Like you, your website can’t properly do its job when it isn’t at it’s healthiest. Websites need regular care and maintenance to ensure that the platform core and contributed modules or plugins are being updated with relevant security updates. Maintaining your website’s health is an ongoing, consistent task, otherwise, your website may be at risk of being vulnerable to bugs, broken functionality—or worse—a cyber attack. When you are in the final month of building a new website, you should plan for how you will maintain your website’s health.

Why security patching matters

Security patching is a code update to a site’s platform core (module), one of its contributed modules, or to a plug-in being used on the site. The purpose of any one patch can be to resolve a security vulnerability, fix a performance issue, or repair a bug.  An open source content management system (CMS), such as WordPress or Drupal, needs to have regular ongoing patching to keep the platform core, contributed modules, and plugins up-to-date and secure. 

The benefit of an open source CMS is that everyone has access to the source code, which means that they can contribute to fixing issues and improving functionality. However, it also means that the source code is available to those who may be looking for opportunities to exploit it. Leaving your site unpatched essentially opens the door to hackers who are looking for software vulnerabilities.

Why you need to patch and maintain your website

The cost of maintenance is exponentially lower than the cost of cleaning up a mess from a cyber attack. Depending on the severity of the attack, you can expect to pay several thousands of dollars to fix a hacked site. In some cases, when sites have gone years without patching, the costs can be in the tens of thousands of dollars. And in many cases, your site will need to be reverted to an older backed-up copy, which means losing all content added after the hack.

All of that trouble, time, and expense can easily be avoided by completing regular security patching. If you don’t have a developer on staff to manage your website maintenance, you can work with a support partner that can do it for you. Forum One’s dedicated support team currently manages security patching, hosting, and website support for over 50 organizations.

Maintenance best practices

Stay on top of security updates by implementing them within a reasonable amount of time. Here are some of our suggested best practices to stay ahead:

• Sign up to receive notifications about upcoming security releases:
  • Drupal: you can create an account on Drupal.org and sign up for their newsletter, which includes security releases. You can also follow @drupalsecurity on Twitter.
  • WordPress: set up an RSS feed to follow the WordPress blog for updates.
• Implement critical or highly-critical security patches no more than two days after their release.
• Implement non-critical security patches within a week of their release.