Should you update your website’s software version? It might seem intuitive to always update to the absolute latest version of whatever website software that you may be using as soon as it is available. However, adopting this philosophy dogmatically might lead to more problems than if you applied a less aggressive updating strategy.
Beta Versions and Alpha Versions
When I speak of the latest version of a piece of web software, I want to make it clear that I am not referring to alpha or beta versions. I am only referring to releases that are considered by its developers to be generally usable.
Two Use Cases: WordPress and Bootstrap
It’s impossible to give a completely exhaustive analysis of use cases, so what I will do in this post is review some use cases for some of the most popular web development software: Bootstrap and WordPress.
Should You Update Your Website’s Software Version? Assessing the WordPress Core
WordPress provides core feature updates about three times a year. They like to add new features pretty aggressively. Some new features are great as soon as they are released. Other features take a while to mature. And some are never really worth using.
WordPress Version Numbering Convention
The WordPress numbering convention is a little weird. The two leftmost digits on the WordPress version number essentially act as a single number. Neither number extends past nine. You could sort of think of WordPress version 6.2.2 as version 62.2. A minor version number may extend well past nine. For example, there is a WordPress version 4.1.38.
Minor Versions
Minor version releases are almost always related to enhanced security or critical performance issues. Minor releases often continue even if you do not update to the next major version.
Major Versions
Major version releases are primarily related to new features. One thing to keep in mind about a major version release is that it opens up opportunities for security vulnerabilities. While it is true that older software is also known for security vulnerabilities, some of the most secure software is software that is old without being too old. Software tends to improve in security after it has been around for awhile and has had ample opportunity to be tested in real world environments and patched with security updates. It doesn’t start to become more vulnerable until it becomes unpopular and people stop paying attention to it. Likewise, the period in the beginning when the software has relatively untested and unpatched new features is also a period with the potential for security vulnerabilities.
WordPress Version Support
Officially, the latest major version of WordPress is the only version that is supported. But unofficially, it is known that older versions of WordPress get security updates all of the time.
The Classic Editor Versus Gutenberg Argument
It’s hard to reference WordPress versions without at least mentioning the classic editor versus Gutenberg argument. If you are a classic editor user, then this argument may be particularly meaningful.
Classic Editor Plugin Versus Older WordPress Core Version
I don’t use the classic editor, so I’m not really sure that I am in a great position to give advice on whether or not you should use the classic editor plugin or the classic editor block or an older WordPress version. However, from my somewhat distant vantage point, it seems that using the Classic Editor plugin may be the more suitable alternative since it implies that more attention will be given to security and it doesn’t require any concession for the block environment. You can read about my policy on plugin updates down below.
The Site Editor (AKA “Full Site Editor”)
The new site editor‘s performance is still pretty bad. But if you are using Gutenberg and the customizer to build your site, then it is pretty safe to say that you can just ignore the site editor as a consideration. There hasn’t been even the faintest implication that I am aware of that WordPress has any intention of stopping customizer support at any point in the future. I imagine that their behavior has much to do with the backlash against Gutenberg. Even though a lot of us like Gutenberg, I think it did seem a little rough to remove the classic editor from the core.
What I Intend to Do
In the past, I have generally made it my policy to test core beta releases on my development environment then update to the next major version as soon as WordPress makes it available. However, I have begun to question this. Over the past couple of years, I have repeatedly found bugs in various WordPress blocks that beta testing and WordPress documentation did not prepare me for. Its hard to determine exactly what the cause of every problem was, so I don’t want to be too quick to assign blame. But it seems that at least in some cases, block updates have feature changes that do not provide adequate backwards compatibility. Similar problems sometimes extend into the block editor.
Although, I frequently find at least one new feature that I want use in each major WordPress version, I think that I will be less likely to adopt the newest major version as soon as it is released. I will continue to test the latest versions in development environments to make sure that it is compatible with my software. But I might wait for it to go through a minor release or two before updating it into a production environment. This creates improved security and allows for more time for new feature adjustment.
Finally, I can’t think of a good reason why I would stop updating minor versions.
Should You Update Your Website’s Software Version? Assessing WordPress Plugins and Themes
WordPress plugins and themes are designed to support the WordPress core. This means that plugin and theme developers often update with every new version of WordPress core. However, not every developer does this. One of my favorite plugins (which I won’t name because it’s one of my favorite) has a habit of putting off or never bothering to update the version number when WordPress updates its core. But not updating the plugin isn’t all that unreasonable. If the plugin still works and doesn’t require any change to its code, then updating just for the sake of changing a version number might seem like an unnecessary hassle even for the end user that has to take the time to run the update.
Major and Minor Versions for Plugins and Themes
Major and minor versions for plugins and themes are usually released in a single stream. That means that once there is a new major version, you should not expect support for a previous major version. So it usually behooves you to update regardless of what version type it is.
