rawalex

I think marking this as “resolved” sort of doesn’t cut it.

Sheri, the issue is that many people have spent years building up blogs and work flow that involves doing these sorts of things, based sometimes on custom themes or things that they have created themselves. It’s not easy to say “go back and edit 1200 posts so that you are compatible with our new vision, oh and change your work flow and methods too!”. That doesn’t work so well. General rules of software is to support backward compatibility as much as you can, and suddenly ripping a significant function out of wordpress and then thinking everyone will suddenly learn CSS to handle it is not simple.

Oh, and for what it’s worth, the CSS to have different borders and spacing around a number of different images isn’t exactly quite as simple as all that for most people to figure out. If you are thinking of doing a custom css setup, it might be better to have something that defines an image type, and defines it’s parameters in a similar manner to the pre-3.9 advanced method. Basically, custom image tag, border, spacing, padding, extra code… and then allow the user to select a “custom image tag” to apply to their images as they add them into a post. That may be functional, mostly because you obscure the nasty CSS code and replace it with simple to maintain items.

Mika, I think you need to go back and re-look at ReCaptcha. It has an audio option, where users can click an audio button and hear the actual code. Generally I am seeing spam drop to next to nothing as soon as I install it, with little impact on the number or ratio of comments to posts.

Most of the rest of your answer is sort of dancing around the fact that it’s an in house project that pays the bills, so it’s left in by default. It’s just sort of annoying for more pro users to have this thing show up that you have to pay to use – and the price isn’t all that good either. There are plenty of very basic concepts (the old “what is two plus 6?” question box) that would likely give very similar results in fighting spam. Why not integrate one or more of them right into the basic product? Is the goal removing spam, or is the goal more… umm, obvious?

Sheri, CSS is amazing – it’s also out of the reach of many who know enough to click advanced and fill in the boxes to put a border around an image and not much else. Not everyone is really interested in making edits to their templates, and more so editing CSS which is not friendly to non-technical types.

It’s the sort of change in the core of wordpress that moves them away from the webmaster audience that made wordpress so popular. It’s another step that makes it harder for non-techies to run a blog well.

Ipstenu, actually ReCaptcha seems to work very well, adding it onto a blog has gotten me only one or two spam comments, both non-bot real person type spams, and plenty of positive comments from users. The audio feature seems to work fine as well. It’s not perfect, but it’s not less perfect than Akismet seems to be.

Hardeep, with respect, I understand that Akismet gets rid of some spam, but really not all of it. It’s as good a plug in as some of the other anti-spam options, from recaptcha and similar tools to hardening options. My only point is that it seems unfair to give this one tool preferential status over the others, especially when it is a freemium product offered as part of a money making business. Why not have a few other anti-spam tools in every install as well?

My vote is “old way”, at least for now. Any update that specifically changes the way that existing users have to operate, or changes as a result the way things are displayed is a bad move. Moreover, making such a move without explaining in great detail what is lost is a big deal.

I use that sort of thing in some places, particularly making blog posts that fit 800 wide with an image on one side and post context next to it. That is done with a standard spacing and a float left or right, depending on where I want the image for a given post, and that was handled in the advanced options area. Losing that would make it very difficult for me to post on those blogs without significantly redoing both the themes and editing every post made, and that is in very plain terms not feasible.

This is a case where the upgrade is a downgrade, at least for those who might have used the tools.

More and more wordpress is a tool used by corporate, social groups, politicians, and the like. It’s grown into a near full on CMS. The more commercial users you have, the more they will question what they are obliged to install or what is installed by default.

If you want to fight spam, wouldn’t it be better to have a default program like a captcha using the Google captcha system? I don’t see Akismet as a huge spam fighter (it lets too many bots through), as much as making people think they are protected when they really are nowhere near completely covered.

Dolly is nice, whatever… but including it in every update doesn’t really help.

Hardeep, I understand that. But as a commercial user, I am obligated to pay, and the fee is not unsubstantial – $600 a year (62.5 cents per mille – provided you max out the 80k a month).

My point is more that giving preferential standing to one product over another, and continuing to include it in every download seems a bit out of line.

