Recently we have been having many discussions with clients about whether it is time for them to upgrade from Joomla 1.5 to Joomla 1.6, with most of the discussion surrounding whether it is necessary to do that now for security purposes. There are a number of factors that need to looked at to determine if it is time for you to upgrade.
It is often said that one of the most important measures for keeping a website secure is to insure that you are running the latest version of any software on the website. While that this is true in general, what isn’t mentioned explicitly in that advice, and many companies that claim to be security experts don’t seem to understand, is that you need to keep the software updated to one of the latest supported versions. If more than one version is supported at a time you don’t need to be running the latest version, just one of the latest supported versions. In the case of Joomla, both version 1.5 and 1.6 are currently supported with bug and security fixes. So at the moment you would be secure if you were running either 1.5.23 or 1.6.3. Back in January, when Joomla 1.6 was released, it was announced that support for Joomla 1.5 would continue for 15 months, so there is about year of support for Joomla 1.5 left.
A major reason for the continued support of Joomla 1.5 is that Joomla 1.6 is a major upgrade from Joomla 1.6, which requires migrating the Joomla database, some changes in Templates to be compatible with Joomla 1.6, and can require major changes in extensions to be compatible. At this point many extensions do not have a version compatible with Joomla 1.6; VirtueMart is one such extensions that comes up often during our discussions.
Joomla 1.6 does not introduce any features that directly increase security from hacking. An automatic update features has been added that makes it easier for Joomla and its extensions, which support the feature, to be updated. As keeping Joomla and its extensions up to date is the most important step to keep a Joomla website secure, this will hopefully improve security.
It is also important to note that Joomla 1.6 requires at least version 5.2 of PHP and version 5.0.4 of MySQL. At this point, hosting providers should already provide those, though in some cases you to switch to PHP 5 in your hosting account’s options. You can check what versions of those are currently being used on the System Info page, which is accessible from the Help menu in the Joomla admin.
So Should You Upgrade Now?
- If you are in need of the new features in Joomla 1.6 and the extensions you need are compatible with it, you can upgrade now.
- If you are in need of the new features in Joomla 1.6 and the extensions you need are not yet compatible, you will need to wait until those become available.
- If you are not in need of the new features then you can wait to upgrade. You might want to begin planning for the upgrade, checking your template, scheduling for the upgrade to be performed during a non busy time for the website, etc.
Still Running Joomla 1.0?
While support ended for Joomla 1.0 in July of 2009 many website are still running Joomla 1.0. While we haven’t seen Joomla 1.0 to be a major target for hackers, we still strongly recommend upgrading to a supported version as soon as possible. While jumping to Joomla 1.6 appears to be the better option, as you will not need to make another major upgrade in the next year or so, it is not always possible yet and will require a larger change be made at one time. In our discussions involving Joomla 1.0 websites the major issues holding back upgrading to Joomla 1.6 has been that needed extensions are not yet compatible with the new version. Upgrading to Joomla 1.5 may require less change as it provides a legacy mode that allows some Joomla 1.0 templates and extensions to continue to run without modification, that feature does not exist in Joomla 1.6. You will still eventually need a template and extensions that are compatible with Joomla 1.6, but you would have over a year to get those in place while having a secured website in the mean time.