If you think of your website as a garden, outdated versions of your CMS (whether WordPress, Drupal, MODX or Craft) — and their associated outdated plugins or modules — are essentially the weeds. Thanks to the constant evolution of these platforms, new point releases of either a platform or a module are issued almost daily. Some of these updates address bugs, some address performance, some include new features, and some patch critical security vulnerabilities.
Like weeds, catching platform updates when they’re small is usually straightforward. The changes are minor, they’re easily addressed, and a high-level QA pass is typically enough to see if the update resulted in any issues on your site. If you’ve waited for a year rather than a month to perform your updates however, be prepared to spend some time in the weeds. By that point, the gap between your version and the latest version of the CMS is significant, implementation is harder, and the risk of site breakage (and a follow-on round of fixes) is much higher.
What often forces this reckoning is when one of the updates includes a patch for a critical security vulnerability. Those who have been keeping the garden tidy can knock out the update pretty quickly, while those who have to hack through a year’s worth of weeds to get to the “Audrey II” security update have bought themselves a hell week, and always at the worst possible time.
At Culture Foundry, we can help you stay ahead of the weeds by including regular platform updates in your monthly garden site management agreement. We’ve found that setting side 3 hours per month per site is a good set point for budget expectations, though that can vary depending on your site’s specific platform and scope.