Why people don’t update Joomla
Every website is a business in some form or another[1] and how you manage your website determines the success or otherwise of your business. If you spend time cultivating your website, investing in developing new content, new software and general maintenance, your customers—the people who visit your site—will notice the difference and will return again. If you treat your site like a “field of dreams”—if you expect your business to flourish simply because you created a website (and that was the total extent of your time and energy)—then you’re in for a wake-up call.
Every website is a business in some form or another and the first order of business is to cover your operating expenses. You can (a) charge people to pay to view your site, (b) encourage people to donate their time and/or money to help with your running costs and/or (c) obtain revenue via in-site advertising. The success of your business depends on how well others enjoy doing business with you, whether they’ll visit your site, buy your products or refer others to your site and do the same and, hopefully, give you some profit at the end of the day. This website is no different. There are a couple of advertisements that appear on the pages—I certainly appreciate the tiny click-rate revenue they give me—but, I hope, they’re not too invasive. How a site owner designs their site and runs their business is entirely up to them, of course; I’m not suggesting otherwise.
There are three kinds of people in this world: those who make things happen, those who watch things happen and those who wonder what happened. The success of your business is in your hands and is dependent on the kind of person you are. Are you an entrepreneur, a passive observer or a victim of circumstances?
The one constant we can rely upon is that everything changes and, depending on the type of person you are, people manufacture a variety of excuses to rationalise why they’re unable to deal with inevitable change—the blame game. This article will help you identify whether you’re at risk of playing the blame game and how to rid yourself from the burden of using outdated, unsupported and vulnerable software.
Why people don’t update Joomla
“Why is my website broken?”
I realise this isn’t a reason or an excuse: it’s a fairly typical question that I see regularly and, if this is the number one question on your mind, I would like to take a few moments discussing the issues that this question raises.
Firstly, if you know that your website is broken (or has been hacked, looks like your grandmother’s dog’s breakfast, was last updated at 3:00 am on Wednesday, 1-Apr-2009) then the first thing to do is to accept the fact that your website is broken. While it may be strategically good to know the answer to the question why your website is broken/hacked or is a disaster, it is not good, from a tactical viewpoint, to ask the question “why” this happened[2].
To use a real-life example, consider the question “Why am I overweight?” There’s no single (or simple) answer to the question why some people are overweight/fat/morbidly obese. The fact that obesity occurs could be attributed to a range of causes such as diet, unhealthy lifestyle, bodily dysfunction or genetic disposition. Similarly, there are many “cures” for weight-loss although, I suppose, there is only one truly guaranteed method. The point that I am trying to make is that people can worry obsessively about why they’re overweight (or why things happen in life) but, until they accept the fact that they are overweight and that they’re prepared to actually do something to change that condition, does it really matter why? Just as there are no quick-and-easy solutions to weight-loss, as the saying goes, “there’s no gain without some pain.”
We all know the reasons why websites become corrupted: they happen because, just like with our bodies, we don’t take care of them; websites may become corrupted because they’re “genetically” disposed towards corruption; websites may have become corrupted because, over time, they became dysfunctional or they were attacked from unseen forces beyond our control. Therefore, the first step in fixing a corrupted site is to admit that an event happened at some time (or a series of events occurred over time) that, perhaps because of our inattention or neglect, caused the problems. While it may be interesting to know why the problem happened in the first place—so as to be prepared in case it happens again, perhaps—it doesn’t really matter why your website is broken unless you are also prepared to invest your time and perhaps your money into fixing it. On the other hand, maybe your website isn’t worth your time (and possibly money) to fix the problems and, if that’s the case you should stop reading this article now … because you already have the answer that you were looking for.
“None of my websites have been hacked: why should I update ... ever?”
There are one of two ways to respond to comments like this: (a) if you refuse to listen to the advice that people offer you to change your opinion then stop reading opinion pieces (like this one), live your life in whatever way you want, and people like me won’t have to invest our time trying to help you or (b) ask yourself the question, how do you know that no-one has attempted to hack, hijack or disrupt your website(s)?
The various self-help discussion forums that I visit on a regular basis are replete with questions—requests for help—from people who begin with the premise that their website has always worked well, that “something” is now not working properly and that the last time they did anything to their website was five years ago. They then go on to ask if anyone is (a) still using the same software that they’ve been using for the past five years and (b) if there’s a short-term solution to patch their site in some way so that they can continue to operate more or less indefinitely. Almost invariably, the answers to both questions are no.
