The Joomla! developers recently released Joomla! 3.8 of their popular CMS software. Suffice it to say, there has been a lot of scrutiny with this release. There have been a lot of issues with the update process for Joomla! 3.8. On many occassions updating to Joomla! 3.8 breaks the website and it is a painstaking endeavor to get the website back up and running. To be fair, there are several other instances where updating to Joomla! 3.8 went smoothly. So to say that the update problems are an underlying problem with Joomla! is a false statement. But it still can’t be discounted that at lot of people are having issues with the Joomla! 3.8 update process.

As a web hosting provider, and one that cares about security, we have to advise you to keep the software and scripts on your website up to date. Because of this, we have to advise you to insure that you are running the latest version of Joomla! (Joomla! 3.8.2 at the time this post was published). But at the same time, we also recognize that there are issues related to some websites attempting a Joomla! 3.8 update.

All of these issues with Joomla! updates is making it very difficult for us to recommend Joomla! as a website platform. Joomla! may be great Content Management System for managing your website, but it’s updating process leaves a bit to be desired. If you are considering reworking your website altogether, you may want to look at alternative CMS software – such as, but not limited to, WordPress – to manage your website.

How can you be better prepared for the Joomla! 3.8 update?

• Backup your account before attempting any update
If you have a Joomla! extension that can backup your site, you may be able to use that to create a backup of your account before attempting any update. If you need us to make a full backup of your account before attempting any update, we can do that for you – just open a support ticket.

• Make sure you are using a reasonably up to date version of Joomla!
From what we have been able to ascertain, if you are using a version of Joomla! that is older than 3.6.5 (meaning your Joomla! version is less than 3.6.5) then you will most definitely have issues updating to Joomla! 3.8. You will need to update to at least Joomla! 3.6.5 before attempting the Joomla! 3.8 update. How exactly you do that is uncertain – Joomla! does not provide direct instructions on how to do that, just simply stating that it’s best if you are updating from Joomla! 3.6.5 or newer.

• Make sure your components are up to date and reputable
A lot of the issues related to the Joomla! 3.8 update seems to revolve around websites using outdated, abandoned, insecure, or just poorly written extensions and components. How exactly you determine if a component or extension is reputable, up-to-date, and secure – again that is not directly provided by Joomla! But you should review all of the components and extensions you have installed prior to attempting a Joomla! 3.8 update.

• Updated and still have issues?
If you attempt a Joomla! 3.8 update and you have issues with your website, our best advice is to seek help at the Joomla! forums – whether or not if they can help you, I do not know. But they have a much better understanding of Joomla! and what might be wrong and what needs to be done to fix it. Trying to resolve the issue might become very technical, but unfortunately that is just part of running a Joomla! site.

One of the best things you can do to insure that future updates will work better for you is to insure that you are using reputable components, extensions, and themes. There are lot of components and extensions out there for Joomla!, but a lot of them are poorly written or not properly maintained. If you can avoid using components and extensions that are not reputable, this will better insure that the developers that write the components you are using are updating their components to work with updated versions of Joomla!

Is your website ready for PHP 7.1?

We are finalizing plans to switch all of our servers over to PHP 7.1 by default beginning December 1, 2017. What does this mean for you?

If your scripts are up-to-date and are being kept up-to-date, then you should not be affected by this. In fact, you will likely see a performance boost because PHP 7.1 is showing to be much faster than PHP 5.6. If you are not keeping your scripts, plugins, components, and themes up to date, then now would be a good time to be doing that.

Why are you doing this?

Currently our servers are using PHP 5.6 by default. PHP 5.6 is expected to reach end of life on December 31, 2018. While that date is still over a year away, we just want to be sure that we are ready for this deadline.

http://php.net/supported-versions.php

Switching to PHP 7.1 by default will better insure that our accounts are ready once PHP 5.6 support officially ends.

What does by default mean?

Unlike a lot of software on the server, with PHP we are able to run concurrent versions. We are able to have multiple versions of PHP available for your account to use. Currently we support PHP 5.6, PHP 7.0, and PHP 7.1 – meaning that your account can be using any of these PHP versions.

The term by default simply means that this is the version of PHP your account is using if you have not made any prior PHP version changes. Currently our default version is PHP 5.6. This means that unless you have told us or otherwise made changes to the PHP version on your account, then you are using PHP 5.6 on your account. When we change the default version to PHP 7.1, everybody that was using PHP 5.6 will switch to using PHP 7.1.

