As all Joomla 1.5 users should be aware, long term support by the Joomla development team of J1.5 finished in April 2012. Security support for this version ceased following the release of J3.0 in September 2012.
The official Joomla situation has been published in the J1.5 security forum: http://forum.joomla.org/viewtopic.php?f=432&t=726763#p2834821
It is impossible to really say how secure a J1.5.26 website is, as the majority of sites will contain third party plugins, modules or components, most, if not all of which will not receive any updates after September. Security issues arising from those extensions are not likely to be fixed. Many old J1.5 extensions have already been removed from the JED, in most cases they are replaced by versions for J2.5
If you are using VirtueMart 2 on J1.5 then It is advised now to upgrade to Joomla to 2.5, as the VM2 code now (from VM2.0.14) uses Joomla 2.5 specific code and so may not run properly on J1.5. We only test it on Joomla 2.5.VirtueMart 1.1With the end of Joomla 1.5, support has been withdrawn from VirtueMart 1.1
(last version was 1.1.9). It will not be removed yet, but remaining user support on the forum will be left to those still using this version. http://virtuemart.net/news/list-all-news/426-end-of-life-for-virtuemart-11-heidelpay-now-in-virtuemart-2012
VirtueMart 1.1.9 was the last official release of the 1.1 series (all VM versions before 1.1.8 have known security issues
). All development work is now directed to VirtueMart 2 http://forum.virtuemart.net/index.php?topic=103629.0
VirtueMart 2.0.12 is stable on Joomla 2.5.7
So if you have an existing Joomla 1.5.26 installation with VirtueMart 1.1.9 and the site is working OK, then what should you do. Obviously the "correct" advice is to upgrade/migrate in the next few weeks if not done already, but not everyone will want to do that unless absolutely necessary.
How can you protect your site for the future if you don't want to migrate/upgrade? Before doing anything else make sure you have got copies of the install packages for J1.5.26, VM1.1.9 and for any other extension you are using. It is likely that install packages for J1.5 and possibly extensions for 1.5 will be removed from the Joomla system and the JED (added - the 1.5 install packages have now been removed from Joomla's download page).
Then make sure you have at least one working backup copy of your site and regularly make backups. This can be automated using Akeeba. https://www.akeebabackup.com/documentation/akeeba-backup-documentation/automating-your-backup.html
But see the statement on the Akeeba website: "Users on Joomla! 1.5 will receive courtesy limited support until October 1st, 2012"
If your site should be hacked then at least you will have a backup to put into use, but getting help to study and prevent further hacks may be difficult. The joomla.org support forum will probably continue in existence, as has the Joomla 1.0 forum. This will be the place to go if your J1.5 site does get hacked. Similarly the VM1.1 forum will continue, but with fewer 1.5/1.1 users now these sections have already become less active. You will be relying on your peers to provide help.
At some stage J1.5/VM1.1.9 will cease to work properly because of server updates. Host PHP version upgrades have already caused problems for some users and the finding that scripts run several times faster on PHP5.4 when compared to 5.3 may lead to pressure on hosts to update at least to that version. PHP6 is already 2 years old - and will not support these old websites.
There are many thousands of J1.5/VM1.1 sites on the web today. The vast majority of those site owners will have no idea of possible forthcoming problems. Hopefully there won't be any problems, but at least VirtueMart forum users can attempt to mitigate any loss of site/income.
A temporary solution for VM1.1.9 users may be to try the unofficial release, VM1.2 which is like 1.1.9 but will install in Joomla 2.5 - http://forum.virtuemart.net/index.php?topic=99339.0
- this version is not supported within this forum.