Security is very important for every website. At Droptica, we take care of our clients' websites so that they are always up to date. Let us talk about why Drupal core and module updates are so important, and how our Drupal support team helps to achieve full website security.
Why is it so important to update the core and the modules?
A Drupal-based website is made up of the Drupal core and the community-created modules. As for any modern system, patches improving its security are being regularly released for Drupal.
A special cell has been created in the Drupal community to deal with the security of Drupal and its modules. If it turns out that a module is vulnerable to hacking, the security team helps patch the holes and organises the release of a new version, so that all websites using the module can update it quickly.
Information about new versions is available at drupal.org. You can also subscribe to the mailing list where you receive information about the publication of security patches for the modules being maintained at Drupal.org
It is a good idea to update the website regularly?
Of course, not all updates are critical and not all are security patches. Drupal and the modules grow and improve. Improved versions are being released regularly. It is a good idea to implement these updates on your website. Thanks to them you obtain new improved functionalities, but you are also better prepared for a possible security patch.
Security patches are always released for the latest module version. If you use the old version on our website, you will have to upgrade the module by going through many updates. It often works just fine, but such "big" updates do not always go easily and sometimes require more experience and effort. It is good to update the modules regularly so as not to come across possible surprises and difficulties in the future.
Security updates are the most important of all and must be implemented immediately. What is more, if the update's priority is critical, some of the key functionalities on the website may stop working until the version is upgraded. Some updates are not so important; however, if you do not introduce the suggested changes gradually and regularly, there is a high risk of being exposed to hacker attacks and the occurrence of various problems when upgrading the version after a long break. The consequence of this may be a temporary suspension of the website's operation, which is directly related to financial losses.
We would recommend updating the website as soon as a security patch comes out – and if there are none, you should do it once a month to keep up to date with the changes in all modules.
What are the ways to update modules?
There are several update methods.
Composer – The first is to use Composer by utilising the appropriate commands. This method is usually preferred. Composer is a package manager with which you can download modules, skins and external libraries. If your website is built based on Composer, this is also the method recommended for you. Read more about tricks to work efficiently with the Composer in Drupal.
Drush – a set of scripts allowing for managing Drupal from the command line. One of them is responsible for updates.
The third, easiest but most tedious method is to manually download and send files to the repository, which is less effective, but sometimes – necessary.
Ultimately, the Drupal community eagerly awaits the fruits of the "Automatic Updates" initiative, which is to allow automatic updates. Currently, the “Automatic Updates” module does not yet belong to the Drupal's core, but it exists in its initial form https://drupal.org/project/automatic_updates. It is a candidate for a very soon release as a stable version.
How long does implementing changes to modules take?
At Droptica, we implement updates on client's websites within one day, and it usually takes up to several hours to complete the update, depending on the complexity. The time needed for implementation is crucial for websites with high traffic at specific times of the day. We always agree on the implementation time with the client and make sure that the website will work, and the implementation will remain painless and safe.
What can a dedicated Droptica team offer you?
You do not have to hire a full-time developer when you work with us. Our team is constantly watching the changes in Drupal and immediately introduces them, if necessary.
We provide Drupal support for many clients, and we create our own solutions for unsupported modules in relation to business requirements.
How does the process of updating modules by the Drupal Support team look like?
When security patches are released, we check whether the module for which the update was released is enabled on your website. If that is the case, we then ask you for permission to perform and implement the update, also asking for the preferred day and time of implementation.
After receiving permission to carry on, we begin the development and the introduction of changes to the code. Our process involves special steps, such as Code Review (a code check carried out by another developer) and pre-implementation tests confirming that making changes to the website will not cause any problems. We always check the code twice before it "lands" in the production. If you want, we can provide you with a new version of the website in an automated test environment similar to the production environment, so that you can see how the website works after introducing the changes.
When everything is buttoned-up, we are preparing for the implementation, in accordance with the preferred time. Sometimes it happens that the client sets rules in advance for every update – for example, to implement changes always between 7:00 a.m. and 10:00 a.m.
What else can we give you?
In addition to module updates, we also offer other services. We would be happy to expand your application with new functionalities and fix bugs that bother you – the critical ones and those less important. We also often help in upgrading the PHP version and provide consultation on security audits.
Thanks our Drupal support service, you can easily keep the website up to date and not worry about security.
Are you ready to ensure the security of your website?