Future proofing my moodle sites

Future proofing my moodle sites

by James Brown -
Number of replies: 6

Hi, 

I am maintaining a few learning sites which are based on Moodle 2.6.11; so far so good and for various reasons the sites won't be able to upgrade to newer Moodle versions in the near future.

Is there anything I should do to future proofing my sites? Hopefully this is not unrealistic. 

James

(FYI, the moodle sites have been in use for nearly 3 years and experienced no problem. Throughout this period, the ISP who hosts the sites had upgraded its server, PHP version, ... etc without bothering me at all.)


Average of ratings: -
In reply to James Brown

Re: Future proofing my moodle sites

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Sure, by fixing whatever it is that's stopping you upgrading wink

Being in a position were you cannot upgrade is living dangerously. Chances are that you are running with known security issues and what happens if you encounter a "show stopper" bug that is fixed in a newer version?

Even security fixes for the 2.6 branch ceased nearly two years ago. It's not a position I would like to be in. 

If you explain what the problems are we may be able to provide some useful suggestions. 

Average of ratings: -
In reply to Howard Miller

Future proofing my moodle sites

by James Brown -

My job is focusing on the teaching and learning sides of the sites (eg. course materials are pedagogically sound, course content aligns with curriculum guidelines issued by the ministry of education, etc) and I have little say on the on site admin aspects. Whenever I raise up the upgrading matter to those responsible, they always have excuses to say no.

Can you elaborate a bit more on 'security issues'? Is that mean the copy of the moodle 2.6 we use can be easily hacked and sensitive information (say the personal information of the enrolled students, their marks, ... etc) would be stolen? or some other more serious problems?

Sorry, I don't know what a 'show stopper bug' is. What would happen if our moodle site is infected by this bug?


Average of ratings: -
In reply to James Brown

Re: Future proofing my moodle sites

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

It would be wrong of me to overstate the case, but minor (and very occasionally, major) security issues are found quite regularly in Moodle (and any software) and are fixed and released in the next version. Depending on how you use Moodle some may leave you open to hacking etc., many will not. However, you don't really know. What you do know is that you have (at least) two years worth of fixes that you don't have in your current site. 

By 'show stopper' (sorry - local vernacular presumably). I mean a bug that prevents you working in some way. Like security fixes, there will have been hundreds of bug fixes and improvements in code you don't have. You don't care until the day you do... something breaks. Sooner or later, the server will be upgraded to the point that your Moodle site no longer runs. 

I would caution anybody to be in a position were upgrading Moodle regularly is not a big deal. Some IT departments are so risk averse that they will not upgrade software because "it's working fine". My opinion is that they are not doing their jobs properly. 

All just my $00.02 of course. 

Average of ratings: Useful (3)
In reply to Howard Miller

Re: Future proofing my moodle sites

by ben reynolds -

James,

When Moodle finds a security issue, it fixes it in the next release. It waits one week, then announces to the world what those security issues are. I know this because we were stuck on 1.9 way beyond that version's life. When IT discovered that security issues are released to the world, they immediately began plans to upgrade.

We are now on 2.9+ with plans to get to 3.1 which is a long term support version (3 years vs. most versions' 1.5 years).

Another good reason to upgrade is that 3.2 focuses on user interface, which is much improved, and accessibility.

Average of ratings: Useful (1)
In reply to ben reynolds

Future proofing my moodle sites

by James Brown -

Thanks for all the feedback, now I have stronger arguments to discuss this matter to the IT guys. Cheers James

Average of ratings: -
In reply to James Brown

Re: Future proofing my moodle sites

by Mark Sharp -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers

I inherited a Moodle 1.9 some years ago that needed to be upgraded to 2.6 (then the latest version). The main issue I had was that core Moodle and community plugins had been modified. So, find out if there's been any silly business going on with the code. 

If you want to future proof your site, and if you want/need to change functionality either do it through settings, your own plugins or through the theme. There are plenty of settings or permissions, or classes you can override to do what you'll need. It can harder work than changing core code, but you'll thank yourself for it later.


Average of ratings: Useful (1)