This is a guest post by Jeff Chandler of Jeffro2pt0.com.
Over the past few days, news of a possible multiple SQL injection vulnerability in WordPress 2.5 was spreading across the WordPress community like wildfire. However, Matt Mullenweg has published a post which puts our fears to rest in that the bulletin was falsified. Matt’s post also contains a wide assortment of helpful information in regards to why you should upgrade your version of WordPress to the latest stable release. One of the more interesting portions of his post discusses the most common reasons Matt finds as to why people don’t upgrade their WordPress installation.
- I’m scared something will break, or I don’t know how. Ask a friend to help or hire a professional on the aforementioned wp-pro list. Long-term, try to use a plugin like WPAU or a host that will do upgrades.
- One of my plugins doesn’t work with the new version. This is getting rarer as we have a very public testing cycle for plugin authors to try their stuff with the latest version, but still common. I would suggest checking for an upgrade to the plugin on the author’s site, contacting the author about the incompatibility you found, maybe even donate some money, or finally search for an alternative plugin that provides similar functionality but works with the latest and greatest version of WordPress. In the big picture, though, having a secure site is much more important than the functionality of a single plugin, so you should seriously consider turning off a plugin for a few days instead of putting off core upgrades.
- I don’t like the new version, they moved my cheese. We believe every new release is better, but sometimes people just aren’t comfortable with a change, which is fine. The good news is that we constantly improve things based on feedback, including interfaces, and that more importantly for almost everything you can imagine annoying you there is a plugin that changes it. For example in 2.5 the page is fixed-width to allow for greater readability, but there’s a plugin to make it stretch to the full width of the window.
- I modified core files, so upgrades are hard. You should never ever modify core files in WP. If you find you have to, file a ticket for a new hook or filter so your modifications can be a plugin — it makes things so much easier.
- Upgrades are too frequent. If it takes you more than 5 minutes to upgrade your blog, you’re doing it wrong. Historically we do a major release about 3 times a year, and a minor release about once a month. Minor releases almost never break anything, so they are the easiest. (And often the most important.) WordPress is fast-evolving software, so this is a good problem to have.
- I don’t know when there’s an upgrade. No excuses here. Since 2.3 we include a big honking notice at the top of your dashboard when there’s a new release available. It’s also worth subscribing to our dev blog, it’s not like it’s going to flood your RSS reader.
You can check out Matts post here and rest assure that so far, WordPress 2.5 is still safe to use.