Top Ten Joomla Security Issues

Here we've listed the ten most likely ways your Joomla website will get hacked. How many of them could catch you out? Here are numbers ten to six:

#10 Cheap Joomla Hosting

Why would you go for the cheapest hosting provider you can find?

Cheap or low cost hosting providers use shared servers that can host up to 1,000 websites. Shared hosting by itself is not bad, but if you pay the minimum for your hosting you know it will not be configured for optimal speed or security.

Cheap hosting is sold as a lead generator

When something goes wrong - and it will - the hosting company will do nothing to help and will do everything to up-sell you to a more expensive package that they claim is more secure - which isn't, it is on the same server but you pay more for nothing extra. For optimum security, smaller hosting providers like ourselves offer the best Joomla hosting packages.

#9 Joomla And Server Login Details Taken From Infected Computers

Malware, Spyware and other computer infections once accounted for a significant proportion of website hacks. People's awareness of viruses and better quality antivirus has reduce this form of hacking, however it does still happen and we have seen incidents of this recently.

Run regular full system scans against all machines that are used to access your website, be careful / vigilant when browsing the Internet and opening emails. Don't risk your businesses reputation, keep your computers clean and free from infections with the added benefit of helping to keep your website clean.

If you are concerned about your website's security or believe you might have already fallen foul to hackers, do not hesitate to get in touch.

#8 No Security Measures For A Joomla Website

Database prefix, super admin id, upload limits, hot linking, blocking terms in URLs, block all SQL injections, etc, etc.

Some of these are basic, some are complicated and should be done by a Joomla professional. From my point of view if your are a serious business and you've not implemented these and other Joomla security measures, you are begging to be hacked and made a fool of. Your website is your online shop window, defacement, spam emails in your name, outbound links to porn sites, user information taken and used, etc.

Falling prey to hackers damages your businesses reputation and costs far more than the costs of cleanup - which in turn cost far more than the cost of prevention. I'm not scaremongering I see it every day, and funnily enough it's never ourselves.

Keeping on top of your website will save you money should something go wrong, a recent large hacking incident set someone back over £2,600 for the de-hack and a further £480 to seal other weaknesses. They needed to retrieve their user's information no matter what, and keep an online presence throughout. With our expert Joomla security measures none of this would have happened. A £350 Joomla security audit would have shown all the potential issues and pointed out how to fix and seal the cracks. A further £360 would have paid for us to do the necessary follow-up work - this would have prevented the hack and also fixed other weaknesses that the site audit highlighted.

#7 Old Unused Joomla Extensions In Your Site

This is obvious, if you are no longer using old extensions or you've installed something and never used it, delete it. This can only cause you trouble and offer nothing positive in return. Hackers hook onto vulnerable files within your site's webspace. The fact you've never published a page using a certain component doesn't stop the hacker crafting a malicious request for it.

If you aren't using it - you won't be updating it. If it is old - it is probably vulnerable. If it is vulnerable and inside your filespace the hackers will find it and exploit it.

Remove it now - save yourself a world of pain.

#6 Badly Coded Third Party Joomla Extensions

I've seen some that query the database with parameters passed straight from the URL. This means someone could type a piece of code into a URL bar on a browser and access your database. These badly coded add-ons get reported to the Joomla Extensions Directory (JED) and removed, unfortunately people will have already downloaded them and started using them.

There are websites that list extensions with known issues, if you are serious about your website's security and that of your users, you should check on all, of your third party extensions. Try a site such as Exploit DB and search for Joomla - see if components you are using are listed. Check back frequently and stay informed.

The next page lists the five most common Joomla security issues.

Top 5 Joomla Security Issues


© Copyright 2002-2016
Dean Marshall Consultancy Ltd - all rights reserved
Registered in England and Wales, Company number 6615299
A team of professional developers specialising in custom Joomla development

Dean Marshall Consultancy - a Member of W3C Sites XHTML valid website valid CSS website design WAI conformant website design

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. This site is not affiliated with, or endorsed by, Open Source Matters or the Joomla! Project.