How my new Joomla 4 website got hacked

JCM-November-How-my-Joomla4-website-got-hacked1

At a quarter past midnight, just when I went to bed, I decided to check my email. I was away in the Ardennes (Malmedy, Belgium) with a few work friends.

Continue reading
  32866 Hits
32866 Hits

New to Joomla 4.2, Multi-factor Authentication (MFA)

October-J42-Multifactor

With 4.2, we now have a new way to authenticate our sites. Two-factor Authentication has grown outdated with many new authentication methods arriving, so along comes Multi-factor Authentication (MFA).

Continue reading
  13675 Hits
13675 Hits

Who’s snooping around your website?

August-Hacking

What makes a website a target of attack?  Is your website a potential target?  Do you know if your website is being targeted?

Continue reading
  1237 Hits
1237 Hits

Joomla 3.10 enters the Security Support Phase

May-J3.10

Joomla 3 has been around for a long time. It is easy to forget how successful the series has become and how much it has evolved over the course of the minor versions.

As it approaches its final year as a mature, stable version of Joomla, it is about to enter its security support phase.

Continue reading
  32051 Hits
32051 Hits

Joomla’s New HTTP Headers Plugin For J4

HTTPHeaders

Following on from last month's article about security, passwords, and Joomla’s WebAuthn plugin this month, we’re going to look at another Joomla security feature that launched with J4. That is the HTTP Headers plugin which is now included as part of Joomla’s core functions.

Continue reading
  35298 Hits
35298 Hits

A Dive into the WebAuthn API in Joomla 4

WebAuthn-Passwordless-Login

Have you noticed there’s a new Web Authentication button on the new Joomla 4 login screens?

It's there because of Joomla’s new WebAuthn API that allows secure logins with a FIDO certified key. So, let's take a dive into passwords, security, and WebAuthn, and find out how to activate it on your user account in Joomla 4.

Continue reading
  32201 Hits
32201 Hits

A Security Overview of Joomla’s Checking and Validation of File Uploads

September-Security

Content Management Systems are what you choose when you are not willing to build and to administrate a whole new front and backend for a website and if your content creators are not familiar with developing source code. While running your Joomla CMS there could come new demands in the matter of functionality or design from you or your users. The fast and easy way is to install a plugin that will do the magic. But that may lead to new vulnerabilities in your system. In particular, file uploads are a possible attack vector. In this article, we will talk about vulnerabilities through files and plugins.

Continue reading
  3036 Hits
Tags:
3036 Hits

Best Practices to Secure your Joomla Website

Secure your Joomla Website

Joomla Content Management System (CMS) is widespread on the internet due to its ease of use and popularity since it is the second-largest CMS downloaded over 110 million times. But, even though popular, Joomla and all other websites, apps, eCommerce sites, or other CMSs contain security risks. You cannot escape them but fortunately taking the right precautions from the start can ensure your site is protected.

Continue reading
  5555 Hits
5555 Hits

Protecting your resources from web attacks using a new Feature called FetchMetadata

November-FetchMetadata

In June 2020 Google published an article called “Protect your resources from web attacks with Fetch Metadata” on web.dev. It's a new set of request headers to protect your site against common attack vectors for web applications.

Continue reading
  3858 Hits
3858 Hits

Passwordless authentication for secure, fast and easy logins in Joomla! 4

December-WebAuthn A Joomla 4 security feature

Joomla! 4 introduces a plethora of new and exciting features. While most of them are very visible, giving you new ways to build and use your sites more easily, there's an abundance of features designed to enhance the security of your site. Today we'll be talking about WebAuthn, a feature that has the unique distinction of belonging in both categories: it makes your site login more secure and easier at the same time.

Continue reading
  45032 Hits
45032 Hits