WordPress Upgrade Madness

Tuesday, September 11th, 2007

Recently, I have been becoming increasingly annoyed at the frequency with which WordPress releases updates, most of which are proclaimed to be security updates so that users are encouraged to “upgrade immediately”.

While I am thankful that WordPress remains so on top of security problems, it is rather disconcerting that security flaws are being discovered with such frequency, possibly pointing to deep rooted flaws in the security methods it employs.

I do have one piece of good news however. From what I can tell, v2.2.3 (which was released little more than a month after v2.2.2) does not address any security problems that will affect the majority of users. The only security hole it plugs is the ability of a user (meaning someone who can write actual posts to the blog) to post unfiltered HTML when their preferences are set to prevent it. In other words, unless you allow hackers access to the admin area of your blog, don’t worry about it.

One Response

  1. Luke - September 12th, 2008 at 8:42 pm

    Hey man, I know what you mean. I hate having to keep all the WordPress blogs updated all the time, it seems all too frequent. But I guess it’s worth it.