New Guide on How to Fix Hacked Joomla! Sites

Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today. For that reason, we are glad that our team includes a former contributor who helped create the official Joomla! docs on website security. We have also participated in various Joomla! events around the world, and our cofounder Dre Armeda is a keynote speaker at the upcoming Joomla! World Conference in Vancouver, Canada.

Over 3% of all sites on the internet run Joomla! and that number is increasing. Many developers prefer Joomla! for its versatility, and the platform is deployed on many government and educational websites.

The core Joomla! framework is quite secure, but like any software, it is at risk for vulnerabilities.

Recently we have posted about the Joomla account creation vulnerability, including technical details on the security patch and our analysis of active exploits in the wild. To continue with our mission of providing concise security resources, we are releasing our newest guide on How to Clean a Hacked Joomla Site.

A Guide to Fixing Hacked Joomla Sites

Our first guide described how to use our security plugin and other tools to fix hacked WordPress sites. As we do not have a plugin for Joomla!, this new guide explores manual methods, Joomla! extensions, and online scanners that can help you identify and clean a Joomla! hack. The guide also includes important post-hack actions to help keep the site secure and prevent reinfection.

This guide will offer an appropriate foundation for resolving a Joomla! security incident.

Read the Guide Now!

Most of the guide involves step-by-step instructions and recommendations for both beginner and novice users. We researched the best practices and used knowledge from our team of security professionals to provide the most value possible. With careful attention to how Joomla! functions, and the common types of infections we see, we hope this guide will be a helpful resource for Joomla! webmasters.


Sign Up for the Webinar

We also have a webinar coming up to accompany the guide.


This continues our series of webinars put together by our team over the past few months. The webinar will be hosted by our Incident Response Team (IRT) to walk you through the steps a website owner can take to clean an infected Joomla! site. Ben Martin is a team lead who has been with us for three years and has firsthand experience working with today’s hacks. He has spent countless hours assisting website owners like you to identify, remove, and protect hacked Joomla! sites.

Get Help or Contribute

We value any comments or suggestions to help us improve the guide over time. These guides are integral to our vision of becoming a constant in the evolving landscape of website security. We can’t do that without you – our community of loyal blog readers.

If you find the guide useful and want to suggest an update, we’d love to hear from you! Get in touch with us by emailing:

If you have difficulty with the guide, you can usually find help by posting on the Joomla Support forums, which are actively maintained by the community. You can also chat with us to learn how we can help you fix and prevent Joomla! hacks.

1 comment

Comments are closed.

You May Also Like