1. goldfries

   14th April, 8:08 am GMT

   I'm not running 2.5 yet either. Same like you, no plants to for a while.

   I have 2 other blogs that are like 2 versions behind. No issues as long as the blog works fine.

   I would prefer that WordPress actually makes a list of files CHANGED from the previous version, rather than having us to upload practically everything.

   Perhaps a downloadable archived file of only the files changed affected from the upgrade, say 2.3 to 2.5.

2. Mike Robinson

   14th April, 8:44 am GMT

   When it comes to clients, upgrades like 2.5 are a problem due to the admin redesign. While it's not hugely different, we'd be answer support e-mails and calls until the next upgrade! This is one of my primary concerns, along with plug-in compatibility.

3. Tyler Michael Jonsson

   14th April, 8:55 am GMT

   Hey Michael, Good article!

   I am fortunate, my hosting service has this neat program called "Fantastico" which lets me basically install/update lots of web applications with just one click (plus back up the old install just incase)

   So for WP 2.5, I my install time was literally about 5 seconds, and I really like the new features.

   I Agree with you though- for some people the cons may outweigh the pros in the early going!

4. SarahG

   14th April, 9:26 am GMT

   To be fair, the Weblog Tools Collection site said that some of the vulnerabilities could be due to bad themes but not all are. A friend of mine was getting tonnes of links inserted into his posts in a hidden div, he was running his own custom template. Of course yeah, upgrading isn't going to fix a hacked template, gotta fix the template first!

   However I agree on the upgrade. Although virtually all common plugins run on WP 2.5 as there were not any real database table changes (not like the 2.3 upgrade) just additions. I've not had any problems with plugins besides one admin plugin which was cleaner dashboard, installed to take the development info away from the dashboard for clients who use WordPress.

   I've upgraded several client sites and a couple of my own. Now I've worked out which CSS to override to move the categories up to where they were in the posting page, I'll happily upgrade my other sites too.

   As Mike said though, the admin redesign is the biggest problem for clients. There is a bit of usability lost in it, not to mention everything's in a different place!

5. James Mann

   14th April, 9:35 am GMT

   I don't think I will be upgrading to WP 2.5. I just haven't had the best of luck upgrading at the best of times and have even lost an entire blog.

   I was able to install my backup but the thought of losing something permanently just makes me a bit of a chicken.

6. kuldeep

   14th April, 9:40 am GMT

   Good post, it totally make sense.

   I'm not planning either..it doesn't make any sense for us, as we have multiple authors and we don't want to make them uncomfortable with new dashboard.

7. Andrew

   14th April, 9:44 am GMT

   I'm quite aware that people are reluctant to upgrade to WP 2.5, but there are vulnerabilities in WP 2.3.3.

   This was one reason that I upgraded my blog to the latest version, as well as run a number of plugins for security which I have mentioned in the post.

8. Michael Martin

   14th April, 10:18 am GMT

   Goldfries,
   That's a good idea, but it would be more work for the WordPress devs. And it might actually confuse less experienced users (Who now have to choose between 2 ways to upgrade).

   Mike,
   That's a good point; I hadn't thought of things from a support point of view. I've found myself getting lost in the new admin panel a few times already. You would need to know it inside out before you could give support on it.

   Tyler,
   I have Fantastico as well, but I don't use it. I've heard stories about problems caused by it during installation, and even Fantastic can't solve the plugin incompatibilities. It's cool that it worked so quickly and easily for you though!

   Sarah,
   It's true that most plugins have been good with 2.5 specifically, but all it takes is for one or two important ones to break, making it not worthwhile.

   Changing the dashboard is a good idea though! I use Windows Live Writer to write my posts, so little things like that in the Writing page haven't gotten to me yet. xD

   James,
   You lost an entire blog?? I suppose you have a pretty healthy respect for backups now...

   Kuldeep,
   That's a good point. I hadn't thought of multi-user blogs. The new interface isn't anything special, so that's probably a good decision for your writers.

   Andrew,
   That's a good link, and the plugin looks good. I hadn't heard about the flaw in 2.3.3. It's a strange one though. I'm pretty surprised that they managed to create a whole new folder in the system. Have to keep an eye out for that one.

