Important: Prevent your Joomla! site being hacked | Heart Internet Blog – Focusing on all aspects of the web

Websites running the first version of Joomla! are becoming increasingly targeted by hackers, so we urge you to upgrade as soon as possible to avoid your website being compromised. All versions of Joomla! 1 are no longer being patched by the developers as it is end of life, so you will need to upgrade beyond this.

If you are running a v1.x site we would urge you to upgrade to either version 2.5 (recommended for production use) or version 3.0 (recommended for developers and early adopters).

To find out which Joomla! version you’re currently running, check the footer of your administration panel or look in libraries/joomla/version.php. Please remember to check old and abandoned websites as well – these also need upgrading or deleting.

Upgrading Joomla!

For general advice about upgrading, please refer to this Upgrading and Migrating Joomla! documentation.

We also have one-click installs available for versions 2.5 and 3.0 if you wish to install a completely fresh version and migrate your existing website. Simply head to the eXtend control panel to get started. If you’re a Reseller, you may first need to activate more recent versions of Joomla! from the Reseller Control Centre by editing your hosting package options.

Resellers, please check your customers’ websites. If there are any running Joomla! version 1 in any form, please strongly encourage your customers to upgrade as soon as possible.

Other security considerations

Please remember that upgrading to the latest version of Joomla! isn’t a cure-all solution, and any third party add-ons or templates can have potential security flaws. Be vigilant when installing any extras, delete old files you aren’t using any more, and try to download from official trusted sources.



Please remember that all comments are moderated and any links you paste in your comment will remain as plain text. If your comment looks like spam it will be deleted. We're looking forward to answering your questions and hearing your comments and opinions!

Leave a reply

  • Leonie Winson


    Totally agree with this.I recommend all my clients upgrade.Unfortunately if you need to change templates or not all your modules or components are supported in 2.5 this is not always an instant process.

    If business don’t upgrade then they should keep very regular back-ups of both files and database.Don’t assume this is being done for you automatically.

    If your site is hacked then a clean re-install is the only safe option.

  • Ruth Cheesley


    It may be worth mentioning that moving from 1.0.x to 2.5.x is quite a large migration, not simply an upgrade, and if people have not got experience with Joomla! they may well need help to do this, as extensions and templates will need to be re-written.There’s also a lot more to running a secure Joomla! website – this article may be helpful to readers:


  • Robert Went


    1.0 and 1.5 are completely different versions, so when you say 1.x is now end of life it is completely misleading.

    Joomla 1.0 was end of life about 4 or 5 years ago. Joomla 1.5 has just recently gone the same way.

    There is a massive surge of 1.5 sites being hacked at the moment, which I would guess is people not patching to the latest versions after there was a big security hole found in 1.7 and all previous versions.

    Whilst upgrading to 2.5 is a good idea; for complicated sites it can be a long process. The best advice is to update to the latest sub version of your install and take extra security measures such as mod_security, a php application firewall, protect the administrator area with a htaccess password etc etc etc

  • Patrick Barnes


    We had a Joomla 1.5 site hacked through the JCE editor plugin – out of date version and therefore our bad – and was able to get the site back and close the hole.

    This is what happened to my site:

    In all it was a low level hack but that will be it for Joomla 1.x for me and I will be switching all of our Joomla sites of this type to WordPress in the coming weeks.

  • Greg


    I’ve created a patch for JCE editor plugin.

    1. create file jce_patch.php next to index.php

    2. put the following content inside

    usertype != “Super Administrator”) &&

    ($user->usertype != “Administrator”)) {

    die(‘Access Denied’);




    3. Open index.php in editor and add

    include ‘jce_patch.php’;

    right after the line


    That’s it. No more issue with JCE plugin. It’s being tested against 1.5.x and 2.5.x

  • Greg


    Oh it seems, blog has eaten a part of source code. So you can download the jce_patch.php from here

  • Rusell


    Statistics say that aroung 90% of the joomla websites still uses Joomla 1.5 which is really a concerned. It is obvious that joomla core has stopped its security updates and support to the version less than 2.5. So Don’t get hacked by using old versions, migrate now to Joomla 2.5 (which is recommended till 2014) or 3.0.

  • Rob


    Thanks for that, Greg! I’ve taken your patch and modified it slightly – there’s an updated version at which can be applied straight to jce.php and that fixes the vulnerability.


Comments are closed.

Drop us a line 0330 660 0255 or email