[resolved] Disable 'A new version of WordPress is available! Please update now.' message (20 posts)

  1. erwin33
    Posted 7 years ago #

    Where can I disable the message: 'A new version of WordPress is available! Please update now.' in my wp-admin?

  2. erwin33
    Posted 7 years ago #

    Anybody can help me please?

  3. S.K
    Posted 7 years ago #

    Why do you want to disable it? Isn't a good feature to give you a friendly reminder!


  4. erwin33
    Posted 7 years ago #

    Yes, but I don't want to update to every new verion it's comming out. The 2.3 works fine. And when there is a new update I see it fast enough on my dashboard page. So how can I disable this function?

  5. ssnickerer
    Posted 7 years ago #

    This should work:

    in wp-admin.css, add "display: none;" to #update-nag

  6. JeremyVisser
    Posted 7 years ago #

    This plugin should do the trick:


    Although, please do not have the attitude of "it works fine for me, why should I upgrade?". WordPress 2.3.1 was released because WordPress 2.3 has security issues and by not upgrading, you are creating an opportunity for crackers to crack your blog and deface it or create spam links, contributing to the spam problem.

  7. erwin33
    Posted 7 years ago #

    Thanks. It works.

  8. SpencerLavery
    Posted 7 years ago #

    Keeping a single blog up to date is becoming a job in itself, but managing over 30 is just incredibly soul destroying. I'm not sure how many more 'updates' I can take.

  9. Stevie212
    Posted 7 years ago #

    Why don't you care about keeping your blog safe, secured and updated?

  10. SpencerLavery
    Posted 7 years ago #

    I'm of the opinion that every major release (such as 2.3) should already be safe and secure!!!

    If a release isn't ready to be stable for at least 6 months it should be beta tested for longer. WordPress are updating with security fixes more than bloody Windows these days. At least Windows has the courtesy to automate its process.

  11. rlparker
    Posted 7 years ago #

    Re. SpencerLavery:

    I'm of the opinion that every major release (such as 2.3) should already be safe and secure!!!
    That is an incredibly naive attitude, and evidences complete ignorance of the realities of running an interactive web application.

    First of all, "safe and secure" entails two very relative adjectives; how safe and secure... and safe and secure from what, exactly. The internet is a "wild and woolly place", with new exploits developed and revealed continually.

    Secondly, "nothing" accessible over the web can ever be completely "safe and secure" in the strictest sense of the words; it's all a matter of risk mitigation.

    Finally, you should view security related updates a a necessary step due to the "arms race" nature of the ongoing struggle between developers and those that would exploit the applications they create. Today's "safe and secure" application is rendered vulnerable when the bad guys find a weakness, the developers identify the attack vector and provide a fix, and the process repeats itself on an ongoing basis.

    Sure, updating can be an aggravation at times, but that is not nearly as "aggravating" as the damage suffered from leaving "unpatched" vulnerabilities in the wild to be exploited. I'm thankful WordPress developers release, as they need, to plug security vulnerabilities. To me, this is much more important than features.

    Ultimately, the choice of whether or not to upgrade, or when to upgrade, is up to you but you should be aware of the risks you face if you refuse to except that an application you are running is vulnerable and just bury you head in the sand. ;-)


    Even if I

  12. SpencerLavery
    Posted 7 years ago #

    Who is burying their head in the sand???

    I'd like to see you try to keep over 30 blogs up to date and not get frustrated by the short lives of each release.

    We predominantly use custom build CMSs where I work, and have over 100 deployed, most of which for years, and are yet to experience any 'security' problems. It is entirely possible to create safe and secure web applications, and if running WordPress is "vulnerable" to quote you, then I think it's high time we all switched over.

    I think the WordPress devs would have a fair amount to say about that claim of yours.

    I'm not complaining about having to update anyway, I'm frustrated by my clients seeing a "your WordPress is out of date" note without any prior knowledge, features like that should be marked clearly on the upgrade page to give people like me time to prepare themselves for the barrage of 30 panic-stricken phonecalls.

    I'm sorry but if you think having to go through a complete upgrade every single month is acceptable for a web app then you're the one that is naive and ignorant, and have clearly never worked with a professional web application in your life. I accept the shortcomings of using a popular open-source app, but don't tell me all apps are like this because they're simply not (used Expression Engine lately? Mephisto? Light CMS?). You're a fool for thinking so.

