Joomla! is one of the most popular Content Management Systems (CMS) used to build websites, together with other CMS such as Wordpress, Drupal and Magento. This makes the life of hackers looking to compromise websites much easier, as they can simply concentrate on exploiting vulnerabilities in it, or in one of its popular plugins and extensions.
Based on the reports by the Securi’s Incident Response Team and Malware Research Team, Joomla! sites are usually hacked for SEO spam, drive-by-download infections, exploit or DDoS tools and phishing. In over two-thirds of cases, the cleaning team found backdoors in the websites – the attackers want to make sure that they will be able to get back in if web administrators attempt to clean up the site.
There is much controversy about the security of Joomla! On the one hand, some people opine that, as Joomla is a free CMS and uses third party extensions, it is clearly vulnerable but, on the other hand, a great part of the Joomla! community uphold its CMS as one of the most secure due to the overall security staff continuously checks the problems reported by the own Joomla! community.
In this article, some tips are given to improve the security of a website built by Joomla.