In 2016, Elasticsearch announced the removal of support for site plugins in its 5.0 release, citing security concerns and the platform's unsuitability as a web server. Site plugins, introduced in Elasticsearch 0.17, allowed users to create graphical interfaces for Elasticsearch using static files like HTML, Javascript, and CSS, but they accounted for two of the seven security vulnerabilities ever found in Elasticsearch. Instead of continuing this risky feature, Elasticsearch encouraged users to serve site plugins through external web servers and configure them to allow Cross-Origin Resource Sharing (CORS). Additionally, developers were advised to consider creating Kibana plugins, which offer server-side functionalities and avoid exposing Elasticsearch directly to the internet, thus aligning with the goal of minimizing security risks by restricting privilege escalation and file access.