Just a quick note – if you’re about to install the WordPress 2.6 upgrade, make sure you don’t just check your homepage and then call it a night. On a site I help manage for some friends I ran into a huge bug – the upgrade went smoothly, the homepage looked fine, but all the posts returned 404 errors.
It’s apparently very common if you are using “index.php” in your URL structure, which many sites use because IIS doesn’t have an equivalent of Apache’s mod_rewrite or because their host doesn’t allow mod_rewrite for some reason.
The solution can be found in this thread on the WordPress support forums. Basically the solution is to get the latest copy of rewrite.php and copy over the version for 2.6. Here’s another post with a technique for category and tag pages.
There’s a lot to like about WordPress… the open-source codebase, the templating system, the extensible plugin architecture. But I’m starting to feel like I’m squeezed between a rock and a hard place – delay an upgrade and you run the risk of getting hacked; go forward with an upgrade and you run the risk of throwing 404s for your entire site.