A common thing we do in the WordPress community within our themes and plugins is provide backwards compatibility with older versions of WordPress. This usually seems like a smart idea. We want the largest possible audience, right?
The problem with providing backwards compatibility is twofold:
- Users continue using old versions of WordPress.
- We have extra code to worry about.
Force users to upgrade
With the recent security scare that targeted older versions of WordPress, blame is being thrown around left and right, from everyone to users to the WordPress developers. While staying updated with the latest version of WordPress isn’t going to make your site 100% secure, it will make it secure from known security exploits.
By providing backwards compatibility in our plugins/themes, developers are partly responsible. We’re giving users an excuse to not upgrade. Obviously, developers are not to blame for people not upgrading their sites, but we can do our part in helping them stay secure by not supporting older versions of WordPress.
How do we not support older versions? Some things are simply going to be backwards compatible because they require no new WordPress functions, so we can’t do anything about those plugins. The best thing to do is to use new WordPress functions as they become available and are useful to your plugin or theme.
Why would you want to support older versions of WordPress? There’s no point in doing so.
Get rid of code you don’t need
Maybe you really don’t care if users’ sites are hacked from staying on an older version. That’s fine. Another valid reason for keeping with the latest WordPress trends is that you don’t have to check for functions.
How often do you use the function_exists() and/or the class_exists() functions?
If you’re checking if a WordPress function exists, you’re doing so because you’re supporting older versions. Do yourself and your users a favor and just call the function. If it breaks a user’s site, tell them they need to upgrade. Maybe even take a moment to explain the benefits of upgrading to them.
Provide the best possible themes and plugins
The WordPress developers have done about all they can do to make sure people upgrade, but we should take a bit more initiative as developers within community, the people that end users actually interact with. By forcing users to upgrade, we’re helping them stay secure.
Before writing this post, I tried to think of valid reasons to provide backwards compatibility and only thought of one, and that’s the crossover period between major version upgrades. This period should last about one month. This gives users ample time to upgrade and provides support for people with WordPress MU.
I’m certainly open to other ideas about how plugin and theme developers can get more involved in the security of their users’ sites. Feel free to leave your thoughts on how they can.
Great point Justin!
I came to this exact conclusion when working on an extensive upgrade for our Vigilance theme. I made the decision to require a minimum of Wordpress 2.8 and decided to strip all the old code supporting outdated versions of WordPress.
The new version (now released) enjoys cleaner and lighter code because of this decision. The increased security for users is icing on the cake.
Operating systems might be decent analogy here…Situation seems quite same. As soon as WP became mainstream it got locked into backwards compatibility issue.
It is good to sit in good company and talk about importance of security and latest WP version. Same as preaching security to users on unpatched WinXP SP1. They don’t care and they won’t care.
I think no supoprt for older versions is excellent because it makes it easier for developer (and this is important for plugin to stay alive). However in big picture this won’t be a standard, too many users and developers alike crave for backwards compatibility because it excuses their laziness.
And WP caters to the market, it won’t please few if that means backlash by many.
Drew Strojny — I quickly decided that I wasn’t about to support both WordPress 2.7 and 2.8 widgets for Hybrid. That was the point where I simply decided I’d stop offering support for older versions. I’ve yet to hear anyone complain about the lack of support for those versions either. It makes my life a lot easier by keeping the code “cleaner and lighter,” as you say.
Hi,
I see a problem here with the automatic plugin upgrader.
If a user (with an older WP version) automatically updates my plugin on his site and it breaks, because I use a new function, that user will possibly never update my plugin again. This might result in security issues through plugins that are out-of-date.
Tobias
Great article as always Justin. While I agree that forcing users to upgrade is a good idea, I’m not sure using the “let it break” method is the best approach.
What if instead of a plugin breaking you simply tell the user what features they are missing because they are on an older version of WordPress and lock down that functionality from executing?
I’m with Brad on this one. Instead of letting the theme or plugin fail miserably for users of older installs – and making them figure out what’s happening – throwing a persistent message up in the users admin screen or dashboard that they need to upgrade their wordpress version and locking down functionality strikes me as a better way to get the behavior we want.
I’m leaning towards using
wp_version_check().Add an appropriate message recommending the user update to the current version (perhaps within a certain time-frame as mentioned above) but essentially if the version check is not met then the plugin does not function.
The only caveat being the users must be diligent themselves with keeping their plugins (and themes?) up to date.
Devils Advocate: I’m not so sure about forcing users to upgrade as plugins and themes shouldn’t be making that decision for the user. There may be a myriad of reasons why the user hasn’t upgraded yet, or in some cases, can’t upgrade immediately due to company policy and they shouldn’t be punished for that. Plugins and themes can and should strongly recommend the users to upgrade but not force them. Those are two different scenarios.
If your running a business off WordPress development (as I am, you and many others), supporting legacy versions of WP should be standard practice, IMO.
