Wordpress expert.
2023 stories

Consequences of Not Updating Your WordPress Website

1 Share

Do you see update notifications on your WordPress dashboard and choose to ignore them? Did you know using outdated WordPress installations allows hackers to exploit your website? 

According to WordPress statistics, only 36% of users have the latest version installed (as of February 2020).

Many website owners choose to defer installing updates to their WordPress website for several reasons. Some may feel updates come too frequently or they cause problems to their site. But not updating your website invites a world of trouble!

So today, we decided to discuss the impact of using outdated software. We also understand the pain points of updating your WordPress website. So, we’ll also give you tips on how to safely update your site – minus the hassle!

Why are WordPress Updates Important?

WordPress is an open source software. This means the public is invited to use it, modify it or suggest changes to it. Developers around the world can contribute towards improving the software which includes discovering security flaws. Let’s see how this works:

  • When security flaws are discovered in the WordPress software, developers report it to the WordPress team.
  • This core team fixes the issue promptly with a ‘security patch’ and rolls out an updated version. 
  • Website owners are prompted on their WordPress dashboard like so: “WordPress 5.3.2 is available! Please update now!” 
  • Once the site owner updates the WordPress installation, the security issue will be patched on their site. 

Now, what happens if you choose not to update your WordPress site?

By choosing to not update, the vulnerability remains present on your website. What’s worse is that when an update is released, the contents and reasons for the updates are included in the change log which is available publicly. Everyone around the world (including hackers) are now aware that a security flaw in the old version exists. 

Hackers use scanners to crawl through the web and find WordPress sites running on the old version. Once they find your site, it’s easy for them to hack because they know exactly what the vulnerability is.

The same process applies to themes and plugins as well. Most developers of themes and plugins constantly work towards improving their software. They release updates regularly to patch security issues, fix bugs, introduce new features and ensure compatibility with the core WordPress software.

By ignoring the update, you make the hacker’s job easy and invite them in. That’s why regular updates are so important in keeping your website safe. But apart from security concerns, not updating your site carries other consequences as well.

Consequences of Not Keeping Your WordPress Website Updated

You can run your website on an outdated WordPress installation, but eventually, you’ll face many issues by not updating. Here, we’ll discuss six major consequences of not updating your WordPress website:

Incompatibility Issues

Your WordPress site comprises multiple components. While the core is developed by the WordPress team, themes and plugins are created by third-party developers. All three elements progress through different versions as they are constantly being improved. When the core is updated, developers of themes and plugins alter their design to suit the new WordPress version. 

Now, if you’re running on an old WordPress version, you’d notice that certain plugins and themes are not compatible. This means you can’t install it or if you already have it installed, you’ll see it malfunction. In the WordPress repository, in the description, plugins/themes mention that it is compatible with “Version 5 and higher.” 

The same applies the other way around as well. If you’ve updated your WordPress core installation, but haven’t bothered to update the plugins, you’ll see that the old version of the plugin can no longer function with the new version of WordPress. This is why it’s so important to keep everything up to date.

Slow Performance and Speed

This is particularly true if you are using an old WordPress version (for example, 3.0) to power your business website. You could face website issues like slow loading speed, navigation-related problems, or redirected pages. By not updating, you miss out on essential bug fixes that can cause your website to malfunction. 

Outdated plugins and themes can increase website response time, causing visitors to lose interest quickly. All of this can lead to poor customer engagement and high bounce rates.

SEO Ranking Takes a Hit

Website performance factors like speed and inbound traffic boost the overall SEO ranking on popular search engines like Google. The slow loading speed of an outdated WordPress website can cause a drop in the incoming traffic, impacting your SEO ranking negatively. Plus, hackers find vulnerabilities on your site and break in, Google and other search engines blacklist your site. This means your visitors would see a warning like so:

Loss of Valuable Business Data

Many feel ‘My site is functioning fine. I don’t need the new version.’ But the longer you put off updates, the harder it’s going to get. You simply can’t run on an old version forever. Sooner or later, you will have to update. 

Now, updating from Version 3.0 to 5.0 means you’ve missed a ton of updates in between. This means a lot of bugs that were present in the old code have been left to manifest on your site. 

When you finally come to a point where you have to update, you’ll realize you’ll lose a lot of important data. The update can also break your website. 

Tip: In such situations, ensure you have a reliable backup in place and seek professional help to update your WordPress website.

