WordPress 3.7 – What to Know Before Upgrading

WordPress 3.7WordPress has announced the release of WordPress version 3.7, which boasts some of the most notable changes in recent memory. However, before you are too quick to hit the “update” button, here’s what you need to know about this release.

Back Up Before Upgrading!

Above all else – back up your site before upgrading. Of course you should always perform a backup before an upgrade, but this is especially so with this new release. There have been numerous reports of sites crashing or “going blank” after this release. Though some reports of upgrade issues with any release aren’t uncommon, I am hearing more reports of “white screens” than usual. Please let me emphasize, though: most people will be able to upgrade with no problems (all of our sites upgraded with no problems), but always good to be safe. Worried about your upgrade? You’ve got options.

  • Perform a manual backup in BackupBuddy and be sure to save it to your remote destination, or download a copy of the backup. While it won’t prevent a site outage from upgrading, it will assure a clean copy to restore from quickly if there is an issue. Don’t have BackupBuddy? We very highly recommend it!
  • Contact us to handle your backup and upgrade for you. If you are a Virtual Webmaster client, your maintenance is covered under your plan. If you are not a current Virtual Webmaster client, we have several plans to choose from, or contact us for an a la carte Backup & Upgrade package.
  • Hold off upgrading until 3.7.1 is released. Many WordPress professionals routinely wait for the x.x.1 version of a WP release before upgrading, as any bugs discovered in the major release are typically repaired by the first minor release. The first minor release usually comes out a few days to a week or so after the major release. Yes, not having the latest version of WordPress can pose a security risk for which you can check the link, so that you can weight your risks and decide which is the better plan for your site and hire the most suitable professionals to protect your site from hackers. (we think it’s OK to hold off for 3.7.1).

New Features to Understand

For true WordPress aficionados, you can read the official Version 3.7 release notes from the WordPress Codex. For our clients, there are only three features that may even be noticed.

Automatic Updates

By far, this is the most notable change to be made in WordPress in some time. With this change, minor releases of WordPress will be upgraded without any intervention from the site owner or administrator. We thought it was cool when one-click upgrades replaced manually uploading and unpacking updates… but not having to do anything? That’s about as simple as it gets. But… what about backing up before upgrading, my savvy website owners ask?

That was the first thing I asked a couple of months ago when word got out that automatic updates were coming. But the distinction to be made here is that only minor upgrades will be automatically performed (i.e., 3.7.1 to 3.7.2, to 3.7.3 but not 3.7.3 to 3.8). Minor updates do not introduce new functionality or features; they are released to fix bugs and patch security issues. Minor releases very, very rarely cause site performance issues; but not upgrading versions with security patches can and do pose significant site security risks. For that reason, we are on board with WordPress’s recommendation that automatic updates not be disabled (which can only be done by modifying core files – it’s not a setting that can be controlled through the admin panel). You will still need to manually upgrade (or contact us to upgrade for you) for every new major release, though.

Even though you won’t realistically be able to back up your site immediately before each minor release, it’s a good idea to review your BackupBuddy settings to be sure your site is being backed up at an appropriate interval based on how frequently you update your site. Just in case.

Updated Password Strength Meter

Another new feature targeting improved security for WordPress is the updated password strength meter. Most of our clients won’t even notice this new feature unless you routinely add new administrators or users to your system. But for our clients with membership systems, or for our diligent users who regularly change their password, you may notice that your password is rejected if you try to use “password” or “1234567” or common patterns such as names, dates or even pop culture references. I’ll admit – I tested ten passwords that I use or similar to those that I used, and all were returned as “weak” or “very weak!”

Why does this matter, you may ask? Who would want to hack your site and post graffiti on your site? It’s not that simple. Malicious intruders to websites (WordPress or otherwise) aren’t looking to deface your website, but rather gain access to what could be sensitive data on your web server or other websites hosted on your server. Brute force attacks target sites for this purpose. In the case of WordPress websites (or any website powered by a CMS), there is already a handy portal to provide hackers access to the back end: the login screen. If a hacker can crack your username and password, they may be able to gain access to your files or, depending on your hosting configuration, files elsewhere on your server. So before you roll your eyes that you now need to come up with an even harder-t0-remember password, think of how much more of a PITA it is spending hours or money to restore a hacked site.

Improved Search Function

Have you ever tried using the default search function on your blog or another WordPress blog? For as much as I love WordPress, I have to concede the search was pretty pathetic. It rarely returns what I expect it to — so much so that at the Webscaper we often didn’t even implement a sitewide search except for the largest sites. Many WordPress site owners choose a custom Google search function instead, but I never much liked that solution, either. With 3.7, WordPress is promising much more relevant results for sitewide search inquiries. I have not yet extensively tested this (it’s hard to do without duplicate sites running 3.7 and a previous version), so I’m not promising angels to sing and stars to twinkle when you use it, either. But WordPress claims that now search results will return based on relevancy, rather than by date as was the default thus far.

Now, search will examine the keyword or words that you are searching for, and return results based on how relevant the keyword(s) are to the results being matched. Phrases (or post titles) keyed in will now match a post with the same phrase or post title first, even if the post is three years old. If there is no word for word match in the phrase, WordPress search will then try to match occurrences of matches of all keywords within titles, any keywords within titles, then all keywords within post content. Search results should then fairly accurately return lists of posts and pages that are far more relevant for the terms being searched for. It’s still not Google-smart, but it is a significant improvement, especially for larger websites and blogs.

Other Improvements

Automatic updates, stronger passwords, and improved search are the three features that will apply to the majority of WordPress site owners. As a major release, however, there were many more improvements and bug fixes made “under the hood,” to ensure that WordPress keeps evolving and adapting, earning its place as the most powerful CMS in the world. For more information, see the official WordPress release announcement, or the full list of development changes.

Then get ready for the next major release, version 3.8, already set for December!