Make Joomla! CMS Security your #1 Priority

Joomla! Help Support Warrington Cheshire Manchester Merseyside UKWe adopt a proactive approach to helping Joomlers keep their Joomla!® CMS websites safe and secure.

This guide is produced as part of this proactive approach.

If you need help and support using a Joomla! website then give us a call.

We provide Joomla! coaching, help and support for business managers and organisations across Cheshire, Manchester, Merseyside, North West England & the UK.

Contact Customer Support on 0161 818 8228.


Wise Words

"Security is a moving target, so today's expert might be tomorrow's victim"!

Source: The Official Joomla!® Security Checklist.


Useful Security Checklist

Look for a web hosting company which complies with the Security and Technical Requirements published by the Joomla! Project.

We also recommend that you pay close attention to PHP, MySQL and server location.

We can offer friendly impartial advice to customers to help them choose the most appropriate hosting solution for their Joomla! website.

Read more: Choose a hosting company with care.

Check the server hosting your website is using the latest available release for a given version of PHP and MySQL.

We tell you how to check and consider which versions to use in this guide.

Read more: About PHP & MySQL.

It is essential then that keep your Joomla! CMS and its extensions up to date.

To not do so will leave your website vulnerable to being compromised by hackerists.

This truth means that regular website maintenance by YOU is essential to protect your website.

We offer guidance, support and coaching.

GUIDANCE: How to update your Joomla! CMS.


COACHING: Learn how to keep your Joomla! CMS safe & secure.

Either take or delegate responsibility for drafting a simple Backup and Recovery Plan.

This might be as simple as: once every week AND before updating your Joomla! CMS and its extensions.


Always back up before performing updates.

Updates can and do break websites.

Assume they will and you have nothing to fear!

Read more: How to back up your Joomla! CMS.

When you visit the JED (Joomla! Extensions Directory) you will find thousands of great extensions.

Resist the temptation to grab loads and start installing them on your website without taking precautions.

Some extensions will break your website and not all extensions are well supported.

Some are totally insecure.

The fewer extensions your website uses the better, so get rid of those you are not using.

We use fewer than 10 in our own website.

Read more: How to uninstall 3rd party extensions.

Avoid using Vulnerable Extensions

Before using an extension, browse the Joomla! Vulnerable Extension List.

Browse the Vulnerable Extension List.

If you value your Joomla! website then protect it.

Install, configure and maintain a Web Application Firewall (or WAF).

We believe that NO business should run a website without a Web Application Firewall.

Read more: Web Application Firewall.

Regularly visit the official Joomla! website to check for new releases of the Joomla! CMS.

Read more:

Use the Joomla! RSS News Feeds, including:

  • Security Announcements,
  • Joomla! Announcements, and
  • Community Magazine.

Joomla! Project RSS News Feeds.

We are Joomla! Specialists offering PERSONAL and LOCAL Joomla! CMS Support.

We coach managers who have responsibility for Joomla! CMS websites in businesses and organisations across the UK.

Read more: Learn how to keep your Joomla! CMS safe and secure.


Create UNIQUE usernames and COMPLEX UNIQUE passwords for your website control panel and your hosting control panel.

NEVER store passwords in unencrypted form or in your browser's cache.

Read more: Usernames & Passwords.

When you add an SSL Certificate to your website's domain your user credentials will be encrypted when you sign into your website's control panel.

We recommend free Lets Encrypt SSL certificates which can be quickly and easily added when you sign into your hosting control panel.

There are some Joomla! and SEO settings that may need to be changed when you add SSL.

Read more: How to add a Lets Encrypt SSL Certificate.

It is easy to forget about the device you use to connect to your website when thinking about website security.

Keep your device's Operating System and Web Browser up to date.

If not then you risk having your login credentials stolen when you visit your website to sign in and edit its content.

Read more: Protect your device, browser & web connection.

Official Joomla! Security Checklist


Contents include:

Usernames and Passwords.
Protect your Joomla! CMS from Malware.
Matthew 7:3.
Keep Spambots Out.
Beware telephone fraudsters.
Be on the look out for anything unusual.
Review Installation Messages.


Make Joomla! CMS Security your #1 Priority

Joomla! Help Support Warrington Cheshire Manchester Merseyside UKWe offer Joomla! coaching, help and support to businesses and organisations across Cheshire, Manchester, Merseyside, North West England & the UK.

Learn how to manage Joomla! website security.