Chapter 20. Security

If you’re tempted to pass over this chapter, don’t. The idea of security scares a lot of people. Would you rather deal with security issues now or after your website has been hacked? Ben Franklin once said, “An ounce of prevention is worth a pound of cure.” We couldn’t agree more. While we feel Joomla is a secure platform, we recommend that you take the proper precautions. Also, if your client is paying you to manage their website, it’s your obligation to ensure that they are set up as securely as possible.

Importance of Security and the JSST

If you discover a vulnerability, also called an exploit, in Joomla’s core code, please email any and all information you have about it to the Joomla! Security Strike Team (JSST) at . This email address should not be used to ask for help restoring your website or to report vulnerabilities in third-party extensions. Vulnerabilities in third-party extensions should be reported to the developer of that extension. For other security questions, it is best to visit the official Joomla Security Forum found at


Do not post vulnerabilities on the Joomla forums. If the vulnerability is in fact a threat, it is best to give the Security Team time to release a patch before the rest of the world knows about it. Also, if you have been hacked and have questions, don’t mention the name of the attacker. Hackers crave publicity and mentioning their name along with the site they ...

Get Using Joomla now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.