I am going to do what WPengine does when it sends me a security notification. I love them, as much as it is possible to love any hosting service in this day and age (and generally I have believed that a host is only good for a couple of years before it goes downhill, so I do not lightly profess my attraction). They are pretty speedy, they have a pushbutton staging/dev server for busy lazy people like me, and a damn fine affiliate program.
So accustomed to their wondrous ways, I expect more of them, nay, I demand more of them. I have to really look to find a problem sometimes. Really, many people would say I’m being petty to complain.
Today, I am irked by their message when they encounter a vulnerable plugin. Like this blog post, it starts out with a lot of words. Then there is a space in the middle with some numbers, and at a quick glance, I come away with the impression that there is some sort of trouble at the mill and I should do something about it. What the problem is, I have to pause and sift through the words, and that takes time. Time that a busy lazy person like me just does not have. “Come on, man, out with it, just what is the problem?”
Here is the message when viewed in list mode:
The underscore is bothersome. It just seems geeky and technical. The repetition of WP Engine in the From as well as the Subject is annoying. The problem is not in the Subject, it just trails off…
It would be better if it was more like this:
“Vulnerability” might get ellipsized…. but even if it became “Vul…” that might suggest “Vulcan” or “Vultron” and that might pique my curiosity. And changing the From to WP Engine Security solves the problem of the repetition.
But, assuming I was brave enough to click and read a possibly geeky and technical message, sure enough, it is geeky and technical:
I have fallen asleep before the first sentence. When I wake up, the thing that sticks out is:
The flayrob on outaskew is running version 4.1.4.
While knowing that there is some version number running on an environment (flayrob) on a server (outaskew) might help me, I have to back up a line to understand that this is the enable-media-replace plugin’s number we are talking about.
Really, just drop the dashes and add some capitals and come out and say it:
Enable Media Replace plugin.
And put it on another line.
Or better yet, just start out the message with this important information:
Please update the Enable Media Replace plugin (in your flayrob environment on sever outaskew) ASAP! More details on the vulnerability below.
Then you can get into a long tale about how seriously you take these things and prove your point with links, etc.
I would give you bonus points if you made the word “update” link straightaway to the location within the WP Dashboard, because then I could take immediate action.
Anyway, glad to get that off my chest. I doubt that my screech in the wilderness about this petty annoyance will have much effect, but if you happen to know someone who might want to do something about this problem, hasten to it with all due speed! I’ve got a dozen more where that came from.
P.S.
And just for yucks, since everyone talks about AI these days, here is what ChatGPT suggests to clarify the message:
We urgently need to inform you about a security issue with the enable-media-replace plugin on your sites hosted at WP Engine. To address this, please take immediate action by reviewing and updating the plugin to a secure version.
The specific site, flayrob on outaskew, is currently running version 4.1.4.
The vulnerability identified by WP Engine involves…
But, to be fair, I had to prompt ChatGPT a little bit:
And I stand firm on my believe that it would be wiser to give the Proper Name of the plugin rather-than-its-slug.
So if I were to write this blog post properly, I should have said that to begin with.
The clever little AI bot within WordPress tells me:
The post content discusses the author’s feedback on a security notification message from WP Engine. The author expresses their frustration with the wording and format of the message, suggesting improvements to make it clearer and more actionable.
1. Make the notification message more concise and direct, clearly stating the issue upfront.
2. Remove the underscore in the message as it seems technical and unnecessary.
3. Avoid repetitive use of “WP Engine” in the “From” and “Subject” fields.
4. Begin the message with essential information: “Please update the Enable Media Replace plugin (in your flayrob environment on server outaskew) ASAP! More details on the vulnerability below.”
5. Provide a direct link to update the plugin within the WP Dashboard when mentioning the “update” action.
6. Consider using the proper name of the plugin instead of the slug.
Overall, the author suggests improving the clarity, brevity, and accessibility of the security notification message to make it easier for users to understand and take immediate action.
BKJ Productions Blog 