This week several of our members received an email from Bluehost.
Bluehost are telling all of their customers on Joomla 1.5 that they'll be suspended if they don't upgrade.
All in all, it was a messy and confusing email. They seem to confuse Joomla 1.5 and 2.5, and they also seemed to say that they'd forcibly migrate users.
First we'll show the email, then we'll post our recommended solutions.
The e-mail that Bluehost sent
"It has come to our attention that you have at least one installation of Joomla 1.5.x - 2.5.16.
The 1.5.x version has been deprecated by Joomla for over a year, with no official updates (including no security updates). Without continued maintenance from the Joomla team, your current installation has extensive security vulnerabilities. This means that your site can be easily hacked by any hacker with minimal skills.
Because your site security is also important to us, we highly recommend migrating to the most recent Joomla branch. Unfortunately, if your site is found to be compromised then we will have to suspend your services through us until the problem has been corrected. Throughout next week we will be migrating users found to be using Joomla less than 2.5.17, to 2.5.17. We strongly encourage you to perform the upgrade ahead of schedule to avoid any possible unforeseen issues.
The current stable and secure version of Joomla is 2.5.17. For instructions on how to migrate to the newest version, see the Joomla documentation: link.
The migration process is targeted to standard Joomla 1.5 installations, which will cover the majority of users. If you have custom themes or code they may not be compatible with the recommended upgrade process.
There is also a Joomla Extension jUpgrade that can assist with your update from Joomla 1.5 to Joomla 2.5.17: link.
For upgrading installations from 1.7+ to 2.5.17, please follow these instructions: link.
All of these upgrade options may not work in some circumstances where a custom template or plugin is in use.
Finally, for best results on all Joomla installations, we recommend reviewing and following the Joomla security guidelines: link.
Please migrate to the latest version (currently 2.5.17) as soon as possible to avoid any delays or interruptions to your site functions. Thank you for your attention in this matter and please feel free to contact us if you have questions or concerns."
Solution #1: Move
Let me be clear: Bluehost are a business and they're perfectly within their rights to make this decision.
However, if you are a Bluehost customer, our advice is that you should probably leave. We don't think this decision was handled well at all. It has been very concerning and troubling experience for a good number of our customers.
I know for a fact that some hosts still support tens of thousands of out-dated sites. They just take care to add extra layers of security. You can still find hosting companies willing to work with you and an out-dated site.
Solution #2: Apply the the 1.5 patch
There has only been one significant security hole found in Joomla 1.5 and a patch has been provided.
You can grab an easy-to-install copy of the patch by clicking here.
Solution #3: Know the risks
It's worth reading our full post called "Should you keep using unsupported software?". Sure, it would be great if we never used unsupported software. But, we live in the real world and it happens for all sorts of valid reasons. That post helps you understand the risks of staying on a platform such as Joomla 1.5.
Solution #4: Know about Joomla versions
Rod from our team here at OSTraining filmed this short and sweet introduction to Joomla versions:
Solution #5: Upgrade yourself
Bluehost did have some useful links. There are also some extensions that can help you. When doing site migrations, we normally rely on one of these two:
Solution #6: Ask for upgrade help
We've done a good number of site migrations. Simple moves can be done inside a day, although more complex moves can take a couple of weeks. Click here if you want our help with upgrading.