My Joomla Site was Hacked!

If you are here because you suspect your site has been hacked, and you just want a professional to fix it ASAP, you have also come to right the place. Take a look at our Malware Removal page, and if this sounds like the service you need just submit a request and we will have your site back up and running in less than 24 hours.

secure joomlaI know how terrifying a hacked website can be. Many years ago, I woke up one morning and realized that my Joomla site was hacked as well. That incident is actually one of the reasons I have spent the last few years studying how these hacks occur and learning the techniques required to identify the vulnerability and fixed the hacked Joomla site. In this article I will go over some of the basic steps one should take the minute they realized their Joomla site was hacked.

If you suspect your Joomla site was hacked, and you want to try working through it yourself, here are steps that will get you started in the right direction:

1. Take the website offline and password protect the entire site

Depending on your hosting company, you should be able to log in to your Hosting cPanel and choose an option for password protecting certain directories. I would recommend protecting the entire directory your website is located in. Click here for detailed instructions.

2. Change all your passwords

If your Joomla site was hacked, you can consider all your passwords to be compromised, and it’s a good idea to change them right away. This includes FTP, database, hosting, and Joomla admin passwords.

3. Check your server logs

Hopefully you had your server logs active; otherwise it is going to be much more difficult to identify how your Joomla site was hacked. Download the logs through your cPanel and check for words like “insert”, “replace” or “update”. Look for calls to anything other than your index.php that might indicate suspicious activity.

4. Run your cPanel virus scanner

Most major hosting companies will have this option available, and it will help you determine if malicious code had been inserted into one of your files.

5. Make sure you have a backup system in place

I recommend the Akeeba extension. You can set the extension to make a backup daily. You can also use their Akeeba SiteDiff tool to compare backups day to day and spot changes that were not initiated by you. While this won’t help you after the fact, if another attack occurs this method will help you determine if backdoors were added into your system after your Joomla site was hacked.

Conclusion- “Un-hacking” a Joomla site is not an easy task, and while these steps will help you on the way to recovery, there are so many different types of hacks that no walk-through is going to solve every problem. The best course of action is to prevent the attack from being successful in the first place. It’s important to use strong user names and passwords, keep your Joomla core and extensions up to date, and limit who you allow to access your website’s back-end.

If your Joomla site is severely infected or if you don’t have the time & expertise to implement these steps, you will probably need to hire a professional to scan all the files/logs and manually extract the malicious code piece by piece. We can provide this service, and encourage you to submit a request as soon as possible so we can get your site back up and running.

We also offer a Website Protection service in which we will review your website for potential security flaws and implement updates to prevent an attack from occurring in the first place. It’s always easier to prevent a successful hack than to repair a website after it has been compromised.