When it comes to making sure websites are secure one of the basic things that needs to be done is to keep the software up to date. For Joomla that means that currently means running either the latest version of Joomla 2.5 or 3.2. We continue to clean up many hacked websites that are still running Joomla 1.5, for which support ended in September of 2012. While most of the hackings are due to security issues unrelated to the outdated version of Joomla, it is concern that so many are still running Joomla 1.5. To get a better understanding how wide spread use of Joomla 1.5 is we have compiled the data on what versions were found on the website checked with the online version of our Joomla Version Check tool (which is also available as web browser extension for Firefox and Chrome) during January.
As can be seen in the pie chart below 31 percent of the websites checked during the month were running Joomla 1.5 and 2 percent were still running Joomla 1.0, for which support ended in July of 2009.
Some, if not most of the blame for this, should go to Joomla developers that didn’t provide an easy path to move to a newer version. Instead of being able to upgrade to a newer version of Joomla a more complicated migration needs to be done and curiously the developers did not provide a tool to do that, relying on third party tools to handle it. We have found that some of those tools provide rather poor results. The difficulty in moving to a newer version is probably best highlighted by the fact that portions of the Joomla website are still running Joomla 1.5, including the Extensions Directory:
The other very concerning stat that shows up in the data is that 6 percent of the websites were running a Joomla version between 1.6 and 2.5.2. Last month we discussed that a serious vulnerability in those versions of Joomla is being exploited and people still running those versions need to upgrade as soon as possible. Unlike migrating from Joomla 1.5, upgrading those installations to the latest version of Joomla 2.5 is fairly easy and it shows that the handling of security of Joomla websites is in need of improvement.