won\'t be able to upload files on your site.' ), 2063 '<code>file_uploads</code>', 2064 '<code>0</code>' 2065 ) 2066 ); 2067 return $result; 2068 } 2069 2070 $post_max_size = ini_get( 'post_max_size' ); 2071 $upload_max_filesize = ini_get( 'upload_max_filesize' ); 2072 2073 if ( wp_convert_hr_to_bytes( $post_max_size ) < wp_convert_hr_to_bytes( $upload_max_filesize ) ) { 2074 $result['label'] = sprintf( 2075 /* translators: 1: post_max_size, 2: upload_max_filesize */ 2076 __( 'The "%1$s" value is smaller than "%2$s".' ), 2077 'post_max_size', 2078 'upload_max_filesize' 2079 ); 2080 $result['status'] = 'recommended'; 2081 $result['description'] = sprintf( 2082 '<p>%s</p>', 2083 sprintf( 2084 /* translators: 1: post_max_size, 2: upload_max_filesize */ 2085 __( 'The setting for %1$s is smaller than %2$s, this could cause some problems when trying to upload files.' ), 2086 '<code>post_max_size</code>', 2087 '<code>upload_max_filesize</code>' 2088 ) 2089 ); 2090 return $result; 2091 } 2092 2093 return $result; 2094 } 2095 2096 /** 2097 * Tests if the Authorization header has the expected values. 2098 * 2099 * @since 5.6.0 2100 * 2101 * @return array 2102 */ 2103 public function get_test_authorization_header() { 2104 $result = array( 2105 'label' => __( 'The Authorization header is working as expected.' ), 2106 'status' => 'good', 2107 'badge' => array( 2108 'label' => __( 'Security' ), 2109 'color' => 'blue', 2110 ), 2111 'description' => sprintf( 2112 '<p>%s</p>', 2113 __( 'The Authorization header comes from the third-party applications you approve. Without it, those apps cannot connect to your site.' ) 2114 ), 2115 'actions' => '', 2116 'test' => 'authorization_header', 2117 ); 2118 2119 if ( ! isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) { 2120 $result['label'] = __( 'The authorization header is missing.' ); 2121 } elseif ( 'user' !== $_SERVER['PHP_AUTH_USER'] || 'pwd' !== $_SERVER['PHP_AUTH_PW'] ) { 2122 $result['label'] = __( 'The authorization header is invalid.' ); 2123 } else { 2124 return $result; 2125 } 2126 2127 $result['status'] = 'recommended'; 2128 2129 if ( ! function_exists( 'got_mod_rewrite' ) ) { 2130 require_once ABSPATH . 'wp-admin/includes/misc.php'; 2131 } 2132 2133 if ( got_mod_rewrite() ) { 2134 $result['actions'] .= sprintf( 2135 '<p><a href="%s">%s</a></p>', 2136 esc_url( admin_url( 'options-permalink.php' ) ), 2137 __( 'Flush permalinks' ) 2138 ); 2139 } else { 2140 $result['actions'] .= sprintf( 2141 '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 2142 __( 'https://developer.wordpress.org/rest-api/frequently-asked-questions/#why-is-authentication-not-working' ), 2143 __( 'Learn how to configure the Authorization header.' ), 2144 /* translators: Accessibility text. */ 2145 __( '(opens in a new tab)' ) 2146 ); 2147 } 2148 2149 return $result; 2150 } 2151 2152 /** 2153 * Return a set of tests that belong to the site status page. 2154 * 2155 * Each site status test is defined here, they may be `direct` tests, that run on page load, or `async` tests 2156 * which will run later down the line via JavaScript calls to improve page performance and hopefully also user 2157 * experiences. 2158 * 2159 * @since 5.2.0 2160 * @since 5.6.0 Added support for `has_rest` and `permissions`. 