2nd Dec 2019

Drupal 7 "end of life", and what you should do about it

You might already have heard that version 7 of the popular enterprise content management system, Drupal, is reaching "end of life" in November 2021 (Update June 2020: now extended to November 2022 as a result of COVID-19). If your website is using Drupal 7, you might now be wondering what this means for you and your organisation, and what you should do next. Don't worry, we're here to allay your fears and help you to plan.

First things first: what does "end of life" mean?

In order to continually innovate and to provide best in class software, members of the Drupal community add new features and improvements to Drupal code day after day. Drupal project maintainers package the improvements into sets of well-tested improvements called "releases" which have a specific version number and a set of known new or updated features.  

Upgrade releases are carefully planned, with each new version of Drupal having a "major" and a "minor" release number. The major number is consistent across all releases, and the "minor" number is increased by one for each new release. So with 72 releases under its belt, Drupal 7 is now at version 7.72. These minor releases should be regularly incorporated into your website as part of a healthy development programme, but much of the time your website developers should do this without you needing to be involved. We offer this as part of our own Drupal Development services.

Periodically, planned new features will be significant enough to warrant a "major" release.  This typically means that the changes are no longer compatible with previous versions, and so significant upgrading and testing might be needed. At that point, the "major" version number of Drupal will also be incremented, e.g. from 7 to 8 or from 8 to 9.

When a new major version of Drupal is released, some early-adopters will begin upgrading their websites to it right away. But most organisations need to be sure of the stability of the latest version, and will wait 12, 18 or even 24 months before finalising the upgrade process. After some years more users will be making use of the new features and there will be fewer users on the older versions.

Drupal, like other open source projects, has an excellent security team that continually tests the software for vulnerabilities that might allow hackers or other bad actors to take control of your website, or steal your critical data. Open source software is widely regarded as more secure than "closed source" software, and it makes sense: communities are stronger when they share, and with open source software you have more people involved in finding, sharing, and fixing vulnerabilities. 

You can read more about Drupal and open source security in our other blog post 'Is free software like drupal as secure as non-free software'.

Hard-working as they are, the security team can only do so much. As software ages, it becomes harder to maintain it, and with fewer users actively using the software, it becomes less cost-effective to invest the security team's resources in older versions. 

At some point, the security team need to stop testing and fixing security issues in previous versions of Drupal. And that is the point where the older version is in a state called "end of life".

So it's end of life. Why does that matter?

Outdated software is a significant factor in data breaches according to web security experts, so it's important to keep your software up to date if you want to keep the bad guys away from your customer's sensitive data.

When Drupal 7 moves to "End of life" on November 2021, it will no longer receive regular security updates. This means that when issues are found, they will not be quickly fixed by the community, and unless you have a way to maintain the software yourself, your website and your organisation will be at a greater risk.

You've convinced me. What should I do?

Don't panic! There's plenty of time to upgrade or rebuild your website before November 2022, but it is important that you start your planning process soon. A website is very often a critical sales and marketing tool for an organisation, and you need to treat it with the importance it deserves. By giving yourself 12 or 18 months to plan and act you will ensure a successful project that gives you a good return on your investment, however much you decide to do.

We're recommending that our clients start to act now, in one of three ways:

  1. Do nothing. Not really a great option, but you could continue to maintain the D7 site after it is "end of life". There are challenges here - not least in keeping the site secure. There are likely to be organisations that will continue to offer Drupal 7 support beyond November 2022, but expect to pay around £2,000 - £3,000 per month depending on the complexity of your website. Remember, this is just to keep it secure, not to improve it!
  2. Upgrade to Drupal 8 or 9 but with the same features you have now. This will give you lots of SEO, speed, security and usability improvements over Drupal 7, and in a platform that has a clear product roadmap. You should expect to pay around 50-75% of the original build cost of your website as a one-off fee to move it to Drupal 8/9.
  3. Replace with a brand new website, either with Drupal 8/9, or with something different. This would be a full redesign and rebuild of the site in Drupal or another technology. You'd have complete control over features and look-and-feel, and could choose how much to invest. 

If you'd like to delve further into the Drupal 8 or Drupal 9 options we'd suggested reading Drupal 8 or 9 - which should you upgrade to?

How should you decide?

There is no "one size fits all" in this game. What you should do will depend on how well your website is working now, what your ambitions are for the future, and what you're willing to invest - both financially and in time and energy.

Firstly, talk to your web developers, or if you want some independent recommendations you can talk to us. With their help, you should be asking yourself the following questions:

Does the site still meet your needs? What will you need in 3-5 years time?

The first step in the process will be to consider what the website needs to do for you now. Is the current set of features fit for purpose, and what if anything would you like to change? A full audit of the existing website platform, features, design and users will help you to identify what you need to maintain, update, replace or remove. 

Consider the technology

Drupal is an excellent choice for you. It's fast, secure, easy to extend and maintain, integrates with SSO and is a technology that is widely used by successful organisations. Drupal 8 and 9 are faster, more secure, and easier to maintain.

But Drupal is not the only choice, and it would be worth considering how different technology might benefit from you. We can help you to objectively review other options to identify the best choice for you.

You should also consider the website hosting environment. Is it reliable, fast, well supported and secure? Can you easily upgrade it should your website become more successful?

Consider the design

This is an ideal time to review the User Experience and User Interface, including with your real users to check that the site is still working well for them. Here's how we approach visual design

Review your content and search engine optimisation (SEO)

Which pages will remain, which needs to be updated, and which should be removed. What is the impact on SEO of any site or content changes, and what strategies should be put in place to ensure that the new website is at least as successful on Google searches?

Agree a budget, and success criteria

A website upgrade or rebuild can mean a significant investment, and you'll need to decide how much you're able to spend and what you expect in return. 

Our team can help you to plan the next evolution of your online publishing platform. For a frank, no-obligation discussion about your options, give us a call.

Related blog posts