After recently reading several horror stories about websites and blogs being hacked simply because they were running outdated versions of their CMS or WordPress, I decided to upgrade – EVERYTHING. The server, the blog, the website – even my “back burner” website.
Up until the last few weeks I’ve always taken the “if it aint broke, don’t fix it” attitude. Partially because I’m lazy, and partially because I’m paranoid that something will break if I try to upgrade it. But after weighing the options I decided that if something was going to break I would rather break it on my schedule and not some Turkish hacker or script-kiddie’s schedule.
I started a couple of months ago by upgrading the site to the Drupal 5.x. I then upgraded a few things on the server and added some additional security related items (sorry, no details), and I also upgraded my other site to Drupal 5. Finally, today I topp’d it all off by upgrading my WordPress. Even though virtually all of these mini-projects were learning experiences for me they all went 99% smooth – even the scariest part, re-compiling Apache on my server. Seems that all this time I’ve been living dangerously for no real reason.
So I’ve turned-over a new leaf and will now try to keep everything current – maybe not to the newest version of everything (no Drupal 6 or 7 just yet), but at least to supported versions. I’ve even started using a nifty Drupal module called Update Status which notifies me any time a Drupal module has an update available.
If you’re like me (lazy or afraid to break things) you might want to consider doing a few upgrades – especially if there are known vulnerabilities in old versions that you’re using. Remember – would you rather break something yourself, or have someone break it for you?
What about you? Do you always upgrade to the latest and greatest, to the current “stable”/supported version – or do you just sit back and hope nothing bad happens?