Anyone upgraded? As usual with WordPress upgrades, I wonder, does it break anything from 2.8?

I have, and so far so good.

I've been running on trunk, with nightly updates, since 2.5, and only once had any issues.

Thanks everyone! (I had problems with upgrading from 2.7 to 2.8 due to WP changing how it handled feeds, and my custom redirection rules in .htaccess didn't work).

everything good so far.

That's not really fair. There have been very few exploits in up-to-date versions of WordPress, and the ones that are found are quickly patched.

The news-making hacks of WordPress are almost always of sites running versions significantly outdated.

You know, I hear this all the time, but can you elaborate on exactly what makes Wordpress so inherently insecure?

As a guess: track record?

WP have been around for a while, is hugely popular, and many of its vulnerabilities have been discovered and dealt with. Its track record makes it more secure, not less.

I switched away from WordPress to a custom app engine blog package mainly because of this, and the fact that you need to install and maintain at least the SuperCache plugin if you want your WordPress to handle even a modest traffic surge.

Which takes all of ten clicks to setup and one click every few months to upgrade to the new version.

My criticism wasn't actually about the plugin installation process, it was about the fact that WordPress requires these fundamental plugins in the first place. "Handling traffic" is kind of a core feature.

However, shame on you for encouraging people to install third party plugins without backing up their site. If you want to actually upgrade responsibly, it's a little more than a few clicks: http://codex.wordpress.org/Upgrading_WordPress_Extended

I was referring to upgrading WP Super Cache. Although upgrading WP itself is pretty easy as well. I have automated rotating backups of files and db that get sent to S3 daily, so I just snapshot them right before the upgrade, which is much easier since WP 2.7