WordPress is Dropping security updates for WordPress versions 3.7 through 4.0.
We like to support older versions and are no fans of the endless “upgrade” musical chairs and perpetual beta major software publishers have been playing for the last seven years. Upgrade musical chairs means nothing ever works properly as there’s always something broken when all the upgrades are done. Upgrade musical chairs means more money for software publishers, more trouble for end users (the ones who are not geeks but business people or artists or writers). Upgrade musical chairs also means more revenue for service companies like us but we still don’t like it. We like to earn our money by building new websites and new features, not with compatibility upgrades.
As critical as we are about software publishers dropping support for recent versions (Apple only supports two years of macOS these days, DxO has decided to enforce the same policy on its photographers which resulted in an unnecessary €4000 hardware upgrade for me), what WordPress is doing in this case is absolutely fine. WordPress 3.7 was released 9 years ago (October 24, 2013) and 4.0 8 years ago (September 4, 2014). That’s a wonderful history of long-term support with security updates. There’s a dedicated person whose only job is to co-ordinate security updates for older versions. Long-term security updates for older versions is one of the best policies WordPress/Automattic have ever had.
Our VIP sites usually run on the same version of WordPress (with security updates) for two to four years, as it means a more stable environment for their teams of up to twenty writers and editors. More productivity and lower IT bills. In line with this goal we created our plugin BusinessPress, to allow publishers to control updates and control update notifications. BusinessPress does other things, like allowing simple customisation of the login screen, security fixes like disabling XML-RPC and/or REST API or making them more secure, or disabling unnecessary clutter for business sites like emojis or oEmbed. BusinessPress allows advanced publishers to feed server-level security like fail2ban with bad WordPress logins and ban hackers on an IP basis, which effectively makes massive bot or DDOS attacks much more difficult.
But most importantly BusinessPress gives publishers control of WordPress updates. An ideal tool for a WordPress publisher who is running an older version of WordPress to upgrade his or her 3.7 install to 5.x step by step, without breaking everything all at once.
Our one concern was the backward compatibility of BusinessPress. We weren’t sure how far back BusinessPress would run. So we put up PHP 5.6 (yes, WordPress 3.7 is really that old and won’t run on PHP 7 dues to missing database module) to see if it also works with WordPress 3.7 and it does. Here’s a full list of the versions available for the upgrade:
So it’s not a problem to pick any version you like and not risk by upgrading straight to WordPress 6.0.x:
The upgrade to 4.1.x went fine:
Happy updates! BusinessPress will makes life easier generally for WordPress publishers, so check out some of the other features once your update is done.
Martin Viceník
Martin graduated as an engineer in Computer Science from Slovak Technical University in Bratislava. He grew up in Liptovský Mikuláš in northern Slovakia next to the beautiful Tatra mountains. He is the developer behind our FV Player.
Leave a Reply