What are website security updates?

and why does my website need them?

Just like any software your website can become compromised if left to go out of date. Website platforms like WordPress and Drupal can be open to attack if you don’t run the security updates on a regular basis. 

Things your site can be vulnerable to

DDoS attacks - Distributed Denial-of-Service

In simple terms, a DDoS attack is where a website is targeted by lots of requests resembling multitudes of people hitting the refresh button or accessing a page over and over until it exceeds the servers capacity to cope. 

Put more technically an unhandleable amount of traffic is sent to your website in the form of server requests from compromised systems, often targeting one IP address. This then crashes the server your website is on and your website. 


Your site’s contact form is being hijacked to send out masses of spam emails. 


An infected website may gather personal information, slow down or stop a website or even inappropriate content to your website.

See Website Hosting & Maintenance 

It won’t happen to me I have a simple website

Sorry, it may get hacked! We’ve seen simple websites go down completely because of an attack. It isn't personal they’re not usually individual humans targeting your websites, but bots (scripts sent out to do stuff on the web) they’re not always and sent out to maliciously attack sites for no apparent reason.  

What’s the worst that can happen?

Contact forms can become vulnerable to attack

If you leave the updates too long, hackers will find security weaknesses. These are often spambots in contact forms, and there’s a very real danger that your hacked website can end up sending out spam to thousands of email addresses. Which is a nuisance right? It’s worse than that, if your mail server is compromised through your website, it can blacklist the mail server, causing your email to go down. Many hosting companies will spot this before it gets to this stage as it’s their mail server that can get blacklisted affecting their other customers. Worst case scenario? Your website and email could be stopped which could have a devastating impact on your business. 

Spammers are also hackers testing for weaknesses, so an influx of spam can mean someone is testing the website’s defences. 

The ever-moving technology waggon

Do you ever feel like you can’t keep up? Well with WordPress and Drupal there are lots of website owners invested in keeping their website safe, which means there are lots of developers also invested in doing so. This means that updates are coming out all the time by diligent and clever people closing loopholes and keeping up with that waggon so you don’t have to worry, as long as the security is kept up to date!

A lot of technologies that touch and are integrated with your website, such as Twitter feeds, payment merchants such as PayPal and Stripe, bring out better security such as two-factor authentication or software updates to improve speed and compatibility with new devices accessing the internet. If these are allowed to go out of date, then the payment system on your website may break if you have an online shop, or that pretty Instagram feed may stop working.

If you’re using a paid theme, the same is also true, if a new phone or other device used to browse the web comes out, makers of the theme make sure it's compatible with that new device, especially if it becomes popular. So for people to continue to use your site easily keep all that security up to date.

A compromised website may even cost you in Google rankings even if the hack isn’t visible. If it detects Malware, or a form sending out spam you may see your site taken off Google as a dangerous website. Or if you have masses of blog posts appearing on your site for viagra, Google will certainly mark you down for irrelevant content. These hacks will also slow your website down which again is a ranking indicator.

Future incompatibility with later updates. 

If you leave those updates for years then it may be impossible to run them at all, as technology and how WordPress or Drupal are structured changes so much over time, future updates can become completely incompatible with older versions and a rebuild of your entire website may be necessary. 

Have a look at Website Hosting & Maintenance 

Get an expert!

It doesn’t have to be us, but occasionally a plugin or module can cause an error or even bring down a website if not tested. So some technical knowhow and access to backups is very necessary 

We run these manually on a regular basis, we’re also alert to the latest security vulnerabilities and act before your website is affected. See our Website Hosting and maintenance service for more information.


We adhere to GDPR using double-opt-in.
Your personal information will of course and as always be respected and not used for any other purpose than to send you this newsletter.
Are you interested in
Where did you hear about us
How would you prefer to be contacted

Company information

Polyspiral Limited

Phone number 01787 464690

Suite 4, Bank Buildings Business Centre, 1 Station Road, Sudbury, Suffolk CO10 2SP

Company number 11266472