Risk of outdated Drupal installations? - drupal

We've recently had several hacks on our one server. We've been advised to upgrade all scripts. The problem is, the Drupal installations. Upgrading these are a massive task. I would like to know, out of fellow Drupal users, in your experience, how unsafe is it to remain on a say version 6.10 as apposed to upgrading 6.28 (the latest)? Is there a point at which you can say: this is really too old now and an upgrade is absolutely necessary?
I'm not too worried about the modules, my concern is the Core Drupal installation. Does it ever become a security risk, or can you stay on the older versions?

"Upgrading these are a massive task"
Not necessarily! I find using git a pretty safe way to deal with such upgrades.
My basic workflow is usually to:
- create a repository with the current Drupal version.
- download the latest core version
- rsync the current version with the latest core version
- update the repository
As expected, I do all of the above on my local version, after checking that everything is working fine. I update the remote repository, then update the actual live site from git.
If you're not familiar with git, basic tutorials are easy to find online. The idea here is not to explain the process in details, rather to send you in the right direction. You will find that it's a pretty flexible workflow, a great way to update modules and generally any type of code.

Related

Downgrade wordpress multi site to earlier version

I'm having some problem with a custom made plugin since upgrading to the newest wordpress version. I've made downgrades before, so that's not the problem. This, however, is a multi site and I'm uncertain if it makes a difference when making the downgrade? Is it the same or should it be avoided?
And, yes, I know I should probably change the plugin, but it is vital for the site!
Not much of a conclusive answer really, but I am fairly certain I have successfully downgraded downgraded a WPMU site in the past (before it was renamed Network Site). Just load /wp-admin/upgrade.php as you would normally do. I would strongly recommend you do the downgrade on a development system before performing it on you production site.

Is it possible to upgrade Drupal from very old version(4) to the newest one(7)?

I have to upgrade website running very old version of Drupal (cannot even find out which version is that, but I guess it is even before 5) to the newest one? Is that possible? If yes, how to approach this?
The Drupal web site makes it clear that you cannot skip major versions when doing version upgrades.
See this page: http://drupal.org/upgrade/
(it talks about not being able to skip from v5 to v7; it doesn't even mention v4!)
So if you do manage to upgrade your site all the way from v4.x to v7, one thing is for certain - it's going to be a long-winded process.
The other thing that is going to be a major issue for you is that the Drupal module ecosystem has changed radically in the space of time between v4.x and v7. Many modules that you'll be using in v4 will be either unsupported in later versions, or not have an upgrade path, so you may have a lot of manual hacking to do.
On the flip side, there are likely to be newer modules that can do things in recent versions of Drupal which were not possible in older version or were done in a very different way, and you may find yourself wanting to use some of those modules instead of ones you've got in place. Again, lots of manual work I forsee for you.
In summary, I would suggest that upgrading from such a long way back to the current version is going to be extremely difficult. You may find it easier to start again from scratch and rebuild everything. I'm sure you could get some data imported from the old site to maintain continuity.
One further thing I would add is that this isn't a Drupal-specific problem, so please don't blame the Drupal developers if you struggle with this upgrade - you'll get this issue with virtually any software you run if you don't keep it up-to-date. Try upgrading a Windows95 machine to Windows Vista and you'll see what I mean.
It would be possible, but could be very hard.
You would need to go from 4 to 5, then 5 to 6, and finally 6 to 7. You will have to make sure that your data is still intact along each upgrade and back up your database. Update any contributed modules and check if any have been deprecated along the way and find suitable replacements if possible.
Depending on your site, if it is just the content and you are not concerned with losing url aliases, taxonomy terms, etc. then trying to export/import your raw data directly into a fresh drupal 7 install might be easier.
Edit: You would also need to upgrade any custom themes and modules drastically.
I do not envy your task, as you will need to learn the changes from D4 to D5 only to later discard this knowledge as you learn the changes to become D6 compatible and then discard that knowledge to become D7 compatible.
As you said you do not really care about losing taxonomy terms or extras, you might want to try http://drupal.org/project/import_html or a similar module to scrape your website (though it is not actually static) and convert it automagically into nodes. That module is not currently available in D7, but would get you from D4 to D6.
The key thing to remember is frequently backup your database in case anything goes wrong or you want to try different upgrade paths.
It is doubtful that many contributed modules you are using would survive the upgrade, unless there is a release for each of versions 4, 5, 6, and 7. I agree with #brian_d, the best course of action may be to export your content and import into a fresh Drupal 7 site.
The general procedure for updating:
Assuming you are on version 4.7.x of Drupal:
Update Drupal and any contributed modules you can to the latest release for 4.7.x, in case there were schema changes
Disable contributed modules
Update Drupal to the latest version of 5.x
Update and re-enable modules/themes to the latest release for 5.x
Repeat steps 2-4 for 5.x to 6.x and again for 6.x to 7.x
I've been using Drupal since 4.x. During that time I've had to upgrade numerous times. Mostly I've had good success using the standard upgrade process. However, I've had to do several upgrades manually because of one issue or another. This was basically a Copy and Paste upgrade.
To read more about the Copy and Paste Upgrade go here: Upgrading Drupal by Copy and Paste.

