Recently there has been a surge in security issues with Joomla 1.5. Joomla developers have stated, "Joomla! 2.5 is the current LTS (Long Term Support) version. The previous LTS version, Joomla 1.5, is still widely used and will be supported with security fixes only until September 2012."
- Joomla 1.5 was first released in January 22nd 2008
- Final version of Joomla 1.5 was released as Joomla 1.5.26 in March 27th 2012. Development for Joomla 1.5x ended at this time.
- Although widely used Joomla 1.5x security updates or fixes will no longer be provided as of September 2012.
- Official Joomla Documentation
IMPORTANT!! If you are running Joomla 1.5 you will need to upgrade. You will also need to completely remove and delete any components that are not being used anymore. For example, the "dvmessages" plugin. The "dvmessages" plugin is not compatible with anything past 1.X; So, when you upgrade from 1.5 to 2.5, the files are just left in place, and your site can still get hacked causing outbound DDOS Attack.
Critical Security Vulnerabilities for Joomla 1.5 Extensions
The makers of Joomla have provided a list of security holes in extensions for Joomla 1.5. Since Joomla 1.5 is no longer being supported, update patches for these vulnerabilities are no longer being made. Below is a link to the docs.joomla.org that contains a list of all the known extensions with security exploits.
Vulnerable Extensions List
Tips for Securing Joomla! 1.5
There are several tips to keep in mind when you are securing your Joomla 1.5 website.
Along with reading this article, I recommend checking the Official Joomla 1.5 Security Forum for important information. Also check the Official Security and Performance FAQ.
- Check the Joomla Security Checklist, to make sure you are adhering to their recommendations.
- Perform regular backups of your Joomla 1.5 website, and store them on your local computer or external hard drive, so if an issue occurs your site can be recovered/restored.
- Before using a Joomla Extension, check the list of Vulnerable extensions to ensure it is safe.
Joomla Security news and forums
Joomla does have a security Forum and News page where you can get tips and the latest news for securing your Joomla website. Even though Joomla 1.5 is still not supported, you may be able to get some forum discussions with information on fixes or Joomla may have news announcement with critical information that may help. Below are the Joomla Forum and News site links.
The Joomla Security Forum
Joomla Developer Network - Security News
Options to upgrade Joomla 1.5
With the various security risks in running Joomla 1.5, it is highly recommended that you upgrade your Joomla version. The upgrade process is much more a migration than a simple upgrade due to major changes in the core code. Below are links to help you with migrating your site from 1.5 to 2.5. It is not recommended to upgrade to 3.0 at this time due to slight instability in the 3.0 release.
Creating a backup for Joomla 1.5
As with any program, you should always create a backup of the site before performing any migration or upgrade. You can use the standard backup tools found in the cPanel or use a third party program such as xCloner.
Backing up your site files in cPanel
Backing up your database in the cPanel
xClonder backup tool
Migrating your Joomla 1.5
Once you have the backups generated, you are ready to begin your backup. Below are links to the official Joomla 1.5 - 2.5 migration documentation as well as a link to the jUpgrader extension that many use for migrating their site.
Official Joomla documentation jUpgrade Pro extension
Additional help with Joomla 1.5 migration
There are videos on YouTube that also help guide you through a 1.5 - 2.5 migration.
How to migrate Joomla 1.5 to Joomla 2.5 - [Part 1]
How to migrate Joomla 1.5 to Joomla 2.5 - [Part 2]