2161 * 2162 * @return array The list of tests to run. 2163 */ 2164 public static function get_tests() { 2165 $tests = array( 2166 'direct' => array( 2167 'wordpress_version' => array( 2168 'label' => __( 'WordPress Version' ), 2169 'test' => 'wordpress_version', 2170 ), 2171 'plugin_version' => array( 2172 'label' => __( 'Plugin Versions' ), 2173 'test' => 'plugin_version', 2174 ), 2175 'theme_version' => array( 2176 'label' => __( 'Theme Versions' ), 2177 'test' => 'theme_version', 2178 ), 2179 'php_version' => array( 2180 'label' => __( 'PHP Version' ), 2181 'test' => 'php_version', 2182 ), 2183 'php_extensions' => array( 2184 'label' => __( 'PHP Extensions' ), 2185 'test' => 'php_extensions', 2186 ), 2187 'php_default_timezone' => array( 2188 'label' => __( 'PHP Default Timezone' ), 2189 'test' => 'php_default_timezone', 2190 ), 2191 'php_sessions' => array( 2192 'label' => __( 'PHP Sessions' ), 2193 'test' => 'php_sessions', 2194 ), 2195 'sql_server' => array( 2196 'label' => __( 'Database Server version' ), 2197 'test' => 'sql_server', 2198 ), 2199 'utf8mb4_support' => array( 2200 'label' => __( 'MySQL utf8mb4 support' ), 2201 'test' => 'utf8mb4_support', 2202 ), 2203 'https_status' => array( 2204 'label' => __( 'HTTPS status' ), 2205 'test' => 'https_status', 2206 ), 2207 'ssl_support' => array( 2208 'label' => __( 'Secure communication' ), 2209 'test' => 'ssl_support', 2210 ), 2211 'scheduled_events' => array( 2212 'label' => __( 'Scheduled events' ), 2213 'test' => 'scheduled_events', 2214 ), 2215 'http_requests' => array( 2216 'label' => __( 'HTTP Requests' ), 2217 'test' => 'http_requests', 2218 ), 2219 'debug_enabled' => array( 2220 'label' => __( 'Debugging enabled' ), 2221 'test' => 'is_in_debug_mode', 2222 ), 2223 'file_uploads' => array( 2224 'label' => __( 'File uploads' ), 2225 'test' => 'file_uploads', 2226 ), 2227 'plugin_theme_auto_updates' => array( 2228 'label' => __( 'Plugin and theme auto-updates' ), 2229 'test' => 'plugin_theme_auto_updates', 2230 ), 2231 ), 2232 'async' => array( 2233 'dotorg_communication' => array( 2234 'label' => __( 'Communication with WordPress.org' ), 2235 'test' => rest_url( 'wp-site-health/v1/tests/dotorg-communication' ), 2236 'has_rest' => true, 2237 'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_dotorg_communication' ), 2238 ), 2239 'background_updates' => array( 2240 'label' => __( 'Background updates' ), 2241 'test' => rest_url( 'wp-site-health/v1/tests/background-updates' ), 2242 'has_rest' => true, 2243 'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_background_updates' ), 2244 ), 2245 'loopback_requests' => array( 2246 'label' => __( 'Loopback request' ), 2247 'test' => rest_url( 'wp-site-health/v1/tests/loopback-requests' ), 2248 'has_rest' => true, 2249 'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_loopback_requests' ), 2250 ), 2251 'authorization_header' => array( 2252 'label' => __( 'Authorization header' ), 2253 'test' => rest_url( 'wp-site-health/v1/tests/authorization-header' ), 2254 'has_rest' => true, 2255 'headers' => array( 'Authorization' => 'Basic ' . base64_encode( 'user:pwd' ) ), 2256 'skip_cron' => true, 2257 ), 2258 ), 2259 ); 2260 2261 // Conditionally include REST rules if the function for it exists. 2262 if ( function_exists( 'rest_url' ) ) { 2263 $tests['direct']['rest_availability'] = array( 2264 'label' => __( 'REST API availability' ), 2265 'test' => 'rest_availability', 2266 ); 2267 } 2268 2269 /** 2270 * Add or modify which site status tests are run on a site. 2271 * 2272 * The site health is determined by a set of tests based on best practices from 2273 * both the WordPress Hosting Team, but also web standards in general. 2274 * 2275 * Some sites may not have the same requirements, for example the automatic update 2276 * checks may be handled by a host, and are therefore disabled in core. 2277 * Or maybe you want to introduce a new test, is caching enabled/disabled/stale for example. 