Since the long awaited Drupal 8 came out, Drupal 6 reached its end of life (at the end of Feb 2016). Up until now, In order to keep Drupal 6 websites secure, the only choice was to upgrade any Drupal 6 (or Drupal 5) site to the supported version, either Drupal 7 or Drupal 8. However, as outlined and well reasoned in this article, you may want to wait and don't upgrade to Drupal 7 or 8 as yet.
Virtual Just in Time Patching
In our past article, we outlined how VJITP (Virtual Just in Time Patching) works. Briefly, the VJITP is a set of security rules that run in the web server layer (Apache) and monitor any traffic entering of leaving the server. In the case a known attack pattern is detected, it blocks the connection attempt in the server firewall. Repeated offenders keep blocked by the firewall for a longer period of time.
The set of rules in the VJITP system combines all known security vulnerabilities of Drupal 5 and Drupal 6 (along with any other version of Drupal, WordPress, Joomla and other CMSs) and prevents malicious traffic from hitting your website. The VJITP security system covers a wider range of attacks and attack vectors and is not limited to specific vendor or version of CMS. The rules update hourly so that newly announced vulnerabilities are covered by the VJITP protection.
Drupal 6 Long Term Support
Our long term experience in reliable protection of outdated CMSs and applications includes Drupal 5, Drupal 6, Joomla 1.5 and many others. Having the VJITP system in place, we announce an LTS (Long Term Support) program for Drupal 5 and Drupal 6. As long as your website is running on our hosting platform as a Managed Hosting service, or EOL cPanel with Account Shield add-on, your end-of-life Drupal CMS stays fully protected against any current and future vulnerabilities. The VJITP system is significantly more reliable security for your website compared to security patching alone and is highly recommended to companies that require the highest level of protection to their online data.
The VJITP system protects your entire website on the server level. It allows you to keep your end-of-life CMS online, or patch your current version of CMS at a convenient time.