[wp-hackers] wp security and upgrading

Ozh ozh at planetozh.com
Mon Jun 29 13:31:56 GMT 2009

> is it reasonable to say that upgrading (at least from 2.7/2.7.1) is down 
> client preferences, especially given the many other steps one could take 
> improve security besides keeping the WP version up to date?

I would still advise client to always upgrade.

For instance, after 2.8.1 comes out, if there's a new exploit around that 
comes up and leads to a 2.8.2, I think the average Joe would be more 
scared with going straight from 2.7 to 2.8.2 than simply upgrading as new 
versions come out.

Also, a lot of people think you have to upgrade to every version one after 
the other, ie if you want to go from 2.7 to 2.8.2, you have to upgrade to 
2.7.1, then 2.8, then 2.81, then 2.82, imagine how cumbersome that is for 
those people.

Finally, the problem I see with letting this up to the client's decision 
is, how will they react if something breaks? For instance, most themes 
using ui-tabs broke with 2.8 because of a change in jQuery UI. Will the 
client assume it's because of something in WP? of something related to 
your previous work with them?

When the user interface doesnt radically change as it did with 2.5, I 
would always suggest to keep all things up to date.


More information about the wp-hackers mailing list