[Drupal] How to install security updates in Drupal sites

| | 2 min read

Security updates are essential in Drupal websites. Such updates are vital to address certain security vulnerabilities and keep your website protected from potential threats.

You can get the details of the security updates that need to be applied on the Drupal site from the link given below:
http://www.buildamenu.com/admin/reports/updates.

The steps to install security updates in Drupal sites:

  • Check available updates.
     drush ups 
  • Check for hack details using meld module. You can install the meld module using
     sudo apt-get install meld 

    and just type meld in the command to check the differences in the files and directories.

If hacks are found, please proceed below, or else create patches for the hacks and proceed.

  • Delete the current version of the module.
     git rm -r sites/all/modules/module_name 
  • Download the new version of the module.
     drush dl module_name 
  • Add the new version of the module.
     git add sites/all/modules/module_name 
  • Commit the module updates to the version control system if added.
     git commit -m "security update for module_name module" 

If patches are present:

  • Update the patches for the hacked modules and add the patch.
     git add sites/all/PATCHES.txt 
  • Commit the patch to the version control system, if added
     git commit -m "comment wrapper template patch applied to module_name module" 
  • Run the database update script.
     drush updb 

Also, you can skip all the above steps and use directly the command given below to update after checking the hacked details using meld module.

 drush up module_name 

It's always good to follow the above steps if security updates are being done in the server directly instead of shortcuts.

You may also look into other articles related to Drupal security here. Please feel free to share your thoughts and queries regarding this here.