Support » Requests and Feedback » Featured Theme Filter & Old Themes

  • Why are you regularly featuring multiple themes that haven’t been updated in over a year? Most end users don’t realize how important updates are, and assume (not unreasonably) that if it’s available, it’s OK to use.

    I’m all for helping a good theme that’s gone unnoticed get a little more visibility, but it should be happening a lot sooner than 16 months after their last update, don’t you think? I’m trying to understand what possible reason you could have for promoting themes that may already be compromised. Could you be thinking “maybe they’ll update it if they get some users.” What if they don’t? Isn’t that a little tough on the users?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Andrew Nevins

    (@anevins)

    Edit: Sorry I think I now understand.
    An update won’t necessarily be important. There is no reason to think a theme without an update is worse than a theme with an update.

    Seriously? When the WordPress core has gone through multiple major and minor updates since an author last touched a theme, users are supposed to just assume they have been monitoring it nonetheless, and no changes have been needed for the past 16 months? Especially when most of the themes in question have *never* been updated since they were released?

    Maybe you do site security that way – not me. Even if the theme was fine (which users have no way of knowing), hack attempts increase exponentially with the age of the theme, whether there are known vulnerabilities or not. Presumably hackers assume a non-maintained theme is an indication of a non-maintained site and may also have vulnerable plugins (and they are often right), so at the very least, a site running a theme that hasn’t been updated in a long time will be slowed down by constant attacks.

    Whatever criteria WordPress.org uses to select themes for the Featured section, whether a theme is being maintained certainly ought to be a part of that. Promoting themes that may have abandoned a year ago is not OK. Many users do not understand the risks, and will naturally (and reasonably) assume anything promoted by WordPress has been vetted and is safe to use.

    • This reply was modified 2 months, 3 weeks ago by syzygist. Reason: typo
    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    Maybe you do site security that way – not me.

    Sorry, are you saying old code is insecure? That’s not the case. Being old code doesn’t matter for security. Code that is insecure isn’t based on code age, it’s based on best practices. You’re talking about themes not core WordPress or complex plugins.

    If you want to critique how the featured themes are curated then please do. But don’t try to make the case that old code is insecure.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.