Drupal and WordPress Updates - What That Means

Three ladies working on an engine

One of the services we offer to our clients is regular platform updates to their website code.  But what is that exactly, and why should you do it?

Drupal and WordPress are Content Management Systems (CMS) consisting of thousands of lines of complex computer software code (Drupal 8.0 had over 750,000 lines of code).  This software is what provides the ability for you to manage and display your website.  There is a "core" component which implements the basic features of the CMS, and most websites generally have many plugins (WP) or modules (Drupalthat provide additional features.

Types of Updates

Both CMS's are open source and free to use, and are maintained by an army of developers all over the globe, including for both the core, and the thousands of plugins and modules. There are three types of regular updates made to the code:

  • new functionality
  • bug fixes
  • security updates

New functionality gives us fun new features to use, to improve your website.  Bug fixes correct issues found in the code.  And the most important one, security updates, are made to the code when a new vulnerability is found.  That is, someone figured out how to post spm, bypass a login, insert malware, steal credit card information, or something else nefarious.   Remember Drupageddon?  And with WordPress being the most popular CMS in the world, the hackers go for it first.

Unless you are very high profile, hackers aren't usually specifically targeting your website - they just run scripts that comb the Internet looking for websites with unfixed vulnerabilities.
 

Drupal status screen

this is what you want to see!

Drupal and WordPress Security Updates

The security teams within Drupal and WordPress will quickly release new code updates when a new vulnerability is found.  FireRoad monitors information about these releases so we know as soon as they are available. 

For clients on our Firehose "Nearly Unlimited" maintenance and development plan, FireRoad implements important security updates within one business day from when they are available, and then regular bug fix updates and upgrades are done at the end of each month.  For everyone else, we perform all updates at the end of each month.

FireRoad's Update Process

We don't just run an update script and call it good however.  For all clients we have a careful and professional process:

  1. Code updates are downloaded from the source and implemented on our test server for your website, which is an exact duplicate of your live website
  2. An automated testing script runs tests on all major functionality and compares before and after visuals on the website
  3. Every new feature is also manually tested by hand for correctness
  4. The site status report and system log are manually checked for any issues
  5. Once everything looks good, the code is pushed up from the test server to your live website
  6. Automated tests run again to confirm correctness on the live website

Your website never experiences any downtime - the updates are just suddenly .. there.  And once again everything is safe and secure.

Should any issues be found later, we track every code change we make and can revert back to a previous version as necessary.  We also make daily backups of your database and all files in case they are needed.

It Will Happen

When is the last time you updated your Drupal or WordPress website code?  If you don't know ... maybe you should give us a call.  You will get hacked otherwise, it is just a matter of time.  We can take care of it for you - one time or on a regular basis, and you will sleep better at night knowing the hackers won't be using your website for their dirty deeds.