9. Timo Zimmermann

   14th April, 12:30 pm GMT

   I upgraded to 2.5. The only thing that is not working is "popular posts" but it seems like the author knows why it is not working, so I hope that there will be a fix soon.

   I believe that it make sense to drop development on a old release after a new major release is available. You'd just waste development time for a old software.

   Of course it makes sense to wait until the new major release is really working and supports most plugins, but there is a point you just have to make a step forward.

   You are right that there may be security issues but if no one runs 2.5 no one will ever notice
   I think it is a good way to give something back. Upgrade to a new release, see if everything is working and if this is not the case just write a bug report.
   You don't have to fix it, just provide enough informations someone else can do it *g*

10. Deron Sizemore

    14th April, 12:54 pm GMT

    One reason why I love ExpressionEngine. Don't have to worry about updates breaking stuff.

11. redwall_hp

    14th April, 4:16 pm GMT

    I generally upgrade as soon as the release goes gold. I read-up on things first, and with 2.5 I installed a test blog to make sure things would work sufficiently.

    Don't forget this reason to stay up to date: Plugin developers may drop support for your older version. It's a hassle to support older versions of WordPress, and you could be left in the dark if you don't upgrade.

12. Sheamus

    14th April, 4:59 pm GMT

    It's also my policy to wait for the second release of an upgrade before making the step to actually do that.

    However, what I've decided is while I'll leave my current blogs at WP 2.3 for now, any new ones I install will be 2.5. This gives me, IMO, the best of both worlds - I can get used to the new features and set-up of 2.5 without 'risking' my current projects.

13. pamQ

    14th April, 6:58 pm GMT

    Michael,

    A very timely and relevant post. You ought to check your inbox; it's rather urgent. I believe that the other site may have been injected with something.

    While I am on here, I might as well contribute to the discussion. I haven't upgraded my blog since I never write on it anymore. I plan on upgrading within the weekend to 2.3.3 though, just so I won't place my shared hosting friends in any danger. While 2.5 may be a great idea, I believe that it's good to sit back a bit and watch what happens. I mean, remember WP 2.1.1?
    /EDIT: Nevermind. I just saw the 2.3.3 exploit.

14. Richard H

    14th April, 7:34 pm GMT

    Michael, though I've upgraded, I have to agree with your advice in this article.

    I have no complaints about 2.5 itself, but I wish more plugins were compatible.

15. Madhur Kapoor

    14th April, 8:54 pm GMT

    Even i haven't upgraded to 2.5 yet. Unless i face any problems with older versions i wont upgrade as i am happy with WP 2.3

16. kristarella

    14th April, 9:56 pm GMT

    Hells yes! Well, I don't feel that strongly about it, I think it's fair to wait until you think they've ironed out the kinks, but to be honest, this upgrade has features that I've been wanting for a long time (multiple image upload for one).

    I was surprised at how easy this upgrade was. Nothing broke... I think all my plugins worked - if they didn't I realised they weren't that important to me.

    Even my web host upgraded their blog due to security issues. I think those guys are pretty savvy, so if they believed there were issues, I do too.

    The only disappointment I have with the new version is no batch category editing (people have been requesting it for a while) and I can't get the automatic plugin feature to work. The latter must be my set up because I haven't read of any one else having that problem.

17. milo

    14th April, 11:39 pm GMT

    Upgrading is plain easy, open filezilla, pull everything up except of wp content and voila, you're done.

    There is a nice post at ma.tt about upgrades and vulnerabilities.

    Talking about vulnarabilities: securing core server and wp files through a .htaccess file should be usus, then serp's cannot index ./wpcontent/files...

18. cheryl

    14th April, 11:47 pm GMT

    Hey Michael...you MUST have been reading my mind!
    :o/

    My sentiments exactly. I have advised several friends to WAIT just for the reasons you stated. When I read that Weblog Tools post, I said...WHAAATTTT! That just didn't make sense.

    When your site works just as is, why chance a whole bunch of incompatibility issues??? And, as I've recently told friends, problems with your template cannot be fixed by upgrading WP. And just because you BUY a template, doesn't mean there won't be problems. I can show you several custom themes I have that have errors all over the pages because they don't serve up my content well.

    I also agree that 2.3.3 is the most stable version out there right now. You never upgrade for the sake of upgrading...at least that is my general rule.