My Policy on Plugin and Theme Version Control
Once I have committed to a plugin or theme, I find that the best policy is to just update to the latest version as soon as it is available. If the software has any problems that become unmanageable and research shows that it does not appear that any corrective measures will be performed by its developer(s), then I stop using the software or replace it.
If a plugin stops updating for a significant period of time (usually at least a year), then I might do research to see whether there are still implications of support, and I might consider contacting the developer. I may also see if there are alternative resources for the plugin’s features.
Should You Update Your Website’s Software Version? Assessing Bootstrap
When Bootstrap 4 reached its end of life at the beginning of 2023, I figured it was a good time to start migrating my Bootstrap pages to Bootstrap 5. However, I have come to conclusion that it behooves me to be more hesitant.
Understanding How Bootstrap Numbers Its Versions
The Bootstrap version update strategy is much more conservative than the WordPress strategy. It adds fewer new features much less frequently. The Bootstrap version numbering convention is different than the WordPress version numbering convention. The leftmost number is the major version number, then the number to the right is the features version for that major version, then the rightmost digit is the patches version for the major version’s features number.
End of Life Software
An end of life version tends to imply that you should stop using that version and update to the newest version. Both Bootstrap 3 and 4 have hit end of life. Bootstrap 5 is considered active as of the date of this post’s publication.
Evaluating Bootstrap’s Older Version Quality
Older versions of Bootstrap (Versions 3 and 4 in particular) are of remarkably high quality and are stable and secure. Compare that to the latest version of Bootstrap (version 5) which has a lot of experiments with a lot problems, but not a lot of new features. This will make you question whether or not 5 is the best choice even though 3 and 4 are end of life.
Bootstrap Older Version Support
The documentation on Bootstrap older version support is a bit more cryptic than the WordPress documentation. According to their official documentation version 4 and version 3 have both hit end of life and no future support is implied. However if you read the release information for version 4, you can see that they explicitly state that you should feel free to continue to use it after end of life which implies potential security support. And if you read W3Schools documentation they state that both 3 and 4 are still supported for critical updates. Although, I’m not aware of official affiliation between Bootstrap and W3Schools. And it’s also possible that W3Schools simply needs to update its documentation. Also, there is unofficial documentation stating explicitly that older versions will not receive support.
My way of interpreting all of this (and this is somewhat speculative) is that if there was a problem with Bootstrap 3 or 4 and it still had a lot of users when the problem occurred and the Bootstrap team could create a patch without exerting an unreasonable effort, then they would probably write the patch. However, this is not something that they want to promise, and they aren’t actively looking for problems to correct.
Security is Relative to Use
The degree that a security vulnerability is meaningful is also related to its use case. If a security vulnerability only exists in a certain feature when it is used in a certain way, then its existence may not make your site any more vulnerable to a security threat than if you were to update to a more secure version. Prudent user management is always one of the most important elements of site security.
Bootstrap 5 Performance
Even if you just assume that support will not be provided for the end of life versions, and you don’t feel comfortable with your own management, whether or not to update to 5 still isn’t obvious. As I mentioned above, I tried to update to Bootstrap 5, however when I started to make updates, I noticed a lot of problems with scrollspy. And it turns out that, I wasn’t the only one with this problem. Also, anytime you have a new version of software with a lot of problems, you should consider that there may be unknown security vulnerabilities as well.
Bootstrap 4 Performance
Bootstrap 4 performs really well. And it has almost every feature that Bootstrap 5 has. The only real fundamental difference between 4 and 5 is Bootstrap 4 is dependent on JQuery which isn’t really a problem if you don’t mind using JQuery. And as of the publication of this post, version 4.6.2 has no known security vulnerabilities. I think that right now, at least for a little while longer, Bootstrap 4 might be the best version choice if I want to have a stable version of Bootstrap and keep all the features that I have been enjoying.
Should You Update Your Website’s Software Version? My Personal Experience With Supporting Older Software
As an open source developer, I appreciate the necessity of supporting older software. Like many open source developers, at the time of the publication of this post, my older software is still my most popular software in spite of everything that I have done to try to promote my newer software.
Even when my newer software is well tested and genuinely better, I know that change can be hard for my customers, especially if they are satisfied with what they have and have worked hard to achieve it.
Well developed older software actually tends to be pretty easy to manage when you make it easy for your users to report problems. So I can tell you from personal experience that it is usually the developer’s desire to provide as much support as possible for as long as possible.
So should you update your website’s software version? The bottom line is that there is no one size fits all answer for when to update. Hopefully, you realize that you should consider updating all of your web software at regular intervals and be prepared to do whatever work is necessary to perform the updates when the time is right.