Posted on 30 July 2012.
It isn’t as simple as downloading a Drupal security update and then applying it. There are several factors to be considered when doing a security update.
- Read the UPGRADE.txt or README.txt after downloading the security update files. See if there are any known issues.
- Issue queue. Are other Drupal users having problems with the update? If yes, wait for the release of a fix. A second update is often released immediately after the original one.
- Release notes. What features would be updated? Know which ones would be changed so you can test them later on.
- Dependencies. Do parts of your site depend on particular version/s of a module or core? If yes, find out how you can eliminate that so you can apply the new security update.
- Backup your database and all files. This way, you can always roll back should something wrong happen. It would be better if you have a development environment where you can try out the updated module/core.
- Time. Apply the security updates when the site is least busy.
- Offline mode. Consider putting your website offline so that site users won’t see errors while you’re updating your database and files to a new configuration.
- Test, test, test. Even though you’ve already done this on your development environment, your server could be setup with a different configuration that can result in your live site breaking. Catch issues before your site visitors can catch them.
- Go to Admin > Reports > Status and check for outstanding issues waiting to be fixed.
- Do not forget to put your website back online.
While applying security updates may seem like a menial task, there are actually a lot of things to consider before and after engaging in the process. But don’t fret. There are modules to help you like the following:
- Backup and Migrate. This will assist you in backing up your databases.
- Drush. This module will help you save time by eliminating the need to download and extract the new module. In the command line, simply enter “drush pm-update modulename”.