Just enough J!1.5 sites have been hacked in my orbit of sites in a short period time to lead me to conclude that it’s a pattern, not random.
Joomla 1.5 is not supported by the Joomla Project. Hackers know that these sites are sitting ducks for hacks. There is code on these sites that is vulnerable to hacks. Joomla 1.5 sites are soft targets for hard hacking.
I look back and think that I should have been extreme with my Joomla 1.5 installations. The benefit of hindsight, for sure. Instead of just taking Joomla 1.5 as-is and installing it as-is, I should have actively managed Joomla 1.5 itself.
This is my own checklist for going back to Joomla 1.5 sites. It’s a list of things that can be done today, without clients thinking I’m dreaming up excuses to invoice ‘em:
- decent .htaccess file in webroot;
- update JCE to the latest version (v2.3.1 for J!1.5) (older versions of JCE might be susceptible to hacks);
- if you know of Joomla 1.5 updates for your extensions, update ‘em;
- delete every component that can be deleted;
- delete unused templates;
- delete the native Joomla banner, newsfeed, poll, weblinks components, b/c these components are delete-able;
- make sure you are using Joomla 1.5.26 — yeah, it matters.
Keep managing your going-concern Joomla 1.5 sites!