Author Topic: Joomla and VirtueMart security  (Read 12228 times)


  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 26639
  • Always on vacation
    • Jenkin Hill Internet
Joomla and VirtueMart security
« on: September 11, 2013, 17:48:15 pm »
I find it worrying that people set up a Joomla site and once running they seem to assume that it will continue to run safely for ever more! Every day in this forum we see people using Joomla and VirtueMart versions with known critical security issues, just waiting for a hacker to come along. That is the last thing you want on a working eCommerce website. You could lose your reputation, as well as lose sales and possibly be fined for breaches of data security.

No Joomla version before 3.8.4 is secure. Note that Joomla 3.7 and later requires that installed VirtueMart version be at least 3.2.2

All previous versions have bugs & security issues some of which are critical, and many sites with earlier versions have been hacked. If you have not seen hacked site issues yourself, just browse through the Joomla security board to see a whole lot of people with problem sites.

See for latest security issues.

All VirtueMart 2 versions before 2.6.22 are insecure and should not be used on live sites
All  VirtueMart 3 versions before 3.2.6 are insecure and should not be used on live sites.

Note: VM2.9.x versions were pre-release test versions that should never be used on a live site.

Check for latest VM release versions on

Always test updates on a backup copy of your site. Commercial template users may need to update/edit their template overrides if they were originally for a much older version of VirtueMart.

It is easy to keep up with the security status of Joomla - just subscribe to

For security and new reports of VirtueMart subscribe to  or regulary visit where you can also sign up to have the VM news items emailed to you when released.

For vulnerabilities in Joomla extensions subscribe to this feed: 

It is always a good idea to update to the latest current version when a security warning is issued. BUT always test updates on a backup copy of you site, never the live version.

Not using a secure version can lead to a failure to pass a PCI scan.


Jenkin Hill Internet,
Lowestoft, Suffolk, UK

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM3.2.13.9772 on Joomla 3.8.6 PHP 7.0.27

Testing VM3.2.13.9778 on J3.8.6