By: jonathansoroko

jonathansoroko — Sun, 07 Mar 2010 20:44:39 +0000

Andy, you’re entirely right. Often the main upgrade comes with new vulnerabilities – which are patched later in the “smaller” upgrades. For a small operation – a lot to keep up with.

By: Andy

Andy — Sat, 06 Mar 2010 02:22:32 +0000

Thank you for this post! It is a breath of fresh air that you get it. You can’t always upgrade, and simple upgrading isn’t always enough. When I discover a serious WordPress security issue, I generally find a patch for my current version, or I make one myself.

Ironically, the advocates of upgrading early and often point to the automated web-based upgrade feature. But using that creates additional security holes that can’t be prevented. I know you need a sysadmin to do it, but the manual upgrade is so much safer.

Comments on: A Common-Sense WordPress Security Primer:

By: jonathansoroko

By: Andy