I’ve just seen Mashables post about a security exploit that exists in older versions on WordPress, versions prior to 2.8.4, and how imperative it is that you upgrade your self hosted WordPress immediately. Of course the post is getting a lot of attention across the interwebs and on sites like Twitter.
Like what I hope are the vast majority of WordPress users, I shrugged my shoulders and paid very little heed to it as it’s only a concern for installs older than 2.8.4. We’re running WordPress on all but one of our 9 sites and like most people we upgraded to 2.8.4 as soon as it was released and always upgrade to the newest release straight away.
The only thing that ever stops us upgrading immediately is if there is a conflict with one of our plugins which we set about fixing straight away and then upgrade ASAP.
After all, WordPress is like any other piece of software. It may run on your server or webhost but just like your windows installation it requires regular updating for stability, speed and security improvements.
Unless you have a very specific reason not to (other than you are just too lazy to upgrade your plugins or theme), upgrading to the latest version is always a must.
Anyhow, I was calling WordPress users stupid wasn’t I? Or was that Mashable readers? Actually it’s the segment of WordPress users who commented on Pete Cashmores post today, who obviously failed to comprehend the article and have issues with the most simple of advice! Upgrade Now!
Here’s some examples for your amusement:
Σχολή Χορού That’s really annoying. I have some blogs about dancing with very personalized themes and who knows what will happen if i upgrade.
You’ll get hacked and all your pretty personalized themes will disappear forever.
happymind how do you upgrade ??????
See the button that says “Upgrade Automatically” – Click it! When was the last time you logged in to your WordPress Dashboard?
Mitzi Szereto yeah, but everytime i log in, i see that the NEW version has holes in it, and they have to keep fixing it. so frankly, i am not sure i trust it. nor i am sure i trust that it won’t screw up my entire site.
i’m still on 2.7.1 – should i leave it the hell alone? please advise.
Yes, they’re called fixes. Your old version probably has all the vulnerabilities and more of the new versions. They’re fixing the problems as they find them. As for you still being on 2.7.1 – Is it really that hard to comprehend –“Upgrade Now!”. Tell you what, stay on 2.71. Can’t wait for lazy people like you to start bitching about WordPress security when you get hacked.
ronaldredito This is annoying! Can anyone pinpoint who is behind this?
Yes, it was Barrack Obama! It’s a plot to take over the world by brainwashing everybody through plugins that have been covertly installed in WordPress blogs, which then send subliminal suggestions to everyone prompting them to elect him in for another 4 years and agree with all his policy decisions. And the WordPress dev team are going to just start taking out people like him instead of ever working on security updates. Assassinating random people is much more cost effective and less disruptive to the WordPress user base than pushing security releases.
Arthur Wilkie And this is why I use Blogger…
I’m really, seriously praying that was sarcasm Arthur 🙂
achernow Already did the upgrade apparently.
Maybe the hacker did it to prevent any more hackers taking control of your WP? Sheesh, how could you not know you upgraded, and why would you need to post that you had?
Okay, obviously these people aren’t stupid, but they are very naive and I’ve got to ask myself, if you’re not confident enough to deal with upgrades, plugin upgrades and security releases on self hosted WordPress installs why are you using it in the first place?
Don’t cite customization to me as a reason, as if you’re confident enough to customize the PHP in your themes files you should be able to at least perform an upgrade!
I know some of you are going to call me elitist and an arse for making fun of people who are less knowledgeable in this area, but lets be serious, if you’ve been using WordPress since 2.7.1 (came out 7 months ago)… enough said!
Just came across this excellent post by Jeff Chandler: “Are You Responsible Enough To Run WordPress?“