You can update from your dashboard directly like you install a plugin, It’s very simple. WordPress is gettting better day by day and the improvement is exponential . Follow the below instructions if this doesnt work for you. Before anything backup your wordpress database.

1. Backup the wordpress database through your cpanel or by using this database backup plugin http://wordpress.org/extend/plugins/wp-db-backup/
   
2. Now delete all the files except, wp-content folder and wp-config.php
3. Replace the above deleted files with the files from wordpress2.8.

Here are some common mistakes done by bloggers while upgrading.

1. Deleting all the wordpress installation folder. This way you will loose your wp-content folder, where your themes,plugins and the uploaded files are stored. You need not upgrade this folder. So dont ever delete it.
2. Are you looking for your posts in the installation folder?? They can not be found there, they are stored in your sql database. In order to backup your posts you have to backup your database. You will not loose your posts if you delete your wordpress install directry or mess with it. So dont worry as long as your database is safe and you have its details.

Security should be the major cause of concern for the blog owners who run a blog that recieves a good traffic and is popular, because such sites have more chances to be targeted.

Here are some basic things to be done to protect your WP powered blog:

• Check if your WP is of the latest released version. Always upgrade to the latest version available, as the new releases are more secure and bug-fixed.
• Choose a secure password, using atleast one special character and/or numbers.
• Assign only the required File Permission for any file, not more than the required FP. More details on FPs can be found here.
• And lastly, implement some Security Plugins on your Blog.

Security Plugins help you to secure your blog. I’ll be introducing you to some of the most useful and affective plugins:

WordPress Firewall

It acts like a Firewall for your blog. It blocks the most obvious attacks. WP Firewall can block directory traversals, SQL queries, WordPress specific terms, field truncation attacks, leading in application parameters. It can also block the uploads of executable files such as .exe, .php, etc.

Login Lockdown

It records the IP Address and Timestap of the failed login attempts. If more than 3 failed login attempts are done within 5 minutes from the same IP,  then the login function is disabled for all requests from that IP Address. This helps to overcome Bruteforce attacks.

WPIDS (WordPress Intruder Detection System)

It is the WP version of the PHPIDS. It blocks all the malicious code that is used to attack your blog like SQL Injection/XSS/CSRF, etc…

WP Security Scan

It scans your WP for vulnerabilities and gives suggestions to correct the vulnerabilities. It also offers to change the table prefix (wp_) easily to some other prefix.

AskApache Password Protect

This plugin protects your whole wp-admin with a password. This helps to prevent unskilled, newbie hackers from attacking your blog with some special vulnerabilities.

1. Save your ftp login details carefully.
2. Backup the wp-config file in the blog directory.
3. Create a administrator account for your self from the temporary administrator account we provide, and delete the temporary administrator account.
4. Update the title and tag line of your blog, to update goto settings->general
5. WordPress is installed in the directory /blog to keep your root directory clean. So your blog will be having url of this form by default http://buddingbloggers.com/blog/?p=11 . This makes your url unnecessarily lengthy,also this is not a good SEO practice. To give your blog url of the form http://buddingbloggers.com/?p=11
   1. Go to the settings -> General panel.
   2. In the box for WordPress address (URL): change the address to the new location of your main WordPress core files. Example: http://buddingbloggers.com/blog
   3. In the box for Blog address (URL): change the address to the root directory’s URL. Example: http://buddingbloggers.com
   

   Giving wordpress its own install directory

   4. Click Update Options. (Do not worry about the error message and do not try to see your blog at this point! You will probably get a message about file not found.)
   5. Copy the index.php and .htaccess files from the blog directory into the root directory of your site (Blog address).  If .htaccess file is not already present, create one yourself and upload it. Change its permissions to “666″
   6. Open your root directory’s index.php file in a text editor
   7. Change the following and save the file. Change the line that says:
      require('./wp-blog-header.php');
      to the following, using your directory name for the WordPress core files:
      require('./blog/wp-blog-header.php');
   8. Your wordpress administration url will be http://buddingbloggers.com/blog/wp-admin/ and your blog url will be http://buddingbloggers.com
6. Change the Permalink
   The default looks like

   http://buddingbloggers.com/?p=N

   This is called ugly link structure and not good a good SEO practice. To give your blog a URL structure that pleases search engines
   In the Settings ? Permalinks panel, you can choose one of the “common” structures or enter your own in the “Custom structure” field using the structure tags.This is the one I commonly use on all my blogs /%year%/%monthnum%/%category%/%postname%/ you can also try

   • /%year%/%monthnum%/%postname%/ (Third one in wordpress admin panel )
     Using date in the url makes it easy for your readers to find out how old the post is
   • /%postname%/ (Only post name)

   

   Structure tags

   %year%

   The year of the post, four digits, for example 2004
   %monthnum%
   Month of the year, for example 05
   %day%
   Day of the month, for example 28
   %hour%
   Hour of the day, for example 15
   %minute%
   Minute of the hour, for example 43
   %second%
   Second of the minute, for example 33
   %postname%
   A sanitized version of the title of the post (post slug field on Edit Post/Page panel). So “This Is A Great Post!” becomesthis-is-a-great-post in the URI (see Using only %postname%)
   %post_id%
   The unique ID # of the post, for example 423
   %category%
   A sanitized version of the category name (category slug field on New/Edit Category panel). Nested sub-categories appear as nested directories in the URI.
   %tag%
   A sanitized version of the tag name (tag slug field on New/Edit Tag panel).
   %author%
   A sanitized version of the author name.
7. Delete the hello world post or update it with your blog intro.
8. The most addictive thing for bloggers are stats, the daily raise in your stats gives you the motivation to deliver your best. The best stats plugin available for wordpres is WordPress.Com stats http://wordpress.org/extend/plugins/stats/ .
9. Install the akisment spam plugin, both akisment and wordpress.com stats plugin require the api key, I will explain how to get a api key in mynext post.
10. Browse the wordpress themes directory and select a theme that matches your needs and site content. http://wordpress.org/extend/themes/