Why Wait A Week Before Installing WordPress Updates?
Understanding when to update WordPress cause some headache!
So often we find ourselves torn by the “keep WordPress updated, always!” message and the “brand new updates break stuff” message!
If you get nothing else from this post, I hope you gather the take away message: It is always important to wait ONE week – no more, no less – after an update to the WordPress core or a WordPress plugin, before upgrading a business-critical WordPress blog or CMS.
So Why Not Wait A Month Or More To Upgrade WordPress?
Let me start by explaining why we don’t wait longer than a week – since its simplest: Waiting more than a week, to apply the security patches that are in most updates, SIGNIFICANTLY increases your risk of being hacked or otherwise having your blog infected by malicious code.
Security updates are included, to both plugins and core, generally to stop a known infection or attack that has already been launched. If an attack is happening – and someone yells out to you to seek cover – and you keep standing in the open field…. odds are you’re going to be hit!
Why Is Waiting That Week To Upgrade Important?
Now that we got that out of the way, lets come back to this whole “why do I need to wait a week before upgrading” issue.
We hear statements based on assumptions that may be fine for experienced individuals but are dangerous for the “average Joe” blogger..
Here’s an example:
“WordPress 3.0 RC has been out for a few weeks now and any supported plugins should be all updated by now. Waiting a week isn’t going to make any difference because if a plugin was going to be made compatible it would have been done by now. At least if it’s a good supported plugin then it should be. If it’s not, then why would anyone use it in the first place?”
Sounds logical. Would make sense if we were dealing with corporation produced software like Microsoft Windows, which we all know never has bugs ;) It would be fair to say that if Microsoft did not patch certain pieces of software to work on a new OS, before the OS was launched, it was unlikely to do so in the future. Fair enough.
However, WordPress is NOT corporation produced software. It’s produced by a community that INCLUDES you and me. We ARE the WordPress community. At the code level, all of us own the code we use. WordPress is open source software and one of the larger implementation of Tribes that exist! Each and every one of us takes part of using, testing, developing, requesting features, giving feedback, reporting plugins working or not working, upgrading code, contributing code, etc. Each and every one of us has to do our part here!
This also means that when a new version is WP was released, there are thousands of plugins in the repository that coders are still working to get updated. Quite a few plugins still need help at the moment and even if you can’t code you can donate or sponsor towards getting them fixed!
So many times a new release comes out and because the increase in mass testing and fringe cases, we see an almost immediate push of a sub-release. For example when 2.9 released it was terribly flawed in maybe 2 or 5% of all blogs. There was an almost immediate patch to 2.9.1 at the end of the first week. Lots of blogs were crippled due to the 2.9 release that would not have been if they’d simply waited a few days. I hope it scared you into learning to keep your blog correctly backed up!
Community developed GPL software takes time. They depend on people like you and me to both honor the GPL and to help with plugins that have fallen out of development. WordPress depends on all of us to report what is and isn’t working and help fix it. (This is why you can go to http://wordpress.org/extend/plugins and find plugins listed and report if they work or not with 2 clicks after signing in. If you will go mark the plugins you use successfully as “working” you will have helped!)
The AVERAGE wordpress.org user is on a free non-true-premium theme, many of which are poorly coded, using plugins extensively to bring in much-needed features. The average user also has no clue how to find out which plugins are now unsupported and a time bomb waiting to happen. (PS: The answer is to go to the wordpress.org link in the last paragraph, search for your plugin and check the percent compatibility score and the date of last update. If it was not since the newest version went to beta and has a low compatibility score, you’re looking at trouble.)
It is nearly the unanimous advice of all of the major development teams in the WordPress community to please upgrade TESTING blogs to betas and RCs to help with testing, but not to upgrade PRODUCTION (that is your main business blog) until a week has passed.
So What About Upgrading Plugins? They’re No Big Deal Right?
Majority of the plugins in the repository are maintained by a single person. That means that, logically, they are tested on a limited number of environments before their upgrade is released. Just like updates to the WordPress core, plugin upgrades may run into countless “fringe cases” and cause instability, data loss, corruption or other types of hiccups and require an almost immediate patch.
While it is certainly not the only one, the Digg Digg plugin that I adore, is prone to patch often and not be 100% stable when it’s released. (On the bright side because the developer patches often there is usually a correction patch within a few hours.) Many of you saw the unstable-upgrade issue when we were in the big GoDaddy/Wordpress hacking crisis and the WordPress backup plugin we depended on was having a rough week.
Were this Microsoft, we might point fingers, but unless we’re in the fray, helping these developers code and test, we have to learn to roll with the punches. One of the easiest ways to roll is to simply delay ONE week. The headaches you save yourself will be huge!
I hope this helps bring some clarity to why waiting a week to upgrade is so important. I also help it inspires you to do your part to contribute to the WordPress community that is producing the fruit you’re enjoying! One week is that magic sweet spot between giving the community time to work on late-appearing bugs and protecting yourself from exploits.
What are your thoughts on upgrading? Have you upgraded to the newest version of WordPress yet? Are you delaying for any particular reason? If known compatibility issues are what is holding you back, have you considered contributing to get them corrected? Does the upgrade process scare you away from taking the time to do it?
Please share your thoughts below and if you found this post helpful I’d appreciate if you’d bookmark it and share it with others!