Why keep plugins up to date?

I recently had another developer ask me why I work to keep plugins current, why I upgrade them. I realize it’s important to see that their question isn’t stupid, and the market out there, developers included, needs to know about software updates and why they matter. So here goes…

Security & Bug fixes

If you read the change-logs of any plugin you’ll see a combination of features, updates, fixes, and security patches. There are bigger feature releases, e.g. version 2.0.0, minor updates, e.g. version 2.1.0, and patch releases, e.g. version 2.1.1. It’s important to read change-logs every time to see what each version contains before applying it and testing.

Security is clearly the most important thing to be patching. My clients run eCommerce stores that contain business, customer, and transactional data that must be protected.

The next priority is bug fixes so that we have cleaner error logs, greater compatibilities, and fewer glitches occurring. Others have taken the time to report software bugs that the vendor has patched. We should honor their work and utilize their fully vetted solutions.

Features

Plugins come out with features about every few releases or so, on average. While features may not always seem useful in a particular situation, they add-up to something meaningful over time. Let’s say that you had to install three plugins to achieve a complete feature, but over time a plugin now provides all three components. Now you can remove two plugins and have a cleaner operation with a stronger relationship with that one vendor.

Feature updates aren’t always useful, but they are something that we must accept from our chosen vendors. By using a given plugin vendor, we’re in a relationship with them and must take the bad with the good and have an eye towards the future. Their feature roadmap tells us a lot about where they are currently and where they are headed in the near term.

Support & Accountability

Any time that I come across a bug in a plugin I’m supposed to report it to the vendor to give them a chance to fix their glitch for my client and everybody else that uses their product. It’s their product after all. They maintain it. They support it. It’s their responsibility to service it, or we must replace them.

I must run their latest version in order to get support. I can’t ask vendors to patch old versions of their products. It won’t happen. They usually won’t take bug reports seriously if it isn’t using their latest product, and certain licenses require a current product to even be able to report anything.

PHP / Server compatibility

The web server software that powers WordPress, PHP, updates about every month with a major release around November each year. They work on the latest version and provide security and patches to two previous versions. At the time of this writing the current version of PHP is 8.3.x, so versions 8.1.x and 8.2.x are supported by PHP to which I can support them as well. If I run outdated plugins, this prevents me from upgrading PHP safely. If I fail to upgrade PHP then the site is vulnerable to security issues and won’t perform optimally.

Performance

I’ve written earlier blog posts detailing the performance improvements of different releases of PHP. It’s time to make one on PHP 8.3 by the way. This is huge, because there are performance breakthroughs that directly affect WordPress and WooCommerce. PHP 8.3 clocks in at an 18.4% performance boost for WooCommerce product pages and that’s huge! Read more on Kinsta’s article about PHP performance benchmarks.