Welcome to WebmasterWorld Guest from 54.226.25.74

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

How Best to Cope With WordPress Plugin Updates

     
1:53 pm on Apr 30, 2015 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25783
votes: 834


I do find it a real struggle to keep up with updating all the plugins on each of the sites running WordPress.

I like to keep track of the updates on each site so i know that if a problem develops I can pin it down to a particular date and, perhaps , an action.

How do you cope with the process? Do you have a routine, or a system?
2:33 am on May 1, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 2002
posts: 767
votes: 11


The free Wordfence Plugin https://wordpress.org/plugins/wordfence/ [wordpress.org] alerts me when an item needs updating. It can be set to email alerts about security issues present and has a caching feature as well.
This email was sent from your website "Example Widgets" by the Wordfence plugin.

Wordfence found the following new issues on "Example Widgets home page".

Alert generated at Wednesday 29th of April 2015 at 12:52:29 AM

Warnings: * Modified plugin file: wp-content/plugins/akismet/readme.txt

I had used Limit Logon Attempts in the past; this one outshines it by orders of magnatudes.

After the last Zero Day security scare I set the Wordpress Core and Plugins to automatically update. https://www.siteground.com/tutorials/wordpress/auto-update.htm [siteground.com]

So that just leaves themes to worry about due to their elevated access to the WP core functions. I'm debating allowing themes to auto update as well because I have weekly backups running for the DB, plugins, uploads and themes. I make VERY few post launch changes so one week covers me for all but the most recent posts.
5:27 pm on May 19, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 29, 2007
posts:1823
votes: 107


I find that I have to modify plugins slightly to make them suit my needs and for that reason I am forced to disable plugin updates with an entry in my config file. Example: my favorite open graph plugin works really well BUT on multi-page posts it does not provide the correct url, it defaults to the first post in the series. Same with archives, it never appends the page number to the url. My fix required modifying their code and it would be lost in an automatic update... can't have that.
12:25 am on May 20, 2015 (gmt 0)

Preferred Member from AU 

10+ Year Member Top Contributors Of The Month

joined:May 27, 2005
posts:442
votes: 7


If the plugin works and you don't need to update the WordPress version because that also works, then ignore updates as there is no need to change what is already working.

If you customise anything then forget updates as they will only break what you have created.
8:22 pm on May 21, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 29, 2003
posts:944
votes: 0


"If the plugin works and you don't need to update the WordPress version because that also works, then ignore updates as there is no need to change what is already working"

This is not a good plan. Many updates are security fixes, even if not always flagged as such. and ignoring them will make your site vulnerable.
9:20 am on May 22, 2015 (gmt 0)

Preferred Member from AU 

10+ Year Member Top Contributors Of The Month

joined:May 27, 2005
posts:442
votes: 7


Dammed if you do and dammed if you don't?
5:09 pm on May 24, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 2002
posts:767
votes: 11


@JS_Harris: An alternative is submit those enhancements to the plugin author(s) for inclusion in their code.

It then becomes a Win-Win scenario, yes?
6:29 pm on May 26, 2015 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 28, 2004
posts:3277
votes: 14


You should never ignore plugin updates, for security reasons if nothing else. Jetpack just had a major security hole plugged with an update, if you maintain wordpress sites for clients, it is your fiduciary duty to update them.
2:27 pm on June 27, 2015 (gmt 0)

Preferred Member from AU 

10+ Year Member Top Contributors Of The Month

joined:May 27, 2005
posts:442
votes: 7


Plugin updates can be the source of the security weakness as can core updates.