On Wednesday I explained how your Joomla site might be exploited
"Just because you keep your server secure and your software up to date you may have been exploited yesterday, ready to be hacked tomorrow."
Today I read an article explaining the exact same thing happening on a Wordpress site. I had tried to explain this to the site owner 6 weeks earlier but...
..or how do you keep your Joomla web site secure?
I've sat on this blog post for a few weeks as I wanted to separate any connection to the specific client for who this relates to.
So I'm sat in a hotel bedroom, idling away the time before bed, browsing a news sites when a skype window pops up on my Mac.
"Please help!!!! I've got 12 sites all on different servers and they keep getting defaced."
Now obviously I then ran through my usual set of questions:
- "Are the sites running the latest version of Joomla?"
- "Are the file and directory permissions set sensibly?"
- "Do you monitor the extensions and make sure they are all up to date?"
And the answer was yes to all of the above.
Actually this article should really be titled "How NOT to make a Joomla template".
I've blogged in the past about using Joomla Template Clubs and software to create your own joomla template and I know many people like to design their own template from scratch.
But there is still a significant number of people who just take one of the three default Joomla templates and modify them to suit their needs.