Why You Should Upgrade

If you read this blog regularly (or even semi-regularly) you will know that I recommend upgrading



WordPress whenever the dashboard tells you to.  Quite apart from grabbing the latest features built into the latest releases, you also pick up any patches and security updates.  If internet history tells us nothing else, it tells us that sites that aren’t serious about security end up getting taken over.

It seems that there is a site offering a seemingly legitimate version of WordPress.org which is actually a backdoored version.  Which is a bit cunning and a lot malicious.  So what can you do to protect yourself?

Firstly (and most importantly), only ever get your copy of WordPress from the official WordPress sites: WordPress.org (for the single blog edition) or WordPress MU (for the multi blog edition).  Being the real deal, WordPress will only offer the genuine article and will not knowingly make you install software that will trash your system or will leave you open to attack.  And they will patch when they know about a bug or security issue.  Other sites may seem faster or better somehow, but the only way to be sure that you are downloading the genuine version is to go to the official sites.

Next, themes and plugins.  If you want to be completely secure, you will only go via the WordPress plugin page and theme page.  I have a small issue with this: the theme page has a limited selection, from memory I found this theme after going to the theme directory.  With plugins, I tend to start from the plugin directory and then navigate to the plugin’s web location – that way I get the latest version and access to any more documentation.  The natural caveat on this, though, is that you navigate away from the tested versions at your own risk.

If you do not understand what a non-official patch or hack does, don’t use it until you have run it past someone who does.  Personally, I know enough to be dangerous and know that tweaks I have applied will only, at worst, give me a blank page if they fail.  The WordPress.org support forums are a good place to go to if you need help – in fact, this is a good rule to follow for any computer changes.  I would also advise taking a backup of the site to ensure that if anything does go horribly wrong you can still roll back the changes.

None of this is rocket surgery (or brain science).  Stick with the official releases and upgrade when the message appears and you are making yourself as safe as you can be.  If you fail to follow the advice and you do get compromised you only have yourself to blame.


Posted on 7 November, 2008, in Blogging/WordPress, Computer Stuff and tagged , , , , , , , . Bookmark the permalink. 25 Comments.

  1. I saw this news too. It’s a pity, because I’d been toying with the idea of taking WordPress and bundling a theme and some of the most popular plugins and offering that as a download – ie a streamlined experience for end users so they don’t need to find the plugins themselves. I guess that idea is dead in the water now… 😦

    Steve@Jobs In China´s last blog post..JobsInChina.com Brings You … Jobs In China

    • It would be a good thing, but I would rather provide links and instructions than a whole package – that way you get the current versions and if there are issues with the software it becomes someone else’s problem! Using your idea, if there was, say, a major security hole in a plugin (because your version was out of date, for example) and someone gets compromised, your name and reputation would be dirt. As well, keeping your image up to date would be a bit of a pain as you’d need to guarantee that the theme worked as it should and that all plugins worked together nicely. And then you’d be sen as the support person for it. Far better to link to the official downloads and explain how to make it work.

  2. I’ve always been against upgrading, but after reading this, I am considering doing it, maybe even today. Thanks for the heads up on all the security stuff.

    Justin@Airsoft Rifles´s last blog post..New G&G Products Added

  3. I usually make upgrading but do it reluctantly. There are some modification in the theme I used and I can not be completely sure that next versions of some pluging is secure and does not contain vulnerabilities.

  4. As a newbie I am constantly worried about these things. I sincerely hope that the back up function my host offers will cover everything should a problem arise.

  5. Isn’t there a way to upgrade multiple WordPress blogs at one time? I guess that’s my main reason for delaying on upgrading WP blogs. I thought I had read at one time that this is possible, but not sure over multiple servers.

    Brian´s last blog post..How To Make Brown Sugar

    • There is an SVN upgrade which gives you a full upgrade with a few keypresses. If you do have multiple blogs, WordPress MU may be the way to go – one instance of WP but multiple sites and domain names.

      Ray´s last blog post..Why You Should Upgrade

  6. I didn’t realize that updating WP could increase security. Thanks for the heads up.

  7. I too have delayed due to multiple blogs – I’ll be looking into the MU option so thanks for that

  8. I should upgrade now. Thanks for the reminder!

  9. Real men/women don’t upgrade. They take more risks! 😉

  10. I must say I do not upgrade whenever it says as plug ins I love to use often cause issues. Ok this is no excuse.

    One of my blogs I had found out it was hacked by coming across it in the search engines. had I not seen it there I would never have known. It took a long time to recover from that as Google had branded it a bad network.

    Had I updated (which I have now on this) then this issue would not have occurred so be very aware of this.

    • A cautionary tale! It is inconvenient and in the past I have had to replace plugins which were incompatible with the upgrades. I would rather have the inconvenience than have to recover from a compromise though. Glad to hear that you’ve recovered now.

      Ray´s last blog post..Why You Should Upgrade

  11. Been hacked, learned my lesson, now upgrading and also backing up, all with plugins.

  12. I suppose this is the one job we all hate, but just have to do. The security issue is really crucial. Thanks for bringing it to your reader’s attention again. Good post.

    Rika Susan’s Home Security News´s last blog post..Rustic Or Venetian Bronze Bathroom Light Fixtures? 7 Tips For Top-Rated Choices

  13. well mine to make a lot of ease in updating the site, I usually use auto-update plug-in. Do you think it’s secured and ok for me to use it instead of using the normal upgrading procedures? IMHO, i did not find any problem using the said plug-in.

    • As far as I am aware, there are no security issues with using that plug in. Just make sure that you keep it updated and you will be as secure as you can be. I do manual updates simply because they are quick.

  14. Great call on the upgrading. I’ve actually go a blog to do right now. Have you ever tried the automatic upgrade plugin for WordPress? It’s actually been quite the time saver for me. It will even handle the backups.

    aaron@akc pet insurance´s last blog post..AKC Pet Insurance

  15. I have just upgraded to the newest version 2.6.5 which came out today.

    I use the Automatic Upgrade Plugin because it makes life so much easier

  16. I have just upgraded to the 2.6.5 using the automatic upgrade plugin. It made my autoblog plugin post the same story 80 times but I have resolved that small issue.

    • Thanks for that – you just prompted me to check my dashboard and upgrade. Being totally street, I ssh’d into the server and did it all by hand 🙂

  17. It is bettet to upgrade. Due to sucruity reasons… No one want to be hacked.

    Lamborghini´s last blog post..What About Forex?

  18. Update often sucks, WordPress has so many updates coming before you'd even install the previous upgrade … Thankfully they have automatic upgrade in versions 2.7 and later which saves the hassles of manually uploading upgrade files on the server. So, now I can safely say, do upgrade .. its great.

%d bloggers like this: