WordPress 2.6 Warning – DO NOT upgrade.

Yesterday I mentioned a somewhat serious problem with permalinks in the just released 2.6 version of WordPress. Now there is a new issue which is an even bigger problem. Users have reported not being able to log into their blog once they upgraded to 2.6 – there is currently no fix for this problem.

There is a work around that _ck_ on the support forums has figured out – Otto42 says in this post that the work around reduces your blog security and he highly recommends against using the work around..

This problem may not affect you – maybe you’ll be one of the lucky ones – but if it does affect you these are your two somewhat unpleasant choices –

1. Stop logging into your blog until there is a fix.

2. Use a workaround which may open a security hole.

The problem with option one is – who knows how long a fix could take – there is a six page thread and they haven’t worked out what is causing the problem yet, in fact Otto says there will be no resolution until someone gives them the info they need to fix the problem, and as yet nobody has been able to do that.

Also, there is the somewhat huge problem of not being able to log into your blog – no posting, no moderating comments, no nothing until someone works out how to fix this problem.

And option 2 isn’t a great option either – what if this workaround allows spammers and hackers to get into your blog?

The best option for now –

Don’t upgrade.

Spread the word about these issues to other bloggers.

Want to help spread the word?

Give this post a stumble.

Similar Posts:

wordpress

19 thoughts on “WordPress 2.6 Warning – DO NOT upgrade.

  1. I encountered this bug when I was doing a upgrade myself, and I was, to be honest, stunned at the response that they would be unable to provide a fix unless the right information was given to them.

    Personally, I look at it this way (from a security standpoint, it’s likely the wrong way, but there’s no proof that this does open a security hole – I know otto is a moderator there, but I wonder if that’s just said to get people to not do it out of fear…yep, I’m cynical about them now ;) ) – it’s either you have a blog that works with what could be a minor, major, or no hole, or you have a blog that *doesn’t* work at all.

    By the way, why is it that almost every organization that seems good manages to do one, or in most of these cases, a series of things to make people turn against them…it’s disappointing and disheartening. :cry:

    Sephyroth
    http://www.sephyroth.net

  2. With respect, Graywolf, that isn’t working for everyone. :) If you have a read through the support forums you will see a lot of people have tried that and it hasn’t solved the problem at all.

    If the solution was that simple, then there would not be a problem.

    Thanks for your comment. ;)

  3. graywolf – I tried it on three separate browsers and it didn’t work in any of them, I cleared cookies in Firefox three or four times and it still didn’t work, so it’s not just that simple.

    I wish it were though. :|

  4. Thanks for the warning – to be honest some of my blogs are still on 2.3! Though 2.5 is a big improvement :I have seen nothing on 2.6 that I actually want/need. This is the weakness of open source: upgrading for the sake of it because the developer did something “cool” Unfortunately Microsoft does the same thing and charges you for it!

  5. I always have a backup of the complete website and database before doing an upgrade. I haven’t read what the issues are with upgrading to 2.6 are yet, but the only issue I had was with the flash image uploader.

    Before I upgraded, I removed WP Super Cache and made sure my htaccess file was as clean as it could be. I also removed any plugins from the plugin directory that were deactivated and unused.

    After upgrading, I made sure autosave and post revisions were turned off. I cleared all the WordPress cookies and then logged in. I didn’t see any kind of problem (other than the uploader) across 5 blogs.

  6. RT – That’s pretty brave to go and upgrade without knowing what issues they are having – especially with the recent versions being so full of bugs as they have been.

    I always check the support forums before even considering an upgrade because I have to upgrade over 40 blogs that don’t belong to me, so I want to make sure I am on top of any potential problems.

    It is a great shame that WordPress has become so unreliable. :(

  7. Bravery? No. It was foolhardy. Of course, I expected problems and can program my way out of a wet paper sack, so it didn’t bother me.

    One of my plans, however is to write a lean blogging platform for myself. The final product will not include MySQL or cookies (other than session cookies).

