I've been running WordPress since 2006 with a customized template and a couple of plug-ins (Calendar, Contact Form, Polls), using it essentially as a CMS with comments and signups disallowed. Pings on the other hand, were allowed for each post.
Starting a couple of days ago, I started getting hundreds of email notifications asking that I moderate a comment, in the form of:
A new comment on the post # "" is waiting for your approval http://www.site.org/2006/03/03/post/
Author : (IP: , )
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=
Ruh roh. I don't have a lot of posts on the site so the first thing I did was go back in and disallow pings for each.
That being said, the version is 2.0.1 (and yes, that would mean I'm begging you for mercy but hear me out), in the absence of any vectors in which users could insert code coupled with a strong passsword, presumably, I thought I was sparing myself from an upgrade and the headache of upgrading my customized base theme which I see is not compatible with 2.5.
So my question is this: do I *really* need to upgrade?
Thanks in advance for your help