Navigation:

secure joomla logo

Joomla is a very popular Content Management System (CMS) that can help make your website publishing life easier. However just like any other software, if you don't keep it up to date, you could be opening yourself up for some headaches down the road.

Nothing is worse than having your website suddenly defaced with messages you don't approve of, malicious hacks running on your site possibly infecting your visitors, and losing rank in search engines.

In this guide I'll try to cover all the Joomla security basics of making sure these problems don't happen to you.

Ensure current Joomla version is secure

If you have the now very out of date installation of Joomla 1.5 still running on the Internet, chances are your website is getting attacked on a semi-regularl basis. Unfortunately with all the known exploits for Joomla 1.5 in the wild, it's probably just a matter of time before one of them successfully hacks your Joomla website.

Below is a table of the various versions of Joomla, and how old they are. The End of Life date marks the date in which there is no further support for bugs or security of that release making them more prone to attacks.

Joomla Version Branch Latest Release Date Last Release End of Life Upgrade Path
1.5 1.5.26 January 22 2008 March 27 2012 September 2012 Migrate to 2.5
1.6 1.6.6 April 22 2009 July 26 2011 August 2011 One-click to 2.5
1.7 1.7.5 July 19 2011 February 2 2012 Feburary 2012 One-click to 2.5
2.5 2.5.14 January 24 2012 Aug 01 2013 December 31st, 2014 One-click to 3.x
3.0 3.0.4 September 27 2012 February 4 2013 May 2013 One-click to 3.1
3.1 3.2.0 September 27 2012 February 4 2013 Nov 2013 One-click to 3.2
3.2 3.2.0 November 6 2013 November 6 2013 Apr 2014 One-click to 3.5

We also recommend checking up on the latest Joomla Security news which covers recent exploits discovered in the Joomla core, and also the vunerable Joomla extensions which have been discovered recently.

Find and clean up a Joomla hack

If your website has been attacked and compromised sometimes it will be vary apparent. You might have malicious redirects taking your visitors to some other website, content appearing on your website that you didn't create, and typically your account's resource usage will be higher when under attack or running any hacks.

Here are some common things you can look at if you suspect your Joomla website is under attack or hacked:

  1. Check to see if the Google Safe Browsing Diagnostic page has detected any known malware running on your website. If your domain name was example.com, you would use the following URL to check:

    http://www.google.com/safebrowsing/diagnostic?site=example.com

    You can also use the Sucuri Security free website malware scanner, again access by a URL like:

    http://sitecheck.sucuri.net/results/example.com

  2. Follow our recovering after a hack guide which goes over updating your cPanel and FTP passwords, and also scanning your local computer to ensure you aren't uploading malicious files unknowingly to the server.
  3. Clean up a .htaccess hack if your website is redirecting visitors or search engines to other sites without your consent.
  4. Clean up a code injection attack if you notice strange behavior from your pages, or if you see injected keywords or other types of spam in your content.
  5. Enable raw access logs in cPanel so that you have historical record of your website requests, this can be handy when trying to track down malicious activity.
  6. Block unwanted users with your .htaccess file to prevent possible hack attempts from known bad IP addresses or User-Agent strings.

Reinstall Joomla after a hack to prevent further exploits

While you might be able to clean up most traces of an attack and hack against your Joomla website, once an attacker has successfully exploited a part of your site, it can be extremely hard to ensure that all traces of the hack are removed.

A lot of times once a Joomla site has been hacked, it gets added to a list by the attacker, and then they'll more than likely keep coming back trying to exploit it again and again until you've upgraded to protect yourself from the exploits available in the wild.

Below I'll walk you through the process of taking a Joomla 1.5 site that has been hacked, reinstalling Joomla itself to rule out any malicious files still being on your account, and then upgrading to Joomla 2.5 to help ensure the same hack isn't allowed to be uploaded to the website again.

  1. view joomla version from admin dashboard Login to your Joomla admin to double-check you have the latest version of Joomla 1.5 already, which should be Joomla 1.5.26. If you have an older release of Joomla 1.5 you need to first upgrade from an existing Joomla 1.5x version.
  2. drag ftp files to local folder

    Using your favorite FTP client, you'll want to download all of your current folders and files for Joomla to your local computer.

    In this case I'm using FileZilla, connecting to my site example.com, navigating to the /public_html directory where Joomla is installed, then simply selecting all the folders and files by clicking on one then hitting Ctrl-A to select all. Then I'm dragging them all to a local folder called /Downloads/Joomla that I created.

  3. Next you'll want to backup your Joomla database in cPanel, so that you have a copy of that as well.

    At this point, you now have all the physical files that make up your Joomla website. In the event that the steps below for reinstalling Joomla and upgrading it do not work for you, you'll at least be able to restore your site back to its hacked state.

  4. Now that you have all of your Joomla files downloaded locally that are potentially hacked, you should be able to safely remove them from the server.

    This can be done by simply selecting all of your Joomla files in your FTP client, and then hitting Delete on your keyboard. If your main website is running Joomla, this would be all the files in the /public_html directory.

