CMS Joomla Update
A very important step. It is necessary to update the system, as developers periodically close holes in the kernel. For example, the latest build for 1.5 is 1.5.26. You can download the update releases on the website joomla.org . There you will also find update packages for newer versions.
Before updating, be sure to create a backup copy of the entire site using the tools provided by the hosting or use the Akeeba Backup component.
Removing unused Joomla extensions
Many site builders install all the extensions they find in a row. For the most part, they are all useless and have a bunch of holes through which an attacker can gain full access to the site or infect a Joomla site with a virus. So you need to decide whether you need a clock widget on the site? It is better to remove unused extensions and leave only really useful ones.
Updating Joomla Extensions
Be sure to follow the releases, especially relevant for Joomla 3. In version 1.6 and higher, a system of repositories has already been created that will allow extensions to be automatically updated. One of the frequently hacked extensions is an outdated visual editor. There is a more modern, convenient and free JCE editor for all versions of Joomla.
Do not use “wareed” extensions
Often the infection of a site on Joomla occurs through extensions downloaded from “warezny” sites. In 100% of cases, you will already find the virus there. So look for free analogues from the authors, or buy. Extensions are not always expensive. 10-15$ won’t ruin you, but it will make your site safer, at the same time get the latest version.
Installing Security Extensions
There are a number of useful extensions for Joomla that will significantly increase the security of your site. I’ll give you a list of them.
Admin Tools is a smart real security tool. At the same time, I recommend buying a professional version (it costs only 50 Euros), but you will get almost maximum security. Version comparison
jHackGuard is an interesting plugin from SiteGround that allows you to significantly increase the security of the site. HackGuard provides protection against such types of hacking as: SQL injection, remote inclusion of URLs/files, remote code execution, as well as protection against XSS attacks.
Ai-Bolit is a script (not an extension) for searching for viruses and malicious scripts on the site. Instructions for its use are in the box. Unfortunately, it is no longer relevant. The latest version can be downloaded from the Ai-Bolit link. This is a solution for the paranoid. Almost all hosting companies have antiviruses on board.
Shell and Backdoor Script Finder is a virus scanner of the site, it has more advanced bases than AI-Bolit.