WordPress Upgrade Woes – Too Many Upgrades Too Often?

Filed as Features on October 24, 2008 4:41 am

A number of people have complained to me about the WordPress upgrade cycle. Today I am sure to get more people complaining. Yes, there is yet another WordPress version out.

The fact is, on occasions like today where there is a vulnerability spotted, there is not much anyone can do. They MUST address it.

Most people understand that, it’s the fact that each release bundles new functionality or functional changes. Those new features and changes can (and sometimes do) introduce their own bugs and vulnerabilities, and so it goes on.

Here are my questions to you, I would love to know your thoughts in the comments:

  1. Do the developers release too many WordPress versions, too often?
  2. Should they split releases into bug fixes, security patches and upgrades?
  3. Are you an early adopter or do you wait while everyone else discovers the new bugs?

This post was written by

You can visit the for a short bio, more posts, and other information about the author.

Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



  1. By Joost de Valk posted on October 24, 2008 at 4:48 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I’m so incredibly glad they immediately send out fixes like these… People are getting WordPress for free because it’s open source, which ALSO means that more vulnerabilities will be found. The good thing is, they’re fixed :)

    So, I think it’s a fair trade off: you get one of the best CMS’es out there, for free. In exchange, you have to upgrade a bit more often OR run the risk of being hacked.

    Reply

  2. By Nick Cernis posted on October 24, 2008 at 4:51 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I think it’s a positive thing that regular updates are released as a single patch if they’re needed for security reasons; plugins such as WP Automatic Upgrade make the process relatively painless, and I tend to update my sites straight away.

    What’s more concerning is the current trend of redesigning the interface in minor releases. WordPress 2.7 has been announced with a completely new admin panel, when it was only just redesigned in 2.5 this year. I think it’s bad form and a flaky development practice to confuse new and old users alike in this way, and would rather see such big changes at major 3.0/4.0 releases, as is the habit in more established software companies.

    Reply

  3. By Kim Woodbridge posted on October 24, 2008 at 5:00 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Constant upgrades are annoying but I am really glad that security issues are addressed so quickly. And it is free software!

    As Joost pointed out on his site, you only need to replace 3 files if you are already running 2.6.2 so that is am extremely easy upgrade.

    Part of the problem is that as more people use WordPress we have more people who don’t know how to upgrade or are afraid to. They install WordPress via fantastico on their webhost and don’t learn how to do an install and an upgrade. While we know how to install and upgrade and think it is easy. the process needs to become easier for and growing number of WordPress users.

    I also agree with Nick that the new interface in 2.7 is going to confuse people. Ultimately, I think it’s a good change because it will increase the work area. What troubles me more is that the names of the areas will change. For example, themes are currently under Design but will now be in a section called Appearance.

    Reply

  4. By Andrew posted on October 24, 2008 at 5:01 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Personally I think there are too many upgrades, but security fixes are a necessity and the sooner the better for those.

    Nice, I agree with you about the admin panel changes. Even if they are working toward something I think it should be a full release not a point release.

    Reply

  5. By Karthick posted on October 24, 2008 at 5:12 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Unfortunately I am an early adopter, and I have noticed that there is always some flaw that has to be fixed. I would suggest they release stable releases and not indirectly force people to jump on board.

    Patches/fixes are fine, but many of these upgrades prevent the plugins from working properly and that is really upsetting.

    Reply

  6. By daniel posted on October 24, 2008 at 5:27 am
    Want an avatar? Get a gravatar! • You can link to this comment

    definitely split out into patches vs upgrades.

    the only difficulty with that is you then end up with people on a bunch of different revisions, all needing patches. they’d either have to:

    1. slow down on full upgrade rollouts
    2. support several revisions at once with patches

    would definitely be friendlier than the current ‘upgrade or get hacked!’ system.

    daniel

    Reply

  7. By Mike T posted on October 24, 2008 at 6:10 am
    Want an avatar? Get a gravatar! • You can link to this comment

    You can’t fault them for releasing a security update. That’s just putting them in a “damned if you do, damned if you don’t” situation.

    That said, this was one of the things that really pushed me back into using Movable Type.

    Reply

  8. By Ryan Williams posted on October 24, 2008 at 7:10 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Nah, no problem with it at all.

    If WordPress were remotely difficult to upgrade then I’d have a different opinion, but the upgrade process is so easy and pain-free that it’s really not an issue. Especially when the developers provide the specific two files you need to replace as with this new security patch.

    If you can’t be bothered, just don’t install it — it’s no different than if they’d never released it at all.

    Reply

  9. By Craig posted on October 24, 2008 at 7:53 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I say “give us any required upgrade” right away, especially if it involves a security issue or major bug.

    I really don’t mind the frequency of the WP version releases, because it means that WP is working to make it the best software available.

    I just don’t understand why peeps think it is a hassle to upgrade. Using a plugin like the WP Automatic Upgrade, it only takes a few minutes to upgrade … so what’s the issue?

    There is nothing worse than going to a client site who is still running WP 2.2 or less. Having the latest, greatest version makes sense to me. I’d rather be bleeding edge than having a site whose code is deprecated and will someday probably not work.

    I think the new admin layout on 2.7 might confuse some peeps, but it is just a matter of getting used to something new … oh and much better.

    I disagree Nick … “bad form and a flaky development practice” … if you have something new and better … release it. Now I do agree that they should revisit their release version methodology. This is a major change and probably should be rev 3.0.

    My 2 cents!

