Should You Upgrade WordPress?
April 14th 2008
Image by Heraklit WordPress 2.5 came out just under 2 weeks ago, and since then there have been a stream of "Reasons to Upgrade" posts. Well, what about reasons not to upgrade?
The Security Thing
Security is a good reason to upgrade, but it's not always as good a reason as it might seem. Some blogs over-emphasize the risks of security, to get you to upgrade.
For instance, the normally excellent Weblog Tools Collection wrote about security holes due to free themes, and then said "The moral of this story is that you need to upgrade your WordPress blog now to WordPress 2.5."
Upgrading to WordPress 2.5 will not solve exploits coming from your theme. You must resort to other measures to do that. As a respected WordPress authority, it wasn't fair for them to imply otherwise.
WordPress 2.5 packed a host of new features into it, but how big were the security fixes? Not very; just a more secure login. That makes sense; security fixes are for the minor releases, not the majors.
And if WP 2.3.3 has had 3 versions to fill up holes in the 2.3 release, and WP 2.5 has had no patch-ups but a whole load of new feature code, is it possible that WP 2.3.3 is actually more secure than 2.5? I don't know, but I'd love to hear opinions.
It Isn't Broken, Don't Try to Fix It
If your blog is working the way you want it to, why try to fix it? There are 3 good reasons to leave things alone:
- Not all plugins work with new versions of WP.
- It takes time to upgrade.
- New features in WP may have no appeal to you.
I'm perfectly happy with WordPress 2.3. The new features in 2.5 are great, but not for me. The only reason I would upgrade is to keep up with security.
Should WordPress take this into account? Offering minor releases for many versions of WordPress is not plausible, but perhaps security updates could be given via a plugin? Again, I'd love to hear opinions on whether or not that is a possibility.
How I Do It
I tend to upgrade based on 3 rules:
- Never upgrade to a major release immediately. Things will never be perfect in the first try, and version 2.x.1 is always soon to follow. Save yourself some time by waiting for it.
- Check plugin compatibility first. If it's poor, don't upgrade major releases. You can test compatibility by looking for the plugin in the codex compatibility page, or reading the latest comments on the plugin's home page.
- Always upgrade to minor releases (e.g. 2.3.2 -> 2.3.3). Minor upgrades rarely cause plugin incompatibilities, which makes the upgrade a fast process, and they usually fix security holes, which will appeal to everyone. So a minor upgrade bypasses all 3 of the reasons not to upgrade.
I'm not running 2.5 yet, and have no plans to for a while. What about you?
Twitter
April 14th at 8:08 am GMT
Comment #1
I'm not running 2.5 yet either. Same like you, no plants to for a while.
I have 2 other blogs that are like 2 versions behind. No issues as long as the blog works fine.
I would prefer that WordPress actually makes a list of files CHANGED from the previous version, rather than having us to upload practically everything.
Perhaps a downloadable archived file of only the files changed affected from the upgrade, say 2.3 to 2.5.
April 14th at 8:44 am GMT
Comment #2
When it comes to clients, upgrades like 2.5 are a problem due to the admin redesign. While it's not hugely different, we'd be answer support e-mails and calls until the next upgrade! This is one of my primary concerns, along with plug-in compatibility.
April 14th at 8:55 am GMT
Comment #3
Hey Michael, Good article!
I am fortunate, my hosting service has this neat program called "Fantastico" which lets me basically install/update lots of web applications with just one click (plus back up the old install just incase)
So for WP 2.5, I my install time was literally about 5 seconds, and I really like the new features.
I Agree with you though- for some people the cons may outweigh the pros in the early going!
April 14th at 9:26 am GMT
Comment #4
To be fair, the Weblog Tools Collection site said that some of the vulnerabilities could be due to bad themes but not all are. A friend of mine was getting tonnes of links inserted into his posts in a hidden div, he was running his own custom template. Of course yeah, upgrading isn't going to fix a hacked template, gotta fix the template first!
However I agree on the upgrade. Although virtually all common plugins run on WP 2.5 as there were not any real database table changes (not like the 2.3 upgrade) just additions. I've not had any problems with plugins besides one admin plugin which was cleaner dashboard, installed to take the development info away from the dashboard for clients who use WordPress.
I've upgraded several client sites and a couple of my own. Now I've worked out which CSS to override to move the categories up to where they were in the posting page, I'll happily upgrade my other sites too.
