When Your CMS Reaches End of Life
End of Life (EOL) in the CMS world refers to the point in time when an older version stops being supported by the company or community that has built it, and all efforts are focused on current and future versions. No support means performance, and more importantly, security issues, which nobody wants.
As a web host, we see our fair share of EOL CMS usage. While we often make our own patches to keep outdated client websites secure and in other cases we notify them about issues, it really is the application’s responsibility. We can’t possibly keep track of every outdated software we host and every security vulnerability that comes with it. Hence, here is more about what to do when your application becomes outdated and no longer supported.
When is it EOL?
Every CMS has its own development cycles and thus EOL strategies. Even among the free platforms that most of our clients use – Drupal, WordPress and Joomla! – there are observable differences.
At the beginning of this year, 3 months after Drupal 8 came out, Drupal announced the end of support for version 6. Drupal 7 and 8 are currently both supported and it will probably be a while before we see version 7 dropped. Drupal is notorious for longer development cycles and harder updates between versions, hence the longer support cycles. Drupal 6 for example, was in support for about 8 years.
WordPress and Joomla, on the other hand, are quite different in this aspect. The WordPress release archive states that only the latest version is safe and actively maintained, and the Joomla! version guide says pretty much the same thing. Given the much easier update processes of WordPress and Joomla!, it makes sense for them to focus efforts on the latest versions only.
Upgrading is Best, But Sometimes Hard
Of course, no one can argue with the fact that running the latest version of your CMS is the best idea, always. That’s why we’ve worked hard to build our own auto-update tools for WordPress and Joomla!
However, every experienced sitebuilder has run into upgrade issues at one time or another. Even one-click and auto-updates sometimes break themes or plugins, and you then have to spend time restoring backups, debugging and so on. In the case of Drupal, where upgrades are harder and more time consuming, planning and executing an update on a large website can be a very serious development task.
Additionally, some projects simply do not need further development and new features from the CMS (e.g. brochure company sites). They just need to stay secure. When you’ve got hundreds of such websites, upgrading all of them just to stay secure is an overkill.
External Long Term Support (LTS)
When you can’t upgrade for any reason, there are vendors out there that provide their own LTS support for different CMS platforms. One such is Tag 1 Quo, who specialize in Drupal 6 LTS, but have announced plans to move into WordPress soon, starting with versions 4.5 and 4.6.
With Drupal 6, Tag 1 Quo uses a module to collect information about your website. They compare version information with their database of known security issues, and can then provide up-to-the-minute information about your security status. What’s more, some of their plans include patch development, which means that when a given issue affects any of their customers, they’ll work together with the Drupal community to develop a patch for you (they are an official Drupal 6 LTS vendor).
SiteGround is partnering with Tag 1 Quo to improve our user’s security. All of our existing clients can find a discount code on the Resources Tab of their User Area.
Comments ( 8 )
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
Davide Masserini
What about a solution for Joomla and WP??!! I don't get this post.
Kiril Hristov
Hi Davide, Joomla and WordPress are much easier to update, so keeping them up to the latest version is best. Otherwise, surely there are external LTS providers for them, too. Tag 1 Quo is introducing WordPress support soon, for example.
Steven
Very cool. Other than the big three (WP, Joomla, Drupal) what other CMS have hit end of life support? Think my XOOPS 1.0 site has hit EOL :-) Thanks! -- Steven
Kiril Hristov
Hey Steven, any CMS with several versions on the shelf will usually have one that is no longer supported (EOL). It makes sense to focus on new versions and drop old ones as you go. Therefore, all of them hit EOL, eventually.
Best essay writign service
useful
Jigar Shah
Agree with you that Upgrading is the best option but it's time-consuming and sometimes hard working process, so (LTS) External Long Term Support is the best way for the site owners. It's cost-effective and easy to manage. Wonderful post with the supportable idea.
Kiril Hristov
Thanks, Jigar. Cheers!
Ian Macdonald
Very true, and I think this underlines the fact that people using a SQL-backed CMS frontend when there is no particular need for such - as when the site content is basically unchanging, or could easily be updated by FTP- ought to think carefully about whether a static site or file based CMS would be a better option. The time this choice bites you in the proverbial, can arrive before the CMS reaches EOL. It can be when a security update creates a conflict with the template/theme in use. Which can basically happen anytime. You are then faced with telling the client that they need a new website, or else a fairly costly theme rework. The client, understandably, thinks you're just trying to 'milk' them for unnecessary work, and says No. So the unpatched site stays up.. and gets hacked. Most of this grief can be avoided by not using SQL-based products, since the majority of hacks are SQL code injections.
Start discussion
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through