Do you know what is a webmaster's biggest nightmare? You're right. It's the hackers. Every now and then, website administrators get to deal with hackers. It's not possible to make your website 100% hack-proof.
A small security hole in your entire website's coding can give an experienced hacker access to the backend of your website. And if they manage to crack it down, you may have a hard time figuring out what to do if you didn't have a backup.
However, if you do have a backup, you can restore the site. But what's the guarantee that it won't be hacked again? How do you exactly determine which security hole gave the hacker access to your server in the first place?
There is one tool that can do the job of finding out what's the security hole and what other weak points there are on your website. The tool is called My Joomla. If you remember, we faced the same Joomla hacked experience a while ago at ThemeXpert.
This is the tool that made our website's security stronger and protected. But before we talk about how to audit your website with this tool, let's first look at some of the basic features the site comes with.
My Joomla scans your entire website in just a few moments. You have to first sign up with them and you will be provided with a downloadable extension that you need to upload and install on your Joomla site. The tool then scans for all potentially harmful contents in your website and shows you possible reasons of Joomla hack.
During a Joomla hack, a hacker may leave a backdoor on any of your website's core files so that they can gain access later. My Joomla will instantly scan and recognize those changes in the file that are suspicious.
If you're using too many extensions and your site is very large, you might be wondering which files are untouched and which files are affected. With My Joomla, you can easily revert the core files to their distributed state making sure everything is at their default.
Like I already said, you will never know where the security holes are. My Joomla can look them up for you on you Joomla hacked site and you can make very technical changes in your Joomla quite easily with the tool.
You can also get suggestions for best practices by using this tool and prevent chances of future Joomla hack. For example, if you are using root username to connect the database, you're at risk. The tool My Joomla will suggest you to change that username to something more complex so that hackers can never guess what it is.
What to do after a Joomla site is hacked
You can use the tool to secure and fix hacked website of yours and NOT to backup or restore the content. My Joomla offers two types of auditing. The easiest way is to let them do the job.
But if you're a little familiar with Joomla administration interface and how these things work, you can do the audit by yourself. You need to register with a username and add your website before you can audit it. Just so you know, the first audit is totally free of charge. From second audit onwards, however, you will have to pay which is worth the service.
So, let's fix and secure your Joomla site for free!
Install and Activate
After you add your first website, you'll see a screen idential to the one below. You must click the Generate new connector for the extension to be ready.
Within moments, the download button will show up and you can download and install the extension to your Joomla website the usual way.
As you can see, you can also use the button on Step 2 go to go the Joomla administration panel on your website directly.
Once the plugin has been installed, you'll see a message saying that there isn't anything more you can do from your Joomla administration. You need to go to the first tab and continue with the following.
The buttons to test endpoint are self-explanatory. Click accordingly.
If connection was established, you will see the word “endpoint” upon clicking the button. Remember to click the right button. If you are using Joomla 1.5.x, use the 1st button. If Joomla 2.5+ is running on your site, use the second button. Now, click the Connection Test button to make sure that the connection has been established. If connection is established, you'll briefly see the success message.
You will then be redirected to start audit page. You will have to confirm that you want to start auditing now. The page here will look identical to the one below:
As soon as you click the start button, My Joomla will start its magic on your Joomla hacked site. You will see a live screen of what the plugin is doing on the next screen. Be patient, though; this may take a while if you have a very large website.
As the audit finishes, you'll see a screen with all the details of audit results. From there, you will be able to view what problem fond on your Joomla hacked site. If it has found any problem, there will be blue button that reads “next steps” next to the configuration name.
If you click the next steps button, you'll see all the details of what the problem was and what the tool recommends you to fix the issue of your Joomla hacked site.
If you scroll through the audit results, you might be a little bit overwhelmed. The tools developer writes,
Remember, the object is NOT just to get green OK for each item, the aim is to understand more about your site and its integrity at this moment in time. In fact it's impossible to resolve all items in this list as some checks have knock on effects to others.
If you've got enough time or a dedicated developer, you can have them check the entire result and take action to better protect your website from hacking attempts. If you'd rather leave it to the tool's developer, you can always pay and get their service right over to you. Fees for the service can be found here.
As you might have already realized, the service is really amazing. The tool takes deeper-than-any-human-can-do look into your Joomla's core files and comes up with an incredibly detailed result and possible fixes within minutes. This is some serious stuff that every serious web developers and administrators should have on their Joomla website.
Just as a reminder, the first audit is free. But you cannot audit your website again without paying the charges.
What security measures have you taken to protect your Joomla powered website? How do you find out after your site has been hacked where the problem or security hole lies? Let us know if you have come across any other tool that does better job than My Joomla!