22 {{ upvoteCount | shortNum }}
22 {{ upvoteCount | shortNum }}

Wordpress 2.8 upgrade and themes

by Stephen Crooks
19 replies
I just did an automatic update on one of my blogs from 2.71 to 2.8 and after the update finished I noticed that all of my custom themes had been deleted from the themes folder. Thankfully I had them all backed up on my computer and just had to upload them again.

Just beware when you do an automatic upgrade that you could potentially lose any themes you already have.
#themes #upgrade #wordpress
  • Profile picture of the author TheRichJerksNet
    You should wait to upgrade until 2.8 is stable and you should not use automatic update, its a very high security risk ..

    When you do update though, you should make sure you have a current backup...

    James
    {{ DiscussionBoard.errors[871243].message }}
    • Profile picture of the author ppc4profit
      Recently the Wordpress team seem to have gone through a period of rapid fire releases adding in eye candy functionality. Very few seemed to be as a result of a security vulnerability.

      A danger of any release is that you introduce bugs or create new security issues. As a result I have started to hold off the x.0 releases and wait for the inevitable x.1 bug fix before I upgrade multiple sites.
      Signature

      Checkout Our Fully Responsive Wordpress Templates
      Mobile Enable Your Wordpress Website Today - With This Plugin
      Online Marketing - We Help With PPC, SMS and QR Code Campaigns

      {{ DiscussionBoard.errors[871402].message }}
    • Profile picture of the author Stephen Crooks
      I should have mentioned it was on a test blog of mine.. You are absolutely right about waiting for a stable release.

      Originally Posted by TheRichJerksNet View Post

      You should wait to upgrade until 2.8 is stable and you should not use automatic update, its a very high security risk ..

      When you do update though, you should make sure you have a current backup...

      James
      Signature
      Affiliate Marketing Profits 2020 - Step by Step Guides
      How to Make $100 a day Online
      {{ DiscussionBoard.errors[871413].message }}
    • Profile picture of the author Julian Lockhart
      Originally Posted by TheRichJerksNet View Post

      You should wait to upgrade until 2.8 is stable and you should not use automatic update, its a very high security risk ..

      When you do update though, you should make sure you have a current backup...

      James
      Using automatic update feature is NOT a security risk. Having the ability to do a automatic upgrade from the browser is the risk.
      Signature
      Biz Launch Box - Marketing Consultant
      {{ DiscussionBoard.errors[871868].message }}
  • Profile picture of the author Just Lookin
    Thanks for the tip both of you, I have a few older blogs still on the old platform and need to upgrade but have been putting it off

    I have been tempted to click that 'Upgrade' button, glad I didn't now.

    Thanks

    Lookin
    Signature
    XsitePro Templates | Discount Coupon for Warriors = Warrior
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Serious Inquiries Only: I'm Giving Away 9-FREE VideosWhich Reveal EXACTLY How To Make FAST Cash Online!!-------> http://yourfastcashclub.com/go/ <-------
    {{ DiscussionBoard.errors[871252].message }}
  • Profile picture of the author Colin Evans
    Hi Steve,

    Just updated my main blog to 2.8 with no problems - it was the easiest update of any of my blogs, ever. I make backups so if it goes wrong it's just a matter of restoring everything - no biggie.

    Hi James,

    In what way is using the WP automatic update "a very high security risk"? I assume the risk you mention would also apply to updating plugins...
    {{ DiscussionBoard.errors[871565].message }}
    • Profile picture of the author TheRichJerksNet
      Originally Posted by Colin Evans View Post

      Hi Steve,

      Just updated my main blog to 2.8 with no problems - it was the easiest update of any of my blogs, ever. I make backups so if it goes wrong it's just a matter of restoring everything - no biggie.

      Hi James,

      In what way is using the WP automatic update "a very high security risk"? I assume the risk you mention would also apply to updating plugins...
      That is correct Colin... It is a huge security risk allowing wordpress access to your system. Does not matter what Julian posted, I think after 15 years of developing websites I should know...

