Is Joomla 1.5.26 Still Secure?

Up until recently, we were recommending our clients to keep using Joomla 1.5.26 until the end of the year, but we no longer recommend this. In fact, we are urging all our clients to migrate as soon as possible from Joomla 1.5.26 to Joomla 2.5.6 (or the latest version of Joomla, whatever it is).

So, why the sudden change of heart, you might wonder?

Well the reason for this is that in the past week alone we had over thirty cases of hacked Joomla websites, over twenty five of them were using Joomla 1.5.26! We know, it’s unbelievable, but it’s logical. Here’s why we think it’s logical:

  • The majority of Joomla websites out there are still using the Joomla 1.5.26 version – simply because it’s too hard to migrate from Joomla 1.5 to Joomla 2.5.
  • Joomla 1.5.26 has now several security breaches, especially in its TinyMCE editor.

  • All these websites using Joomla 1.5.26 are being hacked at the moment – one by one, and repeatedly!

So what can you (yes you!), the administrator (or owner) of a Joomla 1.5.26 website do? Well, we think that you have no other option but to migrate to Joomla 2.5 – no matter how costly or complicated that migration is. We don’t think that you have any other option – new vulnerabilities in Joomla 1.5.26 are being discovered (and maliciously exploited) every week – so even if you address a vulnerability on your website new ones will pop up!

But why not wait until Joomla’s development team fixes these vulnerabilities on Joomla 1.5.26 and releases a better, more secure version, such as Joomla 1.5.27? Well, because they will never fix it. The Joomla official development team has ceased support for the Joomla 1.5.x line back in May of this year (2012). Considering the amount of websites that are currently using Joomla 1.5.26, we think that the official Joomla team should address these issues immediately, but we doubt that they will!

But what about if you get a company like itoctopus to secure your Joomla 1.5.26 website, so that all the vulnerabilities and exploits would be addressed? Unfortunately, neither we at itoctopus nor any other company can do that for you (in fact, any company claiming that they’ll be doing this will be lying). And even if it’s possible, it’ll definitely cost less and take less time to migrate all your website (including its data and all the 3rd party extensions) to Joomla 2.5. We will never recommend this option, regardless of the structure and the size of your website.

But why did the Joomla official development team cease to support Joomla 1.5.26? Well, because 1) they want to focus on the new 2.5 and 3.0 lines of Joomla, and 2) they know that Joomla 1.5’s code isn’t optimal (and that’s why most of it was re-written in Joomla 1.6, which has the same engine as Joomla 2.5).

How about upgrading to Joomla 1.6 or Joomla 1.7? There are two reasons why you should never consider this as an option:

  1. It’s not an upgrade to Joomla 1.6 (or 1.7), it’s a migration (see the difference here) that is nearly identical to the Joomla 2.5 migration. This means that the amount of work to migrate to Joomla 1.6 is more or less the same as migrating to Joomla 2.5.
  2. Joomla 1.6 and 1.7 were both discontinued – even before the 1.5 version was discontinued (both were deemed to be unstable versions and that’s why they had a very short lifetime).

Again, we’re confident that Joomla 1.5.26 is no longer secure and you’ll be putting your website’s reputation and your visitors’ computers at risk if you continue using this version. If you need help upgrading from Joomla 1.5 to Joomla 2.5, then you’re at the right place! Just contact us and we’ll start working on the migration almost immediately. We’re fast, we’re honest, we’re hard workers, we won’t charge you much, and we’ll ensure that your website looks and works exactly as it was before the migration that you won’t even think that we have migrated it! (unless, of course, you went to the admin section of the website – it’ll be all different there, but definitely more powerful and exciting!)

11 Responses to “Is Joomla 1.5.26 Still Secure?”
  1. Pingback by Why Migrate to Joomla 2.5? | itoctopus — September 9, 2012 @ 9:14 pm

    […] 1.5.26 is no longer secure: We have said it before and we’ll say it again – Joomla 1.5.26 is no longer secure! There are various exploits that were lately revealed in the Joomla 1.5.26 core that render any […]

  2. Pingback by Are All Your Joomla PHP Files Hacked? | itoctopus — October 30, 2012 @ 5:41 pm

    […] of these websites were running Joomla 1.5.26 – a no longer secure version of Joomla. We think the situation got to this point (where each file was hacked) the following […]

  3. Pingback by Is Joomla 1.5 Still Supported? | itoctopus — November 17, 2012 @ 1:21 am

    […] and as we already explained, Joomla 1.5.26 is no longer secure, and new exploits are being discovered periodically. We are […]

  4. Pingback by What Is the Best Joomla Version? | itoctopus — December 26, 2012 @ 8:00 am

    […] we’re no longer able to say that Joomla 1.5 is the best Joomla version out there, because it is no longer secure (we have written an exhaustive post about […]

  5. Pingback by What Is the Worst Joomla Version? | itoctopus — January 25, 2013 @ 10:27 am

    […] there, and those with Joomla 1.5 are very hesitant to migrate to Joomla 2.5, despite the fact that Joomla 1.5.26 has been deemed insecure as of May of […]

  6. Comment by Robin — July 24, 2013 @ 8:30 am

    can you tell me if you have been hacked and have a virus, is it too late to recover any of the web info as I did not know about this until now and then was given your link but, can one still migrate to the new version?

    Hope I can get some good results and looking forward to hearing from you.

  7. Comment by Fadi — July 24, 2013 @ 12:02 pm

    Hi Robin,

    Yes – your data should still be recoverable and you still can migrate to Joomla 2.5.

  8. Comment by Dan — August 15, 2014 @ 7:15 am

    Interesting article. I have a site using Joomla 1.5.26, the admin area is rarely if at all used – I was wondering if I were to remove the admin area and editors folder how much protect this would give again the issues that Joomla 1.5.26 suffers from?

  9. Comment by Fadi — August 15, 2014 @ 8:17 am

    Hi Dan

    You can’t remove the whole administrator folder because the frontend of the Joomla website needs files located under that folder to work.

  10. Comment by Dan — August 16, 2014 @ 5:04 am

    Hi Fadi – thanks for getting back so quickly. I actually ran a little test and removed it. Nothing on the front-end seems to be broken. Is there something specific on the front-end that would not be working if the admin folder is removed?

  11. Comment by Fadi — August 19, 2014 @ 6:57 am

    Hi Dan,

    That is really odd – the website shouldn’t work without the administrator folder.

Leave a comment