We run WordPress for our blog and like it. I have been debating whether to upgrade our the barkingseal.com WordPress installation – we were at version 2.6.5 and it didn’t look like there were any important security issues fixed in 2.7 and 2.7.1. Patching is all about balance – the risk of security vulnerabilities versus the risk and effort of applying the upgrade. Plus, in this case, I sure don’t want to be too far behind the Web 2.0 curve (a little bit of sarcasm).
For a little guidance, I looked to the “big dogs” – how up-to-date are the most well-known WordPress sites? Yesterday, I ran a quick scan of all 354 sites listed in the WordPress Showcase to see how we compared. Sadly, not only are many sites not running WordPress 2.7+, but almost half (44%) are running a version older that 2.6.5. 2.6.5 was released in November, 2008 and did fix important security problems. Wow… four months later and 44% of these leading WordPress sites still haven’t updated!
I guess it’s easier for me to excuse enterprises who are a little behind on patches. They might wait a month for other organizations to “guinea pig” the patch, test the new software in a test environment for a month, plan and execute production changes in the following month, etc, etc. But I really can’t see any excuse for not updating your WordPress installation for four months!
The graph below shows the version breakdown in more detail – the red/green bars are running insecure/secure versions of WordPress. The blue bars represent versions of WordPress that I couldn’t identify, and sites that I positively identified as running Drupal or another non-WordPress CMS.
For what it’s worth, I timed my upgrade of barkingseal.com’s WordPress – it took under four minutes, plus another few minutes of testing. So would I trade 15 minutes of my time as insurance against hours of recovering from a defaced blog? You bet!
![[Slashdot]](/wp-content/plugins/slashdot.ico){kind=small}
![[Digg]](/wp-content/plugins/digg.ico){kind=small}
![[Reddit]](/wp-content/plugins/reddit.ico){kind=small}
![[del.icio.us]](/wp-content/plugins/delicious.gif){kind=small}
![[Technorati]](/wp-content/plugins/technorati.ico){kind=small}
![[StumbleUpon]](/wp-content/plugins/stumbleupon.ico){kind=small}
Leave a Comment