I had put off writing this post for a while, partly because I wanted to take the time and really give WordPress 2.5 a whirl before bashing it.
For several months now I have watched the discussion on the WordPress.org support forums – especially about the much maligned admin back-end changes, run a security "back-porting" experiment to keep my heavily customized version of 2.3.3 viable, and put 2.5.x through its paces to see what it does and doesn’t do.
All along, I’ve been taking copious screen-caps to help build my case. And at least for me, the verdict is in: WordPress 2.5.x has been largely a mistake. Here’s why:
- The layout and design changes to the admin backend have done preciously little to solve the problem of wasted vertical screen "real-estate", even though a supposedly top-notch design firm was hired in the redesign. Not sure what they were thinking, but even though the menus were made a little more sane, I still find no real consistency in what was done.
- Several things that actually worked well for people (and especially power-users) were taken away for no apparent reason, with sometimes additional complications being caused. Yes, I’m talking about the "Widgets" screen, as well as the needless moving around of the "post controls" away from the right hand of the write screen (wasting, surprise, surprise, even more vertical screen real-estate).
- It doesn’t truly address several of the long-standing issues with the WYSIWIG editor and the "wpautop" function that is at the root of these (which also happens to make WordPress slower than it needs to be). Sorry for the arcane tech reference, but it’s necessary to remind people that WordPress overly messing with people’s HTML has gone on far too long. The current "HTML" view in the write screen is now a very strange hybrid.
- And as I’ve argued in great detail in the posts on the security back-porting experiment, none of these rather extensive design changes needed to be rolled into the same update with the much needed security updates. They could have been kept separate, allowing users to continue using 2.3.3 for the time being. If Apache is able to do this, so should WordPress… Stop using security fears as leverage to push your feature "upgrades".
- Just for fun, along the way one of the more testy threads on the WordPress.org forum was closed by Mr. WordPress Matt Mullenweg himself, even though there were MANY, MANY complaining about issues with the 2.5 admin back-end design. Listen to your power-user base every once in a while, they are the one’s evangelizing your product for you (go read some Guy Kawasaki on this issue). They are the ones that might have to live through dozens of upgrades for clients, and their often painful aftermath.
OK, so let’s get into the details. Here is what my own customized Write Screen looks like, using the FCKEditor plugin and changes to the admin stylesheets and /wp-admin/menu.php.
Continue reading “WordPress 2.5.x Design Issues: Why I am staying with my 2.3.3 “Renegade””
Just wanted to update you on a few developments with the back-porting of WordPress 2.5.x security improvements to version 2.3.3.
First, I want to emphasize that I did this largely to show that it was possible, and that WordPress (Automattic) should consider rolling out such security fixes for older versions as patches rather than forcing "upgrades" to entirely new iterations of WordPress with many feature changes mixed in with such fixes.
First, I did move the "Retro-fit" to this production blog of mine that is running a customized version of 2.3.3, and things have been going fine, for the most part.
Here is a screen-shot of the "no frills" login screen that is now missing the formatting that changed with 2.5.1 (as mentioned in the prior post). Since I have the user registration turned off, this is a non-issue for me, I can easily deal with not having a "pretty" login screen.
Continue reading “An Update on the WordPress 2.3.3 Security Retro-fit Adventure”
OK, the content of this post is so important that I won’t agonize too much over whether the writing is all that smooth or not.
You may have heard any number of things in recent weeks and months about the need to upgrade to WordPress 2.5.x because of security issues with the older versions. In fact, it can almost sound as if some people wanted to scare you into upgrading.
Now there have been for a long time issues with the fact that each WordPress "update" tends to be far from a smooth/pain-free operation for many people, breaking relied-upon plugins, creating issues with your (possibly custom) themes, and requiring the re-edit of any personal hacks you may have had reason to place directly into the WordPress core distribution because some things don’t work quite right in there, and pleas to fix them are often ignored.
In this case however, there have also been a large number of changes to the WordPress admin back-end, the usefulness of some of which has been judged to be questionable, or that have caused actual problems (2.5 could delete your text widgets among other things). One look at the WordPress support forum tells the story. I am not going to get into all of the reasons right now why I am not upgrading to 2.5.x for the foreseeable future. That is for a different post.
Suffice it to say that many top bloggers with an understanding of the tech issues have said they won’t upgrade for a while.
What is important though is that the security fixes that came with 2.5 should in reality be made available as small, "single file copy" patches for anyone deciding to stay with the older version(s) for now. I have said as much on the support forum in several places, most recently on a very active "2.5 backend issues" thread that actually got shut down my "Mr. WordPress" Matt Mullenweg himself.
Since they currently seem rather unconcerned with making these fixes available without a wholesale upgrade, I decided to take it upon myself to do so.
Here are the results:
Continue reading “WordPress 2.3.3 Security Retro-Fit”