I was working on a client’s site at Bluehost today and a popup box appeared on the CPANEL that said Simple Scripts had a security update available. When you click on the box for details, it shows WordPress 3.0 as a recommended update, and offered a button to do the upgrade. NOT GOOD.

Don’t get me wrong, I like WordPress 3.0. It brings some new features that our client are going to love. But WordPress 3.0 is not a security update, it is a major release. This means that if you just blindly push the OK button and install the update, it has an above average chance of breaking your site. And if you didn’t follow the instructions and do a full backup beforehand, you may be in for a long weekend of rebuilding your site.

Why the distinction? Security updates are usually minor and rarely affect plugins and custom themes. If they do affect plugins, it’s probably to fix a security hole that was there before. Major releases add new features and change things under the hood. This is good, but only if you theme and ALL plugins are compatible with the new release. Since this release is only a few days old, there is a good chance some of your older plugins need to be updated first.

I’m not bashing WordPress, or version 3.0, but I am concerned that all these automatic “Update Now” buttons lull people into a false assumption that major upgrades will always happen without any issues. I hope that’s true. But for my clients, I don’t want to take the chance of blowing their site off the air just because they clicked an “Update Now” button thinking it was harmless.

Do you research before you click the “Update Now” button. Check your plugins, check your theme, do a backup, take the upgrade seriously. WordPress 3.0 looks like a great product, but it not a simple security update. I don’t care what you host’s CPANEL tells you.