search

alleyinteractive / wp-alleyvate

Defaults for WordPress sites by Alley.
GNU General Public License v2.0
16 stars 2 forks source link

Prevent WP from loading if alloptions is unretrievable/empty #90

Closed mslinnea closed 2 months ago

mslinnea commented 2 months ago

Description

VIP said they were discussing making this the default, but it has not happened. This should be a best practice, as without the alloptions present, behavior is unpredictable, which is a security and stability concern.

This is only an issue under heavy load.

/**
 * This constant will prevent WP from continuing on if alloptions is
 * unretrievable/empty.
 *
 * When the database is stressed, it's possible to return an empty/invalid
 * option value.
 *
 * This constant will return 503s when empty/invalid alloptions are returned.
 *
 * @see https://github.com/Automattic/vip-go-mu-plugins-built/blob/63575866c0cb1ee54a44c6670cecb1f40d6b7262/001-core/options-api.php#L55
 * @see https://support.wpvip.com/hc/en-us/requests/179765
 */
defined( '_VIP_DIE_ON_ALLOPTIONS_FAILURE' ) || define( '_VIP_DIE_ON_ALLOPTIONS_FAILURE', true ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound

Use Case

If site gets attacked, database may not return a proper value. See support ticket https://support.wpvip.com/hc/en-us/requests/179765

mslinnea commented 2 months ago

Actually, this filter needs to be added very early and probably can not be added via this plugin.