Earlier this week, one of the 1,000 most popular plugins in the WordPress Plugin Directory was closed without an explanation. It later returned after an update was made to the plugin. What wasn’t detected is that the plugin now caused a fatal error to occur on admin pages on the website. The damage caused by that was limited as the error occurred after most of the web page was generated. It was couple days before it was fixed. It appeared to go rather unnoticed until then, as there were no topics about the issue in the support forum on the plugin directory for the plugin.

That situation shouldn’t have happened. WordPress should do basic automated testing before updates are made live to catch that type of situation. There also was presumably a manual process before the plugin was restored to the directory that missed that situation.

Part of the problem with not doing that, is that issues like that getting through make webmasters more cautious about updating plugins. That is bad for security, as updating plugins can provide protection faster than supposedly “fastest” protection offered by unscrupulous security providers.

It has been on our todo list for some time to help our customers with the problem of broken updates. Seeing the situation with that plugin led to us putting together a new system to help to better address the possibility of that for plugins being used by our customers.

When updates are released for plugins used by our customers that in are the WordPress Plugin Directory, we now install and activate the plugin in a test environment. When then make requests to the homepage and the dashboard. If a fatal error or lesser PHP error type occurs, that will get detected through several methods. We will manually review those and then try to assist the developer in fixing those.

This won’t catch all issues, as errors could occur with things we are not testing or only with additional parameters in play, but the problem with the plugin mentioned above isn’t the first time even in default state an update to a popular plugin has caused a fatal error.

We are assessing additional tests to run and possibly creating plugin specific tests for certain plugins. Customers particularly concerned about certain situations with plugins can reach out to us to suggest additional testing to incorporate.

It would be better if this type of testing was handled by WordPress and before updates are released, but the team running the plugin directory and the leadership that empowers them has been indifferent to hostile to efforts to address problems under their purview. If the team running the plugin directory wants to work  constructively with others to address this situation (or others they has so far refused to address) we would be happy to assist them. If the leadership was interested in working to address the problematic team, we would be happy to help with that as well.

WordPress’ Confusing PHP Recommendation

As part of putting together the system, one big question we had was what version of PHP should be used. One option would be to use the latest version of PHP, that would make sure that issues for customers on the latest version of PHP would be caught. One problem with that is that even one of the most popular plugins, Elementor, which has 10+ million installs, causes multiple lesser errors with PHP 8.4. That is despite it being released in November. (Elementor has a lot of problems, especially with security.)

One option is for us to not decide ourselves, but to use the most recent version that WordPress recommends. That turns out to be a problem, as a recent announcement from the WordPress Hosting team says PHP 8.2 and 8.3 are recommended for WordPress 6.8, but goes on to say WordPress is “beta compatible with 8.3 and 8.4.” According to them, beta support “means that WordPress Core is working towards full compatibility with that PHP version, but there may still be some issues that are in the process of being resolved.” We don’t know why understand why WordPress would recommend a version of PHP that WordPress isn’t fully compatible with.

For the time being, we are testing with PHP 8.2 as that is the latest version of PHP that WordPress is supposed to be fully compatible with. Expecting plugin developers to be fully compatible with a newer version seems to be asking too much of them. But we are continuing to assess things. If customers would like us to test with a newer version, get in touch with us.