>If you listen to the WordPress people, the answer to this is 'be extremely zealous about updating your software', which is the same as saying, devote half your life to learning and understanding WordPress administration.
Apparently this person has not used a recent build of Wordpress.
But they've got a point. Even if it takes "only 10 minutes" to upgrade, there have been so many new versions and so many security issues that it gets kind of old after a while. Especially if you have multiple sites all running it.
Not a complex command to run! I hear there are these things called cronjobs too, so you don't even have to run it yourself. Just pick the latest stable branch and svn switch when a new major version comes out.
That makes sense in theory, but our company has dozens of WordPress sites. Once you have more than a few, managing software and plugin versions becomes exponentially more challenging.
I'm in the process of upgrading all of them to 2.8.4 and installing the necessary plugins and params in the config file so they can all be "auto updated" in the future. I plan on having my VA manage them from there.
However sometimes strange things happen - for example, I auto upgraded one of our sites the other day and the whole thing broke and only rendered a blank page, so it's entirely possible my VA will break one or more sites even using the auto upgrade functionality.
I was going to post the very same thing. I went from 2.6 to the latest version in about 10 minutes, at least half of which was downloading the update, the pushing it up to the server.
That should take, at most, a few additional clicks, since plugins can be disabled en masse and databases can be backed up with another plugin (or done automatically at the server).
Exactly. I give WP a lot of credit since it's the only web application I know of that can be upgraded from its own interface without the need to ever login to a shell or manually FTP files to the server.
That's what I love about WP. Joomla 1.6 (about to go into Beta) also has this feature as a built in component (which is also installable to Joomla 1.5.
When I read the article right at the first paragraph I was appalled. Quote: "...devote half your life to learning and understanding WordPress administration..." Really? Half your life to learn how to click ONE link? I don't get it, has the author here never even upgraded Wordpress?
Call me crazy if you like, but I'd never use a webapp that has that feature. It just opens you up to more potential security problems. For example, it appears to operate over in-the-clear HTTP. Poisoning someone's DNS cache and then somehow triggering an "upgrade" = changing their software to whatever I want.
Also, "Note that your files all need to be owned by the user under which your Apache server executes, or you will receive a dialog box asking for "connection information," and you will find that no matter what you enter, it won't work." That's a security no-no if I've ever seen one.
This advice is just silly. In other words throw out all of the advances of using php, python, ruby, etc. server side because software has bugs. Or rely on a centralized managed blog host that is also susceptible to bugs, except that when they are exploited there they can effect many more people at once.
My advice? If you host your own web apps at least take the responsibility to administer them. Wordpress has made huge improvements in their update process.
My upgrade process is this:
* dump a copy of the database
* disable plugins
* copy the current public_html directory to a backup (just in case)
* untar new release over the top of the old
* run /wp-admin/upgrade.php
* reenable plugins
What great advances is this approach throwing out?
Most bloggers have a very simple use case: publish stuff that looks nice, generates an RSS feed, and maybe allows a comment thread. Most bloggers are not, and have no interest in becoming, sysadmins or DBAs.
My contention is that it is easy to set things up so you can blog with whatever app you want without leaving your data at the mercy of the next person to find an exploit.
Unless you check up on your blog several times a day --- and most people don't even check up on their blog several times a week --- it doesn't matter how streamlined WordPress has made its upgrade process.
Sure, its even easy. Go grab jekyll http://github.com/mojombo/jekyll/tree/master, which can turn your haml/sass, textile or even markdown into static html pages with links. Host it yourself or on github, and use one of the comment hosting services, or throw a link to any technical-ish post here on HN, and people can comment on it.
Apparently this person has not used a recent build of Wordpress.