So probably the most reliable way to deal with security issues is to sign up for the security mailings and to be aware of how often updates come out. The basic reason there are updates is because coding software can be very complex. And when you have so many moving parts, in the form of “modules,” which could be programmed by so many different people, there are bound to be “holes.”
There are two people looking for holes: nice people and people who want to hack your site. Chances are that people who want to hack your site are putting more effort into it. Either way, when the knowledge becomes public, then there might be a new version of a module released. Modules also are updated if bugs are found in them.
So to get started, visit http://drupal.org/security. In order to sign up for the list, you need to create an account at drupal.org, so click on the Login/Register tab (see Figure 6.1).
Then click Create new account (see Figure 6.2).
Come up with a username. This is not your username for any other system; it’s a new username. Think up a username and also input an email address (see Figure 6.3).
Enter in personal info and click Create new account (see Figure 6.4).
You’ll get a confirmation message:
You should receive an email like this one. You will see a reminder of your username, and Drupal will assign a password to you:
18.218.45.80