WordPress 3.7 was released today. Named “Basie” after the famous jazz pianist, the latest version of WordPress is focused on architectural and security changes. The user interface hasn’t changed much. Most of the changes are “under the hood”, so to speak.
We’ll Wait and See
Those of you who have read my previous posts about updates know that I have a standing policy of not updating to any “dot-zero” version of any software. That includes WordPress. The release of 3.7 is considered a major release and I consider it to be version 3.7.0, i.e. a dot-zero release. Historically, a patch release happens within a few weeks after a major release and I typically wait for those before upgrading unless there is some feature that is a must-have. I’ve yet to encounter any feature that couldn’t wait a few weeks, but there’s always a first time.
One of the most anticipated features of WordPress 3.7 is the introduction of automatic updates. What this means is that beginning with this release, WordPress will have the ability to automatically update itself when security and patch releases occur. This is turned on by default.
While I understand the concern, and I think it’s a great idea for people who otherwise would never update their WordPress installs, I will be turning this feature off on my and my clients’ sites. The reason is simple. Any update has the potential to cause problems from minor glitches to full-on site crashes.
I maintain upwards of 75 sites as of this writing. I do not want to wake up one morning with an inbox full of emails with “Mayday! Mayday!” in the subject line! I will continue to test the updates before deploying them so that the updates are as seamless as possible.
What About Other Automatic Updates?
There is currently a discussion going on in one of my WordPress groups on LinkedIn regarding the pros and cons of the new automatic updates. Many share my view that manual updates make more sense for client sites which are often business-critical and automatic updates make sense for the average site owner who never thinks about updating.
The question arose “What about Chrome and Firefox? They have automatic updates.” One participant had a brilliant answer to that one. He said, in effect, “I let Chrome update itself automatically because if it crashes it only affects me on one machine. I can go to another machine and download a previous version in order to fix the problem. If I let WordPress update automatically, it potentially affects all my clients simultaneously which is a much bigger deal.”
I would add further that the people for whom automatic updates are intended are often the ones running very old versions of WordPress which don’t have automatic updates, so it’s really only going to benefit those creating new sites from today forward. That said, though, I agree it is a needed feature for many WordPress users.
WordPress and the security community have long advocated strong passwords. It’s even more important today with brute force attacks constantly hammering WordPress sites attempting to log in. Most of the brute force attacks try the user id “admin”, so not using “admin” as one of your user IDs is an important first step in keeping the undesirables out of your site.
Strong passwords are even more critical. Every year the worst passwords are published and every year people continue to use them as is witnessed by the lock on first place occupied by “password”. Here is the list of the top 25 worst passwords of 2012 to brighten your day…unless you happen to be using one of them!
WordPress 3.7 has a new graphical password strength meter which will show you more accurately than the old “Weak”, “Medium”, and “Strong” designations how strong (or not) your chosen password is. Always aim for the “Strong” range.
Better Global Support
If you happen to prefer a language other than English, the new WordPress will make your life much easier. Improved support for other languages is built in to this version and will continue to be improved going forward.
So, What Else Is New?
The remainder of the changes are behind the scenes in the core code. They provide new services for developers and many fixes and tweaks from over 400 items on the list since the previous version. Suffice to say that the average user won’t ever see these features, but they will see the effects of them as developers take advantage of them.
WordPress has changed its development cycle considerably and is moving toward a more rapid release schedule. Version 3.8 is being worked on as we speak and is due to be released sometime in December.
I’m taking a wait and see attitude toward this change in the development methodology. In my opinion, Firefox’s move to rapid scheduled updates ruined it. Firefox got worse with every update and it seemed like it was updating every time I started it up so I quit using it. I sincerely hope WordPress doesn’t go down that same path.