[wp-hackers] wp security and upgrading
ozh at planetozh.com
Mon Jun 29 13:31:56 GMT 2009
> is it reasonable to say that upgrading (at least from 2.7/2.7.1) is down
> client preferences, especially given the many other steps one could take
> improve security besides keeping the WP version up to date?
I would still advise client to always upgrade.
For instance, after 2.8.1 comes out, if there's a new exploit around that
comes up and leads to a 2.8.2, I think the average Joe would be more
scared with going straight from 2.7 to 2.8.2 than simply upgrading as new
versions come out.
Also, a lot of people think you have to upgrade to every version one after
the other, ie if you want to go from 2.7 to 2.8.2, you have to upgrade to
2.7.1, then 2.8, then 2.81, then 2.82, imagine how cumbersome that is for
Finally, the problem I see with letting this up to the client's decision
is, how will they react if something breaks? For instance, most themes
using ui-tabs broke with 2.8 because of a change in jQuery UI. Will the
client assume it's because of something in WP? of something related to
your previous work with them?
When the user interface doesnt radically change as it did with 2.5, I
would always suggest to keep all things up to date.
More information about the wp-hackers