Jump to content

From a security & maintenance point of view, how often should a updates be installed?


bkno
 Share

Recommended Posts

Hi,

I'm new to PW and like it a lot so far. With most WordPress and Drupal websites there are frequent updates to core & plugins, some of these are security released so I tend to install any updates ASAP. When supporting many websites this update fatigue is pretty tiresome.

What is your update strategy when maintaining PW sites? Would be interested to hear if you think it is valid to perhaps do a quarterly update or perhaps only even update yearly if there are no security announcements?

Also just to clarify, if there a security mailing list we should subscribe to just in case an urgent fix is ever released?

Thanks!

Link to comment
Share on other sites

By now there aren't any known security issues with processwire core, so updating is purely needed for accessing new features. There's also no mailing list for security. The best is to follow the weekly blogposts by any of the available channels.

  • Like 1
Link to comment
Share on other sites

Howdy @bkno, and welcome to the forum.

ProcessWire itself is very secure, in that there have been few, if any, security related updates. In fact, I am not aware of any such update in the couple of years I have been using ProcessWire. Consequently, there isn't a security mailing list like what you have become familiar with in other platforms.

As far as an upgrade regiment is concerned, if you stick with the latest master version you should have no issues. For those times that you do wish to upgrade, the procedure is very simple and as a result, not anywhere close to being tiring as with the other cms/cmf you have worked with. And the only real reason you might upgrade is when new functionality becomes applicable to your site.

The modules that you can install are created by the community, and should be treated as any user-defined content. As with any publicly accessible resource, it is up to the developer to guard against malicious intent. ProcessWire provides a number of tools to assist you, such as sanitizing data submitted by your users. That being said, the community members here are very knowledgeable and very experienced, and again, I am not aware of any security issues with the modules they produce.

The previous security issues you experienced is why I also left those other environments. I have had no disappointments or regrets moving to ProcessWire. In addition, you can browse any topic in this forum and see the quick and accurate support provided by the community members.

I don't intend for this to sound like a sales pitch. I'm only stating the facts as I have come to know them. 

 

There ya go. @LostKobrakai is one of those community members. He beat me to the post. Again. :)

Edited by rick
  • Like 3
Link to comment
Share on other sites

Welcome to the forum @bkno

Just one consideration to add to the others written above: most likely you will only be forced to update an otherwise smoothly running ProcessWire website when the PHP version it is running on becomes obsolete and the new PHP version you wish to upgrade to has deprecated methods no longer supported/available but some functionality of your old ProcessWire depend on those deprecated PHP functions, meaning you will need to update your ProcessWire core and other modules in order to keep up with the changes in PHP.

Sure, it is a general issue with PHP based websites, but since you asked how frequently you need to update, I think it is worth pointing out that due to the nature of PHP one day you will be forced to update or at least want to update if some PHP security flaws emerge in no longer supported PHP versions.

Other than that, you do not have to update at all :) That being said, I recommend updating when you need new features provided by the core or when you want to upgrade to a PHP version which dictates the need of upgrading ProcessWire.

Hope this helps.

  • Like 1
Link to comment
Share on other sites

Many thanks all! Happy to be here.

Very encouraging to hear - this will enable updates to be done during active development phases with a site, so there can be a general round of testing rather than trying to test everytime after installing frequent updates.

I'll check out the upgrade module.

  • Like 1
Link to comment
Share on other sites

One thing i'd like to bring up is the fact that because the design of your website is separate from the back end and content of your website upgrades don't break your website.

This is the largest bugbear I have had with WordPress and I no longer do ANY sites with it. It's as if a WordPress site has a lifespan - after a year or 2 I dreaded upgrades to the theme (yes even with child themes) as any update could break my client's site. Even plugin updates could break the site. And a site lasting more than 3 or 4 years - I haven't had one yet. Most of the sites I ran were designed by designers (I handled the back end) always with modifications - and I don't think I have particularly picky customers. Its just WordPress sites are so generic out of the box that you have to modify the theme.

These days I have a designer do me a homepage and an internal page (saving me money compared with them doing the full site) and I implement the pages with various page layouts, blogs - whatever I want. Anything WordPress could have done I can do - though it can take some PHP programming to get what I want. (but I do get EXACTLY what I want)

And I never have to worry about updates. I just noticed a site I was working on from last year was ver. 2.7 and as it's going live I decided that I'd send it off with the latest version. Update to 3.0.63 took less than 5 minutes (and that included taking a backup of the database)

Give Processwire a try - there is a bit of a learning curve on your first few sites but after that (and easily reusing code) you'll never look back.

 

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...