Client Wants Me To Support WordPress 2.7??

5 points by volomike ↗ HN
My client wants me to code WP plugins so that they support WordPress 2.7 and higher instead of WordPress 2.9.2 and higher. He tells me this on a very tight deadline after countless thousands of lines of code have been written.

Please help me deflect this. I need to show him just how vulnerable a WordPress 2.7 install is, and why 2.9.2 or higher is necessary. I need to show him that perhaps jQuery might not even work if we don't have greater than 2.7, and we rely a good bit on jQuery.

7 comments

[ 3.0 ms ] story [ 33.5 ms ] thread
Search for "wordpress 2.7 vulnerability" on google : 369k results Search for "wordpress 2.9.2 vulnerability" on google : 11k results

It might show him how dangerous it is to use an old version of Wordpress. It's like using windows XP with Internet Explorer 6

Hey Mike,

That looks a little late in the process to start arguing with a client about something that should habe been part of the spec from the beginning. Funny, I just posted a link about that: http://news.ycombinator.com/item?id=1376083 , but that isn't going to help you much.

Khao advises you to google, I'd second that, with the addition that maybe it would be best if you confined your searches to reputable news sites, that usually carries a lot more weight than a few numbers.

That way you can let others with authority speak for you, and hopefully they'll make a more compelling case.

If there is a really good reason why the customer wants to do it their way on their servers, maybe you could offer to host it on your servers to get past the deadline, cut you some slack and then after the deadline you'll help analyzing the situation with respect to backwards migration.

In my experience, temporary solutions are amongst the most durable things in software.

best of luck!

> "That looks a little late in the process"

I made some assumptions unfortunately. Now if he makes me also have to support PHP4, I'll hang myself. (Not really.)

> I made some assumptions unfortunately.

Yes, been there, done that, have several t-shirts.

Live and learn. That's one mistake you won't be making again (for a while, at least). But it still sucks to be in this situation.

> Now if he makes me also have to support PHP4, I'll hang myself.

Please don't do that. However if visual basic is mentioned then you might have to go through with that, but I'd suggest hanging the client instead. It's rude, not good for business but it drives home the point ;)

In my experience, with some man-to-man (or whatever the applicable genders) talks you should be able to work it out, if the customer can be brought to your side of the table then you've solved it. One way of achieving that is to move to their side of the table, and make a list of the consequences, and have them agree - preferably in writing, an email will do - that they take responsibility for any consequences of doing it 'their way', and that any work over and beyond the agreed upon will be billed separately.

That might make them a lot more amendable to reason.

Firstly, explain that there is not enough time. Then, estimate the testing effort and show them. Then suggest a revised timeline. Be as professional as possible.
Awesome idea. This one might work.
Here are some hard facts I have found out:

A query on "wordpress 2.7 vulnerability" shows 29,000 results while "wordpress 2.9.2 vulnerability" shows 11,800 results.

WordPress 2.7 was released back in February of 2009 -- we're a year and half practically away from that time.

There's nearly 3 times as many vulnerabilities with WordPress 2.7 as WordPress 2.9.2.

There were a total of 2,181 bugs/problems/issues/concerns that were closed between 2.7 and 2.9.2.

There were also several jQuery differences between 2.7 and 2.9.2 which could make jQuery functions fail.

Here are all the bug reports filed between versions 2.7 and 2.9.2:

Starting from 2/10/2009 when 2.7 was out:

http://core.trac.wordpress.org/query?status=closed&group...

672 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

74 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

43 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

786 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

54 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

1 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

5 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

14 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

2 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

505 bugs/problems/issues/concerns

http://core.trac.wordpress.org/query?status=closed&group...

25 bugs/problems/issues/concerns