Security Updates: A no-brainer (right?)



How often do you change the oil in your car? Every 3,000 miles? Every 5,000? Wait, there’s oil in my car, and I’m supposed to change it?!

What about the last time you went to the dentist for a cleaning, or the doctor for a regular check-up?


Your website, and by proxy your online presence, is no different in that it needs regular maintenance to keep it performing it’s best. Most Drupal sites contain a lot of contributed modules and themes, alongside Drupal core, all of which need to be updated at some point.  Sometimes those updates are to add new functionality, improve performance, or to fix a bug, but often they address security vulnerabilities.


Did you know...


The Drupal security team released update 7.56 and 8.34 on June 21st that addressed multiple security vulnerabilities for Drupal core? Two weeks later, on July 5th, 8.35 was released. If you’re one of our clients that has scheduled monthly or quarterly updates, don’t worry, we’ve got you covered.


For the others, the best practices for securing your Drupal site recommend subscribing to security mailing lists, joining the “Best Practices in Security” group on, subscribing to RSS feeds for Core, Contrib modules, and following @drupalsecurity on Twitter.  But even then, the recommendations say that, “The key to security is eternal vigilance.”


Wait, did they actually say eternal vigilance?


For many organizations, eternal vigilance may sound more like a job for the (overworked) IT guy or gal to keep track of [sic].  What happens *if* said hero of the IT world fails in their duties of eternal vigilance? Maybe nothing, and the world keeps on turning.  Or maybe a hacker builds a crawler that identifies websites that are out of date, your site gets added to a short list of sites missing “7.XX” of “8.XX” updates and your site’s beautifully crafted marketing message espousing the awesomeness of your company gets replaced with a Skull and Crossbones and some bad 80’s era techno.


While the Skull and the techno probably won’t happen, the crawlers REALLY DO EXIST! And the solution is easy, inexpensive, and won’t make your IT person hate you.


Make your life easy...


We keep track of Drupal core updates and we know exactly which module updates you need so you don’t have to filter the 20,000+ module’s RSS feeds for the 50 modules your site uses, AND we are very efficient at applying them so it doesn’t cost you a King’s ransom in custom development hours. We have monthly and quarterly options, so you can apply a set-it-and-forget-it solution to web security, and let your IT person keep doing...whatever it is they do.


Check out our options here, then drop your car off at the mechanic on the way to your dentist so you have clean teeth at your doctor’s appointment.


 - Article by Adam Knox, Community Liaison