[wp-hackers] WordPress security question
Brian Layman
wp-hackers at thecodecave.com
Tue Jun 5 16:42:26 UTC 2012
On 6/5/2012 12:02 PM, Patrick Laverty wrote:
>> One of the most disturbing bits of advice I heard recently is that if you
>> use a custom theme, you shouldn't update wordpress. I'm sure what the
>> speaker meant was to work with your vendor to make sure that WP and all
>> plugins and themes stay up to date.
> Yes, that is disturbing. I think what that person ran into was a core
> upgrade broke his theme, so he blamed core. If you are going to write
> custom themes and plugins, you do need to check those things before
> you go live. Maybe a core upgrade breaks your custom theme and
> plugins, but that just means they need to be fixed.
>
> I can't think of a legitimate reason to *not* update core when it has
> security fixes. Maybe if it only has functionality additions that are
> not security related, I could see that, but never avoid an upgrade
> that has security fixes.
I wish it was that simple. A large number of people are simply scared
to upgrade - so they don't.
It's a common mentality. All of us who have/participate in a local
meetup, you should bring this up a few time each year to correct the
misconceptions.
Brian Layman
More information about the wp-hackers
mailing list