It is very important that software is kept up to date. This is especially true for your CMS (Content Management System). As software ages, more weaknesses are discovered leading to greater vulnerability. At the same time, hacking resources and knowledge increase leading to more vulnerability again as things that may have been secure a year ago no longer are due to advances in technology, software or knowledge. Newer software tends to be more secure for many reasons. First, all of its weaknesses have not yet been discovered. While there are zero day defects it usually takes time to find them. Plus, generally newer versions will defend against vulnerabilities found on previous versions. This typically makes newer versions more secure. In the case of your CMS they also make it easier to upgrade the newer versions so it is not so easy to fall out of date by being stuck on a specific version.
This is true on most software. As the software market matures, its products become better on performance and security. Sometimes it can be a balancing act as you don’t want to make security so good that the product becomes unusable. At this time most realize that security is always an important concern. Many keep up with the newest versions of their software just for the performance benefits. They typically also benefit from the better security even though many times it is not their primary focus.
Security is Essential for CMS
When it comes to a CMS it is very obvious that security is essential. It is never a good thing for a spamming hacker to get loose on a website. Since hacking robots are constantly searching the Internet for systems they can get into, any system with lax security or using outdated software will soon find itself hacked. It is much less work to secure a site correctly and keep hackers out then it is to get a hacker out of a site once he has gotten in. You can never be sure if you find all the back doors they might have left to enable another hack. The best thing is to follow good security practices which include updating your software.
Updating your CMS is one of the easiest and best ways to protect your site, because a new CMS will likely defend against previous problem. Once you have the most recent version of your CMS, it should be easier to upgrade than previous versions. That is something most CMSs work for in order to make their product more usable and more secure. A good CMS will also be sending out periodic updates to its products in between version changes. These updates are used to close vulnerabilities that have been discovered as well as to initiate improvements in performance. Any time you see a new update released, you should avail yourself of it as there is usually a specific reason for releasing it in the first place.
There are some times when the update itself may cause a problem or create a new vulnerability but normally that doesn’t happen. Generally, it is much better to have the newest update or version release than not to have it. For those rare times when it actually does cause a problem you can be assured that the problem will catch a lot of attention and be fixed fairly rapidly. A bad update is usually followed very closely be a fix for that update. Bad updates are not what normally occur however.
The Important of Staying Up to Date
Keeping things up to date should be considered normal maintenance. By keeping everything up to date you have less security issues and your performance will also be better. Going a couple of steps further and following good security practices is also a very good idea. Still a first step in that direction is to simply update your software.
Mainly we have talked about security concerns as a reason for keeping software up to date. I could make another, good argument for keeping software up to date for performance reasons. When you think about both reasons, it is hard to find any reason not to upgrade your software. Of course, for some software there may be financial reasons that keep you from upgrading. I am not going to make an argument for spending money to have the newest and best software but many times it does not cost anything to install the updates or upgrades. Often, as I mention above they are in response to specific problems or weaknesses that have come to light and are released to help with those issues. In those cases it is always better to fix the problems with the new release.
Many do not understand just how fast things change in software, hardware and the Internet. It is changing very rapidly. Anything 5 years old is going to be very out of date. Five years on the Internet is a whole generation of change. If you get a couple of years out of software you are doing very well. During that time it will be necessary to update or upgrade several times or the software goes out of date that much sooner. It is like I have found with the old Joomla sites I have had to move and upgrade. While some clients have let them get to be 8 years old or more there are just so many vulnerabilities to the old versions at this time that they are just impossible to secure. There are so many known ways to get into the older versions that you just can’t block all of them. The only answer is to migrate to the newer versions and clean up the site as you do so. Even sites that have aged 5 years or so are in just about the same boat.
The state of the art of site security and CMS software has advanced so far in the last few years that these sites are just terribly insecure and hard to migrate and improve. If they had been upgraded as new versions were release they would now be fixable and upgradeable with just a couple of clicks. Instead, it is now an expensive and difficult process to migrate them to the newest versions. Many will even recommend not to try and just to delete the site and start over. That would not be my recommendation unless it was a very small, easily reproducible site. Keep in mind that by not keeping your software and CMS up to date you end up incurring more expenses in the long run and that is not even considering the cost of a hacked site. That can run a large range as it depends on what the hackers do with the site once they have gotten in to it. So for better security and performance remember to keep your software and CMS up to date.
– Robert Hunt, Systems Administrator