This is a verbose set of notes to record the discussions that took place at WCUS and to reflect the work that has been done across multiple teams.
The Site Health Check project is a collaborative multi-team project with a focus on encouraging better site maintenance.
This project benefits not just WordPress users, but also the surrounding PHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher ecosystem as a whole. Our hope is that this will prompt a lot of PHP updates across the web.
It started as a project to focus efforts on getting users to update their hosting version of PHP from 5.2 to something where the End of Life has not already passed.
The project was initially called ServeHappy, homage to the BrowseHappy project which was a global tech effort to move away from Internet Explorer 6. The problem with the project name was that, when tested with users who did not know about the ins and outs of the project, the name was confusing and was not clear what the project’s intentions were.
The project is now known as the Site Health Check project. It encourages and hints to users that if they run a website, they should have a routine of checking and updating not just WordPress but underlying technologies that the site is built on. It also builds positive website ownership and habits.
The project is split into what can be considered 3 parts – changes to WordPress core Core is the set of software required to run WordPress. The Core Development Team builds WordPress. itself, a site health check plugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and the site health check community support.
Upcoming changes to WordPress Core
The core-centric side of the project still reflects the Servehappy origins. This includes:
- An information page on WordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ explaining the importance of updating PHP. The team has been working on improving the language used to benefit non-technical people and have clear instructions of what to do if they find out their site is running an old version of PHP.
- A dashboard notice that will inform users if their site is running on a PHP version that WordPress considers outdated and plans to drop support for in a future update.
- The version shown in the dashboard is API An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.-driven which means that WordPress leadership has a centralized “knob” to tune the PHP version distribution.
- The dashboard includes a link to wordpress.org/support/update-php which has generic information on what the notice means and how to update PHP on their servers.
- There will be an environment variable or a filter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. which allows hosting companies to modify the link to the “Update PHP” page on their servers so that it goes to something more relevant for their customers.
- There are some concerns of security problems and abuse over the link redirection.
- The team has been working on a feature to add white screen protection, which the hosting group felt was helpful and cool. The white screen protection catches any fatal errors that a PHP update might produce. From the front facing side of the website, the site will still be white screened, but with the protection in place, the user can still access the admin (and super admin) panel.
- There was a discussion whether it would be better for the site to be slightly broken rather than completely broken, but the general consensus was that it is better to white screen because from the Core Team perspective, they cannot be sure of what the PHP error causes, and thus can’t be sure that all the information being shown is meant to be public.
It is better to white screen the whole website but ensure that access to the admin panel is still accessible. Once logged in, there will be a general notification regarding the WSOD.
PHP minimum required headers
For a while, WordPress plugins have been able to set a minimum PHP required comment as part of the plugin header The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes.. To date it has not done anything but set the intention that the plugin author is able to declare what PHP minimum version they are willing to support.
Work is being done so that the Add New Plugin admin screen will show all plugins a user searches for, but will not be able to install any plugins that require a newer version of PHP without updating that first. Another task being worked on is blocking plugin updates if the newer version requires a higher version of PHP, same as it currently works if the update requires a higher version of WordPress.
This gives plugin authors better control of what PHP versions they are willing to support, and will hopefully encourage people to upgrade their version of PHP at the same time.
This change will allow plugin authors the choice to use more modern PHP functionality and syntax without worrying their plugin will break for the end user.
For themes, the
Requires PHP header is not implemented yet, as they didn’t have the same
readme.txt file up until recently: https://make.wordpress.org/themes/2018/10/25/october-23rd-theme-review-team-meeting-summary/
Now that new themes do have that requirement, there is an expectation that the header will be implemented as well in the foreseeable future. Here’s a ticket Created for both bug reports and feature development on the bug tracker. for that: #meta-3718
Relevant Trac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. Tickets
- #43986 Disable “Install Plugin” button for PHP required version mismatch. This has already been committed to core.
- #43987 Block Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. plugin updates if required PHP version is not supported – Plugins screen
- #44350 Block plugin updates if required PHP version is not supported – Updates screen
The latter two trac tickets are currently slated for 5.1 as well, planned for February 21: https://make.wordpress.org/core/5-1/
The feature merge deadline is January 10 though, so it needs to be discussed at the next #core-php meeting whether making it into 5.1 is still feasible.
A prerequisite for these changes is the WSOD protection that needs to be completed and committed by the deadline: #44458
The group has weekly meetings on Mondays 16:00 UTC on in the #core-php channel of WordPress Slack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..
GitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/: https://github.com/WordPress/servehappy
Site Health Check Plugin
The site health check plugin is a way for users to be able to see technical details of their website setup without going into the server side of things. It is useful to conducting top level investigation work without accessing the server directly.
The beta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. version of the plugin takes the best practices from the Hosting Team’s documentation and checks the server against that. This includes: WordPress version number, plugins and themes are up to date, PHP version number, if HTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information. is active across the whole site as well as a number of other things.
When Health Check gives notifications about upgrading things, it hands users off to plain English documentation to walk them through the process. For example: https://wordpress.org/support/update-php/. Notifications for plugins and themes being up to date are based on the version inside the plugin and theme repo. If a theme or plugin is not present in the repo, it will assume it is up to date and will not give an error.
Eventually, a lot of the Site Health Check plugin will be in core.
The Site Health Check Plugin uses a traffic light system to flag up the importance of a suggested change. The definition of critical vs non-critical update notifications is from a security perspective. If it is a security issue A security issue is a type of bug that can affect the security of WordPress installations. Specifically, it is a report of a bug that you have found in the WordPress core code, and that you have determined can be used to gain some level of access to a site running WordPress that you should not have., it’s critical.
Early user testing with the community has shown that the plugin suffers from a lack of designer eye. During WCUS, we have had a designer volunteer to review the interface and give feedback.
This should help with the usability of the plugin and balance it between positive reinforcement of things that are set up as guided by best practices whilst not over-burdening people with extra technical information.
There is some useful documentation on how to use the Site Health Check Plugin: https://make.wordpress.org/support/handbook/appendix/troubleshooting-using-the-health-check/
– Github: https://github.com/wordpress/health-check
– WP.org : https://wordpress.org/plugins/health-check
Site Health Check Desks & Community Support
In-person support is invaluable. When a user is unsure of what to do, they can find in-person support at their local meetup All local/regional gatherings that are officially a part of the WordPress world but are not WordCamps are organized through https://www.meetup.com/. A meetup is typically a chance for local WordPress users to get together and share new ideas and seek help from one another. Searching for ‘WordPress’ on meetup.com will help you find options in your area. and WordCamps. To omit any surprises, we can encourage our community to pre-warn and prepare as many people as possible.
The idea of Site Health Check desks has been tested in 3 different WordCamps and 1 meet-up with improvements and suggestions being fed back to the plugin and fliers.
Site Health Checks is an extension of the Happiness Bar, and by asking the simple question “Do you know what version of PHP your website is running?”, people either:
- Know & it is up to date – get a high-five. Say Awesome and keep up the good work. Pre-warn the next EOL of PHP Dates.
- Know & it is out of date – highlight the EOL date has already passed and recommend they update their PHP version.
- If they don’t know, Check if they know how to check. If they do, suggest that they check and that they want it to be 7.2 or higher. 7.1 EOL is in a year.
- If they don’t know and don’t know how to check, invite them to sit down and the volunteers can help them check using the Site Health Check plugin. DO NOT scrape the site. They can end up being blocked off the servers.
Postcards were created with 5 core things to check. As well as printable table toppers. They are used as fliers for people to know where to download the site health check.
Meetup organisers have also shown an interest in running the site health check and promoting it at their meet-ups.
This is where much of the user testing of both the “Update PHP” information page and the Site Health Check plugin is happening.