    Heh...I even have an OLD version of Snag It on 3 of my computers because, sometimes, you want a minimalist approach. Short, sweet, to the point.

    Keep on truckin'.
    cj

19. tanya25m

    15th April, 3:33 am GMT

    Nice post. I'm not upgrading just yet for much the same reasons. I was hoping to read some posts like this one out in the blogosphere just to reassure myself that I'm not altogether nuts. Everybody seems to be raving about the new version. No doubt it's great, and I loooove Wordpress, but I'm just not ready for another upgrade.

20. Ralph

    15th April, 11:43 am GMT

    Very nice article to think about an upgrade-strategy. Thank you.

    Ralph

21. Chris Blackwell

    15th April, 6:59 pm GMT

    I upgraded almost the same day that version 2.5 came out and I haven't looked back since. I haven't had any problems with any plugins yet, with the exception being trying to install Popularity contest. I wrote an article about How to upgrade to WordPress 2.5 which people seem to have found helpful.

22. Caitlin @ C³

    16th April, 3:40 pm GMT

    Good post!

    It doesn't take that much time to do most WP upgrades, though. It took me about 7 minutes, tops, and that includes backing up the database, downloading the new files, and uploading them to my server.
    It didn't break a single one of my plugins either, though I didn't upgrade for about a week after it came out, so many had upgrades to them already so perhaps I just did not notice any problems because they'd already been fixed. ^_^

    I love the new Admin section look and layout, even though I admit it took a little bit to get used to things being different.

23. Tay - Super Blogging

    17th April, 9:36 pm GMT

    Hear, hear! I'm also waiting to upgrade, especially because the fact that even more things probably won't work right when I do. Everything is working fine for me now, so I'd rather just wait it out. When the security is improved, I'll definitely be upgrading. When I'm sure all my plugins, etc. will work, I'll also be upgrading. But for now I'm fine to wait.

24. Keith Goodrum

    18th April, 3:29 pm GMT

    I'll add my vote to waiting to upgrade. Most upgrades will have some issues. It could be bugs, or security holes that are found... but it's rare for a software upgrade to hit the ground perfect. There's usually a patch released to fix these things. That's when I'll look to upgrade.

25. redwall_hp

    18th April, 3:38 pm GMT

    Those who say they're waiting should take a good look at this:
    http://www.bloggingpro.com/arc.....g-indexed/

26. Grasiani

    22nd April, 7:13 pm GMT

    I've upgrade on some of my sites, but not all. Just on those where the new features are good, such as the multiple-file uploader, but, seeing as 2.3 is secure enough, why upgrade to one that we dont know if it's fully secure yet?

27. redwall_hp

    26th April, 2:32 pm GMT

    WordPress 2.5.1 is out now. It fixes some bugs, and some security issues that aren't yet known by the general public.

    If you are using 2.3, I strongly suggest upgrading. Some security-related bugs have been found, and it's not really safe to continue using it.

28. Michael Martin

    26th April, 8:25 pm GMT

    Timo,
    Well said. Upgrading sooner rather than later definitely helps the WordPress movement as a whole more. But I think they could do a bit more to help us out with that.

    Deron,
    Haha, nice to get one over on us then?

    Redwall,
    But if the plugins are working at the minute, why upgrade them either?

    Sheamus,
    I agree with that setup. If you're starting a new blog, definitely go for the latest version. We're all going to have to upgrade eventually, so save yourself that hassle.

    Pam,
    Thanks for the heads up.

    Richard,
    Congrats on making the leap at least! Plugin compatibility should improve over time.

    Madhur,
    Agreed. No need to fix something that isn't broken.

    Kristarella,
    If it had features you wanted, then by all means, go for it!

    I don't need the image uploader though, so WP2.3 is just as good for me.

    Milo,
    But if things go wrong, you're not done for a while.

    Cheryl,
    I'd say you gave your friends the right advice then.

    Tanya,
    Don't worry about the number of posts on WP2.5. It's just that it's more fun for people to write about than a "Do nothing" post is.

    Ralph,
    Welcome.

    Chris,
    You had trouble with Popularity Contest as well? It's a popular (Sorry, couldnt think of a better word!) plugin though, so an upgrade is bound to come soon.

    Caitlin,
    Sounds like it was painless for you. That's great!

    Tay,
    Same here. The upgrade will definitely come at some point, but not until I know it will be hassle-free.

