Ridiculous Joomla security misconceptions you should clear up now
Who doesn’t fear the horror of hack attacks? Who haven’t tasted the bitterness from being hacked? From novice to expert, there is no exception of getting hacked. But, you might question that you have been following a bunch of Joomla security best practices out there so why you can’t rest assured that your site is safe?
Ha, that’s one of the misconceptions about Joomla security I’m going to tell you.
Misconception #1: You did all the Joomla security advice so you’re safe
You might think:
There are quite many best practices out there with the appealing promise that if you follow all the tips, you can work against brutal force attacks from hackers.
But in fact:
Sadly, it’s not true. Even when you’re a Joomla veteran.
The truth is there is no an absolute right way or best solution to protect a website before hack attacks. And although you are an expert in what you do, your website is still under the threat of getting hacked. The web has many factors affecting its safety, so there is no one-size-fits-all solution. Don’t get carried away by the best practices out there.
I don’t say that those best tips and tricks are all lies. It’s just that don’t let your guard down and keeping up with different activities to protect your website. Being a well-trained developer will help you with making the right decisions for your Joomla website only, not bullet-proofing it against hackers.
Misconception #2: It’s Joomla to blame when your site got hacked
You might think
Joomla is so weak, Joomla keeps getting hacked all the time blah blah. I see this kind of complaints quite often when a Joomla website is knocked down by a hacker.
But, in fact:
Although the truth is Joomla itself is not perfect and it still has security vulnerable holes at time (which platform is the perfect with no security patch needed anyway?), Joomla is not the sole reason for why your Joomla website got hacked. It’s a complex system and can’t be free of bug but this is true for any other softwares out there. Moreover, our of many CMS, Joomla is evaluated as of the most secure CMS.
There are many non-Joomla factors that can be the cause of your site vulnerability, like hosting, for example. Or a bad coded Joomla template or Joomla extension. So when got hacked, take a deep breath, say the F word if you want and step back to look at the issue as a whole. Then gradually investigate to track down the causes of the problem.
Don’t quickly draw a conclusion and uninstall Joomla right away (it’s so childish!).
Misconception #3: Your client doesn’t want security best practices then it’s fine to leave it there
You might think
If a client doesn't want to apply security tips to protect their Joomla website, then you have nothing to do with that. If their site gets hacked, it will be their fault.
But, in fact
Your job is to follow client’s order, but not all the time. Many clients don’t want to pay for an upgrade of their websites to Joomla 3.x because their websites are working perfectly. They believe that if there is no problem running the current Joomla version and the server is well secured then why they need to bother about upgrading.
Don’t just let them be. Your client doesn’t want to spend more on upgrading or maintenance because they don’t understand the importance of this task. And when they get burnt, they’ll just come back to you. In the end, it’s still your job. And the task of cleaning up a hacked website is not as easy as preventing a hack attempt.
Be a wise developer who strictly follows the security guidelines and be responsible for any Joomla websites you build (personally I think this should be made as a Hippocratic Oath for all developers).
I believe that many Joomla developers out there are very well aware of the state of Joomla and its secure level. However, the false beliefs above still happen and they need to be cleared up.
How about you? Did you witness any other terrible misconception about Joomla security? Share with us by commenting below!