Site Status string audit

[Clorith]

The Site Status does, at this time, 16 different tests to check for common problems, and provides actionable tasks when possible here.

With the new UI/UX design of #227 we've got a prime opportunity to make string changes to better suit users, and ensure the tests are all relevant, or if anything important is missing.

The old format was a table with a "keyword" like label, and then a success or failure message and maybe some bullet points on the right side.

The new UI allows for more user friendly labels, with a read more section for those that want more details, this means we can provide better descriptions of what a test means to the end user, if multiple failures are an option we can provide these a bit more contextually, and most importantly: We can provide actionable items right away.

It should be noted that the proposed new labels change based on the test state, to give a more contextually correct label for the users benefit, this means a fair amount of added and changed strings, but this is an acceptable trade-off to ensure a good user experience.

Some of these are missing descriptions or actions, suggestions on actionable items are more than welcome to ensure a good experience for users without sending them on wild goose chases.

In light of this, following are the current tests, with their potential states of critical (previously failure), recommendation (previously warning), and success states and strings.

WordPress Version

Red badge, labeled Security.

	String
State	Good
Label	Your WordPress version is up to date ([Current version number])
Description	You are currently running the latest version of WordPress available, keep it up!
Action	[None]

	String
State	Recommended
Label	WordPress version [Current version number]
Description	We were unable to check if any new versions of WordPress are available.
Action	Manually check for updates

	String
State	Recommended
Label	WordPress update available ([New version number])
Description	A new version of WordPress is available.
Action	Install the latest version of WordPress

	String
State	Critical
Label	WordPress update available ([New version number])
Description	A new minor update is available for your site. We strongly urge you to update, as minor updates are often security related.
Action	Install the latest version of WordPress

Plugin Versions

Red badge, labeled Security.

Base description (Is always displayed first, before any other description):

Plugins provide your site with extended functionality, like contact forms, recipes, e-commerce and much more. Because plugins have access to your site it is recommended to always keep them up to date.

	String
State	Good
Label	Your plugins are up to date
Description	Your site has %d active plugin, and it is up to date. Your site has %d active plugins, and they are all up to date.
Action	[None]

	String
State	Critical
Label	You have plugins waiting to be updated
Description	Your site has %d plugin waiting to be updated. Your site has %d plugins waiting to be updated.
Action

	String
State	Recommended
Label	Inactive plugins should be removed
Description	Your site has %d inactive plugin, it is recommended to remove any unused plugins to enhance your site security. Your site has %d inactive plugins, it is recommended to remove any unused plugins to enhance your site security.
Action

Theme Versions

Red badge, labeled Security.

Base description (Is always displayed first, before any other description):

Themes are what create the visual element to your website, this is why it is important to keep them up to date at all times.

	String
State	Good
Label	Your themes are up to date
Description	Your site has %d installed theme, and it is up to date. Your site has %d installed themes, and they are all up to date.
Action

	String
State	Critical
Label	You have themes waiting to be updated
Description	Your site has %d theme waiting to be updated. Your site has %d themes waiting to be updated.
Action

	String
State	Recommended
Label	You should remove inactive themes
Description	Your site has %1$d inactive theme. To enhance your sites security it is recommended to remove any unused themes. You should keep %2$s, the default WordPress theme, %3$s, your current theme and %4$s, the parent theme. Your site has %1$d inactive themes. To enhance your sites security it is recommended to remove any unused themes. You should keep %2$s, the default WordPress theme, %3$s, your current theme and %4$s, the parent theme.
Action

	String
State	Recommended
Label	You should remove inactive themes
Description	Your site has %1$d inactive theme, other than %2$s, the default WordPress theme, and %3$s, your active theme. It is recommended to remove any unused themes to enhance your sites security. Your site has %1$d inactive themes, other than %2$s, the default WordPress theme, and %3$s, your active theme. It is recommended to remove any unused themes to enhance your sites security.
Action

	String
State	Recommended
Label	Have a default theme available
Description	Your site does not have a default theme, default themes are used by WordPress automatically if anything is wrong with your normal theme.
Action

PHP Version

Red badge, labeled Security.

Base description (Is always displayed first, before any other description):

PHP is what powers your website, it is software that runs on the server and generates the pages you see.

	String
State	Good
Label	PHP is up to date ([PHP version])
Description	[None]
Action

	String
State	Critical
Label	Your PHP version requires an update
Description	Your version of PHP, %1$s, is very outdated and no longer receiving security updates and is not supported by WordPress. You should contact your host for an upgrade, WordPress recommends using PHP version %2$s, but will work with version %3$s or newer.
Action	Learn more about why you should update PHP

	String
State	Recommended
Label	Your PHP version should be updated
Description	Your version of PHP, %1$s, is very outdated and no longer receiving security updates. You should contact your host for an upgrade, WordPress recommends using PHP version %2$s.
Action	Learn more about why you should update PHP

	String
State	Recommended
Label	We recommend that you update PHP
Description	For best performance we recommend using PHP %s or higher.
Action	Learn more about why you should update PHP

Database Server version

Red badge, labeled Security.

