Wordpress released version 4.2.2 a week ago with some important security updates. As someone who owns multiple WP installs, it is critical for me to get these updated asap. I am sure there are quite a few members on HN that fall in this category too.
And if you manage multiple WordPress websites, try something like InfiniteWP. It takes care of updating core, plugins, and themes. We use it to manage about 23 WordPress websites and being able to update all of your websites with a couple of clicks is an incredible timesaver. We still do manually review everything though (like changelogs, making sure the site still loads and isn't a WSOD, etc.)
We like InfiniteWP because it's free and we can host it ourselves (we've had no need for their paid addons), but there's also other solutions like MainWP, ManageWP, WP Remote, iControlWP, CMS Commander, etc. I think most (if not all) of those are hosted and paid / free trial.
As someone who owns multiple WP installs, I have added "define( 'WP_AUTO_UPDATE_CORE', true );" to all my wp-config.php files so that all my installs automatically self update with ALL future updates, minor & major
It is great in theory. In practice, the last auto-update caused a WSOD on my site without any helpful debug log (both on WP and server log) until I manually disabled a (popular) plugin by editing its php file.
I wonder how a less tech-savy person would have resolved that. Even being tech-savy, I had to ask someone for help.
Updates of core and plugins are always very scary to me.
It's a system that's based on trust, but the auto-update that is active in WordPress has saved millions of sites of getting hacked in the last few weeks: https://ma.ttias.be/in-defence-of-wordpress/
As soon as something major breaks by those auto-updates, the trust is over and a lot of users will disable it. That would be a shame indeed, because besides a couple of WSOD's some users may experience, it's an extremely powerful feature.
I'm not a big fan of wordpress but it is undoubtedly a great tool to have in your toolbox, specially when your customers need user-friendly blogging tools or a quick CMS. I've installed for some of my clients Django blogs (with Django-CMS), rails-based blogs, and even a couple of Ghost installs. Nothing has beaten wordpress so far, clients love its versatility...
What I do to fly under the radar of many of the bots and automated scripts targeting wordpress sites is using a modern wp framework: roots bedrock[0]. This gives you a convenient time windows to update wp when you have the time (although with bedrock it is really easy with a couple of commands)
For the first time I got an email from my Wordpress installation yesterday, asking me to update. Have not seen that before. A nice detail I appreciate, so I don't have to keep up with what i the latest release of Wordpress at all times.
I am not running any security plugins. I just had a look on the email headers, and it was sent from my server, so this must have come from Wordpress somehow. It is also the first one I have gotten.
Please update your site at http://{my websites url}.com to WordPress 4.2.2.
Updating is easy and only takes a few moments:
http://{my websites url}.com/wp-admin/network/update-core.php
If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
https://wordpress.org/support/
Keeping your site updated is important for security. It also makes the internet a safer place for you and your readers.
The WordPress Team
I have the following plugins installed: All In One SEO Pack, FeedWordPress, Github Ribbon, Hello Dolly, Revision Control, Unfiltered MU, WordPress Importer and WP-Polls.
I got this email too. I'm pretty sure I didn't seek out and install any plugins. I don't remember getting any of those you've listed. I nuked the install completely so I can't say for sure.
Wordpress only has one track, which is the only one that gets updates. Once a new major release is available all support for the previous release ends. If you want the most secure version you need to be on the latest (4.2.2).
Um, no? They do security updates for the last couple of versions of Wordpress. They even extend that to the last couple versions of their stock theme when they require an update.
4.2 and 4.2.1 contained a lot of vulnerability fixes from 4.1.n - when it comes to an operating system, err, blogging platform, it's not a bad idea to keep on top of your updates.
Would you mind elaborating on what you mean by "bloated," and could you give an example of something "easier to develop with?", explaining why it is "easier" to use?
A lot of people who run Wordpress have clients who need a nice, easy user interface to be able to update their site. Do you have any suggestions for software that fulfills that need and is "secure, not bloated and easier to develop with".
> A lot of people who run Wordpress have clients who need a nice, easy user interface to be able to update their site.
This is clearly opinion, and should be taken as such, but I absolutely loathe Wordpress' admin interface. I'm sure at some point it was a nice, easy user interface but those days have passed. Anytime I have the misfortune of being thrown into a Wordpress backend I have no idea how to get anything done.
The WordPress admin interface hasn't changed all that much over the years. Unless the change to a darker admin theme tripped you up, I'm not sure where anyone that has any experience using anything on the internet would have much problem getting anything done with it.
Not for everyone, but I rageported my wordpress site over to pelican one too many instances of it running slowly for no apparent reason. It's great if you're willing to author content in markdown or restructured text.
After the second Drupal flaw in two weeks that enabled anybody to log on my server, I've decided to remove anything wrote in PHP from it. I'm not here to babysit software.
As a bonus, if you want anything too fancy in Mezzanine, you can just escape away to Django. Beats being thrown away in PHP by miles.
We like InfiniteWP because it's free and we can host it ourselves (we've had no need for their paid addons), but there's also other solutions like MainWP, ManageWP, WP Remote, iControlWP, CMS Commander, etc. I think most (if not all) of those are hosted and paid / free trial.