hackAlert: Joomla CMS websites are currently under attack; admin entry is the way they are using to get into your server, mainly through forcing password. Website owners and Administrators should make sure they have strong passwords and unique usernames for their Joomla website installations.

Accordingly to GloudFlare, HouseGator, over the past few days, hackers have significantly stepped up on brute-force, against Joomla sites and other CMS. Sources say that hackers use more than millions of unique IP to hack the websites.

Sucuri, a popular online security service released some stunning data points:,

  • December 2012: 678,519 login attempts blocked.
  • January 2013: 1,252,308 login attempts blocked.
  • February 2013: 1,034,323 login attempts blocked.
  • March 2013: 950,389 login attempts blocked.
  • April 2013: 774,104 login attempts blocked for the first 10 days.

Hosting service providers around the world encounters steep increase in brute force attacks against joomla websites and other CMS. Recent reports reveal the top 5 usernames and passwords being used by the hackers to intrude the website. The top five user names are admin, test, administrator, Admin, and root. And the top five passwords being used are admin, 123456, 666666, 111111, and 12345678. So make sure that you are using strong username and password combinations, also ensure that your CMS and extensions are up to date.

Joomla Security

What the heck is Brute Force Attack?

Well a brute force attack is just a trial and error process, that runs repeatedly to obtain the correct username and password information. An automated software is being used in this process which does not decrypt the information but just continue trying with set of words and letters.. Millions of IP’s and huge number of computers are involved in this process to check different username and password combinations and avoid triggering multiple attempt limits.

Tips to Prevent Your Joomla Website from Being Hacked

  • Joomla Updates: This is one of the major factors for getting hacked. For any CMS or plugins, old versions are always prone to attacks. According to w3techs, recent statistics reveals that around 75.2 % of joomla websites still sticking with 1 version which is really a big concern. Yes it is difficult to update your joomla website often, that too if you are using lot of extensions. But no other choice, if you want to be in the safer side you have to do this.
  • FTP Password: Hacking FTP passwords are the traditional hacking techniques which leaves most of the websites in trouble. Most hackers intrude through FTP and inject some malware or script in the files. You can avoid it by using secure FTP (SFTP) connection or having strong password combinations. Update Extensions: Always update your extensions to avoid getting hacked. Most of the old extensions lacks security and doesn’t restrict repetitive login attempts from same IP, results in hacking.
  • Unused Extensions: Check for the extensions you installed in extension manager, and delete the unused extensions permanently.
  • Clean TMP Folder: Managing files are very crucial task in website administration. Files and folders that doesn’t serve any purpose just occupies valuable disk space and inviting hackers a place to get a foothold. Well in joomla, installed extensions and templates create huge files. Deleting the files and folders in the tmp folder probably takes more time, hence easy option is to delete using FTP program or using a file manager joomla extension.Before deleting the files make sure that installed extension is not using TMP folder.
  • CHMOD Sweep:  This is one of the much useful advice given by the joomla techs to secure Joomla website. Once the site is configured it is better to change the directories permission to 755 and files permissions to 644.
  • .htacess Permissions: In Joomla by default .htaccess has write permissions enable on it. Problem is this leaves your .htaccess vulnerable to attacks.  Hence always set your .htaccess permission to 444 (r-xr-xr-x) or maybe 440 (r-xr-x-r-x).
  • Backups: Backup of all of your joomla sites with a tested recovery process. Use Akeeba Backup to backup your joomla website with ease. And taking backup off the server is recommended, because it is easy to recover when server crashes.


At US Joomla Force we receive Joomla hacking complaints daily from new clients and assist 100’s of clients recover their website back,  We wish to reach maximum Joomla website owners through this article to let them know they can save their time and money from this hackers.