News:

Looking for documentation? Take a look on our wiki

Main Menu

Joomla and VirtueMart security - keep up to date!

Started by jenkinhill, September 11, 2013, 17:48:15 PM

Previous topic - Next topic

jenkinhill

I find it worrying that people set up a Joomla site and once running they seem to assume that it will continue to run safely forever! Every day in this forum we see people using Joomla and VirtueMart versions with known critical security issues, just waiting for a hacker to come along. That is the last thing you want on a working eCommerce website. You could lose your reputation, as well as lose sales and possibly be fined for breaches of data security.  Some Joomla/VM sites simply stop working after 3-4 years in use, having never been updated, commonly this is caused by the PHP version on the host server being updated.

No Joomla version before 3.9.28 is officially secure for use on a live website. No website using Joomla versions 1.5.x or 2.5.x is secure.

All previous versions have bugs & security issues some of which are critical, and many sites with earlier versions have been hacked. If you have not seen hacked site issues yourself, just browse through the Joomla security board to see a whole lot of people with problem sites. https://forum.joomla.org/viewforum.php?f=714

See http://developer.joomla.org/security-centre.html for latest security issues.

All  VirtueMart versions before 3.8.6 are insecure and cannot be recommended for use on live sites.

Check for latest VM release versions on http://dev.virtuemart.net/projects/virtuemart/files

Always test updates on a backup copy of your site. Commercial template users may need to update/edit their template overrides if they were originally for a much older version of VirtueMart.


It is easy to keep up with the security status of Joomla - just subscribe to http://feeds.joomla.org/JoomlaSecurityNews

For security and new reports of VirtueMart subscribe to http://feeds2.feedburner.com/VirtuemartNews  or regularly visit http://virtuemart.net/news/list-all-news where you can also sign up to have the VM news items emailed to you when released.

For vulnerabilities in Joomla extensions subscribe to this feed:  http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions 

It is always a good idea to update to the latest current version when a security warning is issued. BUT always test updates on a backup copy of your site, never the live version.

Not using a secure version can lead to a failure to pass a PCI scan and now possibly a large fine under EU GDPR regulations.

Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum