There are plenty of how instructions out there about how to keep your wordpress site secure, how to keep it from being hacked. For the average user it’s even easier today as many WP installations have the ability to upgrade with the click of a button from inside the administration dashboard. Sometimes I wait to upgrade when a new version comes out, thinking that a new newer version will be available a week or so later, sometimes that bites you in the butt.
The auto-upgrade doesn’t worth with all web servers or WP installs. I have several WP sites that I administer in which I have to manually upload all the new files and such. Not a big deal for one site, but having to do that for twenty web sites becomes a bit of time consuming work, especially if there are plugin upgrades needed. Some of the web servers I maintain have fantistico installers that are suppose to make upgrading very easy with one click to do it. Unfortunately fantsistico is slow to get the updates out, or the man web host I work with are slow to add the fantistico updates, so at times we wait for weeks to have the latest WP update available with that method. If it’s a major security bug update, then we end up doing all those manually – many more hours spent with repetitious ftp.
This is mainly a rant, and certainly any of WP gurus out there will just say that I should upgrade my servers to root access dedicated or VPS – sure that’d be great, but not in the budget any time soon. Keeping your site secure is important. I suppose my suggestion to people would be to find a hot when the one click upgrade is available, and make backups of your database.
I would love to have one solid stable version of WP that did not need to be updated ever, and new features could be rolled out as optional plugins. There are some new features that may make a manual upgrade worth the time and hassle, but a majority of the new features I can live without, I just want to live with a basic secure blogging platform.