End of Life (EOL) in the CMS world refers to the point in time when an older version stops being supported by the company or community that has built it, and all efforts are focused on current and future versions. No support means performance, and more importantly, security issues, which nobody wants.
As a web host, we see our fair share of EOL CMS usage. While we often make our own patches to keep outdated client websites secure and in other cases we notify them about issues, it really is the application’s responsibility. We can’t possibly keep track of every outdated software we host and every security vulnerability that comes with it. Hence, here is more about what to do when your application becomes outdated and no longer supported.
When Is It EOL?
Every CMS has its own development cycles and thus EOL strategies. Even among the free platforms that most of our clients use – Drupal, WordPress and Joomla! – there are observable differences.
At the beginning of this year, 3 months after Drupal 8 came out, Drupal announced the end of support for version 6. Drupal 7 and 8 are currently both supported and it will probably be a while before we see version 7 dropped. Drupal is notorious for longer development cycles and harder updates between versions, hence the longer support cycles. Drupal 6 for example, was in support for about 8 years.
WordPress and Joomla, on the other hand, are quite different in this aspect. The WordPress release archive states that only the latest version is safe and actively maintained, and the Joomla! version guide says pretty much the same thing. Given the much easier update processes of WordPress and Joomla!, it makes sense for them to focus efforts on the latest versions only.
Upgrading Is Best, But Sometimes Hard
Of course, no one can argue with the fact that running the latest version of your CMS is the best idea, always. That’s why we’ve worked hard to build our own auto-update tools for WordPress and Joomla!
However, every experienced sitebuilder has run into upgrade issues at one time or another. Even one-click and auto-updates sometimes break themes or plugins, and you then have to spend time restoring backups, debugging and so on. In the case of Drupal, where upgrades are harder and more time consuming, planning and executing an update on a large website can be a very serious development task.
Additionally, some projects simply do not need further development and new features from the CMS (e.g. brochure company sites). They just need to stay secure. When you’ve got hundreds of such websites, upgrading all of them just to stay secure is an overkill.
External Long Term Support (LTS)
When you can’t upgrade for any reason, there are vendors out there that provide their own LTS support for different CMS platforms. One such is Tag 1 Quo, who specialize in Drupal 6 LTS, but have announced plans to move into WordPress soon, starting with versions 4.5 and 4.6.
With Drupal 6, Tag 1 Quo uses a module to collect information about your website. They compare version information with their database of known security issues, and can then provide up-to-the-minute information about your security status. What’s more, some of their plans include patch development, which means that when a given issue affects any of their customers, they’ll work together with the Drupal community to develop a patch for you (they are an official Drupal 6 LTS vendor).
We are partnering with Tag 1 Quo to improve our user’s security. All of our existing clients can find a discount code on the Resources Tab of their User Area.