Joomla 4 Complete Site Lock

[sirdna123]

Hello!

My site got hacked, with some wordpress files in it

My site is Joomla 4.2.6 (updated to 4.4.10) + SP pabe builder + Virtuemart + custom made shipment / payment plugins

+ chronoforms 8 + template + Whats app module php version is 8.2


Yes, I know—updating to the latest version traps me in a never-ending update cycle, and as history shows, sooner or later, there is a bug, a security issue, or an extension compatibility problem.

And for a small business, it is hard to maintain all these updates and compatibility issues.

The solution I want to explore is a complete server site lock from outside hacks. The idea is very simple: changes to the site can only be made from a specific one IP. FTP and admin panel access and file changes only from one IP

Currently, I am on shared hosting. My hosting provider told me that they cannot implement this restriction, and that I would need my own server for this.

I am happy with how my site looks and works, and I would like to preserve it as it is.

So is there a option to make SITE LOCK (FTP and admin panel and file changes only from one IP) on cpanel hosting, so "i dont have to worry about updates and hacks as much as possible"...? "

Will this one IP restriction on access and file changes protect me from future hacks? It sounds too easy.

[AMurray]

My advice:

• Updating your site is a good thing - it shouldn't be a chore. This includes core updates (released approx every six weeks) and regular updates from extension developers - some get updates more than others.
• A VPS hosting plan could be cheaper than your own (dedicated) server and more secure and flexible than shared hosting.
• Use Akeeba Backup to make regular backups (daily, weekly) and test them regularly to ensure your site can be restored (the companion product is Akeeba Kickstart).
• Use an offline server such as WAMPServer or XAMPP for testing or development and then roll-out your site "live".
• Don't enable FTP within Joomla - it's not required.
• Use strong passwords,
• Use .htaccess / htpasswd protection on the administrator folder
• Use multi-factor authentication on that folder.

Your proposed action about dedicated IP etc is probably "step 1" in a long list of actions needed to secure your site as much as possible (such as all the above items..and more) - but nothing is impervious.

Some additional tips (personal opinions really):

• Consider moving to Joomla 5; Joomla 4 support ends in September 2025.
• Sign-up and subscribe to mysites.guru - it is a suite of tools not the least of which is a security audit designed to track down vulnerabilities in your site along with a host of site administration tools including interfacing with your sites for backups, extension updates and core updates.

[sirdna123]

Thank you for answer!

one foolow up question

My plan is, If i move from shared hosting to KVM hosting (Kernel-based Virtual Machine) and put IP restriction on file access and file modification from one IP, can hackers still hack me...? Yes or No..?

I think that "No"...

I will ask server if IP restriction is hackable to...

[AMurray]

Sorry I'm just a Joomla user like yourself, not a internet security expert. Taking the precautions mentioned reduces the risk of being hacked it does not eliminate the risk entirely.