We’ve noticed there are several Joomla sites out there which have not been updated to the latest version of the Joomla software.  This is alarming since many security exploits have been discovered in Joomla over the past couple of years.  Sites running older Joomla software are vulnerable to being taken over by cyber-vandals or crooks.

The Joomla authors have done a great job of releasing new versions quickly as exploits are found.  However, older versions of Joomla (1.5.x especially) are somewhat difficult to update.  It’s not a simple button-push. Depending on how extensively the site has been customized, portions of the update may need to be applied file-by-file to avoid breaking functionality of the site.

It’s tempting to just ignore the problem and hope your site won’t be found by hackers or vandals.  However, the bad guys are quite adept at scanning the internet for sites running vulnerable versions of various software.  If you don’t update your site, there is a very high probability that it will get defaced, or worse.  At SWCP we have seen three Joomla sites compromised in the past month.

So what to do?  If you have a Joomla 1.5.x site you have 3 options:

1. Update to the latest 1.5.x Joomla release

This is the simplest and probably cheapest option in the short term, but may not be good for the long haul. Have your web developer apply the latest Joomla update to your site.  You won’t have to worry about plugins being compatible — they should continue to work as they do now.

If the site has been heavily customized, then your changes may need to be re-applied to the updated site.

We have an article to assist in updating Joomla 1.5.x sites here: https://members.swcp.com/wiki/Updating_Joomla

The downside of this approach is that you are left in the same situation.  If another 1.5.x exploit is found (new ones have been found every 1-3 months since 1.5 was released, three new ones have been published in the past 30 days), you’ll need to do this update again.  Also, Joomla 1.5 is scheduled to reach “end of life” status in April, 2012.  At that point, the Joomla authors will no longer provide official security patches for 1.5.x.  They are encouraging everybody to update to the current version ASAP.

2. Migrate to the newest Joomla, 2.5

Joomla 2.5 is a major upgrade to the Joomla software.  The internal changes are so large that you cannot simply update the site in place.  You must migrate your site to the new software.  Generally we assist in this by creating a new “test” web site for you to use during the transition.

The difficulty of this migration is mostly determined by how many plugins your site uses, and whether they are supported in 2.5 yet.  Most plugins have been updated for 2.5 by now, and you can check the Advanced Search at http://extensions.joomla.org/ to see if your extensions are covered.

If your template has been significantly modified, it may also need programming changes to work with Joomla 2.5.

The downside of this option is it will take more work than option #1.  The significant upside is that Joomla 2.5 has an auto-updating system.  This gives you a one-click update option for the Joomla software, as well as notifications and easy updates for extensions.  There are many other features, but auto updates is worth the price of admission all by itself.  It will go a long way toward keeping your site safe in the future.

3. Migrate to WordPress

This is similar to option #2, except instead of going to the latest Joomla, go to the latest version of WordPress. WordPress is another Content Management System with a very active developer community. WordPress also has auto-updating for both the core system and plugins. There are thousands of themes and plugins available and a WordPress site can be infinitely customized, just like Joomla.

So if Joomla and WordPress both have auto-updates, and both offer the same kind of power, why not just stick with Joomla?  There are a couple of things to consider:

1. WordPress has had auto-updates for a long time. This feature is relatively new in Joomla. WordPress led the way on this a couple years ago, and they have worked out most of the gotchas.

2. In our observation, WordPress works better for people who don’t have a dedicated web guru on hand. WordPress and Joomla can both do amazing things, but it’s easier to get started with WordPress. In particular, WordPress themes, which define the look and feel of the site, can be searched, viewed, and installed directly from the WordPress administrator panel.

The bottom line on Joomla vs. WordPress is that if you are starting from scratch we would recommend WordPress in most cases.  If you have a sizeable investment in Joomla, then stick with it.  If you use a lot of plugins, that may be the deciding factor.  Some plugins are only available for one platform or the other.  And finally, if your web developer has a preference, go with that.  You always want your developer to be using the tool they are most comfortable with.

We hope this helps you decide what to do next if you have an outdated Joomla site.  The important thing is to do something soon, so your site is safe and secure.  If you need any assistance, such as backing up your site’s database to prepare for the update, please contact us via email to help at swcp.com