Can I continue to use PHP 5.6?

Absolutely! We are not killing support for PHP 5.6, we are merely changing the version of PHP that is assigned by default. All that being said, however, please understand that support for PHP 5.6 will be ending sometime in 2018 – before December 31, 2018. If you are depending on PHP 5.6 for your script, then you need to be making arrangements to upgrade that script or fixing the script to work with PHP 7.1 and later. The people that develop the PHP language will stop supporting PHP 5.6 on December 31, 2018. We cannot provide software that is no longer being supported by its developers on our servers. So you will need to be making arrangements to fix the script before this deadline.

When will you remove PHP 5.6 completely?

That date hasn’t been determined yet. It will be before December 31, 2018, but just when has not been determined. We will probably review our servers during the summer 2018 and see if PHP 5.6 is still being used, if it’s not being used it may be phased out at that time.

Why are you skipping PHP 7.0?

The developers of PHP voted in early 2016 to extend support for PHP 5.6. As a result of this, the lifetime of PHP 5.6 is actually longer than PHP 7.0. For this reason we decided to skip over PHP 7.0 as a default version. PHP 7.0 is still available for you to use if you specifically need it. However, we have found that most updated and actively developed scripts will work just fine with PHP 7.1, essentially making PHP 7.0 a skippable version. Our support for PHP 7.0 will follow our support of PHP 5.6 – we will review it’s usage during the summer 2018 and may phase it out at that time.

What happened to PHP 6.0?

The PHP developers also voted to skip version 6.0 in PHP. When PHP 5.0 was being developed some extensions were proposed to extend PHP, while this was being developed it was often referred to as PHP 6. However those extensions were later adopted into the core PHP 5 code. The general public probably didn’t know much about this developmental PHP 6 code, but there were books released concerning these extensions. The PHP development council voted to call PHP 5’s successor PHP 7 in order to avoid any confusion with the unreleased PHP 6 code base. Essentially PHP 5.6 is the last release of PHP 5 and it’s direct successor was PHP 7.0.

We are scheduling a server migration for September 13, 2017. This migration will affect some of our clients.

This migration is scheduled to start on Wednesday, September 13th at 7PM CDT. The total time to complete the migration is unknown, but we are setting aside 24 hours just to be on the safe side. IMPORTANT TO NOTE: Individual accounts will not be down for the full 24 hours. This migration is done on an account-by-account basis. Your account will likely only be down for 15 to 30 minutes (if that long) at some point in this migration window.

START TIME: Wednesday, September 13 7PM CDT
END TIME: Thursday, September 14 7PM CDT (Estimated)
IMPACT TIME: 15 to 30 minutes per account, perhaps less

This migration will consist of an IP address change. However, if your account is using our nameservers or nameservers we have designated for you, then the IP address will change automatically. This is because the IP change will be made in synch with our DNS servers. If you are not using our nameservers then we cannot make the DNS change for you automatically. We encourage you to use our nameservers or nameservers we have designated for your account for this reason.

If you are using bookmarked links to access your cPanel or Webmail, those links may no longer work after this migration. To access your cPanel and Webmail, it is always best to use the links:

cPanel – http://yourdomain.com/cpanel
Webmail – http://yourdomain.com/webmail

Replacing yourdomain.com with the domain name of the account you want to log into.

To find out if your account is affected by this migration, enter your domain name at:

https://www.amscomputer.com/maintenance091317.php

If you have any questions about this migration you can reply to this message or submit a support ticket at:

http://www.amshelp.com/support

Changes are coming to our servers later this summer. Some of these changes may require you to update the scripts you have on your website.

We will be upgrading the database service on all of our servers starting at the beginning of August 2017. This upgrade is due in part because the current versions have reached or are going to soon reach their end of life. The upgrade should also give a performance increase to scripts and services that utilize the database service.

Quick Summary: If you don’t read this full post, the main take away from this is that you need to insure that all of the scripts on your website are up to date. If you are using old, outdated, and especially end of life’d scripts, then you may encounter problems with this upgrade.

