How To Fix A Hacked Joomla Website

Do you know what is a webmaster's biggest nightmare? You're right. It's the hackers. Every now and then, website administrators get to deal with hackers. It's not possible to make your website 100% hack-proof. A small security hole in your entire website's coding can give an experienced hacker access to the backend of your website. And if they manage to crack it down, you may have a hard time figuring out what to do if you didn't have a backup. However, if you do have a backup, you can restore the site. But what's the guarantee that it won't be hacked again? How do you exactly what security hole gave the hacker access to your server in the first place?

 

There is one tool that can do the job of finding out what's the security hole and what other weak points there are on your website. The tool is called Audit My Joomla. If you remember, we faced the same hacking experience a while ago at ThemeXperts. This was the tool that made our website's security stronger and protected. But before we talk about how to audit your website with this tool, let's first look at some of the basic features the site comes with.

Features

  • Audit My Joomla scans your entire website in just a few moments. You have to first sign up with them and you will be provided with a downloadable extension that you need to upload and install on your Joomla site. The tool then scans for all potentially harmful contents in your website.
  • During a hack, a hacker may leave a backdoor on any of your website's core files so that they can gain access later. Audit My Joomla will instantly scan and recognize those changes in the file that are suspicious.
  • If you're using too many extensions and your site is very large, you might be wondering which files are untouched and which files are affected. With Audit My Joomla, you can easily revert the core files to their distributed state making sure everything is at their default.
  • Like I already said, you will never know where the security holes are. Audit My Joomla can look them up for you and you can make very technical changes in your Joomla quite easily with the tool.
  • You can also get suggestions for best practices by using this tool. For example, if you are using root username to connect the database, you're at risk. The tool Audit My Joomla will suggest you to change that username to something more complex so that hackers can never guess what it is.

What to do after a Joomla site is hacked

You can use the tool to secure and fix your Joomla website and NOT to backup or restore the content. Audit My Joomla offers two types of auditing. The easiest way is to let them do the job. But if you're a little familiar with Joomla administration interface and how these things work, you can do the audit by yourself. You need to register with a username and add your website before you can audit it. Just so you know, the first audit is totally free of charge. From second audit onwards, however, you will have to pay which is worth the service.

So, let's fix and secure your Joomla site for free!

Install and Activate

After you add your first website, you'll see a screen idential to the one below. You must click the Generate new connector for the extension to be ready.

generating-ready.png

Within moments, the download button will show up and you can download and install the extension to your Joomla website the usual way.

download-install.png

As you can see, you can also use the button on Step 2 go to go the Joomla administration panel on your website directly.

upload-install.png

Once the plugin has been installed, you'll see a message saying that there isn't anything more you can do from your Joomla administration. You need to go to the first tab and continue with the following.

The buttons to test endpoint are self-explanatory. Click accordingly.

test-endpoint.png

If connection was established, you will see the word “endpoint” upon clicking the button. Remember to click the right button. If you are using Joomla 1.5.x, use the 1st button. If Joomla 2.5+ is running on your site, use the second button.

Now, click the Connection Test button to make sure that the connection has been established. If connection is established, you'll briefly see the success message.

connection-success.png

You will then be redirected to start audit page. You will have to confirm that you want to start auditing now. The page here will look identical to the one below:

start-new-audit.png

As soon as you click the start button, Audit My Joomla will start its magic. You will see a live screen of what the plugin is doing on the next screen. Be patient, though; this may take a while if you have a very large website.

audit-progress.png

As the audit finishes, you'll see a screen with all the details of audit results. From there, you can what problem the plugin found on your website. If it has found any problem, there will be blue button that reads “next steps” next to the configuration name.

joomla-audit-next-step-1.png

audit-result-analysis.png

If you click the next steps button, you'll see all the details of what the problem was and what the tool recommends you to fix the issue.

 

If you scroll through the audit results, you might be a little bit overwhelmed. The tools developer writes,

Remember, the object is NOT just to get green OK for each item, the aim is to understand more about your site and its integrity at this moment in time. In fact its impossible to resolve all items in this list as some checks have knock on effects to others.

 

If you've got enough time or a dedicated developer, you can have them check the entire result and take action to better protect your website from hacking attempts. If you'd rather leave it to the tool's developer, you can always pay and get their service right over to you. Fees for the service can be found here: https://manage.myjoomla.com/faq/fees

As you might have already realized, the service is really amazing. The tool takes deeper-than-any-human-can-do look into your Joomla's core files and comes up with an incredibly detailed result and possible fixes within minutes. This is some serious stuff that every serious web developers and administrators should have on their Joomla website.

Just as a reminder, the first audit is free. But you cannot audit your website again without paying the charges.

Your Turn

What security measures have you taken to protect your Joomla powered website? How do you find out after your site has been hacked where the problem or security hole lies? Let us know if you have come across any other tool that does better job than Audit My Joomla!

Tagged in: hack joomla security
in Tutorials Hits: 49611 Comments
Rate this blog entry:

Founder and Head of Ideas of ThemeXpert. I love building engaging and impactful products! A Joomla! enthusiast and web tech nerd, I love helping people to solve problem in a lean and elegant way. Proud father, husband and family guy love reading and eating own dog food.

Like what you've read?

Join the best Joomla blog on the net and stay up-to-date with our latest tips, tricks and free design resources. We won't share your info with anyone.

blog comments powered by Disqus