WordPress’ Executive Director, Josepha Haden, announced the names of the leaders who will be coordinating releases for the remainder of 2020. Version 5.5, expected to be released in August, will be led by Matt Mullenweg, with Jake Spurlock as the coordinator and David Baumwald on Triage. Haden also named tech and design leads for the editor, media, accessibility, and documentation. This release is set to introduce automatic updates for plugins and themes in core. It will also add the Navigation block and block directory to core.
In November 2019, Haden tweeted that one of her goals was to put together an all-women release squad by the end of 2020, an idea that was well-received by the community. Although WordPress has already had women lead releases, the realization of this idea would be the first time in the project’s 17-year history that the entire squad is composed of women leaders. Haden began recruiting for the team in March.
“My hope is that with a release squad comprised entirely of people who identify as women, we’ll be able to increase the number women who have that experience and (hopefully) become returning contributors to Core and elsewhere,” Haden said in her initial proposal. “This doesn’t mean the release will only contain contributions from women. And if our current squad training process is any indication, it also doesn’t mean that we’re asking a squad to show up and do this without support.”
Last Friday, Haden named 50 women to the upcoming 5.6 all-women release squad, set to land in December 2020. This group includes women who have volunteered to participate, first by joining a “ride along” process for the 5.5 release cycle. Participants will join triage sessions and meetings, as well as collaborate on a 5.5.x point release in preparation for steering 5.6.
The proposed scope for WordPress 5.6 includes opt-in automatic updates for major core releases, full-site editing in core, a new default theme, and more. Squad leaders will be named in a separate kickoff post.
Do you see update notifications on your WordPress dashboard and choose to ignore them? Did you know using outdated WordPress installations allows hackers to exploit your website?
According to WordPress statistics, only 36% of users have the latest version installed (as of February 2020).
Many website owners choose to defer installing updates to their WordPress website for several reasons. Some may feel updates come too frequently or they cause problems to their site. But not updating your website invites a world of trouble!
So today, we decided to discuss the impact of using outdated software. We also understand the pain points of updating your WordPress website. So, we’ll also give you tips on how to safely update your site – minus the hassle!
Why are WordPress Updates Important?
WordPress is an open source software. This means the public is invited to use it, modify it or suggest changes to it. Developers around the world can contribute towards improving the software which includes discovering security flaws. Let’s see how this works:
When security flaws are discovered in the WordPress software, developers report it to the WordPress team.
This core team fixes the issue promptly with a ‘security patch’ and rolls out an updated version.
Website owners are prompted on their WordPress dashboard like so: “WordPress 5.3.2 is available! Please update now!”
Once the site owner updates the WordPress installation, the security issue will be patched on their site.
Now, what happens if you choose not to update your WordPress site?
By choosing to not update, the vulnerability remains present on your website. What’s worse is that when an update is released, the contents and reasons for the updates are included in the change log which is available publicly. Everyone around the world (including hackers) are now aware that a security flaw in the old version exists.
Hackers use scanners to crawl through the web and find WordPress sites running on the old version. Once they find your site, it’s easy for them to hack because they know exactly what the vulnerability is.
The same process applies to themes and plugins as well. Most developers of themes and plugins constantly work towards improving their software. They release updates regularly to patch security issues, fix bugs, introduce new features and ensure compatibility with the core WordPress software.
By ignoring the update, you make the hacker’s job easy and invite them in. That’s why regular updates are so important in keeping your website safe. But apart from security concerns, not updating your site carries other consequences as well.
Consequences of Not Keeping Your WordPress Website Updated
You can run your website on an outdated WordPress installation, but eventually, you’ll face many issues by not updating. Here, we’ll discuss six major consequences of not updating your WordPress website:
Your WordPress site comprises multiple components. While the core is developed by the WordPress team, themes and plugins are created by third-party developers. All three elements progress through different versions as they are constantly being improved. When the core is updated, developers of themes and plugins alter their design to suit the new WordPress version.
Now, if you’re running on an old WordPress version, you’d notice that certain plugins and themes are not compatible. This means you can’t install it or if you already have it installed, you’ll see it malfunction. In the WordPress repository, in the description, plugins/themes mention that it is compatible with “Version 5 and higher.”
The same applies the other way around as well. If you’ve updated your WordPress core installation, but haven’t bothered to update the plugins, you’ll see that the old version of the plugin can no longer function with the new version of WordPress. This is why it’s so important to keep everything up to date.
Slow Performance and Speed
This is particularly true if you are using an old WordPress version (for example, 3.0) to power your business website. You could face website issues like slow loading speed, navigation-related problems, or redirected pages. By not updating, you miss out on essential bug fixes that can cause your website to malfunction.
Outdated plugins and themes can increase website response time, causing visitors to lose interest quickly. All of this can lead to poor customer engagement and high bounce rates.
SEO Ranking Takes a Hit
Website performance factors like speed and inbound traffic boost the overall SEO ranking on popular search engines like Google. The slow loading speed of an outdated WordPress website can cause a drop in the incoming traffic, impacting your SEO ranking negatively. Plus, hackers find vulnerabilities on your site and break in, Google and other search engines blacklist your site. This means your visitors would see a warning like so:
Loss of Valuable Business Data
Many feel ‘My site is functioning fine. I don’t need the new version.’ But the longer you put off updates, the harder it’s going to get. You simply can’t run on an old version forever. Sooner or later, you will have to update.
