[wp-hackers] WordPress security question

Brian Layman wp-hackers at thecodecave.com
Tue Jun 5 16:42:26 UTC 2012


On 6/5/2012 12:02 PM, Patrick Laverty wrote:
>> One of the most disturbing bits of advice I heard recently is that if you
>> use a custom theme, you shouldn't update wordpress.  I'm sure what the
>> speaker meant was to work with your vendor to make sure that WP and all
>> plugins and themes stay up to date.
> Yes, that is disturbing. I think what that person ran into was a core
> upgrade broke his theme, so he blamed core. If you are going to write
> custom themes and plugins, you do need to check those things before
> you go live. Maybe a core upgrade breaks your custom theme and
> plugins, but that just means they need to be fixed.
>
> I can't think of a legitimate reason to *not* update core when it has
> security fixes. Maybe if it only has functionality additions that are
> not security related, I could see that, but never avoid an upgrade
> that has security fixes.

I wish it was that simple.  A large number of people are simply scared 
to upgrade - so they don't.

It's a common mentality. All of us who have/participate in  a local 
meetup, you should bring this up a few time each year to correct the 
misconceptions.

Brian Layman



More information about the wp-hackers mailing list