Lack of WordPress Online Support

When you face issues on your website and turn to online support forums for help, most answers being discussed will relate to new versions of WordPress. You’ll have to extensively search for answers that relate to older versions.

Your Website Lags Behind

This is not so much a consequence as it is a loss. Technology is advancing every second making things better, faster, and smoother. When you choose not to update, you stand to miss out on new features and enhancements that are contained in the update.

You won’t have access to those little things that could transform your “good” website to an “amazing” website.

You can avoid these consequences by regularly updating the core WordPress version and the plugins/themes installed on your website. 

Now, we know that keeping your WordPress site updated is not as easy as clicking a button. Things can go wrong when you update and it deters many website owners from updating their sites. 

However, there are ways to safely update your site. And it must be done because getting hacked is just one problem with choosing to not update. There are many more repercussions you could face if you opt to stay on outdated versions. Furthermore, as we mentioned, the longer you wait, the worse it becomes. 

Before we wrap up, we’ll give you a few tips on how to update your website safely and regularly without feeling the burden of it.

How to safely update your WordPress site

Updates to WordPress, its themes and plugins come in quite often. And after you update your site, you might see server errors. For example, a client recently updated all the themes and plugins on their website. After it was complete, they saw this error while trying to access the website.

To avoid such issues, we recommend using a staging website. This site is an exact replica of your live website. Any changes made here will not affect the main site. So, you can test updates without worrying about a botched update. 

You can set up a staging site using a plugin in under a few minutes. A staging site enables you to try out updates, test new layouts and designs, and experiment with new content. Once you’re happy with the changes, you simply need to merge the changes to your live site. You don’t have to replicate the changes again on your live site.

We also recommend taking a backup of your site before making major changes to your site or installing updates. In case things go wrong, you can restore your backup and revert to your website’s previous state. If you used BlogVault to stage a site, the plugin will automatically take a backup for you.

By taking these two measures, you can safely update your site – never having to worry about botched updates and incompatibility issues. 

Final Thoughts

It’s important to update your WordPress site to keep it safe and secure against hackers. It’s a nightmare going through the ordeal of fixing a hacked website. In this scenario, prevention is always better than cure.

Plus, updates also carry numerous other benefits. Updates keep your site running at optimal speed and performance. This helps boost your SEO rankings, thus, increasing your visibility, traffic, and revenue. 

So basically, Stay Updated – to Stay safe! 

The post Consequences of Not Updating Your WordPress Website appeared first on Torque.

Read the whole story
Share this story

BracketSpace Releases Library of Reusable Code for Plugin and Theme Development

1 Share

BracketSpace, a WordPress-centric software development company based, released Micropackage a few weeks ago. The project is a collection of open-source repositories with reusable code for inclusion in WordPress plugins and themes. The library currently has 13 packages, including a filesystem wrapper, a template system, an Advanced Custom Fields block creator, and more.

The company out of Poland specializes in project outsourcing and plugin development. Some of their more popular plugins include Advanced Cron Manager Pro and Notification, a custom notification plugin in which the BracketSpace sells pro extensions for various services.

The Micropackage project was driven by the needs of the team and its projects. “We started the Micropackage project to scratch our own itch,” said Jakub Mikita, CEO of BracketSpace. “During the past few years of active plugin and website development, we noticed that keeping the code standard was very important for maintainability.” The BracketSpace team had been copying and pasting code between projects. Eventually, the team asked themselves the inevitable question that most development teams come to — why not break all of this code up into small packages and maintain them in a single place? Thus, the Micropackage project was born.

BracketSpace is using all of the packages in many of its current plugins and themes because the code was originally taken from those projects. “We are now rewriting one of our flagship plugins, Notification, using the micropackages and intend to create every new plugin and theme using them,” said Mikita. “And, because they are loosely coupled, there can be a lot of configuration variations.

Package and dependency management is a standard part of development within the larger PHP development world. The use of packages has become more and more standard as WordPress has begun using modern JavaScript tooling. However, the ecosystem mostly falls short when dealing with PHP packages. While many plugin developers make use of such dependencies, the practice is not common. WordPress also has no built-in method of handling dependencies. The situation makes it hard for projects such as Micropackage to gain any real traction within the overall WordPress developer community.

