CiviCRM on Drupal 7: Are You Prepared for End-of-Life? January 7, 2025 by Paul Keogan Thinking in: CMS/Websites, Non Profit Tips Have you prepared for Drupal 7 EOL? Security updates for Drupal 7 are no longer being released due to end-of-life after January 5th, 2025. It’s crucial to understand your options and take action to ensure your CiviCRM on Drupal 7 has updated security and functionality. Your site could soon become vulnerable to threats and potentially face compatibility issues. Uh-Oh! We’re Running CiviCRM on Drupal 7. Now what? You have options! Organizations running CiviCRM on Drupal 7 can still take action. Of course, transitioning to platforms like Drupal 10, Backdrop, or WordPress will give you access to the latest features, performance improvements, and security updates. There are other solutions to consider, but understand they are somewhat short-term.Extended support allows your organization to migrate away from Drupal 7 at your own pace, you may need an adjustment to limitations compared to the official support available during Drupal 7’s active development phase. What Are My Options for Moving Forward? Contact a CiviCRM partner who can lead this effort for you. Work with an extended release service provider that offers extended security updates for Drupal Core and any (non custom) module as they are released. You’ll update Drupal just as you did in the past. Utilize a hosting provider that works with one of those service providers. CiviCRM partners As a CiviCRM partner, we collaborate with Extended Release Service providers and hosting services as described below. We can guide you through the steps or even take the lead for your organization and do it for you. Extended Release Service Providers: There are a few certified vendors vetted by the Drupal Association who will provide security support from here. These firms will provide security updates for Drupal Core and any (non custom) module as they are released. You’ll update Drupal just as you did in the past. This is the Extended Security Support Provider Program and vendors include: Tag1, HeroDevs, and DropSolid. We recommend Tag1 due to its low cost, monthly plan option, and simplicity. Tag1 also provides this service to major hosting providers like Pantheon. You should investigate yourself. These firms also provide premium plans at much higher cost where they will apply all the updates for you. Hosting providers providing Extended Release Pantheon and Aquia (and likely more) have contracted with vendors from the Extended Security Support Provider Program to provide this support as well. Although Pantheon is our preferred Drupal hosting provider, we don’t use it for sites with CiviCRM because of limitations and complications that I won’t get into here. However if your site is hosted on Pantheon they will provide security updates from Tag1 at no charge. You’ll update Drupal/CiviCRM just as you did in the past. Important Note: To utilize any of these extended support options, your site must be running the latest version of Drupal, and all contributed modules should be current. If your site hasn’t been regularly updated, this could present some challenges. Take the Next Step Regardless of whether you migrate away from Drupal 7 or choose a short-term solution to stay a little longer, you do need to take action ASAP. You will likely start seeing problems due to end-of-life this year (or even in a few months). It’s time to make a plan and take action. Of course we are always here to help. Our experienced CiviCRM and Drupal team is at the ready. Email support or contact us to get started. Share via: Facebook Twitter LinkedIn
