The Number of Installed Extensions on Your Joomla Website Is Inversely Proportional to Its Security

We know – that’s a very long title for a post, but we couldn’t think of a better title that would explain what this post is about. In any case…

We got an email near the end of the day yesterday from a new client – he was complaining that his website, although running Joomla 2.5, was hacked. We checked his website and he had nearly 20 3rd party components installed, around 70 3rd party modules, and over a 100 3rd party plugins. He also had 5 templates (yes – 5) that were serving his website. We told him that he has a very large number of 3rd party extensions installed, and that the number of 3rd party extensions is inversely proportional to the security of a Joomla website.

Huh? He said…

So, we explained more. We told him that there’s an average of 10% chance for any extension to have an exploit – and we’re talking about good extensions here. Bad extensions score a much higher average for exploitability (is that a word?), but, on the other hand, they are often less targeted since hackers usually target widely used extensions for maximum damage. This essentially means that the more (reputable or non-reputable) extensions you have, the more vulnerable your Joomla website is…

So, what can you do if you have many installed extensions on your Joomla website?

Well, there are a few things that need to be done to address this problem:

  • Uninstall unneeded extensions.

    We doubt that many websites out there actually need/use 70+ modules. So, you need to go through each and every extension and check if it’s used or not, and whether its use is necessary or not. If the answer is no to any of the previous questions, then it should be uninstalled.

  • Ensure that all your extensions are up-to-date.

    Once you have remove all the unneeded extensions, then you will need to upgrade all your extensions to the latest version. Doing so will increase your protection against attacks exploiting vulnerabilities in old versions of your extensions.

  • Ask some Joomla security experts to review your website.

    Joomla security experts are there for a reason – to make sure that your Joomla website is safe and resilient to most malicious attacks. Asking them for help usually saves you a lot of time and money on the long run.

By following the above tips, you will certainly have a faster and a safer Joomla website. If you need help with implementing these tips, then feel free to contact us. We immediately answer emails and we always answer the phone (usually from the first couple of rings), we are very friendly, and our rates are very affordable. What more could you want?

No comments yet.

Leave a comment