The other day, I got an email from a reader about a problem with content in Joomla articles (more about that in another post). In the email, he mentioned he was using Joomla 1.5.20 (at the moment, 1.5.25 is the current version).
So, the first thing I told him was to upgrade his Joomla site to the latest version. At first, he hestitated. It's too hard! But after a few words of caution, he came around and changed his mind. And I think you should, too.
I wrote:
First of all: Update your Joomla site to 1.5.25 (latest release). You can find the packages here.
The reader answered:
I looked into the [upgrade] notes and this looks extremely technical and I am scared I will mess everything up, so I will try fix the other issue first seen as though that is the only apparent problem right now.
My answer to this was:
You should ALWAYS upgrade to the latest version of Joomla. If not, you are opening up your site to hacker attacks. There are several secuity fixes among the latest patches. It's a easy as uploading the patch packages to your server via FTP (one by one) until you reach 1.5.25. Backup your site first.
Since a few versions back, the Joomla devs have stopped creating patch packages for other than the last version (i.e. from 1.5.24 to 1.5.25). So if you're not up-to-date, you have some manual work to do.
To make the upgrade process in Joomla 1.5 easier on yourself, you can use a tool like Admin Tools from Akeeba. If not, you will have to upgrade using the patch packages one by one (1.5.20 -> 1.5.21, then 1.5.21 -> 1.5.22 etc etc).
Known exploits
The thing with security releases is that they make security holes public (not how to do them, but that they excist). This makes it more probable that someone will try to exploit the weakness.
There are hackers using scripts to scan websites for known vulnerabilities. So if you haven't upgraded, you are potentially opening up your site for these guys.
Always upgrade!
I can't say this enough: Always upgrade to the latest release of Joomla. That helps you stay secure from hacker attacks. Also make sure your installed extension are updated to the latest version.
And by the way: Always do a backup first (did I already say that?)!