Installing updates quickly: a must for better security!
Installing updates on a regular basis is a fundamental requirement to protect your site, app or IT infrastructure from cybercriminals. In this article, we will tell you all about the risks of ignoring updates and what you should definitely update.
The risks of a vulnerable website
Technology never stands still. Every software or tool that has ever been developed can always do better – not only to make it easier to use with new features and faster operation, but above all to make it more secure.
After all, experts often discover errors that make the software vulnerable. And cybercriminals and hackers can exploit these vulnerabilities to commit fraudulent acts, using techniques such as SQL injection, Cross Site Scripting (XSS), File Inclusion, Cross Site Request Forgery, etc.
Are you starting to feel afraid? Do not worry! The techniques used to attack you all have one thing in common: they exploit vulnerabilities in the code. And as soon as these ‘glitches’ are identified, the people who developed the code quickly release an update to fix them. It is, however, your job to install this update as quickly as possible if you want to make your website (and your users!) safe again.
What is the difference between updates and upgrades?
Just to be clear: an update and an upgrade are two different things (read more about semantic versioning). An update is usually a small change that fixes some issues. An upgrade is much more elaborate. For example, with WordPress, switching from version 4.1 to 4.1.1 is an update, and switching from version 4.1 to 4.2 is an upgrade. This mea ns a change has been made to the structure of your database.
In most cases, you will be able to perform both updates and upgrades yourself without any difficulty. In your WordPress CMS, for instance, you get a notification informing you that an update is available, and you just have to click on the link to install it.
Many users still think that an upgrade might break their site – something that used to be the case in the past. These days, however, such problems are very rare, and you no longer have any reason not to update or upgrade as quickly as possible, in order to ensure maximum security for your website and your visitors!
In the past, an upgrade could break your site. This is now very rarely the case. So, you no longer have any reason not to update your site as soon as possible!
What and when should you update?
Perhaps you have not thought about it yet, but there are several aspects of your hosting that you need to update on a regular basis, and preferably as soon as possible when an update is released. This concerns not only the operating system (OS) running on your server, but also any other code used on your website. This includes your CMS (WordPress, Joomla, Drupal or e-commerce software such as PrestaShop or Magento), as well as the themes and plug-ins you use in your CMS.
Also remember that most CMSs are based on the principle that a script (PHP) retrieves data from a database (usually MySQL) and then formats them so that users can see them. And vulnerabilities are regularly found there as well – and these can also be fixed via an update or upgrade.
1. The operating system of your server
You may not be particularly familiar with the software running on your server – usually NGINX, Apache or IIS. But this software also needs to be regularly updated.
How? Combell will handle this task for you for most of its hosting packages. For some packages, engineers perform daily upgrades for all services, without any risk of downtime. Upgrades that require downtime are first checked manually and then rolled out in a controlled manner, via automation systems.
For Linux cloud servers, engineers roll out the necessary patches on a weekly basis and in an automated manner via an update manager developed in-house. On Windows cloud servers, engineers install Windows updates on a weekly basis. And so on...
2. The Content Management System
(WordPress, Magento, Joomla, Drupal, e-commerce CMSs such as PrestaShop or Magento…)
How? Your CMS will usually inform you that an update is available. Do not ignore this notification! If it is a major upgrade, make sure you have a fully working backup!
3. Scripting language (PHP)
How? Combell has made things easy for your web hosting: in your control panel (my.combell.com), you just need to indicate that you want to make the switch. In your dashboard, click on My Products > Web hosting, select the web hosting package you want to check or edit and click on PHP settings. From the drop-down menu, under ‘version’, select the desired version. Combell will then perform the update automatically and immediately, without any impact on your website.
On Linux cloud servers, we also take care of the patching (the updates, not the upgrades) via our own update manager.
4. Plug-ins and themes
In your CMS, you use themes to define the overall layout of your website, and plug-ins to add extra features.
How? Unfortunately, you will have to check manually if there is a new version of the plug-ins and themes you use. Get used to the routine of doing this at regular intervals. Make a list of the addresses of the creators of the plug-ins and themes you have to go through. You can update by using the new version in your CMS.
5. Your own computer!
You too can be a weak link, a vector to attack your site. So make sure your computer is free of malware. Install browsers and extensions from trusted sources only, and update them as well!
Combell’s autopatching service helps you keep your site secure until you install an update
Usually, when a vulnerability is found in your CMS, operating system, PHP... a temporary emergency solution (a patch) is released. However, a patch is not an update or an upgrade! It is only a ‘band-aid’ that helps fix a vulnerability until you install an update. As mentioned above, you still have to launch the update or upgrade yourself as soon as possible after you receive a notification.
With Combell's automatic patching, you benefit from better protection against security issues and are free to focus on your core business.
Keeping track of all the new threats that have been identified is a time-consuming task – time you would rather spend focusing on your core business! That is why Combell provides its users with an automatic patching service. This is an automatic security service that automatically scans your files for all web hosting packages. The scan checks whether the files are vulnerable, contain malware or can be exploited by hackers. And if you wish, Combell can even automatically patch certain files.
Why should I update? Hackers will not be interested in my site...
Attackers do not make a distinction between large and small sites, or between a bank and a construction company. They always find a way to make money out of their attack, if only by using a compromised site for another attack.
Another danger is that they might use your site to spread spam. This could result in your site or domain name ending up on a blacklist, which is detrimental to your SEO!
Also remember that cybercriminals use bots, automatic scripts that run across the web, in search of vulnerable websites. If your website is not up to date, it will make you an easy target.
Conclusion: you better not ignore your updates
So, what lesson should you learn from this article? That it is wrong to think that you no longer need to worry about your website, app or IT infrastructure once it has been launched. Updating is crucial – for the security of your website and your visitors. Updates usually contain improvements to security, but they often also include extra features, such as those that make your site easier to use!