By Parvez Akther on Friday, 04 January 2013
Category: Tutorials

How To Fix A Hacked Joomla Website

Do you know what is a webmaster's biggest nightmare? You're right. It's the hackers. Every now and then, website administrators get to deal with hackers. It's not possible to make your website 100% hack-proof.

A small security hole in your entire website's coding can give an experienced hacker access to the backend of your website. And if they manage to crack it down, you may have a hard time figuring out what to do if you didn't have a backup.

However, if you do have a backup, you can restore the site. But what's the guarantee that it won't be hacked again? How do you exactly determine which security hole gave the hacker access to your server in the first place?

There is one tool that can do the job of finding out what's the security hole and what other weak points there are on your website. The tool is called My Joomla. If you remember, we faced the same Joomla hacked experience a while ago at ThemeXperts.

This is the tool that made our website's security stronger and protected. But before we talk about how to audit your website with this tool, let's first look at some of the basic features the site comes with.


What to do after a Joomla site is hacked

You can use the tool to secure and fix hacked website of yours and NOT to backup or restore the content. My Joomla offers two types of auditing. The easiest way is to let them do the job.

But if you're a little familiar with Joomla administration interface and how these things work, you can do the audit by yourself. You need to register with a username and add your website before you can audit it. Just so you know, the first audit is totally free of charge. From second audit onwards, however, you will have to pay which is worth the service.

So, let's fix and secure your Joomla site for free!

Install and Activate

After you add your first website, you'll see a screen idential to the one below. You must click the Generate new connector for the extension to be ready.


Within moments, the download button will show up and you can download and install the extension to your Joomla website the usual way.


As you can see, you can also use the button on Step 2 go to go the Joomla administration panel on your website directly.


Once the plugin has been installed, you'll see a message saying that there isn't anything more you can do from your Joomla administration. You need to go to the first tab and continue with the following.

The buttons to test endpoint are self-explanatory. Click accordingly. test_endpoint

If connection was established, you will see the word “endpoint” upon clicking the button. Remember to click the right button. If you are using Joomla 1.5.x, use the 1st button. If Joomla 2.5+ is running on your site, use the second button. Now, click the Connection Test button to make sure that the connection has been established. If connection is established, you'll briefly see the success message.

You will then be redirected to start audit page. You will have to confirm that you want to start auditing now. The page here will look identical to the one below:


As soon as you click the start button, My Joomla will start its magic on your Joomla hacked site. You will see a live screen of what the plugin is doing on the next screen. Be patient, though; this may take a while if you have a very large website.


As the audit finishes, you'll see a screen with all the details of audit results. From there, you will be able to view what problem fond on your Joomla hacked site. If it has found any problem, there will be blue button that reads “next steps” next to the configuration name.



If you click the next steps button, you'll see all the details of what the problem was and what the tool recommends you to fix the issue of your Joomla hacked site.

If you scroll through the audit results, you might be a little bit overwhelmed. The tools developer writes,

Remember, the object is NOT just to get green OK for each item, the aim is to understand more about your site and its integrity at this moment in time. In fact it's impossible to resolve all items in this list as some checks have knock on effects to others.

If you've got enough time or a dedicated developer, you can have them check the entire result and take action to better protect your website from hacking attempts. If you'd rather leave it to the tool's developer, you can always pay and get their service right over to you. Fees for the service can be found here.

As you might have already realized, the service is really amazing. The tool takes deeper-than-any-human-can-do look into your Joomla's core files and comes up with an incredibly detailed result and possible fixes within minutes. This is some serious stuff that every serious web developers and administrators should have on their Joomla website.

Just as a reminder, the first audit is free. But you cannot audit your website again without paying the charges.

Your Turn

What security measures have you taken to protect your Joomla powered website? How do you find out after your site has been hacked where the problem or security hole lies? Let us know if you have come across any other tool that does better job than My Joomla!

Leave Comments