Everyone who runs a site on the WordPress CMS platform hopefully noticed that WordPress 3.1 (also known as Reinhardt) is now available. Now your probably asking yourself how soon do I need to upgrade to keep my WordPress site secure?
My typical practice is to wait about 2 weeks after an update to apply it to my important sites. I make exceptions if I notice some high priority security vulnerabilities mentioned in the WordPress version upgrade description detail. Looking at the v3.1 upgrade information gave me the impression that this upgrade is primarily an appearance and functionality enhancement versus an upgrade that must be applied rapidly to ensure security.
Some small security changes I see referenced in WordPress v3.1 include streamlining the email reset process to make it more efficient although this affects user experience (which is important) and is not a direct security improvement per se. Another change I noticed was there have been more granular controls added to the administrative sections to help sites with multiple administrators restrict and refine who accesses what part of WordPress administration. Specifically the Super Admin menus and related pages have been moved out of the regular wp-admin/ path and now reside in the wp-admin/network/ path.
When should you upgrade to WordPress 3.1?
Recent WordPress upgrades have been so smooth many administrators forget that things can go wrong causing site downtime during this process and upgrade right away. This is a reasonable approach if you ensure you have a working backup before proceeding (which you should always do) and have sufficient time to troubleshoot if something goes wrong. I plan on waiting 2-3 weeks before upgrading to WordPress version 3.1 and predict that a new update will be available before I upgrade because so many functionality enhancements have been implemented.