As with any content management system, updates need to be regularly applied to Joomla and third party extensions to stay secure from targeted and indiscriminate attacks.
It is also prudent to run website backups regularly and copy the backup files off-site. Relying on your web hosting company for backups is not recommended as there are many scenarios where you may lose access to your data such as your web hosting company going out of business or your web hosting company suspending your account due to a billing or other dispute.
I also recommend checking website performance occasionally as page load time is now a ranking factor.
On a regular basis e.g. monthly, run a backup and update to the latest Joomla version.
Subscribe to the Joomla Security News feed so you are kept informed of core Joomla security updates and apply any high priority releases as soon as possible.
Also check for and apply any security hotfixes for Joomla EOL versions if you are still running older versions of Joomla e.g. Joomla 1.5 or Joomla 2.5.
Third Party Extension Updates
Minimise the number of third party extensions (including templates) where possible. Remove any third party extensions (including templates) that are no longer being used. Update the remaining third party extensions (including templates) to the latest versions on a regular basis e.g. monthly.
Consider replacing third party extensions that are no longer being actively developed or supported. For example, if you are still using Xmap, you should probably switch to OSMap or similar.
For each website, maintain a spreadsheet of all the installed third party extensions with the currently installed version number. This is especially useful for extensions that don't use the automatic update feature as these will not appear in the Extensions -> Manage -> Update list when an update is available.
Disabling or removing third party plugins that are not being used can help improve performance.
gtmetrix.com or similar can be used to check the website is loading in a reasonable time. GTMetrix offers suggestions (e.g. enable GZip) for improvement and the "Waterfall" page provides a detailed list of how long each element takes to load so it is easy to pinpoint issues (e.g. oversize images).
Creating a free GTMetrix account enables you to run the test from various locations around the world and compare how quickly your website loads in the USA compared to Australia (for example).
Consider moving to a better host if the current hosting environment performs poorly. The performance difference between a poor host and a good host can be significant.
Also consider moving the website closer to the target audience if necessary. You may be able to shave a second or two off page load times if the server and target audience are close together geographically compared to them being on opposite sides of the world. Enabling a content delivery network (CDN) can also solve this issue.
At System -> System Information -> System Information -> PHP Version check the PHP version your website is running on is still suitable. Consider updating to a supported version https://php.net/supported-versions.php if your version is not supported https://php.net/eol.php any more.
A good web host will allow you to select a supported version of PHP in the hosting control panel or similar.
Joomla Security Audit
If you are unsure whether your website has been hacked or what needs to be done to secure your website, order a Security Audit for $220.
The Security Audit includes:
- a report on the Joomla configuration
- a report on third party extensions
- a report on the suitability of your web hosting
- a report on all the vulnerabilities discovered on your Joomla website
- recommendations on how best to address any discovered issues
Note that no changes are made to your website during the Joomla Security Audit without consulting you first.
The cost of a Joomla Security Audit is refundable if you purchase a 12 month Joomla Maintenance and Backup Subscription within 30 days of the audit.
Joomla Maintenance and Backup Subscriptions
|Monthly Cost||$39 per month||$69 per month||$99 per month|
|Annual Cost||$390 per year*||$690 per year*||$990 per year*|
|Third party extensions||up to 10 extensions||up to 20 extensions||up to 30 extensions|
|Free initial security audit (valued at $220)||Yes||Yes||Yes|
|Monitor new Joomla and third party extension updates||Yes||Yes||Yes|
|High priority Joomla updates installed within 24 hours||Yes||Yes||Yes|
|High priority third party extension updates installed within 24 hours||Yes||Yes||Yes|
|Non-critical Joomla and third party extension updates installed quarterly||Yes||Yes||Yes|
|Monthly off-site backups||Yes||Yes||Yes|
|Non-critical Joomla and third party extension updates installed monthly||No||Yes||Yes|
|Installation of web application firewall (e.g. Akeeba Admin Tools Pro)||No||Yes||Yes|
|Weekly off-site backups||No||No||Yes|
|Monthly malware scan||No||No||Yes|
* Pay 12 months in advance and get 2 months free.