Important Notice: We Are Your Hosts, Not Your Web Developers
Before looking at the recovery steps, it is important to understand our support boundaries: Internic provides your server space and backup tools, but we are not web developers.
Our support team cannot write code, clean out individual malware files, or fix software errors inside your website dashboard. When a hack occurs, our role is strictly to help you wipe the slate clean by deploying your uninfected server backups. Securing the underlying loopholes requires changes to your actual code, and we strongly advise working with a professional web developer to execute the technical fixes listed below.
Why Did My Joomla Website Get Hacked?
If your website goes offline or suddenly displays an unexpected message like "Hacked by...", your site has experienced an application-layer compromise.
This means your server environment container itself is perfectly safe and healthy. Instead, hackers found a security loophole directly inside your internal website software. This almost always happens if your site is running an outdated version of Joomla or using vulnerable, unpatched third-party extensions (plugins, components, or themes).
While our server administrators can help you completely delete the infected files and restore a clean backup snapshot, automated scripts (such as obfuscated iframe exploits or automated vulnerability scanners) will likely re-infect your website within a few hours unless you or your web developer update your software immediately.
What Are the Steps to Fix a Hacked Joomla Website?
To protect your website long-term, you need a strict security policy. The moment our help desk confirms your clean backup has been deployed and your site is loading normally, you or your web developer must complete these security steps immediately to lock hackers out:
1. Invalidate All Active Credentials:
Action: User Level.
Hackers often steal database credentials and admin passwords during a breach. Immediately log into your dashboards and update your Joomla Administrator account password, your Internic hosting control panel password, and your underlying MySQL database passwords. Passwords should be at least 12 mixed alphanumeric characters and contain no common word phrases.
2. Update or Delete Extensions Immediately:
Action: Developer Level.
Have your developer review your Joomla backend. Update every single active plugin and component to its latest secure version, using ONLY themes and extensions from well-known, trusted developers.
Critical Tip: Completely delete and uninstall any disabled or unused extensions. Simply unpublishing a vulnerable extension will not protect your site. Hackers specifically look for disabled modules because site owners forget to update them, creating a perfect hidden backdoor into your files.
3. Deploy Core Security Settings & Hardening:
Action: Developer Level.
Have your web developer review your site's health parameters and apply basic site hardening:
- Randomize Database Prefixes: Change your prefix away from the default
jos_value so hackers cannot easily map your database tables. - Ditch Generic Usernames: Delete administrative profiles named
admin,administrator, orwebmaster. Create unique names instead. - Activate .htaccess Rules: Ensure your server's default
htaccess.txttemplate file is properly renamed to.htaccessvia the Plesk File Manager to turn on basic Apache security routing. - Install Hardening Tools: Consider implementing a specialized security extension for Joomla Hardening (such as Akeeba Admin Tools).
Advanced Developer Remediation & Site Sanitation
If your developer suspects that malicious code structures (like hidden iframes or obfuscated shell scripts) are still lingering in your directories, they should use the Plesk File Manager to follow this professional Safe Route for Disaster Relief:
Isolate Clean Assets: Save your primary
configuration.phpfile, along with your images and personal media files, one by one (do not copy the whole folder, as hidden hacker scripts may be hiding inside).Wipe the Directory: Completely wipe the entire public server folder where Joomla is installed using the File Manager.
Fresh Core Deployment: Upload a brand new, clean, full package of your core Joomla series (minus the
/installationfolder) and restore your isolatedconfiguration.phpand clean images.Enforce Secure Permissions: File permissions must never be set to
777. Your developer can use the Plesk File Manager's built-in change permission tools to ensure all files are locked down to a secure 644 for files and 755 for folders.Secure Script Directories: To protect upload paths (like your images folder) from running rogue files, place a local
.htaccessfile directly inside that specific folder to block external PHP script executions:
<Files *.php> Deny from all </Files>
Local Desktop Security Notice
Hackers frequently harvest FTP and Joomla admin passwords via local malware on your computer. Before logging back into your clean site, scan all machines used to manage your website using advanced tools like Malwarebytes, ESET, or Spybot. Never store your raw text passwords in clear-text FTP programs—always use a secure password manager like KeePass.
Moving Forward: Upgrading From End-of-Life Joomla 3
If your website is built on Joomla version 3.10.x, it is on a legacy, End-of-Life (EOL) platform. Official security patches for Joomla 3 have completely stopped, meaning its core security layers are permanently exposed to modern exploits.
The modern standard is to run Joomla 5 or 6. However, jumping major versions of Joomla is not a simple one-click upgrade. Many legacy themes and custom tools are completely incompatible with modern code frameworks and will break your site if updated live.
Our Best Hosting Recommendation:
Have your web developer set up a separate, private staging/test website inside your Internic Plesk panel. They can safely clone your clean, restored content into that test folder, update your plugins, and rebuild your business site on a modern version of Joomla without risking any public downtime on your live domain name.
Comments
0 comments
Please sign in to leave a comment.