Drupal is always releasing security updates every now and then.
PHP communality called it patches!
So here are the steps you can use to patch your Drupal and lock down security hole in Drupal web application.
1. Download latest release of Drupal package from Drupal site.
2. Put your PHP Drupal site in maintenance mode (offline)
3. Take a database backup/export using any MYSQL tools, like phpmyadmin (I use it in MAMP environment ). Same thing you can do by command line if you want to do so.
(mysql –u ROOT –p YOURPASSWORD yourdatabasename > exporteddbname.sql)
4. Make backup of your Drupal application folder.
5. Now it is time to copy all files – untar or unzip your downloaded new Drupal patch package.
6. Copy all files and folders Except “Site folder”, “.htaccess” file and “robot.txt”, you can have custom configuration and setting to these files and folder so it is good not to overwrite these files and folder.
7. Run CRON in your Drupal application.
8. Run update.php it will detect automatically type of database and schema you are using and update it. It takes few seconds, so please don’t halt upgrading process.
9. If above process is successful, put back your site in (Online mode) live mode.
10. See status report and you will notice your Drupal is updated.
Your Drupal application is safe now !