[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-admin/includes/ -> class-wp-site-health.php (source)

   1  <?php
   2  /**
   3   * Class for looking up a site's health based on a user's WordPress environment.
   4   *
   5   * @package WordPress
   6   * @subpackage Site_Health
   7   * @since 5.2.0
   8   */
   9  
  10  class WP_Site_Health {
  11      private static $instance = null;
  12  
  13      private $mysql_min_version_check;
  14      private $mysql_rec_version_check;
  15  
  16      public $is_mariadb                           = false;
  17      private $mysql_server_version                = '';
  18      private $health_check_mysql_required_version = '5.5';
  19      private $health_check_mysql_rec_version      = '';
  20  
  21      public $php_memory_limit;
  22  
  23      public $schedules;
  24      public $crons;
  25      public $last_missed_cron     = null;
  26      public $last_late_cron       = null;
  27      private $timeout_missed_cron = null;
  28      private $timeout_late_cron   = null;
  29  
  30      /**
  31       * WP_Site_Health constructor.
  32       *
  33       * @since 5.2.0
  34       */
  35  	public function __construct() {
  36          $this->maybe_create_scheduled_event();
  37  
  38          // Save memory limit before it's affected by wp_raise_memory_limit( 'admin' ).
  39          $this->php_memory_limit = ini_get( 'memory_limit' );
  40  
  41          $this->timeout_late_cron   = 0;
  42          $this->timeout_missed_cron = - 5 * MINUTE_IN_SECONDS;
  43  
  44          if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) {
  45              $this->timeout_late_cron   = - 15 * MINUTE_IN_SECONDS;
  46              $this->timeout_missed_cron = - 1 * HOUR_IN_SECONDS;
  47          }
  48  
  49          add_filter( 'admin_body_class', array( $this, 'admin_body_class' ) );
  50  
  51          add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
  52          add_action( 'wp_site_health_scheduled_check', array( $this, 'wp_cron_scheduled_check' ) );
  53  
  54          add_action( 'site_health_tab_content', array( $this, 'show_site_health_tab' ) );
  55      }
  56  
  57      /**
  58       * Output the content of a tab in the Site Health screen.
  59       *
  60       * @since 5.8.0
  61       *
  62       * @param string $tab Slug of the current tab being displayed.
  63       */
  64  	public function show_site_health_tab( $tab ) {
  65          if ( 'debug' === $tab ) {
  66              require_once ABSPATH . '/wp-admin/site-health-info.php';
  67          }
  68      }
  69  
  70      /**
  71       * Return an instance of the WP_Site_Health class, or create one if none exist yet.
  72       *
  73       * @since 5.4.0
  74       *
  75       * @return WP_Site_Health|null
  76       */
  77  	public static function get_instance() {
  78          if ( null === self::$instance ) {
  79              self::$instance = new WP_Site_Health();
  80          }
  81  
  82          return self::$instance;
  83      }
  84  
  85      /**
  86       * Enqueues the site health scripts.
  87       *
  88       * @since 5.2.0
  89       */
  90  	public function enqueue_scripts() {
  91          $screen = get_current_screen();
  92          if ( 'site-health' !== $screen->id && 'dashboard' !== $screen->id ) {
  93              return;
  94          }
  95  
  96          $health_check_js_variables = array(
  97              'screen'      => $screen->id,
  98              'nonce'       => array(
  99                  'site_status'        => wp_create_nonce( 'health-check-site-status' ),
 100                  'site_status_result' => wp_create_nonce( 'health-check-site-status-result' ),
 101              ),
 102              'site_status' => array(
 103                  'direct' => array(),
 104                  'async'  => array(),
 105                  'issues' => array(
 106                      'good'        => 0,
 107                      'recommended' => 0,
 108                      'critical'    => 0,
 109                  ),
 110              ),
 111          );
 112  
 113          $issue_counts = get_transient( 'health-check-site-status-result' );
 114  
 115          if ( false !== $issue_counts ) {
 116              $issue_counts = json_decode( $issue_counts );
 117  
 118              $health_check_js_variables['site_status']['issues'] = $issue_counts;
 119          }
 120  
 121          if ( 'site-health' === $screen->id && ( ! isset( $_GET['tab'] ) || empty( $_GET['tab'] ) ) ) {
 122              $tests = WP_Site_Health::get_tests();
 123  
 124              // Don't run https test on development environments.
 125              if ( $this->is_development_environment() ) {
 126                  unset( $tests['async']['https_status'] );
 127              }
 128  
 129              foreach ( $tests['direct'] as $test ) {
 130                  if ( is_string( $test['test'] ) ) {
 131                      $test_function = sprintf(
 132                          'get_test_%s',
 133                          $test['test']
 134                      );
 135  
 136                      if ( method_exists( $this, $test_function ) && is_callable( array( $this, $test_function ) ) ) {
 137                          $health_check_js_variables['site_status']['direct'][] = $this->perform_test( array( $this, $test_function ) );
 138                          continue;
 139                      }
 140                  }
 141  
 142                  if ( is_callable( $test['test'] ) ) {
 143                      $health_check_js_variables['site_status']['direct'][] = $this->perform_test( $test['test'] );
 144                  }
 145              }
 146  
 147              foreach ( $tests['async'] as $test ) {
 148                  if ( is_string( $test['test'] ) ) {
 149                      $health_check_js_variables['site_status']['async'][] = array(
 150                          'test'      => $test['test'],
 151                          'has_rest'  => ( isset( $test['has_rest'] ) ? $test['has_rest'] : false ),
 152                          'completed' => false,
 153                          'headers'   => isset( $test['headers'] ) ? $test['headers'] : array(),
 154                      );
 155                  }
 156              }
 157          }
 158  
 159          wp_localize_script( 'site-health', 'SiteHealth', $health_check_js_variables );
 160      }
 161  
 162      /**
 163       * Run a Site Health test directly.
 164       *
 165       * @since 5.4.0
 166       *
 167       * @param callable $callback
 168       * @return mixed|void
 169       */
 170  	private function perform_test( $callback ) {
 171          /**
 172           * Filters the output of a finished Site Health test.
 173           *
 174           * @since 5.3.0
 175           *
 176           * @param array $test_result {
 177           *     An associative array of test result data.
 178           *
 179           *     @type string $label       A label describing the test, and is used as a header in the output.
 180           *     @type string $status      The status of the test, which can be a value of `good`, `recommended` or `critical`.
 181           *     @type array  $badge {
 182           *         Tests are put into categories which have an associated badge shown, these can be modified and assigned here.
 183           *
 184           *         @type string $label The test label, for example `Performance`.
 185           *         @type string $color Default `blue`. A string representing a color to use for the label.
 186           *     }
 187           *     @type string $description A more descriptive explanation of what the test looks for, and why it is important for the end user.
 188           *     @type string $actions     An action to direct the user to where they can resolve the issue, if one exists.
 189           *     @type string $test        The name of the test being ran, used as a reference point.
 190           * }
 191           */
 192          return apply_filters( 'site_status_test_result', call_user_func( $callback ) );
 193      }
 194  
 195      /**
 196       * Run the SQL version checks.
 197       *
 198       * These values are used in later tests, but the part of preparing them is more easily managed
 199       * early in the class for ease of access and discovery.
 200       *
 201       * @since 5.2.0
 202       *
 203       * @global wpdb $wpdb WordPress database abstraction object.
 204       */
 205  	private function prepare_sql_data() {
 206          global $wpdb;
 207  
 208          if ( $wpdb->use_mysqli ) {
 209              // phpcs:ignore WordPress.DB.RestrictedFunctions.mysql_mysqli_get_server_info
 210              $mysql_server_type = mysqli_get_server_info( $wpdb->dbh );
 211          } else {
 212              // phpcs:ignore WordPress.DB.RestrictedFunctions.mysql_mysql_get_server_info,PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved
 213              $mysql_server_type = mysql_get_server_info( $wpdb->dbh );
 214          }
 215  
 216          $this->mysql_server_version = $wpdb->get_var( 'SELECT VERSION()' );
 217  
 218          $this->health_check_mysql_rec_version = '5.6';
 219  
 220          if ( stristr( $mysql_server_type, 'mariadb' ) ) {
 221              $this->is_mariadb                     = true;
 222              $this->health_check_mysql_rec_version = '10.0';
 223          }
 224  
 225          $this->mysql_min_version_check = version_compare( '5.5', $this->mysql_server_version, '<=' );
 226          $this->mysql_rec_version_check = version_compare( $this->health_check_mysql_rec_version, $this->mysql_server_version, '<=' );
 227      }
 228  
 229      /**
 230       * Test if `wp_version_check` is blocked.
 231       *
 232       * It's possible to block updates with the `wp_version_check` filter, but this can't be checked
 233       * during an Ajax call, as the filter is never introduced then.
 234       *
 235       * This filter overrides a standard page request if it's made by an admin through the Ajax call
 236       * with the right query argument to check for this.
 237       *
 238       * @since 5.2.0
 239       */
 240  	public function check_wp_version_check_exists() {
 241          if ( ! is_admin() || ! is_user_logged_in() || ! current_user_can( 'update_core' ) || ! isset( $_GET['health-check-test-wp_version_check'] ) ) {
 242              return;
 243          }
 244  
 245          echo ( has_filter( 'wp_version_check', 'wp_version_check' ) ? 'yes' : 'no' );
 246  
 247          die();
 248      }
 249  
 250      /**
 251       * Tests for WordPress version and outputs it.
 252       *
 253       * Gives various results depending on what kind of updates are available, if any, to encourage
 254       * the user to install security updates as a priority.
 255       *
 256       * @since 5.2.0
 257       *
 258       * @return array The test result.
 259       */
 260  	public function get_test_wordpress_version() {
 261          $result = array(
 262              'label'       => '',
 263              'status'      => '',
 264              'badge'       => array(
 265                  'label' => __( 'Performance' ),
 266                  'color' => 'blue',
 267              ),
 268              'description' => '',
 269              'actions'     => '',
 270              'test'        => 'wordpress_version',
 271          );
 272  
 273          $core_current_version = get_bloginfo( 'version' );
 274          $core_updates         = get_core_updates();
 275  
 276          if ( ! is_array( $core_updates ) ) {
 277              $result['status'] = 'recommended';
 278  
 279              $result['label'] = sprintf(
 280                  /* translators: %s: Your current version of WordPress. */
 281                  __( 'WordPress version %s' ),
 282                  $core_current_version
 283              );
 284  
 285              $result['description'] = sprintf(
 286                  '<p>%s</p>',
 287                  __( 'Unable to check if any new versions of WordPress are available.' )
 288              );
 289  
 290              $result['actions'] = sprintf(
 291                  '<a href="%s">%s</a>',
 292                  esc_url( admin_url( 'update-core.php?force-check=1' ) ),
 293                  __( 'Check for updates manually' )
 294              );
 295          } else {
 296              foreach ( $core_updates as $core => $update ) {
 297                  if ( 'upgrade' === $update->response ) {
 298                      $current_version = explode( '.', $core_current_version );
 299                      $new_version     = explode( '.', $update->version );
 300  
 301                      $current_major = $current_version[0] . '.' . $current_version[1];
 302                      $new_major     = $new_version[0] . '.' . $new_version[1];
 303  
 304                      $result['label'] = sprintf(
 305                          /* translators: %s: The latest version of WordPress available. */
 306                          __( 'WordPress update available (%s)' ),
 307                          $update->version
 308                      );
 309  
 310                      $result['actions'] = sprintf(
 311                          '<a href="%s">%s</a>',
 312                          esc_url( admin_url( 'update-core.php' ) ),
 313                          __( 'Install the latest version of WordPress' )
 314                      );
 315  
 316                      if ( $current_major !== $new_major ) {
 317                          // This is a major version mismatch.
 318                          $result['status']      = 'recommended';
 319                          $result['description'] = sprintf(
 320                              '<p>%s</p>',
 321                              __( 'A new version of WordPress is available.' )
 322                          );
 323                      } else {
 324                          // This is a minor version, sometimes considered more critical.
 325                          $result['status']         = 'critical';
 326                          $result['badge']['label'] = __( 'Security' );
 327                          $result['description']    = sprintf(
 328                              '<p>%s</p>',
 329                              __( 'A new minor update is available for your site. Because minor updates often address security, it&#8217;s important to install them.' )
 330                          );
 331                      }
 332                  } else {
 333                      $result['status'] = 'good';
 334                      $result['label']  = sprintf(
 335                          /* translators: %s: The current version of WordPress installed on this site. */
 336                          __( 'Your version of WordPress (%s) is up to date' ),
 337                          $core_current_version
 338                      );
 339  
 340                      $result['description'] = sprintf(
 341                          '<p>%s</p>',
 342                          __( 'You are currently running the latest version of WordPress available, keep it up!' )
 343                      );
 344                  }
 345              }
 346          }
 347  
 348          return $result;
 349      }
 350  
 351      /**
 352       * Test if plugins are outdated, or unnecessary.
 353       *
 354       * The tests checks if your plugins are up to date, and encourages you to remove any
 355       * that are not in use.
 356       *
 357       * @since 5.2.0
 358       *
 359       * @return array The test result.
