Upgrade Your Website's CMS

ITS Information Assurance requires that all website owners run versions of web Content Management Systems (such as WordPress, Drupal 10, Drupal 9, or Drupal 7) that have been patched for all known security vulnerabilities and continue to receive new security updates and support. In most cases, this means that website owners should already be on the latest release of their CMS. 


The current versions of WordPress can be found at Get WordPress.

ITS recommends WordPress 6.2.1 at a minimum


The current versions of Drupal 7, Drupal 9, and Drupal 10 can be found on the Drupal website. All Drupal 8 websites should be updated to Drupal 9 or Drupal 10.

ITS recommends these Drupal versions at a minimum:

  • Drupal 7.96
  • Drupal 9.5.8
  • Drupal 10.0.8


  • Over time, software updates are released for both WordPress and Drupal. As these updates are released, a WordPress or Drupal website that was already up-to-date may need to be upgraded again.
  • WordPress and Drupal websites on the AFS Unit Website Dashboard Upgrades will only show they need an upgrade if they do not have the latest version that contains a security update.
  • WordPress 6.0.2 and later versions warn owners of websites using PHP 7.3 that they are using an insecure version and need to upgrade to PHP 7.4 or later. This is incorrect: while the authors of PHP no longer provide security fixes for PHP 7.3, our vendor, Red Hat, does. As of September 9, 2022, WordPress 6.0.2 websites running on ITS Web Virtual Hosting PHP 7.3 web servers are not insecure. People who are concerned should go to Upgrade your website's PHP to upgrade their website to PHP 8.1.
  • Drupal 9 and Drupal 10 require PHP 8 in the AFS Web Hosting environment.
  • It is the website owner's responsibility to make updates to their site; ITS maintains the infrastructure of websites.

What You Need To Do

Step 1: Determine if an upgrade is needed

  • If you have a WordPress website: Determine if your website will need to be upgraded to a newer version by going to Get WordPress.
  • If you have a Drupal 7, Drupal 9, or Drupal 10 website: Determine if your website will need to be upgraded to a newer version by going to the Drupal website.

Step 2: Upgrade and Test Your Website

  • Upgrade your CMS if needed
  • Upgrade any CMS add-ons you are using.
    • Upgrade any WordPress themes, WordPress plugins, Drupal themes, and Drupal modules to the latest supported versions.
    • If an add-on has not received updates in the past two years, consider it “abandoned” and unsupported. In this case, you should switch to an alternative theme, plugin, or module that fills the same need but still receives regular updates.

CMS Support

ITS maintains the infrastructure to host web sites, however ITS does not have the web developer resources to maintain or upgrade unit websites. If you need assistance with upgrading your website please visit U-M Procurement Services Quote to Order and select Website and Graphic Design Services at the bottom of the page for a list of vendors that can assist you with updating your website.