Upgrade Your Website's CMS

ITS Information Assurance requires that all website owners run versions of web Content Management Systems (such as WordPress, Drupal 9, or Drupal 7) that have been patched for all known security vulnerabilities and continue to receive new security updates and support. In most cases, this means that website owners should already be on the latest release of their CMS. The current versions of WordPress can be found at Get WordPress, and the current versions of Drupal 7 and Drupal 9 can be found on the Drupal website.


  • WordPress and Drupal websites on the AFS Unit Website Dashboard Upgrades will only show they need an upgrade if they do not have the latest version that contains a security update.
  • WordPress 6.0.2 and later versions warn owners of websites using PHP 7.3 that they are using an insecure version and need to upgrade to PHP 7.4 or later. This is incorrect: while the authors of PHP no longer provide security fixes for PHP 7.3, our vendor, Red Hat, does. As of September 9, 2022, WordPress 6.0.2 websites running on ITS Web Virtual Hosting PHP 7.3 web servers are not insecure. People who are concerned should use the ITS WebHosting Upgrade Form to request that their website be moved to PHP 8.1.
  • Drupal 9 requires PHP 8 in the AFS Web Hosting environment.

What You Need To Do

Step 1: Determine if an upgrade is needed

  • If you have a WordPress website: Determine if your website will need to be upgraded to a newer version by going to Get WordPress.
  • If you have a Drupal 7 or Drupal 9 website: Determine if your website will need to be upgraded to a newer version by going to the Drupal website.

Step 2: Upgrade and Test Your Website

  • Upgrade your CMS if needed
  • Upgrade any CMS add-ons you are using.
    • Upgrade any WordPress themes, WordPress plugins, Drupal themes, and Drupal modules to the latest supported versions.
    • If an add-on has not received updates in the past two years, consider it to be “abandoned” and unsupported. In this case, you should switch to an alternative theme, plugin, or module that fills the same need but that still receives regular updates.

CMS Support

ITS maintains the infrastructure to host web sites, however ITS does not have the web developer resources to maintain or upgrade unit websites. If you need assistance with upgrading your website please visit U-M Procurement Services Quote to Order and select Website and Graphic Design Services at the bottom of the page for a list of vendors that can assist you with updating your website.