32 Vulnerable Extension Warnings in March

joomla support cheshire manchester merseyside north west ukDo you subscribe to the Joomla! Projects Vulnerable Extensions Newsletter?

If not then we recommend that you do.

Reason: we have totted up the number of VEL warnings issued in the month of March and so far the figure is 32 warnings (in 12 emails).

In February the total number of warnings sent out to Newsletter subscribers was 8 (in 4 emails).

In January it was 1 (in 1 email).

Read more: Vulnerable Extensions List.

Subscribe to the Vulnerable Extensions Newsletter.

The reason given for most warnings?

SQL injection.

Conclusion

We trust that the sudden increase in VEL warnings is because the Joomla! Project is being much more proactive at policing the extensions listed in the Joomla! Extensions Directory (JED).

Whether or not this is the case the above observations beg the question: what can be done to reduce the risk of website compromise being caused by a vulnerable 3rd party extension?

What can be done to reduce the risk of compromise?

Adopt a cautious approach when developing your Joomla! CMS website.

As well as frequently backing up (see our last news post) we strongly recommend that you:

  • use only those 3rd party extensions you really need;
  • avoid using untried untested 3rd party extensions on valuable production websites;
  • consult JED reviews before installing a new extension;
  • install a Web Application Firewall to reduce the risk of SQL injection.

The last point is absolutely critical.

Most Joomla! websites are hosted in shared server environments.

And websites hosted in shared server environments are at greater risk of being compromised by other (compromised) websites hosted on the same server.

This is why you should use a reputable hosting company that takes server security seriously.

In such instances the server will be well protected by a firewall.

But we believe that every Joomla! website should have one too!

WYNCHCO Joomla! CMS Support

We coach, help and support managers with responsibility for Joomla! websites in organisations across Cheshire, Manchester, Merseyside, North West England & the UK.

Read more: WYNCHCO Joomla! CMS Support Packages.