Upgrades For Security, Drupal, WordPress, vBulletin

I performed a number of upgrades this weekend to help keep my web software up to date. I’m looking at this new media wiki / vBulletin integration called vBwiki Pro and before I tantalize myself with the possibility of adding the software I knew I needed to bring all of my web stuff up to current version first.

I’m running Drupal as the CMS on Weekly Davespeak, vBulletin in the forums and WordPress for this blog.

Upgrades are usually pretty easy, although I did a ton of Drupal customizations when I installed it last year and was worried I would overwrite some of my work.

In order to prepare for all the changes I started with the vBulletin. I backed up the database and existing file structure and then pulled down the new package and ran the update script. I have to admit I was a few versions behind and I was starting to get a bad feeling in my bones because the latest changes had been mostly about security. It is not unreasonable to expect that forums of the size in WDS would be a hacker target.

The vB upgrade went smoothly so I moved on to WordPress. WordPress has made a significant amount of feature improvements since my past version (also fairly out of date). I did largely the same procedure, DB and file backup prior to overwrite and upgrade.

For Drupal, I’m still sitting around in 4.7.x territory. Given the number of changes I made, I was worried that doing the upgrade might revert some core changes. I know you’re not supposed to mess around in there, but I was rather green when I did this a year ago. I did the file and db backup then carefully went over the Drupal package to make sure that no crucial files would be present in when I did the upload-overwrite.

I am growing less and less enthused with the progress Drupal has made regarding its documentation set. Trying to find good upgrade instructions is a real pain.  The best you get is a few lines buried here. Plus, the install package comes with the settings.php file named explicitly, so if you don’t take care to remove it, you risk over-writing your existing file. The instructions include the idea: “Modify the new configuration file to make sure it has the correct information.” why do that? It should at least have a note that you can retain your existing configuration file, and it should name it and tell you where it is. (/sites/default/)

I taught a class and workshop on an introduction to web development at Babson this past month and in it I saw how far along Joomla has come. My understanding is that Drupal version 6 are supposed to drastically improve the installation procedure. I am largely dissapointed with the state of their documentation. After trying to teach the installation to new webmasters the barrier to entry for using it as a CMS seems unnecessarily high.

Anyhow, all of the installations seemed to have gone smoothly so I can sleep a little more soundly knowing there are less XSS exploits laying open on my server. I’m looking forward to adding a whole new can of worms with a media wiki installation.  Then, a few months or a year from now, I can look forward to a whole extra open source tool to keep up to date.


  1. So after porting my blog over to wordpress, they freakin release WP 2.3.1, I was like, are you serious?!?!?!? So I had to do all the same backups again, and upgrade, thankfully it went smooth. Upgrades are a bitch sometimes.

Leave a comment

Your email address will not be published. Required fields are marked *