Thread

If I purchase EE over Semiologic Pro (WP) and never bother with updates do I risk security issues? 

I use other CMS software (interactivetools) that do not require updating because of their excellent development though this software is not designed for blogging. WP constantly requires updating and for Semiologic Pro to work efficiently these updates become mandatory. I am far too busy for that needless chore.

Rod

Hi Rod,

Welcome to the forums!

and never bother with updates do I risk security issues?

Any software from operating systems to web browsers will issue updates. EE is very secure - search these forums and you will see that. New versions are released to address minor issues and to release new features. So like any software it is a good idea to keep your version current.

I am far too busy for that needless chore

I know many people who are happy with running slightly older versions. Staying current is a good idea though and I’d urge you to rethink this. You wouldn’t want to surf the web with Internet Explorer 4 as you’d be open to a world of attacks so keeping up to date is the same for CMS software - EE or otherwise.

Thank you, George, you addressed my concerns very well and your example of IE 4 of course makes a lot of sense.  I don’t know how many updates EE has compared to WP but I would think a lot less.

Rod

One thing to note here regarding site ‘updates’ is that EE makes it almost painless (especially so with build updates). I simply upload the latest /system folder to the site, add the config file, change permissions on config and cache, then rename the old /system folder, then rename the new system folder. Finally, run the update file. It’s instant and painless, much faster than WP, Joomla and others.

I think my main concern with upgrading is corrupting files and thus the site either goes down or behaves irregularly. If the upgrade process is painless I am happy to carry out updates for sure.

Can anyone tell me how often they would recommend we update an EE installation? I want to provide a client with a rough cost for annual maintenance, which depends on how often I’d need to install an update. For example, how often are there new releases which have more serious security improvements?

Hi, Emily,

I would recommend reviewing our Builds Forum and Change Log to get an idea of how often updates are released.

I think my main concern with upgrading is corrupting files and thus the site either goes down or behaves irregularly. If the upgrade process is painless I am happy to carry out updates for sure.

They key is preparation and a step-by-step process.

Usually, I download the latest version, then prepare the new /system folder with plugins, extensions, modules, whatever is needed. In most cases there will not be changes to /images, /themes, etc.  I upload the /system folder, change permissions of config (copied from the old /system folder) and cache, then simply rename the older /system folder (usually something like this—/system_20080426) then rename the new /system folder, and run the update.php file and follow directions. It’s been a few years since I’ve had any corrupt files but you usually find out rather quickly, and reverting backwards is as simple as just renaming folders again.

RonnieMc, that’s a good idea. Thanks for the tip.

I think it takes me all of about 10 minutes to update, and nothing has gone wrong, yet.

Same here. 10 minutes, but I find it important to have that little checklist. Whenever something does go wrong I can trace it back to a step I skipped. Always.

EE rocks for dependability, security, flexibility. It just rocks.