For what it’s worth, you may want to check if you are using an up to date browser. From what I can see, this new editor won’t work with older browsers.

I am almost not upgrading (or is it downgrading) to 3.9 until the editor situation gets resolved. Losing too many features and perhaps running afoul of other plugins seems like a giant leap, but not forward!

Otto, sorry, the term was “tweet”. That gives you:

https://www.ads-software.com/plugins/tweet/

Requires: 2.3 or higher
Compatible up to: 2.8.2
Last Updated: 2009-7-21
Downloads: 9,211

(and a five star rating too!).

The real issue is that some plugins are not well written, or were written to get around past issues in the core, or use deprecated functions, or look for data that is no longer in the same place or same format.

Anyway, it is what it is. Safe to say that auto update is a risky concept much of the time, as the core issues this week have shown, and that for some it is not an option. With even a half dozen plugins on a site and a theme, that usually means nice pile of updates to do every month. This month has been particularly enjoyable, Thankfully I am not installing 3.9 (wait for the .1 at least, best practice), but I will have still done 2 complete updates and one more partial plug in and theme update for all sites this month. In the case of many of the plug ins, it doesn’t appear to be anything major or earth shattering, but well, that updates flag at the top of the page always gets people excited!

Otto, thanks for you answers. Beta to me is different from “valid for this version”. In a 2 year window, WordPress has gone through probably a dozen or more minor updates and probably 3 or 4 majors. Each step along the way, some plug ins lose their viability. I would much prefer to get an update notice when the plugin has been improved to match my current core version, it’s pretty important.

As for hiding except on exact matches, that still causes a problem for many as some of the plug ins are named after common searches. Type in “twitter” as an example and you get something from version 2.0.2. Yes, I see the “hasn’t been updated” notification at the top, if I go into the page, but it’s sort of silly that it even comes up at all, don’t you think?

Anyway, all this to say that as WordPress becomes more and more of a corporately accepted tool that there are areas where perhaps you need to strive for a higher standard, and slightly more regular and standard updating processes.

As a side note, 3.8.2 then 3.8.3 now 3.9 all in the same week? That’s a lot of work times 3, and it means that all of those plug ins will again update a few days from now. How long until 3.9.1?

Otto, first of all,thanks for your well thought out reply. It’s easy to swat and say “not important”, it’s harder to address the issues in a meaningful way.

The problem of moderators is that like it or not, they hold a position which is slightly above the average user, and many will look at them as representing not just authority here, but also as having some sway inside wordpress as a whole. My concern is more than a moderator may post things which discourages someone from adding comments, or may talk down an idea because they don’t agree with it, which in turn makes it look like the position of wordpress as a whole.

Perhaps moderators should only post as moderators when actually moderating, and perhaps have a second handle for regular posting? Just a thought, as I see plenty of discussions around here sort of end because a moderator has taken a strong stand that ends discussion.

“Plugin and theme authors can update and test at anytime. We’d actually love it if they did that a lot more often.”

Yet, the plug-in and theme areas do not seem to support plug ins by version. So in the event of a change required to support a version, there is no simple way for them to make a “3.9 version” without starting a new entire plug-in page. The result I suspect is that many don’t react until after the update is published and in use, and then they post up their patches. This just means that every core version update leads to a cascade of plug in and theme updates over the next week or so as some catch up.

As a side note, something like this might keep older (and no longer supported) plugins from crowding up plug in search, and could be used to allow people to search for relevant plugins that are maintained and brought up to date.

” only minor version (0.0.1) updates are applied by default.”

I do not use auto update (it’s a security risk to have your FTP login information stored on your server). So it’s news to me, and thanks for letting me know.

“When 3.8.2 was released, the security fixes there were backported to 3.7 as well, so there was a 3.7.2 release at the same time. Anybody running 3.7 got an auto-update to 3.7.2, not an update to 3.8.2.”

Yes, but for those who do not auto-update, we get a constant nag to update to the next version up, no matter what. If there are other versions available, it’s a well kept secret! Are these perhaps not getting shared equally with those who choose to be more secure and not use auto-update?

My thought wasn’t to just block it, but rather allow for it. In the dashboard have a “ignore minor updates on themes and plugins” so that people don’t get nagged.

