Older WordPress Versions Are Insecure

Image via CrunchBase

I have said this many times before: UPGRADE WORDPRESS WHEN PROMPTED.  This one is in the style of “beating you about the head and body and then caning you across the eyeballs“.  Why?  Because a hack has been discovered that makes your older, more stable, more comfortable WordPress.org install very insecure and really you may as well make the password Pa55w0rd – because your older version can and will be pwned.

Now that I have your attention….  Go to Lorelle‘s site, Robert Scoble‘s site and the WordPress Dev Blog to see details of this new exploit.  If you have version 2.8.4 (like what I do), you are more secure.  As well as upgrading, remove the default admin account and create a new one (reverse order, is good on that one), check for phantom admin accounts and make sure you are using a strong password.  There are other things to do, but that will keep you going for now.

I regularly get comments such as “if I upgrade it breaks all my plugins”, “my theme doesn’t work if I upgrade now” and so on.  You now get to make a value judgment: if you don’t upgrade you could end up no longer owning your blog vs giving up or changing a few plugins or a theme.  Which of these is the worst case scenario for you?

Upgrade now. You know it makes sense.