Commit Graph

26 Commits

Author SHA1 Message Date
Felix Arntz
dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00
Sergey Biryukov
5683c46277 Site Health: Validate the test result data format in JS before using it.
This will discard any invalid responses instead of causing fatal errors.

It also makes badges optional, on the same basis as actions are optional. They are expected, but there may be situations where they are not present.

Props Clorith, dogwithblog, kraftbj, whyisjake, SergeyBiryukov.
Fixes #50145.
Built from https://develop.svn.wordpress.org/trunk@49537


git-svn-id: http://core.svn.wordpress.org/trunk@49275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-08 09:52:10 +00:00
Sergey Biryukov
c83710ccee Site Health: Remove paragraph tag from the actions container in issue template.
Most of the tests pass content that is already wrapped in a paragraph or list tags, thus producing nested paragraphs or invalid markup.

Additionally, don't output an empty `<div>` tag if the test does not provide any actions.

Props maxpertici, afercia.
Fixes #48948.
Built from https://develop.svn.wordpress.org/trunk@47529


git-svn-id: http://core.svn.wordpress.org/trunk@47304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-03-30 01:25:11 +00:00
Sergey Biryukov
47ed56f38f Code Modernization: Replace dirname( __FILE__ ) calls with __DIR__ magic constant.
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.

This commit also includes:

* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
 * `wp-admin/admin-header.php`
 * `wp-admin/admin-footer.php`
 * `wp-includes/version.php`

Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes #48082.
Built from https://develop.svn.wordpress.org/trunk@47198


git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-06 06:33:11 +00:00
Sergey Biryukov
0aff1cf6bd Site Health: Rename WP_Site_Health::initialize() introduced in [47063] to ::get_instance(), for clarity and consistency with other core classes.
Use `WP_Site_Health::get_instance()` where it's needed, instead of creating multiple instances of the class.

Props afercia, xkon, Clorith, SergeyBiryukov.
See #47606.
Built from https://develop.svn.wordpress.org/trunk@47149


git-svn-id: http://core.svn.wordpress.org/trunk@46949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-01 00:39:09 +00:00
desrosj
38254bdc6f Site Health: Use sentence casing consistently in header tags.
Props SergeyBiryukov, ajayghaghretiya1, ronakganatra, mukesh27, Clorith.
Fixes #47298.
Built from https://develop.svn.wordpress.org/trunk@46199


git-svn-id: http://core.svn.wordpress.org/trunk@46011 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-20 17:26:57 +00:00
Sergey Biryukov
42079f34a9 Site Health: Modify the grading indicator to remove percentage score in favor of a "Good" or "Should be improved" status.
This removes arbitrary confusion about what the numbers mean.

Props Clorith, hedgefield, Cybr, arena, DavidAnderson, earnjam, daveshine, Otto42, azaozz, asadkn, KARTHOST, tigertech, maximejobin, johnbillion, raboodesign, ramiy, afragen.
Fixes #47046.
Built from https://develop.svn.wordpress.org/trunk@46106


git-svn-id: http://core.svn.wordpress.org/trunk@45918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-14 14:29:56 +00:00
Sergey Biryukov
e199663322 I18N: Capitalize translator comments consistently, add trailing punctuation.
Includes minor code layout fixes.

See #44360.
Built from https://develop.svn.wordpress.org/trunk@45932


git-svn-id: http://core.svn.wordpress.org/trunk@45743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-03 00:41:05 +00:00
Peter Wilson
a5e57d7245 Site health: Introduce view_site_health_checks capability.
Introduces the faux primitive capability `view_site_health_checks` available to single site admins and multisite super-admin to view the site health page within the admin.

The capability is mapped to the `install_plugins` capability without being dependent on the file system being writable. This fixes a bug where the feature couldn't be used by sites unable to write to the file system or managed through version control.

The capability is granted on the `user_has_cap` filter.

Props birgire, Clorith, palmiak, peterwilsoncc, spacedmonkey.
Fixes #46957.