 360       */
 361  	public function get_test_plugin_version() {
 362          $result = array(
 363              'label'       => __( 'Your plugins are all up to date' ),
 364              'status'      => 'good',
 365              'badge'       => array(
 366                  'label' => __( 'Security' ),
 367                  'color' => 'blue',
 368              ),
 369              'description' => sprintf(
 370                  '<p>%s</p>',
 371                  __( 'Plugins extend your site&#8217;s functionality with things like contact forms, ecommerce and much more. That means they have deep access to your site, so it&#8217;s vital to keep them up to date.' )
 372              ),
 373              'actions'     => sprintf(
 374                  '<p><a href="%s">%s</a></p>',
 375                  esc_url( admin_url( 'plugins.php' ) ),
 376                  __( 'Manage your plugins' )
 377              ),
 378              'test'        => 'plugin_version',
 379          );
 380  
 381          $plugins        = get_plugins();
 382          $plugin_updates = get_plugin_updates();
 383  
 384          $plugins_active      = 0;
 385          $plugins_total       = 0;
 386          $plugins_need_update = 0;
 387  
 388          // Loop over the available plugins and check their versions and active state.
 389          foreach ( $plugins as $plugin_path => $plugin ) {
 390              $plugins_total++;
 391  
 392              if ( is_plugin_active( $plugin_path ) ) {
 393                  $plugins_active++;
 394              }
 395  
 396              if ( array_key_exists( $plugin_path, $plugin_updates ) ) {
 397                  $plugins_need_update++;
 398              }
 399          }
 400  
 401          // Add a notice if there are outdated plugins.
 402          if ( $plugins_need_update > 0 ) {
 403              $result['status'] = 'critical';
 404  
 405              $result['label'] = __( 'You have plugins waiting to be updated' );
 406  
 407              $result['description'] .= sprintf(
 408                  '<p>%s</p>',
 409                  sprintf(
 410                      /* translators: %d: The number of outdated plugins. */
 411                      _n(
 412                          'Your site has %d plugin waiting to be updated.',
 413                          'Your site has %d plugins waiting to be updated.',
 414                          $plugins_need_update
 415                      ),
 416                      $plugins_need_update
 417                  )
 418              );
 419  
 420              $result['actions'] .= sprintf(
 421                  '<p><a href="%s">%s</a></p>',
 422                  esc_url( network_admin_url( 'plugins.php?plugin_status=upgrade' ) ),
 423                  __( 'Update your plugins' )
 424              );
 425          } else {
 426              if ( 1 === $plugins_active ) {
 427                  $result['description'] .= sprintf(
 428                      '<p>%s</p>',
 429                      __( 'Your site has 1 active plugin, and it is up to date.' )
 430                  );
 431              } else {
 432                  $result['description'] .= sprintf(
 433                      '<p>%s</p>',
 434                      sprintf(
 435                          /* translators: %d: The number of active plugins. */
 436                          _n(
 437                              'Your site has %d active plugin, and it is up to date.',
 438                              'Your site has %d active plugins, and they are all up to date.',
 439                              $plugins_active
 440                          ),
 441                          $plugins_active
 442                      )
 443                  );
 444              }
 445          }
 446  
 447          // Check if there are inactive plugins.
 448          if ( $plugins_total > $plugins_active && ! is_multisite() ) {
 449              $unused_plugins = $plugins_total - $plugins_active;
 450  
 451              $result['status'] = 'recommended';
 452  
 453              $result['label'] = __( 'You should remove inactive plugins' );
 454  
 455              $result['description'] .= sprintf(
 456                  '<p>%s %s</p>',
 457                  sprintf(
 458                      /* translators: %d: The number of inactive plugins. */
 459                      _n(
 460                          'Your site has %d inactive plugin.',
 461                          'Your site has %d inactive plugins.',
 462                          $unused_plugins
 463                      ),
 464                      $unused_plugins
 465                  ),
 466                  __( 'Inactive plugins are tempting targets for attackers. If you are not going to use a plugin, you should consider removing it.' )
 467              );
 468  
 469              $result['actions'] .= sprintf(
 470                  '<p><a href="%s">%s</a></p>',
 471                  esc_url( admin_url( 'plugins.php?plugin_status=inactive' ) ),
 472                  __( 'Manage inactive plugins' )
 473              );
 474          }
 475  
 476          return $result;
 477      }
 478  
 479      /**
 480       * Test if themes are outdated, or unnecessary.
 481       *
 482       * Сhecks if your site has a default theme (to fall back on if there is a need),
 483       * if your themes are up to date and, finally, encourages you to remove any themes
 484       * that are not needed.
 485       *
 486       * @since 5.2.0
 487       *
 488       * @return array The test results.
 489       */
 490  	public function get_test_theme_version() {
 491          $result = array(
 492              'label'       => __( 'Your themes are all up to date' ),
 493              'status'      => 'good',
 494              'badge'       => array(
 495                  'label' => __( 'Security' ),
 496                  'color' => 'blue',
 497              ),
 498              'description' => sprintf(
 499                  '<p>%s</p>',
 500                  __( 'Themes add your site&#8217;s look and feel. It&#8217;s important to keep them up to date, to stay consistent with your brand and keep your site secure.' )
 501              ),
 502              'actions'     => sprintf(
 503                  '<p><a href="%s">%s</a></p>',
 504                  esc_url( admin_url( 'themes.php' ) ),
 505                  __( 'Manage your themes' )
 506              ),
 507              'test'        => 'theme_version',
 508          );
 509  
 510          $theme_updates = get_theme_updates();
 511  
 512          $themes_total        = 0;
 513          $themes_need_updates = 0;
 514          $themes_inactive     = 0;
 515  
 516          // This value is changed during processing to determine how many themes are considered a reasonable amount.
 517          $allowed_theme_count = 1;
 518  
 519          $has_default_theme   = false;
 520          $has_unused_themes   = false;
 521          $show_unused_themes  = true;
 522          $using_default_theme = false;
 523  
 524          // Populate a list of all themes available in the install.
 525          $all_themes   = wp_get_themes();
 526          $active_theme = wp_get_theme();
 527  
 528          // If WP_DEFAULT_THEME doesn't exist, fall back to the latest core default theme.
 529          $default_theme = wp_get_theme( WP_DEFAULT_THEME );
 530          if ( ! $default_theme->exists() ) {
 531              $default_theme = WP_Theme::get_core_default_theme();
 532          }
 533  
 534          if ( $default_theme ) {
 535              $has_default_theme = true;
 536  
 537              if (
 538                  $active_theme->get_stylesheet() === $default_theme->get_stylesheet()
 539              ||
 540                  is_child_theme() && $active_theme->get_template() === $default_theme->get_template()
 541              ) {
 542                  $using_default_theme = true;
 543              }
 544          }
 545  
 546          foreach ( $all_themes as $theme_slug => $theme ) {
 547              $themes_total++;
 548  
 549              if ( array_key_exists( $theme_slug, $theme_updates ) ) {
 550                  $themes_need_updates++;
 551              }
 552          }
 553  
 554          // If this is a child theme, increase the allowed theme count by one, to account for the parent.
 555          if ( is_child_theme() ) {
 556              $allowed_theme_count++;
 557          }
 558  
 559          // If there's a default theme installed and not in use, we count that as allowed as well.
 560          if ( $has_default_theme && ! $using_default_theme ) {
 561              $allowed_theme_count++;
 562          }
 563  
 564          if ( $themes_total > $allowed_theme_count ) {
 565              $has_unused_themes = true;
 566              $themes_inactive   = ( $themes_total - $allowed_theme_count );
 567          }
 568  
 569          // Check if any themes need to be updated.
 570          if ( $themes_need_updates > 0 ) {
 571              $result['status'] = 'critical';
 572  
 573              $result['label'] = __( 'You have themes waiting to be updated' );
 574  
 575              $result['description'] .= sprintf(
 576                  '<p>%s</p>',
 577                  sprintf(
 578                      /* translators: %d: The number of outdated themes. */
 579                      _n(
 580                          'Your site has %d theme waiting to be updated.',
 581                          'Your site has %d themes waiting to be updated.',
 582                          $themes_need_updates
 583                      ),
 584                      $themes_need_updates
 585                  )
 586              );
 587          } else {
 588              // Give positive feedback about the site being good about keeping things up to date.
 589              if ( 1 === $themes_total ) {
 590                  $result['description'] .= sprintf(
 591                      '<p>%s</p>',
 592                      __( 'Your site has 1 installed theme, and it is up to date.' )
 593                  );
 594              } else {
 595                  $result['description'] .= sprintf(
 596                      '<p>%s</p>',
 597                      sprintf(
 598                          /* translators: %d: The number of themes. */
 599                          _n(
 600                              'Your site has %d installed theme, and it is up to date.',
 601                              'Your site has %d installed themes, and they are all up to date.',
 602                              $themes_total
 603                          ),
 604                          $themes_total
 605                      )
 606                  );
 607              }
 608          }
 609  
 610          if ( $has_unused_themes && $show_unused_themes && ! is_multisite() ) {
 611  
 612              // This is a child theme, so we want to be a bit more explicit in our messages.
 613              if ( $active_theme->parent() ) {
 614                  // Recommend removing inactive themes, except a default theme, your current one, and the parent theme.
 615                  $result['status'] = 'recommended';
 616  
 617                  $result['label'] = __( 'You should remove inactive themes' );
 618  
 619                  if ( $using_default_theme ) {
 620                      $result['description'] .= sprintf(
 621                          '<p>%s %s</p>',
 622                          sprintf(
 623                              /* translators: %d: The number of inactive themes. */
 624                              _n(
 625                                  'Your site has %d inactive theme.',
 626                                  'Your site has %d inactive themes.',
 627                                  $themes_inactive
 628                              ),
 629                              $themes_inactive
 630                          ),
 631                          sprintf(
 632                              /* translators: 1: The currently active theme. 2: The active theme's parent theme. */
 633                              __( 'To enhance your site&#8217;s security, you should consider removing any themes you are not using. You should keep your active theme, %1$s, and %2$s, its parent theme.' ),
 634                              $active_theme->name,
 635                              $active_theme->parent()->name
 636                          )
 637                      );
 638                  } else {
 639                      $result['description'] .= sprintf(
 640                          '<p>%s %s</p>',
 641                          sprintf(
 642                              /* translators: %d: The number of inactive themes. */
 643                              _n(
 644                                  'Your site has %d inactive theme.',
 645                                  'Your site has %d inactive themes.',
 646                                  $themes_inactive
 647                              ),
 648                              $themes_inactive
 649                          ),
 650                          sprintf(
 651                              /* translators: 1: The default theme for WordPress. 2: The currently active theme. 3: The active theme's parent theme. */
 652                              __( 'To enhance your site&#8217;s security, you should consider removing any themes you are not using. You should keep %1$s, the default WordPress theme, %2$s, your active theme, and %3$s, its parent theme.' ),
 653                              $default_theme ? $default_theme->name : WP_DEFAULT_THEME,
 654                              $active_theme->name,
 655                              $active_theme->parent()->name
 656                          )
 657                      );
 658                  }
 659              } else {
 660                  // Recommend removing all inactive themes.
 661                  $result['status'] = 'recommended';
 662  
 663                  $result['label'] = __( 'You should remove inactive themes' );
 664  
 665                  if ( $using_default_theme ) {
 666                      $result['description'] .= sprintf(
 667                          '<p>%s %s</p>',
 668                          sprintf(
 669                              /* translators: 1: The amount of inactive themes. 2: The currently active theme. */
 670                              _n(
 671                                  'Your site has %1$d inactive theme, other than %2$s, your active theme.',
 672                                  'Your site has %1$d inactive themes, other than %2$s, your active theme.',
 673                                  $themes_inactive
 674                              ),
 675                              $themes_inactive,
 676                              $active_theme->name
 677                          ),
 678                          __( 'You should consider removing any unused themes to enhance your site&#8217;s security.' )
 679                      );
 680                  } else {
 681                      $result['description'] .= sprintf(
 682                          '<p>%s %s</p>',
 683                          sprintf(
 684                              /* translators: 1: The amount of inactive themes. 2: The default theme for WordPress. 3: The currently active theme. */
 685                              _n(
 686                                  'Your site has %1$d inactive theme, other than %2$s, the default WordPress theme, and %3$s, your active theme.',
 687                                  'Your site has %1$d inactive themes, other than %2$s, the default WordPress theme, and %3$s, your active theme.',
 688                                  $themes_inactive
 689                              ),
 690                              $themes_inactive,
 691                              $default_theme ? $default_theme->name : WP_DEFAULT_THEME,
 692                              $active_theme->name
 693                          ),
 694                          __( 'You should consider removing any unused themes to enhance your site&#8217;s security.' )
 695                      );
 696                  }
 697              }
 698          }
 699  
 700          // If no default Twenty* theme exists.
 701          if ( ! $has_default_theme ) {
 702              $result['status'] = 'recommended';
 703  
 704              $result['label'] = __( 'Have a default theme available' );
 705  
 706              $result['description'] .= sprintf(
 707                  '<p>%s</p>',
 708                  __( 'Your site does not have any default theme. Default themes are used by WordPress automatically if anything is wrong with your chosen theme.' )
 709              );
 710          }
 711  
 712          return $result;
 713      }
 714  
 715      /**
 716       * Test if the supplied PHP version is supported.
 717       *
 718       * @since 5.2.0
 719       *
 720       * @return array The test results.
