WordPress Not as Open as you think
WordPress claims it powers over 30% of websites and it probably does. But a lot of those sites are hobby sites, many of which are old and neglected. That is a concern for WordPress because older versions are security risks and any news of widespread hacking damages their reputation.
Anyone with a newer site is familiar with WordPress’s automated updates. Luckily for anyone with a highly custom site, you can block these updates and fortunately they cannot (yet) force an actual version upgrade. But they’d like to. They’d like to be able to force upgrades of all WordPress sites at their own discretion.
Working toward that goal, according to ZDnet, WordPress is no longer backporting security patches to older versions but “working on figuring out ways to roll those versions forward automatically without breaking sites for people, and essentially we’re working to try to wipe those versions from existence on the internet, and bring people forward.” They admit it won’t be easy.
While a worthy intention in terms of security, forced upgrades are not quite in the spirit of open source. If I download your software, I am free to do whatever I want with it, including never updating it or modifying the core. It’s mine to do with as I please.
So beware if you have a highly customized WordPress site, you might need to protect it from the very people who gave it to you.