How to properly update your Drupal site and why it is extremely important
Recently there was a mass hacking of sites on CMS Drupal (up to 7.58). This became possible due to a vulnerability in the system itself, which did not properly validate the data received from ajax requests. As a result, the site was easily hacked, folders and files with malicious code appeared in directories, and existing files were injected into them - the code was simply added to them. Therefore, it was necessary to restore the site as soon as possible and update its system, modules and themes.
To update the site correctly, you need to follow several steps:
- put the site in maintenance mode;
- unpack the latest version of CMS Drupal to any folder on the hosting;
- delete the directory " sites " in the newly unpacked folder, then copy the same directory from the old site;
- replace with old ones or edit if necessary files " robots.txt ", " .htaccess ";
- delete the old site directory, and rename the new one to the desired name and place it in the right place on the hosting so that the site is available on the previous path;
- go to the site and be sure to run the file " update.php " - it will make the necessary changes to the database;
- put the site into working mode.
Some users simply unpack the new version over the old, which is wrong, as some old files, including viruses, remain. Therefore, it is important to adhere to the above instructions.
Next, you need to update modules and themes , for this the update module must be enabled in the site settings. Then go to the page of this module and run automatic update . As a result, the modules and themes will be successfully updated, it remains to run the file " update.php " again.
It is also important to update the translations of the interface, for this install the " localization update " module and enable auto-update.
There are files in the root of the site that are better to delete: " CHANGELOG.txt ", "COPYRIGHT.txt", "INSTALL.txt", "LICENSE.txt", "MAINTAINERS.txt", "README.txt", "UPGRADE.txt". If this is not done, it will be easier for an attacker to find out information about the system, which will make it easier to hack .
After completing all the above procedures, your site will be completely updated to the latest versions - now you are not afraid of any threats. If you have any difficulties, please contact.
- 09.11.23IT / Database Errors when migrating from MySQL 5.6 to 5.7 and how to fix them - database dump import failed with an error or INSERT does not work. Disabling STRICT_TRANS_TABLES strict mode or using IGNORE
- 09.07.22IT / Misc Convert office files DOC, DOCX, DOCM, RTF to DOCX, DOCM, DOC, RTF, PDF, HTML, XML, TXT formats without loss and markup changes
- 07.07.22IT / Safety How to protect PHP, JS, HTML, CSS source code - obfuscation, minification, compression and encryption
- 06.07.22IT / Safety Connection not secure, problem with Lets Encrypt - how to fix expired 09/30/2021 DST Root CA X3, remove it manually and install ISRG Root X1. Example on MS Windows 7
- 08.07.21IT / Misc How to make a free translation for a website without an API, translate documents in Google Translate