 721       */
 722  	public function get_test_php_version() {
 723          $response = wp_check_php_version();
 724  
 725          $result = array(
 726              'label'       => sprintf(
 727                  /* translators: %s: The current PHP version. */
 728                  __( 'Your site is running the current version of PHP (%s)' ),
 729                  PHP_VERSION
 730              ),
 731              'status'      => 'good',
 732              'badge'       => array(
 733                  'label' => __( 'Performance' ),
 734                  'color' => 'blue',
 735              ),
 736              'description' => sprintf(
 737                  '<p>%s</p>',
 738                  sprintf(
 739                      /* translators: %s: The minimum recommended PHP version. */
 740                      __( 'PHP is the programming language used to build and maintain WordPress. Newer versions of PHP are created with increased performance in mind, so you may see a positive effect on your site&#8217;s performance. The minimum recommended version of PHP is %s.' ),
 741                      $response ? $response['recommended_version'] : ''
 742                  )
 743              ),
 744              'actions'     => sprintf(
 745                  '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
 746                  esc_url( wp_get_update_php_url() ),
 747                  __( 'Learn more about updating PHP' ),
 748                  /* translators: Accessibility text. */
 749                  __( '(opens in a new tab)' )
 750              ),
 751              'test'        => 'php_version',
 752          );
 753  
 754          // PHP is up to date.
 755          if ( ! $response || version_compare( PHP_VERSION, $response['recommended_version'], '>=' ) ) {
 756              return $result;
 757          }
 758  
 759          // The PHP version is older than the recommended version, but still receiving active support.
 760          if ( $response['is_supported'] ) {
 761              $result['label'] = sprintf(
 762                  /* translators: %s: The server PHP version. */
 763                  __( 'Your site is running an older version of PHP (%s)' ),
 764                  PHP_VERSION
 765              );
 766              $result['status'] = 'recommended';
 767  
 768              return $result;
 769          }
 770  
 771          // The PHP version is only receiving security fixes.
 772          if ( $response['is_secure'] ) {
 773              $result['label'] = sprintf(
 774                  /* translators: %s: The server PHP version. */
 775                  __( 'Your site is running an older version of PHP (%s), which should be updated' ),
 776                  PHP_VERSION
 777              );
 778              $result['status'] = 'recommended';
 779  
 780              return $result;
 781          }
 782  
 783          // Anything no longer secure must be updated.
 784          $result['label'] = sprintf(
 785              /* translators: %s: The server PHP version. */
 786              __( 'Your site is running an outdated version of PHP (%s), which requires an update' ),
 787              PHP_VERSION
 788          );
 789          $result['status']         = 'critical';
 790          $result['badge']['label'] = __( 'Security' );
 791  
 792          return $result;
 793      }
 794  
 795      /**
 796       * Check if the passed extension or function are available.
 797       *
 798       * Make the check for available PHP modules into a simple boolean operator for a cleaner test runner.
 799       *
 800       * @since 5.2.0
 801       * @since 5.3.0 The `$constant_name` and `$class_name` parameters were added.
 802       *
 803       * @param string $extension_name Optional. The extension name to test. Default null.
 804       * @param string $function_name  Optional. The function name to test. Default null.
 805       * @param string $constant_name  Optional. The constant name to test for. Default null.
 806       * @param string $class_name     Optional. The class name to test for. Default null.
 807       * @return bool Whether or not the extension and function are available.
 808       */
 809  	private function test_php_extension_availability( $extension_name = null, $function_name = null, $constant_name = null, $class_name = null ) {
 810          // If no extension or function is passed, claim to fail testing, as we have nothing to test against.
 811          if ( ! $extension_name && ! $function_name && ! $constant_name && ! $class_name ) {
 812              return false;
 813          }
 814  
 815          if ( $extension_name && ! extension_loaded( $extension_name ) ) {
 816              return false;
 817          }
 818  
 819          if ( $function_name && ! function_exists( $function_name ) ) {
 820              return false;
 821          }
 822  
 823          if ( $constant_name && ! defined( $constant_name ) ) {
 824              return false;
 825          }
 826  
 827          if ( $class_name && ! class_exists( $class_name ) ) {
 828              return false;
 829          }
 830  
 831          return true;
 832      }
 833  
 834      /**
 835       * Test if required PHP modules are installed on the host.
 836       *
 837       * This test builds on the recommendations made by the WordPress Hosting Team
 838       * as seen at https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions
 839       *
 840       * @since 5.2.0
 841       *
 842       * @return array
 843       */
 844  	public function get_test_php_extensions() {
 845          $result = array(
 846              'label'       => __( 'Required and recommended modules are installed' ),
 847              'status'      => 'good',
 848              'badge'       => array(
 849                  'label' => __( 'Performance' ),
 850                  'color' => 'blue',
 851              ),
 852              'description' => sprintf(
 853                  '<p>%s</p><p>%s</p>',
 854                  __( 'PHP modules perform most of the tasks on the server that make your site run. Any changes to these must be made by your server administrator.' ),
 855                  sprintf(
 856                      /* translators: 1: Link to the hosting group page about recommended PHP modules. 2: Additional link attributes. 3: Accessibility text. */
 857                      __( 'The WordPress Hosting Team maintains a list of those modules, both recommended and required, in <a href="%1$s" %2$s>the team handbook%3$s</a>.' ),
 858                      /* translators: Localized team handbook, if one exists. */
 859                      esc_url( __( 'https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions' ) ),
 860                      'target="_blank" rel="noopener"',
 861                      sprintf(
 862                          ' <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span>',
 863                          /* translators: Accessibility text. */
 864                          __( '(opens in a new tab)' )
 865                      )
 866                  )
 867              ),
 868              'actions'     => '',
 869              'test'        => 'php_extensions',
 870          );
 871  
 872          $modules = array(
 873              'curl'      => array(
 874                  'function' => 'curl_version',
 875                  'required' => false,
 876              ),
 877              'dom'       => array(
 878                  'class'    => 'DOMNode',
 879                  'required' => false,
 880              ),
 881              'exif'      => array(
 882                  'function' => 'exif_read_data',
 883                  'required' => false,
 884              ),
 885              'fileinfo'  => array(
 886                  'function' => 'finfo_file',
 887                  'required' => false,
 888              ),
 889              'hash'      => array(
 890                  'function' => 'hash',
 891                  'required' => false,
 892              ),
 893              'imagick'   => array(
 894                  'extension' => 'imagick',
 895                  'required'  => false,
 896              ),
 897              'json'      => array(
 898                  'function' => 'json_last_error',
 899                  'required' => true,
 900              ),
 901              'mbstring'  => array(
 902                  'function' => 'mb_check_encoding',
 903                  'required' => false,
 904              ),
 905              'mysqli'    => array(
 906                  'function' => 'mysqli_connect',
 907                  'required' => false,
 908              ),
 909              'libsodium' => array(
 910                  'constant'            => 'SODIUM_LIBRARY_VERSION',
 911                  'required'            => false,
 912                  'php_bundled_version' => '7.2.0',
 913              ),
 914              'openssl'   => array(
 915                  'function' => 'openssl_encrypt',
 916                  'required' => false,
 917              ),
 918              'pcre'      => array(
 919                  'function' => 'preg_match',
 920                  'required' => false,
 921              ),
 922              'mod_xml'   => array(
 923                  'extension' => 'libxml',
 924                  'required'  => false,
 925              ),
 926              'zip'       => array(
 927                  'class'    => 'ZipArchive',
 928                  'required' => false,
 929              ),
 930              'filter'    => array(
 931                  'function' => 'filter_list',
 932                  'required' => false,
 933              ),
 934              'gd'        => array(
 935                  'extension'    => 'gd',
 936                  'required'     => false,
 937                  'fallback_for' => 'imagick',
 938              ),
 939              'iconv'     => array(
 940                  'function' => 'iconv',
 941                  'required' => false,
 942              ),
 943              'intl'      => array(
 944                  'extension' => 'intl',
 945                  'required'  => false,
 946              ),
 947              'mcrypt'    => array(
 948                  'extension'    => 'mcrypt',
 949                  'required'     => false,
 950                  'fallback_for' => 'libsodium',
 951              ),
 952              'simplexml' => array(
 953                  'extension'    => 'simplexml',
 954                  'required'     => false,
 955                  'fallback_for' => 'mod_xml',
 956              ),
 957              'xmlreader' => array(
 958                  'extension'    => 'xmlreader',
 959                  'required'     => false,
 960                  'fallback_for' => 'mod_xml',
 961              ),
 962              'zlib'      => array(
 963                  'extension'    => 'zlib',
 964                  'required'     => false,
 965                  'fallback_for' => 'zip',
 966              ),
 967          );
 968  
 969          /**
 970           * An array representing all the modules we wish to test for.
 971           *
 972           * @since 5.2.0
 973           * @since 5.3.0 The `$constant` and `$class` parameters were added.
 974           *
 975           * @param array $modules {
 976           *     An associative array of modules to test for.
 977           *
 978           *     @type array ...$0 {
 979           *         An associative array of module properties used during testing.
 980           *         One of either `$function` or `$extension` must be provided, or they will fail by default.
 981           *
 982           *         @type string $function     Optional. A function name to test for the existence of.
 983           *         @type string $extension    Optional. An extension to check if is loaded in PHP.
 984           *         @type string $constant     Optional. A constant name to check for to verify an extension exists.
 985           *         @type string $class        Optional. A class name to check for to verify an extension exists.
 986           *         @type bool   $required     Is this a required feature or not.
 987           *         @type string $fallback_for Optional. The module this module replaces as a fallback.
 988           *     }
 989           * }
 990           */
 991          $modules = apply_filters( 'site_status_test_php_modules', $modules );
 992  
 993          $failures = array();
 994  
 995          foreach ( $modules as $library => $module ) {
 996              $extension_name = ( isset( $module['extension'] ) ? $module['extension'] : null );
 997              $function_name  = ( isset( $module['function'] ) ? $module['function'] : null );
 998              $constant_name  = ( isset( $module['constant'] ) ? $module['constant'] : null );
 999              $class_name     = ( isset( $module['class'] ) ? $module['class'] : null );
1000  
1001              // If this module is a fallback for another function, check if that other function passed.
1002              if ( isset( $module['fallback_for'] ) ) {
1003                  /*
1004                   * If that other function has a failure, mark this module as required for usual operations.
1005                   * If that other function hasn't failed, skip this test as it's only a fallback.
1006                   */
1007                  if ( isset( $failures[ $module['fallback_for'] ] ) ) {
1008                      $module['required'] = true;
1009                  } else {
1010                      continue;
1011                  }
1012              }
1013  
1014              if ( ! $this->test_php_extension_availability( $extension_name, $function_name, $constant_name, $class_name )
1015                  && ( ! isset( $module['php_bundled_version'] )
1016                      || version_compare( PHP_VERSION, $module['php_bundled_version'], '<' ) )
1017              ) {
1018                  if ( $module['required'] ) {
1019                      $result['status'] = 'critical';
1020  
1021                      $class         = 'error';
1022                      $screen_reader = __( 'Error' );
1023                      $message       = sprintf(
1024                          /* translators: %s: The module name. */
1025                          __( 'The required module, %s, is not installed, or has been disabled.' ),
1026                          $library
1027                      );
1028                  } else {
1029                      $class         = 'warning';
1030                      $screen_reader = __( 'Warning' );
1031                      $message       = sprintf(
1032                          /* translators: %s: The module name. */
1033                          __( 'The optional module, %s, is not installed, or has been disabled.' ),
1034                          $library
1035                      );
1036                  }
1037  
1038                  if ( ! $module['required'] && 'good' === $result['status'] ) {
1039                      $result['status'] = 'recommended';
1040                  }
1041  
1042                  $failures[ $library ] = "<span class='dashicons $class'><span class='screen-reader-text'>$screen_reader</span></span> $message";
1043              }
1044          }
1045  
1046          if ( ! empty( $failures ) ) {
1047              $output = '<ul>';
1048  
1049              foreach ( $failures as $failure ) {
1050                  $output .= sprintf(
1051                      '<li>%s</li>',
1052                      $failure
1053                  );
1054              }
1055  
1056              $output .= '</ul>';
1057          }
1058  
1059          if ( 'good' !== $result['status'] ) {
1060              if ( 'recommended' === $result['status'] ) {
1061                  $result['label'] = __( 'One or more recommended modules are missing' );
1062              }
1063              if ( 'critical' === $result['status'] ) {
1064                  $result['label'] = __( 'One or more required modules are missing' );
1065              }
1066  
1067              $result['description'] .= $output;
1068          }
1069  
1070          return $result;
1071      }
1072  
1073      /**
1074       * Test if the PHP default timezone is set to UTC.
1075       *
1076       * @since 5.3.1
1077       *
1078       * @return array The test results.
1079       */
1080  	public function get_test_php_default_timezone() {
1081          $result = array(
1082              'label'       => __( 'PHP default timezone is valid' ),
1083              'status'      => 'good',
1084              'badge'       => array(
1085                  'label' => __( 'Performance' ),
1086                  'color' => 'blue',
1087              ),
1088              'description' => sprintf(
1089                  '<p>%s</p>',
1090                  __( 'PHP default timezone was configured by WordPress on loading. This is necessary for correct calculations of dates and times.' )
1091              ),
1092              'actions'     => '',
1093              'test'        => 'php_default_timezone',
1094          );
1095  
1096          if ( 'UTC' !== date_default_timezone_get() ) {
1097              $result['status'] = 'critical';
1098  
1099              $result['label'] = __( 'PHP default timezone is invalid' );
1100  
1101              $result['description'] = sprintf(
1102                  '<p>%s</p>',
1103                  sprintf(
1104                      /* translators: %s: date_default_timezone_set() */
1105                      __( 'PHP default timezone was changed after WordPress loading by a %s function call. This interferes with correct calculations of dates and times.' ),
1106                      '<code>date_default_timezone_set()</code>'
1107                  )
1108              );
1109          }
1110  
1111          return $result;
1112      }
1113  
1114      /**
1115       * Test if there's an active PHP session that can affect loopback requests.
