Joomla Hardening 2


In the last Joomla Hardening 1 post, we discussed Method and Techniques for Joomla Hardening and etc. In this post we are going to explain, maintain Joomla Extensions, Components and Templates.


1. Updating the relevant extensions , components and templates

Joomla now offers automatic updates for your installation. When you log into the dashboard you will
be notified of any updates available for your software version or Joomla core itself.
                                Figure 32: Automatic Notification : Joomla Control Panel

                                                Figure 33: Joomla Core Update Page

Login frequently to the dashboard to keep extensions , plugins and joomla up to date of the latest
updates released by Joomla

Your dashboard will also indicate if there are no updates to be applied. Under the “Maintenance”
item of the Control Panel menu you can see
“Joomla is up to date” and “All extensions are up to date”.

                                       Figure 34: Joomla Control Panel : Maintanence button

2. Auditing all the extensions, components and templates

        Remove unused components
            Storing unused components in your Joomla installation will only increase the chance of a compromise, even if they are disabled and inactive.

        Do not install untrusted unknown extensions , plugins and themes.
            Never install plugins and themes from unknown developers without proper
documentation. They could contain backdoors which would allow an attacker to
access your website, using that plugin or theme as the access point

        Monitor Vulnerable Extensions
            All known vulnerable extensions are listed in the Vulnerable Extensions List (VEL)
in Joomla’s official website. No patch is available for extensions in this section and you are recommended to uninstall the extension from your site. The Resolved VEL section lists extensions for which a patch is available. You are recommended to update if your site uses any of these extensions.

3. Using Security Extensions

Many of the techniques and methods mentioned in this documentation can be implemented
through security extensions provided in the Joomla Extensions Directory
                                            Eg : RSFirewall , AdminTools

Note : Before installing any extensions or updates on your site follow the following steps :
                1. Backup Joomla.
                2. Review if the update or extension has any incompatibilities or negative impacts on your
                3. Test update in an environment to see the compatibility of the update with other components
                4. Backup your site
                5. And finally install the update or extension on your system.