Keeping up with the Joneses
You know how on one Wednesday morning every month you sign into your Windows PC and see that “updates have been installed”? Most of the time there is no effect on the rest of your day, or week, or month. Sometimes there are problems with other apps who relied on Windows behavior that was changed but for the most part, life just goes on.
If you look at what has changed the list will often have “Windows Security Update XXXXXX’ in the list several times. Each of those security updates is fixing a problem that a hacker could find or has found. So autoupdate is generally a good thing. Some security folks are divided on whether or not to use it, but I have found that the majority of them recommend that autoupdate be turned on.
Accella has fielded several systems with WordPress and Drupal. These are two major Content Management Systems/Frameworks that have active development teams. Web sites built with these systems typically rely on plug-ins and modules to give the functionality needed. Like Windows, Drupal and WordPress put out security updates. Like Windows, even updates not related to security become available regularly. Unlike Windows, updating the CMS is more involved and not automatic. Another thing to consider is the open-source community that produces these modules does not always keep up with the base CMS in a timely manner if modules are abandoned or unpopular, though for widely used modules issues with the base system are solved fairly quickly.
There are good tools to update your code and database quickly for both CM systems, but someone is needed to start the process; they won’t run on their own. WordPress does have a one-click update method in the admin pages and Drupal offers a robust set of administrative tools that can be used by a site administrator from the command line which makes updating the code and database quite a quick process. In both cases, it’s never a good idea to run untested updates on your live site. The testing and verification of the site is what saves you from an embarrassing site outage. Past experience has shown that an update to the base CMS could break the web site if the modules or customizations are not compatible with the newest version. For these reason updates should first be completed by someone who knows your site on a development/staging server before deploying to production.
All of this means that it is necessary to keep an eye on the CM system’s own detection of available updates and then manually take the appropriate actions. Accella has a lot of experience performing updates to CM systems and have developed a good set of practices for verifying the new version will not cause modules and plugins to stop functioning. We can assess and recommend a course of action to bring a website up to date. Please email John Rainey at firstname.lastname@example.org or call 888-856-2664 for more information.