How will this affect you?
The main issue concerning your account in regards to this upgrade is going to be how up to date your scripts are. If the scripts on your website are up to date then you should not notice any change, perhaps a performance boost. If however your scripts are not being kept up to date, then you may experience your website being offline. Keeping your scripts up to date is really just a great idea in and of itself. But if you are using ancient versions of the script, then those versions may not be compatible with the new database server protocols. Extremely old versions of Joomla! are known to have issues with this. Other scripts may also have problems. If you are using plugins, components, addons, or themes tied into the script, you will want to be sure that they are up to date as well.

Newer software, such as this upgraded database service, is meant to provide better performance by optimizing the way it handles data. This means that it can’t continue to support the way older scripts handle data AND bring a performance boost. Continuing to support old and outdated software would result in a performance degradation in the database service. Likewise, new versions of scripts are developed to boost performance and by continuing to use older versions of the script you are being plagued by a performance degradation.

Keeping your scripts up to date, not only helps with the security of your account, but it also helps with the performance of your account.

I don’t want to or can’t update my script
If you can’t update the script on your account, then you need to find out why. If the task of updating the script is too technical, then you may need to hire a qualified professional to update the script for you. If you are unable to update the script because the developer or vendor is not releasing updates, then you probably should consider a different script. There are a lot of website scripts out there. Some are well written and properly maintained by the developer or a team of developers. Many others are poorly written and are never maintained. Avoid using the poorly written and unmaintained scripts.

Not wanting to update the script unfortunately is not a valid excuse. The majority of our client base keeps their scripts up to date. It is not fair to them that they cannot reap the benefits of the performance increase a database service upgrade provides just so the handful of other clients that refuse to keep their scripts up to date can keep their scripts running.

Failing to keep your scripts up to date is a dangerous proposition anyway. Security holes are published for out of date software, this is how abuse and malicious actions can happen on your account and server.

Will there be any downtime associated with this upgrade?
Our intention is to keep downtime to a minimum. There will be some downtime involved in this upgrade, but just how much is unknown. It could be 5 minutes to 2 hours, although our hope and plan is to keep this closer to 5 minutes. We really can’t do this upgrade without incurring at least a small amount of downtime.

When will my account be upgraded?
We can’t provide an exact timeline for that. Our plan is to upgrade a few servers at a time all beginning on August 1, 2017. How many servers can be done per day and how long it is all going to take is really up the air.

What are the technical aspects of this upgrade?
We will be upgrading the database server to MariaDB. MariaDB is a fork of MySQL. Much of the web hosting industry is switching to MariaDB and MariaDB is known to give real performance gains. MariaDB still uses MySQL bindings for scripts and connections, so it’s really a drop in replacement for MySQL. Nothing changes with your database structure. Just the software that maintains that database, currently MySQL, will be switched to MariaDB.

A new version of Joomla! was released last week. This release fixes a huge security hole in Joomla!

Information about these security holes can be found directly from Joomla!’s website:

Joomla! 3.6.4 Released
Revised Assessment of 3.6.4 Security Release

Basically this vulnerability allows anyone to create an administrator user on your Joomla! website. When they have administrator privilege to your site, they can log in and do anything.

You must upgrade your Joomla! script to 3.6.4 as soon as possible!

This point cannot be stressed enough.

If your account is hacked, if someone gains administrative privileges to your web hosting account, they can do anything to your account. YOU MUST UPGRADE TO JOOMLA! 3.6.4 AS SOON AS POSSIBLE!

To update your Joomla! script, log into your administrator dashboard. Click on Components -> Joomla! Update and follow the instructions.

You also need to check for users that may have been added if your Joomla! script has been hacked. To do that click on Users -> User Manager (just click on User Manager)

You will then see a list of Users. We don’t know who all is suppose to be a user and who isn’t. This is something that you need to know. If you find users that shouldn’t be there, then you have been hacked. If you’re hacked, all bets are off. You will need to clean up your user list, removing users that aren’t suppose to be there.

If you find users on here that aren’t suppose to be there, then you have been hacked. If you’ve been hacked, then your account may contain backdoors and other malicious files. If you are hacked, your best course of action is to reset your account because the integrity of your account is now in question. You don’t know what malicious or abusive files may exist on your account.

If you are going to use Joomla! on your website, you need to stay up to date with Joomla! releases. When Joomla! releases a new version you need to update to it, immediately. It doesn’t do you any good if Joomla! releases a new version and you do not update. You have to update the script on your web hosting account to be protected from the security holes that update provides.

Steven
AMS Support