Recently there has been a large increase in security issues with Joomla 1.5. Joomla 1.5 was first released in January 22nd 2008 which ended in its development in Joomla! 1.5.26 in March 27th 2012. Joomla documentation states, “Joomla! 2.5 is the current LTS (Long Term Support) version. The previous LTS version, Joomla 1.5, is still widely used and will be supported with security fixes only until September 2012.” (Click here for more information)
IMPORTANT!! If you are running Joomla 1.5 you will need to upgrade. You will also need to completely remove and delete any components that are not being used anymore. For example, the “dvmessages” plugin. The “dvmessages” plugin is not compatible with anything past 1.X; So, when you upgrade from 1.5 to 2.5, the files are just left in place, and your site can still get hacked causing outbound DDOS Attack.
Critical vulnerabilities for Joomla 1.5 extensions
Joomla has a list of vulnerabilities affecting extensions that are specific to Joomla 1.5. This list is no longer going to be supported in security fixes and developers for these extensions are no longer making patches. Below is a link to the docs.joomla.org that contains a list of all the known extensions with security exploits.
Tips for Securing Joomla! 1.5
There are several tips to keep in mind when you are securing your Joomla 1.5 website.
Along with reading this article, I recommend checking the Official Joomla 1.5 Security Forum for important information. Also check the Official Security and Performance FAQ.
- Check the Joomla Security Checklist, to make sure you are adhering to their recommendations.
- Perform regular backups of your Joomla 1.5 website, and store them on your local computer or external hard drive, so if an issue occurs your site can be recovered/restored.
- Before using a Joomla Extension, check the list of Vulnerable extensions to ensure it is safe.
Joomla Security news and forums
Joomla does have a security Forum and News page where you can get tips and the latest news for securing your Joomla website. Even though Joomla 1.5 is still not supported, you may be able to get some forum discussions with information on fixes or Joomla may have news announcement with critical information that may help. Below are the Joomla Forum and News site links.
Options to upgrade Joomla 1.5
With the various security risks in running Joomla 1.5, it is highly recommended that you upgrade your Joomla version. The upgrade process is much more a migration than a simple upgrade due to major changes in the core code. Below are links to help you with migrating your site from 1.5 to 2.5. It is not recommended to upgrade to 3.0 at this time due to slight instability in the 3.0 release.
Creating a backup for Joomla 1.5
As with any program, you should always create a backup of the site before performing any migration or upgrade. You can use the standard backup tools found in the cPanel or use a third party program such as xCloner.
Migrating your Joomla 1.5
Once you have the backups generated, you are ready to begin your backup. Below are links to the official Joomla 1.5 – 2.5 migration documentation as well as a link to the jUpgrader extension that many use for migrating their site.
Additional help with Joomla 1.5 migration
There are videos on YouTube that also help guide you through a 1.5 – 2.5 migration.