2278 * 2279 * Tests may be added either as direct, or asynchronous ones. Any test that may require some time 2280 * to complete should run asynchronously, to avoid extended loading periods within wp-admin. 2281 * 2282 * @since 5.2.0 2283 * @since 5.6.0 Added the `async_direct_test` array key. 2284 * Added the `skip_cron` array key. 2285 * 2286 * @param array $test_type { 2287 * An associative array, where the `$test_type` is either `direct` or 2288 * `async`, to declare if the test should run via Ajax calls after page load. 2289 * 2290 * @type array $identifier { 2291 * `$identifier` should be a unique identifier for the test that should run. 2292 * Plugins and themes are encouraged to prefix test identifiers with their slug 2293 * to avoid any collisions between tests. 2294 * 2295 * @type string $label A friendly label for your test to identify it by. 2296 * @type mixed $test A callable to perform a direct test, or a string AJAX action 2297 * to be called to perform an async test. 2298 * @type boolean $has_rest Optional. Denote if `$test` has a REST API endpoint. 2299 * @type boolean $skip_cron Whether to skip this test when running as cron. 2300 * @type callable $async_direct_test A manner of directly calling the test marked as asynchronous, 2301 * as the scheduled event can not authenticate, and endpoints 2302 * may require authentication. 2303 * } 2304 * } 2305 */ 2306 $tests = apply_filters( 'site_status_tests', $tests ); 2307 2308 // Ensure that the filtered tests contain the required array keys. 2309 $tests = array_merge( 2310 array( 2311 'direct' => array(), 2312 'async' => array(), 2313 ), 2314 $tests 2315 ); 2316 2317 return $tests; 2318 } 2319 2320 /** 2321 * Add a class to the body HTML tag. 2322 * 2323 * Filters the body class string for admin pages and adds our own class for easier styling. 2324 * 2325 * @since 5.2.0 2326 * 2327 * @param string $body_class The body class string. 2328 * @return string The modified body class string. 2329 */ 2330 public function admin_body_class( $body_class ) { 2331 $screen = get_current_screen(); 2332 if ( 'site-health' !== $screen->id ) { 2333 return $body_class; 2334 } 2335 2336 $body_class .= ' site-health'; 2337 2338 return $body_class; 2339 } 2340 2341 /** 2342 * Initiate the WP_Cron schedule test cases. 2343 * 2344 * @since 5.2.0 2345 */ 2346 private function wp_schedule_test_init() { 2347 $this->schedules = wp_get_schedules(); 2348 $this->get_cron_tasks(); 2349 } 2350 2351 /** 2352 * Populate our list of cron events and store them to a class-wide variable. 2353 * 2354 * @since 5.2.0 2355 */ 2356 private function get_cron_tasks() { 2357 $cron_tasks = _get_cron_array(); 2358 2359 if ( empty( $cron_tasks ) ) { 2360 $this->crons = new WP_Error( 'no_tasks', __( 'No scheduled events exist on this site.' ) ); 2361 return; 2362 } 2363 2364 $this->crons = array(); 2365 2366 foreach ( $cron_tasks as $time => $cron ) { 2367 foreach ( $cron as $hook => $dings ) { 2368 foreach ( $dings as $sig => $data ) { 2369 2370 $this->crons[ "$hook-$sig-$time" ] = (object) array( 2371 'hook' => $hook, 2372 'time' => $time, 2373 'sig' => $sig, 2374 'args' => $data['args'], 2375 'schedule' => $data['schedule'], 2376 'interval' => isset( $data['interval'] ) ? $data['interval'] : null, 2377 ); 2378 2379 } 2380 } 2381 } 2382 } 2383 2384 /** 2385 * Check if any scheduled tasks have been missed. 2386 * 2387 * Returns a boolean value of `true` if a scheduled task has been missed and ends processing. 2388 * 2389 * If the list of crons is an instance of WP_Error, returns the instance instead of a boolean value. 