Plugins and Themes Plans
Plugins and Themes served from WordPress.org can be automatically checked and updated to be compatible with 7.X. This is because there is access to the SVN Subversion, the popular version control system (VCS) by the Apache project, used by WordPress to manage changes to its codebase. where these plugins are being pushed from.
Ideally, plugin authors who have a plugin in the plugin repo will update their plugins to be compatible with PHP 7.X. There are already plugins such as the PHP Compatibility Checker which people can use to check how compatible their websites are with a version of PHP.
How are premium plugins and themes going to be handled?
The plugin team at WordPress.org can contact authors, but ultimately it is up to the plugin author to action the suggestions that are made from the WordPress.org team.
If there is no answer, or the author does not wish to fix errors, then this is a dead end.
WordPress 5.1 -> ServeHappy notice + White Screen of Death protector
WordPress 5.2 -> Site Health Check plugin
Where hosting companies come into play
We would like hosting companies to go aggressively, pushing their communities forward before WordPress does.
We know that, as a hosting company, many of you will see the same issues come up during a PHP update. It would be useful to the rest of the group if any information of any PHP errors that are being seen repeatedly and information about which plugin or theme is causing it. It will allow the rest of the team to prioritise which plugins and themes need attention to be fixed across the whole community.
It will also help the support team if any solutions are found to be shared, so that they know what to be suggesting in the forums. We may be able to add notices before a PHP update into the health check which highlights problematic plugins.
Hosts with PHP lower than 5.6 may see some initial notifications before that date.
Hosting company teams are most likely to know other people working in the hosting sector. Above all else – get the word out. Big hosts are represented well here, but as a community we are aware and worried about the smaller, independent hosters. Talk to your hosting friends. Let them know this is coming. Invite the small hosting companies to join the Hosting Team on WordPress.org for up to date information of what is upcoming and will be effecting hosters.
The more we can update in batches the less burden there is across the whole industry.
Where plugin and theme authors come into play
If plugin and theme authors ensure that their plugins have a PHP minimum version set in their required header, then their plugins and themes will be ready once the PHP requirement is being enforced.
Plugin and theme authors should also ensure that their plugins are compatible with PHP 7.X. Tools such as PHP Code Sniffer PHP Code Sniffer, a popular tool for analyzing code quality. The WordPress Coding Standards rely on PHPCS. (PHPCS PHP Code Sniffer, a popular tool for analyzing code quality. The WordPress Coding Standards rely on PHPCS.) or the PHP Compatibility Checker as mentioned above should help.
Actions from the meeting
– Ensure there is communication with the hosting team regarding release date plans.
– #core-php should be cross posting ServeHappy notes to the Hosting P2 A free theme for WordPress, known for front-end posting, used by WordPress for development updates and project management. See our main development blog and other workgroup blogs. as well.
– WordPress.hosting has been taken, unsure by who. It would be handy to have WordPress.hosting symlink to Hosting Team P2 to help getting other hosting companies to join the Hosting Team
– Recommend that Hosting Team check and sync up the Best Practices documentation.
– Can someone from the hosting team please review and ensure that Health Check plugin is checking against everything that exists in the “Hosting Best Practices” doc.
– Recommended to Health Check plugin to check out Lighthouse plugin UI User interface.
– Write up more in-depth info for meetup and WordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. organisers, have postcard and table toppers online so they can be shared and translated easily.
The effort to raise the minimum PHP version requirement of WordPress is a big cross- team effort. Big thanks to
- @brettface for the notes.
- #core-php, #plugins, #themes and #meta team for their hard work
- the #hosting team for their input and support
- @alexdenning from #marketing team for the content review
- @clorith from #forums for the health-check plugin development
- WordCamp London 2018, WCEU 2018 and WordCamp Brighton 2018 organisers for allowing us to test the Health Check help desk concept
- And to the #polyglots team who will be asked in the near future to translate our work for the whole community.
#recap, #servehappy, #wcus