Base description (Is always displayed first, before any other description):

The SQL server is the database where WordPress stores all your sites content.

	String
State	Good
Label	SQL server is up to date
Description	[None]
Action

	String
State	Recommended
Label	Outdated SQL server
Description	For performance and security reasons, we strongly recommend running %1$s version %2$s or higher.
Action

	String
State	Critical
Label	Severely outdated SQL server
Description	WordPress requires %1$s version %2$s or higher.
Action

Special consideration
It's possible to use a dropin file here, which will add the following to the description field:

You are using a <code>wp-content/db.php</code> drop-in which might mean that a %s database is not being used.

PHP Extensions

Orange badge, labeled Performance.

Base description (Is always displayed first, before any other description):

PHP modules are what performs most of the tasks on the server that are required for your site to function ideally.

The recommended and required modules are based off the list maintained by the Hosting Team at https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions

Because of this, the severity of a module missing may be either Critical or Recommended depending on the module. If a module is required, the severity is set to Critical, if not it is set as Recommended, and the description field includes a required or recommended indicator for each module that is missing for completeness.

	String
State	Good
Label	Required and recommended modules are installed
Description	[None]
Action

	String
State	Critical
Label	One or more required modules are missing
Description	The required module, [Module], is not installed, or has been disabled.
Action

	String
State	Recommended
Label	One or more recommended modules are missing
Description	The optional module, [Module], is not installed, or has been disabled.
Action

MySQL utf8mb4 support

Orange badge, labeled Performance.

Base description (Is always displayed first, before any other description):

UTF8MB4 is a database storage attribute that makes sure your site can store non-English writing and similar as expected.

	String
State	Good
Label	UTF8MB4 is supported
Description	Your [MySQL
Action

	String
State	Recommended
Label	UTF8MB4 requires an SQL update
Description	WordPress' utf8mb4 support requires [MySQL
Action

	String
State	Recommended
Label	UTF8MB4 requires a newer client library
Description	WordPress' utf8mb4 support requires MySQL client library (%1$s) version %2$s or newer.
Action

HTTPS status

Red badge, labeled Security.

	String
State	Good
Label	Your website is using an active HTTPS connection.
Description
Action

	String
State	Recommended
Label	Only parts of your site are using HTTPS
Description	You are accessing this website using HTTPS, but your WordPress Address is not set up to use HTTPS by default.
Action	Update your site addresses

	String
State	Recommended
Label	Your site does not use HTTPS
Description	An HTTPS connection is needed for many features on the web today, it also gains the trust of your visitors by helping to protecting their online privacy.
Action	Read more about why you should use HTTPS

Secure communication

Red badge, labeled Security.

	String
State	Good
Label	Your site can communicate securely with other services.
Description
Action

	String
State	Critical
Label	Your site is unable to communicate securely with other services.
Description	Talk to your web host about OpenSSL support for PHP
Action

Scheduled events

Orange badge, labeled Performance.

Base description (Is always displayed first, before any other description):

Scheduled events are what periodically looks for updates to plugins, themes and WordPress it self. It is also what makes sure scheduled posts are published on time.

	String
State	Good
Label	Scheduled events are running
Description
Action

	String
State	Critical
Label	It was not possible to check your scheduled events
Description	While trying to test your sites scheduled events, the following error was returned: %s
Action

	String
State	Recommended
Label	A scheduled event has failed
Description	The scheduled event, %s, failed to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.
Action

Plugin and Theme Updates

Red badge, labeled Security.

Base description (Is always displayed first, before any other description):

Plugin and theme updates may some times be affected by features using WordPress update system, which we test for here.

	String
State	Good
Label	Plugin and theme updates are working
Description	[None]
Action

	String
State	Recommended
Label	Some plugin or theme updates may not work as expected
Description	[None]
Action

	String
State	Critical
Label	Plugin or theme updates are not working
Description	[List of what appears to be blocking updates]
Action

HTTP Requests

Orange badge, labeled Performance.

Base description (Is always displayed first, before any other description):

It is possible for site maintainers to block all, or some, communication to other sites and services. If set up incorrectly this may prevent plugins and themes from working as intended.

	String
State	Good
Label	HTTP requests should be working as expected
Description	[None]
Action

	String
State	Critical
Label	HTTP requests are blocked
Description	HTTP requests have been blocked by the WP_HTTP_BLOCK_EXTERNAL constant, with no allowed hosts.
Action

	String
State	Recommended
Label	HTTP requests are partially blocked
Description	HTTP requests have been blocked by the WP_HTTP_BLOCK_EXTERNAL constant, with some hosts whitelisted: %s.
Action

Communication with WordPress.org

Red badge, labeled Security.

Base description (Is always displayed first, before any other description):

Communicating with the WordPress servers is used to check for new versions, and both installing and updating themes or plugins.

