Doc’s WordPress News Drop is a weekly report on the most pressing WordPress news. When the news drops, I will pick it up and deliver it right to you.
In this week’s News Drop we talk about a recent discussion on the WordPress Slack channel about auto-updating sites using versions 3.7-4.0.
Love WordPress news but hate reading? This is Doc Pop’s News Drop.
If we could theoretically update out of date and at-risk WordPress sites to newer and safer versions, without necassarily getting the consent of the site’s current owner, should we? That’s the question Aaron Jorbin asked recently on the WordPress Core Slack channel.
“Is it time for us to stop backporting anything to 3.7-4.0 and the next auto update for those branches just brings them up to 4.1 ?”
Currently, less than 5% of all WordPress sites are running a version of WordPress between 3.7-4.0, but the WordPress Core team still back ports security fixes and major bug fixes to sites using those out of date versions. Wouldn’t it be better to just auto-update those sites to WordPress version 4.1 (which was released in December of 2014) or should the Core team continue back porting fixes? And for how long?
Aaron wasn’t specific with how we would do update these older sites, but it was suggested to try starting with something smaller, like updating sites from 3.7-3.8 and then maybe continuing more incremental updates as time goes on.
“We need to make sure all users with outdated installs get warned one way or the other.” suggested Andrew Ozz, another Core developer. This could then allow notified users to opt-out of the upgrade by turning auto-updates off.
While some web devs chimed in with fears that the WordPress Core team might be overstepping their boundaries by auto-updating older sites, I think the idea makes sense.
WordPress 3.7 was released in 2013, and the WordPress ecosystem has changed drastically since then. While many of these older sites are still online, many of them may have been abandoned or the site owners just might not understand WordPress security. Opting to just leave their site untouched, rather than sticking with the current versions. Either way, there’s more good than harm to come from cleaning up these older versions of WordPress. After all, it’s easier to find newer plugins for your site than it is to reclaim a hacked website.
As far as Aaron’s suggestion goes, no big decisions have been made yet, but a more specific proposal of how and when these out of date sites could be upgraded is expected to appear on Make.WordPress.org/core soon, where the community can further discus it.
What are your thoughts on auto-updating older versions of WordPress sites? Should the core team continue patching 3 year old versions or should auto-update older WP sites to newer versions and stop supporting older sites. Let us know in the comments below and be sure to like and subscribe to this video if you like what we are doing.
We’ll see you next week for the latest in WordPress news.