    WordPress is bloated beyond all compare and without the means to turn off the features you don’t want or need. I rarely use over half of the admin pages after setting up — why can’t we disable what we don’t need to look at, kind of like how we disable plugins we don’t need all the time?

  8. I think they are moving towards integrating as many of the plugins as they can which is actually not what people want – as shown by the addition of TinyMCE to the basic package and also the gallery stuff – but people want to be able to choose the plugins that are right for them instead of being forced to use things that don’t do what they need.

    However at this time I think WordPress has lost all sense of what the people want, and are going with what they want instead. It is around now that they become Microsoft, isn’t it? ;)

  9. And what’s up with the Turbo/Google Gears thing? I didn’t see the HUGE speedup that they claimed and I’m on a crappy DSL connection, sub-1 MB.

    If WordPress was optimized for speed in the first place, it wouldn’t have to be upgraded to make it faster. Meh, I’m writing my own.

  10. “This is the weakness of open source: upgrading for the sake of it because the developer did something “cool”…”

    Actually, I’d say it’s more of a weakness with projects where changes are made based on what the developers want, rather than what the users want.

    On the other hand, I’ve been in many situations where users haven’t asked for anything new, but developers still make changes and add new things that users actually find useful. Sometimes it is better to be proactive instead only making changes when people ask for them. I’d easily prefer this over hearing excuses for not changing anything ever.

    I think it’s important to look at which areas of a system are in need of work. I’d certainly look at that before changing things that people didn’t ask for. Looking at the WP 2.6 changes, I do think that adding post revisions was a good thing. I haven’t looked at the whole list. That one just jumped out at me as a plus.

  11. Ben said –
    “Actually, I’d say it’s more of a weakness with projects where changes are made based on what the developers want, rather than what the users want.”

    That’s exactly it. A lot of the things the users complained about with 2.5 have not been fixed in 2.6, so one is wondering what the point of this upgrade was at all because 2.6 was supposed to fix things they “broke” in 2.5 like the widgets page and the sidebar in the write posts page (putting categories back where they belong) among others.

    I saw someone the other day say that they wished WordPress would bring back the publish in the future feature, and then another user said hey, it is still there, it is just hidden away from you. So this poor user had been thinking they took away a great feature just because they made it much less usable and really didn’t tell people it was still there and could be used.

    They need to realise that people get used to doing things a certain way and when you make a change it has to be to make things *easier* not harder. That is what usability is all about.

    Also, Ben – from my understanding, post revisions is going to clutter up databases. As we already know, WordPress is pretty database hungry, so this can only make things worse. :(

  12. Clearing your cookies works in ALL cases that I have encountered. Here it is over a week or two later, and we still have not received one other real report of the problem that this person claimed to fix.

    There will be no fix because there is and was no such problem to begin with. Clearing your cookies *works*. It worked back then too. Some people simply refused to believe me.

    Also, it’s amazing how quiet they got after a few days, probably because they realized that they had simply screwed up in some other way.

  13. With all due respect Otto, why should we have to clear cookies after an upgrade? Shouldn’t the WordPress upgrade sequence handle that? If not, wouldn’t it be quite simple to add a line to the upgrade procedure, displayed where anyone could see that says, “You must clear your cookies.”

    You have to look at it from a user’s perspective, not a developers perspective. Developers and programmers take things for granted — the obvious is not quite so obvious to everyone.

  14. RT Cunningham: You should not have to clear cookies. But this is a bug. What’s so hard to understand about that?

    The particular case that causes the problem does not happen to everybody (there’s timing related issues involved, you have to be somewhat unlucky to have it occur), but for those few people that it does happen to, clearing your cookies fixes it. Simple.

    It’s also not really a matter of a “bugfix” as it’s a upgrade-process related issue. Once you clear the cookies, the problem goes away and won’t return. Easy.

Leave a Reply to graywolf Cancel reply