Chances are, if you’re reading this, you’ve either been a victim of an abandoned theme or you’re considering purchasing a staple theme that will be used for future clients. Fortunately, for me, one of my main go-to themes has been wildly popular and receives updates on a consistent basis. I consider myself lucky because there really is no fool-proof method to predict whether a theme will dissolve into obscurity.
The key takeaway from this report is that more vulnerabilities doesn’t necessarily mean more attacks. Given WordPress’s large and increasing footprint, it isn’t that far-fetched to expect more vulnerabilities. Just think of all the plugins and themes out in the wild. How many of those have been abandoned? Furthermore, how many websites sit idle, not receiving updates for months or even years.
The problem with Gutenberg is that it is forced onto WordPress users. Sure, there is a classic editor plugin that you can install. However, users are reporting incompatibilities with other popular plugins such as Yoast SEO. In my opinion, Gutenberg should have a core option of being enabled or disabled. An editor plugin shouldn’t be necessary to deactivate it.
It’s been a long time coming. WordPress 5.0 is finally nearing release with an official release date of November 19th. Although I’m very curious how the backend will affect my productivity and performance, I can’t say I’m too excited about the Gutenberg block editor. I’ve grown so fond of WPBakery that it would take some significant advantages to pry me away from it.
I appreciate the WordPress team making the effort in upgrading their content editor with Gutenberg. However, it may be too little too late. The Gutenberg plugin has been available for some time now. Despite it being an officially endorsed plugin by WordPress, it currently holds only 20,000+ active installs. Compare that against my favorite visual builder plugin, WPBakery, that claims over “2 million people can’t be wrong”. It begs the question, why even try?
The nice thing about these security updates is that they should be automatic unless explicity configured not to update. This certainly comes in handy when you manage dozens or even hundreds of WordPress websites for clients. Not having to manually update each site lessens the time (and risk) for a patched exploit to be abused on older installations. If you generally use the same admin email across all of your websites, you should get a notification about a successful automatic upgrade for those sites. It’s a welcomed reassurance that your sites are safe from a potentially dangerous vulnerability.