What are the risks of staying on Drupal 8?
Blue gradient overlay

What are the risks of staying on Drupal 8?

All software has undiscovered flaws that can be attack vectors. Luckily, supported Drupal versions have a whole community to work on them. After 2 November 2021, Drupal 8 is unsupported, which means that the risk to your site grows massively, from potential bugs and vulnerabilities that threaten your data.


Remaining on Drupal 8 beyond November 2021 creates four main risks:


Data breaches Large-scale data exfiltration can occur via access to websites that hold this data or link to systems that do, like CRMs.


Unauthorised access into organisation-wide systems and infrastructure Website vulnerability can offer a route into an organisation network via servers or other connected systems. Imagine a chain of privilege being exploited through successive systems, with the public-facing website as an obvious front door that's been left open.


Ransom attacks Access to website data means an attacker can then attempt to blackmail an organisation. Other ways in which organisations are extorted include the threat of continued disruption, denial of service, public embarrassment or data sale.


Website vandalism Attackers change your content for multiple purposes, sometimes via automated tools simply for spam and sometimes for more targeted motives.


Impact of these risks:


  • Loss of your site, either entirely or due to downtime whilst issues are fixed
  • Loss of your business critical functionality and any systems integrated into the website
  • Reputational damage that destroys trust in your brand and market confidence. TalkTalk’s market value halved after one such attack.
  • Data breaches of payment, user and customer data held on the site, or associated systems and subsequent fines. Such as British Airways’ £20m fine for losing customer information.


You can mitigate these risks now:


  • Keep your Drupal site up to date. Drupal 9 is an upgrade is not a rebuild, so the process measured in days, not months.
  • Leverage the mature security programme, and updates for Drupal itself and your contributed modules.
  • Drupal 8 website needs to be updated to Drupal 9. Drupal 8 is reaching end of life, so security updates will only be released for Drupal 9 and Drupal 7 after November 2021.
  • Update the PHP used on your site hosting alongside Drupal by December 2021.
  • Work with a trusted digital partner, like NDP Studio, who manages this process for you.

Updates will always be necessary, but Drupal 9 will be supported until November 2023 and then after that, a similar update to Drupal 10 will keep your website and infrastructure secure.

Latest Insights

Unravelling the Cookie Mystery: What You Need to Know!

The UK Government Information Commissioner’s Office has some startling news for you. They’re fed up with searching the web and then writing letters to companies about lack of compliance (it’s so old-fashioned).

Learn More geometric figures

Navigating the digital shift

We all know our digital era has brought about a transformation in the way organisations interact with their audiences. That transformation has been different from sector to sector - in some, there has been a fundamental rewrite of the rules with the old and the new thrown into the competition. Think Amazon, then think of your local hardware store.

Learn More geometric figures

Zen and the art of support and maintenance

There was a time when you could just buy an application, maybe on a CD-ROM if you remember those, install it on your computer and it would just work - forever. Or at least until the computer broke down. So you might ask, given that a website is ‘sort of’ an application, why does it even need support and maintenance?

Learn More geometric figures

Website trends - The years ahead

Digital experiences require hardware and that consumes energy. So the first step in ensuring sustainable delivery of those experiences is to look at the hosting. There is a wide range of eco-friendly and carbon neutral options available today and the costs compare well with the rest of the market. With global suppliers such as Amazon Web Services all the way down to niche providers offering environmentally friendly hosting options, there is no excuse for not making this key transition.

Learn More geometric figures