Built from https://develop.svn.wordpress.org/trunk@45507


git-svn-id: http://core.svn.wordpress.org/trunk@45318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-10 07:42:52 +00:00
Sergey Biryukov
32d761ce7d I18N: Merge duplicate "Status" and "Info" strings on Site Health screens.
Props ramiy.
Fixes #47227.
Built from https://develop.svn.wordpress.org/trunk@45488


git-svn-id: http://core.svn.wordpress.org/trunk@45299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-01 22:10:52 +00:00
Andrea Fercia
10239ba45d Administration: Add a chevron icon to the Site Health "Passed tests" button.
The chevron icon helps clarify what the button does.

Props garrett-eclipse, Clorith, xkon, melchoyce.
Fixes #46730.

Built from https://develop.svn.wordpress.org/trunk@45201


git-svn-id: http://core.svn.wordpress.org/trunk@45010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-15 18:01:53 +00:00
Andrea Fercia
5b530e903d Site Health: Add missing translator comments.
Amends [45178].
See #46683.

Built from https://develop.svn.wordpress.org/trunk@45199


git-svn-id: http://core.svn.wordpress.org/trunk@45008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-15 14:39:55 +00:00
Andrea Fercia
b0ef0ae305 Site health: Improve jQuery selectors so that they don't depend on a specific markup.
Amends [45178].
See #46683.

Built from https://develop.svn.wordpress.org/trunk@45198


git-svn-id: http://core.svn.wordpress.org/trunk@45007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-14 14:30:51 +00:00
Sergey Biryukov
7e4b4e1089 Site Health: Use _n() for %s Items with no issues detected string, missed in [45178].
See #46683.
Built from https://develop.svn.wordpress.org/trunk@45179


git-svn-id: http://core.svn.wordpress.org/trunk@44988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-12 20:40:51 +00:00
Sergey Biryukov
1ae11820fc Site Health: i18n audit, take 2.
* Use `wp.i18n` to translate JavaScript strings.
* Use `_n()` for proper plural forms support.

Props TimothyBlynJacobs, ocean90, afercia.
Fixes #46683.
Built from https://develop.svn.wordpress.org/trunk@45178


git-svn-id: http://core.svn.wordpress.org/trunk@44987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-12 20:34:51 +00:00
Sergey Biryukov
f7357d3957 Site Health: i18n audit, take 1.
* Split plural strings with multiple sentences to avoid duplicating translations.
* Decouple strings where the singular and plural form are not just the same string with different numbers, but essentially two different strings.
* Use an established pattern for numbered placeholders in translator comments.
* Replace constants in translatable strings with placeholders, mark them as code.
* Make sure sentences are translated as a whole, not as separate string parts.
* Remove unnecessary context and escaping.

Props ocean90, SergeyBiryukov.
See #46683.
Built from https://develop.svn.wordpress.org/trunk@45099


git-svn-id: http://core.svn.wordpress.org/trunk@44908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-02 21:32:53 +00:00
Andrea Fercia
83546a04f5 Administration: Site Health: reserve some space for the admin notices.
Props xkon, Clorith, hedgefield, mapk, karmatosed, afercia.
Fixes #46651.

Built from https://develop.svn.wordpress.org/trunk@45091


git-svn-id: http://core.svn.wordpress.org/trunk@44900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-01 18:01:52 +00:00
Andrea Fercia
d8b8994336 Accessibility: Improve the Site Health accordions.
- removes the definition list and uses the markup from the ARIA Authoring Practices example
- removes incorrect ARIA roles
- avoids ARIA landmark regions proliferation

Props mukesh27 for the initial patch.
Fixes #46714.

Built from https://develop.svn.wordpress.org/trunk@45087


git-svn-id: http://core.svn.wordpress.org/trunk@44896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-04-01 15:08:58 +00:00
Andrea Fercia
61628dbd8b Administration: Display a notice in the Site Health pages when JavaScript is off.
- displays an error notice when JavaScript is off, consistently with other admin screens that depend on JavaScript
- keeps the main `h1` visible

Minor clean-ups:
- makes code indentation consistent in `site-health.php` and `site-health-info.php`
- removes a couple of `<div class="wp-clearfix"></div>` as that's not the intended usage of `wp-clearfix` (those divs didn't do anything anyways)

Fixes #46717.

