[wp-hackers] wp security and upgrading

Jake McMurchie jake.mcmurchie at googlemail.com
Mon Jun 29 12:49:43 GMT 2009

Hello wp-hackers. I'm not sure if this list is the right place for this
question so apologies if this is off-topic (and will be grateful for
appropriate redirection)...
In the past I have always advised clients to upgrade Wordpress on the basis
that upgrades usually include fixes for security vulnerabilities and this
will counter-balance any work required to upgrade themes, plugins and other
(frequently bespoke) customisations. However, I have a sense that this
balance has shifted - no security vulnerabilities have been made public with
2.7/2.7.1 (that I'm aware of) and 2.8 has not been advertised as a required
upgrade for security purposes. If this is correct then full credit and
congratulations to the WP team :-)

Given that there's a time/cost implication for upgrading, that the new
features of a new version may not be required, and that additional work may
be required to adapt customisations to changes in the codebase and database,
is it reasonable to say that upgrading (at least from 2.7/2.7.1) is down to
client preferences, especially given the many other steps one could take to
improve security besides keeping the WP version up to date?

Many thanks in advance.


More information about the wp-hackers mailing list