An update on WordPress

Late last night I upgraded the WordPress engine for the blog to 2.8.4, the version that’s supposed to be resistant to this nasty worm that’s working its way across the internets. I mentioned in this post yesterday that although “And now it’s all this” hadn’t been hit, I’d be upgrading and things might be a bit weird here for a couple of days. But the upgrade went very smoothly and quickly. I added an addendum to that effect to yesterday’s post, but I thought a bit more detail was in order.

Let me first confess that I was one of those people the WordPress developers hate. I installed WP 2.3 back in January of 2008 and never upgraded it until yesterday. Why not? Well, laziness would be the first reason, but in my defense I must say the WordPress upgrade instructions for older versions were written in a way that emphasized the pitfalls of the process. In fact, they’re still written that way. It’s quite different from the installation instructions, which is all lollipops and fuzzy kittens. So I got scared and put it off. And off.

Also, the first upgrade from 2.3 came out right after I’d installed it. I’d just gone through a lot of work transferring the blog from Movable Type on a different host, and I wasn’t in the mood to go through that kind of hassle again. I wanted a chance to write the blog before I had to administer it again.

As it turned out, my worries were unfounded. Here’s what I did (after backing up all the files and the database):

  1. Deactivated all the plugins.
  2. Downloaded the latest WordPress tarball and put it on the server.
  3. Untarred it into a directory named “wordpress” (this is the default).
  4. Copied the unique things from my all-this/ directory (where the 2.3 blog lived) to the new wordpress/ directory. This included
    • folders of images and sounds,
    • my theme,
    • the plugins,
    • a JavaScript file that (note to self) really ought to be in with my theme,
    • my favicon,
    • an .htaccess file, and
    • a file used by Google Analytics.
  5. Opened wordpress/wp-config-sample.php, entered the administrative info from all-this/wp-config.php, and saved it as wordpress/wp-config.php.
  6. Renamed all-this/ to all-this-old/
  7. Renamed wordpress/ to all-this/.
  8. Opened all-this/wp-admin in my browser and clicked the button to update the database.
  9. Relogged in to all-this/wp-admin, updated the flickrRSS plugin, and activated all the plugins.
  10. Tried several pages and links to convince myself that the blog was really up and running.
  11. Deleted all-this-old/.

This may seem like a lot of steps (and it is when compared to the automatic upgrade that I should be able to do from now on), but it was quite straightforward. The only reason it took as long as an hour was because I kept checking and rechecking my steps as I went along.

So I’ve learned my lesson and will upgrade promptly from now on.

As for the worm itself (is it really a worm? I thought worms were programs that run independently, not within the framework of another program), I’m not sure yet how bad it really is. Many people are reporting being hit; many, like me, are reporting no problems. But so far I’ve seen no statistics, just anecdotes. Maybe there’ll be better information after the holiday.