WordPress.org

Ready to get started?Download WordPress

Ideas

Security Patches for Earlier Versions

  1. StrangeAttractor
    Member

    12345

    One thing that drives me crazy about WordPress are the frequent version upgrades. (I'm glad, of course, that WP continues to evolve.) It can be a real pain to upgrade when you have a lot of customizations and plugins -- and after all, one of the great things about WP is that it is so customizable.

    I'm not eager to upgrade some of the sites I've built with older versions of WP -- why fix it if it works?

    However, there is the issue of site security, and this is the main motivation to upgrade to a later version. Holes in security are often addressed by the next version.

    What I would like is to have the option to simply install a security patch, or a few core files that address the security issues, without upgrading the entire version of an installation.

    It seems to me that this is in everyone's interest because many people don't upgrade their installations, and thus are vulnerable to security issues -- which can give WordPress a reputation of being insecure.

    Maybe there's already a way to do this (and if so, please post the relevant info), but it certainly isn't obvious.

    Posted: 6 years ago #
  2. dangrey
    Member

    Use version 2.0 LTS

    Posted: 6 years ago #
  3. StrangeAttractor
    Member

    12345

    Yeah, that's what I've been doing. Actually, mostly sticking with 2.2.3.

    Posted: 6 years ago #
  4. StrangeAttractor
    Member

    12345

    There's an interesting discussion of security and updates on Matt's most recent entry on his blog:

    http://ma.tt/2008/04/securityfocus-sql-injection-bogus/

    Posted: 6 years ago #
  5. Anatis
    Member

    12345

    As I am going back to 2.3.3 (I hate 2.5's admin area too much to keep it running!) I vote for security releases for previous versions.

    If the admin area doesn't change... then I'm staying on 2.3.3 and sorry, but when one day this version is too outdated to get anything to work... I'll likely install a current version... and if it's no good, I'll be looking for new blog software.

    Posted: 5 years ago #
  6. Simon Dickson
    Member

    12345

    I wholeheartedly agree with StrangeAttractor here. I do a lot of work with large corporations, building complex WordPress-based websites which tend to rely heavily on plugins. But often there's no guarantee that a given plugin will ever be updated, and a new WP release could therefore completely undermine a site's core functionality. I simply can't say to clients: 'go ahead and upgrade, nothing can possibly go wrong.'

    The perfect model, surely, is Ubuntu's LTS (long term support): a commitment to keep certain releases patched for an extended period of time (3-5 years).

    It means you can guarantee clients that they can keep patching their installations for security, without the risk of breaking key functions. At the moment, we just can't say that.

    v2.5 is a landmark release. This would be the ideal time to designate it as LTS. It's the one weak link in the WordPress proposition, and it would be easily closed.

    I've written a bit more about this on my own blog:
    http://puffbox.com/?p=138

    Posted: 5 years ago #
  7. Jen Mylo
    Key Master

    If you were using 2.5 a year ago, you were already several versions behind. Everything got easier with 2.7, and more so with 2.8 and 2.9. You should just upgrade.

    Posted: 4 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.

  • Rating

    12345
    9 Votes
  • Status

    Sorry, not right now