1116       *
1117       * @since 5.5.0
1118       *
1119       * @return array The test results.
1120       */
1121  	public function get_test_php_sessions() {
1122          $result = array(
1123              'label'       => __( 'No PHP sessions detected' ),
1124              'status'      => 'good',
1125              'badge'       => array(
1126                  'label' => __( 'Performance' ),
1127                  'color' => 'blue',
1128              ),
1129              'description' => sprintf(
1130                  '<p>%s</p>',
1131                  sprintf(
1132                      /* translators: 1: session_start(), 2: session_write_close() */
1133                      __( 'PHP sessions created by a %1$s function call may interfere with REST API and loopback requests. An active session should be closed by %2$s before making any HTTP requests.' ),
1134                      '<code>session_start()</code>',
1135                      '<code>session_write_close()</code>'
1136                  )
1137              ),
1138              'test'        => 'php_sessions',
1139          );
1140  
1141          if ( function_exists( 'session_status' ) && PHP_SESSION_ACTIVE === session_status() ) {
1142              $result['status'] = 'critical';
1143  
1144              $result['label'] = __( 'An active PHP session was detected' );
1145  
1146              $result['description'] = sprintf(
1147                  '<p>%s</p>',
1148                  sprintf(
1149                      /* translators: 1: session_start(), 2: session_write_close() */
1150                      __( 'A PHP session was created by a %1$s function call. This interferes with REST API and loopback requests. The session should be closed by %2$s before making any HTTP requests.' ),
1151                      '<code>session_start()</code>',
1152                      '<code>session_write_close()</code>'
1153                  )
1154              );
1155          }
1156  
1157          return $result;
1158      }
1159  
1160      /**
1161       * Test if the SQL server is up to date.
1162       *
1163       * @since 5.2.0
1164       *
1165       * @return array The test results.
1166       */
1167  	public function get_test_sql_server() {
1168          if ( ! $this->mysql_server_version ) {
1169              $this->prepare_sql_data();
1170          }
1171  
1172          $result = array(
1173              'label'       => __( 'SQL server is up to date' ),
1174              'status'      => 'good',
1175              'badge'       => array(
1176                  'label' => __( 'Performance' ),
1177                  'color' => 'blue',
1178              ),
1179              'description' => sprintf(
1180                  '<p>%s</p>',
1181                  __( 'The SQL server is a required piece of software for the database WordPress uses to store all your site&#8217;s content and settings.' )
1182              ),
1183              'actions'     => sprintf(
1184                  '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
1185                  /* translators: Localized version of WordPress requirements if one exists. */
1186                  esc_url( __( 'https://wordpress.org/about/requirements/' ) ),
1187                  __( 'Learn more about what WordPress requires to run.' ),
1188                  /* translators: Accessibility text. */
1189                  __( '(opens in a new tab)' )
1190              ),
1191              'test'        => 'sql_server',
1192          );
1193  
1194          $db_dropin = file_exists( WP_CONTENT_DIR . '/db.php' );
1195  
1196          if ( ! $this->mysql_rec_version_check ) {
1197              $result['status'] = 'recommended';
1198  
1199              $result['label'] = __( 'Outdated SQL server' );
1200  
1201              $result['description'] .= sprintf(
1202                  '<p>%s</p>',
1203                  sprintf(
1204                      /* translators: 1: The database engine in use (MySQL or MariaDB). 2: Database server recommended version number. */
1205                      __( 'For optimal performance and security reasons, you should consider running %1$s version %2$s or higher. Contact your web hosting company to correct this.' ),
1206                      ( $this->is_mariadb ? 'MariaDB' : 'MySQL' ),
1207                      $this->health_check_mysql_rec_version
1208                  )
1209              );
1210          }
1211  
1212          if ( ! $this->mysql_min_version_check ) {
1213              $result['status'] = 'critical';
1214  
1215              $result['label']          = __( 'Severely outdated SQL server' );
1216              $result['badge']['label'] = __( 'Security' );
1217  
1218              $result['description'] .= sprintf(
1219                  '<p>%s</p>',
1220                  sprintf(
1221                      /* translators: 1: The database engine in use (MySQL or MariaDB). 2: Database server minimum version number. */
1222                      __( 'WordPress requires %1$s version %2$s or higher. Contact your web hosting company to correct this.' ),
1223                      ( $this->is_mariadb ? 'MariaDB' : 'MySQL' ),
1224                      $this->health_check_mysql_required_version
1225                  )
1226              );
1227          }
1228  
1229          if ( $db_dropin ) {
1230              $result['description'] .= sprintf(
1231                  '<p>%s</p>',
1232                  wp_kses(
1233                      sprintf(
1234                          /* translators: 1: The name of the drop-in. 2: The name of the database engine. */
1235                          __( 'You are using a %1$s drop-in which might mean that a %2$s database is not being used.' ),
1236                          '<code>wp-content/db.php</code>',
1237                          ( $this->is_mariadb ? 'MariaDB' : 'MySQL' )
1238                      ),
1239                      array(
1240                          'code' => true,
1241                      )
1242                  )
1243              );
1244          }
1245  
1246          return $result;
1247      }
1248  
1249      /**
1250       * Test if the database server is capable of using utf8mb4.
1251       *
1252       * @since 5.2.0
1253       *
1254       * @return array The test results.
1255       */
1256  	public function get_test_utf8mb4_support() {
1257          global $wpdb;
1258  
1259          if ( ! $this->mysql_server_version ) {
1260              $this->prepare_sql_data();
1261          }
1262  
1263          $result = array(
1264              'label'       => __( 'UTF8MB4 is supported' ),
1265              'status'      => 'good',
1266              'badge'       => array(
1267                  'label' => __( 'Performance' ),
1268                  'color' => 'blue',
1269              ),
1270              'description' => sprintf(
1271                  '<p>%s</p>',
1272                  __( 'UTF8MB4 is the character set WordPress prefers for database storage because it safely supports the widest set of characters and encodings, including Emoji, enabling better support for non-English languages.' )
1273              ),
1274              'actions'     => '',
1275              'test'        => 'utf8mb4_support',
1276          );
1277  
1278          if ( ! $this->is_mariadb ) {
1279              if ( version_compare( $this->mysql_server_version, '5.5.3', '<' ) ) {
1280                  $result['status'] = 'recommended';
1281  
1282                  $result['label'] = __( 'utf8mb4 requires a MySQL update' );
1283  
1284                  $result['description'] .= sprintf(
1285                      '<p>%s</p>',
1286                      sprintf(
1287                          /* translators: %s: Version number. */
1288                          __( 'WordPress&#8217; utf8mb4 support requires MySQL version %s or greater. Please contact your server administrator.' ),
1289                          '5.5.3'
1290                      )
1291                  );
1292              } else {
1293                  $result['description'] .= sprintf(
1294                      '<p>%s</p>',
1295                      __( 'Your MySQL version supports utf8mb4.' )
1296                  );
1297              }
1298          } else { // MariaDB introduced utf8mb4 support in 5.5.0.
1299              if ( version_compare( $this->mysql_server_version, '5.5.0', '<' ) ) {
1300                  $result['status'] = 'recommended';
1301  
1302                  $result['label'] = __( 'utf8mb4 requires a MariaDB update' );
1303  
1304                  $result['description'] .= sprintf(
1305                      '<p>%s</p>',
1306                      sprintf(
1307                          /* translators: %s: Version number. */
1308                          __( 'WordPress&#8217; utf8mb4 support requires MariaDB version %s or greater. Please contact your server administrator.' ),
1309                          '5.5.0'
1310                      )
1311                  );
1312              } else {
1313                  $result['description'] .= sprintf(
1314                      '<p>%s</p>',
1315                      __( 'Your MariaDB version supports utf8mb4.' )
1316                  );
1317              }
1318          }
1319  
1320          if ( $wpdb->use_mysqli ) {
1321              // phpcs:ignore WordPress.DB.RestrictedFunctions.mysql_mysqli_get_client_info
1322              $mysql_client_version = mysqli_get_client_info();
1323          } else {
1324              // phpcs:ignore WordPress.DB.RestrictedFunctions.mysql_mysql_get_client_info,PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved
1325              $mysql_client_version = mysql_get_client_info();
1326          }
1327  
1328          /*
1329           * libmysql has supported utf8mb4 since 5.5.3, same as the MySQL server.
1330           * mysqlnd has supported utf8mb4 since 5.0.9.
1331           */
1332          if ( false !== strpos( $mysql_client_version, 'mysqlnd' ) ) {
1333              $mysql_client_version = preg_replace( '/^\D+([\d.]+).*/', '$1', $mysql_client_version );
1334              if ( version_compare( $mysql_client_version, '5.0.9', '<' ) ) {
1335                  $result['status'] = 'recommended';
1336  
1337                  $result['label'] = __( 'utf8mb4 requires a newer client library' );
1338  
1339                  $result['description'] .= sprintf(
1340                      '<p>%s</p>',
1341                      sprintf(
1342                          /* translators: 1: Name of the library, 2: Number of version. */
1343                          __( 'WordPress&#8217; utf8mb4 support requires MySQL client library (%1$s) version %2$s or newer. Please contact your server administrator.' ),
1344                          'mysqlnd',
1345                          '5.0.9'
1346                      )
1347                  );
1348              }
1349          } else {
1350              if ( version_compare( $mysql_client_version, '5.5.3', '<' ) ) {
1351                  $result['status'] = 'recommended';
1352  
1353                  $result['label'] = __( 'utf8mb4 requires a newer client library' );
1354  
1355                  $result['description'] .= sprintf(
1356                      '<p>%s</p>',
1357                      sprintf(
1358                          /* translators: 1: Name of the library, 2: Number of version. */
1359                          __( 'WordPress&#8217; utf8mb4 support requires MySQL client library (%1$s) version %2$s or newer. Please contact your server administrator.' ),
1360                          'libmysql',
1361                          '5.5.3'
1362                      )
1363                  );
1364              }
1365          }
1366  
1367          return $result;
1368      }
1369  
1370      /**
1371       * Test if the site can communicate with WordPress.org.
1372       *
1373       * @since 5.2.0
1374       *
1375       * @return array The test results.
1376       */
1377  	public function get_test_dotorg_communication() {
1378          $result = array(
1379              'label'       => __( 'Can communicate with WordPress.org' ),
1380              'status'      => '',
1381              'badge'       => array(
1382                  'label' => __( 'Security' ),
1383                  'color' => 'blue',
1384              ),
1385              'description' => sprintf(
1386                  '<p>%s</p>',
1387                  __( 'Communicating with the WordPress servers is used to check for new versions, and to both install and update WordPress core, themes or plugins.' )
1388              ),
1389              'actions'     => '',
1390              'test'        => 'dotorg_communication',
1391          );
1392  
1393          $wp_dotorg = wp_remote_get(
1394              'https://api.wordpress.org',
1395              array(
1396                  'timeout' => 10,
1397              )
1398          );
1399          if ( ! is_wp_error( $wp_dotorg ) ) {
1400              $result['status'] = 'good';
1401          } else {
1402              $result['status'] = 'critical';
1403  
1404              $result['label'] = __( 'Could not reach WordPress.org' );
1405  
1406              $result['description'] .= sprintf(
1407                  '<p>%s</p>',
1408                  sprintf(
1409                      '<span class="error"><span class="screen-reader-text">%s</span></span> %s',
1410                      __( 'Error' ),
1411                      sprintf(
1412                          /* translators: 1: The IP address WordPress.org resolves to. 2: The error returned by the lookup. */
1413                          __( 'Your site is unable to reach WordPress.org at %1$s, and returned the error: %2$s' ),
1414                          gethostbyname( 'api.wordpress.org' ),
1415                          $wp_dotorg->get_error_message()
1416                      )
1417                  )
1418              );
1419  
1420              $result['actions'] = sprintf(
1421                  '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
1422                  /* translators: Localized Support reference. */
1423                  esc_url( __( 'https://wordpress.org/support' ) ),
1424                  __( 'Get help resolving this issue.' ),
1425                  /* translators: Accessibility text. */
1426                  __( '(opens in a new tab)' )
1427              );
1428          }
1429  
1430          return $result;
1431      }
1432  
1433      /**
1434       * Test if debug information is enabled.
1435       *
1436       * When WP_DEBUG is enabled, errors and information may be disclosed to site visitors,
1437       * or logged to a publicly accessible file.
1438       *
1439       * Debugging is also frequently left enabled after looking for errors on a site,
1440       * as site owners do not understand the implications of this.
1441       *
1442       * @since 5.2.0
1443       *
1444       * @return array The test results.
