All content management systems such as Joomla and WordPress and third party extensions and plugins require updates to be regularly applied to stay secure from targeted and indiscriminate attacks.
It is also prudent to run website backups regularly and copy the backup files off-site. Relying on your web hosting company for backups is not recommended as there are many scenarios where you may lose access to your data such as your web hosting company going out of business or your web hosting company suspending your account due to a billing or other dispute.
I also recommend checking website performance occasionally as page load time is now a search engine ranking factor.
Website Updates
On a regular basis e.g. monthly, run a backup and update to the latest Joomla, WordPress or other CMS version.
Subscribe to appropriate mailing lists so you are kept informed of security updates and apply high priority releases as soon as possible.
Third Party Extension/Plugin Updates
Minimise the number of third party extensions/plugins (including templates and themes) where possible. Remove any third party extensions/plugins (including templates/themes) that are no longer being used. Update the remaining third party extensions/plugins (including templates/themes) to the latest versions on a regular basis e.g. monthly.
Subscribe to appropriate mailing lists so and announced vulnerabilities can be quickly attended to.
Consider replacing third party extensions/plugins that are no longer being actively developed or supported.
For each website, maintain a spreadsheet of all the installed third party extensions/plugins with the currently installed version number. This is especially useful for extensions that don't use the automatic update feature as updates will need to be managed manually.
Website Performance
Disabling or removing third party extensions/plugins that are not being used can help improve performance.
gtmetrix.com or similar can be used to check the website is loading in a reasonable time. GTMetrix offers suggestions (e.g. enable GZip) for improvement and the "Waterfall" page provides a detailed list of how long each element takes to load so issues (e.g. oversize images) can easily be identified.
Creating a free GTMetrix account enables you to run the test from various locations around the world and compare how quickly your website loads in the USA compared to Australia (for example).
Consider moving to a better host if the current hosting environment performs poorly. The performance difference between a poor host and a good host can be significant.
Also consider moving the website closer to the target audience if necessary. You may be able to shave a second or two off page load times if the server and target audience are close together geographically compared to them being on opposite sides of the world. Enabling a content delivery network (CDN) can also solve this issue.
PHP Version
Check the PHP version your website is running on is still suitable. This can usually be checked in your hosting control panel. Consider updating to a supported version of PHP if your PHP version is not supported any more.
A good web host will allow you to select a supported version of PHP in the hosting control panel or similar.
Website Security Audit
If you are unsure whether your website has been hacked or what needs to be done to secure your website, order a Security Audit for $220.
The Security Audit includes:
- a report on the Joomla configuration
- a report on third party extensions
- a report on the suitability of your web hosting
- a report on all the vulnerabilities discovered on your Joomla website
- recommendations on how best to address any discovered issues
Note that no changes are made to your website during the Joomla Security Audit without consulting you first.
The cost of a Website Security Audit is refundable if you purchase a 12 month Website Maintenance and Backup Subscription within 30 days of the audit.
Website Maintenance and Backup Subscriptions
| Economy | Business | Enterprise | |
| Monthly Cost | $39 per month | $69 per month | $99 per month |
| Annual Cost | $390 per year* | $690 per year* | $990 per year* |
| Third party extensions | up to 10 extensions | up to 20 extensions | up to 30 extensions |
| Monthly Report | Yes | Yes | Yes |
| Free initial security audit (valued at $220) | Yes | Yes | Yes |
| Monitor new CMS and third party extension/plugin updates | Yes | Yes | Yes |
| High priority CMS updates installed within 24 hours | Yes | Yes | Yes |
| High priority third party extension/plugin updates installed within 24 hours | Yes | Yes | Yes |
| Non-critical CMS and third party extension/plugin updates installed quarterly | Yes | Yes | Yes |
| Monthly off-site backups | Yes | Yes | Yes |
| Non-critical CMS and third party extension/plugin updates installed monthly | No | Yes | Yes |
| Installation of web application firewall (e.g. Akeeba Admin Tools Pro) | No | Yes | Yes |
| Weekly off-site backups | No | No | Yes |
| Monthly malware scan | No | No | Yes |
* Pay 12 months in advance and get 2 months free.