Author Topic: Joomla and VirtueMart security  (Read 11294 times)

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 26315
  • Always on vacation
    • Jenkin Hill Internet
Joomla and VirtueMart security
« on: September 11, 2013, 17:48:15 pm »
I find it worrying that people set up a Joomla site and once running they seem to assume that it will continue to run safely for ever more! Every day in this forum we see people using Joomla and VirtueMart versions with known critical security issues, just waiting for a hacker to come along. That is the last thing you want on a working eCommerce website. You could lose your reputation, as well as lose sales and possibly be fined for breaches of data security.

No Joomla version before 3.8 is secure. Note that Joomla 3.7  and later requires that installed VirtueMart version be at least 3.2.2

All previous versions have bugs & security issues some of which are critical, and many sites with earlier versions have been hacked. If you have not seen hacked site issues yourself, just browse through the Joomla security board to see a whole lot of people with problem sites. https://forum.joomla.org/viewforum.php?f=714

See http://developer.joomla.org/security-centre.html for latest security issues.


All VirtueMart 2 versions before 2.6.22 are insecure and should not be used on live sites
All  VirtueMart 3 versions before 3.0.12 are insecure and should not be used on live sites.

Note: VM2.9.x versions were pre-release test versions that should never be used on a live site.


Check for latest VM release versions on http://dev.virtuemart.net/projects/virtuemart/files

Always test updates on a backup copy of your site. Commercial template users may need to update/edit their template overrides if they were originally for a much older version of VirtueMart.


It is easy to keep up with the security status of Joomla - just subscribe to http://feeds.joomla.org/JoomlaSecurityNews

For security and new reports of VirtueMart subscribe to http://feeds2.feedburner.com/VirtuemartNews  or regulary visit http://virtuemart.net/news/list-all-news where you can also sign up to have the VM news items emailed to you when released.

For vulnerabilities in Joomla extensions subscribe to this feed:  http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions 

It is always a good idea to update to the latest current version when a security warning is issued. BUT always test updates on a backup copy of you site, never the live version.

Not using a secure version can lead to a failure to pass a PCI scan.

Kelvyn

Jenkin Hill Internet,
Keswick, Lake District

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM3.2.4 on Joomla 3.8 PHP 7.0.23

Testing VM3.2.5.9653 on J!3.8