    Please note you might have other files on your account other than just Joomla. If you delete these as well, and don't re-upload them from the local copies you've downloaded, they will no longer be present on your account.

  5. Download the last release of Joomla 1.5 by clicking on this link for Joomla 1.5.26

    You should now have a Joomla_1.5.26-Stable-Full_Package.zip archive downloaded to your local computer. This contains all of the core files needed to run a Joomla website.

  6. upload fresh joomla zip to server

    Upload the Joomla_1.5.26-Stable-Full_Package.zip to your now what should be blank /public_html directory.

  7. right click joomla zip click extract

    Access the FileManager in cPanel and navigate to your /public_html directory.

    Then right-click on the Joomla_1.5.26-Stable-Full_Package.zip file you uploaded, and click on Extract.

    click extract files

    In the Extract window that pops-up, in this case we can just leave the extraction directory set to /public_html and then just click on Extract File(s) so that all of the Joomla core files are places there.

    close extraction results window

    It might take a few minutes for the .zip file to finish inflating, once it completes, click on the Close button.

  8. upload configuration.php file

    At this point, if you attempt to visit your website where Joomla was installed, you will get the Joomla installation screen, since we effectively just deleted our old Joomla site, and uploaded the new Joomla core files.

    The next thing you'll want to do is re-upload your configuration.php file back to the server. This file contains all of the information such as what database Joomla should use.

    delete installation folder

    You'll also want to delete the installation folder, as this is a security requirement of Joomla.

  9. Now if you try to go to your Joomla website again, it should have all of your content pulled from the Joomla MySQL database, but it will be now using verified as good and clean core files for Joomla.

    Hopefully now any traces of a hack that you found on your accout should be gone. However if you are still seeing some strange activity, this could mean that the attacker successfully exploited your Joomla database, in which case a more thorough investigation of your database would need to be done.

Upgrade Joomla 1.5 to 2.5 to prevent hacks

Now that you've hopefully successfully removed any hacks from your old Joomla 1.5 site, it is very important to update your installation to Joomla 2.5 so that an attacker doesn't simply come back and hack your website again.

This technically isn't an upgrade, but a migration, as the two versions of Joomla aren't directly compatible. The process can vary greatly depending on the complexity of your Joomla website and what modules or extensions you've used. We would strongly recommend at least glancing at the offical Joomla documentation that they have for migrating from Joomla 1.5 to Joomla 2.5 before proceeding with the steps below.

  1. You can use the jUpgrade extension which can be directly downloaded from jUpgrade downloads.

    You should end up with a com_jupgrade-2.5.2.zip archive of the extension.

  2. click on install extensions

    Login to your Joomla admin

    Then hover over Extensions and click on Install / Uninstall

  3. upload package file click install

    Under the Upload Package File section, click on Choose file and then browse your local computer for the com_jupgrade-2.5.2.zip file.

    Then click on Upload files & Install

  4. click on plugin manager

    Hover over Extensions again, and this time click on Plugin Manager

  5. search for mootools and enable plugin

    In the Filter field, type in mootools and click Go.

    Beside the System - Mootools Upgrade plugin, click on the red x under the Enabled column to enable the plugin.

  6. click on jUpgrade

    Hover over Components, then click on jUpgrade.

  7. click start upgrade

    Now just click on the big Start Upgrade button to begin the process.

    jUpgrade complete

    You should see the jUpgrade upgrade begin and it will update you on the current step in the process.

    When complete you'll get a Joomla 2.5 Upgrade Finished! message

  8. jupgrade compared to normal site

    Now if you visit your website with /jupgrade appended to the end, you should see your upgraded Joomla site. jUpgrade leaves you main Joomla 1.5 site still in tact so you can test things.

    Here you can see on my example.com site, when accessing the /jupgrade directory the Main Menu for instance has changed.

  9. create old_joomla ftp directory

    Now in your FTP client again, create a new folder called old_joomla. This can be done by right-clicking on the server-side of files and selecting Create directory, in the Create directory pop-up enter in the name of the directory than click OK

    move files to old joomla folder

    Next click on any of the files or folders, and then hit Ctrl-A to select all the files.

    Then hit just Ctrl and click on the newly created old_joomla directory to de-select it, and also the jupgrade folder.

    Then finally drag all of the other selected files into the old_joomla directory.

  10. move jupgrade files to public_html

    Now navigate into the jupgrade folder, hit Ctrl-A to select all files, then drag them up into the /public_html directory one level up.

  11. Now you should see the Joomla 2.5 website when just accessing your domain normally, and if you login to the Joomla admin, you'll notice the new version reflected as well.

    joomla 2.5 upgrade complete main site joomla 2.5 upgrade complete admin

     

Hopefully you now have a good idea of how to ensure your Joomla website isn't currently hacked, and if it was how to clean up the hack or reinstall Joomla. Make sure going forward you always keep your Joomla install updated to prevent any further issues, and as always if you're still having any issues please leave us a comment!

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Support Center:
Email Address
Optional, but our team may contact you for more information.
Like this Article?

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!