November 2, 2021, was the "expiration date" of Drupal 8. This occasion was easy to overlook as it was obscured by the present for entrepreneurs who have websites on Drupal 7: the community will keep an eye on their websites till January 5, 2025.
→ This post is about an older version of Drupal. It can still be helpful to you but you can also check out our latest article about Drupal 10.
Should I use Drupal 7 or 8?
How did it happen that a 10-year-old version turned out to be more viable than a newer one? First of all, Drupal 8 and PHP framework Symfony 3 have a joint code base. Support for Symfony 3 ended in November 2021, which meant that Drupal 8 was to be abandoned as well.
Secondly, Drupal 7 gets the core and security updates for free from the Drupal development team who have decided to save entrepreneurs from the costly trouble of migrating to a newer version as the business has already incurred losses from the pandemic.
Drupal 8 EOL
In a sense, Drupal 8 has become a breakthrough product. Integration with Symfony allowed developers to use the principles of OOP in their work, and embedding the PHP package manager Composer into the core made it easier to download and update files and dependencies in the core and add modules and themes. Drupal 9 has inherited these changes and offers a lot of new modifications. Its development is driven by the main resources of developers who will certainly say “There’s no time to explain, migrate your website immediately!” It makes sense to listen to their advice because even Acquia, Dries Buytaert’s company, has discontinued the support of Drupal 8.
However, let’s consider why putting off migration and leaving your website to run on Drupal 8 is a risk not worth taking.
This part of Drupal core usage statistics demonstrates that the wave of website migration to Drupal 9 is rising with every month.
Drupal 8 security issues
New major versions of software products appear in response to technological progress and design trends. I doubt that you use phones running on Android versions 4 to 8 as they are outdated and non-secure. Security is the main reason for Drupal updates.
Software vulnerabilities make it possible for hackers to use your website for their purposes. As you may guess, these purposes are most insidious. Imagine that an anonymous person controls the server that hosts your website. Or gets administrator privileges in the web app through a vulnerability in the JavaScript library JQuery. Or inserts a JavaScript code on your website to disrupt the website display or mine cryptocurrency, depending on the hacker’s sophistication.
These are not made-up scenarios but examples of real vulnerabilities detected by Drupal developers. After the vulnerability is detected, they change the core code and write a release note for a new minor core version with a patch to which you need to update the website to avoid issues.
The versions whose EOL is approaching do not receive security updates even for critical vulnerabilities. Modules extending the functionality of your website also become vulnerable to the actions of unauthorized persons. Searching for hosting and integration with third-party applications will also involve problems as the websites will be marked as non-secure for them.
Benefits of Drupal 9
Meanwhile, the community is focusing its resources on improving the current versions of Drupal. What makes Drupal 9 so good? Here are just some of its features:
- Improved development experience with Layout Builder and architecture based on the API-first principle (yes, all these features already made developers happy in Drupal 8 and have descended to the successor). At the same time, developers enjoy the opportunity to create websites based on the decoupled Drupal principle that suggests the separate operations of the Drupal part responsible for generating and displaying information for the user and the part dealing with data storage. We discussed the advantages of decoupled Drupal in our post devoted to the development of an online store on Drupal.
- In the future, upgrading to new CMS versions will be even easier than migrating from Drupal 8 to Drupal 9.
- Developers will add new functionality to Drupal 9 twice a year.
- If you have little time to launch your website, such distribution kits as Rain CMS will accelerate its development.
How much does migration to Drupal 9 cost?
This question is incorrect as such tasks are not estimated out of thin air. It would be much better to ask what affects the duration and budget of migration to Drupal 9. Even though migration from Drupal 8 to Drupal 9 essentially boils down to the update of Drupal itself, there’s always a chance that the website will have a contributed module nobody takes care of and which is incompatible with Drupal 9. And what if a considerable part of the website functionality is hinged on this module? In this case, it will be necessary to either replace it or ensure compatibility with Drupal 9 using your own resources. Besides, modules might be using custom code that calls obsolete functions or methods. During migration, such code is deleted immediately and needs reworking.
Thus, when it comes to Drupal 8, the duration of migration depends on the core (the more recent the version of Drupal 8 is, the easier the process), contributed modules, and custom code.
Migration from Drupal 7 to Drupal 9 can be considered a brand-new effort altogether.
So be ready – it will be expensive. Nevertheless, you can make a special effort and create the same website structure. In case the layout fully coincides, CSS rewriting won’t be necessary (or will be minimal). However, it’s still an open question whether it’s quicker to code a website from scratch or try and adapt the styles.
Are there ways to save on migration?
It’s pretty normal to bring up this issue. In the first place, the potential for saving depends on the core you are migrating from. If it’s Drupal 8, you maintain the website and take care of updates, the common code base of these versions will make the migration fast and cost-effective. The owners of Drupal 7 websites, on the other hand, will face more troubles, as we mentioned above.
In the previous chapter, we discussed modules that are becoming obsolete and are not compatible with Drupal 9. Here you have another chance to save: if the website functionality is based on such modules, how necessary is it? And is it necessary at all, if it depends on a large chunk of custom code? Preparation for migration is the time to think over the website concept and your business model so that you could change something.
Conduct a website audit before migrating
An audit for a website is the same as a medical checkup for a person. It’s necessary to check what works well and what needs preventive care and treatment. The audit of Drupal websites deals mainly with two aspects: contributed modules and custom code.
Contributed modules
Before migrating the website, check whether such modules have a version supporting Drupal 9. If not, look for a patch or try to get it fixed on your own. If it doesn’t work, too, consider alternatives. As a rule, popular contributed modules are already adapted to Drupal 9 and if your website operates based on a certain module that is not supported yet, this will become the main problem.
Custom code
You need to check if it is adapted to Drupal 9. Additionally, it’s important to know that some jQuery libraries were removed from or replaced in Drupal 9. Thus, jquery.cookie was replaced with js.cookie, and if it’s used in the custom code for modules or themes, this should be taken into account. Some jQuery UI libraries were also removed from the core: now you have to install them as individual contributed modules.
How can you make the audit easier? Use the Upgrade Status module. It will give you a comprehensive answer regarding migration to Drupal 9 by showing which modules are compatible and which of them need updating, whether there are any issues with the custom code, etc. Another way to keep the modules up to date is to hire a professional web development team. Let them do what they are best at, and focus on the business.
Conclusion
Support for Drupal 8 has come to an end. Every website running on an unsupported Drupal version is a potential source of malicious code both you and your clients may suffer from.
If you are not planning on ceasing your business operations, find a web studio without delay to migrate your website to Drupal 9. Be sure to discuss the audit to remove non-functional code and unsupported modules from your website before migration.
More articles on Drupal
➜ Custom Drupal-to-Drupal migration
➜ Symfony components in Drupal 8 core
➜ OOP in Drupal 8 and how to use it to create a custom module