      I would never allow them access to my system, on the blogs I do have installed that process is ripped out as I removed it.

      Automation has it's place but so does security.

      James
      {{ DiscussionBoard.errors[872569].message }}
      • Profile picture of the author Stephen Crooks
        Hi James, any chance you could give us the info on removing the update option please?

        Originally Posted by TheRichJerksNet View Post

        That is correct Colin... It is a huge security risk allowing wordpress access to your system. Does not matter what Julian posted, I think after 15 years of developing websites I should know...

        I would never allow them access to my system, on the blogs I do have installed that process is ripped out as I removed it.

        Automation has it's place but so does security.

        James
        Signature
        Affiliate Marketing Profits 2020 - Step by Step Guides
        How to Make $100 a day Online
        {{ DiscussionBoard.errors[872604].message }}
        • Profile picture of the author TheRichJerksNet
          Originally Posted by Steve Crooks View Post

          Hi James, any chance you could give us the info on removing the update option please?
          Steve,
          It will be in WordPress Secured v3 when I release v3... I can not get over the fact that wordpress already knows 1,000's of blogs are hacked each and every month and even wordpress itself has been hacked and then they go ahead and built a auto update into the system. Bad Idea, very bad...

          If we was dealing with secured code that not everybody and their brother has access to it might be a different story. Even then though I would not trust it. I have built websites for over 15 years and never once have I forced one of my clients to allow my system to access theirs in this manner. As a developer to me it's just plain wrong, I do not care if the script is free or not.

          James
          {{ DiscussionBoard.errors[872749].message }}
      • Profile picture of the author Julian Lockhart
        Just to be clear RichJerk I basically agree with what you said.

        The issue with automatic updates is that it exists at all. It creates a access point

        BUT

        If the feature is installed on a blog (this is most of us) then if you use it to update software from a trusted source then there is very little security risk.

        I would guess those 1000's of blogs you refer to that were hacked were not from automatic upgrade vulnerability.

        For most of us (the ones without 15yrs of experience ) this feature is very helpful and has caused us very little or no sorrow.

        Your recommendation of taking a backup is very sound and highly recommended by me as well.

        I guess I feel that your security risk foot stomping is alarmist (just a bit).
        Signature
        Biz Launch Box - Marketing Consultant
        {{ DiscussionBoard.errors[1003803].message }}
  • Profile picture of the author Droopy Dawg
    I just created a blog and it automatically installed the latest version (2.8)... I''ll give it a spin and see what happens. If it sucks I'll have to get 2.7 back on there
    Signature


    {{ DiscussionBoard.errors[871729].message }}
  • Profile picture of the author chakrur4i
    dont update a beta product, u may find lots of bugs as mentioned in the opening.
    {{ DiscussionBoard.errors[871732].message }}
  • Profile picture of the author InternetMarketingIQ
    I've updated a dozen sites now and I'm having zero problems. The occassional plug in is acting up and needs to be updated. And I'm not updating from old versions and I am using premium templates and the publishers of the templates are already up to speed on 2.8 sot it's all pretty smooth.

    The problem with Automatic anything is you have no idea what the Automatic is actually doing.

    If you read the Wordpress Update instructions you'll note that some files - language files may need to be saved. And some files from older versions need to be deleted. Plugins need to be turned off... etc. I'm sure anyone with Wordpress Experience already knows this.

    I find it odd that an automatic update would delete content folders and not just override them leaving existing files like themes intact.

    You live you learn. But backups are always a good idea.
    Signature
    Internet Marketing IQâ„¢
    {{ DiscussionBoard.errors[872653].message }}
  • Profile picture of the author TheRichJerksNet
    Julian,
    A trusted source has nothing to do with Hackers breaking into that "trusted source"... Trusted or not, facts are facts and wordpress itself has been hacked. Now if you are running a blog for your business and especially a membership type site that holds personal information, then why would you want to risk your members personal info to something you have no control over ???