2390 * 2391 * @since 5.2.0 2392 * 2393 * @return bool|WP_Error True if a cron was missed, false if not. WP_Error if the cron is set to that. 2394 */ 2395 public function has_missed_cron() { 2396 if ( is_wp_error( $this->crons ) ) { 2397 return $this->crons; 2398 } 2399 2400 foreach ( $this->crons as $id => $cron ) { 2401 if ( ( $cron->time - time() ) < $this->timeout_missed_cron ) { 2402 $this->last_missed_cron = $cron->hook; 2403 return true; 2404 } 2405 } 2406 2407 return false; 2408 } 2409 2410 /** 2411 * Check if any scheduled tasks are late. 2412 * 2413 * Returns a boolean value of `true` if a scheduled task is late and ends processing. 2414 * 2415 * If the list of crons is an instance of WP_Error, returns the instance instead of a boolean value. 2416 * 2417 * @since 5.3.0 2418 * 2419 * @return bool|WP_Error True if a cron is late, false if not. WP_Error if the cron is set to that. 2420 */ 2421 public function has_late_cron() { 2422 if ( is_wp_error( $this->crons ) ) { 2423 return $this->crons; 2424 } 2425 2426 foreach ( $this->crons as $id => $cron ) { 2427 $cron_offset = $cron->time - time(); 2428 if ( 2429 $cron_offset >= $this->timeout_missed_cron && 2430 $cron_offset < $this->timeout_late_cron 2431 ) { 2432 $this->last_late_cron = $cron->hook; 2433 return true; 2434 } 2435 } 2436 2437 return false; 2438 } 2439 2440 /** 2441 * Check for potential issues with plugin and theme auto-updates. 2442 * 2443 * Though there is no way to 100% determine if plugin and theme auto-updates are configured 2444 * correctly, a few educated guesses could be made to flag any conditions that would 2445 * potentially cause unexpected behaviors. 2446 * 2447 * @since 5.5.0 2448 * 2449 * @return object The test results. 2450 */ 2451 function detect_plugin_theme_auto_update_issues() { 2452 $mock_plugin = (object) array( 2453 'id' => 'w.org/plugins/a-fake-plugin', 2454 'slug' => 'a-fake-plugin', 2455 'plugin' => 'a-fake-plugin/a-fake-plugin.php', 2456 'new_version' => '9.9', 2457 'url' => 'https://wordpress.org/plugins/a-fake-plugin/', 2458 'package' => 'https://downloads.wordpress.org/plugin/a-fake-plugin.9.9.zip', 2459 'icons' => array( 2460 '2x' => 'https://ps.w.org/a-fake-plugin/assets/icon-256x256.png', 2461 '1x' => 'https://ps.w.org/a-fake-plugin/assets/icon-128x128.png', 2462 ), 2463 'banners' => array( 2464 '2x' => 'https://ps.w.org/a-fake-plugin/assets/banner-1544x500.png', 2465 '1x' => 'https://ps.w.org/a-fake-plugin/assets/banner-772x250.png', 2466 ), 2467 'banners_rtl' => array(), 2468 'tested' => '5.5.0', 2469 'requires_php' => '5.6.20', 2470 'compatibility' => new stdClass(), 2471 ); 2472 2473 $mock_theme = (object) array( 2474 'theme' => 'a-fake-theme', 2475 'new_version' => '9.9', 2476 'url' => 'https://wordpress.org/themes/a-fake-theme/', 2477 'package' => 'https://downloads.wordpress.org/theme/a-fake-theme.9.9.zip', 2478 'requires' => '5.0.0', 2479 'requires_php' => '5.6.20', 2480 ); 2481 2482 $test_plugins_enabled = wp_is_auto_update_forced_for_item( 'plugin', true, $mock_plugin ); 2483 $test_themes_enabled = wp_is_auto_update_forced_for_item( 'theme', true, $mock_theme ); 2484 2485 $ui_enabled_for_plugins = wp_is_auto_update_enabled_for_type( 'plugin' ); 2486 $ui_enabled_for_themes = wp_is_auto_update_enabled_for_type( 'theme' ); 2487 $plugin_filter_present = has_filter( 'auto_update_plugin' ); 2488 $theme_filter_present = has_filter( 'auto_update_theme' ); 2489 2490 if ( ( ! $test_plugins_enabled && $ui_enabled_for_plugins ) 2491 || ( ! $test_themes_enabled && $ui_enabled_for_themes ) 2492 ) { 2493 return (object) array( 2494 'status' => 'critical', 2495 'message' => __( 'Auto-updates for plugins and/or