    Keith,
    Agreed. The early-adopters will pick up on the flaws, and they'll be sorted out by the time lazy people like us get around to it.

    Redwall,
    Sorry, but I just couldn't care what Technorati does tbh. I don't think I've ever gotten a single visitor from them. xD

    Have you upgraded to 2.5.1 though? I would actually consider upgrading myself now, because it's out.

    Grasiani,
    Your method sounds perfect. Upgrade if it would benefit the site, but if not, what's the point?

29. noonnoo

    2nd May, 1:27 pm GMT

    I upgraded my WordPress engine to 2.5.1 and I love it. It's faster and easier to understand. Although there are many strange bugs: the spellchecker (in Mozilla Firefox), the display of emoticons in Opera 9.26 etc. There are many new/strange bugs.

    The new bugs are worse than 2.3.x. I can tell you that.

    offtopic: your reply form isn't buggy anymore! It works fine in Opera! I love it!

30. That Blogger Guy

    2nd May, 11:40 pm GMT

    Great write-up. I've been looking into jumping on the wordpress action because of it's full-control over the design, layout, and functionallity of it, not to mention everybody raves about it. Thanks for the info and i've definetly subscribed to this blog.

    Check mine out when you get a chance to let me know how to improve!

    http://www.1lens2many.com or http://www.designguy.com

31. vanessa

    7th May, 2:23 pm GMT

    Wish I read this before upgrading to 2.5. I like it fine but now I have the "upgrade to 2.5.1" hanging over my head! I'm fairly new to wordpress and didn't realize there would be another release so fast. I'll probably hold off a bit longer next time. Thanks!

32. Michael Martin

    7th May, 8:44 pm GMT

    Vanessa,
    Those upgrade messages really getting on my nerves as well!

33. Michael Martin

    7th May, 8:48 pm GMT

    noonoo,
    Yeah, I got rid of the fancy comment form. It was causing bugs for quite a few users, so it definitely wasn't worth it in the end. Sorry you had to put up with it for so long!

    That Blogger Guy,
    I couldn't possibly recommend WordPress any higher. I give it the odd criticism occasionally (Like in this post!), but only so that it continues to improve. It's a fantastic piece of software.

34. milo

    9th May, 10:14 am GMT

    WP is easy to work and customize, but has some easy to manage flaws like wp cache not enabled/built in.

35. Michael Martin

    10th May, 1:16 am GMT

    milo,
    Built it caching would be perfect. It's one of the essential plugins now...

36. Malcolm Bastien

    12th May, 6:06 pm GMT

    Good post. Its a good lesson for people to learn about the trouble that upgrading can bring. I upgraded to 2.5 and love the new version, but I can understand reasons not to.

    Really think this is a lesson to be applied for many different areas online...plus you could probably also easily find blogs bashing upgrading to Vista.

37. exfatguy

    14th May, 5:17 am GMT

    Ah..2.5 release. Sadly i did upgrade it but then i had to downgrade it because of my DB only could work perfectly with 2.3. But 2.5 is much better. Easy to use, all the new way to add widgets, it's becoming more easier. I wish my DB would work with it.

38. Bagrep

    14th May, 5:49 am GMT

    I have already started a blog using Wordpress. Still undergoing some development but I really like the Akismet feature. Very useful.

39. VeraBradley

    16th May, 4:15 am GMT

    I firmly believe in the quote 'If It Isn't Broken, Don't Try to Fix It'. When i used to be young, i'd jump at every chance to upgrade something. Most of the time, it just screws up what was working perfectly fine. Nowadays, if it aint broke, i aint fixing it. Unless, there is a new feature i cant live without.

40. zohai

    16th May, 8:42 am GMT

    Well.. I'm one of those that always like to try new version. But if you don't wanna try the new version yet then no one force you to =) Let the other guinea pigs find out the bugs for you before you jump into the bandwagon as well.

41. journey

    16th May, 4:27 pm GMT

    ya, Never upgrade to a major release immediately it might create more trouble before and after upgrading it. incompatibility and stability is a problem still.

42. jobbank

    18th May, 2:52 am GMT

    I am not so sure if I should move from Blogger to Wordpress. I have like Blogger but then again I am tempted to try out Wordpress. At least your article helps me in deciding..

