The developers of the Joomla! CMS product recently released a new version of their popular CMS application, Joomla! 2.5. This application is replacing their former product, Joomla! 1.7. Joomla! 1.7 will be going end-of-life on February 24th, 2012. This means that no further updates or releases will be made for the Joomla! 1.7 line of products. All Joomla! 1.7 users need to upgrade to Joomla! 2.5 before February 24th, 2012 so that their website can remain safe and secure.
For a better understanding of this, let’s take a look at all of the current Joomla! products:
Currently the latest version of Joomla! 2.5 is version 2.5.1. This is the latest version of the Joomla! 2.5 series. All users of Joomla! 1.7 need to upgrade to this release tree.
This version of Joomla! is being retired and being replaced with Joomla! 2.5. Versions of Joomla! 1.7 include: 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, and 1.7.5. If you are using ANY of these versions of Joomla! then you need to upgrade to Joomla! 2.5.1. Support for Joomla! 1.7 will be ending on Friday, February 24th, 2012. This is coming directly from the Joomla! developers. What this means is that after February 24th, if you continue to use Joomla! 1.7 on your website and a vulnerability is found in the Joomla! 1.7 line of products, the Joomla! developers will not fix this security issue. Your website will likely be defaced, hacked, and your web hosting account will be compromised. We may to to suspend or disable your web hosting account if this happens. PLEASE upgrade your Joomla! 1.7 script to Joomla! 2.5 as soon as possible.
This is a legacy release of Joomla! As far as I am aware of, there is no direct upgrade path from Joomla! 1.5 to Joomla! 2.5. But as far as I know, Joomla! 1.5 is not going end of life on February 24th, so users of Joomla! 1.5 are being allowed to continue to use this version of the script. The latest version of Joomla! 1.5 is 1.5.25. As long as you keep this updated to the latest version of Joomla! 1.5, you should be safe and secure.
Joomla! 1.0 or others
If you are using Joomla! 1.0 or any other version of Joomla! on your website, then it has long since been end of lifed, and is extremely outdated. Anybody that is still using this version of Joomla! is highly at risk for being attacked, hacked, defaced, and having their website completely compromised.
(Update: 02/14/2012 5:12PM CST)
Perhaps a point was not clear in this post. If you are using Joomla! 1.5.25, then you are fine. There is no need for you to upgrade or do anything else.
• If you are using 1.5.xx, some other version than 1.5.25, then you need to consider upgrading to version 1.5.25, the latest version of the Joomla! 1.5 tree.
• If you are using Joomla! versions 1.7.xx OR 2.5, then you need to consider upgrading to Joomla! 2.5.1
• If you are using Joomla! version 1.7.xx please realize that support for this version from the Joomla! developers and community will cease on February 24th, 2012. That is why these users need to upgrade to Joomla! 2.5.1.
• If you are using Joomla! version 1.0.xx OR version 1.6.xx please note that these version have already reached their end-of-life and are no longer being supported or maintained. If you are using one of these versions of Joomla! then you missed the end-of-life cutoff for those respective releases. You probably need to upgrade to Joomla! 2.5.1 but I am not sure what your upgrade path is. I would recommend posting in the Joomla Forums to see what the exact steps are that you need to do.
If you are running anything other than the latest version of your respective Joomla! release tree, then you are using an outdated version and are susceptible to being hacked or compromised. I did find this post on the Joomla! forum that echos why it is important to use an up-to-date script.
I hope this helps to clear up the confusion.
Backing up your account
Before attempting a Joomla! update we encourage you to create a backup of your account. Joomla! may have a backup component in it’s system, but I am not familiar with that. We do provide a backup method which you can use via your cPanel, to back up your entire account. For instructions on this see:
It’s always a good idea to keep a backup copy of your website, in case something happens to your website. While we’d like to believe that upgrading your Joomla! 1.7 to Joomla! 2.5 will be seamless, in the event that something goes wrong, having a backup of your website can be a life saver.
Upgrade Instructions – Non-Softaculous Users
Upgrading from Joomla! 1.7 to Joomla! 2.5 is suppose to be easy. The Joomla! developers have placed an instruction guide on their website:
I have personally tried the Extension Manager: Update method and the Admin Tools method to upgrade a non-production level version of Joomla! to version 2.5. This worked without any issues. But I would stress that I did not have any extension or components installed and the Joomla! website was non-production level.
If you have questions about the upgrade process, I highly encourage you to speak out at the Joomla! forums:
They have a lot more experience with Joomla! than we do and can likely better answer and upgrade questions you may have.
Upgrade Instructions – Softaculous Users
If you installed Joomla! through Softaculous, then you should be able to upgrade Joomla! to version 2.5 from within Softaculous. Unfortunately, I did not have a test site involving this, so I do not know how well this method works. If it fails to work, you may be able to complete one of the Non-Softaculous methods from above to upgrade your website.
If you are a Softaculous Joomla! 1.7 user and have attempted the Softaculous Joomla! 2.5 upgrade, we would like to hear about your experiences with this, so we can share this information with other users. Leave us a comment on how this procedure worked for you.
The one thing I can tell you is that if you ignore this warning about upgrading your Joomla! 1.7 website to Joomla! 2.5, then you are putting your website at risk of being compromised. There will be no further updates to the Joomla! 1.7 release tree, and so continuing to use Joomla! 1.7 means that you are continuing to use an outdated and unsupported piece of software.
This is all a continuing effort to keep our web hosting users informed and aware of security implications on their accounts. I can speak from experience, trying to recover from an account hack can be more difficult than taking measures to prevent a hack. Running up-to-date and supported software is one of the best things you can do to keep your website secured.