Understanding the Patching Process
If your business consists of more than one person, and you have the luxury of an IT staff, then equipping that team with a process like the one described in this chapter can make for smooth upgrades.
This team should be organized around a process, rather than around a person. By doing so, you can quickly substitute for a person who is on vacation or who may not be available. The process described in this chapter is called the patching process. It follows seven general steps:
- Monitor information sources for patches, vulnerabilities, and updates.
- Back up your site and your database
- Download the patch. (If one does not exist, you must provide a workaround.)
- Test the patch to determine that it works and that it does not break anything in the process.
- Deploy the patch following the instructions specific to your operating system, CMS, or hardware device.
- Run another backup of the site and database after you patch.
- Document the work you conducted and then return to Step 1.
As you can see, the patching process involves much more than just grabbing a patch from a website, applying it, and moving on to the next task.
Another factor that may be pertinent in the patching process is what takes place after a successful patch application. Returning to the Microsoft Windows desktop example, if you download a patch and apply it to your desktop, it might require a reboot, which is not really a big deal for your basic user. However, a reboot of a server operating ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.