1445       */
1446  	public function get_test_is_in_debug_mode() {
1447          $result = array(
1448              'label'       => __( 'Your site is not set to output debug information' ),
1449              'status'      => 'good',
1450              'badge'       => array(
1451                  'label' => __( 'Security' ),
1452                  'color' => 'blue',
1453              ),
1454              'description' => sprintf(
1455                  '<p>%s</p>',
1456                  __( 'Debug mode is often enabled to gather more details about an error or site failure, but may contain sensitive information which should not be available on a publicly available website.' )
1457              ),
1458              'actions'     => sprintf(
1459                  '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
1460                  /* translators: Documentation explaining debugging in WordPress. */
1461                  esc_url( __( 'https://wordpress.org/support/article/debugging-in-wordpress/' ) ),
1462                  __( 'Learn more about debugging in WordPress.' ),
1463                  /* translators: Accessibility text. */
1464                  __( '(opens in a new tab)' )
1465              ),
1466              'test'        => 'is_in_debug_mode',
1467          );
1468  
1469          if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
1470              if ( defined( 'WP_DEBUG_LOG' ) && WP_DEBUG_LOG ) {
1471                  $result['label'] = __( 'Your site is set to log errors to a potentially public file' );
1472  
1473                  $result['status'] = ( 0 === strpos( ini_get( 'error_log' ), ABSPATH ) ) ? 'critical' : 'recommended';
1474  
1475                  $result['description'] .= sprintf(
1476                      '<p>%s</p>',
1477                      sprintf(
1478                          /* translators: %s: WP_DEBUG_LOG */
1479                          __( 'The value, %s, has been added to this website&#8217;s configuration file. This means any errors on the site will be written to a file which is potentially available to all users.' ),
1480                          '<code>WP_DEBUG_LOG</code>'
1481                      )
1482                  );
1483              }
1484  
1485              if ( defined( 'WP_DEBUG_DISPLAY' ) && WP_DEBUG_DISPLAY ) {
1486                  $result['label'] = __( 'Your site is set to display errors to site visitors' );
1487  
1488                  $result['status'] = 'critical';
1489  
1490                  // On development environments, set the status to recommended.
1491                  if ( $this->is_development_environment() ) {
1492                      $result['status'] = 'recommended';
1493                  }
1494  
1495                  $result['description'] .= sprintf(
1496                      '<p>%s</p>',
1497                      sprintf(
1498                          /* translators: 1: WP_DEBUG_DISPLAY, 2: WP_DEBUG */
1499                          __( 'The value, %1$s, has either been enabled by %2$s or added to your configuration file. This will make errors display on the front end of your site.' ),
1500                          '<code>WP_DEBUG_DISPLAY</code>',
1501                          '<code>WP_DEBUG</code>'
1502                      )
1503                  );
1504              }
1505          }
1506  
1507          return $result;
1508      }
1509  
1510      /**
1511       * Test if your site is serving content over HTTPS.
1512       *
1513       * Many sites have varying degrees of HTTPS support, the most common of which is sites that have it
1514       * enabled, but only if you visit the right site address.
1515       *
1516       * @since 5.2.0
1517       * @since 5.7.0 Updated to rely on {@see wp_is_using_https()} and {@see wp_is_https_supported()}.
1518       *
1519       * @return array The test results.
1520       */
1521  	public function get_test_https_status() {
1522          // Enforce fresh HTTPS detection results. This is normally invoked by using cron,
1523          // but for Site Health it should always rely on the latest results.
1524          wp_update_https_detection_errors();
1525  
1526          $default_update_url = wp_get_default_update_https_url();
1527  
1528          $result = array(
1529              'label'       => __( 'Your website is using an active HTTPS connection' ),
1530              'status'      => 'good',
1531              'badge'       => array(
1532                  'label' => __( 'Security' ),
1533                  'color' => 'blue',
1534              ),
1535              'description' => sprintf(
1536                  '<p>%s</p>',
1537                  __( 'An HTTPS connection is a more secure way of browsing the web. Many services now have HTTPS as a requirement. HTTPS allows you to take advantage of new features that can increase site speed, improve search rankings, and gain the trust of your visitors by helping to protect their online privacy.' )
1538              ),
1539              'actions'     => sprintf(
1540                  '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
1541                  esc_url( $default_update_url ),
1542                  __( 'Learn more about why you should use HTTPS' ),
1543                  /* translators: Accessibility text. */
1544                  __( '(opens in a new tab)' )
1545              ),
1546              'test'        => 'https_status',
1547          );
1548  
1549          if ( ! wp_is_using_https() ) {
1550              // If the website is not using HTTPS, provide more information
1551              // about whether it is supported and how it can be enabled.
1552              $result['status'] = 'recommended';
1553              $result['label']  = __( 'Your website does not use HTTPS' );
1554  
1555              if ( wp_is_site_url_using_https() ) {
1556                  if ( is_ssl() ) {
1557                      $result['description'] = sprintf(
1558                          '<p>%s</p>',
1559                          sprintf(
1560                              /* translators: %s: URL to Settings > General > Site Address. */
1561                              __( 'You are accessing this website using HTTPS, but your <a href="%s">Site Address</a> is not set up to use HTTPS by default.' ),
1562                              esc_url( admin_url( 'options-general.php' ) . '#home' )
1563                          )
1564                      );
1565                  } else {
1566                      $result['description'] = sprintf(
1567                          '<p>%s</p>',
1568                          sprintf(
1569                              /* translators: %s: URL to Settings > General > Site Address. */
1570                              __( 'Your <a href="%s">Site Address</a> is not set up to use HTTPS.' ),
1571                              esc_url( admin_url( 'options-general.php' ) . '#home' )
1572                          )
1573                      );
1574                  }
1575              } else {
1576                  if ( is_ssl() ) {
1577                      $result['description'] = sprintf(
1578                          '<p>%s</p>',
1579                          sprintf(
1580                              /* translators: 1: URL to Settings > General > WordPress Address, 2: URL to Settings > General > Site Address. */
1581                              __( 'You are accessing this website using HTTPS, but your <a href="%1$s">WordPress Address</a> and <a href="%2$s">Site Address</a> are not set up to use HTTPS by default.' ),
1582                              esc_url( admin_url( 'options-general.php' ) . '#siteurl' ),
1583                              esc_url( admin_url( 'options-general.php' ) . '#home' )
1584                          )
1585                      );
1586                  } else {
1587                      $result['description'] = sprintf(
1588                          '<p>%s</p>',
1589                          sprintf(
1590                              /* translators: 1: URL to Settings > General > WordPress Address, 2: URL to Settings > General > Site Address. */
1591                              __( 'Your <a href="%1$s">WordPress Address</a> and <a href="%2$s">Site Address</a> are not set up to use HTTPS.' ),
1592                              esc_url( admin_url( 'options-general.php' ) . '#siteurl' ),
1593                              esc_url( admin_url( 'options-general.php' ) . '#home' )
1594                          )
1595                      );
1596                  }
1597              }
1598  
1599              if ( wp_is_https_supported() ) {
1600                  $result['description'] .= sprintf(
1601                      '<p>%s</p>',
1602                      __( 'HTTPS is already supported for your website.' )
1603                  );
1604  
1605                  if ( defined( 'WP_HOME' ) || defined( 'WP_SITEURL' ) ) {
1606                      $result['description'] .= sprintf(
1607                          '<p>%s</p>',
1608                          sprintf(
1609                              /* translators: 1: wp-config.php, 2: WP_HOME, 3: WP_SITEURL */
1610                              __( 'However, your WordPress Address is currently controlled by a PHP constant and therefore cannot be updated. You need to edit your %1$s and remove or update the definitions of %2$s and %3$s.' ),
1611                              '<code>wp-config.php</code>',
1612                              '<code>WP_HOME</code>',
1613                              '<code>WP_SITEURL</code>'
1614                          )
1615                      );
1616                  } elseif ( current_user_can( 'update_https' ) ) {
1617                      $default_direct_update_url = add_query_arg( 'action', 'update_https', wp_nonce_url( admin_url( 'site-health.php' ), 'wp_update_https' ) );
1618                      $direct_update_url         = wp_get_direct_update_https_url();
1619  
1620                      if ( ! empty( $direct_update_url ) ) {
1621                          $result['actions'] = sprintf(
1622                              '<p class="button-container"><a class="button button-primary" href="%1$s" target="_blank" rel="noopener">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
1623                              esc_url( $direct_update_url ),
1624                              __( 'Update your site to use HTTPS' ),
1625                              /* translators: Accessibility text. */
1626                              __( '(opens in a new tab)' )
1627                          );
1628                      } else {
1629                          $result['actions'] = sprintf(
1630                              '<p class="button-container"><a class="button button-primary" href="%1$s">%2$s</a></p>',
1631                              esc_url( $default_direct_update_url ),
1632                              __( 'Update your site to use HTTPS' )
1633                          );
1634                      }
1635                  }
1636              } else {
1637                  // If host-specific "Update HTTPS" URL is provided, include a link.
1638                  $update_url = wp_get_update_https_url();
1639                  if ( $update_url !== $default_update_url ) {
1640                      $result['description'] .= sprintf(
1641                          '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
1642                          esc_url( $update_url ),
1643                          __( 'Talk to your web host about supporting HTTPS for your website.' ),
1644                          /* translators: Accessibility text. */
1645                          __( '(opens in a new tab)' )
1646                      );
1647                  } else {
1648                      $result['description'] .= sprintf(
1649                          '<p>%s</p>',
1650                          __( 'Talk to your web host about supporting HTTPS for your website.' )
1651                      );
1652                  }
1653              }
1654          }
1655  
1656          return $result;
1657      }
1658  
1659      /**
1660       * Check if the HTTP API can handle SSL/TLS requests.
1661       *
1662       * @since 5.2.0
1663       *
1664       * @return array The test results.
1665       */
1666  	public function get_test_ssl_support() {
1667          $result = array(
1668              'label'       => '',
1669              'status'      => '',
1670              'badge'       => array(
1671                  'label' => __( 'Security' ),
1672                  'color' => 'blue',
1673              ),
1674              'description' => sprintf(
1675                  '<p>%s</p>',
1676                  __( 'Securely communicating between servers are needed for transactions such as fetching files, conducting sales on store sites, and much more.' )
1677              ),
1678              'actions'     => '',
1679              'test'        => 'ssl_support',
1680          );
1681  
1682          $supports_https = wp_http_supports( array( 'ssl' ) );
1683  
1684          if ( $supports_https ) {
1685              $result['status'] = 'good';
1686  
1687              $result['label'] = __( 'Your site can communicate securely with other services' );
1688          } else {
1689              $result['status'] = 'critical';
1690  
1691              $result['label'] = __( 'Your site is unable to communicate securely with other services' );
1692  
1693              $result['description'] .= sprintf(
1694                  '<p>%s</p>',
1695                  __( 'Talk to your web host about OpenSSL support for PHP.' )
1696              );
1697          }
1698  
1699          return $result;
1700      }
1701  
1702      /**
1703       * Test if scheduled events run as intended.
1704       *
1705       * If scheduled events are not running, this may indicate something with WP_Cron is not working
1706       * as intended, or that there are orphaned events hanging around from older code.
1707       *
1708       * @since 5.2.0
1709       *
1710       * @return array The test results.
1711       */
1712  	public function get_test_scheduled_events() {
1713          $result = array(
1714              'label'       => __( 'Scheduled events are running' ),
1715              'status'      => 'good',
1716              'badge'       => array(
1717                  'label' => __( 'Performance' ),
1718                  'color' => 'blue',
1719              ),
1720              'description' => sprintf(
1721                  '<p>%s</p>',
1722                  __( 'Scheduled events are what periodically looks for updates to plugins, themes and WordPress itself. It is also what makes sure scheduled posts are published on time. It may also be used by various plugins to make sure that planned actions are executed.' )
1723              ),
1724              'actions'     => '',
1725              'test'        => 'scheduled_events',
1726          );
1727  
1728          $this->wp_schedule_test_init();
1729  
1730          if ( is_wp_error( $this->has_missed_cron() ) ) {
1731              $result['status'] = 'critical';
1732  
1733              $result['label'] = __( 'It was not possible to check your scheduled events' );
1734  
1735              $result['description'] = sprintf(
1736                  '<p>%s</p>',
1737                  sprintf(
1738                      /* translators: %s: The error message returned while from the cron scheduler. */
1739                      __( 'While trying to test your site&#8217;s scheduled events, the following error was returned: %s' ),
1740                      $this->has_missed_cron()->get_error_message()
1741                  )
1742              );
1743          } elseif ( $this->has_missed_cron() ) {
1744              $result['status'] = 'recommended';
1745  
1746              $result['label'] = __( 'A scheduled event has failed' );
1747  
1748              $result['description'] = sprintf(
1749                  '<p>%s</p>',
1750                  sprintf(
1751                      /* translators: %s: The name of the failed cron event. */
1752                      __( 'The scheduled event, %s, failed to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.' ),
1753                      $this->last_missed_cron
1754                  )
1755              );
1756          } elseif ( $this->has_late_cron() ) {
1757              $result['status'] = 'recommended';
1758  
1759              $result['label'] = __( 'A scheduled event is late' );
1760  
1761              $result['description'] = sprintf(
1762                  '<p>%s</p>',
1763                  sprintf(
1764                      /* translators: %s: The name of the late cron event. */
1765                      __( 'The scheduled event, %s, is late to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.' ),
1766                      $this->last_late_cron
1767                  )
1768              );
1769          }
1770  
1771          return $result;
1772      }
1773  
1774      /**
1775       * Test if WordPress can run automated background updates.
1776       *
1777       * Background updates in WordPress are primarily used for minor releases and security updates.
1778       * It's important to either have these working, or be aware that they are intentionally disabled
1779       * for whatever reason.
1780       *
1781       * @since 5.2.0
1782       *
1783       * @return array The test results.
