Creative web design & development

Keeping your Joomla site safe

As a webmaster or a site owner, you probably think that Joomla is a safe platform and nothing bad could ever happen to your site. If you use your site to blog or to market your business, maybe you never thought that someday you could be hacked.
-"Right! These guys attacks big corporations, banks, government sites. Why would they waste their time hacking my site?"

If you think like this, you cannot be more wrong. Sure hackers enjoy breaking into big corporations sites, but any site cand be attacked.
Why? Oh believe me, there are many reasons to hack a site.
For instance, a hacker can install some nasty software on your site to redirect visitors to illegal sites. The effects can be disastrous. Imagine a client looking for information about a respectable company. This same client will find himself/herself redirected to a porn video site. The company's reputation will quickly and maybe irremediably suffer from this. Not to talk about the hacked site ranking in the search engines...

A hacker could also use your site as a platform to distribute malware and to infect your visitor's pc, launch attacks to other sites using your domain name, or distribute spam mail from your site. Once again the consequences can be calamitous.

I'm not trying to frighten you guys here. But you should be aware of the risks and the security measures you can take to improve your site security.


Is Joomla safe as a cms?

Yes, I think Joomla is a safe platform if properly configured and used. I also use to say that nothing is 100% secure and this applies to Joomla also, it is not unbreakable.


How to keep your Joomla installation secure

Try stay up to date and run the latest version of Joomla.

Joomla stable version is now 2.5.x and the version 3.0 is available and recommended for new installations.

If you still use Joomla 1.5 it is time to consider migrating your site to Joomla 2.5. Going from Joomla 1.5 to version 2.5 is not a simple update. It is a complete system migration that will require a new template and the reinstallation of your site. We can help you with a Joomla upgrade and you are welcome to contact us to help you migrate your site to Joomla 2.5 or Joomla 3.0


Use only reputable extensions.

Do not install extensions from unknown origin on your site. The official place for finding Joomla extensions is

It's a good habit to read users comments before installing a new extension. Some extensions can contain security flaws that can be exploited.
Do not install extensions downloaded from non-official places. If you are looking for a commercial extension, you should pay the fee (usually very reasonnable) and reward the developers for their work. If you try to download the same commercial extension from a torrent network for instance, it may contain malicious code such as backdoors that hackers will use to enter your site.


Keep your extensions up to date.

If you have old extensions installed that may be unsecure, the whole installation will get compromised.


Do regular backups of your site

If your site is hacked beyond repair (with files erased or database heavily corrupted) only a recent and complete backup will save you and your business from total despair.

The excellent Akeeba backup component  is available for free and should be installed on any site.

If you run a site with many content updates (such as a news site) or a site that generates a lot of traffic (online shop, community site), you will need to perform daily backups to minimize the risk of loosing data.

Some hosts also offer the option to create cron jobs and do regular backups of the mysql database.


Harden  the security of your site

There are a few extra things you can do to make those miserable hackers life harder, such as using strict directives in the.htaccess file, blocking the access from blacklisted ips etc.

We can check your Joomla installation and help you to reinforce the security of your site. You are welcome to contact us for a check of your site.

Kontakta författaren