As with any content management system, updates need to be regularly applied to Joomla and third party extensions to stay secure from targeted and indiscriminate attacks.

It is also prudent to run website backups regularly and copy the backup files off-site. Relying on your web hosting company for backups is not recommended as there are many scenarios where you may lose access to your data such as your web hosting company going out of business or your web hosting company suspending your account due to a billing or other dispute.

I also recommend checking website performance occasionally as page load time is now a ranking factor.

Joomla Updates

On a regular basis e.g. monthly, run a backup and update to the latest Joomla version.

Subscribe to the Joomla Security News feed so you are kept informed of core Joomla security updates and apply any high priority releases as soon as possible.

Also check for and apply any security hotfixes for Joomla EOL versions if you are still running older versions of Joomla e.g. Joomla 1.5 or Joomla 2.5.

Third Party Extension Updates

Minimise the number of third party extensions (including templates) where possible. Remove any third party extensions (including templates) that are no longer being used. Update the remaining third party extensions (including templates) to the latest versions on a regular basis e.g. monthly.

Subscribe to the Joomla Vulnerable Extensions List (VEL) so new vulnerabilities can be quickly attended to.

Consider replacing third party extensions that are no longer being actively developed or supported. For example, if you are still using Xmap, you should probably switch to OSMap or similar.

For each website, maintain a spreadsheet of all the installed third party extensions with the currently installed version number. This is especially useful for extensions that don't use the automatic update feature as these will not appear in the Extensions -> Manage -> Update list when an update is available.

Joomla Performance

Disabling or removing third party plugins that are not being used can help improve performance. or similar can be used to check the website is loading in a reasonable time. GTMetrix offers suggestions (e.g. enable GZip) for improvement and the "Waterfall" page provides a detailed list of how long each element takes to load so it is easy to pinpoint issues (e.g. oversize images).

Creating a free GTMetrix account enables you to run the test from various locations around the world and compare how quickly your website loads in the USA compared to Australia (for example).

Consider moving to a better host if the current hosting environment performs poorly. The performance difference between a poor host and a good host can be significant.

Also consider moving the website closer to the target audience if necessary. You may be able to shave a second or two off page load times if the server and target audience are close together geographically compared to them being on opposite sides of the world. Enabling a content delivery network (CDN) can also solve this issue.

PHP Version

At System -> System Information -> System Information -> PHP Version check the PHP version your website is running on is still suitable. Consider updating to a supported version if your version is not supported any more.

A good web host will allow you to select a supported version of PHP in the hosting control panel or similar.

Joomla Security Audit

If you are unsure whether your website has been hacked or what needs to be done to secure your website, order a Security Audit for $220.

The Security Audit includes:

  • a report on the Joomla configuration
  • a report on third party extensions
  • a report on the suitability of your web hosting
  • a report on all the vulnerabilities discovered on your Joomla website
  • recommendations on how best to address any discovered issues

Note that no changes are made to your website during the Joomla Security Audit without consulting you first.

The cost of a Joomla Security Audit is refundable if you purchase a 12 month Joomla Maintenance and Backup Subscription within 30 days of the audit.

Joomla Maintenance and Backup Subscriptions

  Economy Business Enterprise
Monthly Cost $39 per month $69 per month $99 per month
Annual Cost $390 per year* $690 per year* $990 per year*
Third party extensions up to 10 extensions up to 20 extensions up to 30 extensions
Monthly Report Yes Yes Yes
Free initial security audit (valued at $220) Yes Yes Yes
Monitor new Joomla and third party extension updates Yes Yes Yes
High priority Joomla updates installed within 24 hours Yes Yes Yes
High priority third party extension updates installed within 24 hours Yes Yes Yes
Non-critical Joomla and third party extension updates installed quarterly Yes Yes Yes
Monthly off-site backups Yes Yes Yes
Non-critical Joomla and third party extension updates installed monthly No Yes Yes
Installation of web application firewall (e.g. Akeeba Admin Tools Pro) No Yes Yes
Weekly off-site backups No No Yes
Monthly malware scan No No Yes

* Pay 12 months in advance and get 2 months free.