Things to Consider When Applying Drupal Security Updates

It isn’t as simple as downloading a Drupal security update and then applying it. There are several factors to be considered when doing a security update.

Before Updating 

• Read the UPGRADE.txt or README.txt after downloading the security update files. See if there are any known issues.
• Issue queue. Are other Drupal users having problems with the update? If yes, wait for the release of a fix. A second update is often released immediately after the original one.
• Release notes. What features would be updated? Know which ones would be changed so you can test them later on.
• Dependencies. Do parts of your site depend on particular version/s of a module or core? If yes, find out how you can eliminate that so you can apply the new security update.
• Backup your database and all files. This way, you can always roll back should something wrong happen. It would be better if you have a development environment where you can try out the updated module/core.
• Time. Apply the security updates when the site is least busy.
• Offline mode. Consider putting your website offline so that site users won’t see errors while you’re updating your database and files to a new configuration.

After Updating 

• Test, test, test. Even though you’ve already done this on your development environment, your server could be setup with a different configuration that can result in your live site breaking. Catch issues before your site visitors can catch them.
• Go to Admin > Reports > Status and check for outstanding issues waiting to be fixed.
• Do not forget to put your website back online.

While applying security updates may seem like a menial task, there are actually a lot of things to consider before and after engaging in the process. But don’t fret. There are modules to help you like the following:

• Backup and Migrate. This will assist you in backing up your databases.
• Drush. This module will help you save time by eliminating the need to download and extract the new module. In the command line, simply enter “drush pm-update modulename”.