Abandoned?
-
Word Fence security plugin told me today:
“Issue Found:
The Plugin “bbPress” appears to be abandoned (updated November 29, 2021, tested to WP 6.3.2).
Type: Vulnerability Scan”Is this true?
-
it continues to work fine – no need to panic at the momemnt
It doesn’t seem to be compatible with later versions of PHP, but some of my other plugins are not compatible with my site’s current PHP version. Will this ever be updated?
I found another forum topic from 2017 (!!) that bbPress wasn’t compatible with PHP 7.1 and it said there that the next version will fix that. It doesn’t seem to have fixed it…
What now?
In share your frustration, but bbpress 2.6.9 works with PHP 8.2.x
If some of your other plugins are not compatible with 8.2 then you probably need to be pushing for those to be compatible, rather than bbpress needing to be compatible with no longer supported and possibly insecure older php versions.
What plugins are causing issues ?
Admittedly I am not a developer and don’t know much about PHP, but I am using a PHP compatibility plugin before upgrading my site and this is what it shows for bbPress:
image doesn’t show – what compatibility plugin are you using?
Thank you @robin-w for your kind answer. I appreciate your time to look into this question and your diligence in answering people’s questions. It seemed this topic went in a different direction than I was expecting/asking, but perhaps I’m misunderstanding everyone’s answers? According to the security plugin WordFence documentation on their knowledge base it says the issue with bbPress is:
Plugin appears to be abandoned
This scan result means that a plugin has not been updated in 2 years or more. This can be a problem because it means that the plugin author has not made any changes for a long period of time. Sometimes that means it will not be fully compatible with newer WordPress versions, reported bugs may not be fixed, and new security issues might not be addressed.The scan result also shows if this plugin has a known security issue that has not been fixed. If that is the case, it is recommended that you remove the plugin as soon as possible, and replace it with a different plugin if you need the same functionality.
There are two types of alerts for abandoned plugins, “Medium” and “Critical”. An abandoned plugin will generate a Medium alert. If the plugin also has unpatched security vulnerabilities, the scan result will be Critical. Plugins that are abandoned should be evaluated in terms of what risk they may pose. Unless you know that the code in the plugin is safe, you should start looking for a replacement. Plugins with unpatched vulnerabilities should always be removed.
When I read this guideline from WordFence and look at the bbPress website, as well as reading what WordPress says about it and what information about bbPRess displays inside my dashboard of the install, I’m not certain which instruction to follow. Should I consider it abandoned? Well, someone came here and answered my question named moderator and other people also visited this thread and commented who seemed to assume my question was a PHP compatibility question (i don’t know, is my question a PHP compatibility issue i’ve yet to discover?) so if people are actively reading a support thread that’s not “abandoned” in the sense people are here interacting still. But abandoned where coders who are behind the coding of bbPress watching developments and using the best security practices and applying them? I’m not certain and am not sure how to decide that info without posting again to ask. As a non-coding person I have no way of knowing without asking.
Is bbPress still in development, being monitored and updated by careful coders who look over it, or is the core code maintenance abandoned with some core enthusiasts who are still using it here interacting but not coders who know what’s what in the code? Unfortunately, I don’t read code. I am not a coder. So i have no way of knowing.
I am just a moderator here, and not a bbpress author.
The authors tend to release updates every few years, rather than more frequently.
My personal view is that you should consider bbpress to be a ‘mature’ product, ie any releases will be to fix issues rather than add functionality.
bbpress is written really well, and has loads of hooks. There are no show stopper bugs in it, it may throw a few deprecation notices (and these are very few at the moment), but WordPress recommends that you should not show error messages in live sites.
I currently have my test site running WordPress 6.4.x and php 8.2 with no issues.
The only major issue with bbpress at the moment is that it does not work well with FSE themes.
However my bbp style pack plugin has fixes for this
as well as block versions of the widgets and a ton of styling and functionality add-ons.
All plugins are subject to the authors commitment, and bbpress is no different.
The main WordPress support forums use bbpress, and it would be mega work to move those over to some other product.
The Wordfence warning is one that is automatically pumped out when a plugin reaches certain parameters. I love Wordfence and use it on all my sites, but these ‘catch all’ warnings can alarm people when they do not need to.
But with open software you make your choices….
Perfect! Thanks so much, @robin-w for sharing your thoughts. The “Mature” plugin sentiment echos my thinking exactly, but I wasn’t 100% certain so I figured no harm done with asking. Thinking of the “mega work” to move from bbPress at our own site was behind my post! So appreciate your reply. It is good too having this thread available for anyone else with WordFence researching the same message. Thank you too for the warning about the theme choice(s). Good to know! I think I’ve already run across this issue.
great – glad to have helped – have a great xmas
This is great question and answer. Thank you Robin. I’m always impressed by the care and time you give to the WP community! @swiss_cheese, I highly recommend that you give “bbPress Style Pack” a try. It has so much functionality, that it can seem a little overwhelming. But just try a little at a time, until you get the gist.
Prevention is better than cure. Why cant the authors simply address the tested up to values etc in the text files and push an update? This will stop those warnings.
To understand that you need to understand that bbpress is a sister project to WordPress.
Wordpress development (and therefore bbpress development) is funded by
1. the commercial arm of wordpress – Automattic
2. Donations and sponsorship from paid plugins and theme organizations who have a commercial interest in ensuring that WordPress continuesAt the moment no-one is sponsoring bbpress development, so no developer is currently being paid to maintain it.
Hence no-one is updating even the tested to value.
You could write to the board of wordpress.org, but beyond that not much we can do – I have tried !
- You must be logged in to reply to this topic.