The Available Packages

The project includes 13 repositories that can be included in WordPress plugins or themes via Composer. Most of the packages are currently available on the Micropackage page on Packagist. Several of the packages are essentially wrappers for various WordPress APIs for simpler usage. However, some of the packages offer new developer features.

Mikita said the following are the most important packages for the team:

  • DocHooks – PHP comment annotations repo that supports filters, actions, and shortcodes.
  • Requirements – Environment requirement checker for plugins.
  • Filesystem – Simplified wrapper around the WordPress Filesystem API.
  • Templates – Basic PHP templating solution that supports passing data to templates.
  • Responsive Embeds – JavaScript package for automatically making any embed responsive.

The repositories don’t stop there. They have built other wrappers for WordPress APIs, such as caching, scripts, and internationalization. The team also has a block creator for ACF that allows developers to create blocks from templates.

BracketSpace has at least five more packages planned for the project. At the moment, the packages have primarily targeted WordPress developers. However, Mikita said the team will also create platform-agnostic repositories whenever possible. That way, they will be useful for developers beyond the WordPress ecosystem.

Read the whole story
Share this story

How to Migrate from Magento to WooCommerce (and Why You Should)

1 Share

Looking for a user-friendly, affordable alternative to Magento? Now’s the time to migrate from Magento to WooCommerce. Learn how and why you should.

The post How to Migrate from Magento to WooCommerce (and Why You Should) appeared first on WooCommerce.

Read the whole story
Share this story

Authentication Bypass Vulnerability in InfiniteWP Client

1 Share
Authentication Bypass Vulnerability in InfiniteWP Client

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server.

Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as possible to mitigate risk. InfiniteWP users can update their plugin with the latest version

Continue reading Authentication Bypass Vulnerability in InfiniteWP Client <=  at Sucuri Blog.

Read the whole story
Share this story

WordPress 5.3.2 Maintenance Release

1 Share

WordPress 5.3.2 is now available!

This maintenance release features 5 fixes and enhancements.

WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4.

You can download WordPress 5.3.2 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Maintenance updates

Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues.

Main issues addressed in 5.3.2:

  • Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
  • Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
  • Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
  • Administration: Fix the colors in all color schemes for buttons with the .active class.
  • Posts, Post Types: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

For more information, browse the full list of changes on Trac or check out the version 5.3.2 HelpHub documentation page.


Thank you to everyone who contributed to WordPress 5.3.2:

Andrew Ozz, Andrey “Rarst” Savchenko, Dion hulse, eden159, Jb Audras, Kelly Dwan, Paul Biron, Sergey Biryukov, Tellyworth.

Read the whole story
Share this story

How to Disable WordPress Automatically Generated Images – Complete Guide

1 Share

[ WordPress Image Sizes ] As you may know, WordPress creates numerous copies of all images uploaded via the WP Media Library. These additional images are generated in various sizes, depending on your settings and other factors. This may be totally fine in general, but if you are working with lots of images on your site, the extra files can really eat up your disk space. This can be wasteful, specially if your site does not make use of all the extra images. So to help you conserve resources, eliminate waste, and keep things running as light as possible, this guide spells out everything you need to disable (or customize) all WordPress automatically generated images.

Learn how to disable any/all of WordPress’ auto-generated images to dial in the perfect configuration for your site.


First an example..

To get a better idea of what’s happening and why it’s important, consider my personal found-images site, eChunks.com. This site is where I like to post weird/inspiring/found images. As of now, there have been over 800 images uploaded to the site via the WP Media Library. So if I hadn’t taken measures to stop WordPress from auto-generating multiple copies of each image, that number of 800 would be more like thousands of images.

Do the math..

So running with the eChunks.com example, let’s do some quick math. We have a WordPress site with 800 original images, each averaging around 2MB in size. So collectively the original 800 images weigh around 1,600 MB or about 1.6 GB. Now let’s let WordPress do its thang and create extra copies of each image in various sizes. As of version 5.3, WordPress creates the following extra images for every image that is uploaded via the Media Library (and/or Visual Editor):

Image Size Dimensions
Thumbnail (Size based on Media settings)
Medium (Size based on Media settings)
Large (Size based on Media settings)
Medium Large 768px
2x Medium Large 1536px
2x Large 2048px
Scaled 2560px

Okay so now to get an idea of actual file-sizes for all these generated images, let’s consider the average case where each of the 800 original images weighs around 1.5MB to 2MB. The results would look something similar to this:

