[wp-hackers] WordPress security question

Patrick Laverty patrick_laverty at brown.edu
Tue Jun 5 16:02:42 UTC 2012

> One of the most disturbing bits of advice I heard recently is that if you
> use a custom theme, you shouldn't update wordpress.  I'm sure what the
> speaker meant was to work with your vendor to make sure that WP and all
> plugins and themes stay up to date.

Yes, that is disturbing. I think what that person ran into was a core
upgrade broke his theme, so he blamed core. If you are going to write
custom themes and plugins, you do need to check those things before
you go live. Maybe a core upgrade breaks your custom theme and
plugins, but that just means they need to be fixed.

I can't think of a legitimate reason to *not* update core when it has
security fixes. Maybe if it only has functionality additions that are
not security related, I could see that, but never avoid an upgrade
that has security fixes.

More information about the wp-hackers mailing list