WP Tavern › Forums › Create Topic
bemdesign I think we’re missing the crucial fact that WordPress, by its very license, is supposed to be free to use in any way desired, which includes running very outdated, security-compromised installations. Kind of like the freedom of speech, we need to allow users to do stuff that is pretty horrible and even stupid because 1) it’s their site and 2) it’s their freedom and choice to do so. We should never force users to do anything without their knowledge and approval. And that includes auto-updates. What we should be doing (and continue to do) is make it easier to do updates, make it easier to do backups, make it easier to roll-back to previous states, educate users on best security and update practices, provide useful communication in the dashboard about updates, provide better testing data so users can make meaningful decisions about whether to update or not, etc. Make it easier for people to make the choice to update. But don’t force updates on people. One example of a plugin update that really annoyed users was the Stream plugin going from 1.4.9 to version 2. The plugin completely changed how it did things as data is now stored on a 3rd party server and requires your WordPress.com account to access it. If a user updated without knowing this (which was very likely given the lack of communication about this change) they “lost” all their data (not really but that’s what it looked like), and seemingly lost the functionality of the plugin. Just that one instance shows that “auto-update all the things” is not a viable solution *at this time*. And even then, it should not be the default solution. Site owners should have the final decision on what they run on their WordPress site and how to run it.
bemdesign
I think we’re missing the crucial fact that WordPress, by its very license, is supposed to be free to use in any way desired, which includes running very outdated, security-compromised installations. Kind of like the freedom of speech, we need to allow users to do stuff that is pretty horrible and even stupid because 1) it’s their site and 2) it’s their freedom and choice to do so. We should never force users to do anything without their knowledge and approval. And that includes auto-updates. What we should be doing (and continue to do) is make it easier to do updates, make it easier to do backups, make it easier to roll-back to previous states, educate users on best security and update practices, provide useful communication in the dashboard about updates, provide better testing data so users can make meaningful decisions about whether to update or not, etc. Make it easier for people to make the choice to update. But don’t force updates on people. One example of a plugin update that really annoyed users was the Stream plugin going from 1.4.9 to version 2. The plugin completely changed how it did things as data is now stored on a 3rd party server and requires your WordPress.com account to access it. If a user updated without knowing this (which was very likely given the lack of communication about this change) they “lost” all their data (not really but that’s what it looked like), and seemingly lost the functionality of the plugin. Just that one instance shows that “auto-update all the things” is not a viable solution *at this time*. And even then, it should not be the default solution. Site owners should have the final decision on what they run on their WordPress site and how to run it.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
