Long story short, I've inherited a WP install that's still at v2.8.4 and it's hacked to bits (admittedly only in the theme) and upgrading to the latest version breaks all the custom functionality.
The scale of fixing the broken bits is too large, and the site's undergoing a rebuild from the ground up in v3+ anyway.
I was wondering if anyone had tried patching just the security holes, without updating the rest of the core?
I've followed some of the tips from here http://codex.wordpress.org/Hardening_WordPress and various other resources. But any other advice would be great, cheers.