Updating a single site isn’t an issue. Update hundreds of sites, deal with clients calling you because “oh no it says update again!” in their admin panel… then you start to understand the scope of the issue. The other option of totally automated updates leads to potential compatibility issues and problems, so just turning on the automatics to let it fix itself is not an option.

One plugin I use had an update this week, and I kid you not, it was “added estonian language support” – and this was enough to trigger an update notification on about 3 dozen blogs that use it. I am sure it was a useful update for someone, but did I need to know about it?

Trying to build stuff so that entirely dumb users are safe means a lot more work for the rest of us, it would be like pushing wordpress into the proverbial short bus and making us all crowd in. There should be options – and this becomes more and more apparent as WordPress moves towards being a full on commercial use CMS. Every time you see a commercial site using wordpress, there is almost certainly a support guy or company running it, and they have to deal with the same issues as everyone else.

Perhaps WordPress needs a “short bus” branch, to keep it simple?

“What happens of the only change between 3.3.2 and 3.3.3 is to plug a security vunerability that’s been made public and had hackers exploiting it?”

Well, quite simply, that should be a change from 3.3.2 to 3.4.0. A security update should be flagged as SIGNIFICANT, not incremental.

You don’t have to enforce the system, as always the community does that naturally. Plug in developers who constantly flag updates for no real reason “modified font size on optional page” would quickly find themselves getting flagged for silly updates. Those who fail to note security updates with .1 version increase would find themselves facing the same issue. You don’t have to force anything or come up with complex rules. That the dashboard light does not come on for a .0.1 increase and does come on for a .1 increase should be enough to tell them how to handle themselves.

So no, you don’t need anything rigid to make it work, you only need to let them know that there is a difference, and let them work it out. Right now the system is rigid, any even trifling modification leads to an annoying “update light” on the dashboard.

Andrew, this is perhaps one of the biggest problems of the forums here. When people see moderators, they believe they are dealing with someone in charge or who has actual sway over the product. Having a moderator (under that badge) take a hardline position on something is counter to the idea of a free exchange of ideas.

Moderation isn’t suppose to be a bully pulpit or a way to “keep wordpress pure” in some manner. Some do seem to take it like Eric Cartman as a hall monitor, and that is a negative of the whole concept.

I also agree with the original poster on the auto updates, and I will go one step further: Most plug-in and theme designers only get the core updates at the same time we do. So what I see happening is a time delay between the release of an update and full support by plug ins and theme makers. There ends up being gaps, as sites are auto-updated to version of wordpress that may or may not be well supported by the plugins that a site uses.

My suggestion is this: The auto update needs a little fine tuning. Security updates should always be applied, this is the real issue. More major updates (3.8.3 to 3.9 as an example) should ALWAYS require admin intervention to occur, even if it’s just clicking an “accept update” link on the admin panel, unless you specifically choose to allow these updates to occur automatically.

Plugin updates, as per another post I made, should only even flag as needing to be updated on a full .1 update, not on a .x.1 update. Minor revisions are not worth getting unless you have an issue, and if you have an issue, you are looking for that update!

Finally, there is one other thing I think wordpress should considering, which is the idea of final secure editions of wordpress before an update. As an example. when 3.9 is released, it might also be good to release 3.8.4 final, the last step in the 3.8 chain. This one could have any security patches applied to it, and stand as a “good stopping point” for those who for whatever reason are unwilling or unable to move to the next version. Some sites use plugins which are no longer actively supported and may break on a more major core update, so these people may need a place to get off the update elevator and stay secure for the time being.

Oh, so that those in charge can understand the full idea, it would be to have the wordpress “update” flag only appear when there is a significant (.1 or more) difference in versions. The update process right now is somewhat self defeating, as micro updates require the same level of attention as full ones, which generally means that updates don’t get done.

So if a plugin goes from 3.3.2 to 3.3.3 I would prefer not to have an UPDATE! flag screaming at the top of the page every time I log into the admin. Yes, I understand that it would be important on wordpress core updates, but on plugins, especially if authors are instructed on what constitutes a real update, we could save a lot of time and annoyance.