Four reasons why you must update your CMS
We’ve all received plenty of annoying update notifications, to the point where most of us have trained ourselves to ignore them. But when it comes to your content management system, updates aren’t something you should treat as a nuisance, because they could be crucial to the functionality of your website and the operations of your business.
First, the basics – most websites today run on a content management system, or CMS, that makes it possible to create, publish, archive and update content without a working knowledge of web coding languages. From a user’s perspective, it means that you can add or amend content without having to contact your web developer for help.
At Zeroseven, we specialise in building sites using the Kentico and Umbraco CMS platforms because of their superior features, functionality and customisability. But there are plenty of popular CMS options on the market, including WordPress, Joomla, Drupal and Magento.
Just like the content on your website needs regular updates to stay fresh and current, your CMS will need to be regularly updated – it’s not a set-and-forget proposition. Technology is always evolving, and updates are continually being released for CMS platforms.
To get the most out of your site, and to avoid the significant risks and unwanted consequences of hanging on to an older version, it’s essential that these updates are made – and here are the most important reasons why.
CMS providers are in a constant cat-and-mouse struggle with cyber criminals, who are always looking for new security vulnerabilities and attack vectors to take advantage of. When a weakness is identified, either through an actual exploit or a security audit, the provider will look to plug that hole straight away – and they’ll do that in the form of a CMS update.
You might think that your site would escape the notice of hackers, but there’s little rhyme or reason to where they attack. The recent Microsoft Exchange attack saw hackers pile on to an identified weakness and compromise at least 30,000 email systems, including schools, hospitals, city councils and businesses. The goal was to smash and grab as much data as possible before the vulnerability was closed, regardless of where the data came from, and make sense of it later.
In this climate, it’s simply not justifiable to expose your site to unnecessary risks by failing to keep up with your CMS platform’s security hot fixes and patches.
Crucially, these hot fixes and patches are usually only released for recent versions of their systems, so if you’re lagging too far behind, you won’t benefit from them. If your security’s not up to date and your site is compromised, you could be liable if private user data that your site has collected – including email addresses, credit card details, passwords, and other sensitive information – is stolen.
Even if you’re not collecting any of that data, consider that a hack could result in the hijacking of your site, leading to your content being altered, spammy links being added, or your CMS password being changed, preventing you from accessing the back-end of your own site.
A compromised site could also be leveraged to distribute malware or ransomware on behalf of cyber criminals. There’s been a 200 per cent increase in reports of ransomware to the Australian Cyber Security Centre in recent months, and the total annual economic impact of cyber crime in Australia was recently estimated at $3.5 billion – with $1.9 billion of that figure coming from individual victims.
Ultimately, updating your CMS security is about ensuring that your data and your reputation remain intact.
Site stability and compatibility
Not every fix in an update is for a security issue. Often, an update will include patches to resolve common problems that have been identified in earlier versions of the software. These could be coding errors and bugs that could break pages on your site if they’re not addressed.
Consider, too, that your CMS isn’t the only technology that’s being regularly upgraded. The third-party systems that your site integrates with are also evolving – and even if you decide you want your CMS to stand still, those systems will keep moving forward. That means you might start to see problems with the functionality of your site, as plug-ins and integrations that once worked perfectly are no longer compatible with your out-of-date CMS.
Similarly, CMS platforms are sometimes updated to ensure they remain compliant with regulation. The infamous General Data Protection Regulation (GDPR), designed to give EU citizens more control over their data, is a good example of this. If you don’t make the update, you could find yourself in violation of the law through sheer inaction.
Time and money
Like most things that can be done today but are put off until tomorrow, upgrading your CMS becomes harder and more expensive the longer you leave it.
If you’re making updates and applying hot fixes regularly, these bite-sized changes should require a smaller amount of time and effort to implement (and, accordingly, a smaller project budget).
If, however, you put off the updates for an extended period of time, you’ll find it’s rarely a simple matter of skipping to the very latest update and applying it to a years-old version. Instead, you’ll have to make several smaller changes to get your outdated site to the point where it can be upgraded to the latest version, making it a longer and more costly process.
As well as taking more time to deploy the updates, this could leave you with longer outage times. Not only is this a bad look for your website, but it’s not a productive result in terms of revenue, if you use your site for eCommerce purposes or to generate business in other ways.
In that case, you might think, it’s not worth making the update at all. But that still leaves you with all of the other problems we’ve identified here, and with an older website that’s prone to technical issues and costly maintenance bills. Think of it like an old car that has a habit of breaking down – you could keep pouring money into fixing it, or you could just invest in a newer, safer and faster car.
CMS providers typically improve their product capabilities over time, and include innovations, performance improvements and enhanced functionality in their updates. If you’re stuck on an older version, you’re probably missing out on new features.
Whether they’re flashy bells and whistles or simply more efficient codes, they can all help to improve the speed, performance and capabilities of your site and provide a better experience – both for visitors to the front end of the site, and for users operating in the back end.
As underlying coding practices, patterns and frameworks evolve, and new technology stacks emerge, your CMS provider will incorporate them into their offering, adapting and moving with the times. It’s important you move with them, or risk being left with an outdated site that provides a frustrating experience for customers, clients and employees alike.
How often should you update your CMS?
As a general rule, we tell our clients at Zeroseven that CMS updates should be reviewed quarterly, but there’s an obvious exception to this – when an update is made for urgent security reasons, it should be made as soon as possible. A security advisory will usually accompany these updates to stress their importance.
Of course, it’s important to know who’s responsible for ensuring your CMS is regularly updated. If you’re subscribed to a software-as-a-service (SaaS) model, like Umbraco Cloud, then the vendor will usually apply the updates themselves. But if that’s not the case, you need to make sure you have clarity around the ownership of this crucial task so it doesn’t fall by the wayside.
If you manage your site internally, ensure that someone within the business is responsible for CMS updates, and that they’re monitoring your CMS vendor’s communications for security advisories and update release schedules. Depending on the CMS, you may also need to have a paid support plan or licensing agreement in place with your vendor to ensure you have access to the latest updates.
If your site is managed by a developer, make sure you have a plan in place for keeping it up to date. The value of entrusting updates to a developer, particularly for more complex or custom-built sites, is that it’s not uncommon for updates to necessitate code changes and impact compatibility with APIs and extensions. Often, they’ll need to be updated too, or different extensions will have to be found to take their place, to avoid pages being broken on your site.
A developer can also ensure that your site is properly backed up before an upgrade is made, and that it undergoes a formal testing and release cycle.
Regardless of who does it, what really matters is that CMS updates are made regularly – and that your site stays on the front foot as technology evolves.