Image Size Dimensions File Size Total
Thumbnail (Size based on Media settings) 10KB 8MB
Medium (Size based on Media settings) 20KB 16MB
Large (Size based on Media settings) 100KB 80MB
Medium Large 768px 50KB 40MB
2x Medium Large 1536px 200KB 160MB
2x Large 2048px 400KB 320MB
Scaled 2560px 500KB 400MB

Adding that right column gives a grand total of 1024MB or 1.024 Gigabytes! Considering that the entire WordPress core weighs in at less than 50MB, along with a bunch of plugins and themes is still gonna be less than a couple hundred megabytes. So relative to the entire website, the amount of disk space required by all of those extra images is considerable to put it mildly.

And that’s for a typical site with only 800 images; some sites make use of a LOT more than that, not to mention high-resolution images and images that weigh a lot more than the average numbers used in the previous calculations. So it’s easy to understand, if WordPress generated images are not kept in check, the amount of required disk space can really add up.

But wait there’s more..

So far we’ve got WordPress generating seven additional images for each original uploaded image. But that’s not all of the extra images that may be in play. Depending on your theme, even more additional image sizes may be created via the following WordPress core functions:

  • set_post_thumbnail_size() — Creates a custom size for Featured Images
  • add_image_size() — Creates extra images of any specified size(s)

For example the WordPress default theme named “Twenty Fifteen” adds another extra generated image with this line:

set_post_thumbnail_size( 825, 510, true );

So that one extra image, plus the seven other default generated images, plus the original uploaded image, all looks like this on the server:

[ WordPress image files on server ]In addition to the seven extra images generated by WordPress, extra images may be added by your theme, as shown here for the Twenty Fifteen theme.

To summarize: WordPress generates at least 7 extra image sizes for each uploaded image. And then depending on your theme and plugins, any number of additional image sizes may be created as well. For some sites, this is useful or no big deal; for other sites, it’s something that’s completely unnecessary at best, wasteful overkill at worst.

Solution: Disable unwanted image sizes

The above scenario is only one example to illustrate the point. The sum total of image weight could be (much) more or less depending on your images, media settings, theme functions, and so forth. Fortunately, I continually disable the new WordPress image sizes that are added over the years, so I’ve been able to avoid massive disk bloat on my own sites.

So what’s the solution? How to manage all those extra images and conserve disk space? The trick is understanding how to disable each of the extra image sizes, so you can add the required code to disable (or customize) the ones that are not needed. Here are the magic recipes for controlling them:

Caution: Do not disable any image sizes that are required by your theme!

Disable Thumbnail Size

To disable generation of thumbnail-size images, set the “Thumbnail size” option to “0” (under Settings > Media > Image sizes). Setting to “0” disables auto-generation of this size image. Set to any other value to customize the size instead of disabling. Here is what the setting looks like under the Settings menu in the WP Admin Area:

[ WordPress Media Settings ]To disable or customize Thumbnail, Medium, and Large size images, visit this screen in the WP Admin Area. Enter “0” (without the quotes) to disable any/all of these extra size images.

Alternately, if you prefer to disable the thumbnail-size images programmatically, you can add the following code snippet to your theme functions.php (or add via simple/custom plugin):

function shapeSpace_disable_thumbnail_images($sizes) {

	unset($sizes['thumbnail']); // disable thumbnail size
	return $sizes;

add_action('intermediate_image_sizes_advanced', 'shapeSpace_disable_thumbnail_images');
Tip: the above technique can be used to disable other image sizes, as shown in some of the following techniques. So you can combine some of the size-disabling techniques into one single code snippet.

Disable Medium Size

To disable generation of medium-size images, set the “Medium size” option to “0” (under Settings > Media > Image sizes). Setting to “0” disables auto-generation of this size image. Set to any other value to customize the size instead of disabling.

Alternately, if you prefer to disable the medium-size images programmatically, you can add the following code snippet to your theme functions.php (or add via simple/custom plugin):

function shapeSpace_disable_medium_images($sizes) {
	unset($sizes['medium']); // disable medium size
	return $sizes;

add_action('intermediate_image_sizes_advanced', 'shapeSpace_disable_medium_images');

Disable Large Size

To disable generation of large-size images, set the “Large size” option to “0” (under Settings > Media > Image sizes). Setting to “0” disables auto-generation of this size image. Set to any other value to customize the size instead of disabling.