As Mike said though, the admin redesign is the biggest problem for clients. There is a bit of usability lost in it, not to mention everything's in a different place!
April 14th at 9:35 am GMT
Comment #5
I don't think I will be upgrading to WP 2.5. I just haven't had the best of luck upgrading at the best of times and have even lost an entire blog.
I was able to install my backup but the thought of losing something permanently just makes me a bit of a chicken.
April 14th at 9:40 am GMT
Comment #6
Good post, it totally make sense.
I'm not planning either..it doesn't make any sense for us, as we have multiple authors and we don't want to make them uncomfortable with new dashboard.
April 14th at 9:44 am GMT
Comment #7
I'm quite aware that people are reluctant to upgrade to WP 2.5, but there are vulnerabilities in WP 2.3.3.
This was one reason that I upgraded my blog to the latest version, as well as run a number of plugins for security which I have mentioned in the post.
April 14th at 10:18 am GMT
Comment #8
Goldfries,
That's a good idea, but it would be more work for the WordPress devs. And it might actually confuse less experienced users (Who now have to choose between 2 ways to upgrade).
Mike,
That's a good point; I hadn't thought of things from a support point of view. I've found myself getting lost in the new admin panel a few times already. You would need to know it inside out before you could give support on it.
Tyler,
I have Fantastico as well, but I don't use it. I've heard stories about problems caused by it during installation, and even Fantastic can't solve the plugin incompatibilities. It's cool that it worked so quickly and easily for you though!
Sarah,
It's true that most plugins have been good with 2.5 specifically, but all it takes is for one or two important ones to break, making it not worthwhile.
Changing the dashboard is a good idea though! I use Windows Live Writer to write my posts, so little things like that in the Writing page haven't gotten to me yet. xD
James,
You lost an entire blog?? I suppose you have a pretty healthy respect for backups now...
Kuldeep,
That's a good point. I hadn't thought of multi-user blogs. The new interface isn't anything special, so that's probably a good decision for your writers.
Andrew,
That's a good link, and the plugin looks good. I hadn't heard about the flaw in 2.3.3. It's a strange one though. I'm pretty surprised that they managed to create a whole new folder in the system. Have to keep an eye out for that one.
April 14th at 12:30 pm GMT
Comment #9
I upgraded to 2.5. The only thing that is not working is "popular posts" but it seems like the author knows why it is not working, so I hope that there will be a fix soon.
I believe that it make sense to drop development on a old release after a new major release is available. You'd just waste development time for a old software.
Of course it makes sense to wait until the new major release is really working and supports most plugins, but there is a point you just have to make a step forward.
You are right that there may be security issues but if no one runs 2.5 no one will ever notice
I think it is a good way to give something back. Upgrade to a new release, see if everything is working and if this is not the case just write a bug report.
You don't have to fix it, just provide enough informations someone else can do it *g*
April 14th at 12:54 pm GMT
Comment #10
One reason why I love ExpressionEngine. Don't have to worry about updates breaking stuff.
April 14th at 4:16 pm GMT
Comment #11
I generally upgrade as soon as the release goes gold. I read-up on things first, and with 2.5 I installed a test blog to make sure things would work sufficiently.
Don't forget this reason to stay up to date: Plugin developers may drop support for your older version. It's a hassle to support older versions of WordPress, and you could be left in the dark if you don't upgrade.
April 14th at 4:59 pm GMT
Comment #12
It's also my policy to wait for the second release of an upgrade before making the step to actually do that.
However, what I've decided is while I'll leave my current blogs at WP 2.3 for now, any new ones I install will be 2.5. This gives me, IMO, the best of both worlds - I can get used to the new features and set-up of 2.5 without 'risking' my current projects.
April 14th at 6:58 pm GMT
Comment #13
Michael,
A very timely and relevant post. You ought to check your inbox; it's rather urgent. I believe that the other site may have been injected with something.
While I am on here, I might as well contribute to the discussion.
I haven't upgraded my blog since I never write on it anymore. 
I plan on upgrading within the weekend to 2.3.3 though, just so I won't place my shared hosting friends in any danger. While 2.5 may be a great idea, I believe that it's good to sit back a bit and watch what happens.I mean, remember WP 2.1.1?/EDIT: Nevermind. I just saw the 2.3.3 exploit.