43. kristarella

    18th May, 5:51 am GMT

    jobbank — this article is more about upgrading from an old version of WordPress to a new one, not from another system to WordPress.

    Having moved from Blogger to WordPress, I don't regret it for a second. WordPress is excellent and highly versatile.

    On the other hand, Blogger can be used very well if you know how. One excellent example is woork. Doesn't look like a typical Blogger blog at all!

    Hope you go well either way

44. blisters

    20th May, 1:37 pm GMT

    It's good to see that WordPress is still churning out updates and improvements. Its a good sign that its alive and kicking!

45. space code

    21st May, 12:46 am GMT

    I usually just upgrade to the newest version but it all depends on whether its compatible with the plugins that i really use. If most aren't compatible then I usually dont upgrade

46. loans

    23rd May, 8:05 am GMT

    Havent upgrade, mind to post the direct url of the upgrade addr?

47. Michael Martin

    23rd May, 11:00 am GMT

    Loans,
    You can download the latest version here: http://wordpress.org/download/

48. Adam

    11th June, 1:06 pm GMT

    I've upgraded to 2.5 because I really like the new interface. I think that it looks really nice and makes me much more efficient in my writing and such.

49. Vladimir

    12th June, 2:35 am GMT

    Same as Adam

    As for security - if the development team does not announce that there were a hole in a previous release, it doesn't mean that the previous release didn't have it As we say here, "the less you know, the better you sleep".

    If your blog is working the way you want it to, why try to fix it?

    And if it will work better (faster, more stable etc)? Why not make a backup and give it a try? You can always revert back if you dislike something

50. Michael Martin

    14th June, 11:01 pm GMT

    Adam,
    Glad you like the interface. It looks nice, but I use Windows Live Writer to write my posts.

    Vladimir,
    But does it actually work faster? Or more stable? If it did, I'd upgrade! That would be an incentive.

    It's not that I dislike 2.5. It's that I like 2.3 just as much as I like 2.5. For me, 2.5 is no better than 2.3 (Bar the fact I'll need one less plugin for Gravatars).

51. Vladimir

    16th June, 6:05 am GMT

    But does it actually work faster? Or more stable?

    Can't say about "more stable" - I didn't have a chance to use WP 2.3 for a long time.

    Faster - yes (they have finally added several indices to the tables, although there are a few they have forgotten about). Of course, if you have a fast server, you won't probably notice these changes.

    They also have upgraded TinyMCE to 3.0.6 (personally I don't use WYSIWYG, but 3.0.6 produces more clean code and less buggy than its 2.x ancestor).

    WordPress became more secure (you are using 2.3.1, aren't you). E.g., 2.3.x branch (at least up to 2.3.3) is vulnerable to directory traversal (because of insufficient handling of $_GET['cat'] in index.php befoire calling get_category_template() in wp-includes/theme.php. remote user could see any file on the system. Although this works only for Windows); WP 2.3.x due to a bug in xmlrpc.php allows to edit someone else's post; in WP 2.3.1 if I have administrative privileges (can access wp-admin) I can view another user's (even administrator) drafts; in 2.3.1, index.php?exact=1&sentence=1&s=%b3%27)))[SQL] allows to execute an arbitrary SQL statement (only Chinese blogs are affected, though); because wp-admin/edit-post-rows.php does not handle $_REQUEST['posts_columns'], this allows an XSS attack.

    Finally, if I have read only access to wp_users table (I can do this by exploiting SQL injection vulnerability - let us leave the details), I can log in as you even without knowing your password. BTW, this vulnerability is widely exploited - you have probably heard about so called "wp_footer exploit" (search google for "search engine marketeers are the new script kiddies").

    So, have I convinced you to upgrade?

52. Vladimir

    16th June, 6:37 am GMT

    Don't sing it, just bring it:

    I won't disclose any private information, but this one will convince you that your WP installation is vulnerable (I did not do anything harmful, just got the data):

    * WP Table prefix: wpbbd_;
    * site's home directory is /nfs/c02/h05/mnt/22870/domains/problogdesign.com/html/;
    * enough for now

53. Michael Martin

    24th June, 1:08 am GMT

    Well that's scary! xD

    Well done. You clearly know the security issues well!

    *Adds upgrading WP to to-do list*

Leave a Comment