by Elliot Christenson on March 1, 2018 - 7:35am

Last Wednesday, February 21 was a security update that impacted Drupal 8, Drupal 7, and even Drupal 6 "LTS". Hundreds of thousands of website operators need to immediately update their websites! A huge percentage of them are not "web developers". Many don't even know they need the update!

Drupal isn't known for its ease of use for site owners. It's come a long way, but it remains difficult for most. That's expected and sometimes even exciting for Drupal developers.

What about the (non-developer) site owner? We don't believe your site should be left vulnerable. We believe you should be able to "just chill" rather than stress about your Drupal site security!

Read on for a peek behind the curtain to see what the Wizards do so you don't have to.

Contact myDropWizard to have us handle your Drupal updates for you!

You probably didn't realize, but it was a busy day last Wednesday at myDropWizard, Inc. We updated dozens and dozens of Drupal 8, Drupal 7 and even Drupal 6 websites today. We even updated our new distribution Roundearth to include the latest security releases!

Drupal core security update for SA-CORE-2018-001 (including Drupal 6!)

For our customers, it was just a Wednesday.

Our custeoms simply got an email that looks something like this:

myDropWizard Security Support Email [image]

What You Shouldn't Have to Do

This is probably what you're doing now:

A traditional web agency - even if they specialize in Drupal - is busy building great websites. Your website is awesome. It's built with the power of Drupal. Agencies are great, we partner with many through our White Label Program!

Agencies would have to:

  • Get the security adviseries
  • Know what needs to be done to mitigate the issue
  • Know/test what else it impacts in your site
  • Make full backups of your site
  • Put the fixes into place
  • Test the site to make sure critical features of your site function properly
  • Deploy the site
  • (Rinse and repeat and or all of those steps)

Support and Maintenance is not their only business - or even primary business, so they have little choice but to charge you for expensive "one-off" billable hours. This can amount to hundreds of dollars for each update.

Remember, you didn't even know this update was coming. How do you budget?

It could be worse! Your agency may not even have time to do these, and you're left fending for yourself. If you have time and experience, great! If not?

Evil Hackers Are Waiting [Image]

Hackers are scanning the Internet immediately for known vulnerabilities. Every second wasted is an exponentional decrease in your safety level. Your website can be compromised without you knowing - and then utilized for all sorts of mischief and dangerous crimes. Depending on various laws, you could even be liable for negligence*!

These fixes happen with our lowest cost plans for as little as $99 per month!

What myDropWizard Wizards Did

"a lot of repetition. a lot of panic."

When asked about our process for deploying security updates, one of our Wizards (who will remain nameless but I bet you can guess!) blurted "a lot of repetition. a lot of panic."

While that is not exactly the case, there is some truth to that!

We have manual and automated tools (a process I refer to as "semi-automated") that we put to work as soon as security releases are made public. In the case of Drupal 6 security releases - for core and popular contrib modules - this often means that the Wizards must craft a patch for Drupal 6 LTS!

So, step "zero" is to create a fix where none may have even existed.

We work on D6 patches before the vulnerabilities are publicly released. This is critical. myDropWizard is one of only 3 vendors given this ability to work on Drupal 6 security before the issues are revealed to the general public. By the time the rest of the world finally knows there is a problem, your site can already be patched!

  • We Back-Up Your Site
  • We Install the Updates!
  • We Deploy/Test Your Personalized "Critical Use Cases"
  • We Send You an Email (or update your Jira/Trello/Slack)

We are doing this several times per month. We are doing this for tons of Drupal sites each and every month. If things go wrong, or those Evil Hackers would somehow beat us to the fix:

We get your site back to good for no extra chage.

Contact myDropWizard to have us handle your Drupal updates for you!

Meanwhile...

You're Just Chillin' [Beach Image]

*We are Wizards - not Lawyers! We don't give legal advice, and attorneys arent Web Support Wizards. Please ask lawyers legal questions and ask Wizards for Web Support!

Want to read more articles like this?

myDropWizard.com blog Subscribe to the myDropWizard.com blog and recieve e-mail updates when new articles are published!

Add comment

o