WordPress.org

Forums

Removing old plugins (14 posts)

  1. jlee2
    Member
    Posted 9 months ago #

    is it possible for WordPress to start cleaning up old plugins? I mean those which go back to stone age and some of them have security issues.
    Not knowing that one of my plugins was outdated and the author stopped updating it for several years, 4 of my WordPress websites got hacked.

    I think it is a good time to delete those old plugins.

  2. jlee2
    Member
    Posted 9 months ago #

    I think anything which has not been updated since 2012 should be removed

  3. Andrew
    Forum moderator
    Posted 9 months ago #

    What if a plugin doesn't need to be updated?

  4. jlee2
    Member
    Posted 9 months ago #

    to be honest I don't think there is a plugin that necessarily doesn't require any update. WordPress occasionally deprecate functions, so I think it is a good idea for the Plugins author to convert and replace.

    It is just a thought, I think instead of having thousands of outdated plugins, it is better to have hundred which are updated and secure.

  5. esmi
    Forum Moderator
    Posted 9 months ago #

    to be honest I don't think there is a plugin that necessarily doesn't require any update

    I do. Not all plugins (especially if they are well coded in the first place) require updating with every WordPress update.

  6. That said, we DO ask the devs to update their readmes to say 'Compatible up to..'

    We don't force 'em

  7. esmi
    Forum Moderator
    Posted 9 months ago #

    But on the other hand, you can then get people complaining about plugin updates and why are they necessary. See - nothing is ever black & white. ;-)

  8. jlee2
    Member
    Posted 9 months ago #

    I do. Not all plugins (especially if they are well coded in the first place) require updating with every WordPress update.

    but even well coded Plugins need update. Here are the update dates for top WordPress plugins :

    Jetpack - 2014-6-18
    bbPress - 2014-6-6
    Google XML Sitemaps - 2014-6-3
    WP Super Cache - 2014-4-17
    Contact Form 7 - 2014-5-12
    All in One SEO Pack - 2014-6-17

    all of these Plugins have been updated in the past few months.

    My suggestion is to remove any Plugin which has not been updated for several years or if they use any functions which have been deprecated.

  9. but even well coded Plugins need update.

    Why? I mean, aside from authors verifying that their code works on the current version of WordPress (which is encouraged) what does that accomplish?

    My suggestion is to remove any Plugin which has not been updated for several years or if they use any functions which have been deprecated.

    That's just not necessary. See this plugin?

    https://wordpress.org/plugins/limit-login-attempts/

    It works. But the plugin page cautions users that it's not been updated in over 2 years. I believe that your WordPress dashboard won't offer that plugin but I've not checked that myself.

    If a plugin somehow harms an installation then that can be reported. But just removing plugins arbitrarily due to age by itself isn't productive.

  10. jlee2
    Member
    Posted 9 months ago #

    several people actually reported issues with the Limit Login Attempts plugin. I am not saying the plugin is "bad written" - but it is two years old.

    Everything here occasionally updates for a reason, a lot of features were deprecated in PHP 5.3.x and that came out in 2013 now imagine a plugin written in 2009.

  11. Andrew
    Forum moderator
    Posted 9 months ago #

    So it sounds like you have to look at plugins at a case-by-case basis and judge whether they need an update, rather than roll out mandatory updates for all plugins.

  12. several people actually reported issues with the Limit Login Attempts plugin.

    *Looks*

    Did you review that topic? ;) Those reports indicate that those servers were compromised. It didn't indicate that there was a problem with that plugin.

    I am not saying the plugin is "bad written" - but it is two years old.

    Thanks! I'm always glad when people are in agreement with me and I don't see any need to remove old plugins from the repo. ;)

  13. jlee2
    Member
    Posted 9 months ago #

    Thanks! I'm always glad when people are in agreement with me and I don't see any need to remove old plugins from the repo. ;)

    haha :) true but I said in the beginning this is only a suggestion - open to discussion. I have WP_DEBUG enabled on my local WordPress environment to test out plugins and themes and I often encounter errors when I install old plugins - that was the reason I created this topic.

    it was just a suggestion - don't shoot the messenger :)

  14. While we appreciate the suggestion, at this time it's not a good enough reason to do that, given the complexities of the situation.

    As a member of the plugin review team, I am happy to tell you that hundreds of plugins I see a week will likely never need an update :) they're simple, they do their thing, and they do it well. Things like preventing self pings or removing the website URL from the comments are all basic and, thanks to the awesome backward compatibility of WP, likely to never need a patch in their life :)

Reply

You must log in to post.

About this Topic

Tags