My client wants me to code WP plugins so that they support WordPress 2.7 and higher instead of WordPress 2.9.2 and higher. He tells me this on a very tight deadline after countless thousands of lines of code have been written.<p>Please help me deflect this. I need to show him just how vulnerable a WordPress 2.7 install is, and why 2.9.2 or higher is necessary. I need to show him that perhaps jQuery might not even work if we don't have greater than 2.7, and we rely a good bit on jQuery.
Here are some hard facts I have found out:<p>A query on "wordpress 2.7 vulnerability" shows 29,000 results while "wordpress 2.9.2 vulnerability" shows 11,800 results.<p>WordPress 2.7 was released back in February of 2009 -- we're a year and half practically away from that time.<p>There's nearly 3 times as many vulnerabilities with WordPress 2.7 as WordPress 2.9.2.<p>There were a total of 2,181 bugs/problems/issues/concerns that were closed between 2.7 and 2.9.2.<p>There were also several jQuery differences between 2.7 and 2.9.2 which could make jQuery functions fail.<p>Here are all the bug reports filed between versions 2.7 and 2.9.2:<p>Starting from 2/10/2009 when 2.7 was out:<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.7" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>672 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.7.1" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>74 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.7.2" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>43 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>786 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.1" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>54 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.2" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>1 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.3" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>5 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.5" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>14 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.6" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>2 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.9" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>505 bugs/problems/issues/concerns<p><a href="http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.9.1" rel="nofollow">http://core.trac.wordpress.org/query?status=closed&group...</a><p>25 bugs/problems/issues/concerns
Hey Mike,<p>That looks a little late in the process to start arguing with a client about something that should habe been part of the spec from the beginning. Funny, I <i>just</i> posted a link about that: <a href="http://news.ycombinator.com/item?id=1376083" rel="nofollow">http://news.ycombinator.com/item?id=1376083</a> , but that isn't going to help you much.<p>Khao advises you to google, I'd second that, with the addition that maybe it would be best if you confined your searches to reputable news sites, that usually carries a lot more weight than a few numbers.<p>That way you can let others with authority speak for you, and hopefully they'll make a more compelling case.<p>If there is a really good reason why the customer wants to do it their way on their servers, maybe you could offer to host it on your servers to get past the deadline, cut you some slack and then after the deadline you'll help analyzing the situation with respect to backwards migration.<p>In my experience, temporary solutions are amongst the most durable things in software.<p>best of luck!
Search for "wordpress 2.7 vulnerability" on google : 369k results
Search for "wordpress 2.9.2 vulnerability" on google : 11k results<p>It might show him how dangerous it is to use an old version of Wordpress. It's like using windows XP with Internet Explorer 6
Firstly, explain that there is not enough time.
Then, estimate the testing effort and show them.
Then suggest a revised timeline.
Be as professional as possible.