Why you need to keep your Drupal site updated: technological and business impacts to consider

Failing to do regular site maintenance can open you up to a host of difficulties.

Recently, a new client's Marketing Director wanted to push out some simple SEO improvements to their company's site, like ensuring the XML sitemap was configured correctly.

What should have been an hour or two of work, however, ended up taking days. Why? Because the client hadn't performed regular site maintenance or security updates. 

This is more common than you'd think. Many times, agencies are so busy serving client needs and designing beautiful customer-facing websites that they are too busy to do regular maintenance. This lack of maintenance is often only caught when updates can't be made because configurations are out of date or—worse still—when something breaks.

Failing to do regular site maintenance can open you up to a host of difficulties, so we asked Christopher Tomasso, one of our web developers, to share his perspective on the technological and business impacts of an out-of-date site—especially for Drupal users.

What are the challenges of not performing regular maintenance?

It comes down to security and functionality. 

When you're not updating your site regularly, you open yourself up to security vulnerabilities. It’s like leaving a window open at your house and then going away on vacation, trusting that nothing bad will happen. And knowing that you should get around to updating your site but never doing it can be a real source of panic and stress. You might be aware of your vulnerabilities and not doing anything about it is never a pleasant feeling.

In terms of functionality, regular maintenance and updates offer you the chance to get the most out of your site. 

There was one instance where we were called because a client's intranet stopped working. Internal users were no longer able to log in or access any of the information they needed to do their job. When we looked into what had gone wrong, it turns out the company hadn't updated their site for over eight months. The whole corporate intranet failed because a simple date module needed updating. This was an easily avoidable situation if someone had performed routine site maintenance. 

What are recommended  best practices for maintenance?

Regular monthly maintenance that keeps your site up to date is the best thing you can do for your system. Suppose something does go wrong and needs investigation. In that case, it's far easier to sort through whether something in the last five updates you did that month negatively affected your system rather than trying to sort through the 80 updates that you did all at once because you waited too long between site maintenance rounds.

Make sure you keep good documentation about all system maintenance and updates. Documentation will help you quickly assess what has happened if your system experiences problems. For example, some of your modules will have patches to address incompatibilities. Something may have stopped working because a patch was lost when a full update to a module was made. It's easy enough to reapply that patch, and solid documentation will tell you which modules needed which patches so you can get to the root of the problem quickly.

Good QA is also essential. Always test your site before pushing it to production so that you can catch any issues. The ideal situation would be to have a trained Drupal user who also has extensive knowledge of your site to do the QA work. 

When doing updates, what should be prioritized?

Your first priority should always be security updates and any update that is listed as critical. Always take the severity level of the update into account. Every once and awhile, maybe once or twice a year, there will be what is called a 'Drupal-geddon' alert, which happens when a critical security vulnerability is identified and a patch devised. Anytime you see one of these 'Drupal-geddon' notifications, the update needs to happen ASAP!

You also want to put server configuration updates high on your list of priorities. Always make sure that your servers are running the latest version of PHP recommended by Drupal and that it's kept up to date. 

And again, make sure you are maintaining good documentation. More is always better. 

What should businesses do if maintenance has not been performed? How do they get out of the situation?

In that case, it's best to get professional assistance. You need to bring in someone like Symetris to spend time with your system and review what needs to be updated. If you have multiple updates that require installation, it quickly becomes something that you can't just do all at once or by yourself.

These professionals will do the little, tedious things that might get overlooked when a series of major updates need doing all at once. They will check for hacks and patches that have been installed on your modules to ensure that updates don't mean you lose custom functionality that will negatively impact your business. 

Getting this kind of work done if your site is out of date will be especially important later this year, as Drupal 7 will reach its end of life on November 28, 2022. At that point, version 7 will be unsupported, so you need to start thinking now about how and when to upgrade to Drupal 8 or Drupal 9. 

What does Symetris do for clients as part of our preventative maintenance service?

We do all of the things required to keep systems up to date that in-house IT staff may not have the time or sometimes the knowledge to get done themselves. You want a Drupal expert to be in charge of updating your site. Drupal can get incredibly complex, and there are many variables to consider. There's real value in having an experienced Drupal expert performing your maintenance. 

We will test the code base, for instance. We'll look at what patches and hacks you have installed and analyze their functionality. We also offer different environments for dev, staging, and QA testing before your site gets pushed to production to ensure there are no functionality issues. 

Symetris will also assign a Quality Assurance Specialist person to your site to ensure that it's tested and documented and that there aren’t any unexpected issues. 

And if ever one of those 'Drupal-geddon' updates comes through, we will establish a task force to ensure that client sites are updated ASAP to protect them from vulnerabilities. 

Symetris has helped hundreds of clients implement preventative maintenance cycles. For a free consultation on how we can help you, fill out the form below.