32 Vulnerable Extension Warnings in March
If not then we recommend that you do.
Reason: we have totted up the number of VEL warnings issued in the month of March and so far the figure is 32 warnings (in 12 emails).
In February the total number of warnings sent out to Newsletter subscribers was 8 (in 4 emails).
In January it was 1 (in 1 email).
The reason given for most warnings?
We trust that the sudden increase in VEL warnings is because the Joomla! Project is being much more proactive at policing the extensions listed in the Joomla! Extensions Directory (JED).
Whether or not this is the case the above observations beg the question: what can be done to reduce the risk of website compromise being caused by a vulnerable 3rd party extension?
What can be done to reduce the risk of compromise?
Adopt a cautious approach when developing your Joomla! CMS website.
As well as frequently backing up (see our last news post) we strongly recommend that you:
- use only those 3rd party extensions you really need;
- avoid using untried untested 3rd party extensions on valuable production websites;
- consult JED reviews before installing a new extension;
- install a Web Application Firewall to reduce the risk of SQL injection.
The last point is absolutely critical.
Most Joomla! websites are hosted in shared server environments.
And websites hosted in shared server environments are at greater risk of being compromised by other (compromised) websites hosted on the same server.
This is why you should use a reputable hosting company that takes server security seriously.
In such instances the server will be well protected by a firewall.
But we believe that every Joomla! website should have one too!
WYNCHCO Joomla! CMS Support
We coach, help and support managers with responsibility for Joomla! websites in organisations across Cheshire, Manchester, Merseyside, North West England & the UK.