The best things in life are free, and Joomla is no exception. But as with all open-source frameworks, you must be even more wary of security breaches.
With over 35 million downloads, Joomla is now second only to WordPress in the Content Management System (CMS) market. Approximately 3.2% of all websites use Joomla’s flexible structure and diversity of features. Its ease of use makes it an attractive CMS for all kinds of websites including government, restaurants, and businesses, just to name a few.
On Joomla, everyone can contribute; this freedom lies at the heart of open-source philosophy. While open-source provides the ideal landscape for innovation, it also remains vulnerable to hackers and problematic extensions.
Even if security isn’t your specialty, that is no excuse not to protect your Joomla site. Let’s look at typical attacks on Joomla sites, and the preventative measures to keep your site running at full strength.
Common Security Vulnerabilities in Joomla and How to Protect Against Them
Hackers will often go to the jos_users table to steal administrator passwords.
Solution: Change your database prefix to something only you will recognize. Warning: only do this when you are installing your Joomla website, and not after (this will break your site).
Most security breaches only exist within a specific version of Joomla.
Solution: Remove the version number of all of your extensions. Here is a guide to walk you through the steps.
Old Joomla framework and Extensions
Letting your old extensions gather dust is more than inefficient, it’s a security issue. Most problems in Joomla are resolved in later versions.
Solution: Keep Joomla and your extensions up to date. In fact, hackers tend to take advantage of old Joomla extensions more than the core files.
These are some of the most common issues involved with Joomla, but this list is by no means exhaustive. The most effective way to protect your Joomla site is to hire a third party security company. Some security firms offer services specifically for Joomla. Incapsula, for example, offers custom Joomla security plugin, along with its CDN based website performance enhancement features.
If You Do Get Hacked…
The best course of action is to reset your website to an earlier backup. Backup early and often! Use .htaccess to go offline, and from there put a password protect on the most important folders on your site. Even then, you should be mindful of the possibility that your site and your backups contain well masked malicious backdoor shell files, which could be used for repeat abuse – even after the recovery process. Detecting such backdoor methods requires dedicated security solutions, like the one offered by the extension mentioned above or by similar security services.
Using an open source CMS comes with its risks. Don’t let these warnings discourage you from using Joomla for your site, but do not take them lightly. If you are in charge of your Joomla site’s security, remain vigilant, and take the necessary steps to protect your site.