First of all, web-based discussion forums are generally operated and visited by people who are not experts in everything. I don’t know everything about everyone’s website; I don’t know everything about every website that I’ve ever built (but I know more about my sites than I do about yours). Similarly, when people use discussion forums to obtain assistance for that “something” that isn’t working anymore, other users of forums don’t possess x-ray vision, crystal balls or other supernatural abilities that allow them to reveal every mystery surrounding the tangled mess that evolved over a five-year period. There are good reasons for maintaining your website—maintaining the software at the latest version in current use—even if it’s only that you stand a better chance of obtaining help from others.
Most websites are created for some practical purpose—for pleasure and/or profit—but it's also a fact that many of them simply become objects of sentimentality. Sentimentality is not a bad thing but it’s important to understand that the affection you have for your website is not shared by others. Website technology is continually evolving and the technology is disposable. In particular, web technology is low-cost disposable. The reason for investing your time and money[3] in maintaining your websites is determined by their value to you if they’re unavailable for any reason. It's the same as with any technology: the only people who are affected by an absence of technology are those who use it and rely upon it but, in the grand scheme of things (with over one billion websites connected to the internet) the loss of your website is unlikely to evoke any interest at all. It’s really a matter of keeping things in perspective: unless, say, you were operating a site like Google, eBay or Twitter (for example) very few people would be concerned if your site went off-the-air for any amount of time.
The premise, that a website that has never been hacked implies that it’s also unnecessary to update the software, is a fallacy. Of course it’s possible (or probable) that your website may never have been attacked/hacked/vandalised/exploited/hijacked. Likewise, we may never know why websites are continually attacked/hacked/vandalised, etc. every day but cannot ignore the fact that these things happen. The fact that your website has “never” been attacked could be due to good management on your part or it could be sheer good luck. Remember: your website has no value if it doesn’t exist and, unless you’re the kind of person who believes that good luck is an effective way of managing your business, it’s only a question of probability before your website assets become compromised.
Keeping your website software up to date may minimise the possibility of an external threat. It’s not the is not the only reason to maintain your site in good running order. Websites need to be maintained: software updates are only part of the general maintenance processes; regular backups (with copies held off-site) are essential, too. While the probability of an external threat may be low and, indeed, it may be more likely that website operations are disrupted through other causes, to suggest that it’s better to leave things as they are—never interfere with something that’s working now—is wishful thinking at best and criminal negligence at worst. If you want your website to survive the test of time then you need to maintain it. Perhaps I could say—channelling Jane Austen[4]—it is a truth universally acknowledged that a single website in possession of “good fortune” must be in want of a good make-over[5].
“I wasn’t aware that there was a new version of Joomla”
I love this excuse especially when it comes from people who created their website back in 2009 using J! 1.5.12[6] and now they discover the need to “update” their site to J! 3.6.5. The simple answer is that things only get more difficult the longer you delay getting your site in order.
When people admit their ignorance about the ongoing development of Joomla, it sounds like they’re trying to avoid personal responsibility for their own failure to stay tuned to the latest news. Joomla is continually evolving and, even discounting the versions of Joomla before J! 3.0.0[7], there have been 39 releases of J! 3.x averaging one new version release every 6 weeks. I accept that, sometimes, the official announcements about Joomla may occasionally slip through the net (which is one reason why I rely on a range of news services to keep myself informed about what’s happening in the world) but it’s another thing entirely to blame the creators of Joomla for failing to inform every one of the millions of people who use Joomla when new versions are available.
When you build a website it’s your responsibility to maintain it, it’s your duty to look after it and it’s your fault if something goes wrong. If you wake up one day and “suddenly” realise that your websites are using software that are several generations out-of-date this says more about you than it does about the rest of the world. However, when you do make these discoveries it's equally important that you act on the information. It’s bad to be ignorant but it’s unforgivable to not use your new-found knowledge. Of course I understand that sometimes it’s not always practicable or convenient to spend the time needed to update website software. On the other hand, it’s definitely not convenient when a site falls in a screaming heap when you least expect it. It’s all about risk management: you choose between spending time to prevent the likelihood of a catastrophe or you deal with each crisis as it occurs.
It’s understandable that people continue to ask for help with problems they’re having using outdated versions of Joomla. When the replies comes back in terms like “Joomla x.y.z is known to be vulnerable to attack” it’s almost like this information is news!