I understand what you are saying. I ignored the last Wordpress call to upgrade and my security was affected. So now i always upgrade Wordpress and plugins immediately i get the red flag!
I completely agree Justin.. Backwards compatibility is nice, but it also opens up a can of worms when it comes to possible vulnerabilities. Authors should update themes and plugins as wordpress changes their versions, and make their plugins only work with the latest version out. This would solve a lot of problems, reduce the size of plugins, and also ensures that plugins get updated often.
I think its about time that force update should be implemented even making old users to ‘suffer.’ Its for their own good and I think even search engines today are refusing Wordpress sites that are using unsecured version of the blog platform to be ranked properly on their index.
I think force users to upgrade is not very well,i would hurt some users because them maybe get used to the older one.
As a non technical user, i would prefer the upgrade to be straight-forward as well as easily to rollback by a click of a button
Easy to say but hard to do.
People are even using IE6 for browsing internet and VLC 0.6 for watching videos. So it is now way to turn a world around in couple of seconds or even couple of millenniums. There will be always someone who is out of date.
I do agree with you that it would be best for everyone if everyone upgraded in a timely fashion. But I’m not sure if discontinuing backwards compatibility is the right way to go. For example, if someone is using your plugin and after upgrading the plugin it breaks their site, they’re likely to just get a similar plugin that doesn’t break their site. As the person above mentioned, a significant portion of internet users is still using IE6 so it’s unlikely that we’ll see people upgrading WP as often as we’d like them to.
I think it would be nice to be able to skip over the problem by ‘forcing’ them to upgrade, but isn’t that really side stepping the real issue of better plugin management?
I am really new to WordPress and would first like to say thank you to all the coders and developers that make WP possible. It has been a great community to begin to be part of and I really like all of the work you guys do.
As to you guys not making updates to your plugins compatible with new versions of WordPress as a way to punish those that do not stay current with updates is likely not going to bring about a major waive of individuals upgrading to the newer versions. I like the idea of preventing new functions from working on older versions of WP. This gives positive reinforcement of behavior. Which researchers have shown to be a much better stimulus to act for humans than negative reinforcement.
I think once people finally upgrade to a version of WP 2.8 there will be less issues with people sticking to older versions. As the effort/cost to upgrade to the newest version has been nearly eliminated with the ability to just upgrade via a couple of clicks in the dashboard.
Again a big thanks to everyone that makes WP possible.
The problem is, I’ve dozens of plugins which does not support latest WP version. Some plugin developer need few days, weeks, months (and sometime never!) to make their code compatible with new WP version. To use those plugin I just have to wait or don’t use it at all!
You can’t really force users to upgrade. They’ll simply gravitate to other solutions if they don’t want to go through the hassle of upgrading all of their plugins. Even some developers seem like they can’t be bothered to upgrade a plugin they released when a new version comes out.
Hi Justin!
I don’t totally agreed with you… Because I have a wordpress site and I cannot upgrade to 2.7+ because of my hoster which let my memory_limit to 24M and this is not enough for such upgrade. And don’t say to me to change my hosted cause I can’t, so…
I think that forcing users to upgrade have 2 “faces”
THe good one for the programmer as u say in your post…
The bad one for the user if he have made few changes to the plugin (translate smth if the blog is not in english) or smth like this…
But till the plugins are Free…i think that it should be forced
I found out to my cost the risks associated with not upgrading. I was taken over by infiltrators. Luckily all was OK and, of course, wordpress is easy to upgrade now with the automatic function.
I agree with the terms that people will know their going out of date when they found some plugin are not working in their site. They will then forced to choose between the options, stay in the old version of wordpress they currently use and not using the plugin or upgrade it to start using the awesome-up to date plugin.
It’s all about the option.
At first the idea of immediate upgrade looks promising and nice but that is only from the developers point of view. Imagine a small company that runs 2-3 WP Blogs and does not have an IT person employed. What would be the costs of constant upgrading and updating the plugins in such case.
Of course for me it would be no problem but from the other’s people perspective this task would be time demanding and expensive. So I think it should stay as it is. That people upgrade when they want and need to.
Another vote for annoying message instead of letting it fail. It just seems nicer.
I agree that developers are part of the problem; they are trying to be too acomodating. The platform and most plug-ins are often provided at no or very little cost, so I don’t see why forcing a user to upgrade is a big problem. I understand that smaller businesses may not have an IT person, or other limitations, but expecting to receive support indefinitely for a free plugin from the developer is unrealistic.
I agree with Tobias, there could be major security issues.. This is a hard problem to fix!
Forcing people to upgrade might upset them, but they will see the benefits in the long run. Security first.
This is tough because many wordpress users don’t know how to upgrade on there own so to force them might be asking for more trouble then its worth. Maybe the solution and I see it happening already is to update the automatic upgrade feature to the point where less tech savy users are auto updated.
