Top Ten Joomla Security Problems ...

... and how to avoid them

Joomla Security issues are always a hot issue :) Unfortunately, there are some mistakes that are repeated over and over again creating security problems that can easily be avoided. Here are the problems - the Joomla security issues and what you should do to avoid them. 

Top ten joomla security issues and how to fix them



How to achieve a secure Joomla setup

10. Cheap Hosting Providers - Never go for the cheapest hosting provider you can find. Typically cheap hosting providers use shared servers that host hundreds of other sites, some of which are high-traffic porn sites. Since they are on the same IP typically, your site will be slow, be in a "bad neighbourhood" with a low reputation, and might get compromised if other sites are hacked. Check the list of this website's recommended and Joomla approved hosting provider for CollectiveRay here.

9. No Backups - Make sure you have regular Joomla backups. In case your site gets hacked or something happens, you will be able to rebuild from scratch.

8. Skipping hardening (tweaking settings for security) of PHP and secure Joomla! settings - Forgetting or skipping the adjusting of PHP and Joomla! settings for increased security is a huge no no. There are many small settings and tweaks you can do to make your PHP server and Joomla! more secure and prevent most of the Joomla security issues from occurring in the first place and avoiding all types of security problems.

7. Weak Passwords or Same passwords - Using the same username and password for your online bank account, Joomla! administrator account, Amazon account, Yahoo account, Gmail account and everywhere else is another mistake you should avoid like the plague. Always use strong passwords that are different from those for your other accounts. Remember also to always change the name of the admin account to something other than "admin".

6. Install and forget - After installing your brand new beautiful Joomla!-powered site, check it regularly making sure nothing has gone wrong. Lots of things can go wrong and you can get all sorts of Joomla problems if you don't maintain all the components of your Joomla installations.

Let's help you manage your Joomla better


Free Joomla tips ebook button

Top 5 Joomla Security Issues!

5. Having no development server - All upgrades and extension installations should be first tried on a development server, before being done on the live site. If something goes wrong on the development server, you can avoid creating the same problem on the server, and you'll make sure your live site stays clean. 

4. Trusting all 3rd party extensions - If you want to optimal Joomla security you should only install the barest minimum extensions you require. If you can avoid installing a 3rd party module, avoid it. Not all 3rd party extensions are free from trouble, and some are just plain horrible, buggy and contain vulnerabilities. Each 3rd party extension is another component that might expose you to vulnerabilities and must be kept up to date. Be wary of the 3rd party extensions you install, preferably go for the professional components from reputable companies.

3. Forgetting to keep your Joomla! site updated - after installing your brand new beautiful Joomla!-powered site, keep yourself up to date with any stable releases and update with each stable release. Most stable releases fix problems and vulnerabilities. Forgetting to upgrade will leave your site exposed to all sorts of Joomla problems. This also applies to any 3rd party Joomla extensions you install. There's a way to keep your Joomla always updated though - you might want to have a look at it here.

Joomla security issues - make sure to keep joomla updated

2. Lack of information when asking for help - If your site gets hacked/cracked, go to the Joomla forums, and before you start posting away like crazy, make sure you have all relevant information available, such as the version of Joomla you have installed, what version of 3rd party extensions you have installed. This information will help to identify what could have caused your hack, and how to fix and avoid it happening again.

1. Fix any cracked file and forget it - Once your site's been cracked, fixing the defaced file is not enough. Check your site's logs, change your old passwords, remove the entire directory and rebuild it from clean backups, and take all precautionary actions! Serious Joomla security issues can recur if you do not restore from a clean backup because backdoors can be present in your installation, which will be reactivated by hackers once you remove what you think is the only infected file.

This is a revisited version of the Top Ten Stupidest Administrator Tricks, without the sarcasm and with recommendations of how to fix the top ten Joomla Security issues instead :)

About the Author
David Attard
Author: David AttardWebsite:
David has been working in or around the online / digital industry for the last 18 years. He has vast experience in the software and web design industries using WordPress, Joomla and niches surrounding them. As a digital consultant, his focus is on helping businesses get a competitive advantage using a combination of their website and digital platforms available today.

One more thing... Did you know that people who share useful stuff like this post look AWESOME too? ;-)
Please leave a useful comment with your thoughts, then share this on your Facebook group(s) who would find this useful and let's reap the benefits together. Thank you for sharing and being nice!

Featured On

Inc Magazine Logo  

Sitepoint logo  

CSS Tricks logo   

webdesignerdepot logo   WPMU DEV logo   

and many more!



Get Started Now With ShutterstockShutterstock

Best Rated Caching Plugin

Make your website faster 

How to make your website FAST!

Step-by-step - free email course, how to make your website load in less than 1 second  

who are we?

CollectiveRay is run by David Attard - working in and around the web design niche for more than 12 years, we provide actionable tips for people who work with and on websites. We also run - a website for drone hobbyists.

David attard