The survey, published by security analyst David Kierznowski on Wednesday, found that only one of the 50 surveyed WordPress sites had upgraded to the latest supported versions -- 2.2 and 2.0.10 -- of the open-source package. Nearly half of the sites had not even been upgraded from the unsupported 1.5 branch of the WordPress software.
There are likely two reasons that users have not upgraded, said Kierznowski.
"A lot of bloggers are not technical, and therefore, do not fully understand the reasons behind upgrading their software," Kierznowski told SecurityFocus in an e-mail interview. "The other specific challenge to WordPress is its plugin support. A lot of users do not want to upgrade because their favorite plugins would fail."
The latest update to the WordPress software, released last week, fixes at least two significant security issues that could allow attackers to take control of sites using the blogging software.
Posted by: Robert Lemos