[Security] WordPress Update Compliance
Tuesday, September 9th, 2008 - Security
I have checked on the servers and I am seeing about 15 percent compliance with the WordPress update. This means that 15 percent of the WordPress installs that were outdated last week have either been updated or removed.
Our WordPress updater program is still available to those that want to try it to upgrade their WordPress installs. We have updated a couple of WordPress 2.5.1 installs to WordPress 2.6.1 and did not encounter any problems. I am not sure if the updater will work on anything less than WordPress 2.5.1.
We have also received a few complaints and concerns from users who do not believe that they have to update their blogs. Please understand that we do not make the rules on the Internet. It is just a fact that if you run outdated software on an account then you are more likely to be hacked into. If your account is hacked into, then this can have adverse affects throughout the entire server. This is why we are pushing to these installs updated. We are trying to raise awareness that you have to keep these installs up-to-date.
If you have concerns about the new WordPress interface or something about the new version of WordPress then you need to contact WordPress about this. You can reach the WordPress forums at:
I know some users have written in saying that they are using WordPress 2.5.1 and that WordPress 2.6.1 does not contain any new security fixes. It is true that 2.6.1 does not fix any major security flaws in WordPress. While I still believe that you should upgrade WordPress 2.5.1 installs to the latest version, I am less concerned with those installs that are version 2.5.1. The main issue is with the installs that are from the 2.3 release tree. WordPress 2.3 had a lot of security issues and these issues also affected versions prior to 2.3. These installs need to be updated. If you won’t take my word for it, then ask around on the WordPress forum and see if anyone still believes you should be running WordPress 2.3.
We are just trying to be proactive in regards to this. In order to make sure the servers stay secure we have to insure that the servers are secure. Any server administrator that knows that there are accounts on their servers that are running and old and outdated version of a script or application and they do nothing about it, then they are not doing a very good job administrating the server. We are just trying to keep you informed and trying to keep your data safe.
Scott