    Reply

  10. By Big Fella posted on October 24, 2008 at 10:21 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Having lived through 30 years of large scale application upgrades in my professional life this topic is very significant to me. In terms of your three questions:

    1. Yes there are too many releases too often from WordPress. A release implies significant change to the application, for any change, whether minor or significant, sufficient time needs to be allocated to develop, test, repair, “fine tune”. The current frequency of releases from WordPress appears to be too hasty for an application as widely distributed as it is, especially given the fact that many WordPress users/webmasters are not software application technicians by vocation, but simply amateur bloggers.

    2. A security fix should not be used as rationale for immediately installing a new release, security fixes should be released as patches as soon as developed, not tied to any release schedule. “Point releases” should never be mandatory, but optionally elective by users, focusing on related elements of application fixes or enhancements, so that users can make independent decisions whether to accept a given point release or not.

    3. In terms of WordPress, it is an important application to me as a blogger, but it certainly is not critical to anything I do, and given my past experience upgrading to 2.5.0, I have determined that I will always wait for the version n.n.1, and let the early adopters go through the pain of any “shakedown cruise”. I am also of a mind right now, to wait for a version n.0 before I upgrade WordPress again, I don’t need every slick doo-dad to make me feel better, the version I am ru.nning today does what it needs to do.

    Reply

  11. By Susan posted on October 25, 2008 at 3:05 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Yep, too often. Although, I’ve always waited till the release was tested enough by those who immediately upgraded before using the upgrade for myself.

    Reply

  12. By Spamboy posted on October 25, 2008 at 8:48 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    @Craig Upgrades are a hassle anytime you have to engage in them and your site has major customizations, either in the theme or the core files. Because of the custom code on my site, I have to upgrade a development version of my blog, test the heck out of it, then do the same on my live site.

    @Kim It’s alot easier to upgrade the whole core of files (upload all at once) than to cherry-pick a smaller number of files.

    Reply

  13. By Ryan Williams posted on October 26, 2008 at 7:23 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Have you looked into using your own plug-ins to edit those core files rather than editing them directly, Spamboy?

    When I did my most recent blog I noticed that WordPress hilariously puts the style tags for the galleries in the body of the post, which completely breaks validation. I initially thought I’d have to edit the core file to change where it’s outputted, but it turns out this could be done with a plug-in.

    I think the whole point of plug-ins is to allow you to kind of make core changes without actually touching any of the core files. WordPress is definitely geared around this concept.

    Reply

  14. By Afperea posted on October 26, 2008 at 7:44 am
    Want an avatar? Get a gravatar! • You can link to this comment

    wordpress is good but y prefered the version 2.7

    Reply

  15. By Spamboy posted on October 26, 2008 at 4:57 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    @Ryan I avoid editing the core files myself, because of this reason. However, as someone who deals with production software packages on a daily basis at my “day job”, I know that not every WordPress user can get by avoiding such customizations. I was speaking for “the pack”. :)

    Reply

  16. By John Deszell posted on October 27, 2008 at 6:57 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I think it’s great they release new versions all the time, especially for security fixes. If you have an automatic upgrade plugin it’s a snap, couple mouse clicks and your all set.

    Reply

  17. By Jane Wells posted on October 28, 2008 at 7:55 am
    Want an avatar? Get a gravatar! • You can link to this comment

    One thing worth mentioning is that WordPress doesn’t use numbers to indicate a ‘major’ versus a ‘dot’ release anymore. Some people have said 2.7 should be called 3.0 because it’s such a big change, and going by traditional versioning models, I’d agree with them. However, since there’s a regular release schedule planned about a year in advance, WordPress versions are now simply numbered in sequence rather than based on the volume of change. So in traditional software parlance, I wouldn’t think of 2.7 as a dot release.

    Reply

  18. By deuts posted on October 28, 2008 at 10:43 am
    Want an avatar? Get a gravatar! • You can link to this comment

    If everyone of us should wait for the n.n.1 release before actually upgrading WordPress installation, then who would find those bugs for us? The development team?

    Just my two cents! :D

    Reply

  19. By Big Fella posted on October 28, 2008 at 11:40 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Hi deuts-

    I think it is a given that there is a very active community of users who are willing to jump on and exercise any new release of WP, and they are a valued part of the equation of the success of WP. However, I suspect that WP may be one of the most widely distributed and installed blogging applications, and there must be a very large segment of WP users who are not technically inclined, or who might be intimidated by upgrading software, particularly if the software has a history of “initial” releases being unstable.

    It seems to me that possibly a better release strategy would be to always release an n.n.0 version not by just throwing it out there, but by qualifying it as a Beta release, with appropriate caveats and encourage3ment for experienced and willing users to use it, and possibly suggesting that less experienced uses wait for the n.n.1 version.

    I agree with the ethos of the WP community that encourages early adopters’ and their enthusiastic exercise of the application and their constructive feedback and sharing of discovered solutions to problems. But I also believe that from a pragmatic view point, there may be a vast number of WP users who, for what ever reason, are not able to deal with somewhat unstable initial software version releases.

    Now it could be said, that those less sophisticated users or those less willing to expose their blogging experience to the “cutting edge” on their own, or who may be uncertain or intimidated by the upgrade process can always find a home on wordpress.com, and that is a possible avenue for them. But I have to believe that there are a lot of WP bloggers that are hosted somewhere other than at wordpress.com that would appreciate not having to worry through problematic versions of the application or the task of upgrading.

    Reply

    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.

    Current ye@r *