Hosting Tutorial & Guide

How to Fix a Hacked Joomla Website & Prevent Future Attacks

updated on Feb 10, 2015
How to Fix a Hacked Joomla Website & Prevent Future Attacks Celebrated as Joomla is, this content management system is still imbued with potential vulnerabilities that may be a target for large amounts of malicious software. Frankly speaking, getting your Joomla website hacked can be the most headache thing in the world, which will ruin your site reputation especially when search engines display warning messages to your readers.

What frustrates us most is that those performed regular/semi-regular updates couldn't hold greedy hackers at bay. In this case, we would like to direct you how to cope with a hacked Joomla website and how to prevent future attacks so as to boost search engine ranking. Note that, we would like to showcase some typical symptoms that your hacked Joomla site may have firstly.

What Are the Typical Symptoms of a Hacked Joomla Site?

In the following, there are some typical indications that your Joomla website may have been hacked:
  1. A defaced page or some unwanted content will be displayed in the process of loading your website without your consent.
  2. The web browsers alert you that your site is unsafe with malicious spyware, malware and other malicious software.
  3. Some unexpected and strange files have been added to your FTP server in certain hosting directories.
  4. Search Engines will inform you of a warning message when you attempt to search for your Joomla site.
  5. An anti-spyware or anti-virus software reports a threat when you try to visit web pages.

What Are the Attack Sources on Earth?

Hacked Joomla - Typical Symptoms As a matter of course, the more you learn about the attack, the more you will be able to fix your hacked site. To identify the source of the attack is not a difficult task, and you can take the following points for reference.

Password-Guessing Software – Many hackers take advantage of online password-guessing software to access your system so as to hack any account. Besides that, some of them will be able to get your website hacked by simply guessing at your not-strong passwords.
Joomla Security Vulnerabilities – Some hackers may use the outdated version of Joomla and some vulnerable third-party extensions to change your .htaccess file and embed malicious code/files to your web server.
SQL Injection – Those intruders usually make use of a database SQL command to penetrate your site's weak defense and compromise your back-end database. For instance, it will change your administrative username and password.

How to Deal with Your Hacked Joomla Website?

Perhaps the fastest and simplest way to fix a hacked Joomla site is to turn to a clean backup file that hasn't been infected with any virus or malware. To enforce security, you'd better have a security extension or malware scan tool to check those associated files whether include malicious code. On the other hand, if you fail to make a previous backup, you should refer to those secure measures.

Set Your Site Offline
At the very beginning, you shall make your Joomla site offline in order to make it free from further damage. In the further, you can also prevent your readers from facing a pop-up malware alert by doing so. When it comes to the detailed steps, you will need to forbid the current webserver and point your site's DNS entries to certain static webpages on another server equipped with 503 HTTP response code.

Note that, the mentioned 503 code is a commonly-used indicator for a site's maintenance and it won't affect your site's future ranking in search results as well. In some cases you are not sure how to make your Joomla site offline, you will need to ask your web hosting service provider for assistance. To be frank, as a popular CMS, Joomla has gotten support from those best Joomla hosting solutions which are outstanding in customer service and security features.

Reset Related Passwords & Scan Local Files
Hacked Joomla - Reset Related Passwords & Scan Local Files It is of great necessity to make sure that you are the only one to access your hosting site/account by controlling your file system permission and resetting all related passwords for FTP users, cPanel accounts, Joomla administrators and MySQL database users, etc. In consideration of security, you'd better make your passwords have a minimum of 8 characters and 1 number with both lower and uppercase letters.

Also, you will need to update your passwords as often as possible in order to lower the risk of getting hacked. Pay attention that all local files and any machine applied to upload your files to the server still require to be checked carefully and regularly to wipe out all forms of malicious software.

Clean Up Your .htaccess File
If there are some malicious redirect links that automatically transfer your visitors to some unexpected content or web pages, you will need to clean up and edit your .htaccess file so as to grants access only from your IP address. In this way, you are able to forbid some potential hack attempts coming from certain bad IP addresses to intercept your site's sensitive areas like admin sections.

Important to Note: Apart from those mentioned three important aspects, you also need to download the documented server logs from cPanel to analyze risky third-party extensions. Once done, you will be able to create raw access in your cPanel in order to have a constant record of your site's requests, which is extremely necessary for you to detect any malicious activity.

How to Prevent a Future Hacking?

In this section, we would like to walk you through how to prevent a future hacking effectively by using those following methods. Scroll down and know more knowledge.

Protect your post comment section – You should verify the form input before most HTML tags are going to be removed from visitors' comments. Besides that, you'd better make use of a keyword filter so as to perish any malicious script code.
Use strong username and passwords – You will need to make your admin username as strong and unique as possible. In the further, your passwords have to be hard to memorize and guess so that a hacker couldn't easily access and hack your account.
Make a backup of your files and data – You shall backup your Joomla data so that you can quickly restore your website from going down. More than that, it is recommendable to make a copy of your files daily so as to display the latest posts even when a hack occurs.
Keep regular updates – You also need to keep your Joomla up to date, and in the meantime, use the most recent versions of programs on your desktop and hosting account. Ensuring that those activated third-party scripts are safe to update as many hackers may take advantage of those attached potential bugs.

Recommendable Joomla Security Extensions

Hacked Joomla - Recommendable Joomla Security ExtensionsTo prevent your Joomla site from future security incidents, you'd better use a series of security extensions released by Joomla itself. In the following, there is a list of security tools, all of which are accessible from the official "Joomla! Extension Directory."

Securitycheck – It is a medium protection suite that has been tested against many malicious attacks like 90 SQL and XSS attacks patterns. And more, this user-friendly plugin enables you to check folder/file permissions and hide your own backend URL.
jHackGuard – It helps to protect your Joomla site from hacking attacks, such as SQL injection, remote code executions, XSS based threats and remote file inclusions/URL, etc. Plus, this plugin is so easy-to-use that you don't need to configure it at all.
SecSign – It works as a useful plugin, with which you can enable safe and simple login from both Android and iPhone mobile devices. Also, this free plugin can be used as an in-house solution for your current security infrastructures.