How secure is Joomla?

**Mike Dammann** · 25 December, 2008, 21:45 PM

A friend had her joomla site hacked. Still trying to figure how they got in, but wanted to see if some of you have experienced Joomla insecurity and have some advice on how to secure it.

Thanks!

**Will.Spencer** · 25 December, 2008, 22:04 PM

The Joomla folks are pretty serious about security issues. Their security people make up the Joomla Security Strike Team.

As with most any other server application, the two most important things you have to do in order to maintain security are proper configuration and prompt updates.

For proper security configuration, she should become very familiar with the Joomla Administrators Security Checklist.

Joomla had two known security vulnerabilities fixed at the beginning of November. Joomla 1.5.8 includes the fixes.

**Mike Dammann** · 25 December, 2008, 22:23 PM

OK, I will ask Elisheva later. I bet it was not the latest version!

**elishevadpw** · 26 December, 2008, 05:32 AM

Originally Posted by firetown

OK, I will ask Elisheva later. I bet it was not the latest version!

Uhm... yup as embarrassing as it sounds... it was a 1.0 version (not a 1.5) and I didn't even bother to upgrade it to the newest one.

**Hellas** · 26 December, 2008, 10:07 AM

Joomla is very secure as long as you keep updated. Old Joomla is very easy to penetrate since Joomla release all bug information and bad people can see it and exploit it. JUst check links Will gaved, and stay updated.

**borce** · 26 December, 2008, 15:40 PM

1. Always check Joomla page ( Joomla! )
2. Always see on milw0rm is there new Joomla vulnerability

**Mike Dammann** · 12 January, 2009, 21:05 PM

Ouch I just checked his site and it´s almost like a hacker´s guide on which wp plugin happens to be the easiest to target right now.
And of course it helps people to find programs and plugins to avoid, but unfortunately the average user is not that savvy.

This video is front page http://milw0rm.com/video/watch.php?id=74
Seems like those who want to get into Joomla can if they are capable of following simple instructions.

**Mia** · 12 January, 2009, 22:48 PM

Just wanted to chime in here. So far, of any site I have seen get hacked, it is generally due to pilot error, even by myself. As previously mentioned, the Joomla guys are pretty on top of security issues. So far, I've not had any recent issues, at least not with the latest build. I have several joomla, sites fyi and have no issues outside of the one time I did something stupid.