24 Comments


  1. By WordPress, do you mean WordPress.com or self-hosted WordPress installations?

    And do you mean who IS responsible or who do we think SHOULD be responsible?


  2. As I’ve stated many times on the WordPress forums, as a responsible webmaster (blogmaster?) it is incumbent for the end-user to stay uptodate. With running a DOT COM comes many responsibilities. You are responsible for maintenance, security etc. If this doesn’t float your boat then stick to Blogger.


  3. @Len – Wouldn’t it be better if you suggested to stick with WordPress.com instead? lol I voted for the NWO by the way.


  4. @ Jeff – You’re right of course. I was dramatizing to make a point. :)


  5. @Jeffro – Based on the changed wording, then, the answer has to be that it is the end user’s responsibility, because that is the factual truth, BUT I think a far more interesting question would be “In an ideal world, where should the responsibility lie?” and that would logically lead to a very different answer.

    One of the big challenges that lies before WordPress, or any ambitious new project that overtakes WordPress, will be to put in place a distributed infrastructure that allows users to have their installations automatically upgraded as often as necessary, essentially extending something akin to the managed nature of WordPress.com to self-hosted WordPress installations. So, in an ideal world the responsibility would lie with WordPress (the project, not the dotcom).

    This would, of course, be a truly complex engineering problem and I have no idea what the ultimate solution might look like but, sadly, it will have to be done at some point because the hackers are only getting better and, no matter how much people SHOULD upgrade, the reality is that a significant percentage of them do not. We have to deal with the world as it is, not as we would wish it to be.

  6. Danny G Smith

    I voted for end-user, but I think it would be more appropriate to call it webmaster or editor. When I think of end-user, I think of reader.


  7. It’s definitely the new world order. They’re adding subliminal messages and advertising to my blog. Matt’s probably a freemason by now anyways.


  8. If you choose to host your own blog, then you are choosing to have to keep it up to date. If you don’t want the responsibility, then don’t host your own blog. There are plenty of alternatives.

    Simple as that.


  9. Site owner is responsible for keeping WordPress updated, whether it be keeping WordPress updated themselves or paying someone to do it for them.


  10. Lol, I think we should ask Matt to keep all our blogs updated ;) I voted for him.


  11. given the number of inexperienced people self hosting WP I would say both end user and wordpress. WP should push out messages. Like “If you don’t update someone can take over and destroy your site”. Just saying new update ain’t enough I think. There should be a reason for upgrading. Easy access “changelog” with the important points perhaps.


  12. @Andreas Nurbo – I agree more messages would help a lot. Most average WordPress users would install the blogging software and think that’s the end of it.

    Maybe a feature could be built within the WP core that could send out an email to all admins within the blog notifying them of a new WP update/security release. All it would need to do is grab the email address from all admins and send out a generic update message once a update is released..


  13. @Danny G Smith – Hmm, good point I suppose. I guess not a lot of thought went into this particular poll.

    @mwaterous – That’s the spirit!

    @Viper007Bond – You’re always one to boil things down to their simplest parts. But I agree.

    @kovshenin – Would you like him to be air dropped to your location and have him sit in your computer chair so you can watch over his shoulders as he does the upgrade? What happens if he does the upgrade and it breaks your site? Who’s at fault? WordPress? Matt?

    @Martin – Good thing a plugin exists to already do this but I’m all for email notifications.


  14. Of course it should be matt.

    He should just click the one sekrit upgrade all button and upgrade every WordPress install in existence.

    </snark>


  15. @westi – Is this a hint to a new easter egg inside of WordPress somewhere?


  16. @Jeffro – Unfortunately not! Just some snarky humour. If only we could remote upgrade everyone …


  17. @westi – As a long-term goal, is remote upgrading really that far-fetched?

    I mean, something will have to be done at some stage, the problems we’re having this year are tiny compared to what they will be in a few years time.


  18. @donnacha | WordSkill – I hope it is! After reviewing my logs and watching all the people romp around still using IE6, I wish *some* programs would remotely upgrade themselves, a software platform such as WordPress should not. While it would benefit the majority (is WordPress a democracy?) of casual users, it could be an issue for people who are well aware of what they are doing with WordPress.

    Maybe not, maybe I just prefer the hands on approach, but I would hate to load up one of my sites over coffee in the morning and find some plugins broken by a non-critical automatic upgrade. Of course plugins that are well executed shouldn’t have this problem, but it’s more an example of just one possible scenario.

    You know those ads that some sites feel the need to throw at us; The AJAX lightbox ones that hide the page you wanted to see and replace it with a nice ad for Extenze? Maybe an upgrade notice of that caliber when you logged in to your dashboard, along with email notification might be a step forward towards the “in your face” model of notifying admins.

  19. Dgold

    A goal of WordPress should be to create a stable, update-proof installation.

    Then users can make a website (or 100 of them), and then lock the door and leave it be, as-is, indefinitely — without great fears of the content becoming unpublished, inaccessible, or broken.


  20. @Dgold – This is an impossibility. Even if WordPress itself were secure and locked up, what’s to stop a MySQL vulnerability or one within PHP itself to allow your site to be compromised? You would need to lock down the server including all of the associated technologies WordPress uses for that to happen which in my opinion is too counter-productive.

    @mwaterous – I think there are improvements to be made, but is the WordPress team going to do things in such a way that they throw everything they’ve got at the site administrator to get them to upgrade without introducing automation? The point, you could tell someone how to do something 500 times and they still don’t get it. I think there are a large group of WordPress users that fall into this camp.


  21. @Jeffro – Just make sure there’s a hard to find, little documented switch where we can turn off automation. ;)


  22. @mwaterous – I’ll take it one step further and say that it will be one of those things you have to disable through editing wp-config.php like post-revisions.

  23. shawn

    I voted for the end-user simply because it’s free software. If it were a commercial product like sawmill, parallels, etc.. then I would expect consistent updates both for security and functionality.

    I believe that ultimately it comes down to the end-user taking the responsibility for reading through and understanding the software that they install on their server, not just the front-end but the engine behind it.

    I am very greatfull though that automatic does keep updating everything though. Without them behind the software, I would not have even considered wp in the first place and would have gone the commercial route.

Comments are closed.