My post about my experience upgrading to WordPress 2.0.x has generated some interesting comments. Some folks are considering sticking with 1.5.2 indefinitely.

There is one simple reason why you should upgrade: security.

The 1.5 branch of WordPress isn’t getting the security patches that the current development branch is¹. And even if someone were vigilantly applying patches to the 1.5 branch, that might not even be enough. Security vulnerabilities are reported to Matt and the team directly. If a vulnerability is not present in the latest version, the person maintaining the 1.5 branch might not hear about an issue until after it’s already in the wild.

I understand why people don’t feel the need to upgrade to 2.0.x when they don’t feel they need the new features added in this release. I don’t necessarily agree with all the choices that were made during the 2.0 development cycle either. I’m not here to play apologist for the active WordPress developers – and they certainly don’t need me to.

While I didn’t need any of the new features/changes/etc. that were added in 2.0², I do need my web sites to be secure.

I trust Matt, Ryan and the rest of the team to be diligent guardians and custodians of WordPress³.

1. As far as I can tell. [back]
2. Especially those I’ve spent a day and a half working around. [back]
3. The latest version, at least. [back]