Here we've listed the ten most likely ways your Joomla website will get hacked. How many of them could catch you out?
1. Weak Joomla Administrator Password
Firstly rename the administrator account username from admin to something memorable. I know in the modern world we have so many passwords to remember, I use three words and swap out some letters for numbers, on different sites and services I swap the order of the words, there are only three possible passwords I can use and if I don't know them, they are going to be difficult for other people / hackers to guess. Software enables hackers to run millions of guesses a second, you can configure servers to block 'brute force password attempts', for the main just setting a strong password is enough but remember to change your username from 'admin'.
2. No Security Measures For A Joomla Website
Database prefix, super admin id, upload limits, hot linking, blocking terms in URLs, block all SQL injections, etc, etc.Some of these are basic, some are complicated and should be done by a Joomla professional. From my point of view if your are a serious business and you've not implemented these and other Joomla security measures, you are begging to be hacked and made a fool of. Your website is your online shop window, defacement, spam emails in your name, outbound links to porn sites, user information taken and used, etc.
Falling prey to hackers damages your businesses reputation and costs far more than the costs of cleanup - which in turn cost far more than the cost of prevention. I'm not scaremongering I see it every day, and funnily enough it's never ourselves.
Keeping on top of your website will save you money should something go wrong, a recent large hacking incident set someone back over £2,600 for the de-hack and a further £480 to seal other weaknesses. They needed to retrieve their user's information no matter what, and keep an online presence throughout. With our expert Joomla security measures none of this would have happened. A £350 Joomla security audit would have shown all the potential issues and pointed out how to fix and seal the cracks. A further £360 would have paid for us to do the necessary follow-up work - this would have prevented the hack and also fixed other weaknesses that the site audit highlighted.
3. Joomla Website Re-hacked - Missed Hacker Files
About 20% of our de-hacking jobs come from other developers or site owners who have cleaned out a hacking incident and very quickly been re-hacked. De-hacking a Joomla website is a skill, you can overlay a clean set of files to your current files but what about new files that have been added.
We've created our own script that we add to a client's site, we then search for anything that is not a part of the core Joomla files, we then investigate what these files are, some will be legit and others might be hacker files.
One thing is for sure, our clients never get re-hacked from the same incident.
4. Joomla And Server Login Details Taken From Infected Computers
Malware, Spyware and other computer infections once accounted for a significant proportion of website hacks. People's awareness of viruses and better quality antivirus has reduce this form of hacking, however it does still happen and we have seen incidents of this recently.
Run regular full system scans against all machines that are used to access your website, be careful / vigilant when browsing the Internet and opening emails. Don't risk your businesses reputation, keep your computers clean and free from infections with the added benefit of helping to keep your website clean.
If you are concerned about your website's security or believe you might have already fallen foul to hackers, do not hesitate to get in touch.
5. Cheap Joomla Hosting
Why would you go for the cheapest hosting provider you can find?
Cheap or low cost hosting providers use shared servers that can host up to 1,000 websites. Shared hosting by itself is not bad, but if you pay the minimum for your hosting you know it will not be configured for optimal speed or security.
Cheap hosting is sold as a lead generator
When something goes wrong - and it will - the hosting company will do nothing to help and will do everything to up-sell you to a more expensive package that they claim is more secure - which isn't, it is on the same server but you pay more for nothing extra. For optimum security, smaller hosting providers like ourselves offer the best Joomla hosting packages.
ASPHostPortal.com is a popular online Joomla 3.2 hosting service provider catering to those people who face such issues. The company has managed to build a strong client base in a very short period of time. It is known for offering ultra-fast, fully-managed and secured services in the competitive market.
“We have hosted large numbers of websites and blogs until now. Our clients come from diverse backgrounds from all sectors of the economy. We offer free trial for our new customers so they get an idea of the kind of service they will receive,” - Dean Thomas, Manager at ASPHostPortal.com.
ASPHostPortal.com has been offering fully managed backups, updates, and security all round the year without any sorts of interruptions to make sure that the web traffic of their clients’ websites and blogs is not lost. The company is also seen offering maximum security for its clients’ blogs and websites.