themes appear to be disabled, but settings are still set to be displayed. This could cause auto-updates to not work as expected.' ), 2496 ); 2497 } 2498 2499 if ( ( ! $test_plugins_enabled && $plugin_filter_present ) 2500 && ( ! $test_themes_enabled && $theme_filter_present ) 2501 ) { 2502 return (object) array( 2503 'status' => 'recommended', 2504 'message' => __( 'Auto-updates for plugins and themes appear to be disabled. This will prevent your site from receiving new versions automatically when available.' ), 2505 ); 2506 } elseif ( ! $test_plugins_enabled && $plugin_filter_present ) { 2507 return (object) array( 2508 'status' => 'recommended', 2509 'message' => __( 'Auto-updates for plugins appear to be disabled. This will prevent your site from receiving new versions automatically when available.' ), 2510 ); 2511 } elseif ( ! $test_themes_enabled && $theme_filter_present ) { 2512 return (object) array( 2513 'status' => 'recommended', 2514 'message' => __( 'Auto-updates for themes appear to be disabled. This will prevent your site from receiving new versions automatically when available.' ), 2515 ); 2516 } 2517 2518 return (object) array( 2519 'status' => 'good', 2520 'message' => __( 'There appear to be no issues with plugin and theme auto-updates.' ), 2521 ); 2522 } 2523 2524 /** 2525 * Run a loopback test on our site. 2526 * 2527 * Loopbacks are what WordPress uses to communicate with itself to start up WP_Cron, scheduled posts, 2528 * make sure plugin or theme edits don't cause site failures and similar. 2529 * 2530 * @since 5.2.0 2531 * 2532 * @return object The test results. 2533 */ 2534 function can_perform_loopback() { 2535 $cookies = wp_unslash( $_COOKIE ); 2536 $timeout = 10; 2537 $headers = array( 2538 'Cache-Control' => 'no-cache', 2539 ); 2540 /** This filter is documented in wp-includes/class-wp-http-streams.php */ 2541 $sslverify = apply_filters( 'https_local_ssl_verify', false ); 2542 2543 // Include Basic auth in loopback requests. 2544 if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) { 2545 $headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) ); 2546 } 2547 2548 $url = site_url(); 2549 2550 $r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) ); 2551 2552 if ( is_wp_error( $r ) ) { 2553 return (object) array( 2554 'status' => 'critical', 2555 'message' => sprintf( 2556 '%s<br>%s', 2557 __( 'The loopback request to your site failed, this means features relying on them are not currently working as expected.' ), 2558 sprintf( 2559 /* translators: 1: The WordPress error message. 2: The WordPress error code. */ 2560 __( 'Error: %1$s (%2$s)' ), 2561 $r->get_error_message(), 2562 $r->get_error_code() 2563 ) 2564 ), 2565 ); 2566 } 2567 2568 if ( 200 !== wp_remote_retrieve_response_code( $r ) ) { 2569 return (object) array( 2570 'status' => 'recommended', 2571 'message' => sprintf( 2572 /* translators: %d: The HTTP response code returned. */ 2573 __( 'The loopback request returned an unexpected http status code, %d, it was not possible to determine if this will prevent features from working as expected.' ), 2574 wp_remote_retrieve_response_code( $r ) 2575 ), 2576 ); 2577 } 2578 2579 return (object) array( 2580 'status' => 'good', 2581 'message' => __( 'The loopback request to your site completed successfully.' ), 2582 ); 2583 } 2584 2585 /** 2586 * Create a weekly cron event, if one does not already exist. 2587 * 2588 * @since 5.4.0 2589 */ 2590 public function maybe_create_scheduled_event() { 2591 if ( ! wp_next_scheduled( 'wp_site_health_scheduled_check' ) && ! wp_installing() ) { 2592 wp_schedule_event( time() + DAY_IN_SECONDS, 'weekly', 'wp_site_health_scheduled_check' ); 2593 } 2594 } 2595 2596 /** 2597 * Run our scheduled event to check and update the latest site health status for the website. 