Back in March of last year, I mentioned some issues I’d have with a plugin after passing it over for adoption. Well, the Plugin Review team handed it back to me, at my request but it came with some caveats which caused some headaches for some users… but not as big a headache as it could have caused if it had been left abandoned.
As you can probably guess, from some people, thanks was never coming (and, in some cases, the opposite) but it has left me with a moral to share.
But let’s rewind a bit first.
The previous developer had abandoned the plugin just a few months after taking it over, leaving it open for potential abuse. Existing users wouldn’t know what had happened to it and that they weren’t going to get any more updates for it – bugs will have been left and, more importantly, any discussed vulnerabilities would have been left unaddressed. And, let me tell you, if you think abandoned and high use plugins are not an attack vector for hackers, you need to think again.
That was why I decided to take it back – so I could ensure any issues WERE sorted whilst I find someone else to adopt it. That’s good news for the users.
Well, taking it back came with a big caveat. I couldn’t take the code that I hadn’t worked on, so it had to be wound back to the last version I worked on before it was adopted. Essentially, not only did I have to wind back to an older release but force it on all users who decided to update. That’s the bad news.
I did what I could – I put a changelog messaging explaining it. A bold message at the top of the README. And a pinned support forum post. They all told users the consequence of updating to the new version.
Of course, if you have automatic plugin updates switched on, this wouldn’t have mattered. But, of course, if your site is REALLY important and you can’t risk any interruption then you wouldn’t do this, right? Except users did. They either manually updated, ignoring the various messages, or relied on an automatic update. And then complained about their site breaking.
Thankfully, a user quickly found a solution, which has resolved many user issues. Not that everybody even read that and, in one case, without even raising a support query first, felt the need to leave a one star review because their plugin was now broke..
The good news is that I found a developer who was willing to take the plugin back on. I feel a lot more confident about this person, and feel the plugin is in much safer hands now.
But, back to that moral. The reality is, if your site is really THAT important to you, why are you allowing automatic deployment of plugin updates that could potentially break your site? I do it for this site, but that’s a risk I take. And, yeah, it’s a personal blog, so not the end of the world if it’s broken for a few hours as a result of a bad update. Test everything on a non-live site before even attempting to push out an update. And backup. That way, you can always reverse anything breaks.
Share this post on social media.
Leave a Reply