Earlier this month we looked at some data from our tools showing that large percentages of Joomla, WordPress, and MediaWiki websites checked with them were running outdated versions of the software. For Drupal, there is much more comprehensive set of data publicly available that comes from the Update status/Update manger module. To get a better idea of how well webmasters are at making sure Drupal websites are being kept up to date we have analyzed the data reported for March 16, 2014, which has data on over a million websites. Making sure the software running websites is a basic security measure and when they are not it can lead to them being hacked if the vulnerability can be used for that (as we have been seeing recently with a vulnerability in older versions of Joomla).
At this point a large majority of the websites, 79 percent, using Drupal are using version 7. Of those only 33 percent are running the latest version, 7.26. This is troubling as this version was a security update, so websites running older versions are potentially vulnerable to being hacked. This version was released on January 15, so even websites that need extensive testing before apply an upgrade should have been updated by now. Looking beyond that, 72 percent of the websites are either up to date or less than a year out of date so the majority of websites are probably getting updated, if somewhat infrequently.
For Drupal 6 the situation is worse. The latest version of Drupal 6, 6.30, was released alongside of 7.26 on January 15, but so far only 19 percent of websites have been updated to that version. The situation in terms of somewhat recent updated websites is also worse, with only 64 percent of website being up to date or less than a year out of date. 20 percent are at least two years out of date, which means they have missed at least four security updates.
To make it easier to check for Drupal websites in need of an update we have made the web browser extension Drupal Version Check, available for Firefox and Chrome, which in most cases will identify what version of Drupal is in use and in others indicate if the website is using an outdated version of Drupal.
If you are in need of a Drupal upgrade we can do that for you or we can also handle upgrades on an ongoing basis, so you don’t have to worry about taking care of this.