About the Drupal 7 & 8 Highly Critical Update March 28, 2018
Website security should be at the forefront of any good web hosting company’s mind. Hackers are continually looking for ways to infiltrate websites, gain access to computers or servers, as well as personal information. They never stop. Because they know that all it takes is finding that one little chink in the armor that they can hammer on and force entry.
Drupal Security Risks: Does Your Web Hosting Company Have Your Back?
Recently the Drupal Security Team announced a release to fix a significant vulnerability in Drupal core. Distribution of the update was coordinated to limit the amount of time hackers would have to exploit it. The Drupal Security Team rated this vulnerability as ‘highly critical’ and in fact it was so severe that Drupal even included patches for versions that they no longer support (8.3.x and 8.4.x). While this is unusual, it does happen and you need to know your site has been properly patched in time.
Why Should You Care About Drupal Updates?
Once Drupal releases an update to fix a vulnerability, the word goes out to all Drupal developers, hosting companies, website managers, and . . . the bad guys. The moment they know there is a weakness in the Drupal suit of armor, they spring into action. They immediately start writing scripts to exploit the vulnerability that’s been revealed. And they will find sites that did not implement the patch in time.
How to Keep Your Drupal Website Safe
Communicate with your hosting company to ensure the patch is being implemented ASAP – particularly in the case of highly critical releases. Make time for Drupal core and contributed module updates, even if it interrupts your plans for the day. You can follow Drupal security advisories at: https://www.drupal.org/security.
This comes with the territory. This is the nature of open source. An open source content management system (CMS) like Drupal must be kept up to date regularly to maintain performance and avoid hackers. While a severe risk is rare, it does happen and it’s vital that you are relying on a hosting company that is on top of the latest updates and understands the importance of implementing them – and closing up the crack before it is found.
Photo: By © User:Colin / Wikimedia Commons, CC BY-SA 4.0