Following my 2-year hiatus and the post last night, I was mentally prepared to go back and forth with the theme review team a few times on the approval of the latest version of Suffusion. Surprisingly, though, version 4.4.8 of Suffusion got approved within a few hours of submission!
Here is the gist of changes:
- Removed Features:
- Removed inbuilt custom post types functionality (multiple plugins exist in this area).
- Removed inbuilt shortcodes – The Suffusion Shortcodes plugin, with the exact same functionality has existed for a while now.
- Removed call to deprecated constructor WP_Widget
- Removed OpenID support (external plugins exist)
- Removed SEO plugin-like features from theme. This is what I alluded to in my previous post.
- Added Features:
- This is the only true addition: The
gallery post format has been improved to consider scenarios that I hadn’t considered earlier. This is, in part, due to the enhancements that WP has made over the years to the
- A couple of zero-impact additions: I added a required CSS class for accessibility, and theme support for
title-tag. This was necessary to get the theme to pass the checks.
- Changes and Fixes:
- Updated the theme to use latest WP features.
- One of the guidelines that was preventing me from changing the theme was how I used to save options (upon activation). So this time I bit the bullet and changed the functionality such that changes are saved only when you explicitly save options.
- I sanitized the call to echo($_GET[…]) in the backend.
- There was an issue and its fix outlined by Drake here. I put this in the theme.
I did notice some questions on the forums inquiring about script vulnerabilities, so I wanted to spend some time talking about it. The WordPress team takes security and vulnerabilities very seriously, and they have methods to track down themes with security holes. Now, Suffusion itself doesn’t use any third-party PHP scripts. Around 5 years back I had TimThumb, which I replaced with WP’s native resizer. Incidentally, several months after my making the switch, a severe issue was detected in TimThumb, and every theme on the theme repository that used TimThumb was suspended till the author changed it. Suffusion escaped the axe, because I had already taken care of this earlier. Then later, WP found an issue in one of its own functions. So it went after every theme that was using that function on a page facing the public. This was pretty recently, and again, Suffusion escaped the axe.
The point of saying the above is, Suffusion is in a pretty stable state, and the only cases when I have to change the theme are when a vulnerability has been discovered in it (which, touching a lot of wood, hasn’t happened), or if some new WP functionality has broken Suffusion code (which caused me to release version 4.4.7). In either of these cases, I am very quick to respond, since the theme’s massive user-base gets affected if I don’t.
WP also has a policy of removing themes older than 2 years from the search results. This doesn’t mean the theme has vulnerabilities – it only means that the theme has functionality that might not now be compatible with WordPress. You can always still get to the theme directly from WP through the theme’s URL (it is only eliminated from the search results). WP truly removes a theme only if it has security vulnerabilities, violates GPL or copyright laws, or has its developer put in a request to kill the theme.
Hope you have no issues with working the theme!