Professional Documents
Culture Documents
RU
Website Audit, Vulnerabilities and Recommendations
Old and outdated extensions installed: This is the top and most common reason behind
a hacked Joomla website. Always keep all extensions up-to-date, and if you’re using an
extension that is no longer supported, then try to find an alternative. If not, have a
developer look at that extension to ensure it has no vulnerability issues. There are few
outdated ones such as JoomShopping that create loop holes for hackers.
SSL certificate (HTTPS) is not enforced: Https should be enforced when anyone opens
non-secure URL.
Get up-to-date, Stay up-to-date: All themes, modules and plugins should be up to date.
Check you server logs for IP's calling suspicious files or attempting POST commands to non-
form's
Protect Against Brute-force: Consider adding a bot block list to your .htaccess file
If you are using a nulled theme, better get a legal and paid version because nulled themes
contain malicious stuff.
Clean up a code injection attack: If you notice strange behavior from your pages, or if
you see injected keywords or other types of spam in your content.
Conclusion:
So, there are two possible solution for this problem statement. As far as my findings, the main
reason is outdated stuff (theme, extension, modules etc.). Enhance the security by making a
checklist of above mentioned points. https://forum.joomla.org/viewtopic.php?f=621&t=582854
Everything should be up-to-date while using Joomla or any other CMS or it creates loopholes.
The second solution will be to create a custom portal using secure PHP frameworks like Laravel
to eliminate the above-mentioned risks.