Every day it seems there is a news article about a major site on the internet being hacked.
Banking websites, big social media sites like Facebook and Twitter, e-Commerce sites, even small business sites - all of them are vulnerable to hacking. It's a constant battle of security improvements and practices vs. those who would do our websites harm.
To combat the never-do-well's of the internet, you have to stay up to date with your Joomla CMS software, and any extensions you have used on your site. Every Joomla update includes security improvements and often security patches to close any holes that hackers have found and exploited in previous versions.
Keeping your Joomla CMS software current is only part of the security equation. Security risks can be present in your hosting server and even your own desktop computer. Getting a key logger virus on your PC can potentially expose your administrator or FTP ids and passwords when you use them, giving hackers free reign of your site without you even knowing. So in addition to running your website on the latest Joomla security releases, you still need to keep a careful and constant eye on your Joomla website to ensure it's safe and secure.
But I don't sell anything on my website. So why do I need to worry about security updates?
Unfortunately, there are almost always security vulnerabilities in older versions software that have been discovered by hackers, and Joomla is no exception. There are literally hundreds of "script kiddie exploits" readily available to hackers looking for them on the internet. With today's tools, hackers can easily hit thousands of sites in an hour testing the script against site after site until the automated script finds an out of date site and gets in. These scripts unfortunately allow even the most unintelligent, unskilled hacker to compromise an older Joomla site and do some pretty horrendous things.
Don't rely upon the fact that your site is considered small compared to larger and juicier targets on the web, or that you don't sell anything on your site, to protect you from hackers. Many hacks are done simply for the joy of knowing they've caused great inconvenience or embarrassment to random site owners. Today's casual hackers are like the prank phone callers of yesteryear, who would call random phone numbers with pranks, just for the heck of it.
Here are a few examples of hacks we've seen over the years that have nothing to do with stealing information from your site:
Malware hacks upload malware which is then silently distributed to your site visitors' computers without their knowledge. Eventually Google will notice this, de-index your pages and blacklist your site! (Have you ever seen one of those warnings about malware on a site when you click a link in Google? It can do incredible damage to your site's reputation.)
Spam hacks upload scripts to your hosting account which allow the hackers to use your email account to distribute spam. We've seen Joomla website accounts that suddenly begin spitting out thousands of spam emails an hour after one of these hacks. You often have no idea it's happening until someone reports you as a spammer. Being a victim of this hack can result in not only your business email being blocked for spamming, but can actually affect every other hosting client whose account goes through the same email server. Anti-spam watchlists will often blacklist the entire email server that your account goes through, which can result in your hosting company suspending your site or in extreme cases, simply cancelling your hosting account with little or no notice.
Redirect hacks modify your website redirects so that people who visit your site on a smartphone or tablet get sent to an adult site of a graphic nature. This is a particularly nasty one because many site owners never visit their own website for weeks at a time, and then most commonly only from a desktop because they are updating content. So these nasty redirects can stay active for weeks without you noticing, until Google blacklists you, or worse, a customer of yours lets you know it's happening. Obviously this hack is bad for your business reputation.
Hijacking hacks will often deface your site entirely, which means your Joomla website has to be restored manually from a backup. (Hope you have a recent one! You are taking backups, aren't you?)
And the list goes on...
At Polished Geek, we make it our business to keep up with the latest Joomla security threats and software releases.
You don't have time to keep track of all the new security information announced each week on the web, so let us do it for you. Security audits and a hacked site recovery guarantee are included in every Joomla Royalty Website Care Plan we offer.
While no one can promise you won't be hacked, our website maintenance and support care plan packages go way beyond standard Joomla website maintenance. Our ongoing care plans provide you the assurance that your site is being audited and monitored on a regular basis and if the unthinkable happens, you'll have a team of Joomla experts on hand to swing into action.
Ready to better protect your Joomla site against hackers?