diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index a54fc0a..d1e33eb 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -878,12 +878,15 @@ function node_form_system_themes_admin_form_submit($form, FormStateInterface $fo
  * default home page at path 'node', an RSS feed, a recent content block, etc.),
  * the process above is followed except that hook_node_access() is not called on
  * each node for performance reasons and for proper functioning of the pager
- * system. When adding a node listing to your module, be sure to use an entity
- * query, which will add a tag of "node_access". This will allow modules dealing
- * with node access to ensure only nodes to which the user has access are
- * retrieved, through the use of hook_query_TAG_alter(). See the
- * @link entity_api Entity API topic @endlink for more information on entity
- * queries.
+ * system. So for node listing we should use entityQuery with tag of
+ * "node_access" having a check for published/unpublished status of the nodes
+ * with node access. See the @link entity_api Entity API topic @endlink for more
+ * information on entity queries. This will make sure that your base query does
+ * not allow for the display of unpublished nodes to users who should not have
+ * access to the node. Conditions need to be added to check the published status
+ * of the node. Tagging a query with "node_access" does not automatically check
+ * the published/unpublished status of nodes, so your base query is responsible
+ * for ensuring that unpublished nodes are not displayed to inappropriate users.
  *
  * Note: Even a single module returning an AccessResultInterface object from
  * hook_node_access() whose isForbidden() method equals TRUE will block access