A school district technology coordinator expressed frustration today after learning about yet another WordPress update. Version 2.2 of the software was released last week. This is the seventh update of the software since the beginning of 2007.
In this district, every staff member is eligible to have a blog hosted on the district web server. Because the district uses plugins and other features not compatible with the multiuser version of WordPress, each blog is maintained as a separate installation. That means each blog has to be upgraded individually.
This wouldn’t really be so bad, if it weren’t for the plugins. The plugins have to be disabled before upgrading, and then re-enabled one at a time. Failing to follow this procedure can lead to database corruption problems and a seriously broken blog. This is complicated by the fact that sometimes the plugins don’t work with the new version, prompting a need to update or replace the plugins. Themes have also been known to break with new versions, leaving the user with a blog that lacks the visual appeal previously enjoyed.
All told, a major release upgrade can take a couple weeks or more. Minor upgrades can be done in less time, but generally involve more than one full day of work. This is ignoring the fact that the scripts to create new installations, the skeleton database used for new blogs, and the documentation provided to the users may also have to change.
The WordPress development team has committed to releasing a new version of their software every four months. With anywhere from 3-7 security and bug fixes between major releases, this means a new version of the software is being released, on average, every 39 days. Specifically, there have been two major releases and ten minor ones since version 2.0 was released on December 26, 2005.
Put another way, if the district upgrades the blogs to the current version before the summer class on blogging begins on June 11, chances are good that there will be another new version to install before the end of June when the tech coordinator leaves before vacation. And if he installs that version before leaving, there will more than likely be another new version before school starts, with another major release coming shortly after the school year begins.
The frustration is compounded by the fact that 13 of the last 15 WordPress releases have included bug fixes and security patches that are required to keep a secure server running. Choosing not to upgrade leaves one vulnerable to attack, especially if the server houses other services in addtion to WordPress. Because older versions of WordPress are no longer maintained, users must continually upgrade to maintain the latest security patches. BlogSecurity.Net reported earlier this week that 98% of WordPress blogs are vulnerable to attack, because they don’t have the latest version installed.
“This doesn’t mean we’re abandoning WordPress,” the technology coordinator reported. “But we’re hoping the development team adopts a more streamlined approach to upgrades, and a more sane timeline for updates.”