	String
State	Good
Label	Can communicate with WordPress.org
Description
Action

	String
State	Critical
Label	Could not reach WordPress.org
Description	Your site is unable to reach WordPress.org at %1$s, and returned the error: %2$s
Action

Background updates

Red badge, labeled Security.

Base description (Is always displayed first, before any other description):

Background updates ensure that WordPress can auto-update if a security update is released for the version you are currently using.

	String
State	Good
Label	Background updates are working
Description	[None]
Action

	String
State	Recommended
Label	Background updates may not be working properly
Description	[List of detected issues]
Action

	String
State	Critical
Label	Background updates are not working as expected
Description	[List of detected failures]
Action

Loopback request

Orange badge, labeled Performance.

Base description (Is always displayed first, before any other description):

Loopback requests are used to run scheduled events, alongside the theme and plugin editors built into WordPress.

	String
State	Good
Label	Your site can perform loopback requests
Description	[None]
Action

	String
State	Recommended
Label	Your site could not complete a loopback request
Description	The loopback request returned an unexpected status code, %d, it was not possible to determine if this will prevent features from working as expected.
Action

	String
State	Critical
Label	Your site could not complete a loopback request
Description	The loopback request to your site failed, this means features relying on them are not currently working as expected. Error encountered: ([HTTP status code]) [Error message]
Action	Test without plugins

REST API availability

Orange badge, labeled Performance.

Base description (Is always displayed first, before any other description):

The REST API is how WordPress, and other applications, communicate with the server. One example is the editing screen, which relies on this to display, and save, your posts and pages.

	String
State	Good
Label	The REST API is available
Description	[None]
Action

	String
State	Critical
Label	The REST API encountered an error
Description	The REST API request failed due to an error. Error encountered: ([HTTP status code]) [Error message]
Action

	String
State	Recommended
Label	The REST API encountered an unexpected result
Description	The REST API call gave the following unexpected result: ([HTTP status code]) [Error message]
Action

	String
State	Recommended
Label	The REST API did not behave correctly
Description	The REST API did not process the 'context' query parameter correctly.
Action

[joyously]

There will soon be an interaction between the WP version and the PHP version, as there already is some between plugin version and PHP version. Does Health Check take that into account? It doesn't seem to be reflected in these strings.

[Clorith]

I'm not sure I understand the question? There's a PHP version check which includes both recommended and minimum PHP versions for WordPress.

[joyously]

What I mean is that older versions of WP will have one range of PHP versions that will work, and newer versions will have another range. The message about which WP version should be installed could be influenced by the PHP version that is installed, and vice versa.
Like if they have PHP 5.5, you can't just say "You should install WP 5.2", because the PHP isn't high enough. Seems like they will need to refer to each other (PHP and WP version).
Same with plugins.

[Clorith]

That's an added complexity that will confuse users, officially we only support the most recent major release, and that's what we'll focus on in core, and the plugin will give recommendations based on this even though it'll work for older versions of WordPress.

[joyously]

Yes, so the string for WP version might be "A new version of WordPress is available. You will need to update PHP first."

[tobifjellner]

Things that may need to be added:

• removal of unused plugins
• impossible to check for updates of plugins/themes that aren't available on WordPress.org repo (either obtained from other sources or that have been removed from the repo since they were installed.

[tobifjellner]

I'm walking through the suggested strings and making comments over at
https://docs.google.com/document/d/1qpn0aoP5CPZ-DrnBWxrc9_buAhut5r_Uu2VkhOoKaC0/edit?usp=sharing

[tobifjellner]

Do we need to add any string for:
"Your web browser seems to be blocking execution of JavaScript. Due to this, various functions of your website might not work in your current browser, including some of the tests that are performed by the Health Check functionality."

[Clorith]

Fixed in #312

[stan0ne]

Thank u so much, I want to share the solution of this error (Nginx Users):

> Label The REST API did not behave correctly
> Description The REST API did not process the 'context' query parameter correctly.

solution:
Add the following code to the nginx configuration file of your website:

location ~ ^/wp-json/ {
   rewrite ^/wp-json/(.*?)$ /?rest_route=/$1 last;
}

[budiantoip]

@stan0ne , thank you, you just saved my day 👍🏻

[Nitish27]

Another way is to edit the "wp-includes/rest-api.php' on line 327.

method name "rest_get_url_prefix()"

remove or comment this line
// return apply_filters( 'rest_url_prefix', 'wp-json' );
with
return apply_filters( 'rest_url_prefix', '?rest_route=' );

[kavishgr]

Thank u so much, I want to share the solution of this error (Nginx Users):

> Label The REST API did not behave correctly
> Description The REST API did not process the 'context' query parameter correctly.

solution:
Add the following code to the nginx configuration file of your website:

location ~ ^/wp-json/ {
   rewrite ^/wp-json/(.*?)$ /?rest_route=/$1 last;
}

For apache ? thanks.