Drupal: last core version update. Risky, if I don't update it?

I did several websites with Drupal, and now the core is updated and I cannot come back to my customers to update previous installation. I was wondering how risky is to not update drupal core to the last version and how web developers should deal with websites management.
ps. My customers do not have any computer skills.
thanks
The openness of open source means that it is easy to know what an upgrade has fixed. It also means that a hacker could just look at the release notes and do a diff between the previous and current version to spot the vulnerabilities in the previous version.
If you have a good relationship with your clients I would explain the need for an upgrade and see if they want to pay you for it, as their sites are vulnerable to anyone determined enough to look at the release notes and do a little digging.
Here are release notes. Answer on your question lies inside.
Updating the core is very Important, it solves some security risks and brings new features.

Are there any all-in-one packages that help install wamp on a production server?

I need to install amp on a windows2003 production server. I'd like, if possible, an integrated install/management tool so I don't have to install/integrate the components of amp separately. Those that I've found are 'development' servers. Are there any packages out there that install amp in a production ready (locked down state)?
I'm aware of LAMP... Windows, since we have IIS apps already and we've paid for this box, is a requirement. I'll take care of all the other hangups. I just want a simple way to install, integrate, and manage AMP.
I'm not sure running WAMP as a production server is a good idea. I use wamp to stage proyects and then I move them to a Linux server.
You can try any of this solutions:
http://www.uniformserver.com/
Some people state that they are working fine with WAMP Server, but again, I wouldn't recommend it.
Xampp is quite popular, i just don't know how "production level" it is:
http://www.apachefriends.org/en/xampp.html
Without wanting to sound elite: For "real" production Environments, it's possibly not a bad idea to setup and configure the components individually, but this requires some deeper knowledge than "hit setup and run".
There doesn't appear to be any all-in one packages that are up to date and 'designed' for production. You just can't trust the default installs to be secure on whats out there.
I ended up just doing this manually. It wasn't painful though. Each component's install procedure was documented reasonably well. Took me about 3.5hrs. A nice side effect of the involved setup was that it gave me a much better understanding of each component's dependencies and the ways in which they touch. In hind sight I should have done it manually from the start.
Note: make sure you read the comments below each component's documentation pages. Some contain valuable corrections to the install process.
Since the time this question was asked Zend has released Zend Server.
Zend Server is a complete,
enterprise-ready Web Application
Server for running and managing PHP
applications that require a high level
of reliability, performance and
security.
There doesn't appear to be any all-in one packages that are up to date and 'designed' for production. You just can't trust the default installs to be secure on whats out there.
WampDeveloper Pro is a commercial WAMP package that is specifically designed for production use (which I use).
I don't think that when this question was asked there was a viable solution for the above.

