Many people think of a website as a one-time expense. They want to pay to have the site created and then move on, especially if the site is created using a CMS (Content Management System) that they can edit and add pages all on their own without needing to work with a developer. But, that’s not how it works. A website needs long-term

CMS Updates maintenance, just like a car needs regular oil changes.

Regardless of the CMS you choose to create your website (i.e., WordPress, Drupal, Joomla) you have to be mindful of tools, plugins, and extensions that are integrated into your platform. With thousands of malicious hackers out there trying to get into the back-end of your beloved website, CMS developers are continually working to create updates with new features, bug fixes and most importantly, security updates.

Do you always have to update?

No. With major release upgrades, such as Drupal 6 to Drupal 7, you may want to wait before making this major core upgrade until all of your plugins or modules are supported in the newer version. Upgrading too soon may cause one of your plugins or modules to stop working, removing certain functionality or breaking your site. If the release is designated as a security update, you should, however, apply the update as soon as possible.

What’s the worst that can happen?

Many people who run relatively small websites, or websites that don’t offer online purchasing, doubt that they could be victim of an attack. However, given that many attacks are automated, just being on the Web makes your site vulnerable. That being said, some potential things that your attacker could do include:

  • deleting all of your content
  • defacing the site by posting questionable and offensive material
  • completely replacing all of your content and images with their own
  • spamming the site with links
  • changing passwords to block you from accessing the admin area

So you know that your site needs some TLC and why, but how do you know when it needs it? Many CMS platforms allow you to sign up to receive notifications when a security update or major upgrade has been released.

For Drupal users, visit All security announcements are also sent out by email. To subscribe to these emails, log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab. You can also follow @drupalsecurity on Twitter.

If you are a WordPress user, you can sign up to receive security alerts and product updates at

You have invested time and money into your website. Don’t let that go to waste. Keeping your website up to date and maintained will allow it to be a part of your business’s continued success.