2598 * 2599 * @since 5.4.0 2600 */ 2601 public function wp_cron_scheduled_check() { 2602 // Bootstrap wp-admin, as WP_Cron doesn't do this for us. 2603 require_once trailingslashit( ABSPATH ) . 'wp-admin/includes/admin.php'; 2604 2605 $tests = WP_Site_Health::get_tests(); 2606 2607 $results = array(); 2608 2609 $site_status = array( 2610 'good' => 0, 2611 'recommended' => 0, 2612 'critical' => 0, 2613 ); 2614 2615 // Don't run https test on development environments. 2616 if ( $this->is_development_environment() ) { 2617 unset( $tests['direct']['https_status'] ); 2618 } 2619 2620 foreach ( $tests['direct'] as $test ) { 2621 2622 if ( is_string( $test['test'] ) ) { 2623 $test_function = sprintf( 2624 'get_test_%s', 2625 $test['test'] 2626 ); 2627 2628 if ( method_exists( $this, $test_function ) && is_callable( array( $this, $test_function ) ) ) { 2629 $results[] = $this->perform_test( array( $this, $test_function ) ); 2630 continue; 2631 } 2632 } 2633 2634 if ( is_callable( $test['test'] ) ) { 2635 $results[] = $this->perform_test( $test['test'] ); 2636 } 2637 } 2638 2639 foreach ( $tests['async'] as $test ) { 2640 if ( ! empty( $test['skip_cron'] ) ) { 2641 continue; 2642 } 2643 2644 // Local endpoints may require authentication, so asynchronous tests can pass a direct test runner as well. 2645 if ( ! empty( $test['async_direct_test'] ) && is_callable( $test['async_direct_test'] ) ) { 2646 // This test is callable, do so and continue to the next asynchronous check. 2647 $results[] = $this->perform_test( $test['async_direct_test'] ); 2648 continue; 2649 } 2650 2651 if ( is_string( $test['test'] ) ) { 2652 // Check if this test has a REST API endpoint. 2653 if ( isset( $test['has_rest'] ) && $test['has_rest'] ) { 2654 $result_fetch = wp_remote_get( 2655 $test['test'], 2656 array( 2657 'body' => array( 2658 '_wpnonce' => wp_create_nonce( 'wp_rest' ), 2659 ), 2660 ) 2661 ); 2662 } else { 2663 $result_fetch = wp_remote_post( 2664 admin_url( 'admin-ajax.php' ), 2665 array( 2666 'body' => array( 2667 'action' => $test['test'], 2668 '_wpnonce' => wp_create_nonce( 'health-check-site-status' ), 2669 ), 2670 ) 2671 ); 2672 } 2673 2674 if ( ! is_wp_error( $result_fetch ) && 200 === wp_remote_retrieve_response_code( $result_fetch ) ) { 2675 $result = json_decode( wp_remote_retrieve_body( $result_fetch ), true ); 2676 } else { 2677 $result = false; 2678 } 2679 2680 if ( is_array( $result ) ) { 2681 $results[] = $result; 2682 } else { 2683 $results[] = array( 2684 'status' => 'recommended', 2685 'label' => __( 'A test is unavailable' ), 2686 ); 2687 } 2688 } 2689 } 2690 2691 foreach ( $results as $result ) { 2692 if ( 'critical' === $result['status'] ) { 2693 $site_status['critical']++; 2694 } elseif ( 'recommended' === $result['status'] ) { 2695 $site_status['recommended']++; 2696 } else { 2697 $site_status['good']++; 2698 } 2699 } 2700 2701 set_transient( 'health-check-site-status-result', wp_json_encode( $site_status ) ); 2702 } 2703 2704 /** 2705 * Checks if the current environment type is set to 'development' or 'local'. 2706 * 2707 * @since 5.6.0 2708 * 2709 * @return bool True if it is a development environment, false if not. 2710 */ 2711 public function is_development_environment() { 2712 return in_array( wp_get_environment_type(), array( 'development', 'local' ), true ); 2713 } 2714 2715 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated : Thu Jan 21 08:20:02 2021 | Cross-referenced by PHPXref |