I wasn’t aware of the vulnerability …forum user, Joomla Forum, 10-Jul-2016
I could have chosen any one of thousands of examples to illustrate my point but what’s even sadder is that forum topics like these often remain unresolved and, like the problems themselves, the people who ask for help are also forgotten. In summary, the answer to the question, “Which version of Joomla is known to be vulnerable to attack?” is … all of them! It’s just that there are some vulnerabilities that have not yet been discovered and/or exploited.
“It’s equally effective to patch an old version of Joomla as it is to use the latest version”
I think that an old but updated version is still better than an old and outdated version.forum user, Joomla Forum, 15-Dec-2016
First of all, patching old, outdated versions of software is not easy; it’s not something that anyone—particularly a novice user—can do. Further, patches that were not created by the Joomla creators and that may be discovered on the internet have not been thoroughly tested. If you want to use such things then you do so at your own risk and, if problems occur, you are responsible for the problems that occurred by using software that has not be tested by the rest of the Joomla community.
To suggest that a software “patch” (designed to address “something” that may or may not affect the broader community) is as effective as a complete package that (may or may not) incorporate some security feature is pure speculation. The Joomla community exists so that its members can help one another. Specific, one-off “band-aids”—even those distributed in good faith—will eventually break leaving your website vulnerable to other unforeseen problems. It may be effective as a temporary workaround but it’s not as effective as a long-term cure. Moreover, using temporary means to work around long-term issues requires more effort to maintain them.
If you are one of those people who passionately believes that continuing to use an old, “patched” software is a better alternative than replacing the version of Joomla you’re currently using then I won’t try to convince you otherwise but, be warned, you’re on your own if you encounter problems.
Joomla software is disposable, replaceable technology. Unless you are a keen enthusiast who likes to get your hands dirty by tinkering around with PHP, I would avoid the band-aid approach to website maintenance. If you fervently subscribe to using workarounds then I suggest you join a community of like-minded people and I wish you the best of luck. It’s your choice: you can profit from using your website or you can spend your time continually performing ad hoc first-aid.
“Why update when J! 3.x is only used by 47.8% of all Joomla sites in the world?”
[J! 3.x] is used by 47.8% of all the websites that use Joomla.another forum user, Joomla Forum, 16-Dec-2016
Claims, like this one, are absurd and based on an unrepresentative sample. I don’t know for a fact how many Joomla websites (of all websites built with Joomla) use J! 3.x nor do I know for a fact how many websites built with Joomla are connected to the internet. What we do know, for a fact, is that the Joomla Security Strike Team has discovered exploitable vulnerabilities in all versions of Joomla prior to the current version and that the current version is the most secure, stable and reliable version that is available for general use. If people believe that, after four years in development, J! 3.x still has not penetrated the market sufficiently to reach a majority of acceptance then I will let people believe what they choose to believe.
Once upon a time, it was a generally accepted belief that the universe revolved around the Earth; in the Middle Ages, some people challenged that belief—and they were persecuted for it—until it became a generally accepted truth that the Earth is not the centre of the universe. I don’t know—nor do I care—how many websites use J! 3.x. I only know that if I do not maintain my awareness of the latest developments in webcraft, like the dinosaurs of old, I will fade into extinction and my webcraft will become totally irrelevant.
There’s an implication (in quoting from selected statistics) that, because J! 3.x is not a mainstream as, say, J! 1.x or J! 2.5, that the older versions were better. Well, if you think it’s better to use technology that is outdated and unsupported—because [the selected use of statistics suggests] it’s in more prevalent use—then I say good luck to you.
“The current version of Joomla does not offer the features I need in older versions”
There is actually an element of truth in the statement that the current version of Joomla does not offer features that existed in earlier versions. There are also good reasons why certain features that existed in earlier versions have been removed, retired or replaced. The key point in the argument about whether one version of Joomla is more (or less) “featured” than another version really centres around the need for that feature (or those features).
I agree that there were one or two nice features in J! 1.5 that have disappeared. There were also some horrible parts of J! 1.5 that were a curse and we are well rid of them. Although some features that existed in previous versions have disappeared the main problem is that some people are more attached to them to the exclusion of the bigger issues that needed to be addressed; major issues that were addressed and incorporated in subsquent versions of Joomla. These other matters were more important than whether a certain feature existed at one time. Although it may have been nice to retain some of those things we move on; change is inevitable. Ultimately it depends entirely on what one drives Joomla’s development: is it the Joomla core, itself, or one or another specific feature that may have existed at one time?
