My Joomla site has been hacked...

Of course it is very frustrating to know that your Joomla website has been hacked. In this case it is important to react quickly and to follow along certain steps in order to minimise risk and damage due to an attack on your Joomla site.

You've gone through all the steps to put up a great website with Joomla and are proud of your site. However, after some time you forget to maintain your Joomla website and all of a sudden your website got hacked. This is a very frustrating experience for every website owner and we can very well relate to such a situation.

A hacked Joomla website is a risk for you as a website owner and your visitors since malware can create large damage. It is important to act quickly: Take your website offline, analyse the attack, restore your site from a save backup and close the hole before you make it available to the public again.

Step by step guide for a hacked Joomla site

If you encounter some sort of hack or malware on your site the following steps can help you to get back to normal operation:

  • Take your website offline
  • Analyse the root cause of the hack
  • Identify a safe backup
  • Close the hole that was exploited in the hack
  • Reupload your website

Once your Joomla website was hacked, you should disable access to the website to avoid any further damage. As a webmaster you might be liable for problems caused by your website such as spreading malware to your visitors, using your web server to send out spam emails, etc. The process to take your website offline depends on your setup, the solution might be to simply rename the root directory as first measure. However, attacks follow different patterns and we strongly advise to consult an expert on this kind of matter.

Measures to avoid further attacks and frustration

The question that comes into mind is what can be done to improve the security of your Joomla website and to avoid the risk of being hacked?

Proper security settings for your Joomla installation

Joomla provides you with some guideline on security that you should follow as a site owner. This includes not using the default admin name, proper setting of permissions for files and directories. When you are responsible for a Joomla website, please take your time and go carefully through the checklist and compare against your installation.

Using secure passwords

You should always use safe passwords - especially for your Joomla installation: This includes the passwords for FTP access, database system and the Joomla backend. It is also important to change passwords from time to time.

Regular backups of your Joomla website

Backups should be carried out on a regular basis so that the project can be restored within a short time and to avoid longer downtime.

It might also be beneficial to arrange a service contract with a Joomla agency to outsource this kind of maintenance work so that you can focus on the content and your business. We are happy to get in contact to discuss any topics related to Joomla security and how to fix a hacked Joomla website.