Worried about WordPress security upgrades

The technical among you may have noticed I use the ‘WordPress‘ package to host this blog. As I noted a long time ago, this was largely because the folk behind it seemed to be respectful of the fact that URLs are part of the human interface to the web.

I’ve been a happy user of WordPress for a few years now, and I enjoy the new features they’ve added in that time.

However their basic position is that the only way to get security patches is to stay on their latest release. This is problematic. I’ve invested considerable effort in integrating this blog into the rest of mcaleely.com, by creating a custom theme. Sadly, the WordPress team don’t appear to claim to maintain the APIs that themes talk to in a stable fashion. Every time I upgrade, I’m expected to review (At least – at worst, I must re-do) the technical work of creating a theme. This is non trivial effort, but apparently this time of mine is not important enough to the WordPress team. If it were, I think they’d nominate stable API releases, and provide security patches for them. Otherwise I find the claim that I can upgrade with a ‘known amount of work‘ niave and mildly insulting.

I’m finding the fact that I’m required to do this work for a time critical security patch on a Sunday evening just plain annoying.

Unless this attitude changes, I’ll have to shop for a new blog provider. Any suggestions?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>