17 Apr _

The Risks of Ignoring Your Drupal Website Updates

Drupal 8 security updates are crucial for website functionality and fortification. Regularly updating Drupal installation, including the core, libraries, and contributors should become second nature to Drupal users.

Written by
Sean Edwards
Content Editor

Drupal 8 updates (Core, Contributor)

Each user will have a different method of managing their workflow, either by utilising dedicated tools, custom scripts, or updating their codebases via FTP. Ensuring the application’s third party code is consistently up-to-date is imperative for each open source project.

However, the consequences of ignoring updates and Drupal security patches can be easily averted if users consistently update modules in their entirety.

Let’s dismiss exactly the specifics of each update, but instead look into why your Drupal CMS should always be properly maintained and frequently updated.

Stay Credible

If like many Drupal administrators, you’re adamant that system updates can be put on the backburner or you’re simply satisfied with the ‘old but gold’ version, pause and consider the potential widespread issues to both your organisation and its customers.

Risking your online credibility is just plain self-sabotage. If that credibility comes into question, then your business’ reputation may become tainted. If customers are also affected by a cyber-attack, then expect an unfavourable turnover in your customer base.

Older versions of software can be affected by high-risk security vulnerabilities that enable attackers to compromise an entire site. Attackers actively seek out old software with vulnerabilities. Ignoring a vulnerability on your site increases the chance of your site being attacked - Google

If that wasn’t bad enough, search engine powerhouse Google, has the right to completely blacklist any website that has succumbed to a major hacking that involved phishing campaigns or malware. They may also kick afflicted websites right down the search engine results page (SERPs) pecking order.

Any potential visitors to your website that haven’t yet been notified or affected by your website’s hack, will see on the search engine’s results page that your website may harm their computer/device or even contain malware. I guarantee that 99.9% of consumers will immediately see that was a red flag and take their business elsewhere - namely a competitor.

Backup For The Future

How Often You Should Backup Your Important Data

Prior to any kind of upgrades or new installations, make back-ups of your backups, and maybe back that up too. It’s the safest way to know that all of your important data is secure.

You can find backup and migration modules within Drupal’s ‘Download & Extend’ section.

Data Backup can also make archiving & auditing much easier for a business. Remember, it’s not necessarily about the backup, it’s what the backup can provide – the restore.

In a ‘Disaster Recovery’ situation where data recovery is required ASAP, backups are priceless.

Pull The Plugins

Plugins found on Drupal can add enhanced functionality to a website. Although, each installed plugin should be frequently checked that they’re up-to-date. Outdated or unpatched plugins, themes, and modules are highly vulnerable sources for viruses.

Always remove plugins that are not maintained by their developers, and exercise extreme caution when it comes to free plugins from untrusted websites. Cyber-attackers frequently add malicious code to free versions of paid plugins.

If you’re uninstalling a plugin, ensure that all of its files are removed from the server.

Updates = Upgrades

With each new feature or optimisation, comes a requirement for better security. From WordPress to Drupal, each manufacturer is continuously working on their system functionality and security for complete customer satisfaction.

It’s essential to periodically check for software updates for your site in order to patch vulnerabilities. Better yet, set up automatic updates for your software where possible and sign up for security announcement lists for any of your active running software.

Software you’ll want to keep updated include:

  • Web Server Software

    If you run your own servers.

  • Content Management Systems (CMS)

    Examples would include Security Patches released by Drupal, Wordpress, etc.

  • Plugins & Add-ons

    From SEO Manager add-ons to Geo-Locator plugins, all extra third party features on your site should be kept up-to-date.

Drupal Updates 2019

Drupal is working hard to drop a trio of minor release cycles in May 2019, December 2019, and June 2020 respectively, before it launches the fully-fledged Drupal 9 platform on June 3rd, 2020.

Updates will not only contain new safety components, but the latest features, themes, or modules a retailer could integrate into their website that could prove beneficial for all parties (retailer and consumer).

Any compatibility issues can also be rectified within CMS updates; coding errors, bugs, and said compatibility problems are always fixed and released via system updates/patches.

Hackers Gonna Hack

Without a doubt, the worst case scenario; if you don’t actively check for new Drupal versions and ignore core updates for an extended period of time, your application will be at the mercy of hackers, who’re quick to pursue security breaches and vulnerabilities of any kind (each incident is published as soon as they’re discovered).

On average, over 30,000 websites get hacked or infected with some type of malware every single day, and even more sites are victims of an attempted website hack.


Now, out of over 1.3 billion websites online and counting, you may think the odds of succumbing to an online threat are slim. But, why take the risk?

Not only can Content Management Systems be exploited by hackers or infectious malware, the subsequent fallout from any website downtime can be detrimental to sales, your customer base, brand’s reputation, or perhaps more importantly, your entire database.

Any weaknesses or gaps within your Drupal structure falls on the responsible shoulders of the Developer or System Administrator. Keeping the system regularly up-to-date will ensure that any potential security potholes are effectively patched. By ignoring update notifications, you’re leaving an outdated system wide open to attacks.

Hacker Facts

  • 40 million Americans lose information annually due to business hacking.
  • WordPress hosts about 25% of all the World's websites and are the most commonly hacked.
  • On average, it takes 10 minutes to crack a lowercase password that is 6 characters long.
  • 73% of Americans fall victim to some type of cybercrime.
  • 40 million Americans lose information annually due to business hacking.

Leave it to us

For our clients, we employ a systematic routine of applying Drupal updates to each of their websites. Each of these updates are meticulously pre-planned, applied and tested to ensure there is minimal downtime or unexpected aftereffects once the updates are concluded.

We also inform and educate our clients about system maintenance, potential downtimes, or compatibility issues of each individual update before pressing ahead with the implementation of them, and we’re able to work alongside or around their schedules to ease any concerns.

Drupal security updates

At Sherwen Studios, we pride ourselves on providing a complete 24/7 Drupal support service for our clients, so we can support them whenever necessary.

If your Drupal website isn’t currently undergoing routine updates and performance checks, why not speak to our team of experts about how we can help rebuild your website’s defences and fine-tune any underperforming areas.

Let us manage the boring, nitty-gritty stuff so that your business is able to perform to its maximal potential.

Always take proactive measures to increase the security of your organisation’s websites, because being hacked is an expensive ordeal.

For more information on cyber-attacks, data recovery, and Risk Management, read our insights on ‘A Recipe for Disaster Recovery’ and ‘How to Implement a Risk Management Plan for Ecommerce Websites’.

Start with a Free Drupal Quote today!