Sometimes we have to let go of the past. Sometimes we have to make difficult strategic decisions. Therefore, before you dismiss a newer technology in preference to an older technology that you were accustomed to using, ask yourself the question, “what is it about the feature(s) that existed in that older technology that I now need?” You may be pleasantly surprised that the features you thought you needed were imagined and not borne out by empirical evidence that the feature(s) actually benefited your website or your business.
“It costs a lot of money to update to the latest version”
In general, cost is not the only consideration involved in deciding to update your website. I believe that a more important consideration is what is referred to as projected cost containment[8], that is, the cost involved in not updating your website. We all understand that website construction involves an outlay of time and money. I do not know how much money it may have cost you to build your website (or have someone build it for you) nor do I know whether your website is returning a profit on your initial outlay. If you have a website that is producing a return on your investment [ROI] (even if the ROI cannot be measured, tangibly, in monetary terms) then you can probably claim that you have a profitable website business. What is it worth to you to keep your business operating? If your answer is it’s not worth the further investment of time and money, then you’re not thinking strategically.
People visit websites for innumerable reasons but last among those reasons is what specific version of Joomla you’re currently using. People may return to your site because they’ve benefited in some way or, like most people, they will spend their obligatory two seconds and move on. If you are content your visitors move on because your site is dysfunctional, displays content that never seems to change, then you probably know what you need to do. If you’re miserly in the way you keep your site up to date then people will spot that immediately. The internet is a highly competitive business and you risk being left behind if you don’t invest in staying up to date.
I cannot answer for you how much it costs to update a Joomla website to the latest version. It's a bit like answering the question “how long is a piece of string?” What I can say is that it is considerably easier (and less costly) to maintain 20 or 30 websites whenever a new version of Joomla is released than it to update one website that hasn’t been updated in the past five years. Therefore, when people suggest that it costs “a lot of money”, how much is “a lot” and what would it cost if you did nothing? Cost alone is not a reason to not update your website but it’s often used as an excuse to procrastinate about making a tough decision.
“I heard that there were problems with the latest version of Joomla”
I saved this one for last because it’s the oldest excuse in the book. Before I provide the definitive answer, it’s worth challenging the assumptions:
- From whom did you hear that there were problems with the latest version of Joomla?
- What problems, specifically, did you hear about?
- Have you tried the latest version of Joomla yourself on a test site?
- When you say the “latest version”, what specific version are we discussing?
I, too, have “heard” a number of interesting claims but to address the substance of the challenge: the definitive answer is “you’re absolutely correct!” … however hearsay is not a substitute for evidence.
And, by the way, Happy New Year!
Notes:
[1] see The last word about Kunena
[2] Why…? The most powerful and dangerous question that you can ask
[3] To use an analogy, there are many reasons why people invest their time and money on automobiles: [most] people use a car to commute, for business or pleasure, as well as those people who only use them on “special occasions”. Some people are qualified mechanics, others are hobbyists or enthusiasts, while most of us (I suppose) are mere “consumers” who understand little more about how their car works apart from what’s printed in the owner’s manual and knowing how to read the instrument gauges. One thing that all motor vehicles have in common is that the technology is constantly evolving. The spare parts, consumables and the know-how that existed when the vehicle was first built becomes less obtainable as the years go by. Eventually, antique cars outlive their usefulness for everyday purposes and they become mere objects of nostalgia, of sentimentality. For most of us, who are not motor vehicle enthusiasts, the car is “disposable” technology; the main reason we don’t dispose of our cars more often is because of the cost that’s involved.
[4] “It is a truth universally acknowledged, that a single man in possession of a good fortune, must be in want of a wife.” Jane Austen, Pride and Prejudice
[5] see also https://fmgsuite.com/market-in-motion/improve-your-website-now
[6] J! 1.5.12 was released on 1-Jul-2009. J! 1.5 was officially retired with the release of J! 1.5.26 and support for this series ceased on 1-Sep-2012; J! 2.5 (formerly known as J! 1.6 and J! 1.7) replaced J! 1.5 but it, too, has now been officially retired as of the release J! 2.5.28 and support for that series ceased on 31-Dec-2014. J! 3.x replaces J! 2.5. In order to update the software used on J! 1.5 or J! 2.5 websites, for compatibility with J! 3.x, it is necessary to first migrate the original site contents to a new site operating with the latest version of Joomla.
[7] J! 3.0.0 was released on 1-Sep-2012.
[8] http://www.businessdictionary.com/definition/cost-containment.html
{jcomments lock}
