On January 5, 2025, Drupal 7 will sunset, 14 years after its original release. This end of life date has been extended by Drupal because so many users were still on it. In fact, according to a statistic from Web Technology Surveys on November 29, 2023, of all the Drupal sites out there, 47.3% of them are on Drupal 7.
According to a PSA from Drupal, “Drupal 7 official End of Life has been extended to January 5, 2025. This will be the final extension – Drupal 7 will not receive security support after this date.”
End of life in software terms means the version no longer receives feature updates, bug fixes, or security releases. Pay special attention to the part about no more security releases. If a security vulnerability in Drupal 7 is discovered after the end of life date, it may be made public. You will not be able to update your site to protect against the issue and hackers could gain access to your site.
Drupal is an open-source Content Management System (CMS), meaning it’s a source code open to the public and that code is free to use by anyone. Due to its open-source nature, there is a large developer community that contributes to Drupal as well as offers support. But it also means that once Drupal itself is not supporting and releasing updates on a version, security vulnerabilities arise.
What Happens to a Drupal 7 Website Past End of Life?
It is critically important that a website running on Drupal 7 is updated to a newer Drupal version, or a different CMS, prior to the end of life date. After January 5, 2025, bad things could start happening to a site that is left alone. That’s because after end of life the Drupal Security Team will no longer provide support or Security Advisories for Drupal 7 core, or contributed modules and themes. There will be hackers waiting to exploit those who do not take care of their site prior to end of life. Security issues and vulnerabilities may be made public, and a “zero-day exploit” could occur. A zero-day exploit is a vulnerability in a computer system that was previously unknown to its developers or anyone capable of mitigating it (source: Wikipedia). It’s called a zero-day exploit or zero-day attack.
Plan Your Site Migration Now
If your website is on Drupal 7, you have two options before the end of life of the version: you can update to Drupal 10 or move your website to another CMS such as WordPress. You have a little over a year to do this, but you will need to make that decision sooner than later to plan and prepare your update with your web partner. Learn about Drupal 10.
Now is a good time to factor website migration into your 2024 budget. Migration to a new CMS can come with unexpected tasks, so be sure to consult a trusted web partner to understand the full scope if you go in that direction.
While you are preparing for migration it’s also a great time to consider if your content strategy is working for you and your company. You may want to revisit your content strategy and update it along with your new site.
Drupal is allowing plenty of time and grace for those still on Drupal 7. But the end of life for this version is for real this time—ensure you’re ready with a plan to migrate your site and tackle any issues that come up along the way.