Why your Drupal 5 or 6 website is no more secure

Nov 10, 2015
Why your Drupal 5 or 6 website is no more secure

Time to time every business owner faces this issue: his or her website is out of dates. This may be related to design, code, Drupal core update or anything else. The most painful problem is vulnerability - outdated websites are hacked more frequently. Especially now, when Drupal core version 6 has reached end of life. Some people hire outsourced team to support and maintain a website - and everything is OK. However, let’s take a look at opposite story when secure website builder has not been ordered.

Hello, this is Mr. Philip Stecklein. He is an old hand at trade - he sales organic food for pets. Actually he is not such a big animal lover and does not have seven cats at home, but this is his family business into which he puts his heart and soul.

Mr. Philip has a few retail stores in different states, but for now his core profit comes from ecommerce: people order what they want online, and couriers deliver goods. They are great. They are always on time.

Nevertheless, last week rocked his family boat - his business suffered from website hacking attack: someone stole his clients’ names, phone numbers and all that stuff.

Mr. Philip was more than angry. He would like to kill someone. But instead of that he had to face the issue with website hacking protection.

Even Drupal fails

First thing that Mr. Philip has done was to contact web developers and charge them in every problem that happened in the world. Developers shrugged: Mr. Philip have not ordered them to support a website, hence is was not their doubt. Both with that, they described the situation from technical perspective.

Mr. Philip’s website was built on system Drupal 5. It was released in 2007, and developing a website at that time Mr. Philip was superb modern.

However, nothing lasts forever, and Drupal 5 became old very fast. In 2015, all web developers build websites on Drupal 7.41 waiting for a release of Drupal 8. Every new version becomes stronger than previous one, getting more security upgrades and advanced Drupal core modules (programs to expand website opportunities). Drupal 7 was completely stronger than the core Mr. Philip’s website was built on.

In particular, advantages of 7th core in comparison to previous versions were:

  • new programming interface of a database application; it reduces the possibility of rejection into coding language which deals with relational database;
  • improved hashing algorithms - transforming any typed information into a code read by a machine; hashing is about strengthening a website by itself not preventing injections;
  • rejection of brute force attacks;
  • automated requirements for changing old passwords and secure password generator;
  • a module to update outdated plugins while next versions appear.

In comparison to 7, Drupal 5 was more vulnerable to hackers’ attacks and did not contain many modules to secure a website. It was like an old mitten with many holes - you can try to mend them, but it is not for ever.

How to deal with an old core

First thought which came to Mr. Philip mind after conversation with web developers was to cram his Drupal 5 website with different core modules and secure it - it should be cheaper in his view, because you did not have to pay for everything from scratch, just to modify existing version.

Nevertheless, his ideas did not have much support in reality - you cannot just improve your website if it is on Drupal 5 core. It is possible to patch Drupal, but you are not completely sure that bugs are fixed - new releases offer that opportunity. Sometimes you even have to develop everything from scratch. Programmers offered Mr. Philip either change the core or create a new website.

Programmers and Mr. Philip dealt to migrate a website from Drupal 5 to Drupal 7.41.

Moreover, there were many recently developed plugins to secure a website: Mollom to protect from spam, Security Review tool, stronger Captcha (this boring thing to type some letters from a picture to ensure that you are not a robot), Secure Pages Hijack Prevention and so on. As far as Drupal is among the most secure systems for website building, there are a lot of such modules, and some of them were placed on a website.

As a result of web developers work, Mr. Philip got upgraded website which was in few times stronger than previous one - with hacking protection, updated core, many secure modules and other advanced settings. Both with that, it was still very fast in loading a page and got more attractive design.

Mr. Philip delivered his website support to experts and since that moment has had no reason to care about its performance - professionals ensured high level of its support.

Like in those kind fairy tales - and lived they happily ever after. Therefore, do not repeat Mr. Philip’s mistakes - order your Drupal website support and maintenance from secure website builder. We would love to assist you!

 Get new blog posts by email