[Drupal] Why is it important to run Drupal updates and security updates regularly on your site?

By | 30th May 2013 | 3 min read

Maintaining a Drupal site is not just about managing the content on the site and administering users and the configuration. An important part of maintaining a Drupal site is in keeping the site updated with the latest security updates released for Drupal core and also for the contributed modules used on the site.

Drupal is a very secure platform however this does not mean that a snapshot of the platform from a given point in time is free from all imaginable security loopholes. The security of the platform comes from the fact that there is a large community of people and a crack team of security experts (Drupal Security Team) who are always on the lookout for signs of weaknesses in security in Drupal core or contributed modules. When a security vulnerability is identified by the community or the Drupal Security Team it will be taken care of promptly with the involvement of the Drupal Security Team and patches and a new security release of the module or Drupal core itself is released within a very short period of time from the time the vulnerability is idenitified. Along with the new release there will be a security announcement on the Drupal Security mailing list describing the problem and the fix.

Once the new security update for the module or Drupal core is released it would be the responsibility of each Drupal site owner to keep their site updated. Once the update is released and hackers (or rather crackers) are aware of the security vulnerability they will try to scan for the vulnerability in known Drupal sites. If these sites are not kept updated then they expose themselves to a higher risk of their security being breached once a given security update is released than when it has not been released / revealed.

Typically on small sites this should not be a big problem because there wouldn't be too many crackers trying to crack into small sites because of ROI from their perspectives. However there would still be spammers and black hat SEO thugs who will try to break into the Drupal site to get access into the site and control the site for spamming or for SEO manipulations for their own sites. As the visibility of a Drupal site increases the exposure to such attempted attacks will increase and the probability of the site being cracked increases when the site is not kept up-to-date.

A general recommendation is to update the site with all the security updates as soon as the security updates are released. It is the choice of the site owner to decide whether to run regular updates or not. They are not essential but usually updates that take care of bug fixes are for the better.

We will be able to offer our Drupal Maintenance Services to help keep your Drupal site updated on a regular basis without having you worry about keeping on top of the update cycles in Drupal. Get in touch with us to know more.