Remove the Security screen

Context

The Security screen is empty, and there is no clear plan to fill it in. This is misleading for users new to the platform and may even undermine confidence: Understanding security plugins

Multiple users are disabling this screen themselves using code snippets, according to past discussion: Security page feedback and improvements

Unfortunately this screen was not developed with input from plugin authors. Security plugins that have a lot of settings across multiple screens should not be forced to somehow use a single screen. When a security plugin is installed there are now two security screens active, which basically has the effect of diluting and complicating efforts towards security rather than strengthening and simplifying them.

It has been suggested to turn the Security screen into something more like WP’s Site Health section. This should be considered separately (as a completely new screen) as the intended purpose for the Security screen was originally very different, and this is reflected in its current implementation.

It has also been suggested to start actually adding settings to the Security screen. Due to the quantity of developer time that would be required to do this reasonably well, I am not available to help with these efforts. I also think this is a function far better served by plugins, because so far there is no agreement about what settings should be placed in this section and how they should work.

It’s time to simplify and prune things we aren’t using and things we tried that aren’t working, and I think this is a great example.

Possible implementation

Removing the Security screen is a breaking change so would need to be completed in a new major version.

  • In a future v1.x release: add a setting that allows users to disable the Security screen themselves.
  • In v2: remove the Security screen entirely, and make it available as a plugin for the few people who are using it.

Will you be able to help with the implementation?

Yes, if there is something approaching community consensus for this approach. I have already started the work that would go into a v1.x release: https://github.com/ClassicPress/ClassicPress/pull/779

I would go as far as disabling it for new installations, while keeping it during upgrades. Disabling it for new installations shouldn’t cause any problems since it’s not used, and prevents anyone new from starting to use it.

When I asked about this before, I think Tim was the only person that actually used it.

Why not disabled by default, since most users are not (will not be) using it?

Yes, I agree.

I agree the screen should be disabled for new installations. Disabling it for existing installations would be a breaking change, therefore it needs to happen in a new major version. And at that point we might as well remove it: we’re not making good use of it, we have no coherent plan to make good use of it, and that’ll be one less thing we have to maintain.

2 Likes

I agree with this. I’m also quite happy to register my plugin the regular/old way if this facilitates the removal of this screen, which evidently hasn’t proved generally useful.

2 Likes