Justin Tadlock

Plugin and theme authors should force users to upgrade

A common thing we do in the WordPress community within our themes and plugins is provide backwards compatibility with older versions of WordPress. This usually seems like a smart idea. We want the largest possible audience, right?

The problem with providing backwards compatibility is twofold:

  1. Users continue using old versions of WordPress.
  2. We have extra code to worry about.

Force users to upgrade

With the recent security scare that targeted older versions of WordPress, blame is being thrown around left and right, from everyone to users to the WordPress developers. While staying updated with the latest version of WordPress isn’t going to make your site 100% secure, it will make it secure from known security exploits.

By providing backwards compatibility in our plugins/themes, developers are partly responsible. We’re giving users an excuse to not upgrade. Obviously, developers are not to blame for people not upgrading their sites, but we can do our part in helping them stay secure by not supporting older versions of WordPress.

How do we not support older versions? Some things are simply going to be backwards compatible because they require no new WordPress functions, so we can’t do anything about those plugins. The best thing to do is to use new WordPress functions as they become available and are useful to your plugin or theme.

Why would you want to support older versions of WordPress? There’s no point in doing so.

Get rid of code you don’t need

Maybe you really don’t care if users’ sites are hacked from staying on an older version. That’s fine. Another valid reason for keeping with the latest WordPress trends is that you don’t have to check for functions.

How often do you use the function_exists() and/or the class_exists() functions?

If you’re checking if a WordPress function exists, you’re doing so because you’re supporting older versions. Do yourself and your users a favor and just call the function. If it breaks a user’s site, tell them they need to upgrade. Maybe even take a moment to explain the benefits of upgrading to them.

Provide the best possible themes and plugins

The WordPress developers have done about all they can do to make sure people upgrade, but we should take a bit more initiative as developers within community, the people that end users actually interact with. By forcing users to upgrade, we’re helping them stay secure.

Before writing this post, I tried to think of valid reasons to provide backwards compatibility and only thought of one, and that’s the crossover period between major version upgrades. This period should last about one month. This gives users ample time to upgrade and provides support for people with WordPress MU.

I’m certainly open to other ideas about how plugin and theme developers can get more involved in the security of their users’ sites. Feel free to leave your thoughts on how they can.