[hillbillyjack]

Have you ever had an intrusion on your blog network because you updated to quickly?

Just curious whether or not your fear is from a previous experience.

Will you upgrade to new releases day 1 when WordPress implements auto-updating on the security updates?

[anu_gupta]

It's not necessarily about security issues. It's a fairly standard practice across a lot of different software products to not jump on the .0 release of something. For all the testing that gets done prior to release, inevitably some bugs will be shaken out after release.

[rubinelli]

Some plug-in and theme compatibility issues are also almost inevitable. Nobody runs "vanilla" WordPress, after all.

[jacques_chester]

What I've had is multiple experiences of upgrades fucking with my data. Sometimes to the point of destroying posts and comments.

Yes, I have backups. It pisses me off having to use them.

[vacri]

I agree - how many intrusions have you had on 'oldstable'? Not a problem? Then why rush off to 'newstable'? Let other people find the holes first.

[jacques_chester]

I've had Wordpress cracked thrice under my watch by automated exploits. That's why I pay Sucuri $400/yr, simply to tell me when it's happened.

The first one used an admin flaw to edit articles directly. The latest used the theme upload capability to write themselves into every theme in the system. (Partly my fault for leaving that directory as writeable by the server). I don't recall what the 2nd one did.

Wordpress bundles security patches and bugfixes with the releases. You can't have them separately.

If you need a fix or security update the basic mechanism is "fuck you, upgrade".

Otherwise I wouldn't have upgraded for the past dozen versions or so.

Basically I have to split the risk between security improvements and data loss.

As you can imagine ... I am not a fan of Wordpress.

[anu_gupta]

So, switch.

There's a well documented and fairly complete export format, and there's even a gem to allow direct import from MySQL -> Jekyll. There are many other blogging services and/or platforms yu could use.

Really don't understand people like you, hating the platform they're on when they have complete freedom to move.

[MDS100]

It's not for him, but for the blogs he hosts. The writers there are used to WP.

[will_work4tears]

Some of us are stuck due to management decisons (Drupal, for me, currently) - we've had a huge push to switch to Rails, but no go, our network hasen't given official ATO. (Military/DOD)

[jacques_chester]

I am amused when people think I enjoy unnecessary suffering.

http://ozblogistan.com.au/

I am not all of these people.

[anu_gupta]

It's SIX blogs.

Come on, that's hardly an epic migration. Why would you let them blog on a platform you hate and that you consider insecure.

[piratebroadcast]

Same thing with iOS and OSX releases- I never jump on a .0 release- Some pople have and have lost everything on their device.