  13. rlparker
    Posted 7 years ago #

    Wow, I must have struck a sensitive note there, eh? The WordPress devs have made it clear how they feel about vulnerabilities with their recommendations to upgrade to address potential vulnerabilities.

    I occasionally get frustrated with having to update the 20 or so blogs I maintain on a regular basis (and the 30 or so CMS applications), but it's a part of the business we are in. I'd still rather update than run "unpatched" and expose my clients to potential exploits I could have mitigated had I not been too lazy (or greedy) to update when I could have.

    Your lack of having experienced "any security problems" has nothing at all to do with whether vulnerabilities exist; it only shows that you have not been exploited. Congratualtions! Hopefully, you will continue to be able to report such fortuitous experience in the future.

    I stand by what I've written; *you* decide when, and if, it is appropriate or desirable to upgrade your installation. Thankfully, the WordPress devs have a more realistic perception of threats to online applications than you do and continue to release security related updates as often as they deem them to be necessary.

    If you can't be bothered, then don't update and continue to dance with the devil hoping that you will never have to explain to those "over 30" blog operators why their sites were exploited via a known attack vector that could have been mitigated had their sites been kept up to date. Good luck with that, seriously!

    Final point: If you don't like your clients seeing that they are running "less than current" or "out of date" versions of WordPress, you can always take advantage of the Open Source nature of WordPress, and the license under which it is released, by removing those warnings. Alternately, you could even roll up your sleeves and code an automated update script so you could upgrade all those blogs much more easily (see the DreamHost "one-click" installer/.upgrader for an example).

    *That's* what many who routinely "work with professional web applications" do.

    Meh - "professional", "fool", "naive and ignorant", whatever. You perceive the security issues one way, I perceive them in another. We have different experiences on which to base our perceptions. PAX

  14. Kafkaesqui

    Posted 7 years ago #

    Discussions like this are good, but try to play nice. Let's not get this thread closed because of that awful forum virus, inflame-uenza.

  15. rlparker
    Posted 7 years ago #

    Kafkaesqui -

    Point taken, and I apologize for any inflaming verbiage. Dialed back immediately, and thanks for the reminder.

  16. SpencerLavery
    Posted 7 years ago #

    Yeah apologies on my part also - I wasn't best pleased at being accused of being naive, ignorant and burying my head in the sand.

    But back to the discussion at hand:

    I agree that security vulnerabilities need to be patched as soon as they're made aware of - but I as the developer would rather know about these issues/upgrades BEFORE my clients do. Historically I've done that by checking the WordPress site often, and that is something I'm more than happy to do.

    I don't think that that is an unreasonable request at all.

    Hacking the 'open-source' WordPress is all well and good until one month later I *need* to upgrade and re-do the hacks completely. As I'm sure you're well aware, when it comes to managing 20+ installations, even remembering which hacks you've implemented on which blog is a task in itself.

    Note: I should point out that the majority of these clients have no on-going maintenance contract with us, therefore keeping these installations up-to-date is a free, courtesy service that is increasingly eating more and more of my time. Where to draw the line with regard to support and 'secure' applications is very blurry in this case indeed.

  17. rlparker
    Posted 7 years ago #

    It seems we actually perceive the issue of security vulnerabilities in much the same way, and I apologize for my tone. I was not meaning to assert that *you* were naive or ignorant, though in retrospect I recognize that my argument with your premise about the "safe and secure" nature of a web accessible application could be taken that way. I sincerely apologize.

    I was trying to argue that no web application is inherently "safe and secure", only relatively so, and that I believe it is "uninformed" to fail to appreciate the dynamic nature of the exploit cabal.

    From your further comments I now see that your issue is not so much with the upgrades themselves (it would be nice it they were less frequent, but that can't always be helped if a vulnerability is detected?), as it is with the difficult situation you face with your clients because of the warning notice. I see your point, but have a couple of thoughts about that I hope you consider to be constructive .

    It seems to me that if you have no maintenance arrangement under which you can be compensated for doing upgrades, you have a potential "problem" *and* some potential "benefits" whether the upgrade notice is visible to your clients or not.

    If there is no notice to inform your client of the need to upgrade, as perceived by the developer (which is what you are advocating), your client continues to operate oblivious to the potential for exploitation, and from whom you might hear for months. That works out well enough (though you are doing no additional work for them) until/unless their blog *is* exploited. Should this happen, you will have a client that is likely to be at least as upset about you providing/installing (however you define your service) an "insecure" application as they are likely to be if offered the opportunity to upgrade (which *they* could then decide to do, or decline to do).

