If your website is powered by Drupal, an open source content management system, then you need to read this.


A significant security issue has been found within the code of most Drupal 7 installations and a patch has now been issued for versions below 7.32. The Drupal core development team are recommending you should assume your Drupal 7 website has been compromised unless it was updated or patched before Oct 15th, 11pm UTC.

What should I do?

The first thing you should do is read these guidance notes: https://www.drupal.org/PSA-2014-003

You should note that updating to version 7.32 or applying the patch will fix the vulnerability. However, it will not fix an already compromised website. To address this you or your web development will need to follow the additional steps outlined within the guidance notes.

You can find out what version of Drupal you’re running by:

  1. Checking the root directory of the Drupal installation. All you need to do is open the CHANGELOG.txt file and this will list the version number.
  2. Log-in to Drupal, go to the Reports menu and select the Status Report page, this will also list the the version number.

Need a hand from a Drupal specialist?

We work with a number of UK-based specialist Drupal web development agencies. So if you need a recommendation on who to turn to for a helping hand please feel free to get in touch.

François Roshdy

François is director of user experience at Border Crossing UX. He specialises in helping clients continuously improve the experiences they deliver.