Alternately, if you prefer to disable the large-size images programmatically, you can add the following code snippet to your theme functions.php (or add via simple/custom plugin):

function shapeSpace_disable_large_images($sizes) {
	unset($sizes['large']); // disable large size
	return $sizes;
add_action('intermediate_image_sizes_advanced', 'shapeSpace_disable_large_images');

Disable Medium Large

To disable the “Medium Large” size images, add the following code snippet to your theme’s functions.php file:

function shapeSpace_disable_medium_large_images($sizes) {
	unset($sizes['medium_large']); // disable 768px size images
	return $sizes;
add_filter('intermediate_image_sizes_advanced', 'shapeSpace_disable_medium_large_images');

Disable 2x Medium Large

To disable the “2x Medium Large” size images, add the following code snippet to your theme’s functions.php file:

function shapeSpace_disable_2x_medium_large_images($sizes) {
	unset($sizes['1536x1536']); // disable 2x medium-large size
	return $sizes;
add_filter('intermediate_image_sizes_advanced', 'shapeSpace_disable_2x_medium_large_images');

Disable 2x Large

To disable the “2x Large” size images, add the following code snippet to your theme’s functions.php file:

function shapeSpace_disable_2x_large_images($sizes) {
	unset($sizes['2048x2048']); // disable 2x large size
	return $sizes;
add_filter('intermediate_image_sizes_advanced', 'shapeSpace_disable_2x_large_images');

Disable Scaled

To disable the “Scaled” images, add the following code snippet to your theme’s functions.php file:

add_filter('big_image_size_threshold', '__return_false');

Disable Other Sizes

For any extra images generated via set_post_thumbnail_size() and add_image_size(), you can use remove_image_size(). Here is an example:

function shapeSpace_disable_other_images() {
	remove_image_size('post-thumbnail'); // disable set_post_thumbnail_size() 
	remove_image_size('another-size');   // disable other add image sizes
add_action('init', 'shapeSpace_disable_other_images');

The key here is to know the name/slug of the custom image sizes you want to remove. For set post thumbnail (i.e., Featured Image), it’s always post-thumbnail. For other images added via add image size, the slug name will vary depending on your theme or plugin (whichever is responsible for adding the extra sizes). So to implement, first check your uploads directory and/or theme functions file to determine which sizes are being generated. Some themes add a bunch of extra image sizes, others do not, it just depends on the theme.

Shut them all down!

Before our parting shot, here is an “all-in-one” code snippet that combines and streamlines all of the above techniques into a single, plug-&-play code snippet:

// disable generated image sizes
function shapeSpace_disable_image_sizes($sizes) {
	unset($sizes['thumbnail']);    // disable thumbnail size
	unset($sizes['medium']);       // disable medium size
	unset($sizes['large']);        // disable large size
	unset($sizes['medium_large']); // disable medium-large size
	unset($sizes['1536x1536']);    // disable 2x medium-large size
	unset($sizes['2048x2048']);    // disable 2x large size
	return $sizes;
add_action('intermediate_image_sizes_advanced', 'shapeSpace_disable_image_sizes');

// disable scaled image size
add_filter('big_image_size_threshold', '__return_false');

// disable other image sizes
function shapeSpace_disable_other_image_sizes() {
	remove_image_size('post-thumbnail'); // disable images added via set_post_thumbnail_size() 
	remove_image_size('another-size');   // disable any other added image sizes
add_action('init', 'shapeSpace_disable_other_image_sizes');

That code snippet combines all of the techniques required to disable all of WordPress generated images (leaving only the original uploaded image). The only editing that may be required is for that last function, where “other” image sizes are disabled; there you may want to edit the another-size slug to match any other sizes that you want to disable, or if there are no other sizes, simply comment out or remove the line.

Pro Tip: In addition to all the extra images generated by WordPress, you may also want to control or disable all of the extra responsive image functionality that WordPress provides. Here is a free plugin to make it super easy: Disable Responsive Images Complete.

Wrap it up..

Granted, controlling WordPress image sizes may be more important for sites with a lot of images. But even if your site only uploads a few images every now and then, keeping your files as simple and lightweight as possible makes for a leaner, faster, more optimized WordPress-powered website.

Read the whole story
Share this story
Next Page of Stories