Newton’s Law or some distant relative of his smacked me in the face today when I logged into my site administration panel and saw that WordPress version 3.0.2 was now available for install. After all I just finished my post about WordPress Security Plugins and 3.0.1 compatibility and now we have a new version to deal with. Such is life, but now we have a working example to apply some information security principles regarding upgrades.
You are probably asking yourself when should I upgrade to WordPress version 3.0.2?
I have looked at the WordPress security vulnerabilities addressed in the upgrade from 3.0.1 to 3.0.2 and none appear urgent enough to require an immediate upgrade. I recommend waiting two weeks to perform the upgrade unless news of 3.0.1 exploits in the wild causes the need for a quicker upgrade timeframe. That means I will be looking to update my site around 12/15 which should leave plenty of time for any high impact bugs to be discovered and resolved.
Things to do before you upgrade to WordPress version 3.0.2
- Perform a full backup of your WordPress Database. If you are using an automated backup plugin and have tested it you are good to go otherwise you may want to read more about WordPress official backup guidance.
- The WordPress documentation recommends disabling plugins prior to upgrading to a new version to prevent an incompatible plugin from making your site inaccessible. This is prudent advice but adds to your administrative burden so my advice is to be aware that it is a risk and be ready to manually disable the plugin via your web account should the need arise. This is a practical risk mitigation step that avoids the extra working of disabling a lot of plugins.
- You are now ready to update your site and for most of you that will mean using the automatic update feature. If by chance you are doing a manual update be sure to cleanup the maintenance file as WordPress recommends.
You are now ready to test your site and validate that it is operating as expected. If you have a caching plugin enabled be sure to clear the cache so you are working with the current version WordPress and do not become confused. High value sites with large audiences might also want to consider testing the upgrade on a test site that mirrors their production site and installing the upgrade during off hrs (defined by their particular audience geography) to minimize potential disruption.