Open Source Tutorials - Open Source Training
Open source training & tutorials from experienced, passionate people
chrome icon firefox icon ie icon opera icon safari icon Sings in these Browsers
A- A A+
You are here: Home Joomla Security Checking The Security Of Joomla Plugins

By A Web Design

pdf icons

Checking The Security Of Joomla Plugins

To address a source of Joomla security issues created by plugins (i.e. using extensions with security vulnerabilities), follow these guidelines:

Make sure that any extensions being used on the site is updated to the latest version.

Check a list of extensions / plugins being used on your website against a list of plugins described in the following URL to see if there are any with known vulnerabilities:
URL: http://docs.joomla.org/Vulnerable_Extensions_List

Also check the following site for listings of Joomla extensions that have vulnerabilities:
URL: http://www.milw0rm.com/webapps.php

Finally, enter the name of the plugin in Google’s search box plus the word vulnerabilities.

If Google indicates that the plugin as vulnerabilities seriously re-think its use.

In prerparation, make a list of the names and versions of all the plugins used on your website. You will need this list later in this exercise.
URL: http://docs.joomla.org/Vulnerable_Extensions_List

Navigate to the above URL to began to the check the vulnerability of the plugins used on your website as shown in diagram 1 and 2.

Vulnerable extensions list
Diagram 1

Scroll down on this page and a list of Joomla Plugins that have security vulnerabilities will be visible as shown in diagram 2.

The latest listing
Diagram 2

NOTE: Please scroll down the list until you find, the right year and month to check plugins that are a security risk.

Vulnerable Joomla plugins
Diagram 3

NOTE: The latest report at the time when this document was created as shown in diagram 3.

Compare the name of the plugins used on your websites with the names of the plugins in red. If you are using any of these plugins your site has a security risk.

Try a plugin upgrade and if that does not work look for another plugin that does the same thing but is not vulnerable or do without the plugin if you do not want your site to have a security risk.

Uninstall any extensions that you’re not using on your site. Look through the directories on your web server using FTP.

Make sure that any directories or files associated with any extensions you’ve uninstalled from the Joomla admin area are totally and completely deleted.

(Sometimes uninstalling extensions from Extensions>Install/Uninstall doesn’t completely remove all of the associate directories and files for a given extension.)

Extensions can often be the cause of a Joomla site getting hacked, which means that the core of Joomla is not at fault...it’s the extension that had a security hole in it that caused the site, for example, to be hacked with an XSS/SQL injection (a common exploit used by hackers.)

To make a site secure, make sure to check its extensions.

Login

Login

OSV Newsletter


Receive HTML?

NOTE: To prevent subscription to the OSV newsletter, uncheck the checkbox above.
Guest Blog for OSV
Free Ebook Download
The CommentLuv Plugin
LinkShare_180x150
Artisteer - DNN Skin Generator
Tapestry Theme - A Tumblog-Style Theme for Wordpress
Free Templates