I really like WordPress and I’ve been using it for many years from the pre v1 days, I believe. It has certainly grown massively since there, and now boasts the most impressive feature-set of all the online diary platforms. But, as with most software systems, as popularity increases, so does its vulnerability to attacks from unsavoury hacker types. It’s a widely covered phenomenon in the Windows vs Mac debate - Mac OSX is largely more secure because there are far fewer malicious attacks out there - for the simple reason that Windows is a more valuable target since there are many more users of it. (OK, this ignores the fact that the UNIX platform is natively more secure - but there is more to be gained in attacking Windows systems.) The increasing use of WordPress has resulted in an increasing number of security exploits. The WordPress folks are normally quick to close, patch and fix these holes, but I’ve always found the upgrade process, in spite of the infamous 5 step install / upgrade, to be a little arduous - backup existing install, deactivate plugins, download latest source, unzip, upload new source remembering not to overwrite your wp-content folder which contains plugins and themes, perform upgrade, reactivate plugins and cross your fingers. My experience has generally been fine - there has been only a few occasions when it’s gone titsup. But nevertheless, it’s a time-consuming process, especially the having to upload wp-content stuff separately. And there was a point recently, leading up to the 2.5 release, and then shortly after, where there was a spate of releases. When you’re managing 5 separate installs of the WordPress software, it invariably becomes a half-to-full day chore, rather than a quick update.
Well fortunately, there now’s something you can do about it. As of 2.5, all plugins have the ability to check for and update themselves requiring little more than your FTP credentials. And the WordPress automatic update plugin will keep your WordPress install bang up-to-date as well. I’ve tried it on a 2.5 install, as well as a 2.3.3 install, and, moreorless, the experience has been great. The “step by step” upgrade got a bit confused when trying to reactivate some of my plugins, but using the fully automatic mode worked like a dream. The plugin is certainly a bit rough around the edges - the templating and presentation is as disorganised and ungainly as CPanel, not to mention many many typos and grammatical errors, but if you’re not bothered about that, then there is now no reason to not keep your WP fully up-to-date.
Bootnote: I actually started this post about 2 weeks ago, before the automatic upgrade plugin had been released. So fortunately it was saved from being an all-out “WP stop releasing so many updates you bastards” to a “here’s a handy plugin that will keep your WP life more pleasurable.” Hurrah for that.
Leave a Reply