April 14th at 7:34 pm GMT
Comment #14
Michael, though I've upgraded, I have to agree with your advice in this article.
I have no complaints about 2.5 itself, but I wish more plugins were compatible.
April 14th at 8:54 pm GMT
Comment #15
Even i haven't upgraded to 2.5 yet. Unless i face any problems with older versions i wont upgrade as i am happy with WP 2.3
April 14th at 9:56 pm GMT
Comment #16
Hells yes! Well, I don't feel that strongly about it, I think it's fair to wait until you think they've ironed out the kinks, but to be honest, this upgrade has features that I've been wanting for a long time (multiple image upload for one).
I was surprised at how easy this upgrade was. Nothing broke... I think all my plugins worked - if they didn't I realised they weren't that important to me.
Even my web host upgraded their blog due to security issues. I think those guys are pretty savvy, so if they believed there were issues, I do too.
The only disappointment I have with the new version is no batch category editing (people have been requesting it for a while) and I can't get the automatic plugin feature to work. The latter must be my set up because I haven't read of any one else having that problem.
April 14th at 11:39 pm GMT
Comment #17
Upgrading is plain easy, open filezilla, pull everything up except of wp content and voila, you're done.
There is a nice post at ma.tt about upgrades and vulnerabilities.
Talking about vulnarabilities: securing core server and wp files through a .htaccess file should be usus, then serp's cannot index ./wpcontent/files...
April 14th at 11:47 pm GMT
Comment #18
Hey Michael...you MUST have been reading my mind!
:o/
My sentiments exactly. I have advised several friends to WAIT just for the reasons you stated. When I read that Weblog Tools post, I said...WHAAATTTT! That just didn't make sense.
When your site works just as is, why chance a whole bunch of incompatibility issues??? And, as I've recently told friends, problems with your template cannot be fixed by upgrading WP. And just because you BUY a template, doesn't mean there won't be problems. I can show you several custom themes I have that have errors all over the pages because they don't serve up my content well.
I also agree that 2.3.3 is the most stable version out there right now. You never upgrade for the sake of upgrading...at least that is my general rule.
Heh...I even have an OLD version of Snag It on 3 of my computers because, sometimes, you want a minimalist approach. Short, sweet, to the point.
Keep on truckin'.
cj
April 15th at 3:33 am GMT
Comment #19
Nice post. I'm not upgrading just yet for much the same reasons. I was hoping to read some posts like this one out in the blogosphere just to reassure myself that I'm not altogether nuts.
Everybody seems to be raving about the new version. No doubt it's great, and I loooove Wordpress, but I'm just not ready for another upgrade.
April 15th at 11:43 am GMT
Comment #20
Very nice article to think about an upgrade-strategy. Thank you.
Ralph
April 15th at 6:59 pm GMT
Comment #21
I upgraded almost the same day that version 2.5 came out and I haven't looked back since. I haven't had any problems with any plugins yet, with the exception being trying to install Popularity contest. I wrote an article about How to upgrade to WordPress 2.5 which people seem to have found helpful.
April 16th at 3:40 pm GMT
Comment #22
Good post!
It doesn't take that much time to do most WP upgrades, though. It took me about 7 minutes, tops, and that includes backing up the database, downloading the new files, and uploading them to my server.
It didn't break a single one of my plugins either, though I didn't upgrade for about a week after it came out, so many had upgrades to them already so perhaps I just did not notice any problems because they'd already been fixed. ^_^
I love the new Admin section look and layout, even though I admit it took a little bit to get used to things being different.
April 17th at 9:36 pm GMT
Comment #23
Hear, hear! I'm also waiting to upgrade, especially because the fact that even more things probably won't work right when I do. Everything is working fine for me now, so I'd rather just wait it out. When the security is improved, I'll definitely be upgrading. When I'm sure all my plugins, etc. will work, I'll also be upgrading. But for now I'm fine to wait.
April 18th at 3:29 pm GMT
Comment #24
I'll add my vote to waiting to upgrade. Most upgrades will have some issues. It could be bugs, or security holes that are found... but it's rare for a software upgrade to hit the ground perfect. There's usually a patch released to fix these things. That's when I'll look to upgrade.
