Long-term WordPress Maintenance
November 26, 2013 11:25 AM

I'd like to read about issues, strategies and concerns regarding long-term WordPress maintenance. I have several clients using WordPress. I'm adept with the nuts and bolts, but I can see that staying on top of plugin updates is important and must be done carefully. I've killed live sites enough times to know now not to update willy nilly.

So what's the process? I'd like to read about developers doing the same thing. Searching on Google returns a lot of pages offering long-term maintenance services, but little how-to or developer-side discussion. I guess the basics are simple enough; dup the live site into a development environment and then start knocking out updates one by one.

Beyond plugins, I've read the "Hardening WP" wiki. Are there other security issues to think about long-term?

Basically I'd like to read more, in detail, about running WordPress over time.

Thanks.
posted by humboldt32 to Computers & Internet (1 answer total) 9 users marked this as a favorite
There's no easy answer. The cron-driven core updater introduced with 3.7 has certain advantages in terms of getting over security humps, but it's yet to be seen whether this will cause problems if plugins don't keep up with changes to core functions.

The process can also be complicated by the use of proprietary themes and plugins where the updates are behind a registration wall, and may require payment for access. It's even worse if a proprietary theme/plugin gets mistaken by the one-click updater as one in the Wordpress repository, and there's an offer to "update" it with completely different code. I've seen that happen.

Are there other security issues to think about long-term?

The most obvious case study is the timthumb vulnerability from 2011, which affected a lot of themes and plugins. If your sites' components depend upon common libraries and a vulnerability shows up, then you may to need to scramble, and a fix may require some fairly hardcore PHP adjustments.

Another thing to consider: PHP major version updates. Wordpress core has been pretty good at navigating the steps from 4.x and up the 5.x ladder, but plugins are often less future-proofed. You'll want to keep an eye on what your hosts' approach is to providing support for EOLed versions of PHP, and check the PHP release notes to see which functions are being deprecated.
posted by holgate at 11:57 AM on November 26, 2013


« Older Has your childhood bully ever apologized to you?   |   Designer bag too expensive: looking for similar... Newer »
This thread is closed to new comments.