Periodically browse the Vulnerable Extension List or VEL to check any extensions your website is using are not listed.

If an extension you are using is listed then look for an alternative and/or contact the developer for clarification.

You can of course unpublish a listed extension but this will not of itself protect your website from being compromised.

Uninstall it instead and check that there are no remaining:

  • directories and files left behind on the server,
  • tables and rows (of the extensions table) left behind in the database.

Ask yourself these questions:

  • when did you last back up your website?
  • how resilient are you?

In other words

  • if required, could you roll back to a last known 'clean' backup should the need arise?

Browse the Joomla! Vulnerable Extensions List

Reasons why extensions are added to the VEL

There are many but the most common in recent times has been SQL injection, resulting in a compromised database.

So check your website's database for left-behind tables and rows (of the extensions table) after you uninstall a 3rd party extension.

Other reasons include:

  • SQL Injection and XSS,
  • Information disclosure,
  • Abandonware,
  • Installer includes a tracking script,
  • Directory Traversal,
  • Malicious links,
  • Remote code execution.

JOOMLERS.UK is sponsored by WYNCHCO Solutions

We help and support managers responsible for Joomla! CMS websites in UK business, academy school and third sector organisations across Cheshire, Greater Manchester, Merseyside and North West England.

Read more: WYNCHCO Joomla! CMS Help & Support.

Periodically browse the Vulnerable Extension List or VEL to check any extensions your website is using are not listed.

If an extension you are using is listed then look for an alternative and/or contact the developer for clarification.

You can of course unpublish a listed extension but this will not of itself protect your website from being compromised.

Uninstall it instead and check that there are no remaining:

  • directories and files left behind on the server,
  • tables and rows (of the extensions table) left behind in the database.

Ask yourself these questions:

  • when did you last back up your website?
  • how resilient are you?

In other words

  • if required, could you roll back to a last known 'clean' backup should the need arise?

Browse the Joomla! Vulnerable Extensions List

Reasons why extensions are added to the VEL

There are many but the most common in recent times has been SQL injection, resulting in a compromised database.

So check your website's database for left-behind tables and rows (of the extensions table) after you uninstall a 3rd party extension.

Other reasons include:

  • SQL Injection and XSS,
  • Information disclosure,
  • Abandonware,
  • Installer includes a tracking script,
  • Directory Traversal,
  • Malicious links,
  • Remote code execution.

JOOMLERS.UK is sponsored by WYNCHCO Solutions

We help and support managers responsible for Joomla! CMS websites in UK business, academy school and third sector organisations across Cheshire, Greater Manchester, Merseyside and North West England.

Read more: WYNCHCO Joomla! CMS Help & Support.