Drupal 6 has been around since 2008 and has been used by thousands of websites as a content management system (CMS). However, Naked Security reported that the version reached its end-of-life (EOL) mark and is now officially unsupported. No further security updates or patches will be supplied for the version 6 core or its modules as of Feb. 24, 2016.

The Implications

While WordPress is still the most popular CMS for websites, Drupal is the second. Figures show that about 1 in 10 of the sites on the Web that use it run version 6, according to Naked Security. Now that this version has reached the end of its supported life, those sites become targets for criminals. Like Windows XP, it will be unpatched and unsupported by the developers, becoming vulnerable to any exploits found in the future.

When Drupal version 8.0 was announced in 2013, the EOL date for version 6 was set. Even then, some wondered about this legacy situation and whether the version 6 sites that are out there — and are rather difficult to upgrade anyway due to significant amounts of custom code — would ever be maintained.

OSTraining noted that there are major differences in how version 6 and higher versions of the CMS operate. Even changing from version 6 to 7 is not as simple as an update; it’s more like a full migration.

Long-Term Outlook for Drupal Users

The program and its community found three vendors who have agreed to provide a form of long-term support, according to a Drupal announcement. The companies have agreed to post security patch notifications on a community page.

MyDropWizard is one of these vendors. It announced one-year support for older CMS versions for a sliding fee that depends on the complexity of the customer’s instance. Tag1 Consulting will also provide long-term support, but the pricing is at a fairly high level of about $2,000 a month.

Additionally, Acquia is asking interested parties to contact it for more information about security supports for the earlier CMS versions. These three companies will provide a form of support as long as they can be paid for their efforts, but they and others will help users migrate to the latest version of the CMS, Drupal 8.

The only true way out of the situation seems to be migrating away from version 6 to one of the newer, supported versions. That’s the best way for users to ensure they are staying ahead of threats and receiving the latest updates.

More from

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk…

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

How Do Threat Hunters Keep Organizations Safe?

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and…

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…