Every so often, most of us find ourselves thinking, “You know, I really should do something about [tedious, but important task],” like rotating your tires, or changing the furnace filter, or eating more fibre. Whee. And then we forget about it until we hear something that begins the cycle again. Or something happens that makes us think, “Oh, ****, I really should have done [same tedious, but important task] before this. ****.”
Taking care of your website is one of those tasks. (I understand this is exciting for some people, but they’re probably not reading this.) As rtraction’s resident techno-twit, I consulted with our head QA guy, Josh Dow (@joshdow), and developers Gavin Blair (@gavinblair) and Sean Sandy (@SeanJA).
“Keep stuff updated” seems to be a big theme. If you’re using Drupal or WordPress, they advise keeping your CMS (in this case, Content Management System, rather than “Cruel Mythical Sword” or something) framework updated.
Be sure to monitor your website’s update status and be ready to implement the updates. A monthly check will usually be sufficient. However, there are times when a high-priority security patch is released. Don’t wait when these appear — sites can be compromised within hours.
Okay, now that I’ve scared you (or maybe just me) with that bit of info, let’s return to the regular updates. With Drupal, there’s a mechanism to apply module and core system updates via the “Update Manager” tool, and this tool, not surprisingly, periodically checks for updates to modules and themes installed in your Drupal application. WordPress lists core system updates on the administrator’s dashboard as soon as they become available; updates for WordPress plugins are listed on the plugins page. In both cases, you should review the update notes to make sure that the update won’t conflict with another module or plugin, and cause issues with your website. And then check again. This is the “measure twice, cut once” of the website world.
Speaking of plugins, modules and also themes, you should remove unused and/or outdated add-ons from your website. The longer you leave them, the greater the probability that your site will be compromised by a five-year-old with nothing better to do with his time than play with people’s websites: older add-ons that are no longer being supported have a greater chance of containing security holes.
BACKUPBACKUPBACKUP.That’s the voice of every system administrator you’ve ever met, including our own @StuartClark. Always back up your website before you apply the updates — even if there are no known conflicts with the update, you don’t want to find out that the developers missed one.
And back to Things To Update:Keep your server up to date. Use newer versions of PHP, which are faster and have security fixes, and newer versions of the kernel, which can patch huge security holes.
So there you have it. UPDATEUPDATEUPDATECLEANUPBACKUPUPDATE. So simple anyone could take care of a website. Or at least know the right words to ask one of those techie types to do it.
Now go eat some fibre.