I run the legacy 2.0.x branch of WordPress. I’m often asked why I don’t upgrade and I’ve decided to voice my reasons here and talk about using legacy software in general.

My reasons for not upgrading are simple. I don’t want to have to update regularly, simple as. I’m very busy and I run a lot of blogs. Upgrading all of them takes time, time that I don’t have. The legacy branch is supported and secure. It is only updated for security reasons and because its had a few updates in the past, new issues hardly ever arise – indeed I haven’t needed to update in months. Sure I don’t get the shiny new features, but these are not numerous and I don’t need them to maintain good websites. By spending less time upgrading I spend more time writing and more time developing software.

I am continually surprised by the attitude of plugin developers concerning people running the legacy branch. Many will release a security update for their plugin and at the same time introduce new features which require the latest WordPress version thereby preventing legacy users fixing their security holes. This is annoying because I am faced with a choice; keep the insecure version, stop using the plugin or back port the fix. Clearly I’m not going to use an insecure version and removing the plugin would reduce my sites functionality, so I end up having to take the time to back port the fixes.

In my eyes plugin authors should do one of two things; only use features that are available in the legacy branch thus keeping their updates accessible to all or maintain two branches themselves. Leaving users high and dry without security fixes is just not acceptable. I run a legacy version to save time. Many newbies however run the legacy version because they find upgrading daunting and they don’t want the hassle. This is particularly note-worthy as it is the newbies who cannot back port fixes and they WILL end up running insecure versions.

When developing Calendar I take the time to ensure that legacy users can run the plugin. I even pay careful attention to the server requirements of the legacy version of WordPress so that users staying on the legacy version for this reason can still use the plugin (see my update to support certain versions of MySQL). This doesn’t take much effort. Why can’t everyone do this?

Forgive me for ranting but this is a very important issue. Running a hosting company as I do I’m continually concerned by the scripts users are running, particularly those with security holes. A lot of my time is spent helping users upgrade and advising them on the best course of action concerning loss of functionality after an upgrade. Dougal Campbel notes that upgrading is important, even at the expense of functionality. I believe we should be able to have both. Some comment authors on Dougal’s article seem to agree with me. Upgrades to WordPress shouldn’t break plugins (but they do), neither should plugin updates remove support for the legacy branch (but they do). To users it is WordPress *and* the plugins that make their site, not one or the other. Developers clearly don’t agree with the users.

Come on people, get it together, it doesn’t have to be this way.