WordPress Upgrade: I could cry

[This whole post is written tounge-in-cheek.  Please don’t flame/bash/perl or python the author.]

I just did an upgrade from WordPress 2.7 to 2.7.1, and it was completely done in under 5 seconds. Didn’t need to connect to SSH, didn’t need to connect to FTP. I click two buttons and my blog was running the latest and greatest WordPress.

Why are they allowed to make it this simple?

This kind of procedure should be hard, time-consuming; and most of all full of stress.  Why, if this keeps up, I’ll be out of a job.  So, with that in mind:

Drupal must never become this simple.

All of us that work that Drupal consultanting circut need to rise up and make sure that Drupal never becomes this simple, easy or friendly to use.  Why, it could ruin the entire Drupal eco-system.

Now I’ve got to run, just noticed I need to upgrade a WordPress plugin…I’m sure that’ll take all of 2 seconds too 🙂

Show CommentsClose Comments


  • Amir Helzer
    Posted February 13, 2009 at 11:38 am 0Likes

    And, on the other side of the scale…

    If you’d write a mirror post about missing stuff in WP, that’s taken for granted in Drupal, what would you write about?

    • Robin
      Posted February 13, 2009 at 11:41 am 0Likes

      Easy question: Watchdog. There isn’t a good logger for WordPress.

  • matttthieu
    Posted February 13, 2009 at 11:50 am 0Likes

    IMHO watchdog is not the first missing feature in WP that is taken for granted in Drupal.

    CKK and VIEWS are, certainly. But that’s why Drupal is not comparable to WP. I think these are two different tools. (Drupal should mimick easy upgrade “a la wordpress” though because this is really handy)/

    • Robin
      Posted February 13, 2009 at 11:52 am 0Likes

      I believe the next WordPress version will allow custom content types like CCK. Views are a different thing altogether. But, maybe will be available as a plugin to go with the next WP version.

  • Nicholas Thompson
    Posted February 13, 2009 at 11:51 am 0Likes

    This post implies to me that the entire installation folder is writable by the “apache” user (apache, www, wwwrun, lighttpd… whatever the user is that runs the web server).

    This to me screams “security issue!!”. I personally dont want my website to be able to rewrite its own code – be it for a legit update or a bastard script kiddie finding a loop hole… 🙂

    • Robin
      Posted February 13, 2009 at 11:53 am 0Likes

      I believe the feature is done using FTP with stored creds, but, I can’t verify that; and don’t know enough about the system to say for sure how it works,


  • matttthieu
    Posted February 13, 2009 at 11:56 am 0Likes

    Matt Mullenweg spoke @ Wordcamp Paris last week-end about the next version and WP is not going to have CCK-alike feature (but I did not listen to the whole presentation, I may have missed something)

    Wtechdog may certainly be a missing feature for developers.

    But I don’t think WP is designed to a be Content Manager Framework as drupal is.

  • greggles
    Posted February 13, 2009 at 12:03 pm 0Likes

    Indeed it uses FTP. If it stores the credentials…that’s a little weird.

    There is a module for Drupal that does this for modules and themes – http://drupal.org/project/plugin_manager

    We just need someone to take it home to core and make it work for core itself.

  • Naresh
    Posted February 13, 2009 at 2:18 pm 0Likes

    Unless we loosen up and do things that are in larger interest of 99.9999% people, we are not going to survive long or become plone (enterprise only).

    We need to start making Drupal more user friendly in administering it, rather than screaming ****** at the thought of having auto install in Drupal.

    Can anyone point to me an instance where this feature has been used by script kiddies or others to mess up WordPress?

    It sounds to me like people who screen bloody merry on not having SSL on every single website when their own physical house is secured by $2 lock.

    I think paranoid people are holding back the true potential of Drupal by preventing it from becoming mass market product like WordPress, and turning it into another plone.

  • greggles
    Posted February 13, 2009 at 4:27 pm 0Likes

    @naresh – Congratulations on being the first uninformed commenter _after_ my comment (Nicholas Thompson gets the award for before it).

    I spent many hours last summer (as did Joshua Rogers, chx, Khalid Baheyeldin, and other community members) working hard to implement this feature. There is no screaming at auto install – there is screaming at the idea of doing it in an unsafe manner.

  • Boris Mann
    Posted February 13, 2009 at 5:51 pm 0Likes

    Sorry, but I actually *don’t have FTP on any of the servers that I run* (it uses either FTP or FTP/S). So, I get to manually upgrade WordPress, all the time. I was actually going to do a blog post about this, because this feature doesn’t work for me at all on any of the WP sites I run.

    This feature is a perfect fit for the shared hosting that most WordPress sites run on. It’s not a good fit for custom, production hosting that most less-than-trivial Drupal sites run on.

  • Bèr Kessels
    Posted February 15, 2009 at 9:25 am 0Likes

    drush pm update. Just onder 3 secs (clocked it) and 6 modules were updated.

    drush pm update –svnsync –svncommit. Just over 12 seconds, my SVN conncetion is not extremely fast. same six modules, only now i have them updates in my svn repos too.

    The very fact that you can update wordpress from within wordpress is a severe security hole. The fact that the wordpress comm. does not see it as such says a lot more about the proefessional attitude of the WPteam then about drupal.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Our time: 7:23pm UTC