Sign in Registration

How to properly update your Drupal site and why it is extremely important

Recently there was a mass hacking of sites on CMS Drupal (up to 7.58). This became possible due to a vulnerability in the system itself, which did not properly validate the data received from ajax requests. As a result, the site was easily hacked, folders and files with malicious code appeared in directories, and existing files were injected into them - the code was simply added to them. Therefore, it was necessary to restore the site as soon as possible and update its system, modules and themes.

Drupal - обновление

To update the site correctly, you need to follow several steps:

  • put the site in maintenance mode;
  • unpack the latest version of CMS Drupal to any folder on the hosting;
  • delete the directory " sites " in the newly unpacked folder, then copy the same directory from the old site;
  • replace with old ones or edit if necessary files " robots.txt ", " .htaccess ";
  • delete the old site directory, and rename the new one to the desired name and place it in the right place on the hosting so that the site is available on the previous path;
  • go to the site and be sure to run the file " update.php " - it will make the necessary changes to the database;
  • put the site into working mode.

Some users simply unpack the new version over the old, which is wrong, as some old files, including viruses, remain. Therefore, it is important to adhere to the above instructions.

Next, you need to update modules and themes , for this the update module must be enabled in the site settings. Then go to the page of this module and run automatic update . As a result, the modules and themes will be successfully updated, it remains to run the file " update.php " again.

It is also important to update the translations of the interface, for this install the " localization update " module and enable auto-update.

There are files in the root of the site that are better to delete: " CHANGELOG.txt ", "COPYRIGHT.txt", "INSTALL.txt", "LICENSE.txt", "MAINTAINERS.txt", "README.txt", "UPGRADE.txt". If this is not done, it will be easier for an attacker to find out information about the system, which will make it easier to hack .

After completing all the above procedures, your site will be completely updated to the latest versions - now you are not afraid of any threats. If you have any difficulties, please contact.

Comments (0)
For commenting sign in or register.

Latest articles

Popular sections

Eqsash (Tools)

Android app - VK LAST USER ID, отучитель от зависимости и т.д.:
Available on Google Play

Amessage (Communication)

Login to the web version
Android app:
Available on Google Play

Share this

Subscribe to



IT notes - In simple language about the most necessary things (HTML, CSS, JavaScript, PHP, databases, Drupal, Bitrix, SEO, domains, security and more), PDF, 500 p.