Wordpress 2.7 has been released complete with a new admin interface and spiffy new "automatic upgrade" features that are bound to break high security sites.

I had a thorough look at the code that handles upgrades for themes, plugins, and the Wordpress core code. It's sorely lacking in certain areas and when I reported these problems to the developers I was told that they won't be addressed until Wordpress 2.9 is released!

In particular there are absolutely no hooks that can be used to perform any sort of pre-upgrade checks or quality control. This means you have absolutely no control over the automatic upgrade process, which runs counter to just about every other aspect of Wordpress where you can easily hook into various processes to change, manage, or prevent certain behavior.

My advice at this point is to not use the automatic upgrade features. Do all of your upgrades manually - especially if your site is run by multiple administrators and/or you tend to do live development of new code on your live sites.

Just like Windows, automatic upgrades in Wordpress are a problem waiting to happen - unfortunate as that might be. I do however have faith that eventually the developers will provide a more robust and controllable upgrade mechanism.