I’m still pretty new to WordPress. I started using it in 2018 for my small business website, mainly because of the huge variety of plugins and themes. I never really paid much attention to the whole ‘WordPress core’ thing unless it was a security update.
But now I’m seeing all these arguments between Matt and WP Engine about constantly pouring money into updating WordPress. Honestly, I picked WordPress because of what it was, not for what it could become. If it only got security updates and bug fixes, I’d be totally fine with that.
Am I alone in this? I don’t really update my website often, and it sits pretty much the same for years. Is all this money for core updates necessary for keeping it safe, or is it just about adding new features?
Edit: Thanks for the replies everyone! Your points really helped me see it differently!
WordPress is probably one of the biggest targets for hackers because it’s so popular. Tons of big organizations use it now, even the U.S. government. So yeah, keeping it secure is a huge job.
Not only that, but the code has its flaws too. I once hit a core bug where they forgot a crucial sanity check after doing a series of others.
Drupal isn’t perfect either, but the devs tend to be more experienced. Sites that moved from Drupal to WordPress, especially after the D7 to D8 change, might regret it down the line.
WordPress is popular, just like how most malware is aimed at Windows because it’s the big fish in the pond. Hackers don’t usually bother with platforms that have only a tiny market share.
Yeah, and the government doesn’t just use WordPress directly. They work with agencies that have their own way of handling it (like the White House website).
WordPress launched long before 2018. If the attitude back then was ‘it’s fine, let’s leave it,’ do you think you’d have all the features you’re using now?
It’s not just about security patches—updates improve performance, keep things in line with standards, and enhance the backend. The web is constantly evolving, and if WordPress didn’t keep up, it would quickly become obsolete.
Even non-security updates can impact how plugins and themes work. Without these changes, developers would need to maintain multiple versions of their code, which is a huge hassle.
WordPress also needs to keep up with changes in the technology it runs on, like PHP. PHP itself gets updated, and WordPress has to support the latest versions to take advantage of the performance improvements. That’s another reason for all the updates.
Hey, let’s not call his question ignorant. He’s new to all this, so let’s just help him understand instead of making him feel more like a beginner than he already admitted to being.
Thanks for the support, but I actually don’t mind. I didn’t even think about things like PHP updates needing WordPress to change. Learned something new!
Think of it like maintaining a house. My parents bought a brand new home 45 years ago, but they still had to treat it for termites, replace the roof, and rewire parts of it when the wires got damaged. Things wear out or change, even in something that was once brand new.
You wouldn’t just leave a house unattended for decades, would you?
I get where you’re coming from, but not keeping up with updates can hurt in the long run. WordPress is stuck in a weird spot where it’s supporting both PHP 5 and PHP 7. Add third-party plugins into the mix, and one small change could cause a big problem.
Do you stay on top of your plugin updates and WordPress core updates? Eventually, holding off on updates will force you to choose between them.
Yeah, I keep up with all the updates, but when they change things and don’t explain it well, it’s frustrating. I usually ignore the new editor stuff since I prefer the Classic Editor.
Updates are mostly good, even if some decisions (like Gutenberg) are questionable. Stopping enhancements beyond security updates would be a mistake. WordPress needs to keep improving.
That said, I think it would be helpful if there were an option for long-term support (LTS) versions for people who don’t want constant changes.
You’re in the minority here. WordPress is the leader because of the constant updates, not just for small businesses like yours. A lot of the development is done by volunteers on TRAC, not paid developers.