Forcing people to upgrade is necessary in some cases, especially when it is a security problem, however there may be a very good reason that someone does not upgrade. I agree that it is a pain to keep all the plugin automatically updated so if there was a feature for this to occur more smoothly it would help people out.
I think that the information presented should be useful to many people a lot.
Purely from a security angle this makes perfect sense and as has been mentioned the less coding required the better.
i dont think forcing people would work !!
according to me!! wordpress itself should approve plugins and give update wtill next update arrives
I don´t agree at all. Personally I haven´t updated a few times because I didn´t want to. You should have that option I think
Add an appropriate message recommending the user update to the current version
I’ll be honest, I don’t like the idea of forcing upgrades. There have been times in the past where I’ve patched something just to make it work and pushed it out to the live site. The thought of upgrading and then coping with the potential broken / lost code from the patch is terrifying.
Part of the problem, as well, comes in to the fact that there is no clear universal method for backing up an entire instance of Wordpress – including theme, all active plugins (and their settings), all posts, all users, etc. etc. etc… Without a universal 1-click “duplicate this site” feature, the process of forced updates on WP, plugins, and themes can cause more frustration than benefit… Especially to those of us that do so many things the “wrong way” but still get things to work! (Yes, I know I should document any patches & band-aids that I put on my code or on other themes & plugins, but sometimes you just need the damn thing to work and get published!)
I think that forcing is not the solution and a very smart thing to do. I mean sometimes people do continue using the older version due to various reasons. maybe OS compatibility, ease of handling and lots of other different stuff.
Backwards compatibility is nice, but it also opens up a can of worms when it comes to possible vulnerabilities. Authors should update themes and plugins as wordpress changes their versions. That’s a good effort you have put on the network through your blog.
Great point, I agree that updates should be automated…keeps things uniform. Plus, you have to agree that the average WordPress user is fairly internet savvy, and it’s safe to assume they have the latest version of Firefox, well why not WordPress?
I don’t agree with ending backwards compatibility support fully. That is one of the things that makes software great after all – support/compatibility for older versions/formats. If you were really using very old versions, then I think that would really be an issue.
But what about those that customized there WP and themes/plugins according to their liking? It is open source after all. I for one do this. One time I customized a plugin heavily down to its code and I made the mistake of upgrading it. Bam! All customizations gone. Good thing I do regular backups, otherwise it would’ve been very had redoing everything that I did.
I sort of agree with you on this. By forcing upgrades this would by default make wordpress and it’s plugins a lot safer and more compatible for users. good post!
I think it is not a wise idea to force the upgradations. Most people I guess would take time to move on to new versions. As pointed repeatedly in the previous comments, customization is very important. Maybe there is some other creative way to solve this issue!
I know I am guilty of not upgrading when I should but we have to also cut these guys slack who create free plugins and themes for our use. It would be nice if there was an easy solution to this but I feel as long as this stuff is free there won’t be.
Wow Great point Justin!
i love wordpress ^^
Unless you’re also going to force all plugins and themes to also be updated at exactly the same time as your forced Wordpress upgrade, what you’re suggesting would result in a whole lot of people looking for a new platform.
If every time you upgrade Wordpress it breaks plugins that may be an important part of the site, because it doesn’t want to do backward compatibility, how would that possibly be good for the end-user? It’d just render the platform too unpredictable to use for any serious purpose.
I agree with Justin. We all have to remmember that these plugins are usually FREE.
I have no problem with forcing users to upgrade.
The fact of the matter is if you don’t keep your WordPress install up to date you are leaving yourself vulnerable to being hacked. Plain and simple. One of the major features that WordPress brings with each new release is patching security holes.
If your plugins break every time you upgrade WordPress you are using the wrong plugins. Pick plugins by developers who actively maintain their plugin with each new WordPress release and you won’t have that problem.
If you rely on plugins that aren’t actively being maintained by their developer… all I can say is good luck with that. You made your own bed.
My experience is: users (also me, when im lasy) upgrade when something breaks. So yuor point of backwards compatibility seems right. But i think that largest possible audience is better thing.
greeting darila
I have no problem with forcing users to upgrade.
Fact is, WP 2.7 is just not safe. I know the hard way
. It’s a community service to require upgrades, especially when something like the “hidden Admin” vulnerability of 2.7 is brought to light.
Deleted for being the stupidest comment Justin has read in some time, not actually reading through and understanding the ideas in the post before commenting, and, most importantly, wasting Justin’s time.
i would say a high light in the wordpress plugin page is ok it is like most of the blogger will not login in the back end but it can really help blogger to keep updated their blog
This could be a great idea but upgrading the wordpress all the time is not really handy
I think the problem is that a lot of people do not regularly check for updates and do not want to go through the trouble of upgrading and FTPing, etc. Now, with the new version you have an automatic upgrade function which I think is great.
To techie people, all this stuff may be easy and “just take 5 minutes”, but if you are not experienced it can be a real challenge.