Posted in: News
Published: July 2, 2009
Why you should keep your software (and website!) updated
I often have clients ask me why they should upgrade their websites to the latest version of whatever software their site happens to be running (be it WordPress, Drupal, Joomla, Expression Engine or something else).
For anyone who works daily developing or maintaining software, especially open source software, the process and reasoning behind updating seems so obvious that it almost goes without saying. But for the rest of us, software updates are, at best, an inconvenience that you must sit through, and, at worst, an unexpected expense. With that being the reality for many people, I am going try to elucidate why you should keep your web-based software installations up to date, even if that means paying someone to do it.
Software updates: what are they, exactly?
First off, let’s define what we mean when we talk about software updates, “hotfixes”, or “patches”. A software update can be simply a small piece of updated code in a text file (perhaps one individual part of a program that replaces an older version of that part). In that case, the software update might be called a “patch” because it fixes a specific issue or problem, just like a patching a hole on your jeans fixes an isolated imperfection on an otherwise serviceable pair of pants.
However, a software update can also be an entirely new version of the software. New versions of many web-based software applications can be quite involved. Rather than being one or two new text files with a handful of new or updated lines of code, a completely new version of a program can have that thousands of changed files with hundreds or thousands of lines of new code. For example, new versions of most web content management systems (CMS) fall into the latter category.
Sometimes these updates are simple to implement; but other times the task is not as straightforward because of software dependencies or custom changes to the core program code that are not upgradable (this is typically a bad practice from a development perspective, you usually want to leave core code alone and make modifications through some sort of plugin architecture).
In both cases, a software update is made up of new code that improves the software in some way. We’ll take a look at what those improvements are next.
So… why should I update?
Software updates are typically released to address one or more of the following key issues that all programs face.
Updates are often released to fix bugs. A software bug is a term used to describe an error, flaw, mistake, failure, or fault in a computer program that prevents it from functioning as intended. Bugs can arise from something as simple as a syntax error (like a misplaced semicolon in a line of code) or from unintended interactions between different parts of the program. This frequently occurs because computer programs (like WordPress or Drupal) can be complex — millions of lines of code in some cases — often having been programmed by many people over a great length of time, so that programmers are unable to mentally track every possible way in which parts can interact. So over time, as these problems are identified, bug fixes get created and are included with software updates.
Many updates provide fixes for security holes. The security holes or vulnerabilities can allow an unauthorized user to gain control of your website and put it to use for their own purposes. Security updates should never be taken lightly because of the real risk of having your site get hacked. We have seen websites get attacked quite a few times over the past several years, usually because someone chose not to apply a software update to their website. It is always less expensive to prevent an attack on your website by proactively applying all available security updates rather than trying to clean and rebuild a site that has been compromised by an attacker. I cannot stress this enough, it is always worth it to do the preventative care. A compromised site will mean extended periods of downtime and many hours spent reverting to a clean, uncompromised version in addition to the hassle of changing account passwords and ensuring data security for any sensitive information that is saved in your site (customers email addresses, payment information, etc).
Along with bugs and security updates, most software upgrades will provide some enhancements. That is to say, new features and/or improvements to old features that make the software easier to use or add in some previously missing capability. There is no limit to how most web-based software can be improved. This might mean a better way to upload images or improved text formatting controls.
Another factor that can necessitate the installation of software updates on your website is the simple but often overlooked fact that your website does not exist in a vacuum — it isn’t printed once and then forever finished like a book or brochure. Rather, it exists in a soup of constantly changing technologies: from the web server that hosts it, to the operating system and web browser of people who visit the site, to the version of the programming language it was written in — and that is just to name a few. Indeed there are many other external technologies that are constantly changing and evolving around your website.
Because of this, staying up to date keeps your site on track with the rest of the technology that surrounds it and ensures that your visitors have the best experience possible.
Why do I have to pay for this?
While no one has ever directly asked this question verbatim, it does often get implied when I talk to clients about updates. It’s a fair question to ask I think, because people are quite used to getting some software updates for free (operating system updates from Apple or Microsoft, for example). The main reason most web developers (Mindshare Labs included) will bill for routine software updates is that they are not in the business of selling software. Rather most web development companies install, configure, and customize software for their clients as a service. You aren’t being made to pay for the update itself and all of the countless hours that went into developing it, you are only being asked to pay for the time it takes to install it on your particular website (and ensure that the upgrade was successful).
This brings up a related issue that is often overlooked by many small businesses using open source software to power their websites. The cost you pay your web development team isn’t even a fraction of what it would cost were you to build a complex content management system from scratch. Sophisticated, simple to use, web-based software has become extremely commonplace, and because of this, many people subconsciously assume that such software is simple to build. This is, of course, a fallacy. Even so, most people have no way of knowing how many thousands of hours went into the design, programming, testing, and debugging, of web applications that seem quite straightforward from the end user’s perspective.
While it is difficult to accurately quantify the value of a free, open source program, it is nonetheless apparent that no organization, except a very large corporate enterprise with a dedicated in-house development team, could ever hope to commission the development of a piece of software to rival WordPress, Drupal, or Joomla on thier own. This is what I mean when I say open source means enterprise level development for small business. I could say more… but I don’t want to wax philosophical on this post.
Keeping your website up-to-date gives you enhanced security (patches), improved performance (squashed bugs), and increased usability (enhancements) and ensures that your website will function properly with the other technology it depends on (like browsers). And remember, it is always less of a headache to update regularly than to wait until something bad happens or to put it off for so long that your site no longer renders correctly.
Your website should be updated for much the same reasons that you take your car in for an oil change or visit the dentist — as preventative care that will offset major problems down the road.