Now, updating from Version 3.0 to 5.0 means you’ve missed a ton of updates in between. This means a lot of bugs that were present in the old code have been left to manifest on your site.
When you finally come to a point where you have to update, you’ll realize you’ll lose a lot of important data. The update can also break your website.
Tip: In such situations, ensure you have a reliable backup in place and seek professional help to update your WordPress website.
Lack of WordPress Online Support
When you face issues on your website and turn to online support forums for help, most answers being discussed will relate to new versions of WordPress. You’ll have to extensively search for answers that relate to older versions.
Your Website Lags Behind
This is not so much a consequence as it is a loss. Technology is advancing every second making things better, faster, and smoother. When you choose not to update, you stand to miss out on new features and enhancements that are contained in the update.
You won’t have access to those little things that could transform your “good” website to an “amazing” website.
You can avoid these consequences by regularly updating the core WordPress version and the plugins/themes installed on your website.
Now, we know that keeping your WordPress site updated is not as easy as clicking a button. Things can go wrong when you update and it deters many website owners from updating their sites.
However, there are ways to safely update your site. And it must be done because getting hacked is just one problem with choosing to not update. There are many more repercussions you could face if you opt to stay on outdated versions. Furthermore, as we mentioned, the longer you wait, the worse it becomes.
Before we wrap up, we’ll give you a few tips on how to update your website safely and regularly without feeling the burden of it.
How to safely update your WordPress site
Updates to WordPress, its themes and plugins come in quite often. And after you update your site, you might see server errors. For example, a client recently updated all the themes and plugins on their website. After it was complete, they saw this error while trying to access the website.
To avoid such issues, we recommend using a staging website. This site is an exact replica of your live website. Any changes made here will not affect the main site. So, you can test updates without worrying about a botched update.
You can set up a staging site using a plugin in under a few minutes. A staging site enables you to try out updates, test new layouts and designs, and experiment with new content. Once you’re happy with the changes, you simply need to merge the changes to your live site. You don’t have to replicate the changes again on your live site.
We also recommend taking a backup of your site before making major changes to your site or installing updates. In case things go wrong, you can restore your backup and revert to your website’s previous state. If you used BlogVault to stage a site, the plugin will automatically take a backup for you.
By taking these two measures, you can safely update your site – never having to worry about botched updates and incompatibility issues.
It’s important to update your WordPress site to keep it safe and secure against hackers. It’s a nightmare going through the ordeal of fixing a hacked website. In this scenario, prevention is always better than cure.
Plus, updates also carry numerous other benefits. Updates keep your site running at optimal speed and performance. This helps boost your SEO rankings, thus, increasing your visibility, traffic, and revenue.
BracketSpace, a WordPress-centric software development company based, released Micropackage a few weeks ago. The project is a collection of open-source repositories with reusable code for inclusion in WordPress plugins and themes. The library currently has 13 packages, including a filesystem wrapper, a template system, an Advanced Custom Fields block creator, and more.
The company out of Poland specializes in project outsourcing and plugin development. Some of their more popular plugins include Advanced Cron Manager Pro and Notification, a custom notification plugin in which the BracketSpace sells pro extensions for various services.
The Micropackage project was driven by the needs of the team and its projects. “We started the Micropackage project to scratch our own itch,” said Jakub Mikita, CEO of BracketSpace. “During the past few years of active plugin and website development, we noticed that keeping the code standard was very important for maintainability.” The BracketSpace team had been copying and pasting code between projects. Eventually, the team asked themselves the inevitable question that most development teams come to — why not break all of this code up into small packages and maintain them in a single place? Thus, the Micropackage project was born.
BracketSpace is using all of the packages in many of its current plugins and themes because the code was originally taken from those projects. “We are now rewriting one of our flagship plugins, Notification, using the micropackages and intend to create every new plugin and theme using them,” said Mikita. “And, because they are loosely coupled, there can be a lot of configuration variations.
The Available Packages
The project includes 13 repositories that can be included in WordPress plugins or themes via Composer. Most of the packages are currently available on the Micropackage page on Packagist. Several of the packages are essentially wrappers for various WordPress APIs for simpler usage. However, some of the packages offer new developer features.
Mikita said the following are the most important packages for the team:
DocHooks – PHP comment annotations repo that supports filters, actions, and shortcodes.
Filesystem – Simplified wrapper around the WordPress Filesystem API.
Templates – Basic PHP templating solution that supports passing data to templates.
The repositories don’t stop there. They have built other wrappers for WordPress APIs, such as caching, scripts, and internationalization. The team also has a block creator for ACF that allows developers to create blocks from templates.
BracketSpace has at least five more packages planned for the project. At the moment, the packages have primarily targeted WordPress developers. However, Mikita said the team will also create platform-agnostic repositories whenever possible. That way, they will be useful for developers beyond the WordPress ecosystem.
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server.
Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as possible to mitigate risk. InfiniteWP users can update their plugin with the latest version 126.96.36.199.