This is the third in a series of articles focused on online security written by the team at Floating-Point.
It is safe to say most companies use a content management system these days. WordPress, Drupal, Joomla, Expression Engine, Mura, DotNetNuke, Silverstripe, Umbraco, Weebly, Agility CMS and so on and so on … We have our recommendations but to each his own as they all have strengths.
There is one fundamental tie between all of them and that is a web language. What I mean is an underlying coding language like PHP, Cold Fusion, ASP.net and so on … Each with their own set of security issues and new features that need to be updated regularly. These updates are subsequent to your CMS and drive the complexity of the system you are using even further up the ladder of complication.
Let me know if your eyes are glazing over yet.
Where this so far boring article is travelling does matter though and I am talking about those pesky updates. Just like the ones required for your iPhone or Windows computers, these updates do very important things for your CMS security and features. They are insanely critical to keeping things operating smoothly under-the-hood and offer you the latest features for your editing experience.
There is one problem with updates though and that is that they can also be incredibly damaging to your editing experience.
Let’s say you install a calendar plugin from a 3rd party developer and things are running smoothly. A little while later [insert your CMS name] comes out with an update. You want the latest security and features so you click that update button and low and behold your calendar goes blank.
What happened to my data?
Well long story short, the developer hasn’t updated their plugin to reflect new important optimizations your [insert your CMS name] just made and now the plugin is effectively broken and your data orphaned inside the database with no hope of being displayed to your end user. There is also no solution to this problem until calendar plugin developer actually updates their plugin to reflect the new CMS optimizations.
Well maybe I will never update then!
Bad idea. Now hackers and spambots will be coming in droves to sell you the latest in online pharmaceuticals and steal private data from your users. This was possible due to security patches not making it into your plugins, and vulnerabilities opening up to the bad guys.
Fair enough, so when do I update?
In our experience, after developing many a website, we keep our clients 1 version back and never recommend the latest CMS update due to watching many 3rd party plugins blow apart over our 20 years of developing web solutions. Once in while we will even wait a few months to update to new version if there are security concerns or it is a major release with a lot of core changes that require developers to catch up.
You need a partner that knows this type of development cycle and understands the best maintenance schedule for your website. You will be happy to know we offer this service at no additional charge with our monthly TSA Reports outlined a few blog posts ago. If you are interested in knowing more about this, please contact Clair Kimmett (Sales & Marketing Director) using our convenient form below.