Comparison of the upgrade methods used in Joomla, WordPress and Drupal
Popular content management systems require updating from time to time. Sometimes this is for new features, often because a security loophole needs patching. In this article we’re not going to look at which CMS most often requires updates, but at the upgrade procedure itself. How easy is it, are the instructions clear and easy to follow, what the potential problems, and what can you do if something goes wrong? At the time of writing new major versions of Drupal (7.0) and Joomla (1.6) have been released and no updates have yet been produced for these releases. We therefore concentrate on the older versions, which run the vast majority of existing sites.
Upgrades are done in the form of patch files, downloadable in zip, tar.gz, or tar.bz2 format from the Joomla download site. These must be copied to the server running your website.
You find out what version of Joomla you are running (available in the administrator section top right), then download the appropriate package to update your specific version to the latest release.
The files are named in a special format so it’s easy to get the correct one – for example: Joomla_1.5.21_to_1.5.22-Stable-Patch_Package. Older updates can be found on the JoomlaCode site. NOTE: Since this article was written, Joomla have changed their system. Now they only publish ‘latest to new’ and full version…That is valid for all versions. So there are now two files only. One which is a patch from the last but one version, the other is a full update from any older version to the latest. Download from the JoomlaCode website.
Step by Step instructions can be viewed online at the JoomlaDocs Wiki site. Backing up is mentioned, as is testing, though no detailed instructions on how to do this are provided.
Joomla provides just the changed or new files – so the patch packages are small, and it’s easier to see what files will be overwritten (in case you have modified any core Joomla files).
2 methods of applying the patches are described – either unpacking the patch on your local computer then copying up to your server by FTP, or unzipping directly on the server using a terminal session. Instructions for both methods are detailed and clear.
The first thing the Drupal upgrade page tells you about is the difference between major and minor versions, as unlike WordPress (and until recently Joomla) there are several versions of Drupal that are being maintained – Drupal 5 (being discontinued), Drupal 6 and Drupal 7. The procedure used for updating within a particular version are different according to which major version of Drupal is in use.
Drupal 7 offers updating from within your website. From within the administration Update Manager, a list of updates are shown, from which you can select all or specific modules. You then provide FTP or SSH details and Drupal will download and install the patches.
There are similar methods available for Drupal 6 and 5, but these are via add-on modules – so these would need to be installed first.
The procedure for updating manually is quite involved and we don’t intend to repeat all the (14) steps required. In summary, you install a complete new fresh set of Drupal files (not database), then copy back your own files. No detailed instructions on backing up are provided in the upgrade text file.
The official upgrade instructions are in the Drupal download (UPGRADE.txt), rather than online. However there are tutorials available. One tutorial describes updating using patch files but this should only be attempted by experts and with full backups taken. Backups are described in another online document.
Updates to WordPress can be done in two ways – either from within the website administration interface, or by uploading to the server. In both cases, the entire WordPress installation is overwritten, but content added by the user is safe as it’s in seperate folders. The WordPress installation files do not include the default settings file, so there is normally no need to make any special precautions before upgrading, unless core WordPress files (or the included theme and plugins) have been modified. Backups of site files and databases are still strongly advised, and the online updater warns of this.
Logging in to the WordPress admin section will alert you to new versions, as well as the version you are currently running. A mailing list can also be used to get notifications of new releases.
An online step by step guide for both upgrade methods clearly describe what to do. Instructions for making backups are shown too. As with most WordPress documentation, these are well written and easy to understand. The online updater downloads a copy of the WordPress installation, unpacks and then overwrites the core WordPress site. A similar procedure applies to plugins and themes which makes it very easy to keep all parts of a site updated.
Getting information on updates.
Joomla does not list updates on it’s home page. Your must first click the “download 1.5” link (Joomla 1.6 has no updates at the time of writing), then from the download page there is the most recent patch, and links to the others. There is also a email signup form so you can get notices by email when a patch is released.
Drupal does not list updates on the home page. From the download page I went to the Installation Guide, and at the bottom of this page is a link to upgrading from previous versions.
Most Drupal versions have the ability to warn you of updates when you login (as admin), plus a variety of push notifications can be configured from the Drupal Security page.
WordPress does mention updates on its home page in the form of news from the developers blog. From the home page, or the downloads page. From here the files can be downloaded in zip or tar.gz format, and instructions for upgrading are linked too. When you login to a WordPress site, a clear notice is shown if the running version is out of date.
Extensions and Themes
As mentioned in the last section, the WordPress updater warns and provides a mechanism for updating plugins and themes from within the site. It also allows you to download the files in case you need to make a backup of any modified files.
Drupal’s built in checker will notify of module updates and the latest Drupal 7 update manager will take care of updating them too. Each package for a module or theme should contain an upgrade text file with instructions if you wish to manually upgrade.
Joomla has not historically had any update checking for extensions and themes. Sometimes these are provided within the extension (but not possible for themes), and there are third-party attempts to provide this. The new version of Joomla (1.6) addresses this with an checker for add-ons.
Joomla, Drupal and WordPress all have established methods to provide updates for both security fixes and new features. They alert you when you login as admin, and you can sign up for notices by email and other methods. They all take security extremely seriously and fixes are provided quickly and in the main trouble free.
For ease of use, we would choose WordPress as the easiest to update, thanks to it’s ‘automatic’ installer. The term automatic is used by WordPress but it is still a manual process. No CMS we looked at here actually updates itself without intervention by an administrator.
The WordPress and Drupal methods allow for removal of files, but the Joomla patch method does not – if any files needed to removed they would need to be done manually.
For speed, Joomla is probably the quickest to update, as only changed files are required. If you’ve modified the original files, the patch method allows you to check if the changes will overwrite anything you’ve done. With WordPress and Drupal this is much harder to do, as you cannot tell which files are simply copies of the previous release, and which are new.
WordPress, Drupal 7 and Joomla 1.6 have built in updaters and this is certainly the easiest method for most users. The Joomla 1.6 updater seems to apply only to extensions and not the core. However as at the time of writing this article, neither version has any updates, so we will review these in a future item.