Is joomla security / hack resistance better now than in the past?

[rohit01]

A few years ago I built a joomla site. Spent some time on it, taught myself a lot. It was just a personal website with some product reviews. I believe I had built it up from a rocket theme template.

It's a hobby, and something I wanted to make, but not have to babysit constantly. Well eventually it got hacked, and rather than start from scratch, or taking hours and hours to fix / remove the hack, I just said screw it and removed the site.

Spending hours every month just trying to keep script kiddies from defacing your humble little site, frankly takes ALL the fun out of it.

I had changed the default admin account, changed the admin ID, hid the admin page, secured permissions, and changed the database prefix, etc etc. but it still got Zapped. (SQL injection I assume)

So my question is, has joomla security improved to the point where after basic security protections, now it's pretty safe, and can auto update?

This isn't a business for me, and I have no intention of having to spend an hour or more every week just keeping my dinky website from being hacked and fixing stuff updates break.

And I have no intention of having to completely rebuild my site every 6months because a new version of joomla came out that's not compatible with the old... and the old one will be "hack central" in a few weeks. Again, it takes all the fun out of it.

But I would like to have a website, and I like joomla... But I'm just not into constantly having to babysit it.

Is this in the realm of possibility yet? Maybe with a firewall plugin or something?

[Pavel-ww]

Hi. When working with any CMS, you should always keep it up to date. It should be updated every time a new version is released. Thus, you will never have a situation that your site is outdated and cannot be updated. Each new release contains security fixes.

You need to understand that Joomla is a free open source CMS. Therefore, a hacker can dissect it and find new vulnerabilities. After the vulnerability is discovered, the joomla developers release another patch to fix it. Therefore, it is very important to update and monitor the system. And this applies not only to Joomla, but absolutely any system that has a backend on board.

If you want to build a site and not care about it, create a simple html site. In such a site there are no "brains" and it means that there is simply no subject to hack. But in doing so, you will lose various functionalities.

If you want to drive a modern car, you need to study the instructions, undergo regular maintenance. If you don't want this, buy a simple scooter.

And yes, Joomla is now much more secure than it used to be. But this in any case does not guarantee against hacking. Just like your latest model Mercedes is not guaranteed against theft.

[toivo]

Joomla extensions can act as application firewalls and examine the HTTP requests, block hack attempts and report them, which makes the webmaster's job easier.

The Joomla Extensions Directory (JED) has those extensions in the following sections:
Site Security
Security Tools
Access & Security

[AMurray]

Good advice above, but again, it's not matter of "lock it and leave it", you still have to monitor your site and take action to fix any issues those tools report.

One good service I would recommend is mysites.guru. It is perfect for any site, and its audits and reports focus on matters you may never have considered were primary aspects of website security. Do an audit of your site, mysites.guru will do your first audit free (but it is a subscription service thereafter).

Additionally it's an all in one site management tool and can even help with maintenance tasks such as core updates and extension updates.

EDIT : I failed to catch it the first time but notice this is posted to the Joomla 1.5 forum - Joomla 1.5 has been obsolete for 9 years and therefore unsupported; it won't have received ongoing updates since 2012. Suggest you update to Joomla 3.9.23 (November 2020). That is definitely a necessity, despite your reluctance as you have already stated to spend huge amounts of time working on the site.