    You see you are looking at this as well it's just wordpress and they are trusted.. Ok that is fine but they also have been hacked and trust me it will happen again. This is something you have no control over. Now if you remove that auto update stuff and take the 2 minutes to download an update then you do have control.

    James
    {{ DiscussionBoard.errors[1003862].message }}
    • Profile picture of the author Julian Lockhart
      Originally Posted by TheRichJerksNet View Post

      ...
      Now if you remove that auto update stuff and take the 2 minutes to download an update then you do have control.

      James
      Again you miss what i am saying. Most people cannot take the automatic feature out of WP. It's included in WP for the time being. The feature is active. EOD.

      Your whole message is predicated on the site owners ability to remove the hooks which allow for updating. Which most people cant.

      But let me ask this for clarification:

      Are saying that using the feature (not just having it installed but invoking the script) is a security risk?
      Signature
      Biz Launch Box - Marketing Consultant
      {{ DiscussionBoard.errors[1004084].message }}
      • Profile picture of the author TheRichJerksNet
        Julian,
        I understand what you said, why I suggested people "NOT" to upgrade, that is the easy way not to have the feature. If you know a bit of coding though you can easily rip it out...

        Having the feature there period is a huge secuirty risk and that is why I warned people. If you can not remove it then that is why you either:

        A. Use a lower versions that does nto have it
        B. Hire a coder to rip the huge security risk out

        It's really that simple... I know many are in so much of a rush and upgrade the minute a new release comes out but that is due to "bad advice" given by people that know nothing about coding or security.

        If you was one of those that did listen to that "bad advice" then I suggest you hire someone to rip the stuff out.

        James

        Originally Posted by Julian Lockhart View Post

        Again you miss what i am saying. Most people cannot take the automatic feature out of WP. It's included in WP for the time being. The feature is active. EOD.

        Your whole message is predicated on the site owners ability to remove the hooks which allow for updating. Which most people cant.

        But let me ask this for clarification:

        Are saying that using the feature (not just having it installed but invoking the script) is a security risk?
        {{ DiscussionBoard.errors[1004488].message }}
  • Profile picture of the author Colin Evans
    Hi James,

    I agree with not allowing other systems to access to mine.

    I've got the manual update process down to a fine art and can do it in much the same time as the automatic update takes.

    I'm also playing around with a single installation multiblog system so only one update is necessary for all my blogs. Downside to that is if it gets hacked all my blogs get hacked.
    {{ DiscussionBoard.errors[1003982].message }}
    • Profile picture of the author TheRichJerksNet
      Originally Posted by Colin Evans View Post

      Hi James,

      I agree with not allowing other systems to access to mine.

      I've got the manual update process down to a fine art and can do it in much the same time as the automatic update takes.

      I'm also playing around with a single installation multiblog system so only one update is necessary for all my blogs. Downside to that is if it gets hacked all my blogs get hacked.
      Hi Colin,
      Well there is always a downside to everything ...lol In your case though you "do" have control so you can add the much needed security to try and make sure it is not hacked...

      What many need to understand is that automation has it's place, when we are talking about some other system that you have no control over access your personal data then automation does "not" belong.

      Sure many may say "Cool, I can save a great deal of time by just clicking one button".. Yeah that is cool until all your systems are hacked due to you wanting to save a little time and the worst part is if you have a membership site all your members personal info goes to the hackers too.

      James
      {{ DiscussionBoard.errors[1004075].message }}
  • Profile picture of the author Kezz
    I learned recently that 2.8 seems to have some crankiness dealing with Thickbox, so if you're using it on your images, or using it for e-junkie, it can be a problem. Some people have been able to work around the issue by ensuring wp_footer was called in their footer file, but others haven't been able to get it to work at all.

    I'd say 2.8 is almost there but not completely ready for use just yet, which is a shame because the widget adding process is so much faster now. I'll be holding off for a bit yet.
    {{ DiscussionBoard.errors[1004317].message }}

Trending Topics