Over the past few months servers across Australia and the world have been experiencing an increase in cyber-attacks. Feedback from of clients suggest most website owners find it difficult to keep up and understand the ramifications of out-of-date websites.
We consider our hosting provider to be one of the best in the country. Our servers are constantly updated with the latest software and security patches. Unfortunately with the rapid changes in which we use the world wide web it is imperative that you keep your website updated with the latest security release of a particular platform, i.e, Wordpress or Joomla.
What does this mean?
Most websites today are using popular Content Management Systems such as Wordpress, Joomla or Drupal to name a few. Most of these systems use php programming language or similar whereby hackers will find ways to exploit common vulnerabilities. Regardless of your website software attackers will try everything to gain access to hosted websites for malicious use.
Websites that are compromised are commonly used for phishing attacks which means your website may be used to host a variety of malicious software including banking scams and hosted email attacks on other websites. Unfortunately there is no way to guarantee safety from such attacks. As vulnerabilities are found, developers will release a patch so the vulnerability can no longer be explouted. This is what is known as a security patch or update.
How Can I prevent this from Happening?
- If your website or hosting account is ever compromised it is important to change your cPanel account password as well as any other accounts that may share the same password immediately. We recommend the use of passwords containing 8 or more random letters and numbers consisting of both upper and lower case letters. You should also change all email passwords regularly.
- Review your website account and ensure that nothing has been uploaded or changed that you did not do yourself. If you have access to your files you can check the modified date.
- Most importantly, upgrade/patch all PHP applications installed on your websites with latest updates. i.e Joomla and Wordpress
- Backup your website frequently
- Scan your website for viruses
- Finally, Scan your PC with a good anti-virus so keyboard loggers can not log your keystrokes to obtain frequently used passwords.
Please see the How To Guides here, to learn how to scan and backup your website or you can access them via our Support link under downloads
For Joomla security updates visit our Joomla Updates blog
How do I update my website with the latest security patches?
- You can contact your web developer to do this for you. This may incur a cost depending on the arrangement you have with your web developer
- Do it yourself if you have the experience to do so
For websites that were developed by Joogle
Most of our customers who have had a website designed by us are using Joomla Content Management system, the same will apply to Wordpress sites however the instructions to do this are different and you should contact your web developer for Wordpress instructions.
Step 1
In the backend of Joomla check the current version you are using
www.yourwebsite.com.au/administrator
The Joomla version is normally located in the footer area, alternatively go to the help menu and select Joomla Help -> Latest Version Check.
For Joomla 1.5
We recommend upgrading to Joomla 3 immediately. This is big step because Joomla 1.5 is no longer supported by the Joomla Team and will require a web developer to do this for you. The latest security patch for those still using Joomla 1.5 is version 1.5.26, however, this is now considered vulnerable to attack.
Check our our Latest Information on Should I upgrade
For Joomla to 2.5, Joomla 3 and above
Notes about Joomla 2.5: Joomla 2.5 is now obsolete, all Joomla 2.5 sites should be upgraded to Joomla 3.
- Back up your website first, if something goes wrong you can then restore the old copy - How To Guides here
- Log into the back end of your Joomla website (mywebsite.com.au/administrator) and look for the Joomla updates button in the control panel. If you cannot find it go to the top menu and select Extensions and click Extension Manager
- In the Extension Manager you will see and Update Tab
- Click Find updates located top right hand side of the screen
- Put a check mark in Joomla update and click update from the top right menu bar Wait for the update to download and test your website
Will I have problems if I do the updates myself?
There is always a possibility that you may run into some problems if you have multiple components on your site, for example a shopping cart or slide show, but for the most part, there should not be any problems
What if I have problems with the updates?
You should always have a backup that you can roll back. You can contact us or a Joomla web developer of your choice to help resolve these issues.
How often should i check for updates
You should check your website every month to see if there are any security updates to ensure your website is secure.
You can check joogle.com.au for the latest Joomla releases on our front page under Latest News
Can I still get hacked if I do regular updates?
The short answer is yes but your risk is greatly reduced
What if I don’t want to update my website?
If you do not want to do the updates you can wait and see if there are any attempts to compromise your website, at that point you can contact your hosting provider for a back up if required. This may incur a small fee to re-install the website however the vulnerabilities will still be there risking another attack in the near future.
Some websites can go years without ever being compromised while others are not so lucky. The idea is to stay informed with the latest website news and know what to do should the situation arise.
Who is responsible if my website is compromised?
Firstly ensure you have a good web host who is constantly updating their servers for common threats, this greatly reduces your risk
Your Web developer or Web host is not responsible for the data on your website, it is generally the responsibility of the website owner to ensure all the correct procedures are in place, however, you may have an arrangement with your web host or developer to do these updates for you.
Ensure your web hosting company take regular backup, should your site be compromised. You can then request a copy of the website before it was compromised.
If your web host does not store backups you can either find a hosting company that does or back up the website yourself from your hosts administration panel.
Generally when websites are compromised your web host will suspend the account until the problem is resolved, You may then wish to contact a web developer to clean the website for you or restore from a back up if you have one.
It is important to work out how you will back up your website and data before an attack occurs, this reduces downtime should an attack occur, the website can be restored quickly
If you have any questions please do not hesitate to contact us and discuss any concerns you may have.
We hope you find this article useful.