Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes.

According to last year’s Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla is the second most-commonly infected CMS, in between WordPress and Magento. Joomla sites are an appealing target for black-hats, often as a consequence of security misconfigurations, vulnerable third-party extensions and servers running outdated core software.

A compromised Joomla site could place your users at risk and lead to irreparable reputation damage. With that in mind, let’s take a look at eight pointers to help harden your Joomla sites against malicious activity.

Eight top tips

1. Keep your Joomla core up to date

First things first, you should check that your instance is running the latest stable build of Joomla. Official releases bring new features and functional bug fixes but most importantly patches for security vulnerabilities. A notification will surface in the Control Panel back-end if an update is available for download.

Upgrade packages are also accessible on the Joomla Downloads site. Always back up your site before updating, and familiarize yourself with the instructions if you’re handling the process manually.

2. Keep extensions up-to-date

You’ve updated your Joomla core, but have you checked your third-party extensions? Vulnerable plugins are a common attack vector for adversaries targeting a CMS-based site.

Plugins made available on the official extension directory are now required to use the Update System, which will surface a notification in the Control Panel if a new version is available. External developers should write extensions with the Update System in mind. This ensures that the latest patches will always be pulled down from a predefined (Read more...)