Establishing a patching process

Good day,

Waaaaaay back in January, I took the time in this column to discuss with you the concept and need to patch your site. Since that article was written till now (May 16, 2010) there has been about 180 report vulnerabilities for Joomla extensions. And some number of them for the Joomla core (to be fair only a few).

Given that you might be using one of these, its important to revisit this highly important topic.

Lately in our site 'de-hacking' service offering we have been seeing a high degree of Joomla sites being hacked - While we do not believe its related to a specific extension, the key point is everyone of these sites was very far out of date. Except one. One diligent sole takes the time to update his site when ever a patch is available - he said its difficult to keep up with but important. While he had been hacked, it was through his host, and not Joomla.

The other sites we have dealt with had numerous vulnerable components and modules. Sadly the financial cost to not patching for them was high.

The best advice I can offer to patching is that, the bad guys are making a literal business out of hacking. That is hacking for financial gain. And like any good corporation they strive to improve their profitability.

Malware keeps getting better and better and specific attacks, that is against a known weakness are increasing.

However you have within your power the ability to stop them. Here are a few easy steps to empower you to start a patching process.

Step 1 - Establish a BASELINE

A baseline is a known constant. In other words, do you know what you have. Should all the extensions you have installed be there?

  • Make a backup at this stage. In case something breaks
  • Delete or disable unused extensions, plugins modules
  • Update with the most current
  • Document (on paper) what you have (disaster planning)

Step 2 - Is it healthy

A big problem is sites that have 'stuff' wrong with them already. This can be as above, out of date extensions. It could be broken ones or malware. Or viruses. Out of Data Joomla!

  • Repair or upgrade or remove malware
  • Make a second backup

Step 3 - Buy a calendar or setup one on your computer

New releases happen all the time. For instance, as I write this, Joomla! 1.6 Updates Status: Beta 1 has just been released.This will mean a whole slew of patches and updates and changes to the JoomlaSphere as the product matures.

  • Moral: Patches happen all the time.
  • Set up a dedicated time to review and apply patches weekly.
  • Be sure and backup (I recommend Akeeba Professional for backing up your Joomla site)
  • Document what, when and who changed anything. Write it down.
That's it! See how simple that is?

However I know you probably have about 1 million other things going on in your life, so keeping up with Security Patches for your site and server can be a pretty big job. Therefore I am pleased to introduce to you is an intelligent alerting engine that monitors hundreds of software and hardware vulnerabilities, cataloging each one and alerting subscribers to matches.

Subscribers are notified within minutes of vulnerability data that matches their particular needs only, rather than combing through hundreds of unrelated security vulnerabilities. The service covers most major operating systems, content management systems such as Joomla! and others, popular browsers such as FireFox, Safari, Chrome and IE. Mobile phones and networking hardware include to round out a great offer. At $15.97 per month, that's about three large cups of coffee from your corner coffee shop.

Readers of can get a free trial till June 17, 2010 by entering code HOWTOJOOMLA* at check out.

As always, until next time stay safe!

*Offer NOT valid on UNLIMITED plan is not affiliated with or Cory Webb Media, LLC is not affiliate nor endorsed by OSM, Inc or Joomla! is Trademark FactNgN, LLC