All software users have struggled with this question at some point:
"Should I go through the hassle of updating to the latest release, or should I take a risk and keep using an old version?"
We get this question frequently from our Joomla and Drupal users. To help them work out what to do, here's our guide to using unsupported software.
What is Unsupported Software?
"Unsupported" generally means there will be no more updates. Even if there is a major security issue, the developers do not promise to provide a fix.
Sometimes, there are exceptions to this rule:
- Official developers: the PHP developers stopped support for PHP 5.2 in December 2010 and then released a security fix one month later.
- Third-party developers: a company Netshine have a patch to make Joomla 1.0 run on the latest version of PHP.
- Custom fixes: if you have an old site, you can pay a developer to provide support, even after official support has ended.
However, you really can't rely on the first two options and it might not be easy or cheap to find a developer willing to help with the third option.
Why Do Developers Stop Supporting Software?
Because their time and resources are limited.
Both Joomla and Drupal make it clear that they can only support two versions at a time. Currently Joomla is only supporting versions 2 and 3. Drupal is only supporting version 6 and 7. When a new major version comes out, such as Drupal 8 next year, support for the older version will end.
Examples of Using Unsupported Software
- Staying with Drupal 5, or Drupal 6 after August 2013.
- Not updating to the latest releases which are Drupal 6.26 or Drupal 7.16.
- Staying with Joomla 1.0, or Joomla 1.5 after this year.
- Not updating to the latest releases which are Joomla 2.5.7 or Joomla 3.1.
- Staying with anything except the very latest release, which is currently 3.4.2.
Why Would You Keep Using Unsupported Software?
Many people use unsupported software simple because they forget to update or because they don't use their site very often. We're not talking about those people here.
We're going to talk about people who know they need to update, but actively choose to keep using unsupported software. What are those people thinking?
- The update is too difficult or expensive. This is a common reason for staying with Joomla 1.0, Joomla 1.5, Drupal 5 or soon Drupal 6.
- It might break features you need There's a huge amount of nervousness around updating. It's also difficult and time-consuming to test updates. Why risk the update when your site works fine now?
- You know it breaks features you need. WordPress 3.3 is a good example. The menus in that release caused accessibility problems for a number of people who had a hard-time updating.
- There's no rollback option. Unless you have a very powerful development setup, most software simply doesn't have a rollback feature. If you update and break something, there's no Undo button.
- You're busy and have better things to do. To be honest, this is often why I don't update. I have a business to run and other things on my plate. I just don't have time to update some non-essential sites.
What Happens if You Keep Using Unsupported Software?
Please note: I am in no way endorsing the use of unsupported software. It's bad behavior and should not be encouraged. However, we live in the real world and we all do it sometimes. Here's what may happen if you keep using unsupported software:
- Nothing. The most likely outcome is that your site will keep on running without any problems. I still have Joomla 1.0 and Drupal 5 sites. All of them have been running for nearly 2 years after official support ended. However, those sites are starting to show their age. Dynamic sofware such as Joomla, Drupal and WordPress just can't last as long as old-fashioned HTML sites. My unsupported sites increasingly have problems with the latest version of PHP on our server. I'm also reluctant to make any changes to the sites as they are increasingly fragile. Not only the core, but also most of the Joomla extensions and Drupal modules on those sites are now unsupported. I've managed to put the decision off for 2 years, but at some point, I'm going to have to either update those sites or delete them.
- Immediate site death. This outcome is most likely if your software was being updated to fix a major security hole. Once news of the security hole is made public, many hackers will try and find sites that aren't updated and so are vulnerable. The good news is that such major security holes happen rarely. In the last 5 years, I can recall only a couple of examples each for Joomla, Drupal and WordPress.
Sure, it would be great if we never used unsupported software. But, we live in the real world and it happens for all sorts of valid reasons.
If you don't update your site to a supported version, you may be hacked immediately if the update is to fix a serious security problems.
If you don't update your site, your site may be fine for years to come. However, you will need to make an update decision eventually. Joomla, Drupal and WordPress sites can struggle on beyond their use-by-date, but they don't last forever.