Blog
It used to be that we could go months, and potentially even more than a year with out a serious security issue on any of the Joomla sites we manage. But those days have changed ... or have they?
What's been happening
Years ago there were times when there were security concerns within the core Joomla CMS system. What is happening now is not related to the core, but to many of the popular 3rd-party extensions that many of us rely upon for day-to-day functionality beyond what the core offers.
In just the past few weeks we've seen security issue with extensions like these:
- SP Page Builder
- Helix (Template framework)
- DP Calendar
- Phoca Download
- RS Files
- JCE Editor (multiple issues)
- PageBuilder CK
- eDocman
- Event Booking
And those are just the more common extensions that have needed patching, with one of these being actively compromised in the wild.
And if you know Joomla extensions well, you will notice that many of these are extensions that are used on a good majority of Joomla sites. So the issue are effecting large groups of Joomla sites, not just a few sites here and there. And you'll likely see lots of posts on forums where Joomla site managers hang out commenting on how much time they have spent just managing all these security issues in the past few weeks.
In many cases, the vulnerabilities have been identified before they have been exploited. The developers have released a patch, and no harm has been done. But for some (like JCE) there are widespread reports of compromised sites because the extension wasn't updated before it got compromised.
Why is this happening?
First, the responsibility for secure code must be placed on the developers of the code. It is somewhat easy to write a Joomla component, plugin or module. However, it is even easier to write one that is not secure. It requires intentionality when creating any custom Joomla code to make sure that it is secure. Joomla gives you lots of tools and examples, but the developer has to make sure it is secure before shipping.
Second, the responsibility then shifts to the person managing the Joomla site. Even when developers are intentional at securing their custom code, there are times that things can still slip through. When this happens, and the responsible developer releases a security update, it does no good if the site manager doesn't install that update. Too many times Joomla sites are created as 'set and forget' by business owners or less experienced web designers. You can't blame the developer if they released a fix for a problem that you didn't implement.
The bottom line is that it takes both the developer and the site manager to ensure that everything is secure, and stays secure.
How can you be sure your site is always secure?
The reality, especially over the past few weeks, is that if you are not well-versed in Joomla, or are actively monitoring both your web site/s and the ever changing security updates for every extension you have installed, you can't keep it secure. And if you are someone who just checks your web site/s every week or less frequently, you are most likely going to get hacked, and more likely sooner than later at this point.
There are a number of different tools and services out there that will help you with this process. These can help you keep updated on changes and do some form of mitigation when security issues come up. However, there is still no real good 3rd-party 'service' that will actually fully manage your web site. For that you either need to become a Joomla guru on your own, or hire that out - to an employee that you pay to get trained, or to a company that provides these services.
We can handle this for you
We've been managing Joomla sites for over 20 years. We work with some of the top tools and services in the industry, but we also have direct knowledge and experience in helping to keep Joomla sites secure and functioning amid all the security vulnerabilities.
We monitor your site 24/7/365 to make sure it remains up-and-running, and we can make sure that updates are made when critical vulnerabilities happen. We can even help you if your site has already been hit with one of these vulnerabilities.
And we not only keep your site running, we can create custom secure components when you need custom functionality on your site, or update the look and feel of the site if it has become a bit outdated.
Let's talk about getting and keeping your site secured !
Schedule a free phone call so that we can talk about your site and any questions you might have about the process.
But do it now, BEFORE your site gets hacked (or hacked even worse than it already is).
- Details
GDPR is a set of rules that any company that has an 'electronic presence' in the EU must follow. It regulates how you must handle user data - like log-in data, and any other personal data of a user. It doesn't matter if your company is based within the EU, the rules can apply to businesses located outside the EU. If you have a web site that people from the EU might use, then you need to follow GDPR rules. Additionally, there are rules that are set by Germany, Russia, Italy, and California. Plus, a good number of the GDPR and other privacy rules are just good for the user ... and should be good for your business as well.
Joomla introduced some core systems that make following the GDPR much easier; however, it is not a 'plug and play' type of solution. It requires quite a bit of configuration to get GDPR compliance with the core Joomla systems. There are several Joomla extensions that have been released to make that process a bit easier, but knowing which ones to use and how to properly configure them can take some effort.
And just because you don't 'target' users in the EU doesn't mean that you aren't obligated to follow the rules. Your web site likely is accessible in the EU (and all around the world), so you need to be following those rules (unless you have intentionally blocked access from those countries*).
We can help you with that process. Because we set-up GDPR and other rules-compliant configurations on sites regularly, we can help get your site GDPR/CCPA/EUGH/etc compliant without you needing to worry about all those details. You can focus on your core business-building task list.
Get in contact with us today to find out how we can make your site compliant with the various privacy rules.
*NOTE: If your web site is hyper-local (i.e. only needing to serve your local area, or within your own country), we can set-up restrictions to block access from the EU or other countries where you don't want people to visit from.)
- Details
We have been providing Joomla management services for over 15 years. That includes all aspects of running and managing a Joomla web site.
The Joomla 3 CMS is reaching end of life in August 2023 (and Joomla 5 is already in the beginning stages). If you have a Joomla 3 web site you need to get your site updated soon to ensure that it remains secure. But moving to Joomla 4 is NOT just a quick update. It requires a very careful plan to ensure that all your systems can handle Joomla 4 and then the migration needs to be done in a way that you don't break your site.
We have both the experience and the tools to ensure that your site is migrated with no down-time.
Also, this is a great time to make some updates to your template or the functionality of your site (you could save time/money if you make changes at the same time you migrate).
If you need your Joomla site migrated to Joomla 4 use the Contact Us link above or the home page button to schedule a free consultation to connect with us and help you get your site updated so it remains secure.
- Details
