Most software nowadays keeps tabs on whether or not there’s a new version of itself available and will sound off whenever it’s time to update. This usually happens at least once a month, so you probably have a really good routine all figured out for when and how to update without it being a big deal… right?
If you’re like most people in charge of small business websites, the answer ranges from “Well, no” to “Hahaha no” to running out of the room screaming.
Patch management is not a multitasker’s strong suit, and here’s why:
9 times out of 10, the update process goes swimmingly. You feel very silly for waiting until a low traffic time to update it because literally nothing happened other than the notification going away.
That 10th time is when you decide to update during the day because updating has gone off without a hitch every other time. That’s when the update messes with some important file in a way that morphs your beautiful website into a blank screen that may as well say “Look everyone, the people that run me don’t know what they’re doing!”
…Or at least that’s what it can feel like.
The point is, most of the time routine updates are just a few button clicks you need to get out of the way. It seems like a small job in that way – something you could fit in between meetings if you really needed to. But there’s also the lingering anxiety in the back of the updater’s mind… What if this is the one that breaks something? If it is, then you’ll need to troubleshoot it until it’s fixed again. That turns a simple, 30 second job into a drop-everything site outage.
How do you plan something like that in your schedule? Maybe something like…
For the next thirty seconds to three hours, I’m busy patching the website.
I have no idea how to represent that on my calendar, and I suspect I’m not alone in that.
Why not just skip updates? Sadly, the internet can be a terrifying place if you’re not careful, and most updates improve your defenses against hackers by closing software vulnerabilities.
This is especially true with WordPress. It’s open source software that powers a quarter of websites worldwide, so more eyes look through its code every day than most projects get per year. Sometimes people looking through the code report that they’ve spotted something that could be exploited… so a fix is tested and put into the next patch. A post goes out saying “be sure to patch, because if you do this exact thing then someone could get into your site!” Then anyone who hasn’t patched is running software with holes that have been metaphorically highlighted and circled a bunch of times in red ink.
Most of these vulnerabilities only make bad situations worse, but occasionally they can be used in a way that allows anyone who knows what they’re doing to wreak havoc on your website if they feel like it, and eventually someone will feel like it.
The Pitch Starts Here
This is why I include patch management in my managed hosting services. I have the time and motivation to research patches and how likely they are to break sites. I set up copies of clients’ live websites to test any major site changes, including potentially disastrous updates.
Patch management is built into my schedule as part of my routine. Once a week, I make sure the sites on my service plan have no pending updates available. If I hear about a particularly important “patch now”-style update, I implement it within 24 hours.
My schedule is flexible enough that I can address patching disasters as they happen, and even routine patches are applied at low-volume times for your website.
Long story short, I’ve been the guy in charge of managing patches on top of everything else. I know:
- How easy it is to let patch management sit on the backburner while you deal with your regular duties
- How much of a burden that little item on your to-do list adds.
- What can happen if you let patches sit on the backburner too long.
…So I decided to try and help others avoid that. Please let me know if that sounds like something you could use!
Have you ever had a patching disaster when you least expected it? Share your story in a comment!