1784       */
1785  	public function get_test_background_updates() {
1786          $result = array(
1787              'label'       => __( 'Background updates are working' ),
1788              'status'      => 'good',
1789              'badge'       => array(
1790                  'label' => __( 'Security' ),
1791                  'color' => 'blue',
1792              ),
1793              'description' => sprintf(
1794                  '<p>%s</p>',
1795                  __( 'Background updates ensure that WordPress can auto-update if a security update is released for the version you are currently using.' )
1796              ),
1797              'actions'     => '',
1798              'test'        => 'background_updates',
1799          );
1800  
1801          if ( ! class_exists( 'WP_Site_Health_Auto_Updates' ) ) {
1802              require_once ABSPATH . 'wp-admin/includes/class-wp-site-health-auto-updates.php';
1803          }
1804  
1805          // Run the auto-update tests in a separate class,
1806          // as there are many considerations to be made.
1807          $automatic_updates = new WP_Site_Health_Auto_Updates();
1808          $tests             = $automatic_updates->run_tests();
1809  
1810          $output = '<ul>';
1811  
1812          foreach ( $tests as $test ) {
1813              $severity_string = __( 'Passed' );
1814  
1815              if ( 'fail' === $test->severity ) {
1816                  $result['label'] = __( 'Background updates are not working as expected' );
1817  
1818                  $result['status'] = 'critical';
1819  
1820                  $severity_string = __( 'Error' );
1821              }
1822  
1823              if ( 'warning' === $test->severity && 'good' === $result['status'] ) {
1824                  $result['label'] = __( 'Background updates may not be working properly' );
1825  
1826                  $result['status'] = 'recommended';
1827  
1828                  $severity_string = __( 'Warning' );
1829              }
1830  
1831              $output .= sprintf(
1832                  '<li><span class="dashicons %s"><span class="screen-reader-text">%s</span></span> %s</li>',
1833                  esc_attr( $test->severity ),
1834                  $severity_string,
1835                  $test->description
1836              );
1837          }
1838  
1839          $output .= '</ul>';
1840  
1841          if ( 'good' !== $result['status'] ) {
1842              $result['description'] .= $output;
1843          }
1844  
1845          return $result;
1846      }
1847  
1848      /**
1849       * Test if plugin and theme auto-updates appear to be configured correctly.
1850       *
1851       * @since 5.5.0
1852       *
1853       * @return array The test results.
1854       */
1855  	public function get_test_plugin_theme_auto_updates() {
1856          $result = array(
1857              'label'       => __( 'Plugin and theme auto-updates appear to be configured correctly' ),
1858              'status'      => 'good',
1859              'badge'       => array(
1860                  'label' => __( 'Security' ),
1861                  'color' => 'blue',
1862              ),
1863              'description' => sprintf(
1864                  '<p>%s</p>',
1865                  __( 'Plugin and theme auto-updates ensure that the latest versions are always installed.' )
1866              ),
1867              'actions'     => '',
1868              'test'        => 'plugin_theme_auto_updates',
1869          );
1870  
1871          $check_plugin_theme_updates = $this->detect_plugin_theme_auto_update_issues();
1872  
1873          $result['status'] = $check_plugin_theme_updates->status;
1874  
1875          if ( 'good' !== $result['status'] ) {
1876              $result['label'] = __( 'Your site may have problems auto-updating plugins and themes' );
1877  
1878              $result['description'] .= sprintf(
1879                  '<p>%s</p>',
1880                  $check_plugin_theme_updates->message
1881              );
1882          }
1883  
1884          return $result;
1885      }
1886  
1887      /**
1888       * Test if loopbacks work as expected.
1889       *
1890       * A loopback is when WordPress queries itself, for example to start a new WP_Cron instance,
1891       * or when editing a plugin or theme. This has shown itself to be a recurring issue,
1892       * as code can very easily break this interaction.
1893       *
1894       * @since 5.2.0
1895       *
1896       * @return array The test results.
1897       */
1898  	public function get_test_loopback_requests() {
1899          $result = array(
1900              'label'       => __( 'Your site can perform loopback requests' ),
1901              'status'      => 'good',
1902              'badge'       => array(
1903                  'label' => __( 'Performance' ),
1904                  'color' => 'blue',
1905              ),
1906              'description' => sprintf(
1907                  '<p>%s</p>',
1908                  __( 'Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.' )
1909              ),
1910              'actions'     => '',
1911              'test'        => 'loopback_requests',
1912          );
1913  
1914          $check_loopback = $this->can_perform_loopback();
1915  
1916          $result['status'] = $check_loopback->status;
1917  
1918          if ( 'good' !== $result['status'] ) {
1919              $result['label'] = __( 'Your site could not complete a loopback request' );
1920  
1921              $result['description'] .= sprintf(
1922                  '<p>%s</p>',
1923                  $check_loopback->message
1924              );
1925          }
1926  
1927          return $result;
1928      }
1929  
1930      /**
1931       * Test if HTTP requests are blocked.
1932       *
1933       * It's possible to block all outgoing communication (with the possibility of allowing certain
1934       * hosts) via the HTTP API. This may create problems for users as many features are running as
1935       * services these days.
1936       *
1937       * @since 5.2.0
1938       *
1939       * @return array The test results.
1940       */
1941  	public function get_test_http_requests() {
1942          $result = array(
1943              'label'       => __( 'HTTP requests seem to be working as expected' ),
1944              'status'      => 'good',
1945              'badge'       => array(
1946                  'label' => __( 'Performance' ),
1947                  'color' => 'blue',
1948              ),
1949              'description' => sprintf(
1950                  '<p>%s</p>',
1951                  __( 'It is possible for site maintainers to block all, or some, communication to other sites and services. If set up incorrectly, this may prevent plugins and themes from working as intended.' )
1952              ),
1953              'actions'     => '',
1954              'test'        => 'http_requests',
1955          );
1956  
1957          $blocked = false;
1958          $hosts   = array();
1959  
1960          if ( defined( 'WP_HTTP_BLOCK_EXTERNAL' ) && WP_HTTP_BLOCK_EXTERNAL ) {
1961              $blocked = true;
1962          }
1963  
1964          if ( defined( 'WP_ACCESSIBLE_HOSTS' ) ) {
1965              $hosts = explode( ',', WP_ACCESSIBLE_HOSTS );
1966          }
1967  
1968          if ( $blocked && 0 === count( $hosts ) ) {
1969              $result['status'] = 'critical';
1970  
1971              $result['label'] = __( 'HTTP requests are blocked' );
1972  
1973              $result['description'] .= sprintf(
1974                  '<p>%s</p>',
1975                  sprintf(
1976                      /* translators: %s: Name of the constant used. */
1977                      __( 'HTTP requests have been blocked by the %s constant, with no allowed hosts.' ),
1978                      '<code>WP_HTTP_BLOCK_EXTERNAL</code>'
1979                  )
1980              );
1981          }
1982  
1983          if ( $blocked && 0 < count( $hosts ) ) {
1984              $result['status'] = 'recommended';
1985  
1986              $result['label'] = __( 'HTTP requests are partially blocked' );
1987  
1988              $result['description'] .= sprintf(
1989                  '<p>%s</p>',
1990                  sprintf(
1991                      /* translators: 1: Name of the constant used. 2: List of allowed hostnames. */
1992                      __( 'HTTP requests have been blocked by the %1$s constant, with some allowed hosts: %2$s.' ),
1993                      '<code>WP_HTTP_BLOCK_EXTERNAL</code>',
1994                      implode( ',', $hosts )
1995                  )
1996              );
1997          }
1998  
1999          return $result;
2000      }
2001  
2002      /**
2003       * Test if the REST API is accessible.
2004       *
2005       * Various security measures may block the REST API from working, or it may have been disabled in general.
2006       * This is required for the new block editor to work, so we explicitly test for this.
2007       *
2008       * @since 5.2.0
2009       *
2010       * @return array The test results.
2011       */
2012  	public function get_test_rest_availability() {
2013          $result = array(
2014              'label'       => __( 'The REST API is available' ),
2015              'status'      => 'good',
2016              'badge'       => array(
2017                  'label' => __( 'Performance' ),
2018                  'color' => 'blue',
2019              ),
2020              'description' => sprintf(
2021                  '<p>%s</p>',
2022                  __( 'The REST API is one way WordPress, and other applications, communicate with the server. One example is the block editor screen, which relies on this to display, and save, your posts and pages.' )
2023              ),
2024              'actions'     => '',
2025              'test'        => 'rest_availability',
2026          );
2027  
2028          $cookies = wp_unslash( $_COOKIE );
2029          $timeout = 10;
2030          $headers = array(
2031              'Cache-Control' => 'no-cache',
2032              'X-WP-Nonce'    => wp_create_nonce( 'wp_rest' ),
2033          );
2034          /** This filter is documented in wp-includes/class-wp-http-streams.php */
2035          $sslverify = apply_filters( 'https_local_ssl_verify', false );
2036  
2037          // Include Basic auth in loopback requests.
2038          if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) {
2039              $headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) );
2040          }
2041  
2042          $url = rest_url( 'wp/v2/types/post' );
2043  
2044          // The context for this is editing with the new block editor.
2045          $url = add_query_arg(
2046              array(
2047                  'context' => 'edit',
2048              ),
2049              $url
2050          );
2051  
2052          $r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) );
2053  
2054          if ( is_wp_error( $r ) ) {
2055              $result['status'] = 'critical';
2056  
2057              $result['label'] = __( 'The REST API encountered an error' );
2058  
2059              $result['description'] .= sprintf(
2060                  '<p>%s</p>',
2061                  sprintf(
2062                      '%s<br>%s',
2063                      __( 'The REST API request failed due to an error.' ),
2064                      sprintf(
2065                          /* translators: 1: The WordPress error message. 2: The WordPress error code. */
2066                          __( 'Error: %1$s (%2$s)' ),
2067                          $r->get_error_message(),
2068                          $r->get_error_code()
2069                      )
2070                  )
2071              );
2072          } elseif ( 200 !== wp_remote_retrieve_response_code( $r ) ) {
2073              $result['status'] = 'recommended';
2074  
2075              $result['label'] = __( 'The REST API encountered an unexpected result' );
2076  
2077              $result['description'] .= sprintf(
2078                  '<p>%s</p>',
2079                  sprintf(
2080                      /* translators: 1: The HTTP error code. 2: The HTTP error message. */
2081                      __( 'The REST API call gave the following unexpected result: (%1$d) %2$s.' ),
2082                      wp_remote_retrieve_response_code( $r ),
2083                      esc_html( wp_remote_retrieve_body( $r ) )
2084                  )
2085              );
2086          } else {
2087              $json = json_decode( wp_remote_retrieve_body( $r ), true );
2088  
2089              if ( false !== $json && ! isset( $json['capabilities'] ) ) {
2090                  $result['status'] = 'recommended';
2091  
2092                  $result['label'] = __( 'The REST API did not behave correctly' );
2093  
2094                  $result['description'] .= sprintf(
2095                      '<p>%s</p>',
2096                      sprintf(
2097                          /* translators: %s: The name of the query parameter being tested. */
2098                          __( 'The REST API did not process the %s query parameter correctly.' ),
2099                          '<code>context</code>'
2100                      )
2101                  );
2102              }
2103          }
2104  
2105          return $result;
2106      }
2107  
2108      /**
2109       * Test if 'file_uploads' directive in PHP.ini is turned off.
2110       *
2111       * @since 5.5.0
2112       *
2113       * @return array The test results.
2114       */
2115  	public function get_test_file_uploads() {
2116          $result = array(
2117              'label'       => __( 'Files can be uploaded' ),
2118              'status'      => 'good',
2119              'badge'       => array(
2120                  'label' => __( 'Performance' ),
2121                  'color' => 'blue',
2122              ),
2123              'description' => sprintf(
2124                  '<p>%s</p>',
2125                  sprintf(
2126                      /* translators: 1: file_uploads, 2: php.ini */
2127                      __( 'The %1$s directive in %2$s determines if uploading files is allowed on your site.' ),
2128                      '<code>file_uploads</code>',
2129                      '<code>php.ini</code>'
2130                  )
2131              ),
2132              'actions'     => '',
2133              'test'        => 'file_uploads',
2134          );
2135  
2136          if ( ! function_exists( 'ini_get' ) ) {
2137              $result['status']       = 'critical';
2138              $result['description'] .= sprintf(
2139                  /* translators: %s: ini_get() */
2140                  __( 'The %s function has been disabled, some media settings are unavailable because of this.' ),
2141                  '<code>ini_get()</code>'
2142              );
2143              return $result;
2144          }
2145  
2146          if ( empty( ini_get( 'file_uploads' ) ) ) {
2147              $result['status']       = 'critical';
2148              $result['description'] .= sprintf(
2149                  '<p>%s</p>',
2150                  sprintf(
2151                      /* translators: 1: file_uploads, 2: 0 */
2152                      __( '%1$s is set to %2$s. You won\'t be able to upload files on your site.' ),
2153                      '<code>file_uploads</code>',
2154                      '<code>0</code>'
2155                  )
2156              );
2157              return $result;
2158          }
2159  
2160          $post_max_size       = ini_get( 'post_max_size' );
2161          $upload_max_filesize = ini_get( 'upload_max_filesize' );
2162  
2163          if ( wp_convert_hr_to_bytes( $post_max_size ) < wp_convert_hr_to_bytes( $upload_max_filesize ) ) {
2164              $result['label'] = sprintf(
2165                  /* translators: 1: post_max_size, 2: upload_max_filesize */
2166                  __( 'The "%1$s" value is smaller than "%2$s"' ),
2167                  'post_max_size',
2168                  'upload_max_filesize'
2169              );
2170              $result['status'] = 'recommended';
2171  
2172              if ( 0 === wp_convert_hr_to_bytes( $post_max_size ) ) {
2173                  $result['description'] = sprintf(
2174                      '<p>%s</p>',
2175                      sprintf(
2176                          /* translators: 1: post_max_size, 2: upload_max_filesize */
2177                          __( 'The setting for %1$s is currently configured as 0, this could cause some problems when trying to upload files through plugin or theme features that rely on various upload methods. It is recommended to configure this setting to a fixed value, ideally matching the value of %2$s, as some upload methods read the value 0 as either unlimited, or disabled.' ),
2178                          '<code>post_max_size</code>',
2179                          '<code>upload_max_filesize</code>'
2180                      )
2181                  );
2182              } else {
2183                  $result['description'] = sprintf(
2184                      '<p>%s</p>',
2185                      sprintf(
2186                          /* translators: 1: post_max_size, 2: upload_max_filesize */
2187                          __( 'The setting for %1$s is smaller than %2$s, this could cause some problems when trying to upload files.' ),
2188                          '<code>post_max_size</code>',
2189                          '<code>upload_max_filesize</code>'
2190                      )
2191                  );
2192              }
2193  
2194              return $result;
2195          }
2196  
2197          return $result;
2198      }
2199  
2200      /**
2201       * Tests if the Authorization header has the expected values.