Built from https://develop.svn.wordpress.org/trunk@45076


git-svn-id: http://core.svn.wordpress.org/trunk@44885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-30 15:38:51 +00:00
Andrea Fercia
2a99454732 Coding Standards: Clean up the Site Health stylesheet.
- reduces selectors specificity to avoid over-qualified selectors
- removes unused rulesets / properties
- renames some CSS classes

Fixes #46685.

Built from https://develop.svn.wordpress.org/trunk@45071


git-svn-id: http://core.svn.wordpress.org/trunk@44880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-29 18:44:51 +00:00
Andrea Fercia
d56f81fe45 Accessibility: Make sure the Site Health pages have a unique document title.
The document `<title>` gives a name to a web document. In the context of the WordPress admin, a unique, meaningful, title is important for various reasons:
- it allows browser's history to store meaningful entries 
- when multiple browser's tabs are open, it allows users to better identify the tab content 
- it's the first thing screen readers announce when navigating to a web page, thus helping users to identify the nature of the page content

Props chetan200891, mukesh27.
Fixes #46699.

Built from https://develop.svn.wordpress.org/trunk@45070


git-svn-id: http://core.svn.wordpress.org/trunk@44879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-29 18:27:51 +00:00
Sergey Biryukov
e2115d62b6 Site Health: Use a consistent wording and response code for capability checks.
Props mukesh27 for initial patch.
Fixes #46691.
Built from https://develop.svn.wordpress.org/trunk@45050


git-svn-id: http://core.svn.wordpress.org/trunk@44859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-28 15:11:51 +00:00
Sergey Biryukov
d69165bd3b Site Health: Correct wp_version_check() existence verification by performing a request to the Site Health page instead of Dashboard.
Props Clorith, audrasjb.
Fixes #46616.
Built from https://develop.svn.wordpress.org/trunk@45049


git-svn-id: http://core.svn.wordpress.org/trunk@44858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-28 14:31:51 +00:00
Andrea Fercia
9b15549b1c Accessibility: Simplify the Site Health score indicator.
The Site Health score indicator isn't exactly a "progress bar" and shouldn't use ARIA roles and properties related to progress bars. Also, some browser / screen reader combinations don't announce the score properly.
- removes any ARIA
- adds a screen-reader-text "Current health score:"
- adds `role="img" aria-hidden="true" focusable="false"` to the SVG
- reduces CSS specificity simplifying unnecessary overqualified selectors
- fixes the syntax for ::after and ::before (double colon)

Fixes #46621.

Built from https://develop.svn.wordpress.org/trunk@45041


git-svn-id: http://core.svn.wordpress.org/trunk@44850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-27 20:39:51 +00:00
Sergey Biryukov
6be19e0dab Site Health: Update "Passed tests" button label to match both expanded and collapsed state.
Add `aria-controls` to declare what ID is being toggled.

Props Clorith, afercia.
Fixes #46663. See #46573.
Built from https://develop.svn.wordpress.org/trunk@45026


git-svn-id: http://core.svn.wordpress.org/trunk@44835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-27 02:57:51 +00:00
Gary Pendergast
0a9d61ab63 Admin: Introduce the Site Health screens.
The Site Health tool serves two purposes:
- Provide site owners with information to improve the performance, reliability, and security of their site.
- Collect comprehensive debug information about the site.

By encouraging site owners to maintain their site and adhere to modern best practices, we ultimately improve the software hygeine of both the WordPress ecosystem, and the open internet as a whole.

Props Clorith, hedgefield, melchoyce, xkon, karmatosed, jordesign, earnjam, ianbelanger, wpscholar, desrosj, pedromendonca, peterbooker, jcastaneda, garyj, soean, pento, timothyblynjacobs, zodiac1978, dgroddick, garrett-eclipse, netweb, tobifjellner, pixolin, afercia, joedolson, birgire.
See #46573.

Built from https://develop.svn.wordpress.org/trunk@44986


git-svn-id: http://core.svn.wordpress.org/trunk@44817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-23 03:55:53 +00:00