    To me, in this situation, the major difference between not having and having the notice, might go something like this:

    In the first case, the client can say, "I thought it was safe, and now my work is gone, etc. and it's your fault!" We both know that is not completely reasonable, but that doesn't mean you might not hear it. ;-)

    In the second case, being aware of the recommendation to upgrade, the client is (as you report) very likely to come to you and ask about it. This provides you the opportunity to discuss whether the upgrade is needed, what it will cost to do the upgrade, and allow the *client* to make the decision whether or not to upgrade.

    For instance, in this latest upgrade, after reviewing the changelog you may well report to client "A" that, "Your host is operating php setup with register_globals enabled, and this is an important security upgrade for you to consider," while telling client "B", "Your host is not vulnerable to the particular potential exploit this upgrade addresses."

    You could also describe the general nature of the other "fixes" in the upgrade, and then let your *client* decide if they want to bear the cost of the upgrade.

    This allows you to obtain compensation for your effort in doing the upgrade, while shifting the responsibility for the decision to the client (and in every case I have found that to be a "Good Thing(tm)").

    If the client sees the upgrade notice, doesn't contact you about it, and is exploited, you can thank the WordPress people that you can point out that he was warned, and elected to ignore the warning. Either way, your potential responsibility for any error of omission or liability is significantly mitigated.

    As an aside, my arrangement with most of my clients incorporates a "maintenance fee" into what I charge for managing their hosting. A few extra dollars a month on top of what is "passed through" to the hosting company compensates me for "quick and easy" minor webmaster duties (stats preparation, some simple upgrades, etc.) and is perceived by my clients to be a "good deal" (they don't have to mess with it). For those clients whose sites I developed, but do not manage under such an arrangement, an upgrade notice like the one now displayed serves the dual purpose of informing them of the potential vulnerability *and* driving them back to me for a discussion of whether the upgrade is something they want to forgo, or something they want to pay for.

    It keeps them in touch with me, provides the opportunity for additional business (many also discuss other things at this time, like a redesign, additional custom graphics, etc.), and generally *enhances* their perception(s) of the services I provide.

    There is no rule that says I *have* to charge to do the upgrade for them; sometimes I'll "throw in" the upgrade along with other work they hire me to do *as a result of the discussion*.

    One of the biggest challenges in the "web developer business" is getting paid for your time, and I respectfully suggest that you consider whether you are not devaluing your services when you do all these upgrades "as a courtesy" or "for free". I'm not saying you should take advantage of your clients at all; some upgrades will not be appropriate for every client. But other clients will might need templates reworked, plugins tweaked or managed, or other compensable work when an upgrade *is* indicated.

    I respectfully submit that having your client know about the availability of an upgrade, particularly one with security implications, has to be better for your business in every measurable way than having clients you don't hear from for months left "in the dark" about a potential risk (even though it might not seem like that when they are all yelling for upgrades at once). ;-)

    The preceding remarks are directed to our discussion as web site developers (relateing to the message being seen by your clients/users) and are probably of little interest to the hobbyist, one-man blogs, and self-managed WordPress users - they generally *want* to know when a new release is available, and will decide for themselves if the upgrade is worth the effort.

    All things considered, in furtherance of running the most secure code possible (especially on shared servers/hosts where a vulnerability in one application can impact many users), and for the other reasons I've discussed above, I like the upgrade notice and view it as an improvement.

    I suspect that if you consider how you can gain compensation for some of your "courtesy" services, you might like it too even though your initial response to it is negative.

  18. fnetw
    Posted 7 years ago #

    The best option is to use the last stable version, today is 2.3.3 without serious bugs.
    WP 2.5 will have many versions and fixes.
    Why to lost time upgrading to the last version all the time?

    The message can be removed at /wp-admin/includes/update.php
    Just delete the code
    add_action( 'admin_notices', 'update_nag', 3 );

  19. nirvanna51
    Posted 6 years ago #

    wp2.5,can anyone tell me how to add additional manage link into my blog roll.And is it true that once you delete a link in your blog roll its gone ,you do not get it back.And do I need to add another category to get more links in my page.Thanks Everyone

  20. artsy.ca
    Posted 6 years ago #

    One major reason to remove the notice is so that all your authors don't start nagging you whenever a new version comes out.

    I am working on a number of sites with people that will email me for every single warning. I know a new version of WP is out and when is best to upgrade. It's more suitable for many of my users to be left out of that particular decision.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.