2202       *
2203       * @since 5.6.0
2204       *
2205       * @return array
2206       */
2207  	public function get_test_authorization_header() {
2208          $result = array(
2209              'label'       => __( 'The Authorization header is working as expected' ),
2210              'status'      => 'good',
2211              'badge'       => array(
2212                  'label' => __( 'Security' ),
2213                  'color' => 'blue',
2214              ),
2215              'description' => sprintf(
2216                  '<p>%s</p>',
2217                  __( 'The Authorization header comes from the third-party applications you approve. Without it, those apps cannot connect to your site.' )
2218              ),
2219              'actions'     => '',
2220              'test'        => 'authorization_header',
2221          );
2222  
2223          if ( ! isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) {
2224              $result['label'] = __( 'The authorization header is missing' );
2225          } elseif ( 'user' !== $_SERVER['PHP_AUTH_USER'] || 'pwd' !== $_SERVER['PHP_AUTH_PW'] ) {
2226              $result['label'] = __( 'The authorization header is invalid' );
2227          } else {
2228              return $result;
2229          }
2230  
2231          $result['status'] = 'recommended';
2232  
2233          if ( ! function_exists( 'got_mod_rewrite' ) ) {
2234              require_once ABSPATH . 'wp-admin/includes/misc.php';
2235          }
2236  
2237          if ( got_mod_rewrite() ) {
2238              $result['actions'] .= sprintf(
2239                  '<p><a href="%s">%s</a></p>',
2240                  esc_url( admin_url( 'options-permalink.php' ) ),
2241                  __( 'Flush permalinks' )
2242              );
2243          } else {
2244              $result['actions'] .= sprintf(
2245                  '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
2246                  __( 'https://developer.wordpress.org/rest-api/frequently-asked-questions/#why-is-authentication-not-working' ),
2247                  __( 'Learn how to configure the Authorization header.' ),
2248                  /* translators: Accessibility text. */
2249                  __( '(opens in a new tab)' )
2250              );
2251          }
2252  
2253          return $result;
2254      }
2255  
2256      /**
2257       * Return a set of tests that belong to the site status page.
2258       *
2259       * Each site status test is defined here, they may be `direct` tests, that run on page load, or `async` tests
2260       * which will run later down the line via JavaScript calls to improve page performance and hopefully also user
2261       * experiences.
2262       *
2263       * @since 5.2.0
2264       * @since 5.6.0 Added support for `has_rest` and `permissions`.
2265       *
2266       * @return array The list of tests to run.
2267       */
2268  	public static function get_tests() {
2269          $tests = array(
2270              'direct' => array(
2271                  'wordpress_version'         => array(
2272                      'label' => __( 'WordPress Version' ),
2273                      'test'  => 'wordpress_version',
2274                  ),
2275                  'plugin_version'            => array(
2276                      'label' => __( 'Plugin Versions' ),
2277                      'test'  => 'plugin_version',
2278                  ),
2279                  'theme_version'             => array(
2280                      'label' => __( 'Theme Versions' ),
2281                      'test'  => 'theme_version',
2282                  ),
2283                  'php_version'               => array(
2284                      'label' => __( 'PHP Version' ),
2285                      'test'  => 'php_version',
2286                  ),
2287                  'php_extensions'            => array(
2288                      'label' => __( 'PHP Extensions' ),
2289                      'test'  => 'php_extensions',
2290                  ),
2291                  'php_default_timezone'      => array(
2292                      'label' => __( 'PHP Default Timezone' ),
2293                      'test'  => 'php_default_timezone',
2294                  ),
2295                  'php_sessions'              => array(
2296                      'label' => __( 'PHP Sessions' ),
2297                      'test'  => 'php_sessions',
2298                  ),
2299                  'sql_server'                => array(
2300                      'label' => __( 'Database Server version' ),
2301                      'test'  => 'sql_server',
2302                  ),
2303                  'utf8mb4_support'           => array(
2304                      'label' => __( 'MySQL utf8mb4 support' ),
2305                      'test'  => 'utf8mb4_support',
2306                  ),
2307                  'ssl_support'               => array(
2308                      'label' => __( 'Secure communication' ),
2309                      'test'  => 'ssl_support',
2310                  ),
2311                  'scheduled_events'          => array(
2312                      'label' => __( 'Scheduled events' ),
2313                      'test'  => 'scheduled_events',
2314                  ),
2315                  'http_requests'             => array(
2316                      'label' => __( 'HTTP Requests' ),
2317                      'test'  => 'http_requests',
2318                  ),
2319                  'rest_availability'         => array(
2320                      'label'     => __( 'REST API availability' ),
2321                      'test'      => 'rest_availability',
2322                      'skip_cron' => true,
2323                  ),
2324                  'debug_enabled'             => array(
2325                      'label' => __( 'Debugging enabled' ),
2326                      'test'  => 'is_in_debug_mode',
2327                  ),
2328                  'file_uploads'              => array(
2329                      'label' => __( 'File uploads' ),
2330                      'test'  => 'file_uploads',
2331                  ),
2332                  'plugin_theme_auto_updates' => array(
2333                      'label' => __( 'Plugin and theme auto-updates' ),
2334                      'test'  => 'plugin_theme_auto_updates',
2335                  ),
2336              ),
2337              'async'  => array(
2338                  'dotorg_communication' => array(
2339                      'label'             => __( 'Communication with WordPress.org' ),
2340                      'test'              => rest_url( 'wp-site-health/v1/tests/dotorg-communication' ),
2341                      'has_rest'          => true,
2342                      'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_dotorg_communication' ),
2343                  ),
2344                  'background_updates'   => array(
2345                      'label'             => __( 'Background updates' ),
2346                      'test'              => rest_url( 'wp-site-health/v1/tests/background-updates' ),
2347                      'has_rest'          => true,
2348                      'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_background_updates' ),
2349                  ),
2350                  'loopback_requests'    => array(
2351                      'label'             => __( 'Loopback request' ),
2352                      'test'              => rest_url( 'wp-site-health/v1/tests/loopback-requests' ),
2353                      'has_rest'          => true,
2354                      'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_loopback_requests' ),
2355                  ),
2356                  'https_status'         => array(
2357                      'label'             => __( 'HTTPS status' ),
2358                      'test'              => rest_url( 'wp-site-health/v1/tests/https-status' ),
2359                      'has_rest'          => true,
2360                      'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_https_status' ),
2361                  ),
2362              ),
2363          );
2364  
2365          // Conditionally include Authorization header test if the site isn't protected by Basic Auth.
2366          if ( ! wp_is_site_protected_by_basic_auth() ) {
2367              $tests['async']['authorization_header'] = array(
2368                  'label'     => __( 'Authorization header' ),
2369                  'test'      => rest_url( 'wp-site-health/v1/tests/authorization-header' ),
2370                  'has_rest'  => true,
2371                  'headers'   => array( 'Authorization' => 'Basic ' . base64_encode( 'user:pwd' ) ),
2372                  'skip_cron' => true,
2373              );
2374          }
2375  
2376          /**
2377           * Add or modify which site status tests are run on a site.
2378           *
2379           * The site health is determined by a set of tests based on best practices from
2380           * both the WordPress Hosting Team and web standards in general.
2381           *
2382           * Some sites may not have the same requirements, for example the automatic update
2383           * checks may be handled by a host, and are therefore disabled in core.
2384           * Or maybe you want to introduce a new test, is caching enabled/disabled/stale for example.
2385           *
2386           * Tests may be added either as direct, or asynchronous ones. Any test that may require some time
2387           * to complete should run asynchronously, to avoid extended loading periods within wp-admin.
2388           *
2389           * @since 5.2.0
2390           * @since 5.6.0 Added the `async_direct_test` array key for asynchronous tests.
2391           *              Added the `skip_cron` array key for all tests.
2392           *
2393           * @param array[] $tests {
2394           *     An associative array of direct and asynchronous tests.
2395           *
2396           *     @type array[] $direct {
2397           *         An array of direct tests.
2398           *
2399           *         @type array ...$identifier {
2400           *             `$identifier` should be a unique identifier for the test. Plugins and themes are encouraged to
2401           *             prefix test identifiers with their slug to avoid collisions between tests.
2402           *
2403           *             @type string   $label     The friendly label to identify the test.
2404           *             @type callable $test      The callback function that runs the test and returns its result.
2405           *             @type bool     $skip_cron Whether to skip this test when running as cron.
2406           *         }
2407           *     }
2408           *     @type array[] $async {
2409           *         An array of asynchronous tests.
2410           *
2411           *         @type array ...$identifier {
2412           *             `$identifier` should be a unique identifier for the test. Plugins and themes are encouraged to
2413           *             prefix test identifiers with their slug to avoid collisions between tests.
2414           *
2415           *             @type string   $label             The friendly label to identify the test.
2416           *             @type string   $test              An admin-ajax.php action to be called to perform the test, or
2417           *                                               if `$has_rest` is true, a URL to a REST API endpoint to perform
2418           *                                               the test.
2419           *             @type bool     $has_rest          Whether the `$test` property points to a REST API endpoint.
2420           *             @type bool     $skip_cron         Whether to skip this test when running as cron.
2421           *             @type callable $async_direct_test A manner of directly calling the test marked as asynchronous,
2422           *                                               as the scheduled event can not authenticate, and endpoints
2423           *                                               may require authentication.
2424           *         }
2425           *     }
2426           * }
2427           */
2428          $tests = apply_filters( 'site_status_tests', $tests );
2429  
2430          // Ensure that the filtered tests contain the required array keys.
2431          $tests = array_merge(
2432              array(
2433                  'direct' => array(),
2434                  'async'  => array(),
2435              ),
2436              $tests
2437          );
2438  
2439          return $tests;
2440      }
2441  
2442      /**
2443       * Add a class to the body HTML tag.
2444       *
2445       * Filters the body class string for admin pages and adds our own class for easier styling.
2446       *
2447       * @since 5.2.0
2448       *
2449       * @param string $body_class The body class string.
2450       * @return string The modified body class string.
2451       */
2452  	public function admin_body_class( $body_class ) {
2453          $screen = get_current_screen();
2454          if ( 'site-health' !== $screen->id ) {
2455              return $body_class;
2456          }
2457  
2458          $body_class .= ' site-health';
2459  
2460          return $body_class;
2461      }
2462  
2463      /**
2464       * Initiate the WP_Cron schedule test cases.
2465       *
2466       * @since 5.2.0
2467       */
2468  	private function wp_schedule_test_init() {
2469          $this->schedules = wp_get_schedules();
2470          $this->get_cron_tasks();
2471      }
2472  
2473      /**
2474       * Populate our list of cron events and store them to a class-wide variable.
2475       *
2476       * @since 5.2.0
2477       */
2478  	private function get_cron_tasks() {
2479          $cron_tasks = _get_cron_array();
2480  
2481          if ( empty( $cron_tasks ) ) {
2482              $this->crons = new WP_Error( 'no_tasks', __( 'No scheduled events exist on this site.' ) );
2483              return;
2484          }
2485  
2486          $this->crons = array();
2487  
2488          foreach ( $cron_tasks as $time => $cron ) {
2489              foreach ( $cron as $hook => $dings ) {
2490                  foreach ( $dings as $sig => $data ) {
2491  
2492                      $this->crons[ "$hook-$sig-$time" ] = (object) array(
2493                          'hook'     => $hook,
2494                          'time'     => $time,
2495                          'sig'      => $sig,
2496                          'args'     => $data['args'],
2497                          'schedule' => $data['schedule'],
2498                          'interval' => isset( $data['interval'] ) ? $data['interval'] : null,
2499                      );
2500  
2501                  }
2502              }
2503          }
2504      }
2505  
2506      /**
2507       * Check if any scheduled tasks have been missed.
2508       *
2509       * Returns a boolean value of `true` if a scheduled task has been missed and ends processing.
2510       *
2511       * If the list of crons is an instance of WP_Error, returns the instance instead of a boolean value.
