Though Drupal and Wordpress rate well on security and have dedicated teams focusing on making sure vulnerabilities are taken care of, security holes are often uncovered by developers who then update the code to prevent malicious attacks on our websites and apps. To stay safe online and prevent these attacks, it's up to the site owners to make sure these security upgrades are applied in a timely fashion. 

Though you can always choose to upgrade yourself (documentation for Drupal is here and here for modules), we are happy to do it for you! Latest CiviCRM update steps for D7 are here:


Updates include making a complete site backup previous to update, updating code and then running database update scripts. These updates apply only to modules, themes or plugins and profiles being maintained on or Updates which are custom or have been modified in any way or is a much more involved process and are billed hourly.


Package includes:

  • Server status - a check to see if you're staying within server limitations (disk space, email use, RAM etc.)
  • Monitoring for necessary security upgrades in Drupal core and contributed projects (We notify you about the vulnerability and you can schedule an upgrade)
  • Monitoring for expired SSL certificate
  • Monthly monitoring for unauthorized code changes
  • Backups - includes code, database and files directory backed up to an encrypted volume and stored off site (inaccessible to the server).
  • Optional opt in to immediate incident response.
  • Monthly email report with monitoring results

MAINTENANCE :: $150 / month

Package includes everything from Basic Monitoring plus:

  • Update all active modules/plugins with available code or security updates within a week of their announcement 

ADD CIVICRM :: + $50/ month to any plan

Though CiviCRM runs as a module or plugin, CiviCRM is it's own piece of software and needs to be udpated independently from Drupal or Wordpress. Add CiviCRM to any plan for $50 per month.

ONGOING - 1 YEAR OF UPDATES :: $60 per update

Updates will be made no longer than one week from their release.  Choose if you want immediate updates or security updates only. Important: if your site includes lots of contributed code, this can happen quite often!


OMG, it's been forever. Can't remember when site has had security updates (if ever). DO THIS NOW. Billed per hour.

Not Included in Maintenance plans :

  • Changes in configuration
  • Content changes
  • Design related work
  • New issues relating to incompatibilities with site updates
  • Major version upgrades (eg: drupal 7.x to Drupal 8.x or major versions of modules)
  • Compromised, hacked or broken sites
  • Custom Drupal modules not listed at
  • Any other work not related to security updates.