What’s The Best Way To Be Notified Of Theme And Plugin Updates?

Joost de Valk who is pretty popular these days, especially after the release of his Yoast SEO Plugin tells us the story of how one of his sites was hacked because a theme containing the TimThumb vulnerability was not updated. If that were not interesting enough, Joost shares a statistic that doesn’t surprise me one bit. According to Joost, after he releases an update to his plugins, he rarely sees more than 20% of the user base upgrade within the first week.

We, as a community, need to get better at that.

I agree. People such as myself have harped on the fact that people need to start upgrading their WordPress installs sooner rather than later once an update has been released. I don’t have the numbers to back it up but I’m willing to bet that thanks to the easier upgrading processes built into WordPress, there is a larger number of people updating within the first week compared to when users had to manually upload the updated files to the server.

As if keeping abreast of updates for WordPress were not enough, users have to be vigilante on knowing when there are updates for both plugins and themes. Despite WooThemes publishing the information on their website regarding the security flaw and the associated fix, Joost still became a victim one month later. It seems as though KNOWING about the update is at least half the battle. Therefor, what do you think is the best way or ways to keep users abreast of updates for plugins and themes, especially as it relates to security releases? As it stands, the only time I know of when a plugin or theme needs to be updated is when I’m at the dashboard screen and I see the notifications. Should there be a built-in function in WordPress that plugins as well as themes can use to send email notifications to administrators when an update is available? Or, do we rely on plugin and theme authors to individually come up with ways to help their user base keep in touch with updates?

13 Comments


  1. Right now our new startup WebPub.com keeps WordPress automatically updated whenever an update comes out.

    We have a method to update plugins as well when updates come out, but we still need to finish some key features before we roll that out. We hope to have that ready end of this year or early next. Basically it will allow you to turn on automatic plugin updates for WP, or to be notified when one is available so you can manually update. Plus with snapshot rollbacks in case there is a problem.

    We are spending the next 30 days squashing the last bugs and exiting beta, then the next 60 after that finishing the marketplace frontend (which eventually will give a framework to plugin authors to push updates out as well as themes if users allow it),
    Thanks, Ben
    Co-Founder WebPub.com

    Report


  2. Like Luciano, I use the Update Notifier plugin–particularly on sites that I don’t visit the back end of very often. (On the client sites where I’m in doing comment moderation 2 or 3 times a week, it’s not really necessary.) You can set it up to notify your clients, too–otherwise they will likely forget to check, since many of my WP clients want a website more than a blog and don’t update their content that often.

    Report


  3. How often should you check themes/plugins you use on all your sites? daily? weekly? monthly?

    what if you are on vacation?

    I want a plugin to notify me via e-mail (that e-mail address goes to my Blackberry) when there is an update. If it’s a small update, I wouldn’t go to a internet cafe and update it (when on vacation) but if it’s a big one then yes.

    Vacation/Travelling for work/conferences/etc…

    Report


  4. The basic problem is simple:

    PEOPLE DON’T UPGRADE.

    They just won’t do it. You can make it as annoying and intrusive as possible. You can make it flash warnings in big red letters. It doesn’t matter. People just won’t click the damn button. When you ask them why, they’ll usually say something to the effect of that they don’t know how, or that upgrading once broke something somewhere… They simply refuse to do it, no matter how much you try to explain or warn them.

    There is only one solution to this. Google found it with Chrome. Upgrade them automatically, and don’t bother telling them.

    This is the only solution that will work in the long term. We have to implement automatic upgrades. We have to make it happen entirely without the user being involved. That’s the only way it’ll get done.

    Report


  5. It should be build in the Core with a notification via email. A Plugin is nice but it should be build in the System to active/deactive it under Settings->General or at Users->My Profile.

    Report


  6. @Otto – Totally agree, which is why we are going to push them auto at webpub, and then make sure the page loads after, and only roll back if there is a problem.

    Report


  7. I use WP Dashboard and love it, monitoring over 30 WP installations every time I log into it. I’d opt for automatic updates if they were available, of course, except often I have to do updates and installs manually since they don’t always take. If they went automatically and failed, I’d want assurance I would be notified somehow.

    Report


  8. That’s one great thing about child themes I suppose – it makes theme updates less painful.

    I was wondering though: is WP going to introduce a Changelog system for themes as well – like they have done with plugins (as championed by Jeff way back when?) because not every theme author maintains a separate website with a changelog.

    Not knowing if this is possible, but perhaps one way of ensuring that people will upgrade (without doing it automatically) is to have a ‘revert’ button along with the ‘upgrade’ button? But conditionally in that if its a security update, then no revert button is shown. But if its a more ‘optional’ upgrade, then it will. And this setting can be determined by theme or plugin authors?

    Report


  9. I have an array of sites, so I use the fantastic service http://www.ManageWP.com, which gives an overview of all the plugins across sites that needs upgrading. It even sends you an email when you need to act, – if you want it.

    I have it set for mail warning whenever there is a WordPress update. And I usually check in a couple of times per week to see if everything i alright.

    /Anders.

    Report


  10. @Ben – Sounds like a cool service. Sent you an email, hoping to get in touch with you to conduct a small interview for the show.

    @Otto – I ask that this be opt-in which is something the WordPress team seems to be against most of the time, something being opt-in. I want to be in full control of my site and want that ability to review the upgrades before they become live and active on my site.

    Report


  11. @Otto
    I agree. Auto upgrades as per Google Chrome are the only solution to this.

    Just to show another example, here are stats for one of my plugins in the repo:

    1. Last update released 4 December 2010
    2. As at today, only 59.5% of Active installs are using the current version.

    Astonishing…

    Report

Comments are closed.