2512       *
2513       * @since 5.2.0
2514       *
2515       * @return bool|WP_Error True if a cron was missed, false if not. WP_Error if the cron is set to that.
2516       */
2517  	public function has_missed_cron() {
2518          if ( is_wp_error( $this->crons ) ) {
2519              return $this->crons;
2520          }
2521  
2522          foreach ( $this->crons as $id => $cron ) {
2523              if ( ( $cron->time - time() ) < $this->timeout_missed_cron ) {
2524                  $this->last_missed_cron = $cron->hook;
2525                  return true;
2526              }
2527          }
2528  
2529          return false;
2530      }
2531  
2532      /**
2533       * Check if any scheduled tasks are late.
2534       *
2535       * Returns a boolean value of `true` if a scheduled task is late and ends processing.
2536       *
2537       * If the list of crons is an instance of WP_Error, returns the instance instead of a boolean value.
2538       *
2539       * @since 5.3.0
2540       *
2541       * @return bool|WP_Error True if a cron is late, false if not. WP_Error if the cron is set to that.
2542       */
2543  	public function has_late_cron() {
2544          if ( is_wp_error( $this->crons ) ) {
2545              return $this->crons;
2546          }
2547  
2548          foreach ( $this->crons as $id => $cron ) {
2549              $cron_offset = $cron->time - time();
2550              if (
2551                  $cron_offset >= $this->timeout_missed_cron &&
2552                  $cron_offset < $this->timeout_late_cron
2553              ) {
2554                  $this->last_late_cron = $cron->hook;
2555                  return true;
2556              }
2557          }
2558  
2559          return false;
2560      }
2561  
2562      /**
2563       * Check for potential issues with plugin and theme auto-updates.
2564       *
2565       * Though there is no way to 100% determine if plugin and theme auto-updates are configured
2566       * correctly, a few educated guesses could be made to flag any conditions that would
2567       * potentially cause unexpected behaviors.
2568       *
2569       * @since 5.5.0
2570       *
2571       * @return object The test results.
2572       */
2573  	public function detect_plugin_theme_auto_update_issues() {
2574          $mock_plugin = (object) array(
2575              'id'            => 'w.org/plugins/a-fake-plugin',
2576              'slug'          => 'a-fake-plugin',
2577              'plugin'        => 'a-fake-plugin/a-fake-plugin.php',
2578              'new_version'   => '9.9',
2579              'url'           => 'https://wordpress.org/plugins/a-fake-plugin/',
2580              'package'       => 'https://downloads.wordpress.org/plugin/a-fake-plugin.9.9.zip',
2581              'icons'         => array(
2582                  '2x' => 'https://ps.w.org/a-fake-plugin/assets/icon-256x256.png',
2583                  '1x' => 'https://ps.w.org/a-fake-plugin/assets/icon-128x128.png',
2584              ),
2585              'banners'       => array(
2586                  '2x' => 'https://ps.w.org/a-fake-plugin/assets/banner-1544x500.png',
2587                  '1x' => 'https://ps.w.org/a-fake-plugin/assets/banner-772x250.png',
2588              ),
2589              'banners_rtl'   => array(),
2590              'tested'        => '5.5.0',
2591              'requires_php'  => '5.6.20',
2592              'compatibility' => new stdClass(),
2593          );
2594  
2595          $mock_theme = (object) array(
2596              'theme'        => 'a-fake-theme',
2597              'new_version'  => '9.9',
2598              'url'          => 'https://wordpress.org/themes/a-fake-theme/',
2599              'package'      => 'https://downloads.wordpress.org/theme/a-fake-theme.9.9.zip',
2600              'requires'     => '5.0.0',
2601              'requires_php' => '5.6.20',
2602          );
2603  
2604          $test_plugins_enabled = wp_is_auto_update_forced_for_item( 'plugin', true, $mock_plugin );
2605          $test_themes_enabled  = wp_is_auto_update_forced_for_item( 'theme', true, $mock_theme );
2606  
2607          $ui_enabled_for_plugins = wp_is_auto_update_enabled_for_type( 'plugin' );
2608          $ui_enabled_for_themes  = wp_is_auto_update_enabled_for_type( 'theme' );
2609          $plugin_filter_present  = has_filter( 'auto_update_plugin' );
2610          $theme_filter_present   = has_filter( 'auto_update_theme' );
2611  
2612          if ( ( ! $test_plugins_enabled && $ui_enabled_for_plugins )
2613              || ( ! $test_themes_enabled && $ui_enabled_for_themes )
2614          ) {
2615              return (object) array(
2616                  'status'  => 'critical',
2617                  'message' => __( 'Auto-updates for plugins and/or themes appear to be disabled, but settings are still set to be displayed. This could cause auto-updates to not work as expected.' ),
2618              );
2619          }
2620  
2621          if ( ( ! $test_plugins_enabled && $plugin_filter_present )
2622              && ( ! $test_themes_enabled && $theme_filter_present )
2623          ) {
2624              return (object) array(
2625                  'status'  => 'recommended',
2626                  'message' => __( 'Auto-updates for plugins and themes appear to be disabled. This will prevent your site from receiving new versions automatically when available.' ),
2627              );
2628          } elseif ( ! $test_plugins_enabled && $plugin_filter_present ) {
2629              return (object) array(
2630                  'status'  => 'recommended',
2631                  'message' => __( 'Auto-updates for plugins appear to be disabled. This will prevent your site from receiving new versions automatically when available.' ),
2632              );
2633          } elseif ( ! $test_themes_enabled && $theme_filter_present ) {
2634              return (object) array(
2635                  'status'  => 'recommended',
2636                  'message' => __( 'Auto-updates for themes appear to be disabled. This will prevent your site from receiving new versions automatically when available.' ),
2637              );
2638          }
2639  
2640          return (object) array(
2641              'status'  => 'good',
2642              'message' => __( 'There appear to be no issues with plugin and theme auto-updates.' ),
2643          );
2644      }
2645  
2646      /**
2647       * Run a loopback test on our site.
2648       *
2649       * Loopbacks are what WordPress uses to communicate with itself to start up WP_Cron, scheduled posts,
2650       * make sure plugin or theme edits don't cause site failures and similar.
2651       *
2652       * @since 5.2.0
2653       *
2654       * @return object The test results.
2655       */
2656  	public function can_perform_loopback() {
2657          $body    = array( 'site-health' => 'loopback-test' );
2658          $cookies = wp_unslash( $_COOKIE );
2659          $timeout = 10;
2660          $headers = array(
2661              'Cache-Control' => 'no-cache',
2662          );
2663          /** This filter is documented in wp-includes/class-wp-http-streams.php */
2664          $sslverify = apply_filters( 'https_local_ssl_verify', false );
2665  
2666          // Include Basic auth in loopback requests.
2667          if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) {
2668              $headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) );
2669          }
2670  
2671          $url = site_url( 'wp-cron.php' );
2672  
2673          /*
2674           * A post request is used for the wp-cron.php loopback test to cause the file
2675           * to finish early without triggering cron jobs. This has two benefits:
2676           * - cron jobs are not triggered a second time on the site health page,
2677           * - the loopback request finishes sooner providing a quicker result.
2678           *
2679           * Using a POST request causes the loopback to differ slightly to the standard
2680           * GET request WordPress uses for wp-cron.php loopback requests but is close
2681           * enough. See https://core.trac.wordpress.org/ticket/52547
2682           */
2683          $r = wp_remote_post( $url, compact( 'body', 'cookies', 'headers', 'timeout', 'sslverify' ) );
2684  
2685          if ( is_wp_error( $r ) ) {
2686              return (object) array(
2687                  'status'  => 'critical',
2688                  'message' => sprintf(
2689                      '%s<br>%s',
2690                      __( 'The loopback request to your site failed, this means features relying on them are not currently working as expected.' ),
2691                      sprintf(
2692                          /* translators: 1: The WordPress error message. 2: The WordPress error code. */
2693                          __( 'Error: %1$s (%2$s)' ),
2694                          $r->get_error_message(),
2695                          $r->get_error_code()
2696                      )
2697                  ),
2698              );
2699          }
2700  
2701          if ( 200 !== wp_remote_retrieve_response_code( $r ) ) {
2702              return (object) array(
2703                  'status'  => 'recommended',
2704                  'message' => sprintf(
2705                      /* translators: %d: The HTTP response code returned. */
2706                      __( 'The loopback request returned an unexpected http status code, %d, it was not possible to determine if this will prevent features from working as expected.' ),
2707                      wp_remote_retrieve_response_code( $r )
2708                  ),
2709              );
2710          }
2711  
2712          return (object) array(
2713              'status'  => 'good',
2714              'message' => __( 'The loopback request to your site completed successfully.' ),
2715          );
2716      }
2717  
2718      /**
2719       * Create a weekly cron event, if one does not already exist.
2720       *
2721       * @since 5.4.0
2722       */
2723  	public function maybe_create_scheduled_event() {
2724          if ( ! wp_next_scheduled( 'wp_site_health_scheduled_check' ) && ! wp_installing() ) {
2725              wp_schedule_event( time() + DAY_IN_SECONDS, 'weekly', 'wp_site_health_scheduled_check' );
2726          }
2727      }
2728  
2729      /**
2730       * Run our scheduled event to check and update the latest site health status for the website.
2731       *
2732       * @since 5.4.0
2733       */
2734  	public function wp_cron_scheduled_check() {
2735          // Bootstrap wp-admin, as WP_Cron doesn't do this for us.
2736          require_once trailingslashit( ABSPATH ) . 'wp-admin/includes/admin.php';
2737  
2738          $tests = WP_Site_Health::get_tests();
2739  
2740          $results = array();
2741  
2742          $site_status = array(
2743              'good'        => 0,
2744              'recommended' => 0,
2745              'critical'    => 0,
2746          );
2747  
2748          // Don't run https test on development environments.
2749          if ( $this->is_development_environment() ) {
2750              unset( $tests['async']['https_status'] );
2751          }
2752  
2753          foreach ( $tests['direct'] as $test ) {
2754              if ( ! empty( $test['skip_cron'] ) ) {
2755                  continue;
2756              }
2757  
2758              if ( is_string( $test['test'] ) ) {
2759                  $test_function = sprintf(
2760                      'get_test_%s',
2761                      $test['test']
2762                  );
2763  
2764                  if ( method_exists( $this, $test_function ) && is_callable( array( $this, $test_function ) ) ) {
2765                      $results[] = $this->perform_test( array( $this, $test_function ) );
2766                      continue;
2767                  }
2768              }
2769  
2770              if ( is_callable( $test['test'] ) ) {
2771                  $results[] = $this->perform_test( $test['test'] );
2772              }
2773          }
2774  
2775          foreach ( $tests['async'] as $test ) {
2776              if ( ! empty( $test['skip_cron'] ) ) {
2777                  continue;
2778              }
2779  
2780              // Local endpoints may require authentication, so asynchronous tests can pass a direct test runner as well.
2781              if ( ! empty( $test['async_direct_test'] ) && is_callable( $test['async_direct_test'] ) ) {
2782                  // This test is callable, do so and continue to the next asynchronous check.
2783                  $results[] = $this->perform_test( $test['async_direct_test'] );
2784                  continue;
2785              }
2786  
2787              if ( is_string( $test['test'] ) ) {
2788                  // Check if this test has a REST API endpoint.
2789                  if ( isset( $test['has_rest'] ) && $test['has_rest'] ) {
2790                      $result_fetch = wp_remote_get(
2791                          $test['test'],
2792                          array(
2793                              'body' => array(
2794                                  '_wpnonce' => wp_create_nonce( 'wp_rest' ),
2795                              ),
2796                          )
2797                      );
2798                  } else {
2799                      $result_fetch = wp_remote_post(
2800                          admin_url( 'admin-ajax.php' ),
2801                          array(
2802                              'body' => array(
2803                                  'action'   => $test['test'],
2804                                  '_wpnonce' => wp_create_nonce( 'health-check-site-status' ),
2805                              ),
2806                          )
2807                      );
2808                  }
2809  
2810                  if ( ! is_wp_error( $result_fetch ) && 200 === wp_remote_retrieve_response_code( $result_fetch ) ) {
2811                      $result = json_decode( wp_remote_retrieve_body( $result_fetch ), true );
2812                  } else {
2813                      $result = false;
2814                  }
2815  
2816                  if ( is_array( $result ) ) {
2817                      $results[] = $result;
2818                  } else {
2819                      $results[] = array(
2820                          'status' => 'recommended',
2821                          'label'  => __( 'A test is unavailable' ),
2822                      );
2823                  }
2824              }
2825          }
2826  
2827          foreach ( $results as $result ) {
2828              if ( 'critical' === $result['status'] ) {
2829                  $site_status['critical']++;
2830              } elseif ( 'recommended' === $result['status'] ) {
2831                  $site_status['recommended']++;
2832              } else {
2833                  $site_status['good']++;
2834              }
2835          }
2836  
2837          set_transient( 'health-check-site-status-result', wp_json_encode( $site_status ) );
2838      }
2839  
2840      /**
2841       * Checks if the current environment type is set to 'development' or 'local'.
2842       *
2843       * @since 5.6.0
2844       *
2845       * @return bool True if it is a development environment, false if not.
2846       */
2847  	public function is_development_environment() {
2848          return in_array( wp_get_environment_type(), array( 'development', 'local' ), true );
2849      }
2850  
2851  }


Generated: Sun Dec 22 01:00:02 2024 Cross-referenced by PHPXref 0.7.1