Recently there has been a surge in security issues with Joomla 1.5.  Joomla developers have stated, "Joomla! 2.5 is the current LTS (Long Term Support) version. The previous LTS version, Joomla 1.5, is still widely used and will be supported with security fixes only until September 2012."

  • Joomla 1.5 was first released in January 22nd 2008
  • Final version of Joomla 1.5 was released as Joomla 1.5.26 in March 27th 2012.  Development for Joomla 1.5x ended at this time. 
  • Although widely used Joomla 1.5x security updates or fixes will no longer be provided as of September 2012.
  • Official Joomla Documentation

IMPORTANT!! If you are running Joomla 1.5 you will need to upgrade. You will also need to completely remove and delete any components that are not being used anymore. For example, the "dvmessages" plugin. The "dvmessages" plugin is not compatible with anything past 1.X; So, when you upgrade from 1.5 to 2.5, the files are just left in place, and your site can still get hacked causing outbound DDOS Attack.


Critical Security Vulnerabilities for Joomla 1.5 Extensions

The makers of Joomla have provided a list of security holes in extensions for Joomla 1.5. Since Joomla 1.5 is no longer being supported, update patches for these vulnerabilities are no longer being made. Below is a link to the docs.joomla.org that contains a list of all the known extensions with security exploits.

Vulnerable Extensions List


Tips for Securing Joomla! 1.5

There are several tips to keep in mind when you are securing your Joomla 1.5 website.

Along with reading this article, I recommend checking the Official Joomla 1.5 Security Forum for important information. Also check the Official Security and Performance FAQ.

  • Check the Joomla Security Checklist, to make sure you are adhering to their recommendations.
  • Perform regular backups of your Joomla 1.5 website, and store them on your local computer or external hard drive, so if an issue occurs your site can be recovered/restored.
  • Before using a Joomla Extension, check the list of Vulnerable extensions to ensure it is safe.

Joomla Security news and forums

Joomla does have a security Forum and News page where you can get tips and the latest news for securing your Joomla website. Even though Joomla 1.5 is still not supported, you may be able to get some forum discussions with information on fixes or Joomla may have news announcement with critical information that may help. Below are the Joomla Forum and News site links.

The Joomla Security Forum

Joomla Developer Network - Security News

Options to upgrade Joomla 1.5

With the various security risks in running Joomla 1.5, it is highly recommended that you upgrade your Joomla version. The upgrade process is much more a migration than a simple upgrade due to major changes in the core code. Below are links to help you with migrating your site from 1.5 to 2.5. It is not recommended to upgrade to 3.0 at this time due to slight instability in the 3.0 release.

Creating a backup for Joomla 1.5

As with any program, you should always create a backup of the site before performing any migration or upgrade. You can use the standard backup tools found in the cPanel or use a third party program such as xCloner.

Backing up your site files in cPanel

Backing up your database in the cPanel

xClonder backup tool

Migrating your Joomla 1.5

Once you have the backups generated, you are ready to begin your backup. Below are links to the official Joomla 1.5 - 2.5 migration documentation as well as a link to the jUpgrader extension that many use for migrating their site.

Official Joomla documentation jUpgrade Pro extension

Additional help with Joomla 1.5 migration

There are videos on YouTube that also help guide you through a 1.5 - 2.5 migration.

How to migrate Joomla 1.5 to Joomla 2.5 - [Part 1]

How to migrate Joomla 1.5 to Joomla 2.5 - [Part 2]

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Help Center:
Email Address
Optional, but our team may contact you for more information.
Did you find this article helpful?

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

Update to SSL Certificates - Certificate Warnings
1969-12-31 11:00 am EST
Hits: 679

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.