How do I determine if I should install Drupal 5.x or 6.x?

I'm planning to install Drupal. Is there any reason not to install the latest 6.x version as opposed to the 5.x branch? Are there any really good modules that are 5.x only?
Unless you have a 5.x module that you can't do without, and that you know is being worked on to upgrade to 6.x, just use 6.x. i.e. Only start with 5.x now if you know you have a upgrade path with your site to 6.x (and then 7.x). If the module isn't being actively worked on, it mean you'll be unsupported when 7.x rolls around, so you might as well solve the problem of doing without that module with 6.x now rather than wait till your site is developed and up and running.
I've found enough modules to happily run my site on Drupal 6.x I think the only 5.x module I miss is one that did very easy Google ad integration, and that may have been updated I just haven't checked recently. I don't get enough traffic to make the ads worth the time in setting them up, so I just use the search part of the ad campaign.
Drupal 7.x is under development now, so I would expect that anything that hasn't been moved from 5.x to 6.x is just not being developed anymore, and is probably not really that needed.
Ultimately, take a look at what modules you may need. With an account on Drupal's site, you can filter by install type. I found that 6.x is much easier to work with in some regards (managing and upgrading modules) and overall I've had a much easier time maintaining my site under Drupal 6.x than I did under 4.x or 5.x.
I also think that 6.x runs much faster.
My bosses were insistent on making Drupal 6 sites for clients as soon as it was released. This was a headache, because views and CCK were not done, as well as many other modules. Their rational was that we'd have to eventually upgrade to 6, and we wouldn't want to go back and redo these sites. It ended up that we had so many workarounds while using the development versions of modules that it was a pain every time we upgraded modules or core itself.
Thankfully, this is no longer the case. Views, CCK, and most other modules are now ready and stable for 6. The only module we use that hasn't been upgraded is eCommerce, and it doesn't look like it will be, since ubercart is pretty much the Drupal standard for commerce functionality.
We asked ourselves the same question several months ago (just before Drupal 6 was finalized & released)
Our office has limited development resources, and we had released a couple of D5 sites, and a D5 sales app.
We went with Drupal 6.
The decision came after considering the core of what we were interacting with. CCK & Views are the only die-hard critical components for anything besides a default Drupal install, and the level of participation and vitality of the projects was very encouraging.
The stuff that really, really matters, has been/is being ported over to D6, and the wow, this would be nice, p2 stuff is hit & miss.
If you're doing any module development, D6 is a winner.
If you're already very comfortable with D5, then stick with it.
I hope this helps.
The one significant CCK-related module that's not D6 production ready is filefield. This may not be an issue if you're not doing anything substantial with images and media, but might be worth considering if you're going to do any serious DAM. Otherwise, I think we're (finally!) to the point where it's making more sense to go with D6 than D5. Either way, it's definitely worth the time to architect the site according to your specific needs, figure out what modules you'll need and find out if any of them have yet to be updated.
The asset module is not available for D6 yet, not even in a development branch. I've heard a lot about its benefits as a single way to manage all kinds of media files, but most sites can probably happily do without it.
If you haven't been running Drupal before you could find that version 6 has the modules you need. Besides, modules gets ported and created every day so your missing modules could very well be on the way.
For me, the lack of a protx payment module was a deal breaker when choosing which version to use.
The best thing to do is get a full list of requirements before you start, and make sure it's all available in 6.
As a module developer, I feel that Drupal 6's API is more mature then version 5.
So even if you decide to choose 6, and then finds a module is missing, it will be easy to develop it to 6.
Now that I've used Views 2, I ain't ever going back (unless it's to revisit old projects).
I think now, all modules and themes that are of any worth have been migrated and now I'm seeing a trend of new (actually good themes) are drupal 6 only as are quite a few of the must have modules.

Resources