WordPress (or Mashable) Users Can’t Be This Stupid? Can They?

Naive I’ve just seen Mashables post about a security exploit that exists in older versions on WordPress, versions prior to 2.8.4, and how imperative it is that you upgrade your self hosted WordPress immediately. Of course the post is getting a lot of attention across the interwebs and on sites like Twitter.

Like what I hope are the vast majority of WordPress users, I shrugged my shoulders and paid very little heed to it as it’s only a concern for installs older than 2.8.4. We’re running WordPress on all but one of our 9 sites and like most people we upgraded to 2.8.4 as soon as it was released and always upgrade to the newest release straight away.

The only thing that ever stops us upgrading immediately is if there is a conflict with one of our plugins which we set about fixing straight away and then upgrade ASAP.

After all, WordPress is like any other piece of software. It may run on your server or webhost but just like your windows installation it requires regular updating for stability, speed and security improvements.

Unless you have a very specific reason not to (other than you are just too lazy to upgrade your plugins or theme), upgrading to the latest version is always a must.

Anyhow, I was calling WordPress users stupid wasn’t I? Or was that Mashable readers? Actually it’s the segment of WordPress users who commented on Pete Cashmores post today, who obviously failed to comprehend the article and have issues with the most simple of advice! Upgrade Now!

Here’s some examples for your amusement:

image Σχολή Χορού That’s really annoying. I have some blogs about dancing with very personalized themes and who knows what will happen if i upgrade.

You’ll get hacked and all your pretty personalized themes will disappear forever.

happymind how do you upgrade ??????

See the button that says “Upgrade Automatically” – Click it! When was the last time you logged in to your WordPress Dashboard?

Mitzi Szereto yeah, but everytime i log in, i see that the NEW version has holes in it, and they have to keep fixing it. so frankly, i am not sure i trust it. nor i am sure i trust that it won’t screw up my entire site.


i’m still on 2.7.1 – should i leave it the hell alone? please advise.

Yes, they’re called fixes. Your old version probably has all the vulnerabilities and more of the new versions. They’re fixing the problems as they find them. As for you still being on 2.7.1 – Is it really that hard to comprehend –“Upgrade Now!”. Tell you what, stay on 2.71. Can’t wait for lazy people like you to start bitching about WordPress security when you get hacked.

imageronaldredito This is annoying! Can anyone pinpoint who is behind this?

Yes, it was Barrack Obama! It’s a plot to take over the world by brainwashing everybody through plugins that have been covertly installed in WordPress blogs, which then send subliminal suggestions to everyone prompting them to elect him in for another 4 years and agree with all his policy decisions. And the WordPress dev team are going to just start taking out people like him instead of ever working on security updates. Assassinating random people  is much more cost effective and less disruptive to the WordPress user base than pushing security releases.

image Arthur Wilkie And this is why I use Blogger…

I’m really, seriously praying that was sarcasm Arthur :)

imageachernow Already did the upgrade apparently.

Maybe the hacker did it to prevent any more hackers taking control of your WP? Sheesh, how could you not know you upgraded, and why would you need to post that you had?

Okay, obviously these people aren’t stupid, but they are very naive and I’ve got to ask myself, if you’re not confident enough to deal with upgrades, plugin upgrades and security releases on self hosted WordPress installs why are you using it in the first place?

Don’t cite customization to me as a reason, as if you’re confident enough to customize the PHP in your themes files you should be able to at least perform an upgrade!

I know some of you are going to call me elitist and an arse for making fun of people who are less knowledgeable in this area, but lets be serious, if you’ve been using WordPress since 2.7.1 (came out 7 months ago)… enough said!

Update 15/09/2009:

Just came across this excellent post by Jeff Chandler: “Are You Responsible Enough To Run WordPress?


  1. says

    "Waa Waa whine whine.. Don't make fun of people for not protecting their stuff…. just get angry at the bad bad people who hacked them"

    Do you have any idea how childish that sounds. It's like the bloke who gets drunk, crashes his car and the blames the liquor store for selling you alcohol! It's the battle cry of a whiner!

    I maintain 8 WordPress based sites, among a number of others and just a little diligence and thought is all that is required to keep everything running smoothly and safely.

    We are all aware that hacking and cyber vandalism happens. It's a fact of life just like graffiti, car jacking and robbery. It's funny how we take precautions to protect our "real world" property but neglect to do it for our online stuff. It's why all operating systems, browsers and software have patches and updates released for them, because security is NEVER perfect and when issues are found they NEED to be resolved or you will be vulnerable.

    As for WPMU and WordPress, there is always a list of the changed files released so that you can just update those files as needed. Also, as your site is screwed up why don't you stop crying in your beer and go show some love to your members by getting their sites back instead of ranting over here….

    If you can't figure out to check plugins for compatibility, boards for reports of conflicts and issues when upgrading WPMU and are not prepared to troubleshoot and deal with the issues, release notes for special conditions, such as 2.8.2. bug which prevented proper upgrading then I have no sympathy for you.

    If you have done all that and things went haywire, then what can I say, except "shit happens" and I'm sorry for you. But having to fix issues caused by a messed up upgrade is a minor price to pay for security. Upload your backup and try again!

    In many senses I would have been happy back on the WordPress 1.x branch from a feature perspective. Between the software itself and plugins I was happy feature wise, but security updates have kept me clicking along and upgrading.

    I look at it this way – you blog is an investment. An investment of time, money and effort. If you don't do what is necessary to protect it, then you are an idiot! No two ways about it.

    Let me give you one last analogy. The insurance company will not pay out if your car is robbed because you left the keys in the ignition, or the doors open.. or some other such stupidity. They will laugh at you while continuing to collect your premium. Well it's the same with software. If you don't upgrade when security release are put out, you have no one to blame but yourself.

    Get mad at the people who do the hacking all you want. It won't stop them. In fact they'd prefer if you focused your attention on being mad at them rather than upgrading when security releases are issued. It makes their job so much easier!.

  2. Contemporary says

    In fact, even more important than to update the hell out of your WordPress is to change your admin user name to something other than “admin”.

Leave a Reply