WP Tavern › Forums › Create Topic
Chad Schulz Plugins are removed and, by default, hidden mostly because we’re on bbPress 1.0 and there is not as granular a control with post statuses when compared to WordPress itself. Well, am I the only one who sees a problem here. Wordpress.org is running 5 year old code to run its plugin repository. Yeah, I know this is all volunteer supported and free for public consumption. But, why not update your plugin code base for your plugin repo? Kinda discourages the whole “update plugin for security issues” when the primary supplier of these updates can’t/won’t update the plugins they themselves utilize for this public service. I love the fact that Wordpress delivers security patches separately for older versions of itself. This ensures that both compatibility remains and security stays up to date. It may be time to reevaluate how plugins get released. Delivering major releases ( v1.*, v2.*, etc.) parallel to minor non-breaking updates for security/bug patches. This way plugin authors can make small code adjustments as needed for security on, let’s say, at least, one generation of major release backwards while continuing to improve upon core features for the next major release. This would free up both website developers/designers and plugin authors from the constant upwards/onwards trajectory that ends up consuming lives. Sometimes better isn’t always, well, better. I’d rather have a secure website that functions without continuous overhauls then an always evolving mess that needs constant babysitting. It may seem like a step backwards that discourages improvements. However, in this 2017 world security trumps all other considerations. The high demand for continuous “improvements” in plugins is seriously undermining security on the web by discouraging the average user from updating plugins over fear that it’ll break their established sites. Hell, not even Wordpress.org is willing to undergo the headache of updating its own plugin base. Just a thought, Chad
Chad Schulz
Plugins are removed and, by default, hidden mostly because we’re on bbPress 1.0 and there is not as granular a control with post statuses when compared to WordPress itself.
Well, am I the only one who sees a problem here. Wordpress.org is running 5 year old code to run its plugin repository.
Yeah, I know this is all volunteer supported and free for public consumption. But, why not update your plugin code base for your plugin repo?
Kinda discourages the whole “update plugin for security issues” when the primary supplier of these updates can’t/won’t update the plugins they themselves utilize for this public service.
I love the fact that Wordpress delivers security patches separately for older versions of itself. This ensures that both compatibility remains and security stays up to date.
It may be time to reevaluate how plugins get released. Delivering major releases ( v1.*, v2.*, etc.) parallel to minor non-breaking updates for security/bug patches.
This way plugin authors can make small code adjustments as needed for security on, let’s say, at least, one generation of major release backwards while continuing to improve upon core features for the next major release.
This would free up both website developers/designers and plugin authors from the constant upwards/onwards trajectory that ends up consuming lives.
Sometimes better isn’t always, well, better. I’d rather have a secure website that functions without continuous overhauls then an always evolving mess that needs constant babysitting.
It may seem like a step backwards that discourages improvements. However, in this 2017 world security trumps all other considerations. The high demand for continuous “improvements” in plugins is seriously undermining security on the web by discouraging the average user from updating plugins over fear that it’ll break their established sites.
Hell, not even Wordpress.org is willing to undergo the headache of updating its own plugin base.
Just a thought, Chad
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content