No..not another Wordpress version!!

kannanmr on August 4th, 2008

I logged in to my blog account 2 days back, after a verrry long time (I blame my project move in the professional world). I was surprised to find out so many things have happened in the Wordpress world. A new version has been released, many more vulnerabilities have been found and fixed…WAIT…a NEW version?? NOOOO! It feels like I just updated to a new version…is there a new one already!???

Wordpress is churning out new versions faster than my C2Duo / Vista machine can boot :P Don’t believe me? Look at these dates:

Wordpress version Release date
1.5 (Strayhorn) mid-Feb 2005
2.0 (duke) Dec 2005
2.1 (Ella) 22 Jan 2007
2.2 (Getz) 16 May 2007
2.3 (Dexter) 24 Sep 2007
2.5 (Brecker) 29 Mar 2008
2.6 (Tyner) 15 Jul 2008

 

As you can see lately there is a new release every 3 months (avg). As a developer, I understand it is always good to code that great/mean feature and ship it out ASAP so that we can watch the customer use it, but as an end-user it *is* very tiresome to constantly keep upgrading every quarter. I don’t know how many times I did that…I am running more than 2 installations (1 for me, 1 for my wife, blah blah…don’t ask me to use WPMU..I did try it!), so whenever I see “A new Wordpress version is available” message, I more or less go nuts!

The basic WP architecture has been severely criticized for being too rigid in terms of quick security fixes. See the following excerpt from Wikipedia:

BlogSecurity currently maintains a list of WordPress vulnerabilities.[8]

In January 2007, many high-profile Search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring AdSense, were targeted and attacked with a WordPress exploit.[9]

A separate vulnerability on one of the project site’s web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.[10]

In May 2007, a study revealed that 98% of WordPress blogs being run are exploitable.[11]

In a June 2007 interview, Stefen Esser, the founder of the PHP Security Response Team, spoke critically of WordPress’s security track record, citing problems with the application’s architecture that make it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as other problems.[12]

98% of the blogs?? Woah….

I hope Wordpress core developers fix the basic design flaw (if there was one!) and put together a solid core to the extremely usable exterior, so that many users like me, who are kind of paranoid, stay with WP in the future! Oh, btw, it’d be really nice if they could make the release cycle twice an year!!

Code, Computers, Software, Wordpress Add to del.icio.us  Digg This Subscribe to RSS feed

Check out these related posts:

4 Responses to “No..not another Wordpress version!!”

  1. DNN and smartermail upgrades very quickly too.
    I guess WP upgrades on July because they knew they would be too busy to do it during the Olympics. :)

  2. Ya, I guess so!

  3. Hey,
    My Name is, Richard
    Nice site, verry informative
    check my site:

    http://djwK9tOCO.spaces.live.com/

  4. Only 2 wordpress installations? :)

    I use dreamhost…they have a one-click upgrade for wordpress installations. I run 8 wordpress blogs and 1 wpmu site. Upgrading to the newest version takes…. about 4 minutes total.

    Now keeping plugins updated, thats another story…

Trackbacks/Pingbacks

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>