April 18th at 3:38 pm GMT
Comment #25
Those who say they're waiting should take a good look at this:
http://www.bloggingpro.com/arc.....g-indexed/
April 22nd at 7:13 pm GMT
Comment #26
I've upgrade on some of my sites, but not all. Just on those where the new features are good, such as the multiple-file uploader, but, seeing as 2.3 is secure enough, why upgrade to one that we dont know if it's fully secure yet?
April 26th at 2:32 pm GMT
Comment #27
WordPress 2.5.1 is out now. It fixes some bugs, and some security issues that aren't yet known by the general public.
If you are using 2.3, I strongly suggest upgrading. Some security-related bugs have been found, and it's not really safe to continue using it.
April 26th at 8:25 pm GMT
Comment #28
Timo,
Well said. Upgrading sooner rather than later definitely helps the WordPress movement as a whole more. But I think they could do a bit more to help us out with that.
Deron,
Haha, nice to get one over on us then?
Redwall,
But if the plugins are working at the minute, why upgrade them either?
Sheamus,
I agree with that setup. If you're starting a new blog, definitely go for the latest version. We're all going to have to upgrade eventually, so save yourself that hassle.
Pam,
Thanks for the heads up.
Richard,
Congrats on making the leap at least! Plugin compatibility should improve over time.
Madhur,
Agreed. No need to fix something that isn't broken.
Kristarella,
If it had features you wanted, then by all means, go for it!
I don't need the image uploader though, so WP2.3 is just as good for me.
Milo,
But if things go wrong, you're not done for a while.
Cheryl,
I'd say you gave your friends the right advice then.
Tanya,
Don't worry about the number of posts on WP2.5. It's just that it's more fun for people to write about than a "Do nothing" post is.
Ralph,
Welcome.
Chris,
You had trouble with Popularity Contest as well? It's a popular (Sorry, couldnt think of a better word!) plugin though, so an upgrade is bound to come soon.
Caitlin,
Sounds like it was painless for you. That's great!
Tay,
Same here. The upgrade will definitely come at some point, but not until I know it will be hassle-free.
Keith,
Agreed. The early-adopters will pick up on the flaws, and they'll be sorted out by the time lazy people like us get around to it.
Redwall,
Sorry, but I just couldn't care what Technorati does tbh. I don't think I've ever gotten a single visitor from them. xD
Have you upgraded to 2.5.1 though? I would actually consider upgrading myself now, because it's out.
Grasiani,
Your method sounds perfect. Upgrade if it would benefit the site, but if not, what's the point?
May 2nd at 1:27 pm GMT
Comment #29
I upgraded my WordPress engine to 2.5.1 and I love it. It's faster and easier to understand. Although there are many strange bugs: the spellchecker (in Mozilla Firefox), the display of emoticons in Opera 9.26 etc. There are many new/strange bugs.
The new bugs are worse than 2.3.x. I can tell you that.
offtopic: your reply form isn't buggy anymore! It works fine in Opera! I love it!
May 2nd at 11:40 pm GMT
Comment #30
Great write-up. I've been looking into jumping on the wordpress action because of it's full-control over the design, layout, and functionallity of it, not to mention everybody raves about it. Thanks for the info and i've definetly subscribed to this blog.
Check mine out when you get a chance to let me know how to improve!
www.1lens2many.com or www.designguy.com
May 7th at 2:23 pm GMT
Comment #31
Wish I read this before upgrading to 2.5. I like it fine but now I have the "upgrade to 2.5.1" hanging over my head! I'm fairly new to wordpress and didn't realize there would be another release so fast. I'll probably hold off a bit longer next time. Thanks!
May 7th at 8:44 pm GMT
Comment #32
Vanessa,
Those upgrade messages really getting on my nerves as well!
May 7th at 8:48 pm GMT
Comment #33
noonoo,
Yeah, I got rid of the fancy comment form. It was causing bugs for quite a few users, so it definitely wasn't worth it in the end. Sorry you had to put up with it for so long!
That Blogger Guy,
I couldn't possibly recommend WordPress any higher. I give it the odd criticism occasionally (Like in this post!), but only so that it continues to improve. It's a fantastic piece of software.
May 9th at 10:14 am GMT
Comment #34
WP is easy to work and customize, but has some easy to manage flaws like wp cache not enabled/built in.
May 10th at 1:16